User Manual
Page 13
...6.5.5 Trunks ...97 6.5.6 Policy Routes ...97 6.5.7 Static Routes ...98 6.5.8 Zones ...98 6.5.9 DDNS ...99 6.5.10 NAT ...99 6.5.11 HTTP Redirect ...99 6.5.12 ALG ...100 6.5.13 Auth. Policy ...100 6.5.14 Firewall ...101 6.5.15 IPSec VPN ...102 6.5.16 SSL VPN ...102 6.5.17... 7 Tutorials ...109 7.1 How to Configure Interfaces, Port Roles, and Zones 109 7.1.1 Configure a WAN Ethernet Interface 110 7.1.2 Configure Port Roles 111 7.1.3 Configure the DMZ Interface for a Local Network 111 7.1.4 Configure Zones ...112 7.2 How to Configure a Cellular Interface 113 ZyWALL USG 50 User's Guide 13
...6.5.5 Trunks ...97 6.5.6 Policy Routes ...97 6.5.7 Static Routes ...98 6.5.8 Zones ...98 6.5.9 DDNS ...99 6.5.10 NAT ...99 6.5.11 HTTP Redirect ...99 6.5.12 ALG ...100 6.5.13 Auth. Policy ...100 6.5.14 Firewall ...101 6.5.15 IPSec VPN ...102 6.5.16 SSL VPN ...102 6.5.17... 7 Tutorials ...109 7.1 How to Configure Interfaces, Port Roles, and Zones 109 7.1.1 Configure a WAN Ethernet Interface 110 7.1.2 Configure Port Roles 111 7.1.3 Configure the DMZ Interface for a Local Network 111 7.1.4 Configure Zones ...112 7.2 How to Configure a Cellular Interface 113 ZyWALL USG 50 User's Guide 13
User Manual
Page 49
...Set up and manage HTTP redirection rules. Exempt List Configure ranges of concurrent client NAT/firewall sessions. Session Limit Limit the number of IP addresses to which the ZyWALL does not apply IP/MAC binding. VPN Gateway Configure IKE tunnels. ZyWALL USG 50 User's Guide 49 Ethernet ...and link High Availability (HA). Trunk Create and manage trunks (groups of interfaces) for users and groups. HTTP Redirect Set up and manage port forwarding rules. Policy Define rules to all connections. VLAN Create and manage VLAN interfaces and virtual VLAN interfaces. ...
...Set up and manage HTTP redirection rules. Exempt List Configure ranges of concurrent client NAT/firewall sessions. Session Limit Limit the number of IP addresses to which the ZyWALL does not apply IP/MAC binding. VPN Gateway Configure IKE tunnels. ZyWALL USG 50 User's Guide 49 Ethernet ...and link High Availability (HA). Trunk Create and manage trunks (groups of interfaces) for users and groups. HTTP Redirect Set up and manage port forwarding rules. Policy Define rules to all connections. VLAN Create and manage VLAN interfaces and virtual VLAN interfaces. ...
User Manual
Page 88
...Interfaces are in the ZyWALL. Use the Object Reference screen (Section 3.3.3.3 on page 105. Use interfaces in configuring other features. 88 ZyWALL USG 50 User's Guide You use...Port roles combine physical ports into interfaces. Chapter 6 Configuration Basics change an Ethernet interface's IP address, the ZyWALL automatically updates the rules or settings that use physical ports when configuring port..., and application patrol. Physical Ethernet Ports (P1, P2, ...) The physical port is a group of zones, interfaces, and physical ports in a screen that use interfaces and...
...Interfaces are in the ZyWALL. Use the Object Reference screen (Section 3.3.3.3 on page 105. Use interfaces in configuring other features. 88 ZyWALL USG 50 User's Guide You use...Port roles combine physical ports into interfaces. Chapter 6 Configuration Basics change an Ethernet interface's IP address, the ZyWALL automatically updates the rules or settings that use physical ports when configuring port..., and application patrol. Physical Ethernet Ports (P1, P2, ...) The physical port is a group of zones, interfaces, and physical ports in a screen that use interfaces and...
User Manual
Page 96
...Configuration > Network > Interface (except Network > Interface > Trunk) PREREQUISITES Port groups (configured in the Interface > Port Grouping screen) WHERE USED Zones, trunks, IPSec VPN, DDNS, policy routes, static routes, HTTP redirect, NAT, application patrol Example: The dmz interface is no security applied...dmz's settings, click Network > Interface > Ethernet and then the dmz's Edit icon. 96 ZyWALL USG 50 User's Guide You must have a valid subscription to update the ZyWALL's signature packages for anti-virus and IDP/application patrol), Internet access to myZyXEL.com. Note...
...Configuration > Network > Interface (except Network > Interface > Trunk) PREREQUISITES Port groups (configured in the Interface > Port Grouping screen) WHERE USED Zones, trunks, IPSec VPN, DDNS, policy routes, static routes, HTTP redirect, NAT, application patrol Example: The dmz interface is no security applied...dmz's settings, click Network > Interface > Ethernet and then the dmz's Edit icon. 96 ZyWALL USG 50 User's Guide You must have a valid subscription to update the ZyWALL's signature packages for anti-virus and IDP/application patrol), Internet access to myZyXEL.com. Note...
User Manual
Page 99
... to make computers on a private network behind the ZyWALL available outside the private network. ZyWALL USG 50 User's Guide 99 You could configure a NAT rule to forwards FTP sessions from the WAN to the DMZ. 1 Click Configuration > Network > NAT to a DMZ port. MENU ITEM(S) Configuration > Network > NAT PREREQUISITES ...the entry. 3 Select the WAN interface that the FTP traffic is to come in both the Original and the Mapped Port fields. 6.5.11 HTTP Redirect Configure this mapping. This can speed up web browsing because the proxy server keeps copies of your users needs to ...
... to make computers on a private network behind the ZyWALL available outside the private network. ZyWALL USG 50 User's Guide 99 You could configure a NAT rule to forwards FTP sessions from the WAN to the DMZ. 1 Click Configuration > Network > NAT to a DMZ port. MENU ITEM(S) Configuration > Network > NAT PREREQUISITES ...the entry. 3 Select the WAN interface that the FTP traffic is to come in both the Original and the Mapped Port fields. 6.5.11 HTTP Redirect Configure this mapping. This can speed up web browsing because the proxy server keeps copies of your users needs to ...
User Manual
Page 100
... 100 ZyWALL USG 50 User's Guide It does check regular (through NAT on the ZyWALL. Policy Use authentication policies to control who can also specify additional signaling port numbers. You can authenticate users (require them to log in) and even perform Endpoint Security (EPS) checking to go through -ZyWALL) firewall rules. MENU ITEM(S) Configuration > Network > HTTP Redirect...
... 100 ZyWALL USG 50 User's Guide It does check regular (through NAT on the ZyWALL. Policy Use authentication policies to control who can also specify additional signaling port numbers. You can authenticate users (require them to log in) and even perform Endpoint Security (EPS) checking to go through -ZyWALL) firewall rules. MENU ITEM(S) Configuration > Network > HTTP Redirect...
User Manual
Page 334
... its last-saved settings. 18.2.1 The HTTP Redirect Edit Screen Click Network > HTTP Redirect to open the HTTP Redirect screen. Port Enter the port number that the proxy server uses. Figure 199 Network > HTTP Redirect > Edit The following table describes the labels in this screen without saving. 334 ZyWALL USG 50 User's Guide Then click the Add or Edit...
... its last-saved settings. 18.2.1 The HTTP Redirect Edit Screen Click Network > HTTP Redirect to open the HTTP Redirect screen. Port Enter the port number that the proxy server uses. Figure 199 Network > HTTP Redirect > Edit The following table describes the labels in this screen without saving. 334 ZyWALL USG 50 User's Guide Then click the Add or Edit...
User Manual
Page 693
...the IP address specified above can use the default policy. ZyWALL USG 50 User's Guide 693 This is the index number of a number is the ZyWALL's (non-configurable) default policy. Admin/User Service Control...218 Configuration > System > WWW > Service Control (continued) LABEL DESCRIPTION Server Port The HTTPS server listens on the ZyWALL the user is allowed or denied to access. You can also specify the IP... Control specifies from which zones a user can manage the ZyWALL. Click this to redirect all HTTP connection requests to create a new entry after the selected entry. It is...
...the IP address specified above can use the default policy. ZyWALL USG 50 User's Guide 693 This is the index number of a number is the ZyWALL's (non-configurable) default policy. Admin/User Service Control...218 Configuration > System > WWW > Service Control (continued) LABEL DESCRIPTION Server Port The HTTPS server listens on the ZyWALL the user is allowed or denied to access. You can also specify the IP... Control specifies from which zones a user can manage the ZyWALL. Click this to redirect all HTTP connection requests to create a new entry after the selected entry. It is...
User Manual
Page 776
...NAT MAX. Virtual Server Number Trigger Port Rules HTTP Redirect New Session Rate (sessions per second) FIREWALL Firewall ACL Rules Maximum Session Limit per Host Rules APPLICATION PATROL Maximum Rules for Other Protocols Maximum Rules for Each Protocol Default Ports USER PROFILES Maximum Local Users Maximum ...Admin Users Maximum User Groups Maximum Users in One User Group OBJECTS Address Objects 16 4 per interface 2 4 4 128 200 10,000 1024 8K 256 up to 8 per PR rule up to interface limit 1000 500 1000 16 16 8 128 5 32 128 200 776 ZyWALL USG 50...
...NAT MAX. Virtual Server Number Trigger Port Rules HTTP Redirect New Session Rate (sessions per second) FIREWALL Firewall ACL Rules Maximum Session Limit per Host Rules APPLICATION PATROL Maximum Rules for Other Protocols Maximum Rules for Each Protocol Default Ports USER PROFILES Maximum Local Users Maximum ...Admin Users Maximum User Groups Maximum Users in One User Group OBJECTS Address Objects 16 4 per interface 2 4 4 128 200 10,000 1024 8K 256 up to 8 per PR rule up to interface limit 1000 500 1000 16 16 8 128 5 32 128 200 776 ZyWALL USG 50...
User Manual
Page 923
... see ALG application order 91 application patrol 437 actions 438 and firewall 438 and HTTP redirect 332 bandwidth management 439 bandwidth management behavior 441 bandwidth management examples 443 bandwidth statistics 188 ..., 442, 456, 461 over allotment of bandwidth 443 port-less 438 ports 438 prerequisites 102 priority 443 priority effect 442 protocol statistics 189, 190 registration status 448 service ports 438 statistics 187 trial service activation 212 troubleshooting 760,...server 617 authentication algorithms 309, 399, 400 and active protocol 400 ZyWALL USG 50 User's Guide 923
... see ALG application order 91 application patrol 437 actions 438 and firewall 438 and HTTP redirect 332 bandwidth management 439 bandwidth management behavior 441 bandwidth management examples 443 bandwidth statistics 188 ..., 442, 456, 461 over allotment of bandwidth 443 port-less 438 ports 438 prerequisites 102 priority 443 priority effect 442 protocol statistics 189, 190 registration status 448 service ports 438 statistics 187 trial service activation 212 troubleshooting 760,...server 617 authentication algorithms 309, 399, 400 and active protocol 400 ZyWALL USG 50 User's Guide 923
User Manual
Page 928
...and address objects 354, 370 and ALG 335, 338 and application patrol 438 and HTTP redirect 332 and H.323 (ALG) 336 and IPSec SA 360 and IPSec VPN 768 and logs 355, 370 and NAT 366 and port triggering 290, 765 and schedules 355, 370, 454, 457, 460 and service groups ...additional signaling port 341 ALG 335 and address groups 715 and address objects 715 and certificates 714 and zones 715 signaling port 341 troubleshooting 766 with Transport Layer Security (TLS) 714 full tunnel mode 41, 411, 416 Fully-Qualified Domain Name, see FQDN G gateway policy, see VPN gateways ge1 32 ZyWALL USG 50 User's ...
...and address objects 354, 370 and ALG 335, 338 and application patrol 438 and HTTP redirect 332 and H.323 (ALG) 336 and IPSec SA 360 and IPSec VPN 768 and logs 355, 370 and NAT 366 and port triggering 290, 765 and schedules 355, 370, 454, 457, 460 and service groups ...additional signaling port 341 ALG 335 and address groups 715 and address objects 715 and certificates 714 and zones 715 signaling port 341 troubleshooting 766 with Transport Layer Security (TLS) 714 full tunnel mode 41, 411, 416 Fully-Qualified Domain Name, see FQDN G gateway policy, see VPN gateways ge1 32 ZyWALL USG 50 User's ...
User Manual
Page 929
... 498 host-based intrusions 510 HSDPA 242 HTTP inspection 521, 529 over SSL, see HTTPS redirect to HTTPS 693 vs HTTPS 691 HTTP redirect 331 and application patrol 332 and firewall 332 and interfaces 334 and policy routes 332 configuration ...32 ge3 32 Generic Routing Encapsulation, see HTTPS H.323 139, 342 additional signaling port 340 ALG 335, 342 and firewall 336 and RTP 342 signaling port 340 troubleshooting 766 I ICMP 606 code 504 datagram length 532 decoder 521, 529...group 491 severity 489 signature categories 490 signature ID 489 signatures 479 Index ZyWALL USG 50 User's Guide 929
... 498 host-based intrusions 510 HSDPA 242 HTTP inspection 521, 529 over SSL, see HTTPS redirect to HTTPS 693 vs HTTPS 691 HTTP redirect 331 and application patrol 332 and firewall 332 and interfaces 334 and policy routes 332 configuration ...32 ge3 32 Generic Routing Encapsulation, see HTTPS H.323 139, 342 additional signaling port 340 ALG 335, 342 and firewall 336 and RTP 342 signaling port 340 troubleshooting 766 I ICMP 606 code 504 datagram length 532 decoder 521, 529...group 491 severity 489 signature categories 490 signature ID 489 signatures 479 Index ZyWALL USG 50 User's Guide 929
User Manual
Page 930
...port groups. where used 96 Internet access troubleshooting 760, 769 Internet Control Message Protocol, see ICMP Internet Explorer 43 Internet Message Access Protocol, see also Ethernet interfaces. cellular 216 configuration overview 96 default configuration 89 DHCP clients 267 Ethernet, see IMAP 566 ZyWALL USG 50...404 ID type 402 IP address, remote IPSec router 399 IP address, ZyXEL device 399 local identity 402 main mode 399, 403 NAT traversal 404 ..., 215 and DNS servers 269 and HTTP redirect 334 and layer-3 virtualization 216 and NAT 325 and physical ports 88, 216 and policy routes 289 and ...
...port groups. where used 96 Internet access troubleshooting 760, 769 Internet Control Message Protocol, see ICMP Internet Explorer 43 Internet Message Access Protocol, see also Ethernet interfaces. cellular 216 configuration overview 96 default configuration 89 DHCP clients 267 Ethernet, see IMAP 566 ZyWALL USG 50...404 ID type 402 IP address, remote IPSec router 399 IP address, ZyXEL device 399 local identity 402 main mode 399, 403 NAT traversal 404 ..., 215 and DNS servers 269 and HTTP redirect 334 and layer-3 virtualization 216 and NAT 325 and physical ports 88, 216 and policy routes 289 and ...
User Manual
Page 935
... in IPSec 383 policy route troubleshooting 761, 770 policy routes 282 actions 284 and address objects 288 and ALG 337, 338, 341 and HTTP redirect 332 and interfaces 289 and NAT 282 and schedules 288, 451, 454, 457, 460 and service objects 606 and trunks 272, 289 and ...port sweep 526 port translation, see NAT port triggering 294 and firewall 290, 765 and policy routes 290 and service groups 290 and services 290 troubleshooting 765 Post Office Protocol, see PPPoE. Point-to -Point Protocol over Ethernet, see POP 566 power off 35, 757 power on 35 PPP 270 troubleshooting 762 ZyWALL USG 50...
... in IPSec 383 policy route troubleshooting 761, 770 policy routes 282 actions 284 and address objects 288 and ALG 337, 338, 341 and HTTP redirect 332 and interfaces 289 and NAT 282 and schedules 288, 451, 454, 457, 460 and service objects 606 and trunks 272, 289 and ...port sweep 526 port translation, see NAT port triggering 294 and firewall 290, 765 and policy routes 290 and service groups 290 and services 290 troubleshooting 765 Post Office Protocol, see PPPoE. Point-to -Point Protocol over Ethernet, see POP 566 power off 35, 757 power on 35 PPP 270 troubleshooting 762 ZyWALL USG 50...
User Manual
Page 941
...firewall 761 firmware package 769 firmware upload 772 FTP 766 HTTP redirect 766 H.323 766 IDP 760, 764 IDP signatures update 760 ...overview 97 member interface mode 278 member interfaces 278 prerequisites 97 see also load balancing 271 tutorial 115 ZyWALL USG 50 User's Guide Index where used 97 Trusted Certificates, see also certificates 647 TTCP-detected attack 531 ...packet 489, 524 decoder 521, 529 decoy portscan 526 distributed portscan 526 flood attack 529 messages 605 port numbers 606 portscan 525 portsweep 526 u-encoding attack 530 UltraVNC 660 undersize-len attack 531 undersize-offset ...
...firewall 761 firmware package 769 firmware upload 772 FTP 766 HTTP redirect 766 H.323 766 IDP 760, 764 IDP signatures update 760 ...overview 97 member interface mode 278 member interfaces 278 prerequisites 97 see also load balancing 271 tutorial 115 ZyWALL USG 50 User's Guide Index where used 97 Trusted Certificates, see also certificates 647 TTCP-detected attack 531 ...packet 489, 524 decoder 521, 529 decoy portscan 526 distributed portscan 526 flood attack 529 messages 605 port numbers 606 portscan 525 portsweep 526 u-encoding attack 530 UltraVNC 660 undersize-len attack 531 undersize-offset ...