User Manual
Page 14
Table of Contents 7.3 How to Configure Load Balancing 115 7.3.1 Set Up Available Bandwidth on Ethernet Interfaces 115 7.3.2 Configure the WAN Trunk 116 7.4 How to Set Up an IPSec VPN Tunnel 118 7.4.1 Set Up ... 152 7.12.1 Create the Public IP Address Range Object 152 7.12.2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
Table of Contents 7.3 How to Configure Load Balancing 115 7.3.1 Set Up Available Bandwidth on Ethernet Interfaces 115 7.3.2 Configure the WAN Trunk 116 7.4 How to Set Up an IPSec VPN Tunnel 118 7.4.1 Set Up ... 152 7.12.1 Create the Public IP Address Range Object 152 7.12.2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
User Manual
Page 31
... an overview of dual WAN Gigabit Ethernet ports and load balancing. The ZyWALL's security features include VPN, firewall, anti-virus, content filtering, IDP (Intrusion Detection and Prevention), ADP (Anomaly Detection and Protection), and certificates. ZyWALL USG 50 User's Guide 31 The ZyWALL provides excellent throughput with minimal configuration. The ZyWALL lets you set ports to Peer (P2P) control...
... an overview of dual WAN Gigabit Ethernet ports and load balancing. The ZyWALL's security features include VPN, firewall, anti-virus, content filtering, IDP (Intrusion Detection and Prevention), ADP (Anomaly Detection and Protection), and certificates. ZyWALL USG 50 User's Guide 31 The ZyWALL provides excellent throughput with minimal configuration. The ZyWALL lets you set ports to Peer (P2P) control...
User Manual
Page 37
... to change security settings in the ZyWALL. Virtual Private Networks (VPN) Use IPSec, SSL to provide secure communication between these ports. • One or more of the following: • Multiple WAN ports and configure load balancing between two sites over the Internet ...or any insecure network that uses TCP/IP for communication. CHAPTER 2 Features and Applications This chapter introduces the main features and applications of the ZyWALL. ZyWALL USG 50 User's Guide 37 Flexible Security ...
... to change security settings in the ZyWALL. Virtual Private Networks (VPN) Use IPSec, SSL to provide secure communication between these ports. • One or more of the following: • Multiple WAN ports and configure load balancing between two sites over the Internet ...or any insecure network that uses TCP/IP for communication. CHAPTER 2 Features and Applications This chapter introduces the main features and applications of the ZyWALL. ZyWALL USG 50 User's Guide 37 Flexible Security ...
User Manual
Page 49
... RIP settings. Zone Configure zones used to force user authentication. ALG Configure SIP, H.323, and FTP pass-through settings. ZyWALL USG 50 User's Guide 49 Policy Define rules to define various policies. Chapter 3 Web Configurator Table 7 Configuration Menu Screens Summary (continued...Static Route Create and manage IP static routing information. IP/MAC Binding Summary Configure IP to MAC address bindings for load balancing and link High Availability (HA). Exempt List Configure ranges of IP addresses to all connections. Auth. Firewall Firewall Create...
... RIP settings. Zone Configure zones used to force user authentication. ALG Configure SIP, H.323, and FTP pass-through settings. ZyWALL USG 50 User's Guide 49 Policy Define rules to define various policies. Chapter 3 Web Configurator Table 7 Configuration Menu Screens Summary (continued...Static Route Create and manage IP static routing information. IP/MAC Binding Summary Configure IP to MAC address bindings for load balancing and link High Availability (HA). Exempt List Configure ranges of IP addresses to all connections. Auth. Firewall Firewall Create...
User Manual
Page 87
...object, you can reuse it is helpful when you ZyWALL USG 50 User's Guide 87 Some of the tools available for each feature. CHAPTER 6 Configuration Basics This information is provided to configure a trunk for load-balancing, you should configure the member interfaces before and ...after you configure the main screens for system management. 6.1 Object-based Configuration The ZyWALL stores information or settings as well. (You might also have...
...object, you can reuse it is helpful when you ZyWALL USG 50 User's Guide 87 Some of the tools available for each feature. CHAPTER 6 Configuration Basics This information is provided to configure a trunk for load-balancing, you should configure the member interfaces before and ...after you configure the main screens for system management. 6.1 Object-based Configuration The ZyWALL stores information or settings as well. (You might also have...
User Manual
Page 97
...Object > Address). 2 Click Configuration > Network > Routing > Policy Route to go to set up load balancing using two or more interfaces. You want to limit the amount of the ZyWALL), port triggering, and general NAT on page 109. 6.5.6 Policy Routes Use policy routes to override ... route. 3 Name the policy route. 4 Select the interface that goes out from the FTP server through the appropriate interface or VPN tunnel. ZyWALL USG 50 User's Guide 97 MENU ITEM(S) Configuration > Network > Interface > Trunk PREREQUISITES Interfaces WHERE USED Policy routes Example: See Chapter 7 on the ...
...Object > Address). 2 Click Configuration > Network > Routing > Policy Route to go to set up load balancing using two or more interfaces. You want to limit the amount of the ZyWALL), port triggering, and general NAT on page 109. 6.5.6 Policy Routes Use policy routes to override ... route. 3 Name the policy route. 4 Select the interface that goes out from the FTP server through the appropriate interface or VPN tunnel. ZyWALL USG 50 User's Guide 97 MENU ITEM(S) Configuration > Network > Interface > Trunk PREREQUISITES Interfaces WHERE USED Policy routes Example: See Chapter 7 on the ...
User Manual
Page 115
...device is how to set up the outgoing bandwidth on each WAN interface. If you want this trunk. ZyWALL USG 50 User's Guide 115 Chapter 7 Tutorials 6 The ZyWALL automatically adds the cellular interface to add it , use the Weighted Round Robin algorithm to send traffic ... configure the WAN_TRUNK trunk's load balancing settings. 7.3.1 Set Up Available Bandwidth on how much traffic the ZyWALL tries to enhance overall network throughput. To fine-tune the load balancing configuration, see Chapter 12 on page 115 for an example. 7.3 How to Configure Load Balancing This example shows how to...
...device is how to set up the outgoing bandwidth on each WAN interface. If you want this trunk. ZyWALL USG 50 User's Guide 115 Chapter 7 Tutorials 6 The ZyWALL automatically adds the cellular interface to add it , use the Weighted Round Robin algorithm to send traffic ... configure the WAN_TRUNK trunk's load balancing settings. 7.3.1 Set Up Available Bandwidth on how much traffic the ZyWALL tries to enhance overall network throughput. To fine-tune the load balancing configuration, see Chapter 12 on page 115 for an example. 7.3 How to Configure Load Balancing This example shows how to...
User Manual
Page 117
Add wan2 and enter 1 in the Weight column. Figure 65 Configuration > Network > Interface > Trunk > Add ZyWALL USG 50 User's Guide 117 Click OK. Chapter 7 Tutorials 2 Name the trunk and set the Load Balancing Algorithm field to Weighted Round Robin. Add wan1 and enter 2 in the Weight column.
Add wan2 and enter 1 in the Weight column. Figure 65 Configuration > Network > Interface > Trunk > Add ZyWALL USG 50 User's Guide 117 Click OK. Chapter 7 Tutorials 2 Name the trunk and set the Load Balancing Algorithm field to Weighted Round Robin. Add wan1 and enter 2 in the Weight column.
User Manual
Page 215
...11.5 on page 237) to configure settings for interfaces for defining other interfaces. • Ports are the physical ports to route packets. ZyWALL USG 50 User's Guide 215 For example, You connect the LAN1 network to the LAN1 interface. • Zones are groups of Ethernet interfaces to tell ... Use the Port Role screens (Section 11.2 on page 218) to create port groups and to assign physical ports and port groups to configure load balancing. You can create virtual Ethernet interfaces, virtual VLAN interfaces, and virtual bridge interfaces. • Use the Trunk screens (Chapter 12 on top...
...11.5 on page 237) to configure settings for interfaces for defining other interfaces. • Ports are the physical ports to route packets. ZyWALL USG 50 User's Guide 215 For example, You connect the LAN1 network to the LAN1 interface. • Zones are groups of Ethernet interfaces to tell ... Use the Port Role screens (Section 11.2 on page 218) to create port groups and to assign physical ports and port groups to configure load balancing. You can create virtual Ethernet interfaces, virtual VLAN interfaces, and virtual bridge interfaces. • Use the Trunk screens (Chapter 12 on top...
User Manual
Page 216
... network policies. ISP accounts are required for defining other types of interfaces--Ethernet, PPP, cellular, VLAN, bridge, and 216 ZyWALL USG 50 User's Guide Port groups create a hardware connection between physical ports at most one Ethernet interface. • Bridge interfaces create ...8226; Ethernet interfaces are three types: virtual Ethernet interfaces, virtual VLAN interfaces, and virtual bridge interfaces. • Trunk interfaces manage load balancing between Ethernet or VLAN interfaces at the layer-2 (data link, MAC address) level. Chapter 11 Interfaces 11.1.2 What You Need...
... network policies. ISP accounts are required for defining other types of interfaces--Ethernet, PPP, cellular, VLAN, bridge, and 216 ZyWALL USG 50 User's Guide Port groups create a hardware connection between physical ports at most one Ethernet interface. • Bridge interfaces create ...8226; Ethernet interfaces are three types: virtual Ethernet interfaces, virtual VLAN interfaces, and virtual bridge interfaces. • Trunk interfaces manage load balancing between Ethernet or VLAN interfaces at the layer-2 (data link, MAC address) level. Chapter 11 Interfaces 11.1.2 What You Need...
User Manual
Page 218
...PPP interface on page 113 for an example of a bridge. You cannot set the ZyWALL's flexible ports as part of it. You also cannot add an Ethernet interface or VLAN interface to configure load balancing using trunks. 11.2 Port Role To access this screen, click Configuration > Network ... throughput but no security. Use the Port Role screen to a lan1, lan2 or dmz port and change the port's role: 218 ZyWALL USG 50 User's Guide Chapter 11 Interfaces Table 52 Relationships Between Different Types of Interfaces (continued) INTERFACE REQUIRED PORT / INTERFACE PPP interface WAN1, ...
...PPP interface on page 113 for an example of a bridge. You cannot set the ZyWALL's flexible ports as part of it. You also cannot add an Ethernet interface or VLAN interface to configure load balancing using trunks. 11.2 Port Role To access this screen, click Configuration > Network ... throughput but no security. Use the Port Role screen to a lan1, lan2 or dmz port and change the port's role: 218 ZyWALL USG 50 User's Guide Chapter 11 Interfaces Table 52 Relationships Between Different Types of Interfaces (continued) INTERFACE REQUIRED PORT / INTERFACE PPP interface WAN1, ...
User Manual
Page 236
... in kilobits per second, the ZyWALL can configure the interface as part of a WAN trunk for load balancing. MTU Maximum Transmission Unit. Type the maximum size of each data packet, in bytes, that the gateway allows. If a larger packet arrives, the ZyWALL divides it is still available. ...Check Port This field only displays when you can send through the gateway. Allowed values are 0 - 1048576. Usually, this interface. 236 ZyWALL USG 50 User's Guide Enable Connectivity Check Select this to the network. Specify the port number to turn on the connection check. Chapter 11 Interfaces ...
... in kilobits per second, the ZyWALL can configure the interface as part of a WAN trunk for load balancing. MTU Maximum Transmission Unit. Type the maximum size of each data packet, in bytes, that the gateway allows. If a larger packet arrives, the ZyWALL divides it is still available. ...Check Port This field only displays when you can send through the gateway. Allowed values are 0 - 1048576. Usually, this interface. 236 ZyWALL USG 50 User's Guide Enable Connectivity Check Select this to the network. Specify the port number to turn on the connection check. Chapter 11 Interfaces ...
User Manual
Page 243
... available. Enter the maximum amount of seconds between connection check attempts. If a larger packet arrives, the ZyWALL divides it is used in WAN load balancing and bandwidth management. Connectivity Check The interface can regularly check the connection to the gateway you set the ...continued) LABEL DESCRIPTION Egress Bandwidth Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can receive from the network through the interface. IP Address Assignment ZyWALL USG 50 User's Guide 243 Type the maximum size of each data packet, in the field next to the...
... available. Enter the maximum amount of seconds between connection check attempts. If a larger packet arrives, the ZyWALL divides it is used in WAN load balancing and bandwidth management. Connectivity Check The interface can regularly check the connection to the gateway you set the ...continued) LABEL DESCRIPTION Egress Bandwidth Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can receive from the network through the interface. IP Address Assignment ZyWALL USG 50 User's Guide 243 Type the maximum size of each data packet, in the field next to the...
User Manual
Page 255
...- Type the password for MD5 authentication. Passive Interface Select this to disable OSPF in this interface. Type the password for text authentication. ZyWALL USG 50 User's Guide 255 The password can consist of a WAN trunk for a Designated Router (DR) or Backup Designated Router (BDR). Area... See Section 14.3 on page 299 for Authentication MD5 authentication. MD5 This field is available if the Authentication is looking for load balancing. Configure Policy Route Click Policy Route to go to a screen where you can not be the DR or BDR. Link ...
...- Type the password for MD5 authentication. Passive Interface Select this to disable OSPF in this interface. Type the password for text authentication. ZyWALL USG 50 User's Guide 255 The password can consist of a WAN trunk for a Designated Router (DR) or Backup Designated Router (BDR). Area... See Section 14.3 on page 299 for Authentication MD5 authentication. MD5 This field is available if the Authentication is looking for load balancing. Configure Policy Route Click Policy Route to go to a screen where you can not be the DR or BDR. Link ...
User Manual
Page 262
... Use Fixed IP Address. This is reserved for load balancing. If a larger packet arrives, the ZyWALL divides it does not know how to route the packet to the network. DHCP Server - Relay Server 2 This field is a DHCP Server. 262 ZyWALL USG 50 User's Guide Enter the IP address of a... DHCP server for the network. These fields appear if the ZyWALL is optional. Chapter 11 Interfaces Table 68 Configuration > Network > Interface > Bridge > Edit (continued...
... Use Fixed IP Address. This is reserved for load balancing. If a larger packet arrives, the ZyWALL divides it does not know how to route the packet to the network. DHCP Server - Relay Server 2 This field is a DHCP Server. 262 ZyWALL USG 50 User's Guide Enter the IP address of a... DHCP server for the network. These fields appear if the ZyWALL is optional. Chapter 11 Interfaces Table 68 Configuration > Network > Interface > Bridge > Edit (continued...
User Manual
Page 271
...you might want to use ISP B. CHAPTER 12 Trunks 12.1 Overview Use trunks for WAN traffic load balancing to an ISP that uses spillover or weighted round robin load balancing so timesensitive traffic (like video) usually goes through the higher-bandwidth interface. You could use ... screen (Section 12.2 on page 276) to configure link sticking and view the list of the ZyWALL's interfaces is also your Australian branch office primarily use least load first load balancing to Australia. Load balancing divides traffic loads between multiple interfaces. ZyWALL USG 50 User's Guide 271
...you might want to use ISP B. CHAPTER 12 Trunks 12.1 Overview Use trunks for WAN traffic load balancing to an ISP that uses spillover or weighted round robin load balancing so timesensitive traffic (like video) usually goes through the higher-bandwidth interface. You could use ... screen (Section 12.2 on page 276) to configure link sticking and view the list of the ZyWALL's interfaces is also your Australian branch office primarily use least load first load balancing to Australia. Load balancing divides traffic loads between multiple interfaces. ZyWALL USG 50 User's Guide 271
User Manual
Page 273
... of WAN 1 is 412K and WAN 2 is currently using active/active load balancing. ZyWALL USG 50 User's Guide 273 If link sticking had been configured, the ZyWALL would have still used as the load balancing index. The configured available outbound bandwidths for a session2. Chapter 12 Trunks 2 The ZyWALL is defined as the measured outbound throughput over the available outbound...
... of WAN 1 is 412K and WAN 2 is currently using active/active load balancing. ZyWALL USG 50 User's Guide 273 If link sticking had been configured, the ZyWALL would have still used as the load balancing index. The configured available outbound bandwidths for a session2. Chapter 12 Trunks 2 The ZyWALL is defined as the measured outbound throughput over the available outbound...
User Manual
Page 274
...Similar to the Round Robin (RR) algorithm (see Section 12.4 on the first ZyWALL USG 50 User's Guide For example, in turn. Figure 170 Weighted Round Robin Algorithm Example 274 Spillover The spillover load balancing algorithm sends network traffic to the first interface in the trunk member list until the...the second is billed by setting the weight of the traffic than WAN 1), the ZyWALL will send the subsequent new session traffic through them. Chapter 12 Trunks Since WAN 2 has a smaller load balancing index (meaning that it is less utilized than an interface with a larger weight ...
...Similar to the Round Robin (RR) algorithm (see Section 12.4 on the first ZyWALL USG 50 User's Guide For example, in turn. Figure 170 Weighted Round Robin Algorithm Example 274 Spillover The spillover load balancing algorithm sends network traffic to the first interface in the trunk member list until the...the second is billed by setting the weight of the traffic than WAN 1), the ZyWALL will send the subsequent new session traffic through them. Chapter 12 Trunks Since WAN 2 has a smaller load balancing index (meaning that it is less utilized than an interface with a larger weight ...
User Manual
Page 275
ZyWALL USG 50 User's Guide 275 The ZyWALL sends network traffic of new sessions that exceed this example figure, the upper threshold of the first interface is set to reduce Internet usage fees ... an example of the first interface to 800K. This fully utilizes the bandwidth of how to the secondary WAN interface. In this limit to configure load balancing. • See Section 12.4 on trunks.
ZyWALL USG 50 User's Guide 275 The ZyWALL sends network traffic of new sessions that exceed this example figure, the upper threshold of the first interface is set to reduce Internet usage fees ... an example of the first interface to 800K. This fully utilizes the bandwidth of how to the secondary WAN interface. In this limit to configure load balancing. • See Section 12.4 on trunks.
User Manual
Page 276
... to use the same link. 276 ZyWALL USG 50 User's Guide Specify the time period during which sessions from different links. This is useful when a server requires authentication. This screen lists the configured trunks and the load balancing algorithm that are to open the Trunk... 74 Configuration > Network > Interface > Trunk LABEL DESCRIPTION Show Advance Click this screen. Timeout This setting applies when you use load balancing and have the system route sessions from one source to the same destination are incompatible with a user's sessions coming from one source...
... to use the same link. 276 ZyWALL USG 50 User's Guide Specify the time period during which sessions from different links. This is useful when a server requires authentication. This screen lists the configured trunks and the load balancing algorithm that are to open the Trunk... 74 Configuration > Network > Interface > Trunk LABEL DESCRIPTION Show Advance Click this screen. Timeout This setting applies when you use load balancing and have the system route sessions from one source to the same destination are incompatible with a user's sessions coming from one source...