User Guide
Page 14
... 7.12.3 Set Up a Firewall Rule 169 7.13 How to Use an IPPBX on the DMZ 170 7.13.1 Turn On the ALG ...172 7.13.2 Create the Address Objects 172 7.13.3 Setup a NAT Policy for the IPPBX 173 7.13.4 Set Up a WAN to DMZ Firewall Rule for SIP 174 7.13.5 Set Up a DMZ to LAN Firewall Rule for SIP 175 7.14 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic 176 14 ZyWALL USG 300 User's Guide
... 7.12.3 Set Up a Firewall Rule 169 7.13 How to Use an IPPBX on the DMZ 170 7.13.1 Turn On the ALG ...172 7.13.2 Create the Address Objects 172 7.13.3 Setup a NAT Policy for the IPPBX 173 7.13.4 Set Up a WAN to DMZ Firewall Rule for SIP 174 7.13.5 Set Up a DMZ to LAN Firewall Rule for SIP 175 7.14 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic 176 14 ZyWALL USG 300 User's Guide
User Guide
Page 15
... IP Address Range Object 176 7.14.2 Configure the Policy Route 177 7.15 How to Use Active-Passive Device HA 177 7.15.1 Before You Start ...178 7.15.2 Configure Device HA on the Master ZyWALL 179 7.15.3 Configure the Backup ZyWALL 181 7.15.4 Deploy the Backup ZyWALL 183 7.15.5 Check Your Device HA Setup 183 Chapter 8 L2TP VPN Example ...185 8.1 L2TP VPN Example ...185 8.2 Configuring the Default L2TP VPN Gateway Example 185 8.3 Configuring the Default L2TP VPN Connection Example 187 8.4 Configuring the L2TP VPN Settings Example 188 8.5 Configuring L2TP VPN...
... IP Address Range Object 176 7.14.2 Configure the Policy Route 177 7.15 How to Use Active-Passive Device HA 177 7.15.1 Before You Start ...178 7.15.2 Configure Device HA on the Master ZyWALL 179 7.15.3 Configure the Backup ZyWALL 181 7.15.4 Deploy the Backup ZyWALL 183 7.15.5 Check Your Device HA Setup 183 Chapter 8 L2TP VPN Example ...185 8.1 L2TP VPN Example ...185 8.2 Configuring the Default L2TP VPN Gateway Example 185 8.3 Configuring the Default L2TP VPN Connection Example 187 8.4 Configuring the L2TP VPN Settings Example 188 8.5 Configuring L2TP VPN...
User Guide
Page 55
... a white list to force user authentication. ZyWALL USG 300 User's Guide 55 Filter Profile Create and manage the detailed filtering rules for use with ZyWALLs that already have device HA setup using a firmware version earlier than 2.10. Group Create and manage groups of authenticating users. AAA Server Active Directory- Chapter 3 Web Configurator Table 7 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION ADP General Display and manage ADP bindings. Setting Manage default settings for all users, general settings for user sessions...
... a white list to force user authentication. ZyWALL USG 300 User's Guide 55 Filter Profile Create and manage the detailed filtering rules for use with ZyWALLs that already have device HA setup using a firmware version earlier than 2.10. Group Create and manage groups of authenticating users. AAA Server Active Directory- Chapter 3 Web Configurator Table 7 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION ADP General Display and manage ADP bindings. Setting Manage default settings for all users, general settings for user sessions...
User Guide
Page 56
...or file sharing objects. USB Storage Enable or disable the ZyWALL's use of band management connection through a modem connected to the AUX port. DNS Configure the DNS server and address records for an out of a connected USB storage device. WWW Service Control Configure HTTP, HTTPS, and general authentication. Configure settings for the ZyWALL. Endpoint Security Create Endpoint Security (EPS) objects. Date/Time Configure the current date, time, and time zone in Mgmt. Vantage CNM Configure and allow your ZyWALL to send. Log Setting Configure settings for PPPoE/PPTP interfaces...
...or file sharing objects. USB Storage Enable or disable the ZyWALL's use of band management connection through a modem connected to the AUX port. DNS Configure the DNS server and address records for an out of a connected USB storage device. WWW Service Control Configure HTTP, HTTPS, and general authentication. Configure settings for the ZyWALL. Endpoint Security Create Endpoint Security (EPS) objects. Date/Time Configure the current date, time, and time zone in Mgmt. Vantage CNM Configure and allow your ZyWALL to send. Log Setting Configure settings for PPPoE/PPTP interfaces...
User Guide
Page 93
... the features you should configure the member interfaces before and after you configure the ZyWALL effectively. Once you configure an object, you change an object's settings, the ZyWALL automatically updates all the firewall, application patrol, content filter, and other routers, particularly ZyNOS routers. • Section 6.4 on page 98 covers the ZyWALL's packet flow. • Section 6.5 on an interface's IP address, subnet, or gateway. For example, if you create...
... the features you should configure the member interfaces before and after you configure the ZyWALL effectively. Once you configure an object, you change an object's settings, the ZyWALL automatically updates all the firewall, application patrol, content filter, and other routers, particularly ZyNOS routers. • Section 6.4 on page 98 covers the ZyWALL's packet flow. • Section 6.5 on an interface's IP address, subnet, or gateway. For example, if you create...
User Guide
Page 125
... for authentication. 7.4.1 Set Up User Accounts The ZyWALL supports TTLS using different SSIDs. This example shows how to use the ZyWALL's local user database with WPA or WPA2 instead of needing an external RADIUS server. This lets you install the wireless LAN card. Figure 71 Configuration > Network > Interface > Trunk Chapter 7 Tutorials 7.4 How to the wireless LAN. ZyWALL USG 300 User's Guide 125 3 Select the trunk as the default trunk and click Apply. For each WLAN user, set up a user account containing the user name and password...
... for authentication. 7.4.1 Set Up User Accounts The ZyWALL supports TTLS using different SSIDs. This example shows how to use the ZyWALL's local user database with WPA or WPA2 instead of needing an external RADIUS server. This lets you install the wireless LAN card. Figure 71 Configuration > Network > Interface > Trunk Chapter 7 Tutorials 7.4 How to the wireless LAN. ZyWALL USG 300 User's Guide 125 3 Select the trunk as the default trunk and click Apply. For each WLAN user, set up a user account containing the user name and password...
User Guide
Page 246
... the screen updated. 246 ZyWALL USG 300 User's Guide This field displays the number of packets transmitted from a DHCP server. Click Renew to send a new DHCP request to a DHCP server. Chapter 10 Monitor Table 31 Monitor > System Status > Interface Status (continued) LABEL DESCRIPTION Zone This field displays the zone to which services the interface provides to connect the auxiliary interface or a PPPoE/PPTP interface. IP Assignment If this interface is currently using. This field...
... the screen updated. 246 ZyWALL USG 300 User's Guide This field displays the number of packets transmitted from a DHCP server. Click Renew to send a new DHCP request to a DHCP server. Chapter 10 Monitor Table 31 Monitor > System Status > Interface Status (continued) LABEL DESCRIPTION Zone This field displays the zone to which services the interface provides to connect the auxiliary interface or a PPPoE/PPTP interface. IP Assignment If this interface is currently using. This field...
User Guide
Page 302
... ZyWALL automatically updates the corresponding interface-based, LAN subnet address object. For example, if you can use subnet broadcasting or multicasting. To access this screen, click an Edit icon in each direction - With RIP, you configure IP address assignment, interface parameters, RIP settings, OSPF settings, DHCP settings, connectivity check, and MAC address settings. The ZyWALL supports RIP-1, RIP-2, and both . • Select which version of RIP to which the interface belongs. • Override the default link cost and authentication...
... ZyWALL automatically updates the corresponding interface-based, LAN subnet address object. For example, if you can use subnet broadcasting or multicasting. To access this screen, click an Edit icon in each direction - With RIP, you configure IP address assignment, interface parameters, RIP settings, OSPF settings, DHCP settings, connectivity check, and MAC address settings. The ZyWALL supports RIP-1, RIP-2, and both . • Select which version of RIP to which the interface belongs. • Override the default link cost and authentication...
User Guide
Page 304
... lesser number of network you must manually configure a policy route to add routing and SNAT settings for traffic it can be up to WAN traffic. These IP address fields configure an IP address on page 709. 304 ZyWALL USG 300 User's Guide External is the MAC address that the Ethernet interface uses. Specify a name for example LAN to 60 characters long. You use alphanumeric and characters, and it can be up to the default WAN trunk. If you may also need to change this interface...
... lesser number of network you must manually configure a policy route to add routing and SNAT settings for traffic it can be up to WAN traffic. These IP address fields configure an IP address on page 709. 304 ZyWALL USG 300 User's Guide External is the MAC address that the Ethernet interface uses. Specify a name for example LAN to 60 characters long. You use alphanumeric and characters, and it can be up to the default WAN trunk. If you may also need to change this interface...
User Guide
Page 306
... a specific computer, use the Static DHCP Table. Check Timeout Enter the number of DHCP service the ZyWALL provides to use the default gateway for the connectivity check. The DHCP server(s) may be blank. Specify the port number to the network. Enter the IP address of seconds between connection check attempts. If this case, the ZyWALL can assign every IP address allowed by the interface's IP address and subnet mask, except for a TCP connectivity check. DHCP Setting These fields appear when Interface Properties is a DHCP Server. DHCP Select what type of...
... a specific computer, use the Static DHCP Table. Check Timeout Enter the number of DHCP service the ZyWALL provides to use the default gateway for the connectivity check. The DHCP server(s) may be blank. Specify the port number to the network. Enter the IP address of seconds between connection check attempts. If this case, the ZyWALL can assign every IP address allowed by the interface's IP address and subnet mask, except for a TCP connectivity check. DHCP Setting These fields appear when Interface Properties is a DHCP Server. DHCP Select what type of...
User Guide
Page 321
... to manually input the APN (Access Point Name) provided by your device settings yourself. You can use one in the ZyWALL. Select Custom in seconds (0~360) that you are allowed. This field applies with a 3G card. Enter the APN from the ISP's server. ZyWALL USG 300 User's Guide 321 Extension Slot This is the PCMCIA or USB slot that elapses before the ZyWALL automatically disconnects from your service...
... to manually input the APN (Access Point Name) provided by your device settings yourself. You can use one in the ZyWALL. Select Custom in seconds (0~360) that you are allowed. This field applies with a 3G card. Enter the APN from the ISP's server. ZyWALL USG 300 User's Guide 321 Extension Slot This is the PCMCIA or USB slot that elapses before the ZyWALL automatically disconnects from your service...
User Guide
Page 331
... the Service Set with one another. Hide SSID Broadcast Select to the wireless interface at the same time. Select none to 60 characters long. Enter the IP address of wireless clients that is 1812). ZyWALL USG 300 User's Guide 331 Interface Name When you are available when you want the WLAN interface to be the same on the external authentication server and ZyWALL. Enter a password (up to 31 alphanumeric characters) as the key...
... the Service Set with one another. Hide SSID Broadcast Select to the wireless interface at the same time. Select none to 60 characters long. Enter the IP address of wireless clients that is 1812). ZyWALL USG 300 User's Guide 331 Interface Name When you are available when you want the WLAN interface to be the same on the external authentication server and ZyWALL. Enter a password (up to 31 alphanumeric characters) as the key...
User Guide
Page 339
... the device's connection immediately. The screen appears as the key to allow association) or block specific devices from the wired network after a period of the Group Key Update Timer is allowed. Setting of inactivity. Radius Server Secret Enter a password (up to 31 alphanumeric characters) as shown. You need to configure this screen. If you to give specific wireless clients exclusive access to stay connected. To display your ZyWALL's MAC filter settings, click Configuration > Network > Interface > WLAN > MAC Filter. ZyWALL USG 300 User's Guide...
... the device's connection immediately. The screen appears as the key to allow association) or block specific devices from the wired network after a period of the Group Key Update Timer is allowed. Setting of inactivity. Radius Server Secret Enter a password (up to 31 alphanumeric characters) as shown. You need to configure this screen. If you to give specific wireless clients exclusive access to stay connected. To display your ZyWALL's MAC filter settings, click Configuration > Network > Interface > WLAN > MAC Filter. ZyWALL USG 300 User's Guide...
User Guide
Page 424
... access the server. this NAT rule supports. Enter the original destination port this NAT rule supports one service. This field is available if Mapping Type is Port. Enter the end of the range of translated destination ports if this NAT rule supports a range of destination ports for the traffic it sends from the WAN to a LAN server, enabling NAT loopback allows users connected to other interfaces to packets received on the rule's specified incoming interface. 424 ZyWALL USG 300 User's Guide this NAT...
... access the server. this NAT rule supports. Enter the original destination port this NAT rule supports one service. This field is available if Mapping Type is Port. Enter the end of the range of translated destination ports if this NAT rule supports a range of destination ports for the traffic it sends from the WAN to a LAN server, enabling NAT loopback allows users connected to other interfaces to packets received on the rule's specified incoming interface. 424 ZyWALL USG 300 User's Guide this NAT...
User Guide
Page 532
... The remote user's computer establishes an HTTPS connection to the ZyWALL to Appendix D on the ZyWALL. 27.2 Remote User Login This section shows you must install or import a certificate (provided by the ZyWALL or your network administrator, you how to log in and access network resources. • the domain name or IP address of 1.6. Chapter 27 SSL User Screens System Requirements Here are shown. 532 ZyWALL USG 300 User's Guide Example screens for Internet...
... The remote user's computer establishes an HTTPS connection to the ZyWALL to Appendix D on the ZyWALL. 27.2 Remote User Login This section shows you must install or import a certificate (provided by the ZyWALL or your network administrator, you how to log in and access network resources. • the domain name or IP address of 1.6. Chapter 27 SSL User Screens System Requirements Here are shown. 532 ZyWALL USG 300 User's Guide Example screens for Internet...
User Guide
Page 721
... the management IP address and subnet mask of the ZyWALL from which the backup ZyWALL is used to manually change this port number in the Server Address field uses for authentication in the virtual router. Role This field displays which interface is the master interface in the VRRP group. The interface may use legacy mode device HA and device HA is enabled. Server Port Enter the port number that is subscribed). If the master ZyWALL changes, you have a static IP address and be connected to...
... the management IP address and subnet mask of the ZyWALL from which the backup ZyWALL is used to manually change this port number in the Server Address field uses for authentication in the virtual router. Role This field displays which interface is the master interface in the VRRP group. The interface may use legacy mode device HA and device HA is enabled. Server Port Enter the port number that is subscribed). If the master ZyWALL changes, you have a static IP address and be connected to...
User Guide
Page 839
... the domain specified in this screen. Figure 544 Configuration > System > DNS > Service Control Rule Add ZyWALL USG 300 User's Guide 839 Figure 543 Configuration > System > DNS > MX Record Add The following table describes the labels in the field above. OK Click OK to add a service control rule. IP Address/ FQDN Enter the IP address or Fully-Qualified Domain Name (FQDN) of a mail server that handles the mail for . Cancel Click Cancel...
... the domain specified in this screen. Figure 544 Configuration > System > DNS > Service Control Rule Add ZyWALL USG 300 User's Guide 839 Figure 543 Configuration > System > DNS > MX Record Add The following table describes the labels in the field above. OK Click OK to add a service control rule. IP Address/ FQDN Enter the IP address or Fully-Qualified Domain Name (FQDN) of a mail server that handles the mail for . Cancel Click Cancel...
User Guide
Page 923
... attacker, using widely-available software. It is strongly recommended that all the wireless devices in your network support. Each VLAN interface is not following the re-authentication timer setting I cannot get the auxiliary port to connect to my phone line. You have the cellular interface enabled. • Make sure the cellular interface has the correct user name, password, and PIN code configured with the correct casing. • If the ZyWALL has multiple WAN interfaces, make sure their IP addresses are...
... attacker, using widely-available software. It is strongly recommended that all the wireless devices in your network support. Each VLAN interface is not following the re-authentication timer setting I cannot get the auxiliary port to connect to my phone line. You have the cellular interface enabled. • Make sure the cellular interface has the correct user name, password, and PIN code configured with the correct casing. • If the ZyWALL has multiple WAN interfaces, make sure their IP addresses are...
User Guide
Page 981
... Stand-By DHCP Server on daylight saving. Set timezone to default. Enable daylight saving. If this interface is unlink/disconnect or link/connect, this log will be reapplied due to Device HA status is Active DHCP's DNS option:%s has changed the time zone back to Device HA status is stand-by mode for device HA, DHCP server can't be shown. The DNS option of DNS access control rules (64). Set timezone to %s. %s is rule number ZyWALL USG 300 User's Guide 981 An...
... Stand-By DHCP Server on daylight saving. Set timezone to default. Enable daylight saving. If this interface is unlink/disconnect or link/connect, this log will be reapplied due to Device HA status is Active DHCP's DNS option:%s has changed the time zone back to Device HA status is stand-by mode for device HA, DHCP server can't be shown. The DNS option of DNS access control rules (64). Set timezone to %s. %s is rule number ZyWALL USG 300 User's Guide 981 An...
User Guide
Page 1140
... 766, 767, 1051 advantages 766 and IKE SA 509 and PPPoE 368 and users 732 message types 1051 messages 1051 shared secret key 1052 user attributes 745 RADIUS server troubleshooting 932 RDP 808 real-time alert message 1015 Real-time Transport Protocol, see RTP RealVNC 808 reauthentication time 337, 339 reboot 37, 915 vs reset 915 record route 620 Reference Guide, CLI 3 registration 283 ZyWALL USG 300 User's Guide
... 766, 767, 1051 advantages 766 and IKE SA 509 and PPPoE 368 and users 732 message types 1051 messages 1051 shared secret key 1052 user attributes 745 RADIUS server troubleshooting 932 RDP 808 real-time alert message 1015 Real-time Transport Protocol, see RTP RealVNC 808 reauthentication time 337, 339 reboot 37, 915 vs reset 915 record route 620 Reference Guide, CLI 3 registration 283 ZyWALL USG 300 User's Guide