User Guide
Page 3
...zyxel.com.tw if you cannot find specific information in the Web Configurator. How To Use This Guide • Read Chapter 1 on page 33 chapter for information on configuring each chapter carefully for detailed information on page 117 for people who want to want to configure the ZyWALL... Index, or search the PDF file. ZyWALL USG 300 User's Guide 3 Related Documentation •... used in the ZyWALL, what prerequisites are arranged by ...icons and menus in the ZyWALL Web Configurator. •...(CLI) to configure the ZyWALL. Note: It is intended for ZyWALL application examples. • ...
...zyxel.com.tw if you cannot find specific information in the Web Configurator. How To Use This Guide • Read Chapter 1 on page 33 chapter for information on configuring each chapter carefully for detailed information on page 117 for people who want to want to configure the ZyWALL... Index, or search the PDF file. ZyWALL USG 300 User's Guide 3 Related Documentation •... used in the ZyWALL, what prerequisites are arranged by ...icons and menus in the ZyWALL Web Configurator. •...(CLI) to configure the ZyWALL. Note: It is intended for ZyWALL application examples. • ...
User Guide
Page 5
Disclaimer Graphics in this book may differ slightly from the product due to differences in this manual is accurate. ZyWALL USG 300 User's Guide 5 Please have the following information ready when you contact an office. • Product model and serial number. • Warranty Information. ... to ensure that you received your device. Every effort has been made to solve it. About This User's Guide See http://www.zyxel.com/web/contact_us.php for your device. • Brief description of the problem and the steps you installed updated firmware/software for contact information....
Disclaimer Graphics in this book may differ slightly from the product due to differences in this manual is accurate. ZyWALL USG 300 User's Guide 5 Please have the following information ready when you contact an office. • Product model and serial number. • Warranty Information. ... to ensure that you received your device. Every effort has been made to solve it. About This User's Guide See http://www.zyxel.com/web/contact_us.php for your device. • Brief description of the problem and the steps you installed updated firmware/software for contact information....
User Guide
Page 20
....1.3 Before You Begin 478 25.2 The VPN Connection Screen 478 25.2.1 The VPN Connection Add/Edit (IKE) Screen 480 25.2.2 The VPN Connection Add/Edit Manual Key Screen 487 25.3 The VPN Gateway Screen 490 25.3.1 The VPN Gateway Add/Edit Screen 491 25.4 VPN Concentrator ...499 25.4.1 IPSec VPN Concentrator... Screens ...531 27.1 Overview ...531 27.1.1 What You Need to Know 531 27.2 Remote User Login ...532 27.3 The SSL VPN User Screens 537 20 ZyWALL USG 300 User's Guide
....1.3 Before You Begin 478 25.2 The VPN Connection Screen 478 25.2.1 The VPN Connection Add/Edit (IKE) Screen 480 25.2.2 The VPN Connection Add/Edit Manual Key Screen 487 25.3 The VPN Gateway Screen 490 25.3.1 The VPN Gateway Add/Edit Screen 491 25.4 VPN Concentrator ...499 25.4.1 IPSec VPN Concentrator... Screens ...531 27.1 Overview ...531 27.1.1 What You Need to Know 531 27.2 Remote User Login ...532 27.3 The SSL VPN User Screens 537 20 ZyWALL USG 300 User's Guide
User Guide
Page 37
...before you turn on the power A cold start . Table 3 Starting and Stopping the ZyWALL METHOD DESCRIPTION Turning on the power to its default values and then reboots. It does not turn off the power. ZyWALL USG 300 User's Guide 37 Using the RESET button If you may temporarily lose access to become.... It does not stop the system processes or write cached data to start and stop or start (without powering down and then manually turn off the power to shut down and powering up , checks the hardware, and starts the system processes. Chapter 1 Introducing the...
...before you turn on the power A cold start . Table 3 Starting and Stopping the ZyWALL METHOD DESCRIPTION Turning on the power to its default values and then reboots. It does not turn off the power. ZyWALL USG 300 User's Guide 37 Using the RESET button If you may temporarily lose access to become.... It does not stop the system processes or write cached data to start and stop or start (without powering down and then manually turn off the power to shut down and powering up , checks the hardware, and starts the system processes. Chapter 1 Introducing the...
User Guide
Page 247
... schedule data collection; Figure 235 Monitor > System Status > Traffic Statistics ZyWALL USG 300 User's Guide 247 This count may not be accurate in the Traffic Statistics screen. Chapter 10 Monitor 10.4 The Traffic Statistics Screen Click Monitor > System Status > Traffic Statistics to stop it manually in some cases because the ZyWALL counts HTTP GET packets.
... schedule data collection; Figure 235 Monitor > System Status > Traffic Statistics ZyWALL USG 300 User's Guide 247 This count may not be accurate in the Traffic Statistics screen. Chapter 10 Monitor 10.4 The Traffic Statistics Screen Click Monitor > System Status > Traffic Statistics to stop it manually in some cases because the ZyWALL counts HTTP GET packets.
User Guide
Page 259
the connected USB storage device was manually unmounted by using the USB storage device so you can remove it . no USB storage device is mounting the USB storage device. Removing - Click Monitor > ... Use the top of a USB storage device is unmounting the USB storage device. Detail none - Deactivated - the ZyWALL is connected. none - Click Use It to display. Mounting - Figure 243 Monitor > AppPatrol Statistics: General Setup ZyWALL USG 300 User's Guide 259 Unused - the use of the Monitor > AppPatrol Statistics screen to configure what to have...
the connected USB storage device was manually unmounted by using the USB storage device so you can remove it . no USB storage device is mounting the USB storage device. Removing - Click Monitor > ... Use the top of a USB storage device is unmounting the USB storage device. Detail none - Deactivated - the ZyWALL is connected. none - Click Use It to display. Mounting - Figure 243 Monitor > AppPatrol Statistics: General Setup ZyWALL USG 300 User's Guide 259 Unused - the use of the Monitor > AppPatrol Statistics screen to configure what to have...
User Guide
Page 265
...to specify any VPN connection or policy name starting with "abc". This field displays N/A if the IPSec SA uses manual keys. This field displays N/A if the IPSec SA uses manual keys. Algorithm This field displays the encryption and authentication algorithms used in the VPN connection or policy name vary. ...IPSec SA was established. For example, use a question mark or asterisk. There could be any number (of any type) of characters in between. ZyWALL USG 300 User's Guide 265 The IP addresses, not the address objects, are in front of a VPN connection or policy name has the...
...to specify any VPN connection or policy name starting with "abc". This field displays N/A if the IPSec SA uses manual keys. This field displays N/A if the IPSec SA uses manual keys. Algorithm This field displays the encryption and authentication algorithms used in the VPN connection or policy name vary. ...IPSec SA was established. For example, use a question mark or asterisk. There could be any number (of any type) of characters in between. ZyWALL USG 300 User's Guide 265 The IP addresses, not the address objects, are in front of a VPN connection or policy name has the...
User Guide
Page 274
Chapter 10 Monitor You can remove individual entries from the cache manually. Click the heading cell again to check whether a web site's category has been changed. Table 50 Anti-X > Content Filter > Cache LABEL DESCRIPTION URL Cache Entry ... the external content filtering database the next time someone tries to reload the list of a categorized web site address record. 274 ZyWALL USG 300 User's Guide Figure 257 Anti-X > Content Filter > Cache The following table describes the labels in this button to access that column's criteria. Remove Select one ...
Chapter 10 Monitor You can remove individual entries from the cache manually. Click the heading cell again to check whether a web site's category has been changed. Table 50 Anti-X > Content Filter > Cache LABEL DESCRIPTION URL Cache Entry ... the external content filtering database the next time someone tries to reload the list of a categorized web site address record. 274 ZyWALL USG 300 User's Guide Figure 257 Anti-X > Content Filter > Cache The following table describes the labels in this button to access that column's criteria. Remove Select one ...
User Guide
Page 304
...this interface. The ZyWALL automatically adds default route and SNAT settings for traffic it routes from this interface. External is for the interface. Interface Name Port Zone MAC Address Description IP Address Assignment Get Automatically For General, the rest of network you must manually configure a policy...screen's fields are described in the table below. These IP address fields configure an IP address on page 709. 304 ZyWALL USG 300 User's Guide If you change this button to display a greater or lesser number of the screen's options automatically adjust to WAN traffic.
...this interface. The ZyWALL automatically adds default route and SNAT settings for traffic it routes from this interface. External is for the interface. Interface Name Port Zone MAC Address Description IP Address Assignment Get Automatically For General, the rest of network you must manually configure a policy...screen's fields are described in the table below. These IP address fields configure an IP address on page 709. 304 ZyWALL USG 300 User's Guide If you change this button to display a greater or lesser number of the screen's options automatically adjust to WAN traffic.
User Guide
Page 305
...appears when Interface Properties is still available. If two or more gateways have the ZyWALL regularly ping the gateway you specify to specify the IP address, subnet mask, and gateway manually. Interface Parameters Egress Bandwidth Enter the maximum amount of traffic, in kilobits per ... to make sure it is External or General. The ZyWALL resumes routing to the gateway. Select this priority. Select tcp to have the ZyWALL regularly perform a TCP handshake with the gateway you specify to its destination. ZyWALL USG 300 User's Guide 305 Allowed values are 0 - 1048576....
...appears when Interface Properties is still available. If two or more gateways have the ZyWALL regularly ping the gateway you specify to specify the IP address, subnet mask, and gateway manually. Interface Parameters Egress Bandwidth Enter the maximum amount of traffic, in kilobits per ... to make sure it is External or General. The ZyWALL resumes routing to the gateway. Select this priority. Select tcp to have the ZyWALL regularly perform a TCP handshake with the gateway you specify to its destination. ZyWALL USG 300 User's Guide 305 Allowed values are 0 - 1048576....
User Guide
Page 307
... using. Enable Logs for the first address (network address), last address (broadcast address) and the interface's IP address. ZyWALL USG 300 User's Guide 307 This number must also be able to modify it has to the DHCP clients. In this interface. From ISP... case, the ZyWALL can assign every IP address allowed by the interface's Subnet Mask. Chapter 13 Interfaces Table 62 Configuration > Network > Interface > Ethernet > Edit (continued) LABEL DESCRIPTION Pool Size Enter the number of the computer names on another interface received from manually using the interface...
... using. Enable Logs for the first address (network address), last address (broadcast address) and the interface's IP address. ZyWALL USG 300 User's Guide 307 This number must also be able to modify it has to the DHCP clients. In this interface. From ISP... case, the ZyWALL can assign every IP address allowed by the interface's Subnet Mask. Chapter 13 Interfaces Table 62 Configuration > Network > Interface > Ethernet > Edit (continued) LABEL DESCRIPTION Pool Size Enter the number of the computer names on another interface received from manually using the interface...
User Guide
Page 309
...upload a different configuration file. Type the password for this interface. Have the interface use either the factory assigned default MAC address, a manually specified MAC address, or clone the MAC address of Internal or External. Overwrite Default MAC Address Select this screen without saving. 13.3.2 Object...Click OK to save your changes back to identify itself. The fields shown vary with an Interface Type of another device or computer. ZyWALL USG 300 User's Guide 309 The key can be part of alphanumeric characters and the underscore, and it can consist of a WAN trunk for...
...upload a different configuration file. Type the password for this interface. Have the interface use either the factory assigned default MAC address, a manually specified MAC address, or clone the MAC address of Internal or External. Overwrite Default MAC Address Select this screen without saving. 13.3.2 Object...Click OK to save your changes back to identify itself. The fields shown vary with an Interface Type of another device or computer. ZyWALL USG 300 User's Guide 309 The key can be part of alphanumeric characters and the underscore, and it can consist of a WAN trunk for...
User Guide
Page 312
...To disconnect an interface, select it and click Inactivate. You can modify the entry's settings. The ZyWALL confirms you can create (and delete) User Configuration PPP interfaces. Connect To connect an interface, select ...so. Object References Select an entry and click Object References to open a screen where you want to manually establish the connection for an example. # This field is described in testing the interface. See Section...Interface > PPP LABEL DESCRIPTION User Configuration / System Default The ZyWALL comes with any interface. 312 ZyWALL USG 300 User's Guide
...To disconnect an interface, select it and click Inactivate. You can modify the entry's settings. The ZyWALL confirms you can create (and delete) User Configuration PPP interfaces. Connect To connect an interface, select ...so. Object References Select an entry and click Object References to open a screen where you want to manually establish the connection for an example. # This field is described in testing the interface. See Section...Interface > PPP LABEL DESCRIPTION User Configuration / System Default The ZyWALL comes with any interface. 312 ZyWALL USG 300 User's Guide
User Guide
Page 315
...blank if the ISP account uses PPTP. Enter the priority of the gateway (the ISP) on this priority. The ZyWALL decides which this PPP interface is a DHCP client. ZyWALL USG 300 User's Guide 315 Note: Multiple PPP interfaces can be up all the time. Connectivity Nailed-Up Select this if ...lists ISP accounts by name. Dial-onDemand Select this interface. Clear this to enable this to specify the IP address manually. Use Create new Object if you want to have the same priority, the ZyWALL uses the one that this case, the DHCP server configures the IP address automatically.
...blank if the ISP account uses PPTP. Enter the priority of the gateway (the ISP) on this priority. The ZyWALL decides which this PPP interface is a DHCP client. ZyWALL USG 300 User's Guide 315 Note: Multiple PPP interfaces can be up all the time. Connectivity Nailed-Up Select this if ...lists ISP accounts by name. Dial-onDemand Select this interface. Clear this to enable this to specify the IP address manually. Use Create new Object if you want to have the same priority, the ZyWALL uses the one that this case, the DHCP server configures the IP address automatically.
User Guide
Page 316
...interface to the gateway. MTU Maximum Transmission Unit. Select tcp to have the ZyWALL regularly ping the gateway you specified to make sure it is a failure. Check Default Select this interface. 316 ZyWALL USG 300 User's Guide Policy Route Click Policy Route to go to a screen where.... Allowed values are 0 - 1048576. Related Setting Configure WAN TRUNK Click WAN TRUNK to go to the screen where you can manually configure a policy route to associate traffic with the gateway you specify to it into smaller fragments. You specify how often the interface...
...interface to the gateway. MTU Maximum Transmission Unit. Select tcp to have the ZyWALL regularly ping the gateway you specified to make sure it is a failure. Check Default Select this interface. 316 ZyWALL USG 300 User's Guide Policy Route Click Policy Route to go to a screen where.... Allowed values are 0 - 1048576. Related Setting Configure WAN TRUNK Click WAN TRUNK to go to the screen where you can manually configure a policy route to associate traffic with the gateway you specify to it into smaller fragments. You specify how often the interface...
User Guide
Page 319
... the pop-up window that displays, select the slot that this cellular interface is set to use this in testing the interface or to manually establish the connection. Disconnect To disconnect an interface, select it and click Remove. See Section 13.3.2 on an entry, select it and ... To change your changes back to open a screen where you want to remove it is a sequential value, and it before doing so. ZyWALL USG 300 User's Guide 319 Name Extension Slot Connected Device ISP Settings Apply Reset The connect icon is lit when the interface is disconnected. The following...
... the pop-up window that displays, select the slot that this cellular interface is set to use this in testing the interface or to manually establish the connection. Disconnect To disconnect an interface, select it and click Remove. See Section 13.3.2 on an entry, select it and ... To change your changes back to open a screen where you want to remove it is a sequential value, and it before doing so. ZyWALL USG 300 User's Guide 319 Name Extension Slot Connected Device ISP Settings Apply Reset The connect icon is lit when the interface is disconnected. The following...
User Guide
Page 321
...settings. Connectivity Nailed-Up Select this interface. Zero disables the idle timeout. Connections with a GSM or HSDPA 3G card. ZyWALL USG 300 User's Guide 321 Otherwise, it costs money to 63 ASCII printable characters. Then select the profile (use one in the... > Network > Interface > Cellular > Add LABEL DESCRIPTION Show Advance Settings / Hide Advance Settings Click this to have the ZyWALL to belong. Clear this button to manually input the APN (Access Point Name) provided by your device settings yourself. Idle timeout This value specifies the time in seconds...
...settings. Connectivity Nailed-Up Select this interface. Zero disables the idle timeout. Connections with a GSM or HSDPA 3G card. ZyWALL USG 300 User's Guide 321 Otherwise, it costs money to 63 ASCII printable characters. Then select the profile (use one in the... > Network > Interface > Cellular > Add LABEL DESCRIPTION Show Advance Settings / Hide Advance Settings Click this to have the ZyWALL to belong. Clear this button to manually input the APN (Access Point Name) provided by your device settings yourself. Idle timeout This value specifies the time in seconds...
User Guide
Page 324
...This field appears if you selected a 3G device that was configured first. Select auto to have this interface. Time Budget Note: The ZyWALL automatically uses whichever service provider's 3G network to an available network. The lower the number, the higher the priority. Enable Budget Control...may want to manually specify the type of network available to make sure the interface does not use based on the total traffic and/or call time. If you change the value after you configure and enable budget control, the ZyWALL resets the statistics. 324 ZyWALL USG 300 User's Guide...
...This field appears if you selected a 3G device that was configured first. Select auto to have this interface. Time Budget Note: The ZyWALL automatically uses whichever service provider's 3G network to an available network. The lower the number, the higher the priority. Enable Budget Control...may want to manually specify the type of network available to make sure the interface does not use based on the total traffic and/or call time. If you change the value after you configure and enable budget control, the ZyWALL resets the statistics. 324 ZyWALL USG 300 User's Guide...
User Guide
Page 338
Select Auth Method to be able to manually specify a RADIUS server's settings in dotted decimal notation. 338 ZyWALL USG 300 User's Guide TTLS Certificate Select an authentication method object that you can use TTLS authentication protocol and PAP inside the TTLS secure tunnel. This field displays if you have the ZyWALL check a user's user name and...
Select Auth Method to be able to manually specify a RADIUS server's settings in dotted decimal notation. 338 ZyWALL USG 300 User's Guide TTLS Certificate Select an authentication method object that you can use TTLS authentication protocol and PAP inside the TTLS secure tunnel. This field displays if you have the ZyWALL check a user's user name and...
User Guide
Page 346
... interface belongs. This field is read-only if you want to the gateway when it can configure on the same network as the interface. 346 ZyWALL USG 300 User's Guide Gateway Enter the subnet mask of VLANs you select Use Fixed IP Address. The subnet mask indicates what part of the IP address...
... interface belongs. This field is read-only if you want to the gateway when it can configure on the same network as the interface. 346 ZyWALL USG 300 User's Guide Gateway Enter the subnet mask of VLANs you select Use Fixed IP Address. The subnet mask indicates what part of the IP address...