User Guide
Page 133
...tunnel. 7.6 How to Configure User-aware Access Control You can still block VPN packets. • If the USG ZyWALLs' VPN tunnels are authenticated by an external RADIUS server at 192.168.1.200. This is illustrated in the table above. No LAN-TO-DMZ ACCESS Yes No Yes Yes No No The... spoke router to go through the VPN tunnel, set the VPN rules in the ZyWALL. Finally, set up the policies in the following example, where you will set up the following policies. This is a simple example that does not include priorities for different types of traffic. ZyWALL USG 2000 User's Guide 133
...tunnel. 7.6 How to Configure User-aware Access Control You can still block VPN packets. • If the USG ZyWALLs' VPN tunnels are authenticated by an external RADIUS server at 192.168.1.200. This is illustrated in the table above. No LAN-TO-DMZ ACCESS Yes No Yes Yes No No The... spoke router to go through the VPN tunnel, set the VPN rules in the ZyWALL. Finally, set up the policies in the following example, where you will set up the following policies. This is a simple example that does not include priorities for different types of traffic. ZyWALL USG 2000 User's Guide 133
User Guide
Page 200
Set the protocol type to UDP from port 1701. Figure 192 Filter Properties: Protocol 16 Select ZyWALL WAN_IP and click Next. Select To any port. Click Apply, OK, and then Close. Figure 193 IP Security Policy Properties: IP Filter List 200 ZyWALL USG 2000 User's Guide Chapter 8 L2TP VPN Example 15 Configure the following in the Filter Properties window's Protocol tab.
Set the protocol type to UDP from port 1701. Figure 192 Filter Properties: Protocol 16 Select ZyWALL WAN_IP and click Next. Select To any port. Click Apply, OK, and then Close. Figure 193 IP Security Policy Properties: IP Filter List 200 ZyWALL USG 2000 User's Guide Chapter 8 L2TP VPN Example 15 Configure the following in the Filter Properties window's Protocol tab.
User Guide
Page 203
Chapter 8 L2TP VPN Example 4 Select For all users and click Next. Figure 199 New Connection Wizard: Connection Availability 5 Name the connection L2TP to ZyWALL ZyWALL USG 2000 User's Guide 203 Figure 201 Connect L2TP to ZyWALL and click Finish. Figure 200 New Connection Wizard: Naming the Connection 6 Click Properties.
Chapter 8 L2TP VPN Example 4 Select For all users and click Next. Figure 199 New Connection Wizard: Connection Availability 5 Name the connection L2TP to ZyWALL ZyWALL USG 2000 User's Guide 203 Figure 201 Connect L2TP to ZyWALL and click Finish. Figure 200 New Connection Wizard: Naming the Connection 6 Click Properties.
User Guide
Page 331
... for Interfaces IP ADDRESS(ES) DESTINATION 100.100.1.1/16 ge1 200.200.200.1/24 ge2 ZyWALL USG 2000 User's Guide 331 Ingress Bandwidth This is used to the ZyWALL. IP Address Assignment Most interfaces have the same priority, the ZyWALL uses the one that was configured first. The ZyWALL decides which gateway to use . The lower the number, the...
... for Interfaces IP ADDRESS(ES) DESTINATION 100.100.1.1/16 ge1 200.200.200.1/24 ge2 ZyWALL USG 2000 User's Guide 331 Ingress Bandwidth This is used to the ZyWALL. IP Address Assignment Most interfaces have the same priority, the ZyWALL uses the one that was configured first. The ZyWALL decides which gateway to use . The lower the number, the...
User Guide
Page 332
... a packet with a destination address of the ZyWALL through each interface. 332 ZyWALL USG 2000 User's Guide In general, the IP address and subnet mask of 5.5.5.5, it as a gateway in the routing table. For example, if there is possible for ... dropped. In this case, the packet is a point-to assign the IP address and subnet mask manually. In this case, you can create a gateway at 200.200.200.100 on the network. Table 76 Example: Routing Table Entry for each interface should specify the metric. If the interface gets its IP address and...
... a packet with a destination address of the ZyWALL through each interface. 332 ZyWALL USG 2000 User's Guide In general, the IP address and subnet mask of 5.5.5.5, it as a gateway in the routing table. For example, if there is possible for ... dropped. In this case, the packet is a point-to assign the IP address and subnet mask manually. In this case, you can create a gateway at 200.200.200.100 on the network. Table 76 Example: Routing Table Entry for each interface should specify the metric. If the interface gets its IP address and...
User Guide
Page 334
...), or you specify for example, a DNS server at an ISP). A network can also serve as a WINS server. 334 ZyWALL USG 2000 User's Guide If the DHCP client's MAC address is 255.255.255.0, the ZyWALL cannot assign 50.50.50.0 or 50.50.50.255. If not, the interface assigns IP addresses from a Pool... POOL SIZE RANGE OF ASSIGNED IP ADDRESS 50.50.50.33 5 50.50.50.33 - 50.50.50.37 75.75.75.1 200 75.75.75.1 - 75.75.75.200 99.99.1.1 1023 99.99.1.1 - 99.99.4.255 120.120.120.100 100 120.120.120.100 - 120.120.120.199 The...
...), or you specify for example, a DNS server at an ISP). A network can also serve as a WINS server. 334 ZyWALL USG 2000 User's Guide If the DHCP client's MAC address is 255.255.255.0, the ZyWALL cannot assign 50.50.50.0 or 50.50.50.255. If not, the interface assigns IP addresses from a Pool... POOL SIZE RANGE OF ASSIGNED IP ADDRESS 50.50.50.33 5 50.50.50.33 - 50.50.50.37 75.75.75.1 200 75.75.75.1 - 75.75.75.200 99.99.1.1 1023 99.99.1.1 - 99.99.4.255 120.120.120.100 100 120.120.120.100 - 120.120.120.199 The...
User Guide
Page 524
... from the WAN zone device to the LAN zone device. Figure 382 LAN to WAN, Outbound 200 kbps, Inbound 500 kbps 524 Inbound Outbound 500 kbps 200 kbps Outbound 200 kbps ZyWALL USG 2000 User's Guide Figure 383 LAN to WAN Connection and Packet Directions LAN Connection Outbound BWM BWM Inbound...out a LAN zone interface. When you can limit an application's outbound or inbound bandwidth. For example, a LAN to WAN connection is on the ZyWALL. • Inbound traffic comes back from the LAN to a WAN zone device. The connection initiator is initiated from LAN and goes to the ...
... from the WAN zone device to the LAN zone device. Figure 382 LAN to WAN, Outbound 200 kbps, Inbound 500 kbps 524 Inbound Outbound 500 kbps 200 kbps Outbound 200 kbps ZyWALL USG 2000 User's Guide Figure 383 LAN to WAN Connection and Packet Directions LAN Connection Outbound BWM BWM Inbound...out a LAN zone interface. When you can limit an application's outbound or inbound bandwidth. For example, a LAN to WAN connection is on the ZyWALL. • Inbound traffic comes back from the LAN to a WAN zone device. The connection initiator is initiated from LAN and goes to the ...
User Guide
Page 526
...250 kbps for a total of the available bandwidth is disabled, both servers get through and not be lost, 526 ZyWALL USG 2000 User's Guide Then the ZyWALL divides the remaining bandwidth (1000 - 500 = 500) equally between the two. The priority has no effect on .../ 2 = 250 kbps for server B. Table 134 Priority Effect POLICY CONFIGURED RATE MAX. U. B. U. You should regard extreme over allotment of 200 kbps. B. Server B gets its configured rate of traffic with different priorities (as shown here) as a configuration error. Chapter 32 Application Patrol ...
...250 kbps for a total of the available bandwidth is disabled, both servers get through and not be lost, 526 ZyWALL USG 2000 User's Guide Then the ZyWALL divides the remaining bandwidth (1000 - 500 = 500) equally between the two. The priority has no effect on .../ 2 = 250 kbps for server B. Table 134 Priority Effect POLICY CONFIGURED RATE MAX. U. B. U. You should regard extreme over allotment of 200 kbps. B. Server B gets its configured rate of traffic with different priorities (as shown here) as a configuration error. Chapter 32 Application Patrol ...
User Guide
Page 528
... but it must be the lowest priority and limited so it does not interfere with SIP and HTTP traffic. Set policies for other applications to 200 kbps. This example uses 1000 Kbps. 32.1.3.2 SIP Any to WAN Bandwidth Management Example • Manage SIP traffic going to the WAN zone from...Outbound traffic (to the WAN from the WAN) is limited to lower priorities so the SIP traffic always gets the best treatment. 528 ZyWALL USG 2000 User's Guide B. B. The ZyWALL applies this limit before sending the traffic to the WAN. • Inbound traffic (to the LAN and DMZ from the LAN and DMZ...
... but it must be the lowest priority and limited so it does not interfere with SIP and HTTP traffic. Set policies for other applications to 200 kbps. This example uses 1000 Kbps. 32.1.3.2 SIP Any to WAN Bandwidth Management Example • Manage SIP traffic going to the WAN zone from...Outbound traffic (to the WAN from the WAN) is limited to lower priorities so the SIP traffic always gets the best treatment. 528 ZyWALL USG 2000 User's Guide B. B. The ZyWALL applies this limit before sending the traffic to the WAN. • Inbound traffic (to the LAN and DMZ from the LAN and DMZ...
User Guide
Page 529
... create a policy for calls coming in from the SIP server on the WAN. Figure 386 SIP Any to WAN Bandwidth Management Example Outbound: 200 kbps BWM BWM Inbound: 200 kbps 32.1.3.3 SIP WAN to lower priorities so the local users' HTTP traffic gets sent before non-SIP traffic. • Enable maximize bandwidth... to WAN policy, but with the directions reversed (WAN to Any instead of Any to WAN). 32.1.3.4 HTTP Any to WAN Bandwidth Management Example Outbound: 200 kbps BWM BWM Inbound: 500 kbps ZyWALL USG 2000 User's Guide 529
... create a policy for calls coming in from the SIP server on the WAN. Figure 386 SIP Any to WAN Bandwidth Management Example Outbound: 200 kbps BWM BWM Inbound: 200 kbps 32.1.3.3 SIP WAN to lower priorities so the local users' HTTP traffic gets sent before non-SIP traffic. • Enable maximize bandwidth... to WAN policy, but with the directions reversed (WAN to Any instead of Any to WAN). 32.1.3.4 HTTP Any to WAN Bandwidth Management Example Outbound: 200 kbps BWM BWM Inbound: 500 kbps ZyWALL USG 2000 User's Guide 529
User Guide
Page 718
...doing so. See Section 43.2.1 on page 719 and Section 43.2.2 on page 720 for more information as well. Time ZyWALL USG 2000 User's Guide The ZyWALL confirms you want to remove it is used to refer to modify the entry's settings. Start Day / This field displays...shows which settings use the entry. Table 200 Configuration > Object > Schedule LABEL DESCRIPTION One Time Add Click this screen, click Configuration > Object > Schedule. Figure 477 Configuration > Object > Schedule 718 The following table describes the labels in the ZyWALL. Object References Select an entry and click...
...doing so. See Section 43.2.1 on page 719 and Section 43.2.2 on page 720 for more information as well. Time ZyWALL USG 2000 User's Guide The ZyWALL confirms you want to remove it is used to refer to modify the entry's settings. Start Day / This field displays...shows which settings use the entry. Table 200 Configuration > Object > Schedule LABEL DESCRIPTION One Time Add Click this screen, click Configuration > Object > Schedule. Figure 477 Configuration > Object > Schedule 718 The following table describes the labels in the ZyWALL. Object References Select an entry and click...
User Guide
Page 719
... > Schedule > Edit (One Time) LABEL DESCRIPTION Configuration Name Type the name used to refer to be a number. ZyWALL USG 2000 User's Guide 719 The ZyWALL confirms you to modify the entry's settings. Start Time This field displays the time at which the schedule ends. 43.2.1...the name of the schedule, which is case-sensitive. This value is used to refer to the one . Chapter 43 Schedules Table 200 Configuration > Object > Schedule (continued) LABEL DESCRIPTION Recurring Add Click this to open a screen that shows which settings use 131 alphanumeric...
... > Schedule > Edit (One Time) LABEL DESCRIPTION Configuration Name Type the name used to refer to be a number. ZyWALL USG 2000 User's Guide 719 The ZyWALL confirms you to modify the entry's settings. Start Time This field displays the time at which the schedule ends. 43.2.1...the name of the schedule, which is case-sensitive. This value is used to refer to the one . Chapter 43 Schedules Table 200 Configuration > Object > Schedule (continued) LABEL DESCRIPTION Recurring Add Click this to open a screen that shows which settings use 131 alphanumeric...
User Guide
Page 896
... by ZyWALL features. Chapter 57 Product Specifications Table 257 ZyWALL USG 2000 Feature Specifications (continued) VERSION # FEATURE V2.10 V2.11, V2.12 V2.20 Maximum Number of Concurrent ZIP File Decompression Sessions 200 ZIP files 200 ZIP files 200 ZIP files...10 10 Ranking SSL VPN Maximum SSL VPN Connections 5 without a license 5 without a license 5 without a license 200 with license licenses come in licenses come in 50, 250 or 750 50, 250 or 750 seats seats OTHERS ... RFCs 1408, 1572 SSH server RFCs 4250, 4251, 4252, 4253, 4254 896 ZyWALL USG 2000 User's Guide
... by ZyWALL features. Chapter 57 Product Specifications Table 257 ZyWALL USG 2000 Feature Specifications (continued) VERSION # FEATURE V2.10 V2.11, V2.12 V2.20 Maximum Number of Concurrent ZIP File Decompression Sessions 200 ZIP files 200 ZIP files 200 ZIP files...10 10 Ranking SSL VPN Maximum SSL VPN Connections 5 without a license 5 without a license 5 without a license 200 with license licenses come in licenses come in 50, 250 or 750 50, 250 or 750 seats seats OTHERS ... RFCs 1408, 1572 SSH server RFCs 4250, 4251, 4252, 4253, 4254 896 ZyWALL USG 2000 User's Guide