User Guide
Page 5
.... • Date that the information in this book may differ slightly from the product due to solve it. About This User's Guide See http://www.zyxel.com/web/contact_us.php for your device. • Brief description of the problem and the steps you installed updated firmware/software for contact information. ZyWALL USG 300 User's Guide 5
.... • Date that the information in this book may differ slightly from the product due to solve it. About This User's Guide See http://www.zyxel.com/web/contact_us.php for your device. • Brief description of the problem and the steps you installed updated firmware/software for contact information. ZyWALL USG 300 User's Guide 5
User Guide
Page 28
... ...893 52.1.1 What You Can Do in this Chapter 893 52.1.2 What you Need to Know 893 52.2 The Configuration File Screen 896 52.3 The Firmware Package Screen 900 52.4 The Shell Script Screen 902 Chapter 53 Diagnostics...905 53.1 Overview ...905 53.1.1 What You Can Do in this Chapter 905....3.2 Example of Viewing a Packet Capture File 911 53.4 Core Dump Screen ...912 53.4.1 Core Dump Files Screen 912 53.5 The System Log Screen 913 28 ZyWALL USG 300 User's Guide
... ...893 52.1.1 What You Can Do in this Chapter 893 52.1.2 What you Need to Know 893 52.2 The Configuration File Screen 896 52.3 The Firmware Package Screen 900 52.4 The Shell Script Screen 902 Chapter 53 Diagnostics...905 53.1 Overview ...905 53.1.1 What You Can Do in this Chapter 905....3.2 Example of Viewing a Packet Capture File 911 53.4 Core Dump Screen ...912 53.4.1 Core Dump Files Screen 912 53.5 The System Log Screen 913 28 ZyWALL USG 300 User's Guide
User Guide
Page 37
...> Shutdown or using the shutdown command writes all cached data to its default values and then reboots. ZyWALL USG 300 User's Guide 37 Chapter 1 Introducing the ZyWALL 1.5 Starting and Stopping the ZyWALL Here are some of the ways to start the system processes when you apply configuration files or run ... start occurs when you turn off the ZyWALL or remove the power. Using the RESET button If you turn on the power A cold start . The ZyWALL simply turns off the power to the ZyWALL. Not doing so can cause the firmware to the local storage and stops the system...
...> Shutdown or using the shutdown command writes all cached data to its default values and then reboots. ZyWALL USG 300 User's Guide 37 Chapter 1 Introducing the ZyWALL 1.5 Starting and Stopping the ZyWALL Here are some of the ways to start the system processes when you apply configuration files or run ... start occurs when you turn off the ZyWALL or remove the power. Using the RESET button If you turn on the power A cold start . The ZyWALL simply turns off the power to the ZyWALL. Not doing so can cause the firmware to the local storage and stops the system...
User Guide
Page 51
...Use the menu items on the dashboard. Released Date This shows the date (yyyy-mm-dd) and time (hh:mm:ss) when the firmware is released. The following table describes labels that you can appear in this to resize them. Figure 16 Navigation Panel 3.3.2.1 Dashboard The dashboard ... licensed service status, and interface status in the middle of the right edge of the ZyWALL. OK Click this screen. Click the arrow in widgets that can re-arrange to configure ZyWALL features. ZyWALL USG 300 User's Guide 51 See Chapter 9 on page 225 for details on the navigation panel ...
...Use the menu items on the dashboard. Released Date This shows the date (yyyy-mm-dd) and time (hh:mm:ss) when the firmware is released. The following table describes labels that you can appear in this to resize them. Figure 16 Navigation Panel 3.3.2.1 Dashboard The dashboard ... licensed service status, and interface status in the middle of the right edge of the ZyWALL. OK Click this screen. Click the arrow in widgets that can re-arrange to configure ZyWALL features. ZyWALL USG 300 User's Guide 51 See Chapter 9 on page 225 for details on the navigation panel ...
User Guide
Page 55
...-spam on or off and manage anti-spam policies. AAA Server Active Directory- Auth. Method Create and manage ways of users. ZyWALL USG 300 User's Guide 55 Chapter 3 Web Configurator Table 7 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION ADP General Display... Mode Configure active-passive mode device HA. Legacy Mode Configure legacy mode device HA for use with ZyWALLs that already have device HA setup using a firmware version earlier than 2.10. Group Create and manage groups of authenticating users. Service Service Create and manage...
...-spam on or off and manage anti-spam policies. AAA Server Active Directory- Auth. Method Create and manage ways of users. ZyWALL USG 300 User's Guide 55 Chapter 3 Web Configurator Table 7 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION ADP General Display... Mode Configure active-passive mode device HA. Legacy Mode Configure legacy mode device HA for use with ZyWALLs that already have device HA setup using a firmware version earlier than 2.10. Group Create and manage groups of authenticating users. Service Service Create and manage...
User Guide
Page 57
... menu screens to manage configuration and firmware files, run shell script files for the ZyWALL. Diagnostics Diagnostic Collect diagnostic information. Packet Capture Capture packets for the ZyWALL. The main window screens are discussed in a popup window. Figure 17 Warning Message ZyWALL USG 300 User's Guide 57 Shutdown Turn off the ZyWALL. 3.3.3 Main Window The main window shows...
... menu screens to manage configuration and firmware files, run shell script files for the ZyWALL. Diagnostics Diagnostic Collect diagnostic information. Packet Capture Capture packets for the ZyWALL. The main window screens are discussed in a popup window. Figure 17 Warning Message ZyWALL USG 300 User's Guide 57 Shutdown Turn off the ZyWALL. 3.3.3 Main Window The main window shows...
User Guide
Page 99
...NAT. Even with the earlier 2.1x firmware's routing table.The checking flow is from the previous version. 6.4.2 Routing Table Checking Flow Enhancements When the ZyWALL receives packets it examines the packets and determines how to bottom. ZyWALL USG 300 User's Guide 99 The following figure ...shows how the ZLD 2.20 firmware's routing table compares with these changes, you can override ...
...NAT. Even with the earlier 2.1x firmware's routing table.The checking flow is from the previous version. 6.4.2 Routing Table Checking Flow Enhancements When the ZyWALL receives packets it examines the packets and determines how to bottom. ZyWALL USG 300 User's Guide 99 The following figure ...shows how the ZLD 2.20 firmware's routing table compares with these changes, you can override ...
User Guide
Page 100
... 2.20 the default WAN trunk is expected to be used for backwards compatibility with the earlier 2.1x firmware's NAT table.The checking flow is from other routing entries, the ZyWALL forwards it through the default WAN trunk. See Section 19.2.1 on page 379 for dynamic IPSec rules up... the ZLD 2.20 firmware's NAT table compares with earlier ZLD versions. 6.4.3 NAT Table Checking Flow The ZyWALL's NAT has been enhanced in through an internal interface, if it does not match any traffic that the outside clients to a range of the sections, the 100 ZyWALL USG 300 User's Guide Configure ...
... 2.20 the default WAN trunk is expected to be used for backwards compatibility with the earlier 2.1x firmware's NAT table.The checking flow is from other routing entries, the ZyWALL forwards it through the default WAN trunk. See Section 19.2.1 on page 379 for dynamic IPSec rules up... the ZLD 2.20 firmware's NAT table compares with earlier ZLD versions. 6.4.3 NAT Table Checking Flow The ZyWALL's NAT has been enhanced in through an internal interface, if it does not match any traffic that the outside clients to a range of the sections, the 100 ZyWALL USG 300 User's Guide Configure ...
User Guide
Page 115
Chapter 6 Configuration Basics Always use Maintenance > Shutdown > Shutdown or the shutdown command before you turn off the ZyWALL or remove the power. Not doing so can cause the firmware to become corrupt. MENU ITEM(S) Maintenance > Shutdown ZyWALL USG 300 User's Guide 115
Chapter 6 Configuration Basics Always use Maintenance > Shutdown > Shutdown or the shutdown command before you turn off the ZyWALL or remove the power. Not doing so can cause the firmware to become corrupt. MENU ITEM(S) Maintenance > Shutdown ZyWALL USG 300 User's Guide 115
User Guide
Page 228
... displays what percentage of the ZyWALL's recent CPU usage. Name This field displays the name of this ZyWALL. Model Name This field displays the model name of each interface. 228 ZyWALL USG 300 User's Guide Each physical port has one of ZyWALL's recent session usage. See ...Section 52.3 on page 826. MAC Address Range This field displays the MAC addresses used to a (more detailed) summary screen of the USB storage device's capacity is currently being used . Firmware...
... displays what percentage of the ZyWALL's recent CPU usage. Name This field displays the name of this ZyWALL. Model Name This field displays the model name of each interface. 228 ZyWALL USG 300 User's Guide Each physical port has one of ZyWALL's recent session usage. See ...Section 52.3 on page 826. MAC Address Range This field displays the MAC addresses used to a (more detailed) summary screen of the USB storage device's capacity is currently being used . Firmware...
User Guide
Page 231
... number of the anti-virus or IDP signatures (anti-virus and IDP). ZyWALL USG 300 User's Guide 231 This occurs when the ZyWALL starts for the first time or you intentionally reset the ZyWALL to the system default configuration file (system-default.conf). Virus ID This is... will expire. Chapter 9 Dashboard Table 22 Dashboard (continued) LABEL DESCRIPTION Boot Status This field displays details about the ZyWALL's startup state. A firmware update was unable to apply the startup-config.conf configuration file and fell back to the system default settings. Destination This...
... number of the anti-virus or IDP signatures (anti-virus and IDP). ZyWALL USG 300 User's Guide 231 This occurs when the ZyWALL starts for the first time or you intentionally reset the ZyWALL to the system default configuration file (system-default.conf). Virus ID This is... will expire. Chapter 9 Dashboard Table 22 Dashboard (continued) LABEL DESCRIPTION Boot Status This field displays details about the ZyWALL's startup state. A firmware update was unable to apply the startup-config.conf configuration file and fell back to the system default settings. Destination This...
User Guide
Page 290
Current Version Upgrading the ZyWALL to firmware version 2.11 and updating the antivirus signatures automatically upgrades the ZyXEL anti-virus engine to use ZyXEL's anti-virus Engine Type engine or the one powered by Kaspersky. Anti-Virus This field displays whether the ZyWALL is . You can also ... . Figure 264 Configuration > Licensing > Update >Anti-Virus The following table describes the labels in this set was released. 290 ZyWALL USG 300 User's Guide Signature Number Released Date This number gets larger as new signatures are added, so you should refer to display the ...
Current Version Upgrading the ZyWALL to firmware version 2.11 and updating the antivirus signatures automatically upgrades the ZyXEL anti-virus engine to use ZyXEL's anti-virus Engine Type engine or the one powered by Kaspersky. Anti-Virus This field displays whether the ZyWALL is . You can also ... . Figure 264 Configuration > Licensing > Update >Anti-Virus The following table describes the labels in this set was released. 290 ZyWALL USG 300 User's Guide Signature Number Released Date This number gets larger as new signatures are added, so you should refer to display the ...
User Guide
Page 590
...signatures. v2.0 has more virus signatures and offers improved nonexecutable file scan throughput. SMTP applies to its last-saved settings. 590 ZyWALL USG 300 User's Guide License Status This field displays whether a service is not activated. None displays when the service is activated (Licensed...set version number. Current Version Signature Number Released Date Update Signatures Apply Reset Upgrading the ZyWALL to firmware version 2.11 and updating the antivirus signatures automatically upgrades the ZyXEL anti-virus engine to traffic using TCP port 25. Click Apply to traffic using ...
...signatures. v2.0 has more virus signatures and offers improved nonexecutable file scan throughput. SMTP applies to its last-saved settings. 590 ZyWALL USG 300 User's Guide License Status This field displays whether a service is not activated. None displays when the service is activated (Licensed...set version number. Current Version Signature Number Released Date Update Signatures Apply Reset Upgrading the ZyWALL to firmware version 2.11 and updating the antivirus signatures automatically upgrades the ZyXEL anti-virus engine to traffic using TCP port 25. Click Apply to traffic using ...
User Guide
Page 593
...Black List ZyWALL USG 300 User's Guide 593 Chapter 33 Anti-Virus Table 154 Configuration > Anti-X > Anti-Virus > General > Add (continued) LABEL DESCRIPTION Destroy compressed files that could not be decompressed and deletes it is not able to display the screen shown next. Note: The ZyWALL's firmware package ...cannot go through the ZyWALL with the option enabled, so you download the firmware package. Use the Black List screen to have the ZyWALL delete any ZIP files that column's criteria. Click the ...
...Black List ZyWALL USG 300 User's Guide 593 Chapter 33 Anti-Virus Table 154 Configuration > Anti-X > Anti-Virus > General > Add (continued) LABEL DESCRIPTION Destroy compressed files that could not be decompressed and deletes it is not able to display the screen shown next. Note: The ZyWALL's firmware package ...cannot go through the ZyWALL with the option enabled, so you download the firmware package. Use the Black List screen to have the ZyWALL delete any ZIP files that column's criteria. Click the ...
User Guide
Page 637
... is in general effective against anomalies based on page 640) to a traffic direction. It operates at OSI layer-2 and layer-3. ZyWALL USG 300 User's Guide 637 CHAPTER 35 ADP 35.1 Overview This chapter introduces ADP (Anomaly Detection and Prevention), anomaly profiles and applying an ...as port scanning, sweeping or network flooding. ADP protects against abnormal behavior while IDP packet inspection signatures are updated when you upload new firmware. Requests for Comments) and abnormal flows such as port scans. 35.1.1 ADP and IDP Comparison 1 ADP anomaly detection is different from...
... is in general effective against anomalies based on page 640) to a traffic direction. It operates at OSI layer-2 and layer-3. ZyWALL USG 300 User's Guide 637 CHAPTER 35 ADP 35.1 Overview This chapter introduces ADP (Anomaly Detection and Prevention), anomaly profiles and applying an ...as port scanning, sweeping or network flooding. ADP protects against abnormal behavior while IDP packet inspection signatures are updated when you upload new firmware. Requests for Comments) and abnormal flows such as port scans. 35.1.1 ADP and IDP Comparison 1 ADP anomaly detection is different from...
User Guide
Page 638
See Table 172 on page 641 for more information. 638 ZyWALL USG 300 User's Guide see Chapter 17 on page 409 for details on these screens. 35.1.4 Before You Begin Configure the ZyWALL's zones - Base ADP Profiles Base ADP profiles are packets that do not comply with several base profiles....ADP profiles to traffic flowing from one zone to a traffic flow. Chapter 35 ADP Protocol Anomalies Protocol anomalies are templates that you upload new firmware. Finding Out More • See Section 6.5.21 on page 110 for ADP prerequisites • See Chapter 34 on page 601 for IDP information...
See Table 172 on page 641 for more information. 638 ZyWALL USG 300 User's Guide see Chapter 17 on page 409 for details on these screens. 35.1.4 Before You Begin Configure the ZyWALL's zones - Base ADP Profiles Base ADP profiles are packets that do not comply with several base profiles....ADP profiles to traffic flowing from one zone to a traffic flow. Chapter 35 ADP Protocol Anomalies Protocol anomalies are templates that you upload new firmware. Finding Out More • See Section 6.5.21 on page 110 for ADP prerequisites • See Chapter 34 on page 601 for IDP information...
User Guide
Page 645
... then go to the another profile screen (tab) in ascending or descending order according to the rule name. Threshold For flood detection you upload new firmware. 35.3.6 Protocol Anomaly Configuration In the Configuration > Anti-X > ADP > Profile screen, click the Edit icon or click the Add icon and choose ...set the number of the traffic anomaly rule. Action This is the third screen in the same page. Log These are the log options. ZyWALL USG 300 User's Guide 645 To edit this profile, make sure you made changes to other screens belonging to this , select an item and use...
... then go to the another profile screen (tab) in ascending or descending order according to the rule name. Threshold For flood detection you upload new firmware. 35.3.6 Protocol Anomaly Configuration In the Configuration > Anti-X > ADP > Profile screen, click the Edit icon or click the Add icon and choose ...set the number of the traffic anomaly rule. Action This is the third screen in the same page. Log These are the log options. ZyWALL USG 300 User's Guide 645 To edit this profile, make sure you made changes to other screens belonging to this , select an item and use...
User Guide
Page 710
... both subscribed. The management IP address should be set to use it with the master ZyWALL. • Synchronization includes updates for services to the same services. 710 ZyWALL USG 300 User's Guide For example, a backup subscribed to have device HA monitor. You can use the same ..., gets IDP/AppPatrol updates from the master, but not anti-virus updates. Note: Only ZyWALLs of complexity. Legacy mode configuration involves a greater degree of the same model and firmware version can configure a separate management IP address for each interface that you must all support and...
... both subscribed. The management IP address should be set to use it with the master ZyWALL. • Synchronization includes updates for services to the same services. 710 ZyWALL USG 300 User's Guide For example, a backup subscribed to have device HA monitor. You can use the same ..., gets IDP/AppPatrol updates from the master, but not anti-virus updates. Note: Only ZyWALLs of complexity. Legacy mode configuration involves a greater degree of the same model and firmware version can configure a separate management IP address for each interface that you must all support and...
User Guide
Page 785
.... This is almost full, you take this certificate. Remove The ZyWALL keeps all of your certificates. Object References You cannot delete certificates that you specifically delete them. Name This field displays the name used to identify this action. Uploading a new firmware or default configuration file does not delete your certificates unless you... LABEL DESCRIPTION PKI Storage Space in alphabetical order. Edit Double-click an entry or select it and click Edit to open the My Certificates screen. ZyWALL USG 300 User's Guide 785
.... This is almost full, you take this certificate. Remove The ZyWALL keeps all of your certificates. Object References You cannot delete certificates that you specifically delete them. Name This field displays the name used to identify this action. Uploading a new firmware or default configuration file does not delete your certificates unless you... LABEL DESCRIPTION PKI Storage Space in alphabetical order. Edit Double-click an entry or select it and click Edit to open the My Certificates screen. ZyWALL USG 300 User's Guide 785
User Guide
Page 795
Uploading a new firmware or default configuration file does not delete your certificates unless you take this action. The ZyWALL confirms you should consider deleting expired or unnecessary certificates before doing so. Figure 522 Configuration > Object > Certificate > Trusted...that was created when the PKCS #12 file was exported. When the storage space is signed by one when you specifically delete them. ZyWALL USG 300 User's Guide 795 Table 223 Configuration > Object > Certificate > Trusted Certificates LABEL DESCRIPTION PKI Storage Space in -depth list of information ...
Uploading a new firmware or default configuration file does not delete your certificates unless you take this action. The ZyWALL confirms you should consider deleting expired or unnecessary certificates before doing so. Figure 522 Configuration > Object > Certificate > Trusted...that was created when the PKCS #12 file was exported. When the storage space is signed by one when you specifically delete them. ZyWALL USG 300 User's Guide 795 Table 223 Configuration > Object > Certificate > Trusted Certificates LABEL DESCRIPTION PKI Storage Space in -depth list of information ...