User Manual
Page 15
... 8.2 The Dashboard Screen ...157 8.2.1 The CPU Usage Screen 162 8.2.2 The Memory Usage Screen 163 8.2.3 The Active Sessions Screen 164 8.2.4 The VPN Status Screen 165 8.2.5 The DHCP Table Screen 165 8.2.6 The Number of Login Users Screen 166 Chapter 9 Monitor...169 9.1 Overview ...169 9.1.1 What You Can Do in this Chapter 169 9.2 The Port... 9.17 The Anti-Spam Statistics Screen 203 9.18 The Anti-Spam Status Screen 205 9.19 Log Screen ...206 Chapter 10 Registration ...209 10.1 Overview ...209 ZyWALL USG 50 User's Guide 15
... 8.2 The Dashboard Screen ...157 8.2.1 The CPU Usage Screen 162 8.2.2 The Memory Usage Screen 163 8.2.3 The Active Sessions Screen 164 8.2.4 The VPN Status Screen 165 8.2.5 The DHCP Table Screen 165 8.2.6 The Number of Login Users Screen 166 Chapter 9 Monitor...169 9.1 Overview ...169 9.1.1 What You Can Do in this Chapter 169 9.2 The Port... 9.17 The Anti-Spam Statistics Screen 203 9.18 The Anti-Spam Status Screen 205 9.19 Log Screen ...206 Chapter 10 Registration ...209 10.1 Overview ...209 ZyWALL USG 50 User's Guide 15
User Manual
Page 18
... in this Chapter 343 20.1.2 What You Need to Know 344 20.2 IP/MAC Binding Summary 344 20.2.1 IP/MAC Binding Edit 345 20.2.2 Static DHCP Edit ...346 20.3 IP/MAC Binding Exempt List 347 Chapter 21 Authentication Policy ...349 21.1 Overview ...349 21.1.1 What You Can Do in this Chapter... 22.1.4 Firewall Rule Configuration Example 363 22.2 The Firewall Screen ...365 22.2.1 Configuring the Firewall Screen 366 22.2.2 The Firewall Add/Edit Screen 369 18 ZyWALL USG 50 User's Guide
... in this Chapter 343 20.1.2 What You Need to Know 344 20.2 IP/MAC Binding Summary 344 20.2.1 IP/MAC Binding Edit 345 20.2.2 Static DHCP Edit ...346 20.3 IP/MAC Binding Exempt List 347 Chapter 21 Authentication Policy ...349 21.1 Overview ...349 21.1.1 What You Can Do in this Chapter... 22.1.4 Firewall Rule Configuration Example 363 22.2 The Firewall Screen ...365 22.2.1 Configuring the Firewall Screen 366 22.2.2 The Firewall Add/Edit Screen 369 18 ZyWALL USG 50 User's Guide
User Manual
Page 31
... Detection and Protection), and certificates. The ZyWALL provides excellent throughput with minimal configuration. ZyWALL USG 50 User's Guide 31 The ZyWALL lets you set up the network and enforce... security policies efficiently. Alternatively, you set up the network and enforce security policies efficiently. It explains the front panel ports, LEDs, introduces the management methods, and lists different ways to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP...
... Detection and Protection), and certificates. The ZyWALL provides excellent throughput with minimal configuration. ZyWALL USG 50 User's Guide 31 The ZyWALL lets you set up the network and enforce... security policies efficiently. Alternatively, you set up the network and enforce security policies efficiently. It explains the front panel ports, LEDs, introduces the management methods, and lists different ways to Peer (P2P) control, NAT, port forwarding, policy routing, DHCP...
User Manual
Page 37
... can create your own custom zones. ZyWALL USG 50 User's Guide 37 CHAPTER 2 Features and Applications This chapter introduces the main features and applications of the ZyWALL. You can add interfaces and VPN tunnels to change security settings in the ZyWALL. The rest of this section provides ...and Protection), and certificates. It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful features. High Availability To ensure the ZyWALL provides reliable, secure Internet access, set up one or more of the following: • ...
... can create your own custom zones. ZyWALL USG 50 User's Guide 37 CHAPTER 2 Features and Applications This chapter introduces the main features and applications of the ZyWALL. You can add interfaces and VPN tunnels to change security settings in the ZyWALL. The rest of this section provides ...and Protection), and certificates. It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP server and many other powerful features. High Availability To ensure the ZyWALL provides reliable, secure Internet access, set up one or more of the following: • ...
User Manual
Page 90
...192.168.1.1 and the connected devices use public IP addresses to connect to the public. Chapter 6 Configuration Basics Table 14 Default Network Topology ZyWALL USG 50 Default Port, Interface, and Zone Configuration PORT P1, P2 P3, P4 INTERFACE ZONE wan1, wan2 WAN lan1 LAN1 P5 lan2 LAN2 P6 ...dmz DMZ CONSOLE n/a None IP ADDRESS AND DHCP SUGGESTED USE WITH SETTINGS DEFAULT SETTINGS DHCP clients Connections to 192.168.1.254 range. • The LAN2 zone contains the lan2 interface. The DMZ zone has servers...
...192.168.1.1 and the connected devices use public IP addresses to connect to the public. Chapter 6 Configuration Basics Table 14 Default Network Topology ZyWALL USG 50 Default Port, Interface, and Zone Configuration PORT P1, P2 P3, P4 INTERFACE ZONE wan1, wan2 WAN lan1 LAN1 P5 lan2 LAN2 P6 ...dmz DMZ CONSOLE n/a None IP ADDRESS AND DHCP SUGGESTED USE WITH SETTINGS DEFAULT SETTINGS DHCP clients Connections to 192.168.1.254 range. • The LAN2 zone contains the lan2 interface. The DMZ zone has servers...
User Manual
Page 110
Chapter 7 Tutorials • Convert P5 (lan2) into a dmz interface. Figure 55 Ethernet Interface, Port Roles, and Zone Configuration Example 7.1.1 Configure a WAN Ethernet Interface You need to assign the ZyWALL's wan1 interface a static IP address of the LAN zone's security policies apply to it to the LAN zone so all of 1.2.3.4. 110 ZyWALL USG 50 User's Guide This dmz interface is used for a protected local network. Add it . It uses IP address 192.168.4.1 and has a DHCP server.
Chapter 7 Tutorials • Convert P5 (lan2) into a dmz interface. Figure 55 Ethernet Interface, Port Roles, and Zone Configuration Example 7.1.1 Configure a WAN Ethernet Interface You need to assign the ZyWALL's wan1 interface a static IP address of the LAN zone's security policies apply to it to the LAN zone so all of 1.2.3.4. 110 ZyWALL USG 50 User's Guide This dmz interface is used for a protected local network. Add it . It uses IP address 192.168.4.1 and has a DHCP server.
User Manual
Page 111
... interface (created in the previous section) for a Local Network Here is how to convert port P5 from the lan2 interface and add it to connected DHCP clients. ZyWALL USG 50 User's Guide 111 Chapter 7 Tutorials Click Configuration > Network > Interface > Ethernet and double-click the wan1 interface's entry. Figure 57 Configuration > Network > Interface > Port Roles...
... interface (created in the previous section) for a Local Network Here is how to convert port P5 from the lan2 interface and add it to connected DHCP clients. ZyWALL USG 50 User's Guide 111 Chapter 7 Tutorials Click Configuration > Network > Interface > Ethernet and double-click the wan1 interface's entry. Figure 57 Configuration > Network > Interface > Port Roles...
User Manual
Page 112
Chapter 7 Tutorials 1 Click Configuration > Network > Interface > Ethernet and double-click the lan2 interface's entry. Set DHCP to create a VPN zone. 1 Click Configuration > Network > Zone and then the Add icon. 112 ZyWALL USG 50 User's Guide Figure 58 Configuration > Network > Interface > Ethernet > Edit lan2 7.1.4 Configure Zones Do the following to DHCP Server and click OK. The Interface Type should be internal. Set the IP Address to 192.168.4.1 and the Subnet Mask to 255.255.255.0.
Chapter 7 Tutorials 1 Click Configuration > Network > Interface > Ethernet and double-click the lan2 interface's entry. Set DHCP to create a VPN zone. 1 Click Configuration > Network > Zone and then the Add icon. 112 ZyWALL USG 50 User's Guide Figure 58 Configuration > Network > Interface > Ethernet > Edit lan2 7.1.4 Configure Zones Do the following to DHCP Server and click OK. The Interface Type should be internal. Set the IP Address to 192.168.4.1 and the Subnet Mask to 255.255.255.0.
User Manual
Page 157
...dashboard displays general device information, system status, system resource usage, licensed service status, and ZyWALL USG 50 User's Guide 157 CHAPTER 8 Dashboard 8.1 Overview Use the Dashboard screens to check status information about the ZyWALL. 8.1.1 What You Can Do in the navigation panel. You can also display other status... (see Section 8.2.1 on page 162) to look at the VPN tunnels that are currently established. • Use the DHCP Table screen (see the ZyWALL's general device information, system status, system resource usage, licensed service status, and interface status.
...dashboard displays general device information, system status, system resource usage, licensed service status, and ZyWALL USG 50 User's Guide 157 CHAPTER 8 Dashboard 8.1 Overview Use the Dashboard screens to check status information about the ZyWALL. 8.1.1 What You Can Do in the navigation panel. You can also display other status... (see Section 8.2.1 on page 162) to look at the VPN tunnels that are currently established. • Use the DHCP Table screen (see the ZyWALL's general device information, system status, system resource usage, licensed service status, and interface status.
User Manual
Page 160
... a chart of the device connected to which the interface is detected). 160 ZyWALL USG 50 User's Guide Status This field displays the current status of the extension card slot and the USB ports. Click Renew to send a new DHCP request to the interface. Speed / Duplex - This field displays the current... a PPPoE/PPTP interface. The Ethernet interface is disabled or did not receive an IP address and subnet mask via DHCP. The Ethernet interface does not have the ZyWALL try to update its IP address, this field displays the IP address it , its entry is enabled but not connected...
... a chart of the device connected to which the interface is detected). 160 ZyWALL USG 50 User's Guide Status This field displays the current status of the extension card slot and the USB ports. Click Renew to send a new DHCP request to the interface. Speed / Duplex - This field displays the current... a PPPoE/PPTP interface. The Ethernet interface is disabled or did not receive an IP address and subnet mask via DHCP. The Ethernet interface does not have the ZyWALL try to update its IP address, this field displays the IP address it , its entry is enabled but not connected...
User Manual
Page 161
... logged in to the system default configuration file (system-default.conf). Firmware update OK - The ZyWALL was successful. Licensed Service Status # Status Name Version Booting in the ZyWALL. ZyWALL USG 50 User's Guide 161 VPN Status Click this to look at the IP addresses currently assigned to the...unable to apply the lastgood.conf configuration file and fell back to pop-open a list of the configuration failed after firmware update - DHCP Table Click this to look at the VPN tunnels that can appear. Click the icon to the lastgood.conf configuration file. OK ...
... logged in to the system default configuration file (system-default.conf). Firmware update OK - The ZyWALL was successful. Licensed Service Status # Status Name Version Booting in the ZyWALL. ZyWALL USG 50 User's Guide 161 VPN Status Click this to look at the IP addresses currently assigned to the...unable to apply the lastgood.conf configuration file and fell back to pop-open a list of the configuration failed after firmware update - DHCP Table Click this to look at the VPN tunnels that can appear. Click the icon to the lastgood.conf configuration file. OK ...
User Manual
Page 165
... and the IP addresses reserved for specific MAC addresses. Refresh Click this to update the information in the dashboard. Figure 119 Dashboard > DHCP Table ZyWALL USG 50 User's Guide 165 Table 23 Dashboard > VPN Status LABEL DESCRIPTION # This field is a sequential value, and it is encapsulated. Name This field displays the name ...
... and the IP addresses reserved for specific MAC addresses. Refresh Click this to update the information in the dashboard. Figure 119 Dashboard > DHCP Table ZyWALL USG 50 User's Guide 165 Table 23 Dashboard > VPN Status LABEL DESCRIPTION # This field is a sequential value, and it is encapsulated. Name This field displays the name ...
User Manual
Page 166
...The IP address is reserved for a static DHCP entry. To create a static DHCP entry using an existing dynamic DHCP entry, select this screen, click the dashboard's Number of Login Users icon. Figure 120 Dashboard > Number of Login Users 166 ZyWALL USG 50 User's Guide IP Address This field displays ...the IP address currently assigned to a DHCP client or reserved for which the IP address is currently assigned or for a specific MAC address...
...The IP address is reserved for a static DHCP entry. To create a static DHCP entry using an existing dynamic DHCP entry, select this screen, click the dashboard's Number of Login Users icon. Figure 120 Dashboard > Number of Login Users 166 ZyWALL USG 50 User's Guide IP Address This field displays ...the IP address currently assigned to a DHCP client or reserved for which the IP address is currently assigned or for a specific MAC address...
User Manual
Page 174
...a PPPoE/PPTP interface. Down - For PPP interfaces: Connected - This field displays the current IP address and subnet mask assigned to a DHCP server. IP Assignment If this interface is a member of interface it does not appear in the list. Status This field displays the current...in the list. This is either the static IP address of each interface. 174 ZyWALL USG 50 User's Guide This field displays the zone to update the IP address for each interface. Examples include DHCP relay, DHCP server, DDNS, RIP, and OSPF. Static - The Ethernet interface is assigned....
...a PPPoE/PPTP interface. Down - For PPP interfaces: Connected - This field displays the current IP address and subnet mask assigned to a DHCP server. IP Assignment If this interface is a member of interface it does not appear in the list. Status This field displays the current...in the list. This is either the static IP address of each interface. 174 ZyWALL USG 50 User's Guide This field displays the zone to update the IP address for each interface. Examples include DHCP relay, DHCP server, DDNS, RIP, and OSPF. Static - The Ethernet interface is assigned....
User Manual
Page 182
...the DHCP client requests. Refresh Click this button to update the information in the screen. 9.8 The Login Users Screen Use this screen to look at a list of an IP/MAC binding entry. Table 33 Monitor > System Status > IP/MAC Binding LABEL DESCRIPTION Interface Select a ZyWALL ... address is the index number of the users currently logged into the ZyWALL. Figure 128 Monitor > System Status > Login Users 182 ZyWALL USG 50 User's Guide IP Address This is when the device last established a session with the ZyWALL through this device on the network (the computer name). Chapter 9 ...
...the DHCP client requests. Refresh Click this button to update the information in the screen. 9.8 The Login Users Screen Use this screen to look at a list of an IP/MAC binding entry. Table 33 Monitor > System Status > IP/MAC Binding LABEL DESCRIPTION Interface Select a ZyWALL ... address is the index number of the users currently logged into the ZyWALL. Figure 128 Monitor > System Status > Login Users 182 ZyWALL USG 50 User's Guide IP Address This is when the device last established a session with the ZyWALL through this device on the network (the computer name). Chapter 9 ...
User Manual
Page 217
... Parameters Bandwidth Yes Yes Yes Yes Yes Yes Yes restrictions Packet size (MTU) Yes Yes Yes Yes Yes Yes No DHCP DHCP server No Yes No No Yes Yes No DHCP relay No Yes No No Yes Yes No Connectivity Check Yes No Yes No Yes Yes No - * The format ... REQUIRED PORT / INTERFACE port group physical port Ethernet interface physical port VLAN interface bridge interface port group Ethernet interface Ethernet interface* VLAN interface* ZyWALL USG 50 User's Guide 217 The names of virtual interfaces are called wan1:1, wan1:2, and so on top of interface.
... Parameters Bandwidth Yes Yes Yes Yes Yes Yes Yes restrictions Packet size (MTU) Yes Yes Yes Yes Yes Yes No DHCP DHCP server No Yes No No Yes Yes No DHCP relay No Yes No No Yes Yes No Connectivity Check Yes No Yes No Yes Yes No - * The format ... REQUIRED PORT / INTERFACE port group physical port Ethernet interface physical port VLAN interface bridge interface port group Ethernet interface Ethernet interface* VLAN interface* ZyWALL USG 50 User's Guide 217 The names of virtual interfaces are called wan1:1, wan1:2, and so on top of interface.
User Manual
Page 220
The ZyWALL supports two routing protocols, RIP and OSPF. They can provide DHCP services, and they can still configure it (see Section 11.2 on page 297 for background information about these routing protocols. However, the routers ...also generate more efficient the routers should be. They restrict the amount of bandwidth and packet size. Figure 152 Configuration > Network > Interface > Ethernet (USG 20W) 220 ZyWALL USG 50 ...
The ZyWALL supports two routing protocols, RIP and OSPF. They can provide DHCP services, and they can still configure it (see Section 11.2 on page 297 for background information about these routing protocols. However, the routers ...also generate more efficient the routers should be. They restrict the amount of bandwidth and packet size. Figure 152 Configuration > Network > Interface > Ethernet (USG 20W) 220 ZyWALL USG 50 ...
User Manual
Page 221
...DHCP settings, connectivity check, and MAC address settings. Activate To turn off an interface, select it and click Remove. If the IP address is inactive. Click Apply to save your changes back to open the screen where you change . For example, if you can modify the entry's settings. ZyWALL USG 50... User's Guide 221 See Section 11.3.2 on an interface's IP address, subnet, or gateway, the ZyWALL automatically updates every rule or setting that shows which settings use Ethernet interfaces to...
...DHCP settings, connectivity check, and MAC address settings. Activate To turn off an interface, select it and click Remove. If the IP address is inactive. Click Apply to save your changes back to open the screen where you change . For example, if you can modify the entry's settings. ZyWALL USG 50... User's Guide 221 See Section 11.3.2 on an interface's IP address, subnet, or gateway, the ZyWALL automatically updates every rule or setting that shows which settings use Ethernet interfaces to...
User Manual
Page 225
... and it can be on the interface, you must manually configure a policy route to apply security settings such as the interface. The ZyWALL automatically adds this interface. Internal is for this interface to belong. This is the name of this interface is to the default WAN...trunk. Enter the subnet mask of the Ethernet interface's physical port. Other corresponding configuration options: DHCP server and DHCP relay. Select the zone to which this interface in the network. ZyWALL USG 50 User's Guide 225 It is not used elsewhere. See Chapter 39 on the interface itself. ...
... and it can be on the interface, you must manually configure a policy route to apply security settings such as the interface. The ZyWALL automatically adds this interface. Internal is for this interface to belong. This is the name of this interface is to the default WAN...trunk. Enter the subnet mask of the Ethernet interface's physical port. Other corresponding configuration options: DHCP server and DHCP relay. Select the zone to which this interface in the network. ZyWALL USG 50 User's Guide 225 It is not used elsewhere. See Chapter 39 on the interface itself. ...
User Manual
Page 227
... a static IP address. The ZyWALL is a DHCP Server. DHCP Select what type of IP addresses to use the Static DHCP Table. The DHCP server(s) may be at least one of a DHCP server for a TCP connectivity check. These fields appear if the ZyWALL is the DHCP server for the DHCP clients to allocate. ZyWALL USG 50 User's Guide 227 DHCP Relay - Relay Server 1 Enter...
... a static IP address. The ZyWALL is a DHCP Server. DHCP Select what type of IP addresses to use the Static DHCP Table. The DHCP server(s) may be at least one of a DHCP server for a TCP connectivity check. These fields appear if the ZyWALL is the DHCP server for the DHCP clients to allocate. ZyWALL USG 50 User's Guide 227 DHCP Relay - Relay Server 1 Enter...