User Guide
Page 3
...on page 95 for detailed information on essential terms used in the ZyWALL, what the real time online help provides. • Read Chapter 5 on page 77 if you're using the Web Configurator. ZyWALL USG 2000 User's Guide 3 E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide,... how to use the Command-Line Interface (CLI) to configure the ZyWALL. About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to want to configure the ZyWALL using the quick setup wizards and you want more detailed information than...
...on page 95 for detailed information on essential terms used in the ZyWALL, what the real time online help provides. • Read Chapter 5 on page 77 if you're using the Web Configurator. ZyWALL USG 2000 User's Guide 3 E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide,... how to use the Command-Line Interface (CLI) to configure the ZyWALL. About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to want to configure the ZyWALL using the quick setup wizards and you want more detailed information than...
User Guide
Page 5
ZyWALL USG 2000 User's Guide 5 Every effort has been made to ensure that you received your device. • Brief description of the problem and the steps you installed ... differ slightly from the product due to solve it. Disclaimer Graphics in operating systems, operating system versions, or if you took to differences in this manual is accurate. About This User's Guide See http://www.zyxel.com/web/contact_us.php for your device.
ZyWALL USG 2000 User's Guide 5 Every effort has been made to ensure that you received your device. • Brief description of the problem and the steps you installed ... differ slightly from the product due to solve it. Disclaimer Graphics in operating systems, operating system versions, or if you took to differences in this manual is accurate. About This User's Guide See http://www.zyxel.com/web/contact_us.php for your device.
User Guide
Page 20
...You Begin 444 25.2 The VPN Connection Screen 444 25.2.1 The VPN Connection Add/Edit (IKE) Screen 446 25.2.2 The VPN Connection Add/Edit Manual Key Screen 453 25.3 The VPN Gateway Screen 456 25.3.1 The VPN Gateway Add/Edit Screen 457 25.4 VPN Concentrator ...465 25.4.1 IPSec VPN...Screens 499 27.4 Bookmarking the ZyWALL 500 27.5 Logging Out of the SSL VPN User Screens 500 Chapter 28 SSL User Application Screens 503 28.1 SSL User Application Screens Overview 503 28.2 The Application Screen 503 Chapter 29 SSL User File Sharing ...505 29.1 Overview ...505 20 ZyWALL USG 2000 User's Guide
...You Begin 444 25.2 The VPN Connection Screen 444 25.2.1 The VPN Connection Add/Edit (IKE) Screen 446 25.2.2 The VPN Connection Add/Edit Manual Key Screen 453 25.3 The VPN Gateway Screen 456 25.3.1 The VPN Gateway Add/Edit Screen 457 25.4 VPN Concentrator ...465 25.4.1 IPSec VPN...Screens 499 27.4 Bookmarking the ZyWALL 500 27.5 Logging Out of the SSL VPN User Screens 500 Chapter 28 SSL User Application Screens 503 28.1 SSL User Application Screens Overview 503 28.2 The Application Screen 503 Chapter 29 SSL User File Sharing ...505 29.1 Overview ...505 20 ZyWALL USG 2000 User's Guide
User Guide
Page 42
...shutdown command before you turn on the power A cold start occurs when you turn off the ZyWALL or remove the power. Rebooting the ZyWALL A warm start (without powering down and then manually turn off or remove the power. Clicking Maintenance > Shutdown > Shutdown or using the shutdown ... when you may temporarily lose access to local storage. The ZyWALL does not stop the system processes or write cached data to network resources. 42 ZyWALL USG 2000 User's Guide Table 3 Starting and Stopping the ZyWALL METHOD DESCRIPTION Turning on the power to its default values and...
...shutdown command before you turn on the power A cold start occurs when you turn off the ZyWALL or remove the power. Rebooting the ZyWALL A warm start (without powering down and then manually turn off or remove the power. Clicking Maintenance > Shutdown > Shutdown or using the shutdown ... when you may temporarily lose access to local storage. The ZyWALL does not stop the system processes or write cached data to network resources. 42 ZyWALL USG 2000 User's Guide Table 3 Starting and Stopping the ZyWALL METHOD DESCRIPTION Turning on the power to its default values and...
User Guide
Page 231
...changes back to stop it . Chapter 10 Monitor You use the Traffic Statistics screen to tell the ZyWALL when to start and stop collecting information for these reports. Statistics ZyWALL USG 2000 User's Guide 231 Figure 218 Monitor > System Status > Traffic Statistics There is not tracked here ...Collect Statistics Select this screen. Reset Click Reset to return the screen to update it manually in the Traffic Statistics screen. The progress is a limit on page 233 for the report. If the ZyWALL has already been collecting data, the collection period displays to the right.
...changes back to stop it . Chapter 10 Monitor You use the Traffic Statistics screen to tell the ZyWALL when to start and stop collecting information for these reports. Statistics ZyWALL USG 2000 User's Guide 231 Figure 218 Monitor > System Status > Traffic Statistics There is not tracked here ...Collect Statistics Select this screen. Reset Click Reset to return the screen to update it manually in the Traffic Statistics screen. The progress is a limit on page 233 for the report. If the ZyWALL has already been collecting data, the collection period displays to the right.
User Guide
Page 247
...the IPSec SA was established. For example, use "*abc" (without the quotation marks) to the ZyWALL since the IPSec SA was established. A VPN connection named "testabc" would still match. ZyWALL USG 2000 User's Guide 247 A * in "123" matches, no matter how many characters are displayed. Policy..."abc". A VPN connection or policy name named "testacc" for this IPSec SA. This field displays N/A if the IPSec SA uses manual keys. For example, with "abc*123", any type) of characters in the SA. Algorithm This field displays the encryption and authentication ...
...the IPSec SA was established. For example, use "*abc" (without the quotation marks) to the ZyWALL since the IPSec SA was established. A VPN connection named "testabc" would still match. ZyWALL USG 2000 User's Guide 247 A * in "123" matches, no matter how many characters are displayed. Policy..."abc". A VPN connection or policy name named "testacc" for this IPSec SA. This field displays N/A if the IPSec SA uses manual keys. For example, with "abc*123", any type) of characters in the SA. Algorithm This field displays the encryption and authentication ...
User Guide
Page 256
... Filter > Cache LABEL DESCRIPTION URL Cache Entry Refresh Click this , the ZyWALL queries the external content filtering database the next time someone tries to clear all web site addresses from the cache manually. Figure 238 Anti-X > Content Filter > Cache The following table describes ...the labels in this button to access that column's criteria. Click a column's heading cell to reload the list of a categorized web site address record. 256 ZyWALL USG 2000 User's Guide ...
... Filter > Cache LABEL DESCRIPTION URL Cache Entry Refresh Click this , the ZyWALL queries the external content filtering database the next time someone tries to clear all web site addresses from the cache manually. Figure 238 Anti-X > Content Filter > Cache The following table describes ...the labels in this button to access that column's criteria. Click a column's heading cell to reload the list of a categorized web site address record. 256 ZyWALL USG 2000 User's Guide ...
User Guide
Page 286
... to which this interface. Interface Properties Interface Type Select to which type of configuration Settings / Hide fields. The ZyWALL automatically adds default SNAT settings for the interface. This is assigned to belong. You can use alphanumeric characters, hyphens...manually configure a policy route to add routing and SNAT settings for the network connected to 11 characters long. This option appears when Interface Properties is read-only. This is not used elsewhere. These IP address fields configure an IP address on page 667. 286 ZyWALL USG 2000...
... to which this interface. Interface Properties Interface Type Select to which type of configuration Settings / Hide fields. The ZyWALL automatically adds default SNAT settings for the interface. This is assigned to belong. You can use alphanumeric characters, hyphens...manually configure a policy route to add routing and SNAT settings for the network connected to 11 characters long. This option appears when Interface Properties is read-only. This is not used elsewhere. These IP address fields configure an IP address on page 667. 286 ZyWALL USG 2000...
User Guide
Page 287
... dot decimal notation. Enter the maximum amount of the IP address is still available. The ZyWALL resumes routing to specify the IP address, subnet mask, and gateway manually. IP Address Enter the IP address for future use based on the connection check. Allowed ... number, the higher the priority. Select icmp to have the same priority, the ZyWALL uses the one that the gateway allows. Metric This option appears when Interface Properties is External or General. ZyWALL USG 2000 User's Guide 287 Chapter 13 Interfaces Table 59 Configuration > Network > Interface > Ethernet...
... dot decimal notation. Enter the maximum amount of the IP address is still available. The ZyWALL resumes routing to specify the IP address, subnet mask, and gateway manually. IP Address Enter the IP address for future use based on the connection check. Allowed ... number, the higher the priority. Select icmp to have the same priority, the ZyWALL uses the one that the gateway allows. Metric This option appears when Interface Properties is External or General. ZyWALL USG 2000 User's Guide 287 Chapter 13 Interfaces Table 59 Configuration > Network > Interface > Ethernet...
User Guide
Page 289
...clients to use . Custom Defined - enter a static IP address. From ISP - ZyWALL - Lease time Specify how long each computer can allocate 10.10.10.10 to another interface received from manually using the interface's IP Pool Start Address and Pool Size. Enable IP/MAC Binding ...Select this option to have the ZyWALL generate a log if a device connected to this to make use only the intended users get to use specific IP addresses. ZyWALL USG 2000 User's Guide...
...clients to use . Custom Defined - enter a static IP address. From ISP - ZyWALL - Lease time Specify how long each computer can allocate 10.10.10.10 to another interface received from manually using the interface's IP Pool Start Address and Pool Size. Enable IP/MAC Binding ...Select this option to have the ZyWALL generate a log if a device connected to this to make use only the intended users get to use specific IP addresses. ZyWALL USG 2000 User's Guide...
User Guide
Page 291
...screen includes an Object References icon, select a configuration object and click Object References to have the interface use a different MAC address. ZyWALL USG 2000 User's Guide 291 MAC Address Setting This section appears when Interface Properties is MD5. Configure WAN TRUNK Click WAN TRUNK to go to...default MAC address. ID MD5 Authentication Key This field is available if the Authentication is External or General. The ID can manually associate traffic with an Interface Type of another device or computer. Related Setting Configure PPPoE/PPTP Click PPPoE/PPTP if this ...
...screen includes an Object References icon, select a configuration object and click Object References to have the interface use a different MAC address. ZyWALL USG 2000 User's Guide 291 MAC Address Setting This section appears when Interface Properties is MD5. Configure WAN TRUNK Click WAN TRUNK to go to...default MAC address. ID MD5 Authentication Key This field is available if the Authentication is External or General. The ID can manually associate traffic with an Interface Type of another device or computer. Related Setting Configure PPPoE/PPTP Click PPPoE/PPTP if this ...
User Guide
Page 294
... it and click Connect. Table 61 Configuration > Network > Interface > PPP LABEL DESCRIPTION User Configuration / System Default The ZyWALL comes with any interface. 294 ZyWALL USG 2000 User's Guide Inactivate To turn on -Demand PPPoE/PPTP interface. Activate To turn off an entry, select it and click... To remove a user-configured PPP interface, select it and click Edit to open a screen that shows which settings use this to manually establish the connection for an example. # This field is described in testing the interface or to create a new user-configured PPP ...
... it and click Connect. Table 61 Configuration > Network > Interface > PPP LABEL DESCRIPTION User Configuration / System Default The ZyWALL comes with any interface. 294 ZyWALL USG 2000 User's Guide Inactivate To turn on -Demand PPPoE/PPTP interface. Activate To turn off an entry, select it and click... To remove a user-configured PPP interface, select it and click Edit to open a screen that shows which settings use this to manually establish the connection for an example. # This field is described in testing the interface or to create a new user-configured PPP ...
User Guide
Page 297
... interface. IP Address This field is enabled if you want to specify the IP address manually. The lower the number, the higher the priority. If two or more gateways have the ZyWALL establish the PPPoE/PPTP connection only when there is traffic. Chapter 13 Interfaces Table 62 ...there is read -only. ISP Setting Account Profile Select the ISP account that was configured first. Service Name This field is traffic. ZyWALL USG 2000 User's Guide 297 Metric Enter the IP address for the ISP account. Dial-onDemand Select this interface. It displays the user name for...
... interface. IP Address This field is enabled if you want to specify the IP address manually. The lower the number, the higher the priority. If two or more gateways have the ZyWALL establish the PPPoE/PPTP connection only when there is traffic. Chapter 13 Interfaces Table 62 ...there is read -only. ISP Setting Account Profile Select the ISP account that was configured first. Service Name This field is traffic. ZyWALL USG 2000 User's Guide 297 Metric Enter the IP address for the ISP account. Dial-onDemand Select this interface. It displays the user name for...
User Guide
Page 298
...size of each data packet, in bytes, that the gateway allows. Connectivity Check The interface can move through this interface. 298 ZyWALL USG 2000 User's Guide Check Method Select the method that can regularly check the connection to the gateway you specified to the gateway the ... trunk for a response before the attempt is still available. Policy Route Click Policy Route to go to associate traffic with the gateway you can manually configure a policy route to a screen where you specify to it is a failure, and how many consecutive failures are 0 - 1048576. Usually...
...size of each data packet, in bytes, that the gateway allows. Connectivity Check The interface can move through this interface. 298 ZyWALL USG 2000 User's Guide Check Method Select the method that can regularly check the connection to the gateway you specified to the gateway the ... trunk for a response before the attempt is still available. Policy Route Click Policy Route to go to associate traffic with the gateway you can manually configure a policy route to a screen where you specify to it is a failure, and how many consecutive failures are 0 - 1048576. Usually...
User Guide
Page 301
... to return the screen to its last-saved settings. 13.5.1 Cellular Add/Edit Screen To change your changes back to the ZyWALL. ZyWALL USG 2000 User's Guide 301 The following table describes the labels in this in testing the interface. Inactivate To turn on page 291 ... following screen displays. Table 64 Configuration > Network > Interface > Cellular LABEL DESCRIPTION Add Click this in testing the interface or to manually establish the connection. Activate To turn off an entry, select it and click Disconnect. Connect To connect an interface, select it and...
... to return the screen to its last-saved settings. 13.5.1 Cellular Add/Edit Screen To change your changes back to the ZyWALL. ZyWALL USG 2000 User's Guide 301 The following table describes the labels in this in testing the interface. Inactivate To turn on page 291 ... following screen displays. Table 64 Configuration > Network > Interface > Cellular LABEL DESCRIPTION Add Click this in testing the interface or to manually establish the connection. Activate To turn off an entry, select it and click Disconnect. Connect To connect an interface, select it and...
User Guide
Page 303
... elsewhere. You might not nail up the connection if there is traffic. This field is read-only if you want the cellular interface to manually input the APN (Access Point Name) provided by your service provider. Select Custom in the profile selection. Zone Select the zone to which ... for the interface. Connectivity Nailed-Up Select this screen. Then select the profile (use alphanumeric and characters, and it displays none. ZyWALL USG 2000 User's Guide 303 Connections with a GSM or HSDPA 3G card. Spaces are configuring for use one in seconds (0~360) that you to do ...
... elsewhere. You might not nail up the connection if there is traffic. This field is read-only if you want the cellular interface to manually input the APN (Access Point Name) provided by your service provider. Select Custom in the profile selection. Zone Select the zone to which ... for the interface. Connectivity Nailed-Up Select this screen. Then select the profile (use alphanumeric and characters, and it displays none. ZyWALL USG 2000 User's Guide 303 Connections with a GSM or HSDPA 3G card. Spaces are configuring for use one in seconds (0~360) that you to do ...
User Guide
Page 306
...> Add (continued) LABEL DESCRIPTION Get Select this option If your ISP did not assign you configure and enable budget control, the ZyWALL resets the statistics. 306 ZyWALL USG 2000 User's Guide Use Fixed IP Address Select this field if you may want to different locations. If two or more gateways have the... (in your area or you . Select the type of card. Choose this option if you do this interface. The ZyWALL takes the actions you want to manually specify the type of network to you, you selected Use Fixed IP Address. Automatically This is exceeded during the month....
...> Add (continued) LABEL DESCRIPTION Get Select this option If your ISP did not assign you configure and enable budget control, the ZyWALL resets the statistics. 306 ZyWALL USG 2000 User's Guide Use Fixed IP Address Select this field if you may want to different locations. If two or more gateways have the... (in your area or you . Select the type of card. Choose this option if you do this interface. The ZyWALL takes the actions you want to manually specify the type of network to you, you selected Use Fixed IP Address. Automatically This is exceeded during the month....
User Guide
Page 313
...Select this interface. The gateway should not select this interface is enabled if you want to specify the IP address, subnet mask, and gateway manually. Clear this to disable this if you select Use Fixed IP Address. For example, vlan0, vlan8, and so on which the VLAN ... on page 891 the User's Guide for all computers in the following table. Enter the subnet mask of configuration Settings / Hide fields. ZyWALL USG 2000 User's Guide 313 Interface Properties Interface Name This field is enabled if you select Use Fixed IP Address. This 12-bit number uniquely identifies...
...Select this interface. The gateway should not select this interface is enabled if you want to specify the IP address, subnet mask, and gateway manually. Clear this to disable this if you select Use Fixed IP Address. For example, vlan0, vlan8, and so on which the VLAN ... on page 891 the User's Guide for all computers in the following table. Enter the subnet mask of configuration Settings / Hide fields. ZyWALL USG 2000 User's Guide 313 Interface Properties Interface Name This field is enabled if you select Use Fixed IP Address. This 12-bit number uniquely identifies...
User Guide
Page 316
...manually using the interface's IP Pool Start Address and Pool Size. Enable Logs for sending RIP packets. IP Address Enter the IP address to assign to a device with a specific entry. This field is effective when RIP is enabled. otherwise, the ZyWALL uses multicasting. 316 ZyWALL USG 2000...addresses for more information about RIP. Choices are 1, 2, and 1 and 2. Static DHCP Table Configure a list of static IP addresses the ZyWALL assigns to computers connected to the interface. Chapter 13 Interfaces Table 67 Configuration > Network > Interface > VLAN > Edit (continued) LABEL ...
...manually using the interface's IP Pool Start Address and Pool Size. Enable Logs for sending RIP packets. IP Address Enter the IP address to assign to a device with a specific entry. This field is effective when RIP is enabled. otherwise, the ZyWALL uses multicasting. 316 ZyWALL USG 2000...addresses for more information about RIP. Choices are 1, 2, and 1 and 2. Static DHCP Table Configure a list of static IP addresses the ZyWALL assigns to computers connected to the interface. Chapter 13 Interfaces Table 67 Configuration > Network > Interface > VLAN > Edit (continued) LABEL ...
User Guide
Page 317
... the priority (between 1 and 255. use . ZyWALL USG 2000 User's Guide 317 The key can consist of alphanumeric...you must use the same authentication method that they use the default authentication method in this to the ZyWALL. The highest-priority interface identifies the DR, and the second-highest-priority interface identifies the BDR....area None - Related Setting Configure WAN TRUNK Click WAN TRUNK to go to the screen where you can manually configure a policy route to associate traffic with peer border routers, you can not be between 0 and ...
... the priority (between 1 and 255. use . ZyWALL USG 2000 User's Guide 317 The key can consist of alphanumeric...you must use the same authentication method that they use the default authentication method in this to the ZyWALL. The highest-priority interface identifies the DR, and the second-highest-priority interface identifies the BDR....area None - Related Setting Configure WAN TRUNK Click WAN TRUNK to go to the screen where you can manually configure a policy route to associate traffic with peer border routers, you can not be between 0 and ...