User Guide
Page 3
E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide, use the Contents Overview, the Table of features available on the ZyWALL. • Read Chapter 3 on page 51 for web browser requirements and an introduction to the main components, icons... It also contains a connection diagram and package contents list. • CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL. ZyWALL USG 2000 User's Guide 3 How To Use This Guide • Read Chapter 1 on page 33 chapter for an overview of Contents, ...
E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide, use the Contents Overview, the Table of features available on the ZyWALL. • Read Chapter 3 on page 51 for web browser requirements and an introduction to the main components, icons... It also contains a connection diagram and package contents list. • CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL. ZyWALL USG 2000 User's Guide 3 How To Use This Guide • Read Chapter 1 on page 33 chapter for an overview of Contents, ...
User Guide
Page 4
... icon in any screen for help is a collection of answers to : techwriters@zyxel.com.tw Thank you bought the device. 4 ZyWALL USG 2000 User's Guide Documentation Feedback Send your experiences as well. Need More Help? If you cannot contact your vendor, then contact a ZyXEL office for the latest product updates and documentation from others who use your...
... icon in any screen for help is a collection of answers to : techwriters@zyxel.com.tw Thank you bought the device. 4 ZyWALL USG 2000 User's Guide Documentation Feedback Send your experiences as well. Need More Help? If you cannot contact your vendor, then contact a ZyXEL office for the latest product updates and documentation from others who use your...
User Guide
Page 5
... due to ensure that you received your device. • Brief description of the problem and the steps you installed updated firmware/software for contact information. ZyWALL USG 2000 User's Guide 5 About This User's Guide See http://www.zyxel.com/web/contact_us.php for your device.
... due to ensure that you received your device. • Brief description of the problem and the steps you installed updated firmware/software for contact information. ZyWALL USG 2000 User's Guide 5 About This User's Guide See http://www.zyxel.com/web/contact_us.php for your device.
User Guide
Page 6
...other important information (for instance", and "i.e.," means "that could harm you or your keyboard. • "Enter" means for you other words". 6 ZyWALL USG 2000 User's Guide For example, Maintenance > Log > Log Setting means you to use one or more characters and then press the [ENTER] key. "Select" or ... example, "k" for kilo may denote "1000" or "1024", "M" for mega may be referred to as the "ZyWALL", the "device", the "system" or the "product" in this User's Guide. Note: Notes tell you to type one of measurement may denote the "metric" value or the "scientific" value....
...other important information (for instance", and "i.e.," means "that could harm you or your keyboard. • "Enter" means for you other words". 6 ZyWALL USG 2000 User's Guide For example, Maintenance > Log > Log Setting means you to use one or more characters and then press the [ENTER] key. "Select" or ... example, "k" for kilo may denote "1000" or "1024", "M" for mega may be referred to as the "ZyWALL", the "device", the "system" or the "product" in this User's Guide. Note: Notes tell you to type one of measurement may denote the "metric" value or the "scientific" value....
User Guide
Page 7
ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL USG 2000 User's Guide 7 The ZyWALL icon is not an exact representation of your device. Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons.
ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL USG 2000 User's Guide 7 The ZyWALL icon is not an exact representation of your device. Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons.
User Guide
Page 8
.... • If the power adaptor or cord is damaged as insufficient airflow may harm your device. ONLY qualified service personnel should not be treated separately. 8 ZyWALL USG 2000 User's Guide Opening or removing covers can walk on the power adaptor or cord. • Do NOT use the device if the power adaptor or cord is...
.... • If the power adaptor or cord is damaged as insufficient airflow may harm your device. ONLY qualified service personnel should not be treated separately. 8 ZyWALL USG 2000 User's Guide Opening or removing covers can walk on the power adaptor or cord. • Do NOT use the device if the power adaptor or cord is...
User Guide
Page 9
Contents Overview Contents Overview User's Guide ...31 Introducing the ZyWALL ...33 Features and Applications ...43 Web Configurator ...51 Installation Setup Wizard ...67 Quick Setup ...77 Configuration Basics ...95 Tutorials ...119 L2TP... HTTP Redirect ...397 ALG ...401 IP/MAC Binding ...409 Authentication Policy ...415 Firewall ...423 IPSec VPN ...441 SSL VPN ...481 SSL User Screens ...493 SSL User Application Screens 503 SSL User File Sharing ...505 ZyWALL SecuExtender ...513 L2TP VPN ...517 Application Patrol ...521 Anti-Virus ...547 IDP ...563 ADP ...597 ZyWALL USG 2000 User's Guide 9
Contents Overview Contents Overview User's Guide ...31 Introducing the ZyWALL ...33 Features and Applications ...43 Web Configurator ...51 Installation Setup Wizard ...67 Quick Setup ...77 Configuration Basics ...95 Tutorials ...119 L2TP... HTTP Redirect ...397 ALG ...401 IP/MAC Binding ...409 Authentication Policy ...415 Firewall ...423 IPSec VPN ...441 SSL VPN ...481 SSL User Screens ...493 SSL User Application Screens 503 SSL User File Sharing ...505 ZyWALL SecuExtender ...513 L2TP VPN ...517 Application Patrol ...521 Anti-Virus ...547 IDP ...563 ADP ...597 ZyWALL USG 2000 User's Guide 9
User Guide
Page 10
Contents Overview Content Filtering ...617 Content Filter Reports ...641 Anti-Spam ...649 Device HA ...667 User/Group ...689 Addresses ...705 Services ...711 Schedules ...717 AAA Server ...723 Authentication Method ...733 Certificates ...739 ISP Accounts ...761 SSL Application ...765 Endpoint Security ...773 System ...783 Log and Report ...833 File Manager ...847 Diagnostics ...859 Reboot ...865 Shutdown ...867 Troubleshooting ...869 Product Specifications ...891 10 ZyWALL USG 2000 User's Guide
Contents Overview Content Filtering ...617 Content Filter Reports ...641 Anti-Spam ...649 Device HA ...667 User/Group ...689 Addresses ...705 Services ...711 Schedules ...717 AAA Server ...723 Authentication Method ...733 Certificates ...739 ISP Accounts ...761 SSL Application ...765 Endpoint Security ...773 System ...783 Log and Report ...833 File Manager ...847 Diagnostics ...859 Reboot ...865 Shutdown ...867 Troubleshooting ...869 Product Specifications ...891 10 ZyWALL USG 2000 User's Guide
User Guide
Page 11
... ...39 1.4 Management Overview ...40 1.5 Starting and Stopping the ZyWALL 41 Chapter 2 Features and Applications ...43 2.1 Features ...43 2.2 Applications ...45 2.2.1 VPN Connectivity ...46 2.2.2 SSL VPN Network Access 46 2.2.3 User-Aware Access Control 48 2.2.4 Multiple WAN Interfaces 48 2.2.5 Device HA ...49 Chapter 3 Web Configurator...51 3.1 Web Configurator Requirements 51 3.2 Web Configurator Access ...51 ZyWALL USG 2000 User's Guide 11
... ...39 1.4 Management Overview ...40 1.5 Starting and Stopping the ZyWALL 41 Chapter 2 Features and Applications ...43 2.1 Features ...43 2.2 Applications ...45 2.2.1 VPN Connectivity ...46 2.2.2 SSL VPN Network Access 46 2.2.3 User-Aware Access Control 48 2.2.4 Multiple WAN Interfaces 48 2.2.5 Device HA ...49 Chapter 3 Web Configurator...51 3.1 Web Configurator Requirements 51 3.2 Web Configurator Access ...51 ZyWALL USG 2000 User's Guide 11
User Guide
Page 12
... 5.5.2 VPN Express Wizard - Finish 88 5.5.4 VPN Advanced Wizard - Finish 94 Chapter 6 Configuration Basics...95 6.1 Object-based Configuration 95 6.2 Zones, Interfaces, and Physical Ports 96 12 ZyWALL USG 2000 User's Guide Scenario 89 5.5.5 VPN Advanced Wizard - Table of Contents 3.3 Web Configurator Screens Overview 53 3.3.1 Title Bar ...54 3.3.2 Navigation Panel ...54 3.3.3 Main Window ...60 3.3.4 Tables and Lists...
... 5.5.2 VPN Express Wizard - Finish 88 5.5.4 VPN Advanced Wizard - Finish 94 Chapter 6 Configuration Basics...95 6.1 Object-based Configuration 95 6.2 Zones, Interfaces, and Physical Ports 96 12 ZyWALL USG 2000 User's Guide Scenario 89 5.5.5 VPN Advanced Wizard - Table of Contents 3.3 Web Configurator Screens Overview 53 3.3.1 Title Bar ...54 3.3.2 Navigation Panel ...54 3.3.3 Main Window ...60 3.3.4 Tables and Lists...
User Guide
Page 13
...6.5.21 ADP ...112 6.5.22 Content Filter ...112 6.5.23 Anti-Spam ...113 6.5.24 Device HA ...113 6.6 Objects ...114 6.6.1 User/Group ...114 6.7 System ...115 6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in the ZyWALL 99 6.4 Packet Flow ...100 6.4.1 ZLD 2.20 Packet Flow Enhancements 100 6.4.2 Routing Table Checking Flow Enhancements 101 6.4.3 NAT Table Checking...and Zone Configuration 98 6.3 Terminology in Mgmt, Vantage CNM 115 6.7.2 Logs and Reports ...116 6.7.3 File Manager ...116 6.7.4 Diagnostics ...116 6.7.5 Shutdown ...116 Chapter 7 Tutorials ...119 ZyWALL USG 2000 User's Guide 13
...6.5.21 ADP ...112 6.5.22 Content Filter ...112 6.5.23 Anti-Spam ...113 6.5.24 Device HA ...113 6.6 Objects ...114 6.6.1 User/Group ...114 6.7 System ...115 6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in the ZyWALL 99 6.4 Packet Flow ...100 6.4.1 ZLD 2.20 Packet Flow Enhancements 100 6.4.2 Routing Table Checking Flow Enhancements 101 6.4.3 NAT Table Checking...and Zone Configuration 98 6.3 Terminology in Mgmt, Vantage CNM 115 6.7.2 Logs and Reports ...116 6.7.3 File Manager ...116 6.7.4 Diagnostics ...116 6.7.5 Shutdown ...116 Chapter 7 Tutorials ...119 ZyWALL USG 2000 User's Guide 13
User Guide
Page 14
... 135 7.6.4 Web Surfing Policies With Bandwidth Restrictions 137 7.6.5 Set Up MSN Policies 140 7.6.6 Set Up Firewall Rules 141 7.7 How to Use a RADIUS Server to Authenticate User Accounts based on Groups 142 7.8 How to Use Endpoint Security and Authentication Policies 144 7.8.1 Configure the Endpoint Security Objects 144 7.8.2 Configure the Authentication Policy 146... WAN IP Addresses for LAN to WAN Traffic 163 7.13.1 Create the Public IP Address Range Object 163 7.13.2 Configure the Policy Route 164 14 ZyWALL USG 2000 User's Guide
... 135 7.6.4 Web Surfing Policies With Bandwidth Restrictions 137 7.6.5 Set Up MSN Policies 140 7.6.6 Set Up Firewall Rules 141 7.7 How to Use a RADIUS Server to Authenticate User Accounts based on Groups 142 7.8 How to Use Endpoint Security and Authentication Policies 144 7.8.1 Configure the Endpoint Security Objects 144 7.8.2 Configure the Authentication Policy 146... WAN IP Addresses for LAN to WAN Traffic 163 7.13.1 Create the Public IP Address Range Object 163 7.13.2 Configure the Policy Route 164 14 ZyWALL USG 2000 User's Guide
User Guide
Page 15
... Login Users Screen 220 Chapter 10 Monitor...223 10.1 Overview ...223 10.1.1 What You Can Do in this Chapter 223 10.2 The Port Statistics Screen 224 10.2.1 The Port Statistics Graph Screen 226 10.3 Interface Status Screen 227 10.4 The Traffic Statistics Screen 230 10.5 The Session Monitor Screen 233 ZyWALL USG 2000 User's Guide 15
... Login Users Screen 220 Chapter 10 Monitor...223 10.1 Overview ...223 10.1.1 What You Can Do in this Chapter 223 10.2 The Port Statistics Screen 224 10.2.1 The Port Statistics Graph Screen 226 10.3 Interface Status Screen 227 10.4 The Traffic Statistics Screen 230 10.5 The Session Monitor Screen 233 ZyWALL USG 2000 User's Guide 15
User Guide
Page 16
Table of Contents 10.6 The DDNS Status Screen 236 10.7 IP/MAC Binding Monitor 236 10.8 The Login Users Screen 238 10.9 Cellular Status Screen ...239 10.10 Application Patrol Statistics 241 10.10.1 Application Patrol Statistics: General Setup 241 10.10.2 Application Patrol ... Chapter 13 Interfaces ...277 13.1 Interface Overview ...277 13.1.1 What You Can Do in this Chapter 277 13.1.2 What You Need to Know 278 16 ZyWALL USG 2000 User's Guide
Table of Contents 10.6 The DDNS Status Screen 236 10.7 IP/MAC Binding Monitor 236 10.8 The Login Users Screen 238 10.9 Cellular Status Screen ...239 10.10 Application Patrol Statistics 241 10.10.1 Application Patrol Statistics: General Setup 241 10.10.2 Application Patrol ... Chapter 13 Interfaces ...277 13.1 Interface Overview ...277 13.1.1 What You Can Do in this Chapter 277 13.1.2 What You Need to Know 278 16 ZyWALL USG 2000 User's Guide
User Guide
Page 17
... 15.2.1 Policy Route Edit Screen 353 15.3 IP Static Route Screen ...357 15.3.1 Static Route Add/Edit Screen 358 15.4 Policy Routing Technical Reference 359 ZyWALL USG 2000 User's Guide 17
... 15.2.1 Policy Route Edit Screen 353 15.3 IP Static Route Screen ...357 15.3.1 Static Route Add/Edit Screen 358 15.4 Policy Routing Technical Reference 359 ZyWALL USG 2000 User's Guide 17
User Guide
Page 18
....1 Overview ...397 20.1.1 What You Can Do in this Chapter 397 20.1.2 What You Need to Know 398 20.2 The HTTP Redirect Screen 399 18 ZyWALL USG 2000 User's Guide
....1 Overview ...397 20.1.1 What You Can Do in this Chapter 397 20.1.2 What You Need to Know 398 20.2 The HTTP Redirect Screen 399 18 ZyWALL USG 2000 User's Guide
User Guide
Page 19
....2.2 The Firewall Add/Edit Screen 435 24.3 The Session Limit Screen 436 24.3.1 The Session Limit Add/Edit Screen 438 Chapter 25 IPSec VPN...441 ZyWALL USG 2000 User's Guide 19
....2.2 The Firewall Add/Edit Screen 435 24.3 The Session Limit Screen 436 24.3.1 The Session Limit Add/Edit Screen 438 Chapter 25 IPSec VPN...441 ZyWALL USG 2000 User's Guide 19
User Guide
Page 20
... 27.2 Remote User Login ...494 27.3 The SSL VPN User Screens 499 27.4 Bookmarking the ZyWALL 500 27.5 Logging Out of the SSL VPN User Screens 500 Chapter 28 SSL User Application Screens 503 28.1 SSL User Application Screens Overview 503 28.2 The Application Screen 503 Chapter 29 SSL User File Sharing ...505 29.1 Overview ...505 20 ZyWALL USG 2000 User's Guide
... 27.2 Remote User Login ...494 27.3 The SSL VPN User Screens 499 27.4 Bookmarking the ZyWALL 500 27.5 Logging Out of the SSL VPN User Screens 500 Chapter 28 SSL User Application Screens 503 28.1 SSL User Application Screens Overview 503 28.2 The Application Screen 503 Chapter 29 SSL User File Sharing ...505 29.1 Overview ...505 20 ZyWALL USG 2000 User's Guide
User Guide
Page 21
...Renaming a File or Folder 510 29.6 Deleting a File or Folder 510 29.7 Uploading a File ...511 Chapter 30 ZyWALL SecuExtender...513 30.1 The ZyWALL SecuExtender Icon 513 30.2 Statistics ...514 30.3 View Log ...515 30.4 Suspend and Resume the Connection 515 30.5 Stop... the Connection ...516 30.6 Uninstalling the ZyWALL SecuExtender 516 Chapter 31 L2TP VPN...517 31.1 Overview ...517 31.1.1 What You Can Do in this Chapter 517 ... 33.1 Overview ...547 33.1.1 What You Can Do in this Chapter 547 ZyWALL USG 2000 User's Guide 21
...Renaming a File or Folder 510 29.6 Deleting a File or Folder 510 29.7 Uploading a File ...511 Chapter 30 ZyWALL SecuExtender...513 30.1 The ZyWALL SecuExtender Icon 513 30.2 Statistics ...514 30.3 View Log ...515 30.4 Suspend and Resume the Connection 515 30.5 Stop... the Connection ...516 30.6 Uninstalling the ZyWALL SecuExtender 516 Chapter 31 L2TP VPN...517 31.1 Overview ...517 31.1.1 What You Can Do in this Chapter 517 ... 33.1 Overview ...547 33.1.1 What You Can Do in this Chapter 547 ZyWALL USG 2000 User's Guide 21
User Guide
Page 22
....1 Overview ...597 35.1.1 ADP and IDP Comparison 597 35.1.2 What You Can Do in this Chapter 597 35.1.3 What You Need To Know 597 22 ZyWALL USG 2000 User's Guide
....1 Overview ...597 35.1.1 ADP and IDP Comparison 597 35.1.2 What You Can Do in this Chapter 597 35.1.3 What You Need To Know 597 22 ZyWALL USG 2000 User's Guide