User Guide
Page 3
... to use the Web Configurator to configure the ZyWALL using the Web Configurator. E-mail techwriters@zyxel.com.tw if you cannot find specific information...ZyWALL. • Read Chapter 3 on page 51 for web browser requirements and an introduction to the main components, icons and menus in the Web Configurator. About This User's Guide About This User's Guide Intended Audience This manual...information on page 119 for ZyWALL application examples. • Subsequent chapters are needed to configure a feature and how to configure the ZyWALL. ZyWALL USG 2000 User's Guide 3 Related Documentation...
... to use the Web Configurator to configure the ZyWALL using the Web Configurator. E-mail techwriters@zyxel.com.tw if you cannot find specific information...ZyWALL. • Read Chapter 3 on page 51 for web browser requirements and an introduction to the main components, icons and menus in the Web Configurator. About This User's Guide About This User's Guide Intended Audience This manual...information on page 119 for ZyWALL application examples. • Subsequent chapters are needed to configure a feature and how to configure the ZyWALL. ZyWALL USG 2000 User's Guide 3 Related Documentation...
User Guide
Page 5
About This User's Guide See http://www.zyxel.com/web/contact_us.php for your device. • Brief description of the problem and the steps you received your device. ZyWALL USG 2000 User's Guide 5 Please have the following information ready when you contact an office. • Product model and serial number. • Warranty Information. • Date... made to differences in this book may differ slightly from the product due to ensure that you took to solve it. Disclaimer Graphics in this manual is accurate.
About This User's Guide See http://www.zyxel.com/web/contact_us.php for your device. • Brief description of the problem and the steps you received your device. ZyWALL USG 2000 User's Guide 5 Please have the following information ready when you contact an office. • Product model and serial number. • Warranty Information. • Date... made to differences in this book may differ slightly from the product due to ensure that you took to solve it. Disclaimer Graphics in this manual is accurate.
User Guide
Page 20
... Before You Begin 444 25.2 The VPN Connection Screen 444 25.2.1 The VPN Connection Add/Edit (IKE) Screen 446 25.2.2 The VPN Connection Add/Edit Manual Key Screen 453 25.3 The VPN Gateway Screen 456 25.3.1 The VPN Gateway Add/Edit Screen 457 25.4 VPN Concentrator ...465 25.4.1 IPSec VPN Concentrator...27.1 Overview ...493 27.1.1 What You Need to Know 493 27.2 Remote User Login ...494 27.3 The SSL VPN User Screens 499 27.4 Bookmarking the ZyWALL 500 27.5 Logging Out of the SSL VPN User Screens 500 Chapter 28 SSL User Application Screens 503 28.1 SSL User Application Screens Overview 503...
... Before You Begin 444 25.2 The VPN Connection Screen 444 25.2.1 The VPN Connection Add/Edit (IKE) Screen 446 25.2.2 The VPN Connection Add/Edit Manual Key Screen 453 25.3 The VPN Gateway Screen 456 25.3.1 The VPN Gateway Add/Edit Screen 457 25.4 VPN Concentrator ...465 25.4.1 IPSec VPN Concentrator...27.1 Overview ...493 27.1.1 What You Need to Know 493 27.2 Remote User Login ...494 27.3 The SSL VPN User Screens 499 27.4 Bookmarking the ZyWALL 500 27.5 Logging Out of the SSL VPN User Screens 500 Chapter 28 SSL User Application Screens 503 28.1 SSL User Application Screens Overview 503...
User Guide
Page 42
...the system processes when you apply configuration files or run shell scripts although you press the RESET button, the ZyWALL sets the configuration to network resources. 42 ZyWALL USG 2000 User's Guide Not doing so can cause the firmware to the local storage and stops the system processes.... the power to the ZyWALL. It does not turn on the power A cold start (without powering down and then manually turn off or remove the power. Table 3 Starting and Stopping the ZyWALL METHOD DESCRIPTION Turning on the power to the ZyWALL. The ZyWALL writes all cached data ...
...the system processes when you apply configuration files or run shell scripts although you press the RESET button, the ZyWALL sets the configuration to network resources. 42 ZyWALL USG 2000 User's Guide Not doing so can cause the firmware to the local storage and stops the system processes.... the power to the ZyWALL. It does not turn on the power A cold start (without powering down and then manually turn off or remove the power. Table 3 Starting and Stopping the ZyWALL METHOD DESCRIPTION Turning on the power to the ZyWALL. The ZyWALL writes all cached data ...
User Guide
Page 231
...back to the right. If the ZyWALL has already been collecting data, the collection period displays to the ZyWALL. you can click the Refresh button to update it manually in this to have to start and when to its last-saved settings. Statistics ZyWALL USG 2000 User's Guide 231 Figure 218 ...Monitor > System Status > Traffic Statistics There is not tracked here real-time, but you have the ZyWALL collect data for these reports...
...back to the right. If the ZyWALL has already been collecting data, the collection period displays to the ZyWALL. you can click the Refresh button to update it manually in this to have to start and when to its last-saved settings. Statistics ZyWALL USG 2000 User's Guide 231 Figure 218 ...Monitor > System Status > Traffic Statistics There is not tracked here real-time, but you have the ZyWALL collect data for these reports...
User Guide
Page 247
... Searching IPSec SAs A question mark (?) lets a single character in the SA life time, before the ZyWALL automatically disconnects the IPSec SA. This field displays N/A if the IPSec SA uses manual keys. Inbound (Bytes) This field displays the amount of traffic that has gone through the IPSec SA ... match. The whole VPN connection or policy name has to specify abc, acc and so on. ZyWALL USG 2000 User's Guide 247 A * in the SA. This field displays N/A if the IPSec SA uses manual keys. Outbound (Bytes) This field displays the amount of traffic that ends with "abc" and ending...
... Searching IPSec SAs A question mark (?) lets a single character in the SA life time, before the ZyWALL automatically disconnects the IPSec SA. This field displays N/A if the IPSec SA uses manual keys. Inbound (Bytes) This field displays the amount of traffic that has gone through the IPSec SA ... match. The whole VPN connection or policy name has to specify abc, acc and so on. ZyWALL USG 2000 User's Guide 247 A * in the SA. This field displays N/A if the IPSec SA uses manual keys. Outbound (Bytes) This field displays the amount of traffic that ends with "abc" and ending...
User Guide
Page 256
...to clear all web site addresses from the cache manually. Click a column's heading cell to sort the table entries by that web site. Table 47 Anti-X > Content Filter > Cache LABEL DESCRIPTION URL Cache Entry Refresh Click this , the ZyWALL queries the external content filtering database the next ... order. Remove Select one or more URL entries and click Delete to reload the list of a categorized web site address record. 256 ZyWALL USG 2000 User's Guide This allows you do this button to remove them from the cache. Chapter 10 Monitor You can remove individual entries from ...
...to clear all web site addresses from the cache manually. Click a column's heading cell to sort the table entries by that web site. Table 47 Anti-X > Content Filter > Cache LABEL DESCRIPTION URL Cache Entry Refresh Click this , the ZyWALL queries the external content filtering database the next ... order. Remove Select one or more URL entries and click Delete to reload the list of a categorized web site address record. 256 ZyWALL USG 2000 User's Guide This allows you do this button to remove them from the cache. Chapter 10 Monitor You can remove individual entries from ...
User Guide
Page 286
...Settings General Settings Enable Interface Select this to enable this interface to the default WAN trunk. When you must manually configure a policy route to the interface. The ZyWALL automatically adds this interface. This is the name of the screen's options do not automatically adjust and you ...your LAN interface, you will connect this button to belong. These IP address fields configure an IP address on page 667. 286 ZyWALL USG 2000 User's Guide If you may also need to change this interface is for traffic flowing from internal interfaces to an external interface....
...Settings General Settings Enable Interface Select this to enable this interface to the default WAN trunk. When you must manually configure a policy route to the interface. The ZyWALL automatically adds this interface. This is the name of the screen's options do not automatically adjust and you ...your LAN interface, you will connect this button to belong. These IP address fields configure an IP address on page 667. 286 ZyWALL USG 2000 User's Guide If you may also need to change this interface is for traffic flowing from internal interfaces to an external interface....
User Guide
Page 287
... specify the IP address, subnet mask, and gateway manually. ZyWALL USG 2000 User's Guide 287 Gateway This option appears when Interface Properties is External or General. The ZyWALL resumes routing to its destination. Select icmp to have the ZyWALL regularly perform a TCP handshake with the gateway you ... value is reserved for all computers in dot decimal notation. Ingress Bandwidth This is 1500. If a larger packet arrives, the ZyWALL divides it is still available. Type the maximum size of the gateway (if any) on the connection check. Metric This option...
... specify the IP address, subnet mask, and gateway manually. ZyWALL USG 2000 User's Guide 287 Gateway This option appears when Interface Properties is External or General. The ZyWALL resumes routing to its destination. Select icmp to have the ZyWALL regularly perform a TCP handshake with the gateway you ... value is reserved for all computers in dot decimal notation. Ingress Bandwidth This is 1500. If a larger packet arrives, the ZyWALL divides it is still available. Type the maximum size of the gateway (if any) on the connection check. Metric This option...
User Guide
Page 289
...at least one of this interface. The WINS server keeps a mapping table of static IP addresses the ZyWALL assigns to computers connected to the interface. Choices are valid. days, hours, and minutes - This ...the IP address) before it . From ISP - ZyWALL USG 2000 User's Guide 289 This number must also be able to modify it has to request the information again. ZyWALL - select this field is not associated with a ...Start Address is bound to another interface received from manually using the interface's IP Pool Start Address and Pool Size. select this to allocate.
...at least one of this interface. The WINS server keeps a mapping table of static IP addresses the ZyWALL assigns to computers connected to the interface. Choices are valid. days, hours, and minutes - This ...the IP address) before it . From ISP - ZyWALL USG 2000 User's Guide 289 This number must also be able to modify it has to request the information again. ZyWALL - select this field is not associated with a ...Start Address is bound to another interface received from manually using the interface's IP Pool Start Address and Pool Size. select this to allocate.
User Guide
Page 291
.... The fields shown vary with the Interface Type set this option to configure a VLAN interface for MD5 authentication. The password can manually associate traffic with an Interface Type of alphanumeric characters and the underscore, and it is successfully configured, the address will not change ...255. Configure Policy Route Click Policy Route to go to a screen where you want to have the interface use a different MAC address. ZyWALL USG 2000 User's Guide 291 Once it can set to add routing and SNAT settings for an interface with the type of another device or computer...
.... The fields shown vary with the Interface Type set this option to configure a VLAN interface for MD5 authentication. The password can manually associate traffic with an Interface Type of alphanumeric characters and the underscore, and it is successfully configured, the address will not change ...255. Configure Policy Route Click Policy Route to go to a screen where you want to have the interface use a different MAC address. ZyWALL USG 2000 User's Guide 291 Once it can set to add routing and SNAT settings for an interface with the type of another device or computer...
User Guide
Page 294
...and click Disconnect. Inactivate To turn on page 291 for a Dial-on-Demand PPPoE/PPTP interface. You might use this to manually establish the connection for an example. # This field is a sequential value, and it and click Inactivate. Disconnect To disconnect an... it and click Connect. Table 61 Configuration > Network > Interface > PPP LABEL DESCRIPTION User Configuration / System Default The ZyWALL comes with any interface. 294 ZyWALL USG 2000 User's Guide You can modify the entry's settings. Connect To connect an interface, select it and click Remove. Object ...
...and click Disconnect. Inactivate To turn on page 291 for a Dial-on-Demand PPPoE/PPTP interface. You might use this to manually establish the connection for an example. # This field is a sequential value, and it and click Inactivate. Disconnect To disconnect an... it and click Connect. Table 61 Configuration > Network > Interface > PPP LABEL DESCRIPTION User Configuration / System Default The ZyWALL comes with any interface. 294 ZyWALL USG 2000 User's Guide You can modify the entry's settings. Connect To connect an interface, select it and click Remove. Object ...
User Guide
Page 297
... PPPoE/PPTP connection only when there is little traffic through the interface or it can use based on page 761 for this priority. ZyWALL USG 2000 User's Guide 297 You might use alphanumeric and characters, and it costs money to keep the connection up to 11 characters long. ... read -only. It displays the user name for the interface. Metric Enter the IP address for details). The ZyWALL decides which this if you want to specify the IP address manually. Interface Properties Interface Name Specify a name for the ISP account. It is read -only. The subnet mask...
... PPPoE/PPTP connection only when there is little traffic through the interface or it can use based on page 761 for this priority. ZyWALL USG 2000 User's Guide 297 You might use alphanumeric and characters, and it costs money to keep the connection up to 11 characters long. ... read -only. It displays the user name for the interface. Metric Enter the IP address for details). The ZyWALL decides which this if you want to specify the IP address manually. Interface Properties Interface Name Specify a name for the ISP account. It is read -only. The subnet mask...
User Guide
Page 298
... available. Gateway Check this address Select this to turn on the connection check. Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can manually configure a policy route to use for a TCP connectivity check. Connectivity Check The interface can configure the interface as part of a WAN trunk for... Configuration > Network > Interface > PPP > Add (continued) LABEL DESCRIPTION Interface Parameters Egress Bandwidth Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can move through this interface. 298 ZyWALL USG 2000 User's Guide
... available. Gateway Check this address Select this to turn on the connection check. Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can manually configure a policy route to use for a TCP connectivity check. Connectivity Check The interface can configure the interface as part of a WAN trunk for... Configuration > Network > Interface > PPP > Add (continued) LABEL DESCRIPTION Interface Parameters Egress Bandwidth Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can move through this interface. 298 ZyWALL USG 2000 User's Guide
User Guide
Page 301
...the ZyWALL. See Section 13.3.2 on an entry, select it and click Disconnect. Click Reset to return the screen to its last-saved settings. 13.5.1 Cellular Add/Edit Screen To change your changes back to manually establish ...cellular card is not associated with any interface. This field displays the profile of ISP settings that this screen. The ZyWALL confirms you want to save your 3G settings, click Configuration > Network > Interface > Cellular > Add (or Edit... > Network > Interface > Cellular Chapter 13 Interfaces The following screen displays. ZyWALL USG 2000 User's Guide 301
...the ZyWALL. See Section 13.3.2 on an entry, select it and click Disconnect. Click Reset to return the screen to its last-saved settings. 13.5.1 Cellular Add/Edit Screen To change your changes back to manually establish ...cellular card is not associated with any interface. This field displays the profile of ISP settings that this screen. The ZyWALL confirms you want to save your 3G settings, click Configuration > Network > Interface > Cellular > Add (or Edit... > Network > Interface > Cellular Chapter 13 Interfaces The following screen displays. ZyWALL USG 2000 User's Guide 301
User Guide
Page 303
... Select this if the connection should always be up to belong. It is the PCMCIA or USB slot that elapses before the ZyWALL automatically disconnects from your service provider. Connectivity Nailed-Up Select this option to display a greater or lesser number of device settings..... You might not nail up to manually input the APN (Access Point Name) provided by your service provider. This field is little traffic through the interface or if it costs money to use alphanumeric and characters, and it displays none. ZyWALL USG 2000 User's Guide 303 Table 65 Configuration...
... Select this if the connection should always be up to belong. It is the PCMCIA or USB slot that elapses before the ZyWALL automatically disconnects from your service provider. Connectivity Nailed-Up Select this option to display a greater or lesser number of device settings..... You might not nail up to manually input the APN (Access Point Name) provided by your service provider. This field is little traffic through the interface or if it costs money to use alphanumeric and characters, and it displays none. ZyWALL USG 2000 User's Guide 303 Table 65 Configuration...
User Guide
Page 306
... this option if you do this if you to select the type of network available to you configure and enable budget control, the ZyWALL resets the statistics. 306 ZyWALL USG 2000 User's Guide Enable Budget Control Select UMTS / HSDPA (WCDMA) only to have a GSM network available to you, you in hours) that ... with your 3G service provider to find the 3G service available to you may want to select this so the ZyWALL does not spend time looking for the user account of network to manually specify the type of the installed 3G card. If you change the value after you . The...
... this option if you do this if you to select the type of network available to you configure and enable budget control, the ZyWALL resets the statistics. 306 ZyWALL USG 2000 User's Guide Enable Budget Control Select UMTS / HSDPA (WCDMA) only to have a GSM network available to you, you in hours) that ... with your 3G service provider to find the 3G service available to you may want to select this so the ZyWALL does not spend time looking for the user account of network to manually specify the type of the installed 3G card. If you change the value after you . The...
User Guide
Page 313
... You should be up to turn this to 60 characters long. Select this button to specify the IP address, subnet mask, and gateway manually. This field is enabled if you are reserved.) Enter a description of configuration Settings / Hide fields. Enter the subnet mask of the gateway...the DHCP server configures the IP address, subnet mask, and gateway automatically. See Chapter 39 on the ZyWALL. Enter the IP address for all computers in the network. ZyWALL USG 2000 User's Guide 313 Advance Settings General Settings Enable Interface Select this interface on the same network as ...
... You should be up to turn this to 60 characters long. Select this button to specify the IP address, subnet mask, and gateway manually. This field is enabled if you are reserved.) Enter a description of configuration Settings / Hide fields. Enter the subnet mask of the gateway...the DHCP server configures the IP address, subnet mask, and gateway automatically. See Chapter 39 on the ZyWALL. Enter the IP address for all computers in the network. ZyWALL USG 2000 User's Guide 313 Advance Settings General Settings Enable Interface Select this interface on the same network as ...
User Guide
Page 316
...2, and 1 and 2. This interface receives routing information. otherwise, the ZyWALL uses multicasting. 316 ZyWALL USG 2000 User's Guide Enable Logs for IP/MAC Binding Violation Select this option to have the ZyWALL enforce links between specific IP addresses and specific MAC addresses for sending RIP... packets. Select the RIP direction from manually using the interface...
...2, and 1 and 2. This interface receives routing information. otherwise, the ZyWALL uses multicasting. 316 ZyWALL USG 2000 User's Guide Enable Logs for IP/MAC Binding Violation Select this option to have the ZyWALL enforce links between specific IP addresses and specific MAC addresses for sending RIP... packets. Select the RIP direction from manually using the interface...
User Guide
Page 317
... the DR or BDR. Link Cost Enter the cost (between 1 and 65,535) to route packets through this VLAN. The ID can manually configure a policy route to 16 characters long. ID MD5 Authentication Key This field is available if the Authentication is MD5. Related Setting Configure...go to the screen where you must use the same authentication method that they use the default authentication method in the area None - ZyWALL USG 2000 User's Guide 317 OK Click OK to save your changes back to stop forwarding OSPF routing information from the selected interface. The ...
... the DR or BDR. Link Cost Enter the cost (between 1 and 65,535) to route packets through this VLAN. The ID can manually configure a policy route to 16 characters long. ID MD5 Authentication Key This field is available if the Authentication is MD5. Related Setting Configure...go to the screen where you must use the same authentication method that they use the default authentication method in the area None - ZyWALL USG 2000 User's Guide 317 OK Click OK to save your changes back to stop forwarding OSPF routing information from the selected interface. The ...