User Manual
Page 3
...list. • CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL. ZyWALL USG 50 User's Guide 3 How To Use This Guide • Read Chapter 1 on page 31 chapter for an overview of features available on the ZyWALL. • Read Chapter ... wizard real time help for people who want to want to configure the ZyWALL. E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide, use the Web Configurator to configure the ZyWALL using the quick setup wizards and you want more detailed information ...
...list. • CLI Reference Guide The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the ZyWALL. ZyWALL USG 50 User's Guide 3 How To Use This Guide • Read Chapter 1 on page 31 chapter for an overview of features available on the ZyWALL. • Read Chapter ... wizard real time help for people who want to want to configure the ZyWALL. E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide, use the Web Configurator to configure the ZyWALL using the quick setup wizards and you want more detailed information ...
User Manual
Page 4
...you have a specific question about ZyXEL products. 4 ZyWALL USG 50 User's Guide The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. More help you. This is available at www.zyxel.com. • Download Library... Guide, Quick Start Guide and Command Line Interface Reference Guide in configuring that screen and supplementary information. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. About This User's Guide • Web Configurator...
...you have a specific question about ZyXEL products. 4 ZyWALL USG 50 User's Guide The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. More help you. This is available at www.zyxel.com. • Download Library... Guide, Quick Start Guide and Command Line Interface Reference Guide in configuring that screen and supplementary information. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. About This User's Guide • Web Configurator...
User Manual
Page 6
... Guide. • Product labels, screen names, field labels and field choices are shown in other things you or your keyboard. • "Enter" means for you to type one of measurement may be referred to configure or helpful tips) or recommendations. Syntax Conventions • The ZyWALL ...is a shorthand for "for instance", and "i.e.," means "that is denoted by square brackets and uppercase text, for example, other words". 6 ZyWALL USG 50 User's Guide For example, "k" for kilo may denote "1000" or "1024", "M" for mega may denote "1000000" or "1048576" and so on your device.
... Guide. • Product labels, screen names, field labels and field choices are shown in other things you or your keyboard. • "Enter" means for you to type one of measurement may be referred to configure or helpful tips) or recommendations. Syntax Conventions • The ZyWALL ...is a shorthand for "for instance", and "i.e.," means "that is denoted by square brackets and uppercase text, for example, other words". 6 ZyWALL USG 50 User's Guide For example, "k" for kilo may denote "1000" or "1024", "M" for mega may denote "1000000" or "1048576" and so on your device.
User Manual
Page 9
Contents Overview Contents Overview User's Guide ...29 Introducing the ZyWALL ...31 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...109 Technical Reference ...155 Dashboard ...157 Monitor ...169 Registration ...209 ... SSL VPN ...411 SSL User Screens ...421 SSL User Application Screens 431 ZyWALL SecuExtender ...433 Application Patrol ...437 Anti-Virus ...463 IDP ...479 ADP ...513 Content Filtering ...533 Content Filter Reports ...557 Anti-Spam ...565 User/Group ...583 ZyWALL USG 50 User's Guide 9
Contents Overview Contents Overview User's Guide ...29 Introducing the ZyWALL ...31 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...109 Technical Reference ...155 Dashboard ...157 Monitor ...169 Registration ...209 ... SSL VPN ...411 SSL User Screens ...421 SSL User Application Screens 431 ZyWALL SecuExtender ...433 Application Patrol ...437 Anti-Virus ...463 IDP ...479 ADP ...513 Content Filtering ...533 Content Filter Reports ...557 Anti-Spam ...565 User/Group ...583 ZyWALL USG 50 User's Guide 9
User Manual
Page 11
... Stopping the ZyWALL 35 Chapter 2 Features and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...40 2.2.2 SSL VPN Network Access 40 2.2.3 User-Aware Access Control 42 2.2.4 Multiple WAN Interfaces 42 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...45 3.3.2 Navigation Panel ...47 ZyWALL USG 50 User's Guide 11
... Stopping the ZyWALL 35 Chapter 2 Features and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...40 2.2.2 SSL VPN Network Access 40 2.2.3 User-Aware Access Control 42 2.2.4 Multiple WAN Interfaces 42 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...45 3.3.2 Navigation Panel ...47 ZyWALL USG 50 User's Guide 11
User Manual
Page 12
...Setup Overview ...69 5.2 WAN Interface Quick Setup 70 5.2.1 Choose an Ethernet Interface 70 5.2.2 Select WAN Type ...70 5.2.3 Configure WAN Settings 71 5.2.4 WAN and ISP Connection Settings 72 5.2.5 Quick Setup Interface Wizard: Summary 74 5.3 VPN Quick Setup ... Express Wizard - Finish 86 Chapter 6 Configuration Basics...87 6.1 Object-based Configuration 87 6.2 Zones, Interfaces, and Physical Ports 88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 89 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50 User's Guide Phase 1 Settings 82 5.5.6 VPN Advanced ...
...Setup Overview ...69 5.2 WAN Interface Quick Setup 70 5.2.1 Choose an Ethernet Interface 70 5.2.2 Select WAN Type ...70 5.2.3 Configure WAN Settings 71 5.2.4 WAN and ISP Connection Settings 72 5.2.5 Quick Setup Interface Wizard: Summary 74 5.3 VPN Quick Setup ... Express Wizard - Finish 86 Chapter 6 Configuration Basics...87 6.1 Object-based Configuration 87 6.2 Zones, Interfaces, and Physical Ports 88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 89 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50 User's Guide Phase 1 Settings 82 5.5.6 VPN Advanced ...
User Manual
Page 13
...Contents 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 6.5.1 Feature ...95 6.5.2 Licensing Registration 96 6.5.3 Licensing Update ...96 6.5.4 Interface ...96 6.5.5 ...Shutdown ...108 Chapter 7 Tutorials ...109 7.1 How to Configure Interfaces, Port Roles, and Zones 109 7.1.1 Configure a WAN Ethernet Interface 110 7.1.2 Configure Port Roles 111 7.1.3 Configure the DMZ Interface for a Local Network 111 7.1.4 Configure Zones ...112 7.2 How to Configure a Cellular Interface 113 ZyWALL USG 50 User's Guide 13
...Contents 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 6.5.1 Feature ...95 6.5.2 Licensing Registration 96 6.5.3 Licensing Update ...96 6.5.4 Interface ...96 6.5.5 ...Shutdown ...108 Chapter 7 Tutorials ...109 7.1 How to Configure Interfaces, Port Roles, and Zones 109 7.1.1 Configure a WAN Ethernet Interface 110 7.1.2 Configure Port Roles 111 7.1.3 Configure the DMZ Interface for a Local Network 111 7.1.4 Configure Zones ...112 7.2 How to Configure a Cellular Interface 113 ZyWALL USG 50 User's Guide 13
User Manual
Page 14
... 140 7.9.3 Set Up a Firewall Rule For H.323 142 7.10 How to Allow Public Access to a Web Server 143 7.10.1 Create the Address Objects 144 7.10.2 Configure NAT ...144 7.10.3 Set Up a Firewall Rule 145 7.11 How to Use an IPPBX on the DMZ 146 7.11.1 Turn On the ALG ...148 7.11... How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic 152 7.12.1 Create the Public IP Address Range Object 152 7.12.2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
... 140 7.9.3 Set Up a Firewall Rule For H.323 142 7.10 How to Allow Public Access to a Web Server 143 7.10.1 Create the Address Objects 144 7.10.2 Configure NAT ...144 7.10.3 Set Up a Firewall Rule 145 7.11 How to Use an IPPBX on the DMZ 146 7.11.1 Turn On the ALG ...148 7.11... How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic 152 7.12.1 Create the Public IP Address Range Object 152 7.12.2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
User Manual
Page 16
...221 11.3.2 Object References 230 11.4 PPP Interfaces ...231 11.4.1 PPP Interface Summary 232 11.4.2 PPP Interface Add or Edit 233 11.5 Cellular Configuration Screen (3G 237 11.5.1 Cellular Add/Edit Screen 239 11.6 VLAN Interfaces ...246 11.6.1 VLAN Summary Screen 248 11.6.2 VLAN Add/Edit ...249... 12.3 Configuring a Trunk ...277 12.4 Trunk Technical Reference 279 Chapter 13 Policy and Static Routes ...281 13.1 Policy and Static Routes Overview 281 13.1.1 What You Can Do in this Chapter 281 13.1.2 What You Need to Know 282 13.2 Policy Route Screen ...284 16 ZyWALL USG 50 User's Guide
...221 11.3.2 Object References 230 11.4 PPP Interfaces ...231 11.4.1 PPP Interface Summary 232 11.4.2 PPP Interface Add or Edit 233 11.5 Cellular Configuration Screen (3G 237 11.5.1 Cellular Add/Edit Screen 239 11.6 VLAN Interfaces ...246 11.6.1 VLAN Summary Screen 248 11.6.2 VLAN Add/Edit ...249... 12.3 Configuring a Trunk ...277 12.4 Trunk Technical Reference 279 Chapter 13 Policy and Static Routes ...281 13.1 Policy and Static Routes Overview 281 13.1.1 What You Can Do in this Chapter 281 13.1.2 What You Need to Know 282 13.2 Policy Route Screen ...284 16 ZyWALL USG 50 User's Guide
User Manual
Page 17
... You Can Do in this Chapter 297 14.1.2 What You Need to Know 297 14.2 The RIP Screen ...298 14.3 The OSPF Screen ...299 14.3.1 Configuring the OSPF Screen 303 14.3.2 OSPF Area Add/Edit Screen 306 14.3.3 Virtual Link Add/Edit Screen 307 14.4 Routing Protocol Technical Reference 308 Chapter... to Know 322 17.2 The NAT Screen ...322 17.2.1 The NAT Add/Edit Screen 324 17.3 NAT Technical Reference 327 Chapter 18 HTTP Redirect ...331 ZyWALL USG 50 User's Guide 17
... You Can Do in this Chapter 297 14.1.2 What You Need to Know 297 14.2 The RIP Screen ...298 14.3 The OSPF Screen ...299 14.3.1 Configuring the OSPF Screen 303 14.3.2 OSPF Area Add/Edit Screen 306 14.3.3 Virtual Link Add/Edit Screen 307 14.4 Routing Protocol Technical Reference 308 Chapter... to Know 322 17.2 The NAT Screen ...322 17.2.1 The NAT Add/Edit Screen 324 17.3 NAT Technical Reference 327 Chapter 18 HTTP Redirect ...331 ZyWALL USG 50 User's Guide 17
User Manual
Page 18
... 22.1.1 What You Can Do in this Chapter 357 22.1.2 What You Need to Know 358 22.1.3 Firewall Rule Example Applications 360 22.1.4 Firewall Rule Configuration Example 363 22.2 The Firewall Screen ...365 22.2.1 Configuring the Firewall Screen 366 22.2.2 The Firewall Add/Edit Screen 369 18 ZyWALL USG 50 User's Guide
... 22.1.1 What You Can Do in this Chapter 357 22.1.2 What You Need to Know 358 22.1.3 Firewall Rule Example Applications 360 22.1.4 Firewall Rule Configuration Example 363 22.2 The Firewall Screen ...365 22.2.1 Configuring the Firewall Screen 366 22.2.2 The Firewall Add/Edit Screen 369 18 ZyWALL USG 50 User's Guide
User Manual
Page 21
... Query Example ...495 30.7 Introducing IDP Custom Signatures 497 30.7.1 IP Packet Header 497 30.8 Configuring Custom Signatures 498 30.8.1 Creating or Editing a Custom Signature 500 30.8.2 Custom Signature Example 506 ...Configuration 521 31.4 ADP Technical Reference 525 Chapter 32 Content Filtering ...533 32.1 Overview ...533 32.1.1 What You Can Do in this Chapter 533 32.1.2 What You Need to Know 533 32.1.3 Before You Begin 535 32.2 Content Filter General Screen 535 32.3 Content Filter Policy Add or Edit Screen 538 ZyWALL USG 50... User's Guide 21
... Query Example ...495 30.7 Introducing IDP Custom Signatures 497 30.7.1 IP Packet Header 497 30.8 Configuring Custom Signatures 498 30.8.1 Creating or Editing a Custom Signature 500 30.8.2 Custom Signature Example 506 ...Configuration 521 31.4 ADP Technical Reference 525 Chapter 32 Content Filtering ...533 32.1 Overview ...533 32.1.1 What You Can Do in this Chapter 533 32.1.2 What You Need to Know 533 32.1.3 Before You Begin 535 32.2 Content Filter General Screen 535 32.3 Content Filter Policy Add or Edit Screen 538 ZyWALL USG 50... User's Guide 21
User Manual
Page 25
... ...707 45.7.2 SSH Implementation on the ZyWALL 708 45.7.3 Requirements for Using SSH 708 45.7.4 Configuring SSH ...708 45.7.5 Secure Telnet Using SSH Examples 710 45.8 Telnet ...711 45.8.1 Configuring Telnet 712 45.9 FTP ...713 45.9.1 Configuring FTP ...713 45.10 SNMP ...715 ...45.10.1 Supported MIBs 717 45.10.2 SNMP Traps ...717 45.10.3 Configuring SNMP 717 45.11 Vantage CNM ...719 ZyWALL USG 50 User's Guide...
... ...707 45.7.2 SSH Implementation on the ZyWALL 708 45.7.3 Requirements for Using SSH 708 45.7.4 Configuring SSH ...708 45.7.5 Secure Telnet Using SSH Examples 710 45.8 Telnet ...711 45.8.1 Configuring Telnet 712 45.9 FTP ...713 45.9.1 Configuring FTP ...713 45.10 SNMP ...715 ...45.10.1 Supported MIBs 717 45.10.2 SNMP Traps ...717 45.10.3 Configuring SNMP 717 45.11 Vantage CNM ...719 ZyWALL USG 50 User's Guide...
User Manual
Page 26
Table of Contents 45.11.1 Configuring Vantage CNM 720 45.12 Language Screen ...722 Chapter 46 Log and Report ...723 46.1 ... Overview ...737 47.1.1 What You Can Do in this Chapter 737 47.1.2 What you Need to Know 737 47.2 The Configuration File Screen 740 47.3 The Firmware Package Screen 744 47.4 The Shell Script Screen 746 Chapter 48 Diagnostics...749 48.1 Overview...49.1 Overview ...755 49.1.1 What You Need To Know 755 49.2 The Reboot Screen ...755 Chapter 50 Shutdown...757 50.1 Overview ...757 50.1.1 What You Need To Know 757 50.2 The Shutdown Screen ...757 26 ZyWALL USG 50 User's Guide
Table of Contents 45.11.1 Configuring Vantage CNM 720 45.12 Language Screen ...722 Chapter 46 Log and Report ...723 46.1 ... Overview ...737 47.1.1 What You Can Do in this Chapter 737 47.1.2 What you Need to Know 737 47.2 The Configuration File Screen 740 47.3 The Firmware Package Screen 744 47.4 The Shell Script Screen 746 Chapter 48 Diagnostics...749 48.1 Overview...49.1 Overview ...755 49.1.1 What You Need To Know 755 49.2 The Reboot Screen ...755 Chapter 50 Shutdown...757 50.1 Overview ...757 50.1.1 What You Need To Know 757 50.2 The Shutdown Screen ...757 26 ZyWALL USG 50 User's Guide
User Manual
Page 31
...configuration helps you set up the network and enforce security policies efficiently. It also provides bandwidth management, Instant Messaging (IM) and Peer to start or stop the ZyWALL. 1.1 Overview and Key Default Settings The ZyWALL is a comprehensive security device. You can also use a 3G cellular USB (not included) for reliable, secure service. ZyWALL USG 50 User's Guide... 31 You can deploy the ZyWALL as a transparent firewall in an existing network with the reliability of the ZyWALL's features. The ZyWALL's security features ...
...configuration helps you set up the network and enforce security policies efficiently. It also provides bandwidth management, Instant Messaging (IM) and Peer to start or stop the ZyWALL. 1.1 Overview and Key Default Settings The ZyWALL is a comprehensive security device. You can also use a 3G cellular USB (not included) for reliable, secure service. ZyWALL USG 50 User's Guide... 31 You can deploy the ZyWALL as a transparent firewall in an existing network with the reliability of the ZyWALL's features. The ZyWALL's security features ...
User Manual
Page 34
... (CLI) The CLI allows you to use the following ways to configure the ZyWALL. Red On The ZyWALL had an error or has failed. 1, 2 ... This User's Guide provides information about the CLI. 34 ZyWALL USG 50 User's Guide On The ZyWALL is booting. Web Configurator The Web Configurator allows easy ZyWALL setup and management using remote management (for more information about the...
... (CLI) The CLI allows you to use the following ways to configure the ZyWALL. Red On The ZyWALL had an error or has failed. 1, 2 ... This User's Guide provides information about the CLI. 34 ZyWALL USG 50 User's Guide On The ZyWALL is booting. Web Configurator The Web Configurator allows easy ZyWALL setup and management using remote management (for more information about the...
User Manual
Page 35
... (without powering down and then manually turn off occurs when you turn off the ZyWALL or remove the power. It does not turn off the power to the ZyWALL. ZyWALL USG 50 User's Guide 35 See the Command Reference Guide for the console port are some of the ways to shut down and powering up... to become corrupt. Not doing so can use the Reboot button in the Reboot screen or when you press the RESET button, the ZyWALL sets the configuration to the local storage, stops the system processes, and then does a warm start and stop the system processes or write cached data...
... (without powering down and then manually turn off occurs when you turn off the ZyWALL or remove the power. It does not turn off the power to the ZyWALL. ZyWALL USG 50 User's Guide 35 See the Command Reference Guide for the console port are some of the ways to shut down and powering up... to become corrupt. Not doing so can use the Reboot button in the Reboot screen or when you press the RESET button, the ZyWALL sets the configuration to the local storage, stops the system processes, and then does a warm start and stop the system processes or write cached data...
User Manual
Page 36
Chapter 1 Introducing the ZyWALL The ZyWALL does not stop or start the system processes when you apply configuration files or run shell scripts although you may temporarily lose access to network resources. 36 ZyWALL USG 50 User's Guide
Chapter 1 Introducing the ZyWALL The ZyWALL does not stop or start the system processes when you apply configuration files or run shell scripts although you may temporarily lose access to network resources. 36 ZyWALL USG 50 User's Guide
User Manual
Page 37
...this section provides more of the following: • Multiple WAN ports and configure load balancing between two sites over the Internet or any insecure network that uses TCP/IP for communication. ZyWALL USG 50 User's Guide 37 The ZyWALL also offers hub-and-spoke IPSec VPN. You can add interfaces and ...VPN tunnels to change security settings in the ZyWALL. As a result, it is much simpler to set up and ...
...this section provides more of the following: • Multiple WAN ports and configure load balancing between two sites over the Internet or any insecure network that uses TCP/IP for communication. ZyWALL USG 50 User's Guide 37 The ZyWALL also offers hub-and-spoke IPSec VPN. You can add interfaces and ...VPN tunnels to change security settings in the ZyWALL. As a result, it is much simpler to set up and ...
User Manual
Page 39
...check e-mail against a DNS black list (DNSBL) of IP addresses of being used by spammers. ZyWALL USG 50 User's Guide 39 Use the black list to identify legitimate e-mail. The ZyWALL can also use of delaysensitive applications like voice and video. Application Patrol Application patrol (App. This ... on page 109 for your ZyWALL scans files transmitting through the enabled interfaces into the network. Anti-Spam The anti-spam feature can even control the use an option that are some example applications for configuration tutorial examples. The ZyWALL helps stop threats at the ...
...check e-mail against a DNS black list (DNSBL) of IP addresses of being used by spammers. ZyWALL USG 50 User's Guide 39 Use the black list to identify legitimate e-mail. The ZyWALL can also use of delaysensitive applications like voice and video. Application Patrol Application patrol (App. This ... on page 109 for your ZyWALL scans files transmitting through the enabled interfaces into the network. Anti-Spam The anti-spam feature can even control the use an option that are some example applications for configuration tutorial examples. The ZyWALL helps stop threats at the ...