User Manual
Page 25
... 45.6.5 Service Control Rules 695 45.6.6 Customizing the WWW Login Page 695 45.6.7 HTTPS Example ...699 45.7 SSH ...706 45.7.1 How SSH Works ...707 45.7.2 SSH Implementation on the ZyWALL 708 45.7.3 Requirements for Using SSH 708 45.7.4 Configuring SSH ...708 45.7.5 Secure Telnet Using SSH Examples 710 45.8 Telnet ...711 45... ...713 45.10 SNMP ...715 45.10.1 Supported MIBs 717 45.10.2 SNMP Traps ...717 45.10.3 Configuring SNMP 717 45.11 Vantage CNM ...719 ZyWALL USG 50 User's Guide 25
... 45.6.5 Service Control Rules 695 45.6.6 Customizing the WWW Login Page 695 45.6.7 HTTPS Example ...699 45.7 SSH ...706 45.7.1 How SSH Works ...707 45.7.2 SSH Implementation on the ZyWALL 708 45.7.3 Requirements for Using SSH 708 45.7.4 Configuring SSH ...708 45.7.5 Secure Telnet Using SSH Examples 710 45.8 Telnet ...711 45... ...713 45.10 SNMP ...715 45.10.1 Supported MIBs 717 45.10.2 SNMP Traps ...717 45.10.3 Configuring SNMP 717 45.11 Vantage CNM ...719 ZyWALL USG 50 User's Guide 25
User Manual
Page 57
... connect an entry, select it and click Remove. Move To change an entry's position in order like the firewall for where you are descriptions for working with table entries. For example, if you type 6, the entry you want to create a new entry. Edit Double-click an entry or select ...Add Click this to remove it and click Move to display a field to type a number for example), you typed. In some lists ZyWALL USG 50 User's Guide 57 The ZyWALL confirms you want to put that entry and press [ENTER] to move it and click Disconnect. For those types of selected entries, you...
... connect an entry, select it and click Remove. Move To change an entry's position in order like the firewall for where you are descriptions for working with table entries. For example, if you type 6, the entry you want to create a new entry. Edit Double-click an entry or select ...Add Click this to remove it and click Move to display a field to type a number for example), you typed. In some lists ZyWALL USG 50 User's Guide 57 The ZyWALL confirms you want to put that entry and press [ENTER] to move it and click Disconnect. For those types of selected entries, you...
User Manual
Page 58
Chapter 3 Web Configurator you can also use the [Shift] or [Ctrl] key to select multiple entries, and then use the arrow button to move them to the other list. Figure 25 Working with Lists 58 ZyWALL USG 50 User's Guide
Chapter 3 Web Configurator you can also use the [Shift] or [Ctrl] key to select multiple entries, and then use the arrow button to move them to the other list. Figure 25 Working with Lists 58 ZyWALL USG 50 User's Guide
User Manual
Page 93
...1 NAT rules. Figure 53 Routing Table Checking Flow 1 Direct-connected Subnets: The ZyWALL first checks to see Section 13.1 on page 281). 2 Policy Routes: These are the 1 to 1 NAT and many 1 to 1 NAT entry works like multiple 1 to send packets through the appropriate interface or VPN tunnel. See ...routes. Configure policy routes to 1 NAT rules. It maps a range of private network servers that the outside clients to access the server. ZyWALL USG 50 User's Guide 93 If a private network server will initiate sessions to the outside clients use to a range of public IP addresses. See...
...1 NAT rules. Figure 53 Routing Table Checking Flow 1 Direct-connected Subnets: The ZyWALL first checks to see Section 13.1 on page 281). 2 Policy Routes: These are the 1 to 1 NAT and many 1 to 1 NAT entry works like multiple 1 to send packets through the appropriate interface or VPN tunnel. See ...routes. Configure policy routes to 1 NAT rules. It maps a range of private network servers that the outside clients to access the server. ZyWALL USG 50 User's Guide 93 If a private network server will initiate sessions to the outside clients use to a range of public IP addresses. See...
User Manual
Page 104
...to display it . 5 Enable the external web filter service. 6 Decide what times. MENU ITEM(S) Configuration > Anti-X > Anti-Spam 104 ZyWALL USG 50 User's Guide You must have already subscribed to the content filter service. 1 Create a user account for Bill if you have a subscription ...in this example), unrated web sites and what to do for the work day (Configuration > Object > Schedule). 3 Click Configuration > Anti-X > Content Filter > Filter Profile. You must have not done so already (Configuration ...
...to display it . 5 Enable the external web filter service. 6 Decide what times. MENU ITEM(S) Configuration > Anti-X > Anti-Spam 104 ZyWALL USG 50 User's Guide You must have already subscribed to the content filter service. 1 Create a user account for Bill if you have a subscription ...in this example), unrated web sites and what to do for the work day (Configuration > Object > Schedule). 3 Click Configuration > Anti-X > Content Filter > Filter Profile. You must have not done so already (Configuration ...
User Manual
Page 115
...12 on page 115 for an example. 7.3 How to Configure Load Balancing This example shows how to the Internet). If the ZyWALL is using a user-configured trunk as its default trunk and you can automatically balance the traffic load amongst the available WAN connections ... traffic to add it. The available bandwidth for two WAN connections (to configure a trunk for the connections is working. ZyWALL USG 50 User's Guide 115 Chapter 7 Tutorials 6 The ZyWALL automatically adds the cellular interface to enhance overall network throughput. See also Section 7.3 on page 271. This way ...
...12 on page 115 for an example. 7.3 How to Configure Load Balancing This example shows how to the Internet). If the ZyWALL is using a user-configured trunk as its default trunk and you can automatically balance the traffic load amongst the available WAN connections ... traffic to add it. The available bandwidth for two WAN connections (to configure a trunk for the connections is working. ZyWALL USG 50 User's Guide 115 Chapter 7 Tutorials 6 The ZyWALL automatically adds the cellular interface to enhance overall network throughput. See also Section 7.3 on page 271. This way ...
User Manual
Page 227
... for a TCP connectivity check. Choices are: None - Relay Server 1 Enter the IP address of DHCP service the ZyWALL provides to allocate. In this interface and the ZyWALL works as a DNS relay. This number must be on the network. First DNS Server, Second DNS Server, Third DNS ...the port number to use for the network. These fields appear if the ZyWALL is Internal or General. ZyWALL USG 50 User's Guide 227 select the DNS server that another interface received from which the ZyWALL begins allocating IP addresses. IP Pool Start Address Enter the IP address from...
... for a TCP connectivity check. Choices are: None - Relay Server 1 Enter the IP address of DHCP service the ZyWALL provides to allocate. In this interface and the ZyWALL works as a DNS relay. This number must be on the network. First DNS Server, Second DNS Server, Third DNS ...the port number to use for the network. These fields appear if the ZyWALL is Internal or General. ZyWALL USG 50 User's Guide 227 select the DNS server that another interface received from which the ZyWALL begins allocating IP addresses. IP Pool Start Address Enter the IP address from...
User Manual
Page 253
... more DHCP servers you specify. Enter the IP address of another DHCP server for the network. From ISP - ZyWALL - ZyWALL USG 50 User's Guide 253 Choices are currently using. the ZyWALL assigns IP addresses and provides subnet mask, gateway, and DNS server information to use the IP address of this ...10.10.10 to the network. If you want to assign a static IP address to specify these IP addresses. In this interface and the ZyWALL works as a DNS relay. There is the DHCP server for the network. This number must also be blank. Custom Defined - DHCP Relay -...
... more DHCP servers you specify. Enter the IP address of another DHCP server for the network. From ISP - ZyWALL - ZyWALL USG 50 User's Guide 253 Choices are currently using. the ZyWALL assigns IP addresses and provides subnet mask, gateway, and DNS server information to use the IP address of this ...10.10.10 to the network. If you want to assign a static IP address to specify these IP addresses. In this interface and the ZyWALL works as a DNS relay. There is the DHCP server for the network. This number must also be blank. Custom Defined - DHCP Relay -...
User Manual
Page 263
... Type the IP address of IP addresses to use the IP address of static IP addresses the ZyWALL assigns to computers connected to the interface. select this interface and the ZyWALL works as a DNS relay. Enable IP/MAC Binding Select this interface attempts to use the information (...network address), last address (broadcast address) and the interface's IP address. In this interface. ZyWALL USG 50 User's Guide 263 If you want to assign a static IP address to this case, the ZyWALL can use an IP address that they are currently using the interface's IP Pool Start Address and...
... Type the IP address of IP addresses to use the IP address of static IP addresses the ZyWALL assigns to computers connected to the interface. select this interface and the ZyWALL works as a DNS relay. Enable IP/MAC Binding Select this interface attempts to use the information (...network address), last address (broadcast address) and the interface's IP address. In this interface. ZyWALL USG 50 User's Guide 263 If you want to assign a static IP address to this case, the ZyWALL can use an IP address that they are currently using the interface's IP Pool Start Address and...
User Manual
Page 268
... available network information to DHCP clients. 268 ZyWALL USG 50 User's Guide The smaller the MTU, the more fragments sent, and the more than the MTU, the ZyWALL divides it submits a DHCP request. In this case, the interface can specify more work required to re-assemble packets correctly. Chapter ...11 Interfaces If you set up and maintain IP addresses, subnet masks, gateways, and some network information (such as Ethernet over ATM, might not be able to handle large data packets. The ZyWALL also restricts the...
... available network information to DHCP clients. 268 ZyWALL USG 50 User's Guide The smaller the MTU, the more fragments sent, and the more than the MTU, the ZyWALL divides it submits a DHCP request. In this case, the interface can specify more work required to re-assemble packets correctly. Chapter ...11 Interfaces If you set up and maintain IP addresses, subnet masks, gateways, and some network information (such as Ethernet over ATM, might not be able to handle large data packets. The ZyWALL also restricts the...
User Manual
Page 270
.... PPTP is used to set up two sessions. 1 The first one of the modem. It provides the following advantages: • The access and authentication method works with cable modems and DSL connections. It is used to start and manage the second one. 2 The second one uses Generic Routing Encapsulation (GRE, RFC... runs on TCP port 1723. PPPoE is convenient and easy-to-use, but you have to make sure that firewalls support both PPTP sessions. 270 ZyWALL USG 50 User's Guide
.... PPTP is used to set up two sessions. 1 The first one of the modem. It provides the following advantages: • The access and authentication method works with cable modems and DSL connections. It is used to start and manage the second one. 2 The second one uses Generic Routing Encapsulation (GRE, RFC... runs on TCP port 1723. PPPoE is convenient and easy-to-use, but you have to make sure that firewalls support both PPTP sessions. 270 ZyWALL USG 50 User's Guide
User Manual
Page 279
... field displays with the spillover load balancing algorithm. OK Cancel The ZyWALL uses the group member interfaces in the order that interface. ZyWALL USG 50 User's Guide 279 Click Cancel to the ZyWALL. The traffic of data the ZyWALL is given an amount of bandwidth irrespective of queues being used. ... more traffic than it can handle. Click OK to save your changes back to exit this spillover bandwidth limit is empty. This works in kilobits per second. This queue then moves to send out through the next interface. Specify the maximum bandwidth of traffic in ...
... field displays with the spillover load balancing algorithm. OK Cancel The ZyWALL uses the group member interfaces in the order that interface. ZyWALL USG 50 User's Guide 279 Click Cancel to the ZyWALL. The traffic of data the ZyWALL is given an amount of bandwidth irrespective of queues being used. ... more traffic than it can handle. Click OK to save your changes back to exit this spillover bandwidth limit is empty. This works in kilobits per second. This queue then moves to send out through the next interface. Specify the maximum bandwidth of traffic in ...
User Manual
Page 325
...> Add (continued) LABEL DESCRIPTION Classification Select what kind of NAT this rule is User Defined. Incoming Interface Original IP One many 1:1 NAT rule works like the Internet). 1:1 NAT - Select this NAT rule supports. So for example you have a range of private network servers that this to use.../PPTP interface. If you could enter a static public IP assigned by this to perform. Select the interface on interface IPs. ZyWALL USG 50 User's Guide 325 The list also includes address objects based on which translated destination IP address this to the outside the...
...> Add (continued) LABEL DESCRIPTION Classification Select what kind of NAT this rule is User Defined. Incoming Interface Original IP One many 1:1 NAT rule works like the Internet). 1:1 NAT - Select this NAT rule supports. So for example you have a range of private network servers that this to use.../PPTP interface. If you could enter a static public IP assigned by this to perform. Select the interface on interface IPs. ZyWALL USG 50 User's Guide 325 The list also includes address objects based on which translated destination IP address this to the outside the...
User Manual
Page 332
... automatically. • a application patrol rule to allow quick access and reduce network usage. To make the example in Figure 197 on page 331 work, make indirect requests to access the Internet or outside network resources/services. For HTTP traffic between lan1 and dmz: • a from LAN1 to... Internet or other networks. Responses to the proxy server. It also keeps hackers from the client to this request are allowed automatically. 332 ZyWALL USG 50 User's Guide You also need to access the Internet. The proxy checks its local cache for HTTP traffic is not found, the proxy ...
... automatically. • a application patrol rule to allow quick access and reduce network usage. To make the example in Figure 197 on page 331 work, make indirect requests to access the Internet or outside network resources/services. For HTTP traffic between lan1 and dmz: • a from LAN1 to... Internet or other networks. Responses to the proxy server. It also keeps hackers from the client to this request are allowed automatically. 332 ZyWALL USG 50 User's Guide You also need to access the Internet. The proxy checks its local cache for HTTP traffic is not found, the proxy ...
User Manual
Page 350
...policy to use multiple endpoint security objects. This allows checking of computers with HTTP traffic only. Note: This works with different OSs or security settings. The ZyWALL does not automatically route the request that prompted the login, however, so users have configured on a traffic .... Chapter 21 Authentication Policy 21.1.2 What You Need to Know Authentication Policy and VPN Authentication policies are applied based on the ZyWALL. 350 ZyWALL USG 50 User's Guide When a client attempts to log in order to make this request again. Finding Out More See Section 7.7 ...
...policy to use multiple endpoint security objects. This allows checking of computers with HTTP traffic only. Note: This works with different OSs or security settings. The ZyWALL does not automatically route the request that prompted the login, however, so users have configured on a traffic .... Chapter 21 Authentication Policy 21.1.2 What You Need to Know Authentication Policy and VPN Authentication policies are applied based on the ZyWALL. 350 ZyWALL USG 50 User's Guide When a client attempts to log in order to make this request again. Finding Out More See Section 7.7 ...
User Manual
Page 357
... request are allowed. User 1 can use static port numbers. Communications between any of the networks. ZyWALL USG 50 User's Guide 357 Figure 214 Default Firewall Action 22.1.1 What You Can Do in action and demonstrates how stateful inspection works. Use application patrol (see Section 22.3 on page 437) to control services using flexible/ dynamic...
... request are allowed. User 1 can use static port numbers. Communications between any of the networks. ZyWALL USG 50 User's Guide 357 Figure 214 Default Firewall Action 22.1.1 What You Can Do in action and demonstrates how stateful inspection works. Use application patrol (see Section 22.3 on page 437) to control services using flexible/ dynamic...
User Manual
Page 464
...Worm A computer virus is a small program designed to corrupt and/or alter the operation of the packets. 464 ZyWALL USG 50 User's Guide See Section 10.1 on the ZyWALL. 1 The ZyWALL first identifies SMTP, POP3, IMAP4, HTTP and FTP packets through standard ports. 2 If the packets are unaware... Transfer Protocol) • POP3 (Post Office Protocol version 3) • IMAP4 (Internet Message Access Protocol version 4) How the ZyWALL Anti-Virus Scanner Works The following describes the virus scanning process on page 209 for the anti-virus engine you are not session connection setup packets (...
...Worm A computer virus is a small program designed to corrupt and/or alter the operation of the packets. 464 ZyWALL USG 50 User's Guide See Section 10.1 on the ZyWALL. 1 The ZyWALL first identifies SMTP, POP3, IMAP4, HTTP and FTP packets through standard ports. 2 If the packets are unaware... Transfer Protocol) • POP3 (Post Office Protocol version 3) • IMAP4 (Internet Message Access Protocol version 4) How the ZyWALL Anti-Virus Scanner Works The following describes the virus scanning process on page 209 for the anti-virus engine you are not session connection setup packets (...
User Manual
Page 509
... can see if it works by checking the logs (Monitor > Log). The Priority column shows warn for signatures that are configured to generate a log and alert. The Note column displays ACCESS FORWARD when no action is for the signature. Figure 301 Example: Custom Signature in a profile. The ZyWALL USG 50 User's Guide 509 Then...
... can see if it works by checking the logs (Monitor > Log). The Priority column shows warn for signatures that are configured to generate a log and alert. The Note column displays ACCESS FORWARD when no action is for the signature. Figure 301 Example: Custom Signature in a profile. The ZyWALL USG 50 User's Guide 509 Then...
User Manual
Page 510
... host operating system, future operating system upgrades could cause problems. 510 ZyWALL USG 50 User's Guide Disadvantages of accessing confidential information or destroying information on each device (that you have to install them . You must install a host IDP directly on IDP. It works closely with the operating system, monitoring and intercepting system calls to...
... host operating system, future operating system upgrades could cause problems. 510 ZyWALL USG 50 User's Guide Disadvantages of accessing confidential information or destroying information on each device (that you have to install them . You must install a host IDP directly on IDP. It works closely with the operating system, monitoring and intercepting system calls to...
User Manual
Page 533
... categories of web site content. For example, you can create different content filter policies for different addresses, schedules, users or groups and content filter profiles. ZyWALL USG 50 User's Guide 533 CHAPTER 32 Content Filtering 32.1 Overview Use the content filtering feature to control access to specific web sites or web content. 32..., such as cookies, and/or block access to arts and entertainment web pages during the workday and another policy that lets him access them after work.
... categories of web site content. For example, you can create different content filter policies for different addresses, schedules, users or groups and content filter profiles. ZyWALL USG 50 User's Guide 533 CHAPTER 32 Content Filtering 32.1 Overview Use the content filtering feature to control access to specific web sites or web content. 32..., such as cookies, and/or block access to arts and entertainment web pages during the workday and another policy that lets him access them after work.