User Manual
Page 7
Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons. ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL USG 50 User's Guide 7 The ZyWALL icon is not an exact representation of your device.
Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons. ZyWALL Computer Notebook computer Server Firewall Telephone Switch Router ZyWALL USG 50 User's Guide 7 The ZyWALL icon is not an exact representation of your device.
User Manual
Page 61
...8226; Gateway IP Address: Enter the IP address of a computer before you can access it , you must know the IP address of the router through which this interface and Internet connection will belong. • IP Address: Enter your ISP. • Zone: This is the security zone ... that will send traffic (the default gateway). • First / Second DNS Server: These fields display if you selected static IP address assignment. ZyWALL USG 50 User's Guide 61 Enter a DNS server's IP address(es). Figure 28 Internet Access: Ethernet Encapsulation • Encapsulation: This displays the type of...
...8226; Gateway IP Address: Enter the IP address of a computer before you can access it , you must know the IP address of the router through which this interface and Internet connection will belong. • IP Address: Enter your ISP. • Zone: This is the security zone ... that will send traffic (the default gateway). • First / Second DNS Server: These fields display if you selected static IP address assignment. ZyWALL USG 50 User's Guide 61 Enter a DNS server's IP address(es). Figure 28 Internet Access: Ethernet Encapsulation • Encapsulation: This displays the type of...
User Manual
Page 62
... 62 ZyWALL USG 50 User's Guide Your ZyWALL accepts CHAP only. • PAP - PPPoE uses a service name to 64 ASCII characters except the [] and ?. Use up to identify and reach the PPPoE server. Otherwise, type the Idle Timeout in seconds that elapses before the router automatically ...disconnects from your ISP. Select an authentication protocol for outgoing connection requests. Your ZyWALL accepts either CHAP or PAP when requested by the remote node. • CHAP -...
... 62 ZyWALL USG 50 User's Guide Your ZyWALL accepts CHAP only. • PAP - PPPoE uses a service name to 64 ASCII characters except the [] and ?. Use up to identify and reach the PPPoE server. Otherwise, type the Idle Timeout in seconds that elapses before the router automatically ...disconnects from your ISP. Select an authentication protocol for outgoing connection requests. Your ZyWALL accepts either CHAP or PAP when requested by the remote node. • CHAP -...
User Manual
Page 64
...For example, C:12 or N:My ISP. The Domain Name System (DNS) maps a domain name to configure DNS servers. 64 ZyWALL USG 50 User's Guide Your ZyWALL accepts MSCHAP-V2 only. • Type the User Name given to which this interface and Internet connection will belong. • IP...Timeout in the order you configure to resolve domain names for outgoing calls. It must know the IP address of a computer before the router automatically disconnects from the PPTP server. 4.1.5.1 PPTP Configuration • Base Interface: This identifies the Ethernet interface you specify here) to connect...
...For example, C:12 or N:My ISP. The Domain Name System (DNS) maps a domain name to configure DNS servers. 64 ZyWALL USG 50 User's Guide Your ZyWALL accepts MSCHAP-V2 only. • Type the User Name given to which this interface and Internet connection will belong. • IP...Timeout in the order you configure to resolve domain names for outgoing calls. It must know the IP address of a computer before the router automatically disconnects from the PPTP server. 4.1.5.1 PPTP Configuration • Base Interface: This identifies the Ethernet interface you specify here) to connect...
User Manual
Page 73
...ID or connection name in seconds that elapses before the router automatically disconnects from the PPPoE server. 0 means no timeout. ZyWALL USG 50 User's Guide 73 MSCHAP-V2 - Password Type the password associated with a modem or router. PPTP Configuration This section only appears if the interface ... an authentication protocol for confirmation. IP Address This field is optional and depends on the requirements of the PPTP server. Your ZyWALL accepts MSCHAP only. Server IP Type the IP address of your ISP (if given). This field can use alphanumeric and ...
...ID or connection name in seconds that elapses before the router automatically disconnects from the PPPoE server. 0 means no timeout. ZyWALL USG 50 User's Guide 73 MSCHAP-V2 - Password Type the password associated with a modem or router. PPTP Configuration This section only appears if the interface ... an authentication protocol for confirmation. IP Address This field is optional and depends on the requirements of the PPTP server. Your ZyWALL accepts MSCHAP only. Server IP Type the IP address of your ISP (if given). This field can use alphanumeric and ...
User Manual
Page 75
...idle before the router automatically disconnects from the PPPoE server. 0 means no timeout. Chapter 5 Quick Setup Table 12 Interface Wizard: Summary WAN LABEL DESCRIPTION User Name This is Static, these fields display the DNS server IP address(es). Figure 41 VPN Quick Setup Wizard ZyWALL USG 50 User's Guide...you specified a connection ID, it displays here. Click Next. Nailed-Up If No displays the connection will belong. Yes means the ZyWALL uses the idle timeout. Idle Timeout This is static or dynamic (Auto). Zone This field displays to open the VPN Setup Wizard Welcome screen...
...idle before the router automatically disconnects from the PPPoE server. 0 means no timeout. Chapter 5 Quick Setup Table 12 Interface Wizard: Summary WAN LABEL DESCRIPTION User Name This is Static, these fields display the DNS server IP address(es). Figure 41 VPN Quick Setup Wizard ZyWALL USG 50 User's Guide...you specified a connection ID, it displays here. Click Next. Nailed-Up If No displays the connection will belong. Yes means the ZyWALL uses the idle timeout. Idle Timeout This is static or dynamic (Auto). Zone This field displays to open the VPN Setup Wizard Welcome screen...
User Manual
Page 78
...for the chosen scenario. You can also specify a subnet. You can also specify a subnet. Both ends of a computer on the remote IPSec device. 78 ZyWALL USG 50 User's Guide Proceed a hexadecimal key with "0x". Configuration Figure 44 VPN Express Wizard: Step 3 • Secure Gateway: If Any displays in this field...IP/Mask): Type the IP address of the VPN tunnel must match the local IP address configured on your network. Use 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address. • Pre-Shared Key: Type the password. This must use the same password. If this field is ...
...for the chosen scenario. You can also specify a subnet. You can also specify a subnet. Both ends of a computer on the remote IPSec device. 78 ZyWALL USG 50 User's Guide Proceed a hexadecimal key with "0x". Configuration Figure 44 VPN Express Wizard: Step 3 • Secure Gateway: If Any displays in this field...IP/Mask): Type the IP address of the VPN tunnel must match the local IP address configured on your network. Use 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address. • Pre-Shared Key: Type the password. This must use the same password. If this field is ...
User Manual
Page 83
...down the IKE SA. • Authentication Method: Select Pre-Shared Key to use a password or Certificate to the remote IPSec device. ZyWALL USG 50 User's Guide 83 SHA-1 gives higher security. DH1 (default) refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number...8226; Authentication Algorithm: MD5 gives minimal security. DH2 refers to Diffie-Hellman Group 1 a 768 bit random number. As a result, 3DES is a NAT router between the IPSec devices). MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to Diffie-Hellman Group 5 a 1536 bit random ...
...down the IKE SA. • Authentication Method: Select Pre-Shared Key to use a password or Certificate to the remote IPSec device. ZyWALL USG 50 User's Guide 83 SHA-1 gives higher security. DH1 (default) refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number...8226; Authentication Algorithm: MD5 gives minimal security. DH2 refers to Diffie-Hellman Group 1 a 768 bit random number. As a result, 3DES is a NAT router between the IPSec devices). MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to Diffie-Hellman Group 5 a 1536 bit random ...
User Manual
Page 94
...Many 1 to 1) is also included in the NAT table. 3 NAT loopback is now included in one of the sections, the ZyWALL stops checking the packets against the NAT table and moves on to bandwidth management. See Section 12.2 on page 281 for more information... Main Routing Table: The default WAN trunk is from other routers through the default WAN trunk. Disabling the IPSec VPN feature's Use Policy Route to select which trunk the ZyWALL uses as the packets match an entry in the NAT table...any traffic that did not match any of requiring a separate policy route. 94 ZyWALL USG 50 User's Guide
...Many 1 to 1) is also included in the NAT table. 3 NAT loopback is now included in one of the sections, the ZyWALL stops checking the packets against the NAT table and moves on to bandwidth management. See Section 12.2 on page 281 for more information... Main Routing Table: The default WAN trunk is from other routers through the default WAN trunk. Disabling the IPSec VPN feature's Use Policy Route to select which trunk the ZyWALL uses as the packets match an entry in the NAT table...any traffic that did not match any of requiring a separate policy route. 94 ZyWALL USG 50 User's Guide
User Manual
Page 119
... and enter 2.2.2.2 in the Primary field. Figure 68 Configuration > VPN > IPSec VPN > VPN Gateway > Add ZyWALL USG 50 User's Guide 119 Create the VPN tunnel between ZyWALL X's LAN subnet (192.168.1.0/24) and the LAN subnet behind peer IPSec router Y (172.16.1.0/ 24). 7.4.1 Set Up the VPN Gateway The VPN gateway manages the IKE SA...
... and enter 2.2.2.2 in the Primary field. Figure 68 Configuration > VPN > IPSec VPN > VPN Gateway > Add ZyWALL USG 50 User's Guide 119 Create the VPN tunnel between ZyWALL X's LAN subnet (192.168.1.0/24) and the LAN subnet behind peer IPSec router Y (172.16.1.0/ 24). 7.4.1 Set Up the VPN Gateway The VPN gateway manages the IKE SA...
User Manual
Page 121
... the IPSec_VPN zone. To trigger the VPN, either try to establish the VPN tunnel. ZyWALL USG 50 User's Guide 121 Figure 70 Configuration > VPN > IPSec VPN > VPN Connection > Add 5 Now set up the VPN settings on the peer IPSec router's LAN or click Configuration > VPN > IPSec VPN > VPN Connection and use the VPN connection...
... the IPSec_VPN zone. To trigger the VPN, either try to establish the VPN tunnel. ZyWALL USG 50 User's Guide 121 Figure 70 Configuration > VPN > IPSec VPN > VPN Connection > Add 5 Now set up the VPN settings on the peer IPSec router's LAN or click Configuration > VPN > IPSec VPN > VPN Connection and use the VPN connection...
User Manual
Page 159
...second MAC address is disabled. Serial Number This field displays the serial number of each interface or device installed in one MAC address. ZyWALL USG 50 User's Guide 159 The Ethernet interface is assigned to the extension slot (or none if no device is detected). This field displays the...to physical port 2, and so on any physical ports associated with it is currently using. Click the icon to a chart of an active virtual router, this ZyWALL. Down - For cellular (3G) interfaces, see Section 11.5 on what type of this field displays the IP address it is . Speed /...
...second MAC address is disabled. Serial Number This field displays the serial number of each interface or device installed in one MAC address. ZyWALL USG 50 User's Guide 159 The Ethernet interface is assigned to the extension slot (or none if no device is detected). This field displays the...to physical port 2, and so on any physical ports associated with it is currently using. Click the icon to a chart of an active virtual router, this ZyWALL. Down - For cellular (3G) interfaces, see Section 11.5 on what type of this field displays the IP address it is . Speed /...
User Manual
Page 160
... Speed / Duplex - If the interface cannot use one of each extension slot. Action If this interface is a member of an active virtual router, this field displays the IP address it , its IP address, this field displays n/a. This field displays the name of interface statistics. # ...Disconnect icon to display icons. If the IP address is 0.0.0.0, the interface is detected). 160 ZyWALL USG 50 User's Guide Interface Status Summary If an Ethernet interface does not have the ZyWALL try to the interface. Hover your cursor over this field to get or to see Section...
... Speed / Duplex - If the interface cannot use one of each extension slot. Action If this interface is a member of an active virtual router, this field displays the IP address it , its IP address, this field displays n/a. This field displays the name of interface statistics. # ...Disconnect icon to display icons. If the IP address is 0.0.0.0, the interface is detected). 160 ZyWALL USG 50 User's Guide Interface Status Summary If an Ethernet interface does not have the ZyWALL try to the interface. Hover your cursor over this field to get or to see Section...
User Manual
Page 174
...The Ethernet interface is enabled and connected. If the VLAN or bridge interface is either the static IP address of each interface. 174 ZyWALL USG 50 User's Guide The PPP interface is connected. This field displays the zone to the network. This field lists which services the interface ...which the interface is currently using. Speed / Duplex - For cellular (3G) interfaces, see Section 9.9 on what type of an active virtual router, this interface is a member of interface it is disabled or did not receive an IP address and subnet mask via DHCP. The PPP interface...
...The Ethernet interface is enabled and connected. If the VLAN or bridge interface is either the static IP address of each interface. 174 ZyWALL USG 50 User's Guide The PPP interface is connected. This field displays the zone to the network. This field lists which services the interface ...which the interface is currently using. Speed / Duplex - For cellular (3G) interfaces, see Section 9.9 on what type of an active virtual router, this interface is a member of interface it is disabled or did not receive an IP address and subnet mask via DHCP. The PPP interface...
User Manual
Page 177
... when the Traffic Type is sending or receiving traffic. If the Direction is Ingress, a red bar is displayed. traffic is coming from the ZyWALL to discard all of bytes passes the byte count limit. Chapter 9 Monitor Table 29 Monitor > System Status > Traffic Statistics (continued) LABEL...service ports in this report is indicated in Table 30 on page 178. Click this record. traffic is coming into the router through the interface ZyWALL USG 50 User's Guide 177 This field displays the service and port in this button to display. This field indicates whether the ...
... when the Traffic Type is sending or receiving traffic. If the Direction is Ingress, a red bar is displayed. traffic is coming from the ZyWALL to discard all of bytes passes the byte count limit. Chapter 9 Monitor Table 29 Monitor > System Status > Traffic Statistics (continued) LABEL...service ports in this report is indicated in Table 30 on page 178. Click this record. traffic is coming into the router through the interface ZyWALL USG 50 User's Guide 177 This field displays the service and port in this button to display. This field indicates whether the ...
User Manual
Page 192
...IPSec SA was established. Policy This field displays the content of traffic that has gone through the IPSec SA from the remote IPSec router to find it (if it . Algorithm This field displays the encryption and authentication algorithms used in the following table. Outbound (Bytes...a sequential value, and it . You can use the arrows to display on page 192 for more details. See Section 9.11.1 on . 192 ZyWALL USG 50 User's Guide Total Connection This field displays the total number of entries. Page x of x This is the number of the page of entries currently...
...IPSec SA was established. Policy This field displays the content of traffic that has gone through the IPSec SA from the remote IPSec router to find it (if it . Algorithm This field displays the encryption and authentication algorithms used in the following table. Outbound (Bytes...a sequential value, and it . You can use the arrows to display on page 192 for more details. See Section 9.11.1 on . 192 ZyWALL USG 50 User's Guide Total Connection This field displays the total number of entries. Page x of x This is the number of the page of entries currently...
User Manual
Page 220
... new Ethernet interfaces nor can you can verify the gateway is available. Figure 152 Configuration > Network > Interface > Ethernet (USG 20W) 220 ZyWALL USG 50 User's Guide If an Ethernet interface does not have an IP address, subnet mask, and gateway used to control which physical... ports exchange routing information with other types of bandwidth and packet size. Use Ethernet interfaces to make routing decisions. However, the routers...
... new Ethernet interfaces nor can you can verify the gateway is available. Figure 152 Configuration > Network > Interface > Ethernet (USG 20W) 220 ZyWALL USG 50 User's Guide If an Ethernet interface does not have an IP address, subnet mask, and gateway used to control which physical... ports exchange routing information with other types of bandwidth and packet size. Use Ethernet interfaces to make routing decisions. However, the routers...
User Manual
Page 229
otherwise, the ZyWALL uses multicasting. Select None to stop forwarding OSPF routing information from the selected interface. As a result, this interface. To exchange OSPF routing information with peer border routers, you must use the same authentication method that they use the default ...authentication method in this interface only receives routing information. Choices are: Same-as-Area - ID MD5 Authentication Key This field is available if the Authentication is enabled. ZyWALL USG 50 User...
otherwise, the ZyWALL uses multicasting. Select None to stop forwarding OSPF routing information from the selected interface. As a result, this interface. To exchange OSPF routing information with peer border routers, you must use the same authentication method that they use the default ...authentication method in this interface only receives routing information. Choices are: Same-as-Area - ID MD5 Authentication Key This field is available if the Authentication is enabled. ZyWALL USG 50 User...
User Manual
Page 246
... to 99 in IEEE 802.1q. Enter a number from 1 to 65535 minutes) to the router. If you select Log or Log-alert you configure and enable budget control, the ZyWALL resets the statistics. The standard is exceeded. Figure 160 Example: Before VLAN A B C In... logical networks. OK Cancel Select None to not create a log when the ZyWALL takes this screen without saving. 11.6 VLAN Interfaces A Virtual Local Area Network (VLAN) divides a physical network into three VLANs. 246 ZyWALL USG 50 User's Guide Chapter 11 Interfaces Table 61 Configuration > Network > Interface > ...
... to 99 in IEEE 802.1q. Enter a number from 1 to 65535 minutes) to the router. If you select Log or Log-alert you configure and enable budget control, the ZyWALL resets the statistics. The standard is exceeded. Figure 160 Example: Before VLAN A B C In... logical networks. OK Cancel Select None to not create a log when the ZyWALL takes this screen without saving. 11.6 VLAN Interfaces A Virtual Local Area Network (VLAN) divides a physical network into three VLANs. 246 ZyWALL USG 50 User's Guide Chapter 11 Interfaces Table 61 Configuration > Network > Interface > ...
User Manual
Page 247
...-2 communication (data link layer, MAC addresses). ZyWALL USG 50 User's Guide 247 These rules are connected to smaller, more appropriately for each physical network. • Traffic between VLANs (or between a VLAN and another type of traffic: • Inside VLAN 2. • Between the router and VLAN 1. • Between the router and VLAN 2. If each computer has...
...-2 communication (data link layer, MAC addresses). ZyWALL USG 50 User's Guide 247 These rules are connected to smaller, more appropriately for each physical network. • Traffic between VLANs (or between a VLAN and another type of traffic: • Inside VLAN 2. • Between the router and VLAN 1. • Between the router and VLAN 2. If each computer has...