User Guide
Page 3
... that feature. • It is highly recommended you require. E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide, use the Contents Overview, the Table of features available on the ZyWALL. • Read Chapter 3 on page 47 for web browser requirements and... diagram and package contents list. • CLI Reference Guide The CLI Reference Guide explains how to use the Web Configurator to configure the ZyWALL. ZyWALL USG 300 User's Guide 3 How To Use This Guide • Read Chapter 1 on essential terms used in the Web Configurator. Read each chapter...
... that feature. • It is highly recommended you require. E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide, use the Contents Overview, the Table of features available on the ZyWALL. • Read Chapter 3 on page 47 for web browser requirements and... diagram and package contents list. • CLI Reference Guide The CLI Reference Guide explains how to use the Web Configurator to configure the ZyWALL. ZyWALL USG 300 User's Guide 3 How To Use This Guide • Read Chapter 1 on essential terms used in the Web Configurator. Read each chapter...
User Guide
Page 4
...is available at www.zyxel.com. • Download Library Search for the region in which you bought the device. 4 ZyWALL USG 300 User's Guide Read the Tech Doc Overview to find out how to use your product. • Knowledge Base If you have a specific question about ZyXEL products. • ...Forum This contains discussions on ZyXEL products. Need More Help? More help in...
...is available at www.zyxel.com. • Download Library Search for the region in which you bought the device. 4 ZyWALL USG 300 User's Guide Read the Tech Doc Overview to find out how to use your product. • Knowledge Base If you have a specific question about ZyXEL products. • ...Forum This contains discussions on ZyXEL products. Need More Help? More help in...
User Guide
Page 10
Contents Overview Content Filtering ...659 Content Filter Reports ...683 Anti-Spam ...691 Device HA ...709 User/Group ...731 Addresses ...747 Services ...753 Schedules ...759 AAA Server ...765 Authentication Method ...775 Certificates ...781 ISP Accounts ...803 SSL Application ...807 Endpoint Security ...815 System ...825 Log and Report ...877 File Manager ...893 Diagnostics ...905 Reboot ...915 Shutdown ...917 Troubleshooting ...919 Product Specifications ...939 10 ZyWALL USG 300 User's Guide
Contents Overview Content Filtering ...659 Content Filter Reports ...683 Anti-Spam ...691 Device HA ...709 User/Group ...731 Addresses ...747 Services ...753 Schedules ...759 AAA Server ...765 Authentication Method ...775 Certificates ...781 ISP Accounts ...803 SSL Application ...807 Endpoint Security ...815 System ...825 Log and Report ...877 File Manager ...893 Diagnostics ...905 Reboot ...915 Shutdown ...917 Troubleshooting ...919 Product Specifications ...939 10 ZyWALL USG 300 User's Guide
User Guide
Page 29
... Shutdown Screen ...917 Chapter 56 Troubleshooting...919 56.1 Resetting the ZyWALL ...936 56.2 Getting More Troubleshooting Help 937 Chapter 57 Product Specifications ...939 57.1 3G PCMCIA Card Installation 945 Appendix A Log ...Descriptions 947 Appendix B Common Services 1009 Appendix C Displaying Anti-Virus Alert Messages in Windows 1013 Appendix D Importing Certificates 1019 Appendix E Wireless LANs 1045 Appendix F Open Software Announcements 1061 Appendix G Legal Information 1119 Index...1123 ZyWALL USG 300...
... Shutdown Screen ...917 Chapter 56 Troubleshooting...919 56.1 Resetting the ZyWALL ...936 56.2 Getting More Troubleshooting Help 937 Chapter 57 Product Specifications ...939 57.1 3G PCMCIA Card Installation 945 Appendix A Log ...Descriptions 947 Appendix B Common Services 1009 Appendix C Displaying Anti-Virus Alert Messages in Windows 1013 Appendix D Importing Certificates 1019 Appendix E Wireless LANs 1045 Appendix F Open Software Announcements 1061 Appendix G Legal Information 1119 Index...1123 ZyWALL USG 300...
User Guide
Page 65
See the feature-specific chapters in the upper right corner to display or hide the help. • Click Go to Dashboard to skip the installation setup wizard or click Next to start configuring for background information. ZyWALL USG 300 User's Guide 65 Figure 28 Installation Setup Wizard • Click the double arrow in this User...
See the feature-specific chapters in the upper right corner to display or hide the help. • Click Go to Dashboard to skip the installation setup wizard or click Next to start configuring for background information. ZyWALL USG 300 User's Guide 65 Figure 28 Installation Setup Wizard • Click the double arrow in this User...
User Guide
Page 75
... Quick Setup screen. This chapter provides information on page 82. ZyWALL USG 300 User's Guide 75 See Section 5.2 on page 76. • VPN SETUP Use VPN SETUP to configure a VPN (Virtual Private Network) tunnel for background information. See the feature-specific chapters in the ZyWALL if you configure Internet and VPN connection settings. CHAPTER 5 Quick...
... Quick Setup screen. This chapter provides information on page 82. ZyWALL USG 300 User's Guide 75 See Section 5.2 on page 76. • VPN SETUP Use VPN SETUP to configure a VPN (Virtual Private Network) tunnel for background information. See the feature-specific chapters in the ZyWALL if you configure Internet and VPN connection settings. CHAPTER 5 Quick...
User Guide
Page 94
... Interfaces (Ethernet, VLAN,...) Interfaces are configured and which configuration settings reference specific objects. 6.2 Zones, Interfaces, and Physical Ports Zones (groups of zones, interfaces, and physical ports in configuring other features. 94 ZyWALL USG 300 User's Guide Use the Object Reference screen (Section 3.3.3.3 on page 112..., antivirus, and application patrol. Use interfaces in a screen that use interfaces and zones in the ZyWALL. Chapter 6 Configuration Basics objects whenever the interface's IP address settings change an Ethernet interface's IP address, the...
... Interfaces (Ethernet, VLAN,...) Interfaces are configured and which configuration settings reference specific objects. 6.2 Zones, Interfaces, and Physical Ports Zones (groups of zones, interfaces, and physical ports in configuring other features. 94 ZyWALL USG 300 User's Guide Use the Object Reference screen (Section 3.3.3.3 on page 112..., antivirus, and application patrol. Use interfaces in a screen that use interfaces and zones in the ZyWALL. Chapter 6 Configuration Basics objects whenever the interface's IP address settings change an Ethernet interface's IP address, the...
User Guide
Page 107
...ZyWALL USG 300 User's Guide 107 You can configure firewall rules based on the ZyWALL. You can also configure the firewall to control who can also specify additional signaling port numbers. Configure to log in a different screen. To-ZyWALL firewall rules control access to go through NAT on schedules, specific...) checking to make sure users' computers comply with defined corporate policies before they can authenticate users (require them to -ZyWALL firewall rules for NAT (DNAT) and policy routes (SNAT). By default, the firewall only allows management connections from which...
...ZyWALL USG 300 User's Guide 107 You can configure firewall rules based on the ZyWALL. You can also configure the firewall to control who can also specify additional signaling port numbers. Configure to log in a different screen. To-ZyWALL firewall rules control access to go through NAT on schedules, specific...) checking to make sure users' computers comply with defined corporate policies before they can authenticate users (require them to -ZyWALL firewall rules for NAT (DNAT) and policy routes (SNAT). By default, the firewall only allows management connections from which...
User Guide
Page 110
...to detect and take action on malicious or suspicious packets. You must have already subscribed to the content filter service. 110 ZyWALL USG 300 User's Guide Chapter 6 Configuration Basics Note: With this example, Bob would have to log in order to use the category...-X > ADP PREREQUISITES Zones 6.5.22 Content Filter Use content filtering to block or allow access to use anti-virus. You must subscribe to specific categories of the wizards. MENU ITEM(S) Configuration > Anti-X > Content Filter PREREQUISITES Registration, addresses (source), schedules, users, user groups Example...
...to detect and take action on malicious or suspicious packets. You must have already subscribed to the content filter service. 110 ZyWALL USG 300 User's Guide Chapter 6 Configuration Basics Note: With this example, Bob would have to log in order to use the category...-X > ADP PREREQUISITES Zones 6.5.22 Content Filter Use content filtering to block or allow access to use anti-virus. You must subscribe to specific categories of the wizards. MENU ITEM(S) Configuration > Anti-X > Content Filter PREREQUISITES Registration, addresses (source), schedules, users, user groups Example...
User Guide
Page 113
...ZyWALL through an external serial modem connected to the AUX port. MENU ITEM(S) Object > User/Group PREREQUISITES Addresses, address groups, schedules. ZyWALL USG 300... User's Guide 113 ext-group-user External group user account. Use Language to configure prerequisites first. MENU ITEM(S) Configuration > System > DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in to the ZyWALL before the ZyWALL...the ZyWALL. If you want to force users to log in Mgmt, Vantage CNM, Language To-ZyWALL firewall,...). Use Host Name to manage the ZyWALL from which addresses (address objects) the...
...ZyWALL through an external serial modem connected to the AUX port. MENU ITEM(S) Object > User/Group PREREQUISITES Addresses, address groups, schedules. ZyWALL USG 300... User's Guide 113 ext-group-user External group user account. Use Language to configure prerequisites first. MENU ITEM(S) Configuration > System > DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in to the ZyWALL before the ZyWALL...the ZyWALL. If you want to force users to log in Mgmt, Vantage CNM, Language To-ZyWALL firewall,...). Use Host Name to manage the ZyWALL from which addresses (address objects) the...
User Guide
Page 118
Figure 61 Configuration > Network > Interface > Ethernet > Edit ge2 7.1.2 Configure Zones Do the following to assign the ZyWALL's ge2 interface a static IP address of 1.2.3.4. Click Configuration > Network > Interface > Ethernet and double-click the ge2 interface's entry. ... Ethernet Interface, Port Grouping, and Zone Configuration Example 7.1.1 Configure a WAN Ethernet Interface You need to create a VPN zone. 118 ZyWALL USG 300 User's Guide Chapter 7 Tutorials • You want to be able to apply security settings specifically for all VPN tunnels so you create a new VPN zone.
Figure 61 Configuration > Network > Interface > Ethernet > Edit ge2 7.1.2 Configure Zones Do the following to assign the ZyWALL's ge2 interface a static IP address of 1.2.3.4. Click Configuration > Network > Interface > Ethernet and double-click the ge2 interface's entry. ... Ethernet Interface, Port Grouping, and Zone Configuration Example 7.1.1 Configure a WAN Ethernet Interface You need to create a VPN zone. 118 ZyWALL USG 300 User's Guide Chapter 7 Tutorials • You want to be able to apply security settings specifically for all VPN tunnels so you create a new VPN zone.
User Guide
Page 146
.... • Your firewall rules can configure many policies and security settings for specific users or groups of the hub-and-spoke networks with which the spoke is not set to block intra-zone traffic. • The ZyNOS based ZyWALLs don't have user-configured policy routes so the only way to have a VPN... 100K No Sales (Debbie) Yes 100K Yes (M-F, 08:30~18:00) Boss (Andy) Yes 100K Yes LAN-TO-DMZ ACCESS Yes No Yes Yes 146 ZyWALL USG 300 User's Guide See Bandwidth Management on page 561 for more than one separate VPN rule for another spoke router to go through the VPN tunnel...
.... • Your firewall rules can configure many policies and security settings for specific users or groups of the hub-and-spoke networks with which the spoke is not set to block intra-zone traffic. • The ZyNOS based ZyWALLs don't have user-configured policy routes so the only way to have a VPN... 100K No Sales (Debbie) Yes 100K Yes (M-F, 08:30~18:00) Boss (Andy) Yes 100K Yes LAN-TO-DMZ ACCESS Yes No Yes Yes 146 ZyWALL USG 300 User's Guide See Bandwidth Management on page 561 for more than one separate VPN rule for another spoke router to go through the VPN tunnel...
User Guide
Page 155
... to have the RADIUS server authenticate groups of slight changes in the configuration to access the DMZ. ZyWALL USG 300 User's Guide 155 If the RADIUS server has different user groups distinguished by the value of a specific attribute, you can configure the make a couple of user accounts defined in the RADIUS server. Chapter 7 Tutorials...
... to have the RADIUS server authenticate groups of slight changes in the configuration to access the DMZ. ZyWALL USG 300 User's Guide 155 If the RADIUS server has different user groups distinguished by the value of a specific attribute, you can configure the make a couple of user accounts defined in the RADIUS server. Chapter 7 Tutorials...
User Guide
Page 157
... endpoint security to make sure that users' computers meet specific security requirements before they are allowed to have Kaspersky Internet security or anti-virus software on the group identifier values. Set up the remaining groups of user accounts in the RADIUS server. ZyWALL USG 300 User's Guide 157 Figure 115 Configuration > Object > User/Group...
... endpoint security to make sure that users' computers meet specific security requirements before they are allowed to have Kaspersky Internet security or anti-virus software on the group identifier values. Set up the remaining groups of user accounts in the RADIUS server. ZyWALL USG 300 User's Guide 157 Figure 115 Configuration > Object > User/Group...
User Guide
Page 213
... Policy Properties: IP Filter List > Add 14 Configure the following in the Name field. Figure 208 Filter Properties: Addressing 172 . 16 . 1 . 2 ZyWALL USG 300 User's Guide 213 Select A specific IP Address in the IP Address field. Select My IP Address in the Source address drop-down list box and type the... ZyWALL's WAN IP address (172.16.1.2 in this example) in the Destination address drop-down list box. Also match packets with the ...
... Policy Properties: IP Filter List > Add 14 Configure the following in the Name field. Figure 208 Filter Properties: Addressing 172 . 16 . 1 . 2 ZyWALL USG 300 User's Guide 213 Select A specific IP Address in the IP Address field. Select My IP Address in the Source address drop-down list box and type the... ZyWALL's WAN IP address (172.16.1.2 in this example) in the Destination address drop-down list box. Also match packets with the ...
User Guide
Page 225
The dashboard displays general device information, system status, system resource usage, licensed service status, and ZyWALL USG 300 User's Guide 225 You can also display other status screens for more information. • Use the VPN status screen (see Section 9.2.1 ... of the users currently logged into the ZyWALL. 9.2 The Dashboard Screen The Dashboard screen displays when you log into the ZyWALL or click Dashboard in this Chapter Use the Dashboard screens for specific MAC addresses. • Use the Current Users screen (see the ZyWALL's general device information, system status, system...
The dashboard displays general device information, system status, system resource usage, licensed service status, and ZyWALL USG 300 User's Guide 225 You can also display other status screens for more information. • Use the VPN status screen (see Section 9.2.1 ... of the users currently logged into the ZyWALL. 9.2 The Dashboard Screen The Dashboard screen displays when you log into the ZyWALL or click Dashboard in this Chapter Use the Dashboard screens for specific MAC addresses. • Use the Current Users screen (see the ZyWALL's general device information, system status, system...
User Guide
Page 230
... to look at the VPN tunnels that can appear. The status for the ZyWALL to use one of users currently logged in to look at the IP addresses currently assigned to update the IP address for specific MAC addresses. The ZyWALL is unable to mount a USB storage device connected to the extension slot... been running since it last restarted or was turned on page 731. See Section 9.2.5 on page 236. 230 ZyWALL USG 300 User's Guide See Section 9.2.6 on page 235. This section displays extension card slot and USB port status. DHCP Table Click this field to get or ...
... to look at the VPN tunnels that can appear. The status for the ZyWALL to use one of users currently logged in to look at the IP addresses currently assigned to update the IP address for specific MAC addresses. The ZyWALL is unable to mount a USB storage device connected to the extension slot... been running since it last restarted or was turned on page 731. See Section 9.2.5 on page 236. 230 ZyWALL USG 300 User's Guide See Section 9.2.6 on page 235. This section displays extension card slot and USB port status. DHCP Table Click this field to get or ...
User Guide
Page 232
...right away. 232 ZyWALL USG 300 User's Guide Table 23 Dashboard > CPU Usage LABEL DESCRIPTION The y-axis represents the percentage of intrusions. See Table 164 on page 612 for more information. Chapter 9 Dashboard Table 22 Dashboard (continued) LABEL DESCRIPTION Signature Name The signature name identifies a specific intrusion pattern. ...Occurrence This is the level of the ZyWALL's recent CPU usage.
...right away. 232 ZyWALL USG 300 User's Guide Table 23 Dashboard > CPU Usage LABEL DESCRIPTION The y-axis represents the percentage of intrusions. See Table 164 on page 612 for more information. Chapter 9 Dashboard Table 22 Dashboard (continued) LABEL DESCRIPTION Signature Name The signature name identifies a specific intrusion pattern. ...Occurrence This is the level of the ZyWALL's recent CPU usage.
User Guide
Page 235
... Table Screen Use this screen to look at the IP addresses currently assigned to DHCP clients and the IP addresses reserved for specific MAC addresses. Figure 230 Dashboard > DHCP Table ZyWALL USG 300 User's Guide 235 Algorithm This field displays the encryption and authentication algorithms used in the dashboard. Refresh Interval Select how often...
... Table Screen Use this screen to look at the IP addresses currently assigned to DHCP clients and the IP addresses reserved for specific MAC addresses. Figure 230 Dashboard > DHCP Table ZyWALL USG 300 User's Guide 235 Algorithm This field displays the encryption and authentication algorithms used in the dashboard. Refresh Interval Select how often...
User Guide
Page 236
... these from the DHCP client requests. To access this screen, click the dashboard's Number of the users currently logged into the ZyWALL. IP Address This field displays the IP address currently assigned to look at a list of Login Users icon. Click the heading... Number of Login Users Screen Use this entry is a static DHCP entry. Figure 231 Dashboard > Number of Login Users 236 ZyWALL USG 300 User's Guide "None" shows here for a specific MAC address. To create a static DHCP entry using an existing dynamic DHCP entry, select this screen. Host Name This field displays...
... these from the DHCP client requests. To access this screen, click the dashboard's Number of the users currently logged into the ZyWALL. IP Address This field displays the IP address currently assigned to look at a list of Login Users icon. Click the heading... Number of Login Users Screen Use this entry is a static DHCP entry. Figure 231 Dashboard > Number of Login Users 236 ZyWALL USG 300 User's Guide "None" shows here for a specific MAC address. To create a static DHCP entry using an existing dynamic DHCP entry, select this screen. Host Name This field displays...