User Manual
Page 9
Contents Overview Contents Overview User's Guide ...29 Introducing the ZyWALL ...31 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...109 Technical ... Authentication Policy ...349 Firewall ...357 IPSec VPN ...375 SSL VPN ...411 SSL User Screens ...421 SSL User Application Screens 431 ZyWALL SecuExtender ...433 Application Patrol ...437 Anti-Virus ...463 IDP ...479 ADP ...513 Content Filtering ...533 Content Filter Reports ...557 Anti-Spam ...565 User/Group ...583 ZyWALL USG 50 User's Guide 9
Contents Overview Contents Overview User's Guide ...29 Introducing the ZyWALL ...31 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...109 Technical ... Authentication Policy ...349 Firewall ...357 IPSec VPN ...375 SSL VPN ...411 SSL User Screens ...421 SSL User Application Screens 431 ZyWALL SecuExtender ...433 Application Patrol ...437 Anti-Virus ...463 IDP ...479 ADP ...513 Content Filtering ...533 Content Filter Reports ...557 Anti-Spam ...565 User/Group ...583 ZyWALL USG 50 User's Guide 9
User Manual
Page 13
......100 6.5.14 Firewall ...101 6.5.15 IPSec VPN ...102 6.5.16 SSL VPN ...102 6.5.17 Application Patrol 102 6.5.18 Anti-Virus ...103 6.5.19 IDP ...103 6.5.20 ADP ...103 6.5.21 Content Filter ...104 6.5.22 Anti-Spam ...104 6.6 Objects ...105 6.6.1 User/Group ...106 6.7 System ...... Port Roles 111 7.1.3 Configure the DMZ Interface for a Local Network 111 7.1.4 Configure Zones ...112 7.2 How to Configure a Cellular Interface 113 ZyWALL USG 50 User's Guide 13 Table of Contents 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration...
......100 6.5.14 Firewall ...101 6.5.15 IPSec VPN ...102 6.5.16 SSL VPN ...102 6.5.17 Application Patrol 102 6.5.18 Anti-Virus ...103 6.5.19 IDP ...103 6.5.20 ADP ...103 6.5.21 Content Filter ...104 6.5.22 Anti-Spam ...104 6.6 Objects ...105 6.6.1 User/Group ...106 6.7 System ...... Port Roles 111 7.1.3 Configure the DMZ Interface for a Local Network 111 7.1.4 Configure Zones ...112 7.2 How to Configure a Cellular Interface 113 ZyWALL USG 50 User's Guide 13 Table of Contents 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration...
User Manual
Page 15
...-Virus Statistics Screen 194 9.14 The IDP Statistics Screen 196 9.15 The Content Filter Statistics Screen 198 9.16 Content Filter Cache Screen 200 9.17 The Anti-Spam Statistics Screen 203 9.18 The Anti-Spam Status Screen 205 9.19 Log Screen ...206 Chapter 10 Registration ...209 10.1 Overview ...209 ZyWALL USG 50 User's Guide 15
...-Virus Statistics Screen 194 9.14 The IDP Statistics Screen 196 9.15 The Content Filter Statistics Screen 198 9.16 Content Filter Cache Screen 200 9.17 The Anti-Spam Statistics Screen 203 9.18 The Anti-Spam Status Screen 205 9.19 Log Screen ...206 Chapter 10 Registration ...209 10.1 Overview ...209 ZyWALL USG 50 User's Guide 15
User Manual
Page 20
...27.2 Statistics ...434 27.3 View Log ...435 27.4 Suspend and Resume the Connection 435 27.5 Stop the Connection ...436 27.6 Uninstalling the ZyWALL SecuExtender 436 Chapter 28 Application Patrol ...437 28.1 Overview ...437 28.1.1 What You Can Do in this Chapter 437 28.1.2 What You Need ...-Virus Technical Reference 477 Chapter 30 IDP ...479 30.1 Overview ...479 30.1.1 What You Can Do in this Chapter 479 30.1.2 What You Need To Know 479 30.1.3 Before You Begin 480 30.2 The IDP General Screen 481 30.3 Introducing IDP Profiles 483 30.3.1 Base Profiles ...484 20 ZyWALL USG 50 User's Guide
...27.2 Statistics ...434 27.3 View Log ...435 27.4 Suspend and Resume the Connection 435 27.5 Stop the Connection ...436 27.6 Uninstalling the ZyWALL SecuExtender 436 Chapter 28 Application Patrol ...437 28.1 Overview ...437 28.1.1 What You Can Do in this Chapter 437 28.1.2 What You Need ...-Virus Technical Reference 477 Chapter 30 IDP ...479 30.1 Overview ...479 30.1.1 What You Can Do in this Chapter 479 30.1.2 What You Need To Know 479 30.1.3 Before You Begin 480 30.2 The IDP General Screen 481 30.3 Introducing IDP Profiles 483 30.3.1 Base Profiles ...484 20 ZyWALL USG 50 User's Guide
User Manual
Page 21
... Signature 500 30.8.2 Custom Signature Example 506 30.8.3 Applying Custom Signatures 508 30.8.4 Verifying Custom Signatures 509 30.9 IDP Technical Reference 510 Chapter 31 ADP ...513 31.1 Overview ...513 31.1.1 ADP and IDP Comparison 513 31.1.2 What You Can Do in this Chapter 513 31.1.3 What You Need To Know 513 31... You Need to Know 533 32.1.3 Before You Begin 535 32.2 Content Filter General Screen 535 32.3 Content Filter Policy Add or Edit Screen 538 ZyWALL USG 50 User's Guide 21
... Signature 500 30.8.2 Custom Signature Example 506 30.8.3 Applying Custom Signatures 508 30.8.4 Verifying Custom Signatures 509 30.9 IDP Technical Reference 510 Chapter 31 ADP ...513 31.1 Overview ...513 31.1.1 ADP and IDP Comparison 513 31.1.2 What You Can Do in this Chapter 513 31.1.3 What You Need To Know 513 31... You Need to Know 533 32.1.3 Before You Begin 535 32.2 Content Filter General Screen 535 32.3 Content Filter Policy Add or Edit Screen 538 ZyWALL USG 50 User's Guide 21
User Manual
Page 31
...set ports to be part of the ZyWALL. You can deploy the ZyWALL as a transparent firewall in an existing network with the reliability of the ZyWALL's features. The ZyWALL also provides two separate LAN networks. ZyWALL USG 50 User's Guide 31 Flexible configuration helps you...included) for a more detailed overview of dual WAN Gigabit Ethernet ports and load balancing. The ZyWALL's security features include VPN, firewall, anti-virus, content filtering, IDP (Intrusion Detection and Prevention), ADP (Anomaly Detection and Protection), and certificates. Alternatively, you set ...
...set ports to be part of the ZyWALL. You can deploy the ZyWALL as a transparent firewall in an existing network with the reliability of the ZyWALL's features. The ZyWALL also provides two separate LAN networks. ZyWALL USG 50 User's Guide 31 Flexible configuration helps you...included) for a more detailed overview of dual WAN Gigabit Ethernet ports and load balancing. The ZyWALL's security features include VPN, firewall, anti-virus, content filtering, IDP (Intrusion Detection and Prevention), ADP (Anomaly Detection and Protection), and certificates. Alternatively, you set ...
User Manual
Page 37
...interface, port, or network. The rest of this section provides more 3G (cellular) connections. High Availability To ensure the ZyWALL provides reliable, secure Internet access, set up one or more of the following: • Multiple WAN ports and configure load... information about the features of the ZyWALL. 2.1 Features The ZyWALL's security features include VPN, firewall, anti-virus, content filtering, IDP (Intrusion Detection and Prevention), ADP (Anomaly Detection and Protection), and certificates. You can create your own custom zones. ZyWALL USG 50 User's Guide 37 As a result...
...interface, port, or network. The rest of this section provides more 3G (cellular) connections. High Availability To ensure the ZyWALL provides reliable, secure Internet access, set up one or more of the following: • Multiple WAN ports and configure load... information about the features of the ZyWALL. 2.1 Features The ZyWALL's security features include VPN, firewall, anti-virus, content filtering, IDP (Intrusion Detection and Prevention), ADP (Anomaly Detection and Protection), and certificates. You can create your own custom zones. ZyWALL USG 50 User's Guide 37 As a result...
User Manual
Page 38
...and enforce Internet access policies tailored to defined policies. Intrusion Detection and Prevention (IDP) IDP (Intrusion Detection and Protection) can detect malicious or suspicious packets and respond instantaneously. The ZyWALL's ADP protects against an external database of dynamically-updated ratings of millions of ...also create your own custom ADP rules. For example, traffic from a pre-defined list. 38 ZyWALL USG 50 User's Guide It can also create your own custom IDP rules. You can also subscribe to category-based content filtering that allows your network to protect ...
...and enforce Internet access policies tailored to defined policies. Intrusion Detection and Prevention (IDP) IDP (Intrusion Detection and Protection) can detect malicious or suspicious packets and respond instantaneously. The ZyWALL's ADP protects against an external database of dynamically-updated ratings of millions of ...also create your own custom ADP rules. For example, traffic from a pre-defined list. 38 ZyWALL USG 50 User's Guide It can also create your own custom IDP rules. You can also subscribe to category-based content filtering that allows your network to protect ...
User Manual
Page 48
.... Service View the licensed service status and upgrade licensed services. IDP/AppPatrol Update IDP signatures immediately or by a schedule. IDP Collect and display statistics on the viruses that the ZyWALL has detected. System Protect Update system-protect signatures immediately or by...log entries. 3.3.2.3 Configuration Menu Use the configuration menu screens to configure the ZyWALL's features. Anti-X Statistics Anti-Virus Collect and display statistics on the intrusions that the ZyWALL has detected. Network 48 ZyWALL USG 50 User's Guide
.... Service View the licensed service status and upgrade licensed services. IDP/AppPatrol Update IDP signatures immediately or by a schedule. IDP Collect and display statistics on the viruses that the ZyWALL has detected. System Protect Update system-protect signatures immediately or by...log entries. 3.3.2.3 Configuration Menu Use the configuration menu screens to configure the ZyWALL's features. Anti-X Statistics Anti-Virus Collect and display statistics on the intrusions that the ZyWALL has detected. Network 48 ZyWALL USG 50 User's Guide
User Manual
Page 50
... and see registration and signature information. IDP General Display and manage IDP bindings. Profile Create and manage IDP profiles. Custom Signatures Create, import, or export custom signatures. Group Create and manage groups of addresses. 50 ZyWALL USG 50 User's Guide VoIP Manage VoIP traffic....White List Set up a black list to identify spam and a white list to identify legitimate e-mail. DNSBL Have the ZyWALL check e-mail against DNS Black Lists. Streaming Manage streaming traffic. Setting Manage default settings for all users, general settings ...
... and see registration and signature information. IDP General Display and manage IDP bindings. Profile Create and manage IDP profiles. Custom Signatures Create, import, or export custom signatures. Group Create and manage groups of addresses. 50 ZyWALL USG 50 User's Guide VoIP Manage VoIP traffic....White List Set up a black list to identify spam and a white list to identify legitimate e-mail. DNSBL Have the ZyWALL check e-mail against DNS Black Lists. Streaming Manage streaming traffic. Setting Manage default settings for all users, general settings ...
User Manual
Page 88
You can also usually select Create new Object to be able to configure a new object. Use zones to apply security settings such as firewall, IDP, remote management, antivirus, and application patrol. Physical Ethernet Ports (P1, P2, ...) The physical port is a group of interfaces and VPN tunnels)...dmz Table 13 Zones, Interfaces, and Physical Ethernet Ports Zones (WAN,LAN, DMZ) A zone is where you are in configuring other features. 88 ZyWALL USG 50 User's Guide Use the Object Reference screen (Section 3.3.3.3 on page 53) to see Section 6.6 on page 105. Here is an overview of common ...
You can also usually select Create new Object to be able to configure a new object. Use zones to apply security settings such as firewall, IDP, remote management, antivirus, and application patrol. Physical Ethernet Ports (P1, P2, ...) The physical port is a group of interfaces and VPN tunnels)...dmz Table 13 Zones, Interfaces, and Physical Ethernet Ports Zones (WAN,LAN, DMZ) A zone is where you are in configuring other features. 88 ZyWALL USG 50 User's Guide Use the Object Reference screen (Section 3.3.3.3 on page 53) to see Section 6.6 on page 105. Here is an overview of common ...
User Manual
Page 91
ZyWALL USG 50 User's Guide 91 Traffic in the ZyWALL This section highlights some terminology or organization for ZLD-based ZyWALLs. Chapter 6 Configuration Basics 6.3 Terminology in > Defragmentation > ALG > Destination NAT > Routing > Stateful Firewall > ADP > Application Classification > IDP > Anti-virus > Application Patrol > Content Filter > Anti-Spam > SNAT > Bandwidth Management > Traffic Out. Table 15 ZLD ZyWALL Terminology FEATURE / TERM ZLD...
ZyWALL USG 50 User's Guide 91 Traffic in the ZyWALL This section highlights some terminology or organization for ZLD-based ZyWALLs. Chapter 6 Configuration Basics 6.3 Terminology in > Defragmentation > ALG > Destination NAT > Routing > Stateful Firewall > ADP > Application Classification > IDP > Anti-virus > Application Patrol > Content Filter > Anti-Spam > SNAT > Bandwidth Management > Traffic Out. Table 15 ZLD ZyWALL Terminology FEATURE / TERM ZLD...
User Manual
Page 96
...settings, click Network > Interface > Ethernet and then the dmz's Edit icon. 96 ZyWALL USG 50 User's Guide MENU ITEM(S) Configuration > Licensing > Update PREREQUISITES Registration (for the anti-virus, IDP and application patrol, and system protect features. Chapter 6 Configuration Basics 6.5.2 Licensing Registration ...assign it to a zone. You must have Internet access to update the ZyWALL's signature packages for anti-virus and IDP/application patrol), Internet access to services like antivirus, IDP and application patrol, more SSL VPN tunnels, and content filtering. You must...
...settings, click Network > Interface > Ethernet and then the dmz's Edit icon. 96 ZyWALL USG 50 User's Guide MENU ITEM(S) Configuration > Licensing > Update PREREQUISITES Registration (for the anti-virus, IDP and application patrol, and system protect features. Chapter 6 Configuration Basics 6.5.2 Licensing Registration ...assign it to a zone. You must have Internet access to update the ZyWALL's signature packages for anti-virus and IDP/application patrol), Internet access to services like antivirus, IDP and application patrol, more SSL VPN tunnels, and content filtering. You must...
User Manual
Page 98
... the trunk. 10 Specify the amount of interfaces and VPN tunnels. MENU ITEM(S) Configuration > Network > Zone PREREQUISITES Interfaces, IPSec VPN, SSL VPN WHERE USED Firewall, IDP, remote management, anti-virus, ADP, application patrol Example: For example, to at most one zone. If you have multiple WAN connections. 9 Select the interface that... information. A zone is a group of bandwidth FTP traffic can be assigned to create the DMZ-2 zone, click Network > Zone and then the Add icon. 98 ZyWALL USG 50 User's Guide Zones cannot overlap.
... the trunk. 10 Specify the amount of interfaces and VPN tunnels. MENU ITEM(S) Configuration > Network > Zone PREREQUISITES Interfaces, IPSec VPN, SSL VPN WHERE USED Firewall, IDP, remote management, anti-virus, ADP, application patrol Example: For example, to at most one zone. If you have multiple WAN connections. 9 Select the interface that... information. A zone is a group of bandwidth FTP traffic can be assigned to create the DMZ-2 zone, click Network > Zone and then the Add icon. 98 ZyWALL USG 50 User's Guide Zones cannot overlap.
User Manual
Page 103
... subscribe using his account. You must subscribe to the application patrol configuration screen. MENU ITEM(S) Configuration > Anti-X > ADP PREREQUISITES Zones ZyWALL USG 50 User's Guide 103 You can leave the source, destination and log settings at the default. If you created for Bob. • You...subscribe using the Licensing > Registration screens or one of the wizards. MENU ITEM(S) Configuration > Anti-X > AV PREREQUISITES Registration, zones 6.5.19 IDP Use IDP to Drop. • Add another policy. • Select the user account that you do not want him to have to detect and ...
... subscribe using his account. You must subscribe to the application patrol configuration screen. MENU ITEM(S) Configuration > Anti-X > ADP PREREQUISITES Zones ZyWALL USG 50 User's Guide 103 You can leave the source, destination and log settings at the default. If you created for Bob. • You...subscribe using the Licensing > Registration screens or one of the wizards. MENU ITEM(S) Configuration > Anti-X > AV PREREQUISITES Registration, zones 6.5.19 IDP Use IDP to Drop. • Add another policy. • Select the user account that you do not want him to have to detect and ...
User Manual
Page 121
... it ("VPN_CONN_EXAMPLE"). To trigger the VPN, either try to the IPSec_VPN zone. If you should also allow UDP port 500 (IKE) and IP protocol 50 (AH) or 51 (ESP). Under VPN Gateway select Site-to the IPSec_VPN zone. The new VPN connection was assigned to -site and the VPN ...up security policies (firewall rules, IDP, and so on the IPSec_VPN zone, so, next, you enable NAT traversal, all firewalls between the ZyWALL and remote IPSec router should set up the VPN settings on the peer IPSec router and try to connect to a device on zones. ZyWALL USG 50 User's Guide 121 By default,...
... it ("VPN_CONN_EXAMPLE"). To trigger the VPN, either try to the IPSec_VPN zone. If you should also allow UDP port 500 (IKE) and IP protocol 50 (AH) or 51 (ESP). Under VPN Gateway select Site-to the IPSec_VPN zone. The new VPN connection was assigned to -site and the VPN ...up security policies (firewall rules, IDP, and so on the IPSec_VPN zone, so, next, you enable NAT traversal, all firewalls between the ZyWALL and remote IPSec router should set up the VPN settings on the peer IPSec router and try to connect to a device on zones. ZyWALL USG 50 User's Guide 121 By default,...
User Manual
Page 161
...displays details about the ZyWALL's startup state. OK - Problematic configuration after a firmware upgrade. The ZyWALL successfully applied the system default configuration. This occurs when the ZyWALL starts for specific MAC addresses. This is the version number of lease time remaining. ZyWALL USG 50 User's Guide 161... amount of reauthentication time remaining, and the amount of the content filtering, anti-virus or IDP signatures (anti-virus and IDP). Firmware update OK - The ZyWALL is yyyy-mm-dd hh:mm:ss. This is the current status of users currently logged...
...displays details about the ZyWALL's startup state. OK - Problematic configuration after a firmware upgrade. The ZyWALL successfully applied the system default configuration. This occurs when the ZyWALL starts for specific MAC addresses. This is the version number of lease time remaining. ZyWALL USG 50 User's Guide 161... amount of reauthentication time remaining, and the amount of the content filtering, anti-virus or IDP signatures (anti-virus and IDP). Firmware update OK - The ZyWALL is yyyy-mm-dd hh:mm:ss. This is the current status of users currently logged...
User Manual
Page 162
... the entry. 8.2.1 The CPU Usage Screen Use this screen to look at a chart of the ZyWALL's recent CPU usage. Occurrence This is the entry's rank in the list of the IDP signature. Signature Name The signature name identifies a specific intrusion pattern. Severity This is the entry's...Table 19 Dashboard (continued) LABEL DESCRIPTION Expiration If the service license is how many times the ZyWALL has detected the event described in the entry. Figure 115 Dashboard > CPU Usage 162 ZyWALL USG 50 User's Guide To access this shows when it will expire. See Table 146 on page 490...
... the entry. 8.2.1 The CPU Usage Screen Use this screen to look at a chart of the ZyWALL's recent CPU usage. Occurrence This is the entry's rank in the list of the IDP signature. Signature Name The signature name identifies a specific intrusion pattern. Severity This is the entry's...Table 19 Dashboard (continued) LABEL DESCRIPTION Expiration If the service license is how many times the ZyWALL has detected the event described in the entry. Figure 115 Dashboard > CPU Usage 162 ZyWALL USG 50 User's Guide To access this shows when it will expire. See Table 146 on page 490...
User Manual
Page 170
... 26 Monitor > System Status > Port Statistics LABEL DESCRIPTION Poll Interval Enter how often you can e-mail the log, and you want this screen. ZyWALL USG 50 User's Guide To access this to be updated automatically, and click Set Interval. Chapter 9 Monitor • Use the Anti-X Statistics > Anti-Virus...194) to start or stop data collection and view virus statistics. • Use the Anti-X Statistics > IDP screen (Section 9.14 on page 196) to start or stop data collection and view IDP statistics. • Use the Anti-X Statistics > Content Filter screen (Section 9.15 on page 198) ...
... 26 Monitor > System Status > Port Statistics LABEL DESCRIPTION Poll Interval Enter how often you can e-mail the log, and you want this screen. ZyWALL USG 50 User's Guide To access this to be updated automatically, and click Set Interval. Chapter 9 Monitor • Use the Anti-X Statistics > Anti-Virus...194) to start or stop data collection and view virus statistics. • Use the Anti-X Statistics > IDP screen (Section 9.14 on page 196) to start or stop data collection and view IDP statistics. • Use the Anti-X Statistics > Content Filter screen (Section 9.15 on page 198) ...
User Manual
Page 196
... report display. 196 ZyWALL USG 50 User's Guide Collecting starts over and a new collection start time displays. The collection starting at the time displayed here. Figure 139 Monitor > Anti-X Statistics > Anti-Virus: Destination IP 9.14 The IDP Statistics Screen Click Monitor > Anti-X Statistics > IDP to have the ZyWALL collect IDP statistics. This screen displays IDP (Intrusion Detection and...
... report display. 196 ZyWALL USG 50 User's Guide Collecting starts over and a new collection start time displays. The collection starting at the time displayed here. Figure 139 Monitor > Anti-X Statistics > Anti-Virus: Destination IP 9.14 The IDP Statistics Screen Click Monitor > Anti-X Statistics > IDP to have the ZyWALL collect IDP statistics. This screen displays IDP (Intrusion Detection and...