User Manual
Page 9
Contents Overview Contents Overview User's Guide ...29 Introducing the ZyWALL ...31 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...109 Technical Reference ...155 Dashboard ...157 Monitor ...169 ...357 IPSec VPN ...375 SSL VPN ...411 SSL User Screens ...421 SSL User Application Screens 431 ZyWALL SecuExtender ...433 Application Patrol ...437 Anti-Virus ...463 IDP ...479 ADP ...513 Content Filtering ...533 Content Filter Reports ...557 Anti-Spam ...565 User/Group ...583 ZyWALL USG 50 User's...
Contents Overview Contents Overview User's Guide ...29 Introducing the ZyWALL ...31 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...109 Technical Reference ...155 Dashboard ...157 Monitor ...169 ...357 IPSec VPN ...375 SSL VPN ...411 SSL User Screens ...421 SSL User Application Screens 431 ZyWALL SecuExtender ...433 Application Patrol ...437 Anti-Virus ...463 IDP ...479 ADP ...513 Content Filtering ...533 Content Filter Reports ...557 Anti-Spam ...565 User/Group ...583 ZyWALL USG 50 User's...
User Manual
Page 12
... 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50 User's Guide Finish 66 4.2 Device Registration ...66 Chapter 5 Quick Setup ...69 5.1 Quick Setup Overview ...69 5.2 WAN Interface Quick Setup 70 5.2.1 Choose an Ethernet Interface 70 5.2.2 Select WAN Type ...70 5.2.3 Configure WAN Settings 71 5.2.4 WAN and ISP Connection Settings 72 5.2.5 Quick Setup Interface Wizard: Summary 74 5.3 VPN Quick Setup ...75 5.4 VPN Setup Wizard: Wizard...
... 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50 User's Guide Finish 66 4.2 Device Registration ...66 Chapter 5 Quick Setup ...69 5.1 Quick Setup Overview ...69 5.2 WAN Interface Quick Setup 70 5.2.1 Choose an Ethernet Interface 70 5.2.2 Select WAN Type ...70 5.2.3 Configure WAN Settings 71 5.2.4 WAN and ISP Connection Settings 72 5.2.5 Quick Setup Interface Wizard: Summary 74 5.3 VPN Quick Setup ...75 5.4 VPN Setup Wizard: Wizard...
User Manual
Page 14
... Configure the WAN Trunk 116 7.4 How to Set Up an IPSec VPN Tunnel 118 7.4.1 Set Up the VPN Gateway 119 7.4.2 Set Up the VPN Connection 120 7.4.3 Configure Security Policies for the VPN Tunnel 121 7.5 How to Configure User-aware Access Control 122 7.5.1 Set...Use an IPPBX on the DMZ 146 7.11.1 Turn On the ALG ...148 7.11.2 Create the Address Objects 148 7.11.3 Setup a NAT Policy for the IPPBX 149 7.11.4 Set Up a WAN to DMZ Firewall Rule for SIP 150 7.11.5 Set ....2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
... Configure the WAN Trunk 116 7.4 How to Set Up an IPSec VPN Tunnel 118 7.4.1 Set Up the VPN Gateway 119 7.4.2 Set Up the VPN Connection 120 7.4.3 Configure Security Policies for the VPN Tunnel 121 7.5 How to Configure User-aware Access Control 122 7.5.1 Set...Use an IPPBX on the DMZ 146 7.11.1 Turn On the ALG ...148 7.11.2 Create the Address Objects 148 7.11.3 Setup a NAT Policy for the IPPBX 149 7.11.4 Set Up a WAN to DMZ Firewall Rule for SIP 150 7.11.5 Set ....2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
User Manual
Page 15
... 8.2.1 The CPU Usage Screen 162 8.2.2 The Memory Usage Screen 163 8.2.3 The Active Sessions Screen 164 8.2.4 The VPN Status Screen 165 8.2.5 The DHCP Table Screen 165 8.2.6 The Number of Login Users Screen 166 Chapter 9 Monitor... Status Screen ...183 9.9.1 More Information ...185 9.10 Application Patrol Statistics 186 9.10.1 Application Patrol Statistics: General Setup 187 9.10.2 Application Patrol Statistics: Bandwidth Statistics 188 9.10.3 Application Patrol Statistics: Protocol Statistics 189 9.10.4 ...Chapter 10 Registration ...209 10.1 Overview ...209 ZyWALL USG 50 User's Guide 15
... 8.2.1 The CPU Usage Screen 162 8.2.2 The Memory Usage Screen 163 8.2.3 The Active Sessions Screen 164 8.2.4 The VPN Status Screen 165 8.2.5 The DHCP Table Screen 165 8.2.6 The Number of Login Users Screen 166 Chapter 9 Monitor... Status Screen ...183 9.9.1 More Information ...185 9.10 Application Patrol Statistics 186 9.10.1 Application Patrol Statistics: General Setup 187 9.10.2 Application Patrol Statistics: Bandwidth Statistics 188 9.10.3 Application Patrol Statistics: Protocol Statistics 189 9.10.4 ...Chapter 10 Registration ...209 10.1 Overview ...209 ZyWALL USG 50 User's Guide 15
User Manual
Page 48
...Service-based spam Black List) statistics. Licensing Registration Registration Register the device and activate trial services. Network 48 ZyWALL USG 50 User's Guide You can also log out individual users and delete related session information. IDP/AppPatrol Update IDP signatures...Anti-Virus Collect and display statistics on the intrusions that the ZyWALL has detected. Table 7 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION Quick Setup Quickly configure WAN interfaces or VPN connections. Chapter 3 Web Configurator Table 6 Monitor Menu Screens ...
...Service-based spam Black List) statistics. Licensing Registration Registration Register the device and activate trial services. Network 48 ZyWALL USG 50 User's Guide You can also log out individual users and delete related session information. IDP/AppPatrol Update IDP signatures...Anti-Virus Collect and display statistics on the intrusions that the ZyWALL has detected. Table 7 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION Quick Setup Quickly configure WAN interfaces or VPN connections. Chapter 3 Web Configurator Table 6 Monitor Menu Screens ...
User Manual
Page 61
...the IP Address Assignment in the order you must know the IP address of the interface that will connect with your ISP. ZyWALL USG 50 User's Guide 61 Chapter 4 Installation Setup Wizard Note: Enter the Internet access information exactly as given to you by your ISP. • Zone: This is the... static IP address assignment. The following fields display if you selected static IP address assignment. • IP Subnet Mask: Enter the subnet mask for VPN, DDNS and the time server. The Domain Name System (DNS) maps a domain name to resolve domain names for this WAN connection's IP address....
...the IP Address Assignment in the order you must know the IP address of the interface that will connect with your ISP. ZyWALL USG 50 User's Guide 61 Chapter 4 Installation Setup Wizard Note: Enter the Internet access information exactly as given to you by your ISP. • Zone: This is the... static IP address assignment. The following fields display if you selected static IP address assignment. • IP Subnet Mask: Enter the subnet mask for VPN, DDNS and the time server. The Domain Name System (DNS) maps a domain name to resolve domain names for this WAN connection's IP address....
User Manual
Page 63
Figure 30 Internet Access: PPTP Encapsulation ZyWALL USG 50 User's Guide 63 Chapter 4 Installation Setup Wizard 4.1.3.2 WAN IP Address Assignments • WAN Interface: This is the ... can access it. Leave the field as given to you do not want to resolve domain names for VPN, DDNS and the time server. If you do not configure a DNS server, you must know the ... PPTP Note: Enter the Internet access information exactly as 0.0.0.0 if you by your (static) public IP address. The ZyWALL uses these (in order to access it , you must know the IP address of a machine in the order you...
Figure 30 Internet Access: PPTP Encapsulation ZyWALL USG 50 User's Guide 63 Chapter 4 Installation Setup Wizard 4.1.3.2 WAN IP Address Assignments • WAN Interface: This is the ... can access it. Leave the field as given to you do not want to resolve domain names for VPN, DDNS and the time server. If you do not configure a DNS server, you must know the ... PPTP Note: Enter the Internet access information exactly as 0.0.0.0 if you by your (static) public IP address. The ZyWALL uses these (in order to access it , you must know the IP address of a machine in the order you...
User Manual
Page 64
... outgoing calls. Auto displays if you selected Auto as 0.0.0.0 if you do not want the connection to configure DNS servers. 64 ZyWALL USG 50 User's Guide Leave the field as the IP Address Assignment in seconds that elapses before you can access it can use alphanumeric and... will belong. • IP Address: Enter your ISP. Select an authentication protocol for VPN, DDNS and the time server. You can be blank. Chapter 4 Installation Setup Wizard 4.1.5 ISP Parameters • Authentication Type - Your ZyWALL accepts CHAP only. • PAP - For example, C:12 or N:My ISP.
... outgoing calls. Auto displays if you selected Auto as 0.0.0.0 if you do not want the connection to configure DNS servers. 64 ZyWALL USG 50 User's Guide Leave the field as the IP Address Assignment in seconds that elapses before you can access it can use alphanumeric and... will belong. • IP Address: Enter your ISP. Select an authentication protocol for VPN, DDNS and the time server. You can be blank. Chapter 4 Installation Setup Wizard 4.1.5 ISP Parameters • Authentication Type - Your ZyWALL accepts CHAP only. • PAP - For example, C:12 or N:My ISP.
User Manual
Page 69
...WAN Interface Click this User's Guide for a secure connection to open the first Quick Setup screen. ZyWALL USG 50 User's Guide 69 CHAPTER 5 Quick Setup 5.1 Quick Setup Overview The Web Configurator's quick setup wizards help you use PPPoE or PPTP. See the feature-specific chapters in the ...quick setup screens in this link to another computer or network. This wizard creates matching ISP account settings in the ZyWALL if you configure Internet and VPN connection settings. See Section 5.2 on page 76. See Section 5.4 on page 70. • VPN SETUP Use VPN SETUP to configure a VPN ...
...WAN Interface Click this User's Guide for a secure connection to open the first Quick Setup screen. ZyWALL USG 50 User's Guide 69 CHAPTER 5 Quick Setup 5.1 Quick Setup Overview The Web Configurator's quick setup wizards help you use PPPoE or PPTP. See the feature-specific chapters in the ...quick setup screens in this link to another computer or network. This wizard creates matching ISP account settings in the ZyWALL if you configure Internet and VPN connection settings. See Section 5.2 on page 76. See Section 5.4 on page 70. • VPN SETUP Use VPN SETUP to configure a VPN ...
User Manual
Page 74
...here) to its corresponding IP address and vice versa. Back Next DNS (Domain Name System) is read-only and only appears for VPN, DDNS and the time server. The ZyWALL uses a system DNS server (in the order you do not configure a DNS server, you can access it . Table 12 Interface... Quick Setup Interface Wizard: Summary This screen displays the WAN interface's settings. If you do not want to access it . The DNS server is extremely important because without it, you must know the IP address of a computer before you must know the IP address of the PPTP server. 74 ZyWALL USG 50 User's...
...here) to its corresponding IP address and vice versa. Back Next DNS (Domain Name System) is read-only and only appears for VPN, DDNS and the time server. The ZyWALL uses a system DNS server (in the order you do not configure a DNS server, you can access it . Table 12 Interface... Quick Setup Interface Wizard: Summary This screen displays the WAN interface's settings. If you do not want to access it . The DNS server is extremely important because without it, you must know the IP address of a computer before you must know the IP address of the PPTP server. 74 ZyWALL USG 50 User's...
User Manual
Page 75
... router automatically disconnects from the PPPoE server. 0 means no timeout. Figure 41 VPN Quick Setup Wizard ZyWALL USG 50 User's Guide 75 Idle Timeout This is how many seconds the connection can use later in the main Quick Setup screen to open the VPN Setup Wizard Welcome screen. Connection ID If you by your ISP. Zone This field...
... router automatically disconnects from the PPPoE server. 0 means no timeout. Figure 41 VPN Quick Setup Wizard ZyWALL USG 50 User's Guide 75 Idle Timeout This is how many seconds the connection can use later in the main Quick Setup screen to open the VPN Setup Wizard Welcome screen. Connection ID If you by your ISP. Zone This field...
User Manual
Page 76
.... Chapter 5 Quick Setup 5.4 VPN Setup Wizard: Wizard Type A VPN (Virtual Private Network) tunnel is a secure connection to configure detailed VPN security settings such as using a pre-shared key and default security settings. The VPN connection can be to create a VPN connection with another ZLD-based ZyWALL or other IPSec device. 76 ZyWALL USG 50 User's Guide Figure 42 VPN Setup Wizard: Wizard Type...
.... Chapter 5 Quick Setup 5.4 VPN Setup Wizard: Wizard Type A VPN (Virtual Private Network) tunnel is a secure connection to configure detailed VPN security settings such as using a pre-shared key and default security settings. The VPN connection can be to create a VPN connection with another ZLD-based ZyWALL or other IPSec device. 76 ZyWALL USG 50 User's Guide Figure 42 VPN Setup Wizard: Wizard Type...
User Manual
Page 77
...Setup 5.5 VPN Express Wizard - You may use 1-31 alphanumeric characters, underscores (_), or dashes (-), but the first character cannot be a number. This value is the client (dial-in user) and can initiate the VPN tunnel. • Site-to an IPSec server. ZyWALL USG 50 User's Guide 77 Choose this VPN connection (and VPN... gateway). Only the remote IPSec device can initiate the VPN tunnel. • Remote Access (Client Role)...
...Setup 5.5 VPN Express Wizard - You may use 1-31 alphanumeric characters, underscores (_), or dashes (-), but the first character cannot be a number. This value is the client (dial-in user) and can initiate the VPN tunnel. • Site-to an IPSec server. ZyWALL USG 50 User's Guide 77 Choose this VPN connection (and VPN... gateway). Only the remote IPSec device can initiate the VPN tunnel. • Remote Access (Client Role)...
User Manual
Page 78
Both ends of the VPN tunnel must match the local IP address configured on your network. This must match the remote IP address configured...the remote IPSec device (secure gateway) to 31 pairs of a computer on the remote IPSec device. 78 ZyWALL USG 50 User's Guide You can also specify a subnet. Configuration Figure 44 VPN Express Wizard: Step 3 • Secure Gateway: If Any displays in this field, it is not ...has a dynamic WAN IP address. • Pre-Shared Key: Type the password. Proceed a hexadecimal key with "0x". Chapter 5 Quick Setup 5.5.1 VPN Express Wizard -
Both ends of the VPN tunnel must match the local IP address configured on your network. This must match the remote IP address configured...the remote IPSec device (secure gateway) to 31 pairs of a computer on the remote IPSec device. 78 ZyWALL USG 50 User's Guide You can also specify a subnet. Configuration Figure 44 VPN Express Wizard: Step 3 • Secure Gateway: If Any displays in this field, it is not ...has a dynamic WAN IP address. • Pre-Shared Key: Type the password. Proceed a hexadecimal key with "0x". Chapter 5 Quick Setup 5.5.1 VPN Express Wizard -
User Manual
Page 79
...a ".zysh" filename extension. ZyWALL USG 50 User's Guide 79 See the commands reference guide for Secure Gateway commands into another ZLD-based ZyWALL's command line interface to configure the VPN connection. Summary This screen provides a read-only summary of the VPN tunnel's configuration and also commands... IPSec device. Chapter 5 Quick Setup 5.5.2 VPN Express Wizard - If this field displays Any, only the remote IPSec device can initiate the VPN connection. • Copy and paste the Configuration for details on the network behind your ZyWALL that can use the tunnel. If...
...a ".zysh" filename extension. ZyWALL USG 50 User's Guide 79 See the commands reference guide for Secure Gateway commands into another ZLD-based ZyWALL's command line interface to configure the VPN connection. Summary This screen provides a read-only summary of the VPN tunnel's configuration and also commands... IPSec device. Chapter 5 Quick Setup 5.5.2 VPN Express Wizard - If this field displays Any, only the remote IPSec device can initiate the VPN connection. • Copy and paste the Configuration for details on the network behind your ZyWALL that can use the tunnel. If...
User Manual
Page 80
Finish Now you have not already done so, use the VPN tunnel. Click Close to exit the wizard. 80 ZyWALL USG 50 User's Guide Figure 46 VPN Express Wizard: Step 6 Note: If you can use the myZyXEL.com link and register your ZyWALL with myZyXEL.com and activate trials of services like Content Filter. Chapter 5 Quick Setup 5.5.3 VPN Express Wizard -
Finish Now you have not already done so, use the VPN tunnel. Click Close to exit the wizard. 80 ZyWALL USG 50 User's Guide Figure 46 VPN Express Wizard: Step 6 Note: If you can use the myZyXEL.com link and register your ZyWALL with myZyXEL.com and activate trials of services like Content Filter. Chapter 5 Quick Setup 5.5.3 VPN Express Wizard -
User Manual
Page 81
... Wizard: Scenario Rule Name: Type the name used to -site with Dynamic Peer - Choose this VPN connection (and VPN gateway). Chapter 5 Quick Setup 5.5.4 VPN Advanced Wizard - The figure on page 76 to display the following screen. Scenario Click the Advanced radio button... incoming connections from IPSec VPN clients. You may use 1-31 alphanumeric characters, underscores (_), or dashes (-), but the first character cannot be a number. Choose this if the remote IPSec device has a dynamic IP address. Only the remote IPSec device can initiate the VPN tunnel. ZyWALL USG 50 User's Guide 81
... Wizard: Scenario Rule Name: Type the name used to -site with Dynamic Peer - Choose this VPN connection (and VPN gateway). Chapter 5 Quick Setup 5.5.4 VPN Advanced Wizard - The figure on page 76 to display the following screen. Scenario Click the Advanced radio button... incoming connections from IPSec VPN clients. You may use 1-31 alphanumeric characters, underscores (_), or dashes (-), but the first character cannot be a number. Choose this if the remote IPSec device has a dynamic IP address. Only the remote IPSec device can initiate the VPN tunnel. ZyWALL USG 50 User's Guide 81
User Manual
Page 82
...VPN tunnel. 5.5.5 VPN Advanced Wizard - This ZyWALL is a variation on your ZyWALL. • Negotiation Mode: Select Main for the chosen scenario. If this field, it is configurable, enter the WAN IP address or domain name of the remote IPSec device (secure gateway) to use on DES 82 ZyWALL USG 50...Phase 1 Settings There are two phases to generate and verify a message authentication code. Figure 48 VPN Advanced Wizard: Phase 1 Settings • Secure Gateway: If Any displays in user) and ... for identity protection. Chapter 5 Quick Setup • Remote Access (Client Role) -
...VPN tunnel. 5.5.5 VPN Advanced Wizard - This ZyWALL is a variation on your ZyWALL. • Negotiation Mode: Select Main for the chosen scenario. If this field, it is configurable, enter the WAN IP address or domain name of the remote IPSec device (secure gateway) to use on DES 82 ZyWALL USG 50...Phase 1 Settings There are two phases to generate and verify a message authentication code. Figure 48 VPN Advanced Wizard: Phase 1 Settings • Secure Gateway: If Any displays in user) and ... for identity protection. Chapter 5 Quick Setup • Remote Access (Client Role) -
User Manual
Page 83
... is generally considered stronger than MD5, but renegotiation temporarily disconnects the VPN tunnel. • NAT Traversal: Select this if the VPN tunnel must also have NAT traversal enabled. If it responds, the ZyWALL transmits the data. ZyWALL USG 50 User's Guide 83 Note: The remote IPSec device must pass through... or Certificate to Diffie-Hellman Group 5 a 1536 bit random number. • SA Life Time: Set how often the ZyWALL renegotiates the IKE SA. Chapter 5 Quick Setup that uses a 168-bit key. DH1 (default) refers to the remote IPSec device. DH5 refers to use one of ...
... is generally considered stronger than MD5, but renegotiation temporarily disconnects the VPN tunnel. • NAT Traversal: Select this if the VPN tunnel must also have NAT traversal enabled. If it responds, the ZyWALL transmits the data. ZyWALL USG 50 User's Guide 83 Note: The remote IPSec device must pass through... or Certificate to Diffie-Hellman Group 5 a 1536 bit random number. • SA Life Time: Set how often the ZyWALL renegotiates the IKE SA. Chapter 5 Quick Setup that uses a 168-bit key. DH1 (default) refers to the remote IPSec device. DH5 refers to use one of ...
User Manual
Page 102
...can also use the Quick Setup VPN Setup wizard. you want to allow vice president Bob to control which individuals can use which services through the ZyWALL (and when they can subscribe using it. 1 Create a user account for Bob (User/Group). 102 ZyWALL USG 50 User's Guide Example: Suppose ...you can also specify allowed amounts of the wizards. Chapter 6 Configuration Basics 6.5.15 IPSec VPN Use IPSec VPN to provide secure communication between two sites over the Internet or any ...
...can also use the Quick Setup VPN Setup wizard. you want to allow vice president Bob to control which individuals can use which services through the ZyWALL (and when they can subscribe using it. 1 Create a user account for Bob (User/Group). 102 ZyWALL USG 50 User's Guide Example: Suppose ...you can also specify allowed amounts of the wizards. Chapter 6 Configuration Basics 6.5.15 IPSec VPN Use IPSec VPN to provide secure communication between two sites over the Internet or any ...