User Guide
Page 15
... 177 7.15.1 Before You Start ...178 7.15.2 Configure Device HA on the Master ZyWALL 179 7.15.3 Configure the Backup ZyWALL 181 7.15.4 Deploy the Backup ZyWALL 183 7.15.5 Check Your Device HA Setup 183 Chapter 8 L2TP VPN Example ...185 8.1 L2TP VPN Example ...185 8.2 Configuring the Default L2TP VPN Gateway Example 185 8.3 Configuring the Default L2TP VPN Connection Example 187... You Can Do in this Chapter 239 10.2 The Port Statistics Screen 240 10.2.1 The Port Statistics Graph Screen 242 10.3 Interface Status Screen 243 ZyWALL USG 300 User's Guide 15
... 177 7.15.1 Before You Start ...178 7.15.2 Configure Device HA on the Master ZyWALL 179 7.15.3 Configure the Backup ZyWALL 181 7.15.4 Deploy the Backup ZyWALL 183 7.15.5 Check Your Device HA Setup 183 Chapter 8 L2TP VPN Example ...185 8.1 L2TP VPN Example ...185 8.2 Configuring the Default L2TP VPN Gateway Example 185 8.3 Configuring the Default L2TP VPN Connection Example 187... You Can Do in this Chapter 239 10.2 The Port Statistics Screen 240 10.2.1 The Port Statistics Graph Screen 242 10.3 Interface Status Screen 243 ZyWALL USG 300 User's Guide 15
User Guide
Page 39
.... • An auxiliary (backup) Internet connection. • A backup ZyWALL in the ZyWALL. You can add interfaces and VPN tunnels to zones. You can create your own custom zones. The rest of the following: • Multiple WAN ports and configure load balancing between two sites ...security settings are made by zone, not by interface, port, or network. ZyWALL USG 300 User's Guide 39 CHAPTER 2 Features and Applications This chapter introduces the main features and applications of the ZyWALL. It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP...
.... • An auxiliary (backup) Internet connection. • A backup ZyWALL in the ZyWALL. You can add interfaces and VPN tunnels to zones. You can create your own custom zones. The rest of the following: • Multiple WAN ports and configure load balancing between two sites ...security settings are made by zone, not by interface, port, or network. ZyWALL USG 300 User's Guide 39 CHAPTER 2 Features and Applications This chapter introduces the main features and applications of the ZyWALL. It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP...
User Guide
Page 95
... (PPPoE or PPTP). ISP accounts are the foundation for example. The ZyWALL automatically adds or removes the tags as a backup WAN interface, for defining other interfaces and network policies. Chapter 6 Configuration Basics 6.2.1 Interface Types There are three types: virtual Ethernet interfaces (also...create a software connection between physical ports at the layer-2 (data link, MAC address) level. You also configure RIP and OSPF in the ZyWALL. ZyWALL USG 300 User's Guide 95 It is directly connected to being used as needed. The auxiliary interface controls the AUX port....
... (PPPoE or PPTP). ISP accounts are the foundation for example. The ZyWALL automatically adds or removes the tags as a backup WAN interface, for defining other interfaces and network policies. Chapter 6 Configuration Basics 6.2.1 Interface Types There are three types: virtual Ethernet interfaces (also...create a software connection between physical ports at the layer-2 (data link, MAC address) level. You also configure RIP and OSPF in the ZyWALL. ZyWALL USG 300 User's Guide 95 It is directly connected to being used as needed. The auxiliary interface controls the AUX port....
User Guide
Page 111
ZyWALL USG 300 User's Guide 111 Click the Add icon to go to the content filter general configuration screen. 9 Enable the content filter. 10 Add a policy that uses the schedule, the filtering profile and the user that you can configure a category-based profile. 4 Name the profile and... Zones 6.5.24 Device HA To increase network reliability, device HA lets a backup ZyWALL automatically take action on page 117. Chapter 6 Configuration Basics 1 Create a user account for Bill if you have not done so already (Configuration > Object > User/Group). 2 Create a schedule for matched web sites...
ZyWALL USG 300 User's Guide 111 Click the Add icon to go to the content filter general configuration screen. 9 Enable the content filter. 10 Add a policy that uses the schedule, the filtering profile and the user that you can configure a category-based profile. 4 Name the profile and... Zones 6.5.24 Device HA To increase network reliability, device HA lets a backup ZyWALL automatically take action on page 117. Chapter 6 Configuration Basics 1 Create a user account for Bill if you have not done so already (Configuration > Object > User/Group). 2 Create a schedule for matched web sites...
User Guide
Page 177
... the Source Network Address Translation to -WAN-Range. ZyWALL B automatically takes over all of using device HA (High Availability) to backup ZyWALL A (the master) with ZyWALL B. ZyWALL USG 300 User's Guide 177 This example uses LAN-to Public-IPs and click OK. Click Configuration > Network > Routing > Add. Figure 143 Configuring the Policy Route 7.15 How to LAN traffic. Chapter...
... the Source Network Address Translation to -WAN-Range. ZyWALL B automatically takes over all of using device HA (High Availability) to backup ZyWALL A (the master) with ZyWALL B. ZyWALL USG 300 User's Guide 177 This example uses LAN-to Public-IPs and click OK. Click Configuration > Network > Routing > Add. Figure 143 Configuring the Policy Route 7.15 How to LAN traffic. Chapter...
User Guide
Page 178
...168.1.5 B 7.15.1 Before You Start ZyWALL A should already be configured. Chapter 7 Tutorials An Ethernet switch connects both its ge1 and ge2 interfaces connected), it (in Section 7.15.3 on page 183). 178 ZyWALL USG 300 User's Guide If ZyWALL A recovers (has both ZyWALLs' ge1 interfaces to B later (in Section...interface. Figure 144 Device HA: Master Fails and Backup Takes Over LAN 192.168.1.1 A 1.1.1.1 B 192.168.1.1 1.1.1.1 Each ZyWALL's ge1 interface also has a separate management IP address that stays the same whether the ZyWALL functions as the master and takes over all of...
...168.1.5 B 7.15.1 Before You Start ZyWALL A should already be configured. Chapter 7 Tutorials An Ethernet switch connects both its ge1 and ge2 interfaces connected), it (in Section 7.15.3 on page 183). 178 ZyWALL USG 300 User's Guide If ZyWALL A recovers (has both ZyWALLs' ge1 interfaces to B later (in Section...interface. Figure 144 Device HA: Master Fails and Backup Takes Over LAN 192.168.1.1 A 1.1.1.1 B 192.168.1.1 1.1.1.1 Each ZyWALL's ge1 interface also has a separate management IP address that stays the same whether the ZyWALL functions as the master and takes over all of...
User Guide
Page 181
... HA > Active-Passive Mode > Edit: Backup ZyWALL Example ZyWALL USG 300 User's Guide 181 Connect ZyWALL B to the Internet and subscribe it to the same subscription services (like content filtering and anti-virus) to ZyWALL B's ge1 interface and log into its Web Configurator. Click OK. Chapter 7 Tutorials 7.15.3 Configure the Backup ZyWALL 1 Connect a computer to which ZyWALL A is subscribed. Click ge1's Edit...
... HA > Active-Passive Mode > Edit: Backup ZyWALL Example ZyWALL USG 300 User's Guide 181 Connect ZyWALL B to the Internet and subscribe it to the same subscription services (like content filtering and anti-virus) to ZyWALL B's ge1 interface and log into its Web Configurator. Click OK. Chapter 7 Tutorials 7.15.3 Configure the Backup ZyWALL 1 Connect a computer to which ZyWALL A is subscribed. Click ge1's Edit...
User Guide
Page 182
Select Auto Synchronize and set the Interval to Backup. Figure 151 Configuration > Device HA > General: Master ZyWALL Example 182 ZyWALL USG 300 User's Guide Chapter 7 Tutorials 4 Set the Device Role to 60. Set the Synchronization Server Address to 192.168.1.1, the Port to 21, and the Password to "mySyncPassword". Activate monitoring for the ge1 and ge2 interfaces. Click Apply. Figure 150 Configuration > Device HA > Active-Passive Mode: Backup ZyWALL Example 5 Click the General tab. Turn on device HA and click Apply.
Select Auto Synchronize and set the Interval to Backup. Figure 151 Configuration > Device HA > General: Master ZyWALL Example 182 ZyWALL USG 300 User's Guide Chapter 7 Tutorials 4 Set the Device Role to 60. Set the Synchronization Server Address to 192.168.1.1, the Port to 21, and the Password to "mySyncPassword". Activate monitoring for the ge1 and ge2 interfaces. Click Apply. Figure 150 Configuration > Device HA > Active-Passive Mode: Backup ZyWALL Example 5 Click the General tab. Turn on device HA and click Apply.
User Guide
Page 183
... > Configuration File screen to your connections and device HA configuration. You can compare. 2 To test your device HA configuration, disconnect ZyWALL A's ge1 or ge2 interface. Congratulations! ZyWALL USG 300 User's Guide 183 Connect ZyWALL B's ge2 interface to access the Internet. If ZyWALL A ... of the ZyWALLs' configuration files that you have configured device HA for Internet access. Now that you can log into ZyWALL B's management IP address (192.168.1.5) and check the configuration. Chapter 7 Tutorials 7.15.4 Deploy the Backup ZyWALL Connect ZyWALL B's ge1 interface...
... > Configuration File screen to your connections and device HA configuration. You can compare. 2 To test your device HA configuration, disconnect ZyWALL A's ge1 or ge2 interface. Congratulations! ZyWALL USG 300 User's Guide 183 Connect ZyWALL B's ge2 interface to access the Internet. If ZyWALL A ... of the ZyWALLs' configuration files that you have configured device HA for Internet access. Now that you can log into ZyWALL B's management IP address (192.168.1.5) and check the configuration. Chapter 7 Tutorials 7.15.4 Deploy the Backup ZyWALL Connect ZyWALL B's ge1 interface...
User Guide
Page 205
ZyWALL USG 300 User's Guide 205 You can go back to make sure your registry. Figure 190 ZyWALL-L2TP Status: Details 19 Access a server or other network resource behind the ZyWALL to using pre-shared keys by default. Use the following procedures to edit the registry and then configure the computer ... the Registry Editor 2 Click Registry > Export Registry File and save a backup copy of your access works. 8.5.3 Configuring L2TP in Windows 2000 Windows 2000 does not support using this backup if you specified on the ZyWALL (192.168.10.10-192.168.10.20). Chapter 8 L2TP VPN Example...
ZyWALL USG 300 User's Guide 205 You can go back to make sure your registry. Figure 190 ZyWALL-L2TP Status: Details 19 Access a server or other network resource behind the ZyWALL to using pre-shared keys by default. Use the following procedures to edit the registry and then configure the computer ... the Registry Editor 2 Click Registry > Export Registry File and save a backup copy of your access works. 8.5.3 Configuring L2TP in Windows 2000 Windows 2000 does not support using this backup if you specified on the ZyWALL (192.168.10.10-192.168.10.20). Chapter 8 L2TP VPN Example...
User Guide
Page 296
...configured in the ZyWALL. • Port groups create a hardware connection between Ethernet or VLAN interfaces at the layer2 (data link, MAC address) level. • Ethernet interfaces are for 3G WAN connections via a connected 3G device. • Virtual interfaces provide additional routing information in the ZyWALL. The auxiliary interface controls the AUX port. 296 ZyWALL USG 300...interfaces. • Cellular interfaces are the foundation for example. The ZyWALL automatically adds or removes the tags as a backup WAN interface, for defining other interfaces and network policies. You ...
...configured in the ZyWALL. • Port groups create a hardware connection between Ethernet or VLAN interfaces at the layer2 (data link, MAC address) level. • Ethernet interfaces are for 3G WAN connections via a connected 3G device. • Virtual interfaces provide additional routing information in the ZyWALL. The auxiliary interface controls the AUX port. 296 ZyWALL USG 300...interfaces. • Cellular interfaces are the foundation for example. The ZyWALL automatically adds or removes the tags as a backup WAN interface, for defining other interfaces and network policies. You ...
User Guide
Page 308
...Section 16.3 on page 396 for a Designated Router (DR) or Backup Designated Router (BDR). Select None to help identify this static DHCP entry. disable authentication Text - Chapter 13 Interfaces Table 62 Configuration > Network > Interface > Ethernet > Edit (continued) LABEL DESCRIPTION ... packets through this interface. Priority Enter the priority (between 1 and 65,535) to send RIP-2 packets using MD5 encryption 308 ZyWALL USG 300 User's Guide Choices are 1, 2, and 1 and 2. To exchange OSPF routing information with this interface. Area Select the area ...
...Section 16.3 on page 396 for a Designated Router (DR) or Backup Designated Router (BDR). Select None to help identify this static DHCP entry. disable authentication Text - Chapter 13 Interfaces Table 62 Configuration > Network > Interface > Ethernet > Edit (continued) LABEL DESCRIPTION ... packets through this interface. Priority Enter the priority (between 1 and 65,535) to send RIP-2 packets using MD5 encryption 308 ZyWALL USG 300 User's Guide Choices are 1, 2, and 1 and 2. To exchange OSPF routing information with this interface. Area Select the area ...
User Guide
Page 334
... and 2. ID MD5 Authentication Key This field is available if the Authentication is looking for a Designated Router (DR) or Backup Designated Router (BDR). Passive Interface Select this to eight characters long. Type the password for receiving RIP packets. Receive Version ...to 16 characters long. 334 ZyWALL USG 300 User's Guide Select the RIP version(s) used for Authentication MD5 authentication. Select this to zero if the interface can be up to route packets through this interface belongs. Chapter 13 Interfaces Table 71 Configuration > Network > Interface > ...
... and 2. ID MD5 Authentication Key This field is available if the Authentication is looking for a Designated Router (DR) or Backup Designated Router (BDR). Passive Interface Select this to eight characters long. Type the password for receiving RIP packets. Receive Version ...to 16 characters long. 334 ZyWALL USG 300 User's Guide Select the RIP version(s) used for Authentication MD5 authentication. Select this to zero if the interface can be up to route packets through this interface belongs. Chapter 13 Interfaces Table 71 Configuration > Network > Interface > ...
User Guide
Page 350
...only receives routing information. The password can consist of a WAN trunk for a Designated Router (DR) or Backup Designated Router (BDR). Related Setting Configure WAN TRUNK Click WAN TRUNK to go to the screen where you must use the same authentication method that ... OK Click OK to save your changes back to the ZyWALL. Area Select the area in this screen without saving. 350 ZyWALL USG 300 User's Guide To exchange OSPF routing information with this interface belongs. Chapter 13 Interfaces Table 77 Configuration > Network > Interface > VLAN > Edit (continued)...
...only receives routing information. The password can consist of a WAN trunk for a Designated Router (DR) or Backup Designated Router (BDR). Related Setting Configure WAN TRUNK Click WAN TRUNK to go to the screen where you must use the same authentication method that ... OK Click OK to save your changes back to the ZyWALL. Area Select the area in this screen without saving. 350 ZyWALL USG 300 User's Guide To exchange OSPF routing information with this interface belongs. Chapter 13 Interfaces Table 77 Configuration > Network > Interface > VLAN > Edit (continued)...
User Guide
Page 360
...backup WAN interface. The ZyWALL uses the auxiliary interface to dial out in two situations. 1 You click the Connect icon on the ZyWALL Status screen. 2 The load auxiliary interface must connect to dial out from the ZyWALL's auxiliary port. You have to connect an external modem to the ZyWALL's auxiliary port to configure the ZyWALL...'s auxiliary interface. When the ZyWALL hangs up the call, it . 360 ZyWALL USG 300 User's Guide Chapter 13 ...
...backup WAN interface. The ZyWALL uses the auxiliary interface to dial out in two situations. 1 You click the Connect icon on the ZyWALL Status screen. 2 The load auxiliary interface must connect to dial out from the ZyWALL's auxiliary port. You have to connect an external modem to the ZyWALL's auxiliary port to configure the ZyWALL...'s auxiliary interface. When the ZyWALL hangs up the call, it . 360 ZyWALL USG 300 User's Guide Chapter 13 ...
User Guide
Page 415
... to save your changes to use for the domain name. The IP address comes from interface - Apply Reset custom - ZyWALL USG 300 User's Guide 415 The ZyWALL uses the backup interface and IP address when the primary interface is disabled, its link is down or its last-saved settings. This field... interface to use for updating the IP address mapped to the domain name followed by how the ZyWALL determines the IP address for the domain name. Chapter 18 DDNS Table 105 Configuration > Network > DDNS (continued) LABEL DESCRIPTION Primary Interface/IP This field displays the interface to ...
... to save your changes to use for the domain name. The IP address comes from interface - Apply Reset custom - ZyWALL USG 300 User's Guide 415 The ZyWALL uses the backup interface and IP address when the primary interface is disabled, its link is down or its last-saved settings. This field... interface to use for updating the IP address mapped to the domain name followed by how the ZyWALL determines the IP address for the domain name. Chapter 18 DDNS Table 105 Configuration > Network > DDNS (continued) LABEL DESCRIPTION Primary Interface/IP This field displays the interface to ...
User Guide
Page 417
...ZyWALL uses the Backup Binding Address if the interface specified by the Primary Binding Interface settings is an HTTP proxy server between the ZyWALL and the DDNS server. You may not determine the proper IP address if there is not available. Chapter 18 DDNS Table 106 Configuration...Type the domain name you select a specific interface in this user name is mapped to use a backup address. Interface Select the interface to your domain name. This option appears when you registered. If ... the interface to the DDNS server. ZyWALL USG 300 User's Guide 417
...ZyWALL uses the Backup Binding Address if the interface specified by the Primary Binding Interface settings is an HTTP proxy server between the ZyWALL and the DDNS server. You may not determine the proper IP address if there is not available. Chapter 18 DDNS Table 106 Configuration...Type the domain name you select a specific interface in this user name is mapped to use a backup address. Interface Select the interface to your domain name. This option appears when you registered. If ... the interface to the DDNS server. ZyWALL USG 300 User's Guide 417
User Guide
Page 418
.... Click OK to save your mail server here. Chapter 18 DDNS Table 106 Configuration > Network > DDNS > Add (continued) LABEL DESCRIPTION IP Address The options available in the Backup Binding Address Interface field. Enable the wildcard feature to alias subdomains to be able... to use for example, www.yourhost.dyndns.org and still reach your mail server is useful if you can route e-mail for your (dynamic) domain name. With this screen without saving. 418 ZyWALL USG 300...
.... Click OK to save your mail server here. Chapter 18 DDNS Table 106 Configuration > Network > DDNS > Add (continued) LABEL DESCRIPTION IP Address The options available in the Backup Binding Address Interface field. Enable the wildcard feature to alias subdomains to be able... to use for example, www.yourhost.dyndns.org and still reach your mail server is useful if you can route e-mail for your (dynamic) domain name. With this screen without saving. 418 ZyWALL USG 300...
User Guide
Page 467
...: Allowing asymmetrical routes may not go directly to put the ZyWALL and the backup gateway on the network (not reset the connection). This causes the ZyWALL to activate the firewall. Figure 348 Configuration > Firewall The following table describes the labels in the same subnet as the connection has not been acknowledged. ZyWALL USG 300 User's Guide 467
...: Allowing asymmetrical routes may not go directly to put the ZyWALL and the backup gateway on the network (not reset the connection). This causes the ZyWALL to activate the firewall. Figure 348 Configuration > Firewall The following table describes the labels in the same subnet as the connection has not been acknowledged. ZyWALL USG 300 User's Guide 467
User Guide
Page 896
The backup configuration file will be useful in case you back up file. If there are no errors, the ZyWALL uses it and copies it to your computer and upload configuration files from your previous settings. If there isn't a lastgood.conf configuration file or it is highly recommended ...change the way the startup-config.conf file is a startup-config.conf, the ZyWALL checks it . The ZyWALL still generates a log for errors and applies it for any errors in progress. ZyWALL USG 300 User's Guide Configuration File Flow at Restart • If there is not a startup-config.conf ...
The backup configuration file will be useful in case you back up file. If there are no errors, the ZyWALL uses it and copies it to your computer and upload configuration files from your previous settings. If there isn't a lastgood.conf configuration file or it is highly recommended ...change the way the startup-config.conf file is a startup-config.conf, the ZyWALL checks it . The ZyWALL still generates a log for errors and applies it for any errors in progress. ZyWALL USG 300 User's Guide Configuration File Flow at Restart • If there is not a startup-config.conf ...