User Manual
Page 3
...wizard for first time setup and you want more detailed information than what prerequisites are needed to configure a feature and how to use the Web Configurator to configure the ZyWALL. E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide, use the Command-Line Interface...menu item. • To find the information you require. ZyWALL USG 50 User's Guide 3 About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to want to configure the ZyWALL using the quick setup wizards and you want more detailed ...
...wizard for first time setup and you want more detailed information than what prerequisites are needed to configure a feature and how to use the Web Configurator to configure the ZyWALL. E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide, use the Command-Line Interface...menu item. • To find the information you require. ZyWALL USG 50 User's Guide 3 About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to want to configure the ZyWALL using the quick setup wizards and you want more detailed ...
User Manual
Page 4
... is a collection of answers to previously asked questions about your product. • Knowledge Base If you have a specific question about ZyXEL products. 4 ZyWALL USG 50 User's Guide About This User's Guide • Web Configurator Online Help Click the help icon in any screen for help in order to better understand how to use your product...
... is a collection of answers to previously asked questions about your product. • Knowledge Base If you have a specific question about ZyXEL products. 4 ZyWALL USG 50 User's Guide About This User's Guide • Web Configurator Online Help Click the help icon in any screen for help in order to better understand how to use your product...
User Manual
Page 6
..."choose" means for you to use one or more characters and then press the [ENTER] key. Syntax Conventions • The ZyWALL may need to as the "ZyWALL", the "device", the "system" or the "product" in the navigation panel, then the Log sub menu and finally the ... key on . • "e.g.," is a shorthand for "for example, other words". 6 ZyWALL USG 50 User's Guide Note: Notes tell you other important information (for instance", and "i.e.," means "that could harm you may be referred to configure or helpful tips) or recommendations. For example, Maintenance > Log > Log Setting means you...
..."choose" means for you to use one or more characters and then press the [ENTER] key. Syntax Conventions • The ZyWALL may need to as the "ZyWALL", the "device", the "system" or the "product" in the navigation panel, then the Log sub menu and finally the ... key on . • "e.g.," is a shorthand for "for example, other words". 6 ZyWALL USG 50 User's Guide Note: Notes tell you other important information (for instance", and "i.e.," means "that could harm you may be referred to configure or helpful tips) or recommendations. For example, Maintenance > Log > Log Setting means you...
User Manual
Page 9
Contents Overview Contents Overview User's Guide ...29 Introducing the ZyWALL ...31 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...109 Technical Reference ...155 Dashboard ...157 Monitor ...169 Registration ...209 ...SSL VPN ...411 SSL User Screens ...421 SSL User Application Screens 431 ZyWALL SecuExtender ...433 Application Patrol ...437 Anti-Virus ...463 IDP ...479 ADP ...513 Content Filtering ...533 Content Filter Reports ...557 Anti-Spam ...565 User/Group ...583 ZyWALL USG 50 User's Guide 9
Contents Overview Contents Overview User's Guide ...29 Introducing the ZyWALL ...31 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...109 Technical Reference ...155 Dashboard ...157 Monitor ...169 Registration ...209 ...SSL VPN ...411 SSL User Screens ...421 SSL User Application Screens 431 ZyWALL SecuExtender ...433 Application Patrol ...437 Anti-Virus ...463 IDP ...479 ADP ...513 Content Filtering ...533 Content Filter Reports ...557 Anti-Spam ...565 User/Group ...583 ZyWALL USG 50 User's Guide 9
User Manual
Page 11
... of Contents...11 Part I: User's Guide 29 Chapter 1 Introducing the ZyWALL ...31 1.1 Overview and Key Default Settings 31 1.2 Rack-mounted Installation 32...ZyWALL 35 Chapter 2 Features and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...40 2.2.2 SSL VPN Network Access 40 2.2.3 User-Aware Access Control 42 2.2.4 Multiple WAN Interfaces 42 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...45 3.3.2 Navigation Panel ...47 ZyWALL USG 50...
... of Contents...11 Part I: User's Guide 29 Chapter 1 Introducing the ZyWALL ...31 1.1 Overview and Key Default Settings 31 1.2 Rack-mounted Installation 32...ZyWALL 35 Chapter 2 Features and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...40 2.2.2 SSL VPN Network Access 40 2.2.3 User-Aware Access Control 42 2.2.4 Multiple WAN Interfaces 42 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...45 3.3.2 Navigation Panel ...47 ZyWALL USG 50...
User Manual
Page 12
... 79 5.5.3 VPN Express Wizard - Phase 1 Settings 82 5.5.6 VPN Advanced Wizard - Finish 86 Chapter 6 Configuration Basics...87 6.1 Object-based Configuration 87 6.2 Zones, Interfaces, and Physical Ports 88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 89 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50 User's Guide WAN Interface 59 4.1.2 Internet Access: Ethernet 60 4.1.3 Internet Access: PPPoE 62...
... 79 5.5.3 VPN Express Wizard - Phase 1 Settings 82 5.5.6 VPN Advanced Wizard - Finish 86 Chapter 6 Configuration Basics...87 6.1 Object-based Configuration 87 6.2 Zones, Interfaces, and Physical Ports 88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 89 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50 User's Guide WAN Interface 59 4.1.2 Internet Access: Ethernet 60 4.1.3 Internet Access: PPPoE 62...
User Manual
Page 13
... Contents 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 6.5.1 Feature ...95 6.5.2 Licensing Registration 96 6.5.3 Licensing Update ...96 6.5.4 Interface ...96 6.5.5 Trunks ... ...108 Chapter 7 Tutorials ...109 7.1 How to Configure Interfaces, Port Roles, and Zones 109 7.1.1 Configure a WAN Ethernet Interface 110 7.1.2 Configure Port Roles 111 7.1.3 Configure the DMZ Interface for a Local Network 111 7.1.4 Configure Zones ...112 7.2 How to Configure a Cellular Interface 113 ZyWALL USG 50 User's Guide 13
... Contents 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 6.5.1 Feature ...95 6.5.2 Licensing Registration 96 6.5.3 Licensing Update ...96 6.5.4 Interface ...96 6.5.5 Trunks ... ...108 Chapter 7 Tutorials ...109 7.1 How to Configure Interfaces, Port Roles, and Zones 109 7.1.1 Configure a WAN Ethernet Interface 110 7.1.2 Configure Port Roles 111 7.1.3 Configure the DMZ Interface for a Local Network 111 7.1.4 Configure Zones ...112 7.2 How to Configure a Cellular Interface 113 ZyWALL USG 50 User's Guide 13
User Manual
Page 14
... 140 7.9.3 Set Up a Firewall Rule For H.323 142 7.10 How to Allow Public Access to a Web Server 143 7.10.1 Create the Address Objects 144 7.10.2 Configure NAT ...144 7.10.3 Set Up a Firewall Rule 145 7.11 How to Use an IPPBX on the DMZ 146 7.11.1 Turn On the ALG ...148 7.11... How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic 152 7.12.1 Create the Public IP Address Range Object 152 7.12.2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
... 140 7.9.3 Set Up a Firewall Rule For H.323 142 7.10 How to Allow Public Access to a Web Server 143 7.10.1 Create the Address Objects 144 7.10.2 Configure NAT ...144 7.10.3 Set Up a Firewall Rule 145 7.11 How to Use an IPPBX on the DMZ 146 7.11.1 Turn On the ALG ...148 7.11... How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic 152 7.12.1 Create the Public IP Address Range Object 152 7.12.2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
User Manual
Page 16
... ...221 11.3.2 Object References 230 11.4 PPP Interfaces ...231 11.4.1 PPP Interface Summary 232 11.4.2 PPP Interface Add or Edit 233 11.5 Cellular Configuration Screen (3G 237 11.5.1 Cellular Add/Edit Screen 239 11.6 VLAN Interfaces ...246 11.6.1 VLAN Summary Screen 248 11.6.2 VLAN Add/Edit ...249 ... 12.3 Configuring a Trunk ...277 12.4 Trunk Technical Reference 279 Chapter 13 Policy and Static Routes ...281 13.1 Policy and Static Routes Overview 281 13.1.1 What You Can Do in this Chapter 281 13.1.2 What You Need to Know 282 13.2 Policy Route Screen ...284 16 ZyWALL USG 50 User's ...
... ...221 11.3.2 Object References 230 11.4 PPP Interfaces ...231 11.4.1 PPP Interface Summary 232 11.4.2 PPP Interface Add or Edit 233 11.5 Cellular Configuration Screen (3G 237 11.5.1 Cellular Add/Edit Screen 239 11.6 VLAN Interfaces ...246 11.6.1 VLAN Summary Screen 248 11.6.2 VLAN Add/Edit ...249 ... 12.3 Configuring a Trunk ...277 12.4 Trunk Technical Reference 279 Chapter 13 Policy and Static Routes ...281 13.1 Policy and Static Routes Overview 281 13.1.1 What You Can Do in this Chapter 281 13.1.2 What You Need to Know 282 13.2 Policy Route Screen ...284 16 ZyWALL USG 50 User's ...
User Manual
Page 17
... You Can Do in this Chapter 297 14.1.2 What You Need to Know 297 14.2 The RIP Screen ...298 14.3 The OSPF Screen ...299 14.3.1 Configuring the OSPF Screen 303 14.3.2 OSPF Area Add/Edit Screen 306 14.3.3 Virtual Link Add/Edit Screen 307 14.4 Routing Protocol Technical Reference 308 Chapter... to Know 322 17.2 The NAT Screen ...322 17.2.1 The NAT Add/Edit Screen 324 17.3 NAT Technical Reference 327 Chapter 18 HTTP Redirect ...331 ZyWALL USG 50 User's Guide 17
... You Can Do in this Chapter 297 14.1.2 What You Need to Know 297 14.2 The RIP Screen ...298 14.3 The OSPF Screen ...299 14.3.1 Configuring the OSPF Screen 303 14.3.2 OSPF Area Add/Edit Screen 306 14.3.3 Virtual Link Add/Edit Screen 307 14.4 Routing Protocol Technical Reference 308 Chapter... to Know 322 17.2 The NAT Screen ...322 17.2.1 The NAT Add/Edit Screen 324 17.3 NAT Technical Reference 327 Chapter 18 HTTP Redirect ...331 ZyWALL USG 50 User's Guide 17
User Manual
Page 18
... 22.1.1 What You Can Do in this Chapter 357 22.1.2 What You Need to Know 358 22.1.3 Firewall Rule Example Applications 360 22.1.4 Firewall Rule Configuration Example 363 22.2 The Firewall Screen ...365 22.2.1 Configuring the Firewall Screen 366 22.2.2 The Firewall Add/Edit Screen 369 18 ZyWALL USG 50 User's Guide
... 22.1.1 What You Can Do in this Chapter 357 22.1.2 What You Need to Know 358 22.1.3 Firewall Rule Example Applications 360 22.1.4 Firewall Rule Configuration Example 363 22.2 The Firewall Screen ...365 22.2.1 Configuring the Firewall Screen 366 22.2.2 The Firewall Add/Edit Screen 369 18 ZyWALL USG 50 User's Guide
User Manual
Page 21
...View Screen 493 30.6.5 Query Example ...495 30.7 Introducing IDP Custom Signatures 497 30.7.1 IP Packet Header 497 30.8 Configuring Custom Signatures 498 30.8.1 Creating or Editing a Custom Signature 500 30.8.2 Custom Signature Example 506 30.8.3 Applying Custom ...Configuration 521 31.4 ADP Technical Reference 525 Chapter 32 Content Filtering ...533 32.1 Overview ...533 32.1.1 What You Can Do in this Chapter 533 32.1.2 What You Need to Know 533 32.1.3 Before You Begin 535 32.2 Content Filter General Screen 535 32.3 Content Filter Policy Add or Edit Screen 538 ZyWALL USG 50...
...View Screen 493 30.6.5 Query Example ...495 30.7 Introducing IDP Custom Signatures 497 30.7.1 IP Packet Header 497 30.8 Configuring Custom Signatures 498 30.8.1 Creating or Editing a Custom Signature 500 30.8.2 Custom Signature Example 506 30.8.3 Applying Custom ...Configuration 521 31.4 ADP Technical Reference 525 Chapter 32 Content Filtering ...533 32.1 Overview ...533 32.1.1 What You Can Do in this Chapter 533 32.1.2 What You Need to Know 533 32.1.3 Before You Begin 535 32.2 Content Filter General Screen 535 32.3 Content Filter Policy Add or Edit Screen 538 ZyWALL USG 50...
User Manual
Page 25
...SSH Works ...707 45.7.2 SSH Implementation on the ZyWALL 708 45.7.3 Requirements for Using SSH 708 45.7.4 Configuring SSH ...708 45.7.5 Secure Telnet Using SSH Examples 710 45.8 Telnet ...711 45.8.1 Configuring Telnet 712 45.9 FTP ...713 45.9.1 Configuring FTP ...713 45.10 SNMP ...715 45.10....1 Supported MIBs 717 45.10.2 SNMP Traps ...717 45.10.3 Configuring SNMP 717 45.11 Vantage CNM ...719 ZyWALL USG 50...
...SSH Works ...707 45.7.2 SSH Implementation on the ZyWALL 708 45.7.3 Requirements for Using SSH 708 45.7.4 Configuring SSH ...708 45.7.5 Secure Telnet Using SSH Examples 710 45.8 Telnet ...711 45.8.1 Configuring Telnet 712 45.9 FTP ...713 45.9.1 Configuring FTP ...713 45.10 SNMP ...715 45.10....1 Supported MIBs 717 45.10.2 SNMP Traps ...717 45.10.3 Configuring SNMP 717 45.11 Vantage CNM ...719 ZyWALL USG 50...
User Manual
Page 26
Table of Contents 45.11.1 Configuring Vantage CNM 720 45.12 Language Screen ...722 Chapter 46 Log and Report ...723 46.1 ... Overview ...737 47.1.1 What You Can Do in this Chapter 737 47.1.2 What you Need to Know 737 47.2 The Configuration File Screen 740 47.3 The Firmware Package Screen 744 47.4 The Shell Script Screen 746 Chapter 48 Diagnostics...749 48.1 Overview...49.1 Overview ...755 49.1.1 What You Need To Know 755 49.2 The Reboot Screen ...755 Chapter 50 Shutdown...757 50.1 Overview ...757 50.1.1 What You Need To Know 757 50.2 The Shutdown Screen ...757 26 ZyWALL USG 50 User's Guide
Table of Contents 45.11.1 Configuring Vantage CNM 720 45.12 Language Screen ...722 Chapter 46 Log and Report ...723 46.1 ... Overview ...737 47.1.1 What You Can Do in this Chapter 737 47.1.2 What you Need to Know 737 47.2 The Configuration File Screen 740 47.3 The Firmware Package Screen 744 47.4 The Shell Script Screen 746 Chapter 48 Diagnostics...749 48.1 Overview...49.1 Overview ...755 49.1.1 What You Need To Know 755 49.2 The Reboot Screen ...755 Chapter 50 Shutdown...757 50.1 Overview ...757 50.1.1 What You Need To Know 757 50.2 The Shutdown Screen ...757 26 ZyWALL USG 50 User's Guide
User Manual
Page 31
... Messaging (IM) and Peer to start or stop the ZyWALL. 1.1 Overview and Key Default Settings The ZyWALL is a comprehensive security device. The ZyWALL provides excellent throughput with minimal configuration. It explains the front panel ports, LEDs, introduces the...ZyWALL USG 50 User's Guide 31 See Chapter 2 on page 37 for a more detailed overview of the LAN1, or DMZ. The DeMilitarized Zone (DMZ) increases LAN security by providing separate ports for a third WAN connection. You can set up the network and enforce security policies efficiently. Its flexible configuration...
... Messaging (IM) and Peer to start or stop the ZyWALL. 1.1 Overview and Key Default Settings The ZyWALL is a comprehensive security device. The ZyWALL provides excellent throughput with minimal configuration. It explains the front panel ports, LEDs, introduces the...ZyWALL USG 50 User's Guide 31 See Chapter 2 on page 37 for a more detailed overview of the LAN1, or DMZ. The DeMilitarized Zone (DMZ) increases LAN security by providing separate ports for a third WAN connection. You can set up the network and enforce security policies efficiently. Its flexible configuration...
User Manual
Page 34
... and management using remote management (for more information about the Web Configurator. You can use text-based commands to manage the ZyWALL. Blinking The ZyWALL is no traffic on this port. This User's Guide provides information about the CLI. 34 ZyWALL USG 50 User's Guide Orange Off There is sending or receiving packets on this port...
... and management using remote management (for more information about the Web Configurator. You can use text-based commands to manage the ZyWALL. Blinking The ZyWALL is no traffic on this port. This User's Guide provides information about the CLI. 34 ZyWALL USG 50 User's Guide Orange Off There is sending or receiving packets on this port...
User Manual
Page 35
... processes or write cached data to local storage. The ZyWALL writes all cached data to the local storage and stops the system processes. The ZyWALL simply turns off the ZyWALL or remove the power. ZyWALL USG 50 User's Guide 35 The default settings for more information ...and starts the system processes. Table 3 Starting and Stopping the ZyWALL METHOD DESCRIPTION Turning on the power to the ZyWALL. Disconnecting the power Power off occurs when you press the RESET button, the ZyWALL sets the configuration to its default values and then reboots. Clicking Maintenance > Shutdown...
... processes or write cached data to local storage. The ZyWALL writes all cached data to the local storage and stops the system processes. The ZyWALL simply turns off the ZyWALL or remove the power. ZyWALL USG 50 User's Guide 35 The default settings for more information ...and starts the system processes. Table 3 Starting and Stopping the ZyWALL METHOD DESCRIPTION Turning on the power to the ZyWALL. Disconnecting the power Power off occurs when you press the RESET button, the ZyWALL sets the configuration to its default values and then reboots. Clicking Maintenance > Shutdown...
User Manual
Page 36
Chapter 1 Introducing the ZyWALL The ZyWALL does not stop or start the system processes when you apply configuration files or run shell scripts although you may temporarily lose access to network resources. 36 ZyWALL USG 50 User's Guide
Chapter 1 Introducing the ZyWALL The ZyWALL does not stop or start the system processes when you apply configuration files or run shell scripts although you may temporarily lose access to network resources. 36 ZyWALL USG 50 User's Guide
User Manual
Page 37
..., policy routing, DHCP server and many other powerful features. ZyWALL USG 50 User's Guide 37 CHAPTER 2 Features and Applications This chapter introduces the main features and applications of the following: • Multiple WAN ports and configure load balancing between two sites over the Internet or any insecure... network that uses TCP/IP for communication. The rest of this section provides more information about the features of the ZyWALL. You can add interfaces and VPN...
..., policy routing, DHCP server and many other powerful features. ZyWALL USG 50 User's Guide 37 CHAPTER 2 Features and Applications This chapter introduces the main features and applications of the following: • Multiple WAN ports and configure load balancing between two sites over the Internet or any insecure... network that uses TCP/IP for communication. The rest of this section provides more information about the features of the ZyWALL. You can add interfaces and VPN...
User Manual
Page 39
... and video. You can even control the use an option that are some example applications for configuration tutorial examples. See also Chapter 7 on page 109 for your ZyWALL scans files transmitting through the enabled interfaces into the network. Use the black list to enhance...local host computers. Use the white list to -peer (P2P) applications like text messaging, voice, video conferencing, and file transfers). ZyWALL USG 50 User's Guide 39 This maximizes SIP traffic throughput for improved VoIP call sound quality. 2.2 Applications These are suspected of servers that ...
... and video. You can even control the use an option that are some example applications for configuration tutorial examples. See also Chapter 7 on page 109 for your ZyWALL scans files transmitting through the enabled interfaces into the network. Use the black list to enhance...local host computers. Use the white list to -peer (P2P) applications like text messaging, voice, video conferencing, and file transfers). ZyWALL USG 50 User's Guide 39 This maximizes SIP traffic throughput for improved VoIP call sound quality. 2.2 Applications These are suspected of servers that ...