User Manual
Page 3
...show you how to make the ZyWALL hardware connections and access the Web Configurator wizards. (See the wizard real time help provides. • It is highly recommended you read Chapter 7 on page 109 for first time setup and you want more detailed information...ZyWALL. E-mail techwriters@zyxel.com.tw if you cannot find specific information in the Web Configurator. Read each screen.) It also contains a connection diagram and package contents list. • CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL. ZyWALL USG 50...
...show you how to make the ZyWALL hardware connections and access the Web Configurator wizards. (See the wizard real time help provides. • It is highly recommended you read Chapter 7 on page 109 for first time setup and you want more detailed information...ZyWALL. E-mail techwriters@zyxel.com.tw if you cannot find specific information in the Web Configurator. Read each screen.) It also contains a connection diagram and package contents list. • CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL. ZyWALL USG 50...
User Manual
Page 12
...Window ...52 3.3.4 Tables and Lists ...54 Chapter 4 Installation Setup Wizard ...59 4.1 Installation Setup Wizard Screens 59 4.1.1 Internet Access Setup - WAN Interface 59 4.1.2 Internet Access: Ethernet 60 4.1.3 Internet Access: PPPoE 62 4.1.4 Internet Access: PPTP 63 4.1.5 ISP Parameters ...64 4.1.6 Internet Access Setup - Finish 80 5.5.4 VPN Advanced Wizard - Configuration 78 ...88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 89 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50 User's Guide Second WAN Interface 65 4.1.7 Internet Access -
...Window ...52 3.3.4 Tables and Lists ...54 Chapter 4 Installation Setup Wizard ...59 4.1 Installation Setup Wizard Screens 59 4.1.1 Internet Access Setup - WAN Interface 59 4.1.2 Internet Access: Ethernet 60 4.1.3 Internet Access: PPPoE 62 4.1.4 Internet Access: PPTP 63 4.1.5 ISP Parameters ...64 4.1.6 Internet Access Setup - Finish 80 5.5.4 VPN Advanced Wizard - Configuration 78 ...88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 89 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50 User's Guide Second WAN Interface 65 4.1.7 Internet Access -
User Manual
Page 14
...Configure the Endpoint Security Objects 133 7.7.2 Configure the Authentication Policy 135 7.8 How to Configure Service Control 136 7.8.1 Allow HTTPS Administrator Access Only From the LAN 137 7.9 How to Allow Incoming H.323 Peer-to-peer Calls 139 7.9.1 Turn On the ALG ......an IPPBX on the DMZ 146 7.11.1 Turn On the ALG ...148 7.11.2 Create the Address Objects 148 7.11.3 Setup a NAT Policy for the IPPBX 149 7.11.4 Set Up a WAN to DMZ Firewall Rule for SIP 150 7.11.5 Set... the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
...Configure the Endpoint Security Objects 133 7.7.2 Configure the Authentication Policy 135 7.8 How to Configure Service Control 136 7.8.1 Allow HTTPS Administrator Access Only From the LAN 137 7.9 How to Allow Incoming H.323 Peer-to-peer Calls 139 7.9.1 Turn On the ALG ......an IPPBX on the DMZ 146 7.11.1 Turn On the ALG ...148 7.11.2 Create the Address Objects 148 7.11.3 Setup a NAT Policy for the IPPBX 149 7.11.4 Set Up a WAN to DMZ Firewall Rule for SIP 150 7.11.5 Set... the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
User Manual
Page 34
... on this port. On This port has a successful link. 1.4 Management Overview You can access it using an Internet browser. This User's Guide provides information about the CLI. 34 ZyWALL USG 50 User's Guide Web Configurator The Web Configurator allows easy ZyWALL setup and management using remote management (for more information about the Web Configurator. Figure 4 Managing...
... on this port. On This port has a successful link. 1.4 Management Overview You can access it using an Internet browser. This User's Guide provides information about the CLI. 34 ZyWALL USG 50 User's Guide Web Configurator The Web Configurator allows easy ZyWALL setup and management using remote management (for more information about the Web Configurator. Figure 4 Managing...
User Manual
Page 43
CHAPTER 3 Web Configurator The ZyWALL Web Configurator allows easy ZyWALL setup and management using an Internet browser. 3.1 Web Configurator Requirements In order to use the Web Configurator, you must • Use Internet Explorer 7 or later, or ...; Enable JavaScripts (enabled by default) • Enable Java permissions (enabled by default) • Enable cookies The recommended screen resolution is 1024 x 768 pixels. 3.2 Web Configurator Access 1 Make sure your ZyWALL hardware is properly connected. ZyWALL USG 50 User's Guide 43 See the Quick Start Guide.
CHAPTER 3 Web Configurator The ZyWALL Web Configurator allows easy ZyWALL setup and management using an Internet browser. 3.1 Web Configurator Requirements In order to use the Web Configurator, you must • Use Internet Explorer 7 or later, or ...; Enable JavaScripts (enabled by default) • Enable Java permissions (enabled by default) • Enable cookies The recommended screen resolution is 1024 x 768 pixels. 3.2 Web Configurator Access 1 Make sure your ZyWALL hardware is properly connected. ZyWALL USG 50 User's Guide 43 See the Quick Start Guide.
User Manual
Page 59
...interfaces to start configuring for background information. This chapter provides information on configuring the Web Configurator's installation setup wizard. ZyWALL USG 50 User's Guide 59 See the feature-specific chapters in the upper right corner to display or hide the... and method of IP address assignment. WAN Interface Use this User's Guide for Internet access. 4.1.1 Internet Access Setup - CHAPTER 4 Installation Setup Wizard 4.1 Installation Setup Wizard Screens If you configure Internet connection settings and activate subscription services. This wizard helps...
...interfaces to start configuring for background information. This chapter provides information on configuring the Web Configurator's installation setup wizard. ZyWALL USG 50 User's Guide 59 See the feature-specific chapters in the upper right corner to display or hide the... and method of IP address assignment. WAN Interface Use this User's Guide for Internet access. 4.1.1 Internet Access Setup - CHAPTER 4 Installation Setup Wizard 4.1 Installation Setup Wizard Screens If you configure Internet connection settings and activate subscription services. This wizard helps...
User Manual
Page 60
... settings. 60 ZyWALL USG 50 User's Guide Otherwise, choose PPPoE or PPTP for Internet access. • Zone: This is the security zone to the information from your ISP. • WAN Interface: This is the interface you a fixed IP address. Chapter 4 Installation Setup Wizard The screens... vary depending on the encapsulation type. Use this option to configure just one. Note: Enter the Internet access information exactly as a regular Ethernet. Refer to information provided by your ...
... settings. 60 ZyWALL USG 50 User's Guide Otherwise, choose PPPoE or PPTP for Internet access. • Zone: This is the security zone to the information from your ISP. • WAN Interface: This is the interface you a fixed IP address. Chapter 4 Installation Setup Wizard The screens... vary depending on the encapsulation type. Use this option to configure just one. Note: Enter the Internet access information exactly as a regular Ethernet. Refer to information provided by your ...
User Manual
Page 61
... if you do not want to configure DNS servers. The ZyWALL uses these (in the previous screen. ZyWALL USG 50 User's Guide 61 Figure 28 Internet Access: Ethernet Encapsulation • Encapsulation: This displays the type of... Internet connection you are configuring. • First WAN Interface: This is the number of the interface that will connect with your ISP. • Zone: This is extremely important because without it . Chapter 4 Installation Setup...
... if you do not want to configure DNS servers. The ZyWALL uses these (in the previous screen. ZyWALL USG 50 User's Guide 61 Figure 28 Internet Access: Ethernet Encapsulation • Encapsulation: This displays the type of... Internet connection you are configuring. • First WAN Interface: This is the number of the interface that will connect with your ISP. • Zone: This is extremely important because without it . Chapter 4 Installation Setup...
User Manual
Page 62
... and _@$./ characters, and it can be up to 64 ASCII characters except the [] and ?. Chapter 4 Installation Setup Wizard 4.1.3 Internet Access: PPPoE Note: Enter the Internet access information exactly as given to you by the remote node. • CHAP - Use up to 64 characters long.... ISP. Your ZyWALL accepts PAP only. • MSCHAP - Options are: • CHAP/PAP - PPPoE uses a service name to time out. Figure 29 Internet Access: PPPoE Encapsulation 4.1.3.1 ISP Parameters • Type the PPPoE Service Name from the PPPoE server. 62 ZyWALL USG 50 User's Guide
... and _@$./ characters, and it can be up to 64 ASCII characters except the [] and ?. Chapter 4 Installation Setup Wizard 4.1.3 Internet Access: PPPoE Note: Enter the Internet access information exactly as given to you by the remote node. • CHAP - Use up to 64 characters long.... ISP. Your ZyWALL accepts PAP only. • MSCHAP - Options are: • CHAP/PAP - PPPoE uses a service name to time out. Figure 29 Internet Access: PPPoE Encapsulation 4.1.3.1 ISP Parameters • Type the PPPoE Service Name from the PPPoE server. 62 ZyWALL USG 50 User's Guide
User Manual
Page 63
The DNS server is the security zone to an IP address and vice versa. Figure 30 Internet Access: PPTP Encapsulation ZyWALL USG 50 User's Guide 63 The Domain Name System (DNS) maps a domain name to which this interface and Internet connection will connect with ...access it. Leave the field as the IP Address Assignment in the order you do not configure a DNS server, you must know the IP address of a computer before you selected static IP address assignment. Auto displays if you selected Auto as 0.0.0.0 if you specify here) to configure DNS servers. Chapter 4 Installation Setup...
The DNS server is the security zone to an IP address and vice versa. Figure 30 Internet Access: PPTP Encapsulation ZyWALL USG 50 User's Guide 63 The Domain Name System (DNS) maps a domain name to which this interface and Internet connection will connect with ...access it. Leave the field as the IP Address Assignment in the order you do not configure a DNS server, you must know the IP address of a computer before you selected static IP address assignment. Auto displays if you selected Auto as 0.0.0.0 if you specify here) to configure DNS servers. Chapter 4 Installation Setup...
User Manual
Page 64
...access it. This field is optional and depends on the interface you by your ISP. • Zone This is the security zone to 64 ASCII characters except the [] and ?. Enter a DNS server's IP address(es). Your ZyWALL...seconds that elapses before you do not want to configure DNS servers. 64 ZyWALL USG 50 User's Guide The ZyWALL uses these (in the order you specify here) to you by your password...For example, C:12 or N:My ISP. Chapter 4 Installation Setup Wizard 4.1.5 ISP Parameters • Authentication Type - Your ZyWALL accepts MSCHAP-V2 only. • Type the User Name given...
...access it. This field is optional and depends on the interface you by your ISP. • Zone This is the security zone to 64 ASCII characters except the [] and ?. Enter a DNS server's IP address(es). Your ZyWALL...seconds that elapses before you do not want to configure DNS servers. 64 ZyWALL USG 50 User's Guide The ZyWALL uses these (in the order you specify here) to you by your password...For example, C:12 or N:My ISP. Chapter 4 Installation Setup Wizard 4.1.5 ISP Parameters • Authentication Type - Your ZyWALL accepts MSCHAP-V2 only. • Type the User Name given...
User Manual
Page 65
Second WAN Interface If you selected I have two ISPs, after you configure the First WAN Interface, you can configure the Second WAN Interface. The screens for configuring the second WAN interface are similar to the first (see Section 4.1.1 on page 59). Chapter 4 Installation Setup Wizard 4.1.6 Internet Access Setup - Figure 31 Internet Access: Step 3: Second WAN Interface ZyWALL USG 50 User's Guide 65
Second WAN Interface If you selected I have two ISPs, after you configure the First WAN Interface, you can configure the Second WAN Interface. The screens for configuring the second WAN interface are similar to the first (see Section 4.1.1 on page 59). Chapter 4 Installation Setup Wizard 4.1.6 Internet Access Setup - Figure 31 Internet Access: Step 3: Second WAN Interface ZyWALL USG 50 User's Guide 65
User Manual
Page 66
... Encapsulation Note: If you can still activate any ). Chapter 4 Installation Setup Wizard 4.1.7 Internet Access - Note: You must be connected to the Internet to perform a basic registration (see Section 4.2 on page 66). Click Next and use the following screen to register. 66 ZyWALL USG 50 User's Guide If you have not already done so. You can...
... Encapsulation Note: If you can still activate any ). Chapter 4 Installation Setup Wizard 4.1.7 Internet Access - Note: You must be connected to the Internet to perform a basic registration (see Section 4.2 on page 66). Click Next and use the following screen to register. 66 ZyWALL USG 50 User's Guide If you have not already done so. You can...
User Manual
Page 71
... according to select whether the interface should use . Note: Enter the Internet access information exactly as your ISP gave it to you use a fixed or dynamic IP address. Figure 37 WAN Interface Setup: Step 2 The screens vary depending on what to which this screen to...and Internet connection belong. Chapter 5 Quick Setup Otherwise, choose PPPoE or PPTP for Internet access. • Zone: This is the interface you don't have that information. Refer to information provided by your ISP. ZyWALL USG 50 User's Guide 71 Figure 38 WAN Interface Setup: Step 2 • WAN Interface: ...
... according to select whether the interface should use . Note: Enter the Internet access information exactly as your ISP gave it to you use a fixed or dynamic IP address. Figure 37 WAN Interface Setup: Step 2 The screens vary depending on what to which this screen to...and Internet connection belong. Chapter 5 Quick Setup Otherwise, choose PPPoE or PPTP for Internet access. • Zone: This is the interface you don't have that information. Refer to information provided by your ISP. ZyWALL USG 50 User's Guide 71 Figure 38 WAN Interface Setup: Step 2 • WAN Interface: ...
User Manual
Page 72
.... This screen is read-only if you set the IP Address Assignment to configure the ISP and WAN interface settings. Note: Enter the Internet access information exactly as your ISP did not assign you a fixed IP address. Table 11 WAN and ISP Connection Settings LABEL DESCRIPTION ISP Parameter This ...(PPTP Shown) The following table describes the labels in this screen to Static. Encapsulation This displays the type of Internet connection you are configuring. 72 ZyWALL USG 50 User's Guide Chapter 5 Quick Setup • IP Address Assignment: Select Auto If your ISP gave it to you.
.... This screen is read-only if you set the IP Address Assignment to configure the ISP and WAN interface settings. Note: Enter the Internet access information exactly as your ISP did not assign you a fixed IP address. Table 11 WAN and ISP Connection Settings LABEL DESCRIPTION ISP Parameter This ...(PPTP Shown) The following table describes the labels in this screen to Static. Encapsulation This displays the type of Internet connection you are configuring. 72 ZyWALL USG 50 User's Guide Chapter 5 Quick Setup • IP Address Assignment: Select Auto If your ISP gave it to you.
User Manual
Page 74
...to the previous screen. Figure 40 Interface Wizard: Summary WAN (PPTP Shown) The following table describes the labels in the order you can access it. Back Next DNS (Domain Name System) is for a PPPoE interface. Service Name This field is extremely important because without it . ...to return to the right. The ZyWALL uses a system DNS server (in this interface uses to connect to access it , you do not configure a DNS server, you must know the IP address of the PPTP server. 74 ZyWALL USG 50 User's Guide Chapter 5 Quick Setup Table 11 WAN and ISP Connection ...
...to the previous screen. Figure 40 Interface Wizard: Summary WAN (PPTP Shown) The following table describes the labels in the order you can access it. Back Next DNS (Domain Name System) is for a PPPoE interface. Service Name This field is extremely important because without it . ...to return to the right. The ZyWALL uses a system DNS server (in this interface uses to connect to access it , you do not configure a DNS server, you must know the IP address of the PPTP server. 74 ZyWALL USG 50 User's Guide Chapter 5 Quick Setup Table 11 WAN and ISP Connection ...
User Manual
Page 77
... dashes (-), but the first character cannot be a number. Only the remote IPSec device can initiate the VPN tunnel. • Remote Access (Client Role) - ZyWALL USG 50 User's Guide 77 This value is the client (dial-in users. The figure on page 76 to -site - The clients have dynamic...IP address. Select the scenario that best describes your intended VPN connection. Choose this VPN connection (and VPN gateway). This ZyWALL is case-sensitive. Chapter 5 Quick Setup 5.5 VPN Express Wizard - Choose this to identify this to connect to -site with Dynamic Peer - Only the clients ...
... dashes (-), but the first character cannot be a number. Only the remote IPSec device can initiate the VPN tunnel. • Remote Access (Client Role) - ZyWALL USG 50 User's Guide 77 This value is the client (dial-in users. The figure on page 76 to -site - The clients have dynamic...IP address. Select the scenario that best describes your intended VPN connection. Choose this VPN connection (and VPN gateway). This ZyWALL is case-sensitive. Chapter 5 Quick Setup 5.5 VPN Express Wizard - Choose this to identify this to connect to -site with Dynamic Peer - Only the clients ...
User Manual
Page 81
... in users. Chapter 5 Quick Setup 5.5.4 VPN Advanced Wizard - Only the remote IPSec device can initiate the VPN tunnel. ZyWALL USG 50 User's Guide 81 The figure on page 76 to -site with Dynamic Peer - Only the clients can initiate the VPN tunnel. • Remote Access (Server Role) - Choose this...the screen changes to match the scenario you select. • Site-to allow incoming connections from IPSec VPN clients. This ZyWALL can initiate the VPN tunnel. • Site-to display the following screen. Select the scenario that best describes your intended VPN connection....
... in users. Chapter 5 Quick Setup 5.5.4 VPN Advanced Wizard - Only the remote IPSec device can initiate the VPN tunnel. ZyWALL USG 50 User's Guide 81 The figure on page 76 to -site with Dynamic Peer - Only the clients can initiate the VPN tunnel. • Remote Access (Server Role) - Choose this...the screen changes to match the scenario you select. • Site-to allow incoming connections from IPSec VPN clients. This ZyWALL can initiate the VPN tunnel. • Site-to display the following screen. Select the scenario that best describes your intended VPN connection....
User Manual
Page 82
...• Secure Gateway: If Any displays in user) and can be used to encrypt and decrypt the message or to use on DES 82 ZyWALL USG 50 User's Guide Use 0.0.0.0 if the remote IPSec device has a dynamic WAN IP address. • My Address (interface): Select an interface from... Select Aggressive to allow more incoming connections from the drop-down list box to generate and verify a message authentication code. Chapter 5 Quick Setup • Remote Access (Client Role) - Note: Multiple SAs connecting through a secure gateway must know the same secret key, which can initiate the VPN tunnel....
...• Secure Gateway: If Any displays in user) and can be used to encrypt and decrypt the message or to use on DES 82 ZyWALL USG 50 User's Guide Use 0.0.0.0 if the remote IPSec device has a dynamic WAN IP address. • My Address (interface): Select an interface from... Select Aggressive to allow more incoming connections from the drop-down list box to generate and verify a message authentication code. Chapter 5 Quick Setup • Remote Access (Client Role) - Note: Multiple SAs connecting through a secure gateway must know the same secret key, which can initiate the VPN tunnel....
User Manual
Page 84
... Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to have the ZyWALL automatically renegotiate the IPSec SA when the SA life time expires. 84 ZyWALL USG 50 User's Guide DH5 refers to -site and remote access client role scenarios. Chapter 5 Quick Setup 5.5.6 VPN Advanced Wizard - This must match the local IP address configured on...
... Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to have the ZyWALL automatically renegotiate the IPSec SA when the SA life time expires. 84 ZyWALL USG 50 User's Guide DH5 refers to -site and remote access client role scenarios. Chapter 5 Quick Setup 5.5.6 VPN Advanced Wizard - This must match the local IP address configured on...