User Manual
Page 9
Contents Overview Contents Overview User's Guide ...29 Introducing the ZyWALL ...31 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...109 Technical Reference ...155 Dashboard ...157 Monitor ...169 Registration ...IPSec VPN ...375 SSL VPN ...411 SSL User Screens ...421 SSL User Application Screens 431 ZyWALL SecuExtender ...433 Application Patrol ...437 Anti-Virus ...463 IDP ...479 ADP ...513 Content Filtering ...533 Content Filter Reports ...557 Anti-Spam ...565 User/Group ...583 ZyWALL USG 50 User...
Contents Overview Contents Overview User's Guide ...29 Introducing the ZyWALL ...31 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...109 Technical Reference ...155 Dashboard ...157 Monitor ...169 Registration ...IPSec VPN ...375 SSL VPN ...411 SSL User Screens ...421 SSL User Application Screens 431 ZyWALL SecuExtender ...433 Application Patrol ...437 Anti-Virus ...463 IDP ...479 ADP ...513 Content Filtering ...533 Content Filter Reports ...557 Anti-Spam ...565 User/Group ...583 ZyWALL USG 50 User...
User Manual
Page 11
... of Contents...11 Part I: User's Guide 29 Chapter 1 Introducing the ZyWALL ...31 1.1 Overview and Key Default Settings 31 1.2 Rack-mounted Installation 32...ZyWALL 35 Chapter 2 Features and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...40 2.2.2 SSL VPN Network Access 40 2.2.3 User-Aware Access Control 42 2.2.4 Multiple WAN Interfaces 42 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...45 3.3.2 Navigation Panel ...47 ZyWALL USG 50...
... of Contents...11 Part I: User's Guide 29 Chapter 1 Introducing the ZyWALL ...31 1.1 Overview and Key Default Settings 31 1.2 Rack-mounted Installation 32...ZyWALL 35 Chapter 2 Features and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...40 2.2.2 SSL VPN Network Access 40 2.2.3 User-Aware Access Control 42 2.2.4 Multiple WAN Interfaces 42 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...45 3.3.2 Navigation Panel ...47 ZyWALL USG 50...
User Manual
Page 12
... Interface Wizard: Summary 74 5.3 VPN Quick Setup ...75 5.4 VPN Setup Wizard: Wizard Type 76 5.5 VPN Express Wizard - Summary 79 5.5.3 VPN Express Wizard - Finish 86 Chapter 6 Configuration Basics...87 6.1 Object-based Configuration 87 6.2 Zones, Interfaces, and Physical Ports 88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 89 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50 User's Guide Table of Contents...
... Interface Wizard: Summary 74 5.3 VPN Quick Setup ...75 5.4 VPN Setup Wizard: Wizard Type 76 5.5 VPN Express Wizard - Summary 79 5.5.3 VPN Express Wizard - Finish 86 Chapter 6 Configuration Basics...87 6.1 Object-based Configuration 87 6.2 Zones, Interfaces, and Physical Ports 88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 89 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50 User's Guide Table of Contents...
User Manual
Page 13
...99 6.5.11 HTTP Redirect ...99 6.5.12 ALG ...100 6.5.13 Auth. Policy ...100 6.5.14 Firewall ...101 6.5.15 IPSec VPN ...102 6.5.16 SSL VPN ...102 6.5.17 Application Patrol 102 6.5.18 Anti-Virus ...103 6.5.19 IDP ...103 6.5.20 ADP ...103 6.5.21 Content ... Shutdown ...108 Chapter 7 Tutorials ...109 7.1 How to Configure Interfaces, Port Roles, and Zones 109 7.1.1 Configure a WAN Ethernet Interface 110 7.1.2 Configure Port Roles 111 7.1.3 Configure the DMZ Interface for a Local Network 111 7.1.4 Configure Zones ...112 7.2 How to Configure a Cellular Interface 113 ZyWALL USG 50 User's Guide 13
...99 6.5.11 HTTP Redirect ...99 6.5.12 ALG ...100 6.5.13 Auth. Policy ...100 6.5.14 Firewall ...101 6.5.15 IPSec VPN ...102 6.5.16 SSL VPN ...102 6.5.17 Application Patrol 102 6.5.18 Anti-Virus ...103 6.5.19 IDP ...103 6.5.20 ADP ...103 6.5.21 Content ... Shutdown ...108 Chapter 7 Tutorials ...109 7.1 How to Configure Interfaces, Port Roles, and Zones 109 7.1.1 Configure a WAN Ethernet Interface 110 7.1.2 Configure Port Roles 111 7.1.3 Configure the DMZ Interface for a Local Network 111 7.1.4 Configure Zones ...112 7.2 How to Configure a Cellular Interface 113 ZyWALL USG 50 User's Guide 13
User Manual
Page 14
...7.3.1 Set Up Available Bandwidth on Ethernet Interfaces 115 7.3.2 Configure the WAN Trunk 116 7.4 How to Set Up an IPSec VPN Tunnel 118 7.4.1 Set Up the VPN Gateway 119 7.4.2 Set Up the VPN Connection 120 7.4.3 Configure Security Policies for the VPN Tunnel 121 7.5 How to Configure User-aware Access Control 122 7.5.1 Set Up User Accounts...Multiple Static Public WAN IP Addresses for LAN to WAN Traffic 152 7.12.1 Create the Public IP Address Range Object 152 7.12.2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
...7.3.1 Set Up Available Bandwidth on Ethernet Interfaces 115 7.3.2 Configure the WAN Trunk 116 7.4 How to Set Up an IPSec VPN Tunnel 118 7.4.1 Set Up the VPN Gateway 119 7.4.2 Set Up the VPN Connection 120 7.4.3 Configure Security Policies for the VPN Tunnel 121 7.5 How to Configure User-aware Access Control 122 7.5.1 Set Up User Accounts...Multiple Static Public WAN IP Addresses for LAN to WAN Traffic 152 7.12.1 Create the Public IP Address Range Object 152 7.12.2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
User Manual
Page 31
...many other powerful features. The ZyWALL's security features include VPN, firewall, anti-virus, content filtering, IDP (Intrusion Detection and Prevention), ADP (Anomaly Detection and Protection), and certificates. Flexible configuration helps you set up the...ZyWALL lets you set up multiple networks for reliable, secure service. In addition, the ZyWALL provides excellent throughput, making it an ideal solution for your company. CHAPTER 1 Introducing the ZyWALL This chapter gives an overview of the ZyWALL's features. The ZyWALL also provides two separate LAN networks. ZyWALL USG 50...
...many other powerful features. The ZyWALL's security features include VPN, firewall, anti-virus, content filtering, IDP (Intrusion Detection and Prevention), ADP (Anomaly Detection and Protection), and certificates. Flexible configuration helps you set up the...ZyWALL lets you set up multiple networks for reliable, secure service. In addition, the ZyWALL provides excellent throughput, making it an ideal solution for your company. CHAPTER 1 Introducing the ZyWALL This chapter gives an overview of the ZyWALL's features. The ZyWALL also provides two separate LAN networks. ZyWALL USG 50...
User Manual
Page 37
... not by interface, port, or network. The ZyWALL also offers hub-and-spoke IPSec VPN. ZyWALL USG 50 User's Guide 37 You can add interfaces and VPN tunnels to provide secure communication between these ports. ...ZyWALL. 2.1 Features The ZyWALL's security features include VPN, firewall, anti-virus, content filtering, IDP (Intrusion Detection and Prevention), ADP (Anomaly Detection and Protection), and certificates. High Availability To ensure the ZyWALL provides reliable, secure Internet access, set up and to set up one or more of the following: • Multiple WAN ports and configure...
... not by interface, port, or network. The ZyWALL also offers hub-and-spoke IPSec VPN. ZyWALL USG 50 User's Guide 37 You can add interfaces and VPN tunnels to provide secure communication between these ports. ...ZyWALL. 2.1 Features The ZyWALL's security features include VPN, firewall, anti-virus, content filtering, IDP (Intrusion Detection and Prevention), ADP (Anomaly Detection and Protection), and certificates. High Availability To ensure the ZyWALL provides reliable, secure Internet access, set up and to set up one or more of the following: • Multiple WAN ports and configure...
User Manual
Page 40
You can configure the ZyWALL to provide SSL VPN network access to remote users. 40 ZyWALL USG 50 User's Guide Figure 5 Applications: VPN Connectivity 2.2.2 SSL VPN Network Access You can also set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to your network. Chapter 2 Features and Applications 2.2.1 VPN Connectivity Set up additional connections to the Internet to provide better service.
You can configure the ZyWALL to provide SSL VPN network access to remote users. 40 ZyWALL USG 50 User's Guide Figure 5 Applications: VPN Connectivity 2.2.2 SSL VPN Network Access You can also set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to your network. Chapter 2 Features and Applications 2.2.1 VPN Connectivity Set up additional connections to the Internet to provide better service.
User Manual
Page 48
... statistics Cache Manage the ZyWALL's URL cache. Table 7 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION Quick Setup Quickly configure WAN interfaces or VPN connections. SSL Lists users currently logged into the VPN SSL client portal. VPN Monitor IPSec Displays and manages...immediately or by a schedule. Signature Update Anti-Virus Update anti-virus signatures immediately or by a schedule. Network 48 ZyWALL USG 50 User's Guide Service View the licensed service status and upgrade licensed services. You can also log out individual users and ...
... statistics Cache Manage the ZyWALL's URL cache. Table 7 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION Quick Setup Quickly configure WAN interfaces or VPN connections. SSL Lists users currently logged into the VPN SSL client portal. VPN Monitor IPSec Displays and manages...immediately or by a schedule. Signature Update Anti-Virus Update anti-virus signatures immediately or by a schedule. Network 48 ZyWALL USG 50 User's Guide Service View the licensed service status and upgrade licensed services. You can also log out individual users and ...
User Manual
Page 49
... virtual links. Session Limit Limit the number of interfaces) for devices connected to set the ZyWALL's flexible ports as LAN1 or DMZ. ZyWALL USG 50 User's Guide 49 Exempt List Configure ranges of IP addresses to force user authentication. VPN IPSec VPN VPN Connection Configure IPSec tunnels. Ethernet Manage Ethernet interfaces and virtual Ethernet interfaces. VLAN Create and manage...
... virtual links. Session Limit Limit the number of interfaces) for devices connected to set the ZyWALL's flexible ports as LAN1 or DMZ. ZyWALL USG 50 User's Guide 49 Exempt List Configure ranges of IP addresses to force user authentication. VPN IPSec VPN VPN Connection Configure IPSec tunnels. Ethernet Manage Ethernet interfaces and virtual Ethernet interfaces. VLAN Create and manage...
User Manual
Page 61
... it. The following fields display if you selected static IP address assignment. • IP Subnet Mask: Enter the subnet mask for VPN, DDNS and the time server. The Domain Name System (DNS) maps a domain name to which this interface and Internet connection will...First / Second DNS Server: These fields display if you are configuring. • First WAN Interface: This is the number of Internet connection you selected static IP address assignment. The ZyWALL uses these (in the previous screen. ZyWALL USG 50 User's Guide 61 Figure 28 Internet Access: Ethernet Encapsulation •...
... it. The following fields display if you selected static IP address assignment. • IP Subnet Mask: Enter the subnet mask for VPN, DDNS and the time server. The Domain Name System (DNS) maps a domain name to which this interface and Internet connection will...First / Second DNS Server: These fields display if you are configuring. • First WAN Interface: This is the number of Internet connection you selected static IP address assignment. The ZyWALL uses these (in the previous screen. ZyWALL USG 50 User's Guide 61 Figure 28 Internet Access: Ethernet Encapsulation •...
User Manual
Page 63
... know the IP address of a machine in the order you specify here) to you selected Auto as given to resolve domain names for VPN, DDNS and the time server. If you selected static IP address assignment. Auto displays if you by your (static) public IP address...8226; First / Second DNS Server: These fields display if you do not want to configure DNS servers. The ZyWALL uses these (in order to an IP address and vice versa. Figure 30 Internet Access: PPTP Encapsulation ZyWALL USG 50 User's Guide 63 Chapter 4 Installation Setup Wizard 4.1.3.2 WAN IP Address Assignments • ...
... know the IP address of a machine in the order you specify here) to you selected Auto as given to resolve domain names for VPN, DDNS and the time server. If you selected static IP address assignment. Auto displays if you by your (static) public IP address...8226; First / Second DNS Server: These fields display if you do not want to configure DNS servers. The ZyWALL uses these (in order to an IP address and vice versa. Figure 30 Internet Access: PPTP Encapsulation ZyWALL USG 50 User's Guide 63 Chapter 4 Installation Setup Wizard 4.1.3.2 WAN IP Address Assignments • ...
User Manual
Page 64
...ZyWALL...configure DNS servers. 64 ZyWALL USG 50 User's Guide The ZyWALL... Your ZyWALL accepts ... Your ZyWALL accepts MSCHAP only. ... ZyWALL accepts PAP only. • MSCHAP - Your ZyWALL... accepts MSCHAP-V2 only. • Type the User Name given to 64 ASCII characters except the [] and ?. This field is the connection type on the requirements of a computer before the router automatically disconnects from the PPTP server. 4.1.5.1 PPTP Configuration... • Base Interface: This identifies the Ethernet interface you configure...configuring to an IP address...
...ZyWALL...configure DNS servers. 64 ZyWALL USG 50 User's Guide The ZyWALL... Your ZyWALL accepts ... Your ZyWALL accepts MSCHAP only. ... ZyWALL accepts PAP only. • MSCHAP - Your ZyWALL... accepts MSCHAP-V2 only. • Type the User Name given to 64 ASCII characters except the [] and ?. This field is the connection type on the requirements of a computer before the router automatically disconnects from the PPTP server. 4.1.5.1 PPTP Configuration... • Base Interface: This identifies the Ethernet interface you configure...configuring to an IP address...
User Manual
Page 69
...open a wizard to open the first Quick Setup screen. This wizard creates matching ISP account settings in the ZyWALL if you configure Internet and VPN connection settings. Figure 34 Quick Setup • WAN Interface Click this User's Guide for a secure connection .... See Section 5.2 on page 70. • VPN SETUP Use VPN SETUP to configure a VPN (Virtual Private Network) tunnel for background information. See the feature-specific chapters in the Web Configurator. This chapter provides information on page 76. ZyWALL USG 50 User's Guide 69 CHAPTER 5 Quick Setup 5.1 Quick...
...open a wizard to open the first Quick Setup screen. This wizard creates matching ISP account settings in the ZyWALL if you configure Internet and VPN connection settings. Figure 34 Quick Setup • WAN Interface Click this User's Guide for a secure connection .... See Section 5.2 on page 70. • VPN SETUP Use VPN SETUP to configure a VPN (Virtual Private Network) tunnel for background information. See the feature-specific chapters in the Web Configurator. This chapter provides information on page 76. ZyWALL USG 50 User's Guide 69 CHAPTER 5 Quick Setup 5.1 Quick...
User Manual
Page 74
...specified in this interface uses to connect to the Internet. Leave the field as 0.0.0.0 if you do not configure a DNS server, you specify here) to resolve domain names for VPN, DDNS and the time server. Chapter 5 Quick Setup Table 11 WAN and ISP Connection Settings (continued)...configure DNS servers. Server IP This field only appears for a PPPoE interface. Click Back to return to continue. 5.2.5 Quick Setup Interface Wizard: Summary This screen displays the WAN interface's settings. If you can access it , you must know the IP address of the PPTP server. 74 ZyWALL USG 50...
...specified in this interface uses to connect to the Internet. Leave the field as 0.0.0.0 if you do not configure a DNS server, you specify here) to resolve domain names for VPN, DDNS and the time server. Chapter 5 Quick Setup Table 11 WAN and ISP Connection Settings (continued)...configure DNS servers. Server IP This field only appears for a PPPoE interface. Click Back to return to continue. 5.2.5 Quick Setup Interface Wizard: Summary This screen displays the WAN interface's settings. If you can access it , you must know the IP address of the PPTP server. 74 ZyWALL USG 50...
User Manual
Page 75
...41 VPN Quick Setup Wizard ZyWALL USG 50 User's Guide 75 Yes means the ZyWALL uses the idle timeout. IP Address Assignment This field displays whether the WAN IP address is Static, these fields display the DNS server IP address(es). WAN Interface This identifies the interface you configure to ... interface and Internet connection will not time out. Second DNS Server Close Click Close to exit the wizard. 5.3 VPN Quick Setup Click VPN Setup in configuring more VPN connections or other features. Nailed-Up If No displays the connection will belong. First DNS Server If the IP ...
...41 VPN Quick Setup Wizard ZyWALL USG 50 User's Guide 75 Yes means the ZyWALL uses the idle timeout. IP Address Assignment This field displays whether the WAN IP address is Static, these fields display the DNS server IP address(es). WAN Interface This identifies the interface you configure to ... interface and Internet connection will not time out. Second DNS Server Close Click Close to exit the wizard. 5.3 VPN Quick Setup Click VPN Setup in configuring more VPN connections or other features. Nailed-Up If No displays the connection will belong. First DNS Server If the IP ...
User Manual
Page 118
Figure 67 VPN Example LAN LAN 118 1.2.3.4 192.168.1.0/24 2.2.2.2 172.16.1.0/24 ZyWALL USG 50 User's Guide Chapter 7 Tutorials 3 Select the trunk as the default trunk and click Apply. Figure 66 Configuration > Network > Interface > Trunk 7.4 How to Set Up an IPSec VPN Tunnel This example shows how to use the IPSec VPN configuration screens to create the following VPN tunnel, see Section 5.4 on page 76 for details on the VPN quick setup wizard.
Figure 67 VPN Example LAN LAN 118 1.2.3.4 192.168.1.0/24 2.2.2.2 172.16.1.0/24 ZyWALL USG 50 User's Guide Chapter 7 Tutorials 3 Select the trunk as the default trunk and click Apply. Figure 66 Configuration > Network > Interface > Trunk 7.4 How to Set Up an IPSec VPN Tunnel This example shows how to use the IPSec VPN configuration screens to create the following VPN tunnel, see Section 5.4 on page 76 for details on the VPN quick setup wizard.
User Manual
Page 659
... the links or follow the steps in this Chapter • Use the SSL Application screen (Section 43.2 on page 661) to view the ZyWALL's configured SSL application objects. • Use the SSL Application Edit screen to create or edit web-based application objects to allow remote users to access ...Web-based A web-based application allows remote users to access an intranet site using standard web browsers. ZyWALL USG 50 User's Guide 659 You can apply one or more SSL application objects in the VPN > SSL VPN screen for a user account/user group. 43.1.1 What You Can Do in the pop-up dialog box...
... the links or follow the steps in this Chapter • Use the SSL Application screen (Section 43.2 on page 661) to view the ZyWALL's configured SSL application objects. • Use the SSL Application Edit screen to create or edit web-based application objects to allow remote users to access ...Web-based A web-based application allows remote users to access an intranet site using standard web browsers. ZyWALL USG 50 User's Guide 659 You can apply one or more SSL application objects in the VPN > SSL VPN screen for a user account/user group. 43.1.1 What You Can Do in the pop-up dialog box...
User Manual
Page 931
...site with dynamic peer 382 static site-to-site 382 transport encapsulation 383 tunnel encapsulation 383 VPN gateway 378 IPSec SA active protocol 405 and firewall 360, 768 and to-ZyWALL firewall 768 authentication algorithms 399, 400 authentication key (manual keys) 407 destination NAT for inbound... also VPN source NAT for inbound traffic 409 source NAT for outbound traffic 408 status 191 transport mode 406 tunnel mode 406 when IKE SA is disconnected 405 IPSec VPN configuration overview 102 prerequisites 100, 102 see also IPSec troubleshooting 767 tutorial 118 where used 102 ZyWALL USG 50 User's...
...site with dynamic peer 382 static site-to-site 382 transport encapsulation 383 tunnel encapsulation 383 VPN gateway 378 IPSec SA active protocol 405 and firewall 360, 768 and to-ZyWALL firewall 768 authentication algorithms 399, 400 authentication key (manual keys) 407 destination NAT for inbound... also VPN source NAT for inbound traffic 409 source NAT for outbound traffic 408 status 191 transport mode 406 tunnel mode 406 when IKE SA is disconnected 405 IPSec VPN configuration overview 102 prerequisites 100, 102 see also IPSec troubleshooting 767 tutorial 118 where used 102 ZyWALL USG 50 User's...
User Manual
Page 933
... and firewall 366 and interfaces 325 and policy routes 282, 289 and to-ZyWALL firewall 327 and VoIP pass through 338 and VPN 403 and VPN, see also VPN configuration overview 99 limitations 294 loopback 327 port forwarding, see NAT port translation, see... NAT port triggering 294 port triggering, see also policy routes prerequisites 99 traversal 404 trigger port, see also policy routes tutorial 143, 146 NBNS 228, 253, 263, 269, 416 NetBIOS Broadcast over IPSec 382 ZyWALL USG 50...
... and firewall 366 and interfaces 325 and policy routes 282, 289 and to-ZyWALL firewall 327 and VoIP pass through 338 and VPN 403 and VPN, see also VPN configuration overview 99 limitations 294 loopback 327 port forwarding, see NAT port translation, see... NAT port triggering 294 port triggering, see also policy routes prerequisites 99 traversal 404 trigger port, see also policy routes tutorial 143, 146 NBNS 228, 253, 263, 269, 416 NetBIOS Broadcast over IPSec 382 ZyWALL USG 50...