User Manual
Page 59
... the installation setup wizard or click Next to configure and the first WAN interface's type of encapsulation and method of IP address assignment. ZyWALL USG 50 User's Guide 59 Figure 26 Installation Setup Wizard • Click the double arrow in this screen to set how ...If you configure Internet connection settings and activate subscription services. This wizard helps you log into the Web Configurator when the ZyWALL is using its default configuration, the first Installation Setup Wizard screen displays. WAN Interface Use this User's Guide for Internet access. 4.1.1 Internet ...
... the installation setup wizard or click Next to configure and the first WAN interface's type of encapsulation and method of IP address assignment. ZyWALL USG 50 User's Guide 59 Figure 26 Installation Setup Wizard • Click the double arrow in this screen to set how ...If you configure Internet connection settings and activate subscription services. This wizard helps you log into the Web Configurator when the ZyWALL is using its default configuration, the first Installation Setup Wizard screen displays. WAN Interface Use this User's Guide for Internet access. 4.1.1 Internet ...
User Manual
Page 61
ZyWALL USG 50 User's Guide 61 The Domain Name System (DNS) maps a domain name to you by your ISP. The DNS server is the security zone to which this interface and Internet connection will send traffic (the default gateway). • First / Second DNS Server: These fields display if you selected static IP address assignment. The following...
ZyWALL USG 50 User's Guide 61 The Domain Name System (DNS) maps a domain name to you by your ISP. The DNS server is the security zone to which this interface and Internet connection will send traffic (the default gateway). • First / Second DNS Server: These fields display if you selected static IP address assignment. The following...
User Manual
Page 89
... the ZyWALL's default zone member physical interfaces and the default configuration of those interfaces. Port groups are created when you can only be part of the same (lan1, lan2 or dmz) interface. • PPP interfaces support Point-to denote public IP addresses or part of the bridge. ZyWALL USG 50 User's... Guide 89 The following figure uses letters to -Point Protocols (PPPoE or PPTP). In addition to being used in the ZyWALL.
... the ZyWALL's default zone member physical interfaces and the default configuration of those interfaces. Port groups are created when you can only be part of the same (lan1, lan2 or dmz) interface. • PPP interfaces support Point-to denote public IP addresses or part of the bridge. ZyWALL USG 50 User's... Guide 89 The following figure uses letters to -Point Protocols (PPPoE or PPTP). In addition to being used in the ZyWALL.
User Manual
Page 90
... 6 Configuration Basics Table 14 Default Network Topology ZyWALL USG 50 Default Port, Interface, and Zone Configuration PORT P1, P2 P3, P4 INTERFACE ZONE wan1, wan2 WAN lan1 LAN1 P5 lan2 LAN2 P6 dmz DMZ CONSOLE n/a None IP ADDRESS AND DHCP SUGGESTED USE WITH SETTINGS DEFAULT SETTINGS DHCP clients Connections to ... is a protected zone. The lan1 interface uses 192.168.1.1 and the connected devices use private IP addresses in the 192.168.2.2 to 192.168.3.254 range. 90 ZyWALL USG 50 User's Guide The DMZ zone has servers that are available to 192.168.1.254 range. •...
... 6 Configuration Basics Table 14 Default Network Topology ZyWALL USG 50 Default Port, Interface, and Zone Configuration PORT P1, P2 P3, P4 INTERFACE ZONE wan1, wan2 WAN lan1 LAN1 P5 lan2 LAN2 P6 dmz DMZ CONSOLE n/a None IP ADDRESS AND DHCP SUGGESTED USE WITH SETTINGS DEFAULT SETTINGS DHCP clients Connections to ... is a protected zone. The lan1 interface uses 192.168.1.1 and the connected devices use private IP addresses in the 192.168.2.2 to 192.168.3.254 range. 90 ZyWALL USG 50 User's Guide The DMZ zone has servers that are available to 192.168.1.254 range. •...
User Manual
Page 92
... entries to translate a range of private network addresses to a range of public IP addresses • Static and dynamic routes have their own category. 6.4.1 Routing Table Checking Flow When the ZyWALL receives packets it examines the packets and determines how to route them and applies destination...of the external interfaces to external interfaces (you configure as the packets match an entry in one 92 ZyWALL USG 50 User's Guide The checking flow is from internal to the default WAN trunk. Chapter 6 Configuration Basics Packet Flow The packet flow is as external interfaces. Then it...
... entries to translate a range of private network addresses to a range of public IP addresses • Static and dynamic routes have their own category. 6.4.1 Routing Table Checking Flow When the ZyWALL receives packets it examines the packets and determines how to route them and applies destination...of the external interfaces to external interfaces (you configure as the packets match an entry in one 92 ZyWALL USG 50 User's Guide The checking flow is from internal to the default WAN trunk. Chapter 6 Configuration Basics Packet Flow The packet flow is as external interfaces. Then it...
User Manual
Page 103
...and take action on traffic and protocol anomalies. If you might create an exception policy with Bob's computer IP address as the source. 6.5.18 Anti-Virus Use anti-virus to detect and take action on viruses.... Click the BitTorrent application patrol entry's Edit icon. • Set the default policy's access to use anti-virus. MENU ITEM(S) Configuration > Anti-X > AV PREREQUISITES Registration, zones 6.5.19 IDP... or suspicious packets. MENU ITEM(S) Configuration > Anti-X > ADP PREREQUISITES Zones ZyWALL USG 50 User's Guide 103
...and take action on traffic and protocol anomalies. If you might create an exception policy with Bob's computer IP address as the source. 6.5.18 Anti-Virus Use anti-virus to detect and take action on viruses.... Click the BitTorrent application patrol entry's Edit icon. • Set the default policy's access to use anti-virus. MENU ITEM(S) Configuration > Anti-X > AV PREREQUISITES Registration, zones 6.5.19 IDP... or suspicious packets. MENU ITEM(S) Configuration > Anti-X > ADP PREREQUISITES Zones ZyWALL USG 50 User's Guide 103
User Manual
Page 109
...ZyWALL USG 50 User's Guide 109 For field descriptions of individual screens, see Technical Reference on page 155. 7.1 How to Configure Interfaces, Port Roles, and Zones This tutorial shows how to configure Ethernet interfaces, port roles, and zones for the following example configuration (see Chapter 3 on page 89 for the default...in the ZyWALL. Note: The tutorials featured here require a basic understanding of connecting to and using the Web Configurator, see Section 6.2.2 on page 43 for all VPN tunnels so you create a new VPN zone. • The wan1 interface uses a static IP address ...
...ZyWALL USG 50 User's Guide 109 For field descriptions of individual screens, see Technical Reference on page 155. 7.1 How to Configure Interfaces, Port Roles, and Zones This tutorial shows how to configure Ethernet interfaces, port roles, and zones for the following example configuration (see Chapter 3 on page 89 for the default...in the ZyWALL. Note: The tutorials featured here require a basic understanding of connecting to and using the Web Configurator, see Section 6.2.2 on page 43 for all VPN tunnels so you create a new VPN zone. • The wan1 interface uses a static IP address ...
User Manual
Page 111
Select Use Fixed IP Address and configure the IP address, subnet mask, and default gateway settings and click OK. It uses 192.168.4.1 as its IP address and has a DHCP server to distribute IP addresses to set the dmz interface (created in the previous section) for a Local Network Here is how to convert port P5 from... wan1 7.1.2 Configure Port Roles Here is how to connected DHCP clients. Chapter 7 Tutorials Click Configuration > Network > Interface > Ethernet and double-click the wan1 interface's entry. ZyWALL USG 50 User's Guide 111
Select Use Fixed IP Address and configure the IP address, subnet mask, and default gateway settings and click OK. It uses 192.168.4.1 as its IP address and has a DHCP server to distribute IP addresses to set the dmz interface (created in the previous section) for a Local Network Here is how to convert port P5 from... wan1 7.1.2 Configure Port Roles Here is how to connected DHCP clients. Chapter 7 Tutorials Click Configuration > Network > Interface > Ethernet and double-click the wan1 interface's entry. ZyWALL USG 50 User's Guide 111
User Manual
Page 121
... default, there are no security restrictions on the peer IPSec router and try to connect to a device on the peer IPSec router's LAN or click Configuration > VPN > IPSec VPN > VPN Connection and use the VPN connection screen's Connect icon. 7.4.3 Configure Security Policies for the remote. ZyWALL USG 50 ... Add 5 Now set up the VPN settings on the IPSec_VPN zone, so, next, you should also allow UDP port 500 (IKE) and IP protocol 50 (AH) or 51 (ESP). Under Policy, select LAN1_SUBNET for the local network and VPN_REMOTE_SUBNET for the VPN Tunnel You configure security policies based...
... default, there are no security restrictions on the peer IPSec router and try to connect to a device on the peer IPSec router's LAN or click Configuration > VPN > IPSec VPN > VPN Connection and use the VPN connection screen's Connect icon. 7.4.3 Configure Security Policies for the remote. ZyWALL USG 50 ... Add 5 Now set up the VPN settings on the IPSec_VPN zone, so, next, you should also allow UDP port 500 (IKE) and IP protocol 50 (AH) or 51 (ESP). Under Policy, select LAN1_SUBNET for the local network and VPN_REMOTE_SUBNET for the VPN Tunnel You configure security policies based...
User Manual
Page 142
... WAN address object (WAN_IP-for the rule (WAN-LAN_H323 here). Figure 98 Configuration > Network > NAT > Add 7.9.3 Set Up a Firewall Rule For H.323 The default firewall rule for -H323 IP address to go to -LAN traffic drops all traffic. Set the Incoming Interface to 1720. Set the Port Mapping Type to Port, the.... Here is how to configure a firewall rule to allow H.323 (TCP port 1720) traffic received on the WAN_IP-for WAN-to LAN1 IP address 192.168.1.56. 142 ZyWALL USG 50 User's Guide You want the LAN H.323 device to receive peer-to-peer calls from the WAN and also be able to initiate...
... WAN address object (WAN_IP-for the rule (WAN-LAN_H323 here). Figure 98 Configuration > Network > NAT > Add 7.9.3 Set Up a Firewall Rule For H.323 The default firewall rule for -H323 IP address to go to -LAN traffic drops all traffic. Set the Incoming Interface to 1720. Set the Port Mapping Type to Port, the.... Here is how to configure a firewall rule to allow H.323 (TCP port 1720) traffic received on the WAN_IP-for WAN-to LAN1 IP address 192.168.1.56. 142 ZyWALL USG 50 User's Guide You want the LAN H.323 device to receive peer-to-peer calls from the WAN and also be able to initiate...
User Manual
Page 145
... to allow the public to send HTTP traffic to IP address 1.1.1.1 in order to access the web server. Figure 103 Creating the NAT Entry 7.10.3 Set Up a Firewall Rule The firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to ...allow users connected to other interfaces to access the HTTP server (see NAT Loopback on page 327 for IP address 1.1.1.1, users can just go to the domain name to access the HTTP server. If a domain name is registered for details). ZyWALL USG 50 User...
... to allow the public to send HTTP traffic to IP address 1.1.1.1 in order to access the web server. Figure 103 Creating the NAT Entry 7.10.3 Set Up a Firewall Rule The firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to ...allow users connected to other interfaces to access the HTTP server (see NAT Loopback on page 327 for IP address 1.1.1.1, users can just go to the domain name to access the HTTP server. If a domain name is registered for details). ZyWALL USG 50 User...
User Manual
Page 150
Chapter 7 Tutorials • Click OK. Figure 109 Configuration > Network > NAT > Add 7.11.4 Set Up a WAN to DMZ Firewall Rule for SIP The firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to allow the public to send SIP traffic to for IP address 1.1.1.2, users can use it to connect to the IPPBX. If a domain name is registered for making SIP calls. 150 ZyWALL USG 50 User's Guide
Chapter 7 Tutorials • Click OK. Figure 109 Configuration > Network > NAT > Add 7.11.4 Set Up a WAN to DMZ Firewall Rule for SIP The firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to allow the public to send SIP traffic to for IP address 1.1.1.2, users can use it to connect to the IPPBX. If a domain name is registered for making SIP calls. 150 ZyWALL USG 50 User's Guide
User Manual
Page 151
Set the Destination to traffic before applying the firewall rule. IPPBX_DMZ is the destination because the ZyWALL applies NAT to the IPPBX's DMZ IP address object (DMZ_SIP). Chapter 7 Tutorials 1 Click Configuration > Firewall > Add. Set the Access field to allow the IPPBX to send SIP traffic to allow and click ... Up a DMZ to LAN Firewall Rule for SIP The firewall blocks traffic from the DMZ zone to the LAN zone by default so you need to create a firewall rule to the SIP clients on the LAN. ZyWALL USG 50 User's Guide 151 Set the From field as WAN and the To field as DMZ.
Set the Destination to traffic before applying the firewall rule. IPPBX_DMZ is the destination because the ZyWALL applies NAT to the IPPBX's DMZ IP address object (DMZ_SIP). Chapter 7 Tutorials 1 Click Configuration > Firewall > Add. Set the Access field to allow the IPPBX to send SIP traffic to allow and click ... Up a DMZ to LAN Firewall Rule for SIP The firewall blocks traffic from the DMZ zone to the LAN zone by default so you need to create a firewall rule to the SIP clients on the LAN. ZyWALL USG 50 User's Guide 151 Set the From field as WAN and the To field as DMZ.
User Manual
Page 161
..., see Section 9.9 on page 183 for the first time or you intentionally reset the ZyWALL to the Login Users ZyWALL. VPN Status Click this to look at the IP addresses currently assigned to look at the VPN tunnels that can appear. DHCP Table Click .... System default configuration - This occurs when the ZyWALL starts for the status that are . The ZyWALL was turned on. Licensed Service Status # Status Name Version Booting in the ZyWALL. This is the version number of the configuration failed after firmware update - This identifies the licensed service. ZyWALL USG 50 User's ...
..., see Section 9.9 on page 183 for the first time or you intentionally reset the ZyWALL to the Login Users ZyWALL. VPN Status Click this to look at the IP addresses currently assigned to look at the VPN tunnels that can appear. DHCP Table Click .... System default configuration - This occurs when the ZyWALL starts for the status that are . The ZyWALL was turned on. Licensed Service Status # Status Name Version Booting in the ZyWALL. This is the version number of the configuration failed after firmware update - This identifies the licensed service. ZyWALL USG 50 User's ...
User Manual
Page 225
... External or General. Enter the IP address of the IP address is for all computers in dot decimal notation. The ZyWALL sends packets to the gateway when it can use this interface. ZyWALL USG 50 User's Guide 225 The ZyWALL automatically adds default SNAT settings for connecting to change the IP address of this IP address on the same network...
... External or General. Enter the IP address of the IP address is for all computers in dot decimal notation. The ZyWALL sends packets to the gateway when it can use this interface. ZyWALL USG 50 User's Guide 225 The ZyWALL automatically adds default SNAT settings for connecting to change the IP address of this IP address on the same network...
User Manual
Page 226
If two or more gateways have the ZyWALL regularly ping the gateway you specify to it. 226 ZyWALL USG 50 User's Guide Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can regularly check the connection to the gateway you specify to use based on this to use ....or IP address for the connectivity check. Ingress Bandwidth This is External or General. If a larger packet arrives, the ZyWALL divides it is still available. Select tcp to have the ZyWALL regularly perform a TCP handshake with the gateway you specified to wait for future use the default ...
If two or more gateways have the ZyWALL regularly ping the gateway you specify to it. 226 ZyWALL USG 50 User's Guide Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can regularly check the connection to the gateway you specify to use based on this to use ....or IP address for the connectivity check. Ingress Bandwidth This is External or General. If a larger packet arrives, the ZyWALL divides it is still available. Select tcp to have the ZyWALL regularly perform a TCP handshake with the gateway you specified to wait for future use the default ...
User Manual
Page 230
...DESCRIPTION Overwrite Default MAC Address Select this option to the configuration file. It will be copied to have the interface use it are cloning. Once it is successfully configured, the address will not change unless you are displayed. The fields shown vary with any entry. 230 ZyWALL USG 50 User's Guide... screen displays which the configuration settings that can appear in the fields or click Clone by host and enter the IP address of object. Cancel Click Cancel to exit this interface's Internet connection uses PPPoE or PPTP. Figure 155 Object References The ...
...DESCRIPTION Overwrite Default MAC Address Select this option to the configuration file. It will be copied to have the interface use it are cloning. Once it is successfully configured, the address will not change unless you are displayed. The fields shown vary with any entry. 230 ZyWALL USG 50 User's Guide... screen displays which the configuration settings that can appear in the fields or click Clone by host and enter the IP address of object. Cancel Click Cancel to exit this interface's Internet connection uses PPPoE or PPTP. Figure 155 Object References The ...
User Manual
Page 236
...default gateway for load balancing. Allowed values are 576 - 1492. MTU Maximum Transmission Unit. Type the maximum size of each data packet, in kilobits per second, the ZyWALL can move through the interface. Connectivity Check The interface can receive from the network through this interface. 236 ZyWALL USG 50... failures before the attempt is 1492. Enable Connectivity Check Select this to specify a domain name or IP address for future use. Check Default Select this value is a failure. Enter that the gateway allows. Ingress Bandwidth This is reserved for...
...default gateway for load balancing. Allowed values are 576 - 1492. MTU Maximum Transmission Unit. Type the maximum size of each data packet, in kilobits per second, the ZyWALL can move through the interface. Connectivity Check The interface can receive from the network through this interface. 236 ZyWALL USG 50... failures before the attempt is 1492. Enable Connectivity Check Select this to specify a domain name or IP address for future use. Check Default Select this value is a failure. Enter that the gateway allows. Ingress Bandwidth This is reserved for...
User Manual
Page 711
...whether the SSH service is the first time you want to the ZyWALL. Figure 417 SSH Example 2: Log in to continue connecting (yes/no)? ZyWALL USG 50 User's Guide 711 If this is available on the ZyWALL (using the default IP address of host '192.168.1.1 (192.168.1.1)' can come. ...Specify which zones allow Telnet access and from which IP address the access can 't be established. Figure...
...whether the SSH service is the first time you want to the ZyWALL. Figure 417 SSH Example 2: Log in to continue connecting (yes/no)? ZyWALL USG 50 User's Guide 711 If this is available on the ZyWALL (using the default IP address of host '192.168.1.1 (192.168.1.1)' can come. ...Specify which zones allow Telnet access and from which IP address the access can 't be established. Figure...
User Manual
Page 775
...: 323,823 hours 242 (W) x 175 (D) x 35.5 (H) mm 1.2 kg ZyWALL USG 50 User's Guide 775 Table 241 Hardware Specifications FEATURE SPECIFICATION Ethernet Interfaces Number of key features. Table 240 Default Login Information ATTRIBUTE SPECIFICATION Default IP Address (P3, P4) 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) (P3, P4) Default Password 1234 This table provides hardware specifications.
...: 323,823 hours 242 (W) x 175 (D) x 35.5 (H) mm 1.2 kg ZyWALL USG 50 User's Guide 775 Table 241 Hardware Specifications FEATURE SPECIFICATION Ethernet Interfaces Number of key features. Table 240 Default Login Information ATTRIBUTE SPECIFICATION Default IP Address (P3, P4) 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) (P3, P4) Default Password 1234 This table provides hardware specifications.