User Manual
Page 6
... "1024", "M" for mega may denote "1000000" or "1048576" and so on your device. Warnings tell you other important information (for example, other words". 6 ZyWALL USG 50 User's Guide Note: Notes tell you about things that screen. • Units of the predefined choices. • A right angle bracket ( > ) within a ..."metric" value or the "scientific" value. For example, Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that could harm you or your keyboard. • "Enter" ...
... "1024", "M" for mega may denote "1000000" or "1048576" and so on your device. Warnings tell you other important information (for example, other words". 6 ZyWALL USG 50 User's Guide Note: Notes tell you about things that screen. • Units of the predefined choices. • A right angle bracket ( > ) within a ..."metric" value or the "scientific" value. For example, Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that could harm you or your keyboard. • "Enter" ...
User Manual
Page 11
... This User's Guide ...3 Document Conventions...6 Safety Warnings...8 Contents Overview ...9 Table of Contents...11 Part I: User's Guide 29 Chapter 1 Introducing the ZyWALL ...31 1.1 Overview and Key Default Settings 31 1.2 Rack-mounted Installation 32 1.2.1 Rack-Mounted Installation Procedure 32 1.3 Front Panel ...33 1.3.1 Front Panel LEDs ...33 1.4 Management Overview ...34...Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...45 3.3.2 Navigation Panel ...47 ZyWALL USG 50 User's Guide 11
... This User's Guide ...3 Document Conventions...6 Safety Warnings...8 Contents Overview ...9 Table of Contents...11 Part I: User's Guide 29 Chapter 1 Introducing the ZyWALL ...31 1.1 Overview and Key Default Settings 31 1.2 Rack-mounted Installation 32 1.2.1 Rack-Mounted Installation Procedure 32 1.3 Front Panel ...33 1.3.1 Front Panel LEDs ...33 1.4 Management Overview ...34...Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...45 3.3.2 Navigation Panel ...47 ZyWALL USG 50 User's Guide 11
User Manual
Page 12
... WAN Interface Quick Setup 70 5.2.1 Choose an Ethernet Interface 70 5.2.2 Select WAN Type ...70 5.2.3 Configure WAN Settings 71 5.2.4 WAN and ISP Connection Settings 72 5.2.5 Quick Setup Interface Wizard: Summary 74 5.3 VPN Quick Setup ...75 5.4 VPN Setup Wizard: Wizard Type... Ports 88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 89 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50 User's Guide Configuration 78 5.5.2 VPN Express Wizard - Phase 1 Settings 82 5.5.6 VPN Advanced Wizard - Scenario 81 5.5.5 VPN Advanced Wizard - Phase 2 84 5.5.7 VPN...
... WAN Interface Quick Setup 70 5.2.1 Choose an Ethernet Interface 70 5.2.2 Select WAN Type ...70 5.2.3 Configure WAN Settings 71 5.2.4 WAN and ISP Connection Settings 72 5.2.5 Quick Setup Interface Wizard: Summary 74 5.3 VPN Quick Setup ...75 5.4 VPN Setup Wizard: Wizard Type... Ports 88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 89 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50 User's Guide Configuration 78 5.5.2 VPN Express Wizard - Phase 1 Settings 82 5.5.6 VPN Advanced Wizard - Scenario 81 5.5.5 VPN Advanced Wizard - Phase 2 84 5.5.7 VPN...
User Manual
Page 14
... Rule For H.323 142 7.10 How to Allow Public Access to a Web Server 143 7.10.1 Create the Address Objects 144 7.10.2 Configure NAT ...144 7.10.3 Set Up a Firewall Rule 145 7.11 How to Use an IPPBX on the DMZ 146 7.11.1 Turn On the ALG ...148 7.11.2 Create the Address Objects....5 Set Up a DMZ to LAN Firewall Rule for SIP 151 7.12 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic 152 7.12.1 Create the Public IP Address Range Object 152 7.12.2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User...
... Rule For H.323 142 7.10 How to Allow Public Access to a Web Server 143 7.10.1 Create the Address Objects 144 7.10.2 Configure NAT ...144 7.10.3 Set Up a Firewall Rule 145 7.11 How to Use an IPPBX on the DMZ 146 7.11.1 Turn On the ALG ...148 7.11.2 Create the Address Objects....5 Set Up a DMZ to LAN Firewall Rule for SIP 151 7.12 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic 152 7.12.1 Create the Public IP Address Range Object 152 7.12.2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User...
User Manual
Page 19
...You Need to Know 411 24.2 The SSL Access Privilege Screen 413 24.2.1 The SSL Access Policy Add/Edit Screen 414 24.3 The SSL Global Setting Screen 416 24.3.1 How to Upload a Custom Logo 418 24.4 Establishing an SSL VPN Connection 419 Chapter 25 SSL User Screens ...421 25.1 ... ...422 25.3 The SSL VPN User Screens 427 25.4 Bookmarking the ZyWALL 428 25.5 Logging Out of the SSL VPN User Screens 428 Chapter 26 SSL User Application Screens 431 26.1 SSL User Application Screens Overview 431 26.2 The Application Screen 431 Chapter 27 ZyWALL SecuExtender...433 ZyWALL USG 50 User's Guide 19
...You Need to Know 411 24.2 The SSL Access Privilege Screen 413 24.2.1 The SSL Access Policy Add/Edit Screen 414 24.3 The SSL Global Setting Screen 416 24.3.1 How to Upload a Custom Logo 418 24.4 Establishing an SSL VPN Connection 419 Chapter 25 SSL User Screens ...421 25.1 ... ...422 25.3 The SSL VPN User Screens 427 25.4 Bookmarking the ZyWALL 428 25.5 Logging Out of the SSL VPN User Screens 428 Chapter 26 SSL User Application Screens 431 26.1 SSL User Application Screens Overview 431 26.2 The Application Screen 431 Chapter 27 ZyWALL SecuExtender...433 ZyWALL USG 50 User's Guide 19
User Manual
Page 22
....2.1 User Add/Edit Screen 586 35.3 User Group Summary Screen 589 35.3.1 Group Add/Edit Screen 590 35.4 Setting Screen ...591 35.4.1 Default User Authentication Timeout Settings Edit Screens 594 35.4.2 User Aware Login Example 596 35.5 User /Group Technical Reference 597 Chapter 36 Addresses...599 36.1 Overview ...599 22 ZyWALL USG 50 User's Guide
....2.1 User Add/Edit Screen 586 35.3 User Group Summary Screen 589 35.3.1 Group Add/Edit Screen 590 35.4 Setting Screen ...591 35.4.1 Default User Authentication Timeout Settings Edit Screens 594 35.4.2 User Aware Login Example 596 35.5 User /Group Technical Reference 597 Chapter 36 Addresses...599 36.1 Overview ...599 22 ZyWALL USG 50 User's Guide
User Manual
Page 26
...723 46.1.1 What You Can Do In this Chapter 723 46.2 Email Daily Report ...723 46.3 Log Setting Screens ...725 46.3.1 Log Setting Summary 726 46.3.2 Edit System Log Settings 727 46.3.3 Edit Remote Server Log Settings 732 46.3.4 Active Log Summary Screen 734 Chapter 47 File Manager ...737 47.1 Overview ...737 47.1.1...a Packet Capture File 753 Chapter 49 Reboot...755 49.1 Overview ...755 49.1.1 What You Need To Know 755 49.2 The Reboot Screen ...755 Chapter 50 Shutdown...757 50.1 Overview ...757 50.1.1 What You Need To Know 757 50.2 The Shutdown Screen ...757 26 ZyWALL USG 50 User's Guide
...723 46.1.1 What You Can Do In this Chapter 723 46.2 Email Daily Report ...723 46.3 Log Setting Screens ...725 46.3.1 Log Setting Summary 726 46.3.2 Edit System Log Settings 727 46.3.3 Edit Remote Server Log Settings 732 46.3.4 Active Log Summary Screen 734 Chapter 47 File Manager ...737 47.1 Overview ...737 47.1.1...a Packet Capture File 753 Chapter 49 Reboot...755 49.1 Overview ...755 49.1.1 What You Need To Know 755 49.2 The Reboot Screen ...755 Chapter 50 Shutdown...757 50.1 Overview ...757 50.1.1 What You Need To Know 757 50.2 The Shutdown Screen ...757 26 ZyWALL USG 50 User's Guide
User Manual
Page 31
... Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other powerful features. You can set up the network and enforce security policies efficiently. ZyWALL USG 50 User's Guide 31 You can deploy the ZyWALL as a transparent firewall in an existing network with the reliability of the LAN1, or DMZ. The DeMilitarized Zone...
... Peer (P2P) control, NAT, port forwarding, policy routing, DHCP server and many other powerful features. You can set up the network and enforce security policies efficiently. ZyWALL USG 50 User's Guide 31 You can deploy the ZyWALL as a transparent firewall in an existing network with the reliability of the LAN1, or DMZ. The DeMilitarized Zone...
User Manual
Page 35
...Shutdown > Shutdown or the shutdown command before you turn off or remove the power. The ZyWALL simply turns off. The default settings for more information about the CLI. Table 3 Starting and Stopping the ZyWALL METHOD DESCRIPTION Turning on the power A cold start (without powering down and then manually ... so can use the Reboot button in the Reboot screen or when you press the RESET button, the ZyWALL sets the configuration to its default values and then reboots. ZyWALL USG 50 User's Guide 35 See the Command Reference Guide for the console port are some of the ways to ...
...Shutdown > Shutdown or the shutdown command before you turn off or remove the power. The ZyWALL simply turns off. The default settings for more information about the CLI. Table 3 Starting and Stopping the ZyWALL METHOD DESCRIPTION Turning on the power A cold start (without powering down and then manually ... so can use the Reboot button in the Reboot screen or when you press the RESET button, the ZyWALL sets the configuration to its default values and then reboots. ZyWALL USG 50 User's Guide 35 See the Command Reference Guide for the console port are some of the ways to ...
User Manual
Page 37
...Anomaly Detection and Protection), and certificates. High Availability To ensure the ZyWALL provides reliable, secure Internet access, set up one or more 3G (cellular) connections. Flexible Security Zones Many security settings are made by zone, not by interface, port, or network....ZyWALL. You can add interfaces and VPN tunnels to provide secure communication between these ports. • One or more of the following: • Multiple WAN ports and configure load balancing between two sites over the Internet or any insecure network that uses TCP/IP for communication. ZyWALL USG 50...
...Anomaly Detection and Protection), and certificates. High Availability To ensure the ZyWALL provides reliable, secure Internet access, set up one or more 3G (cellular) connections. Flexible Security Zones Many security settings are made by zone, not by interface, port, or network....ZyWALL. You can add interfaces and VPN tunnels to provide secure communication between these ports. • One or more of the following: • Multiple WAN ports and configure load balancing between two sites over the Internet or any insecure network that uses TCP/IP for communication. ZyWALL USG 50...
User Manual
Page 40
Figure 5 Applications: VPN Connectivity 2.2.2 SSL VPN Network Access You can also set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to your network. You can configure the ZyWALL to provide SSL VPN network access to provide better service. Chapter 2 Features and Applications 2.2.1 VPN Connectivity Set up additional connections to the Internet to remote users. 40 ZyWALL USG 50 User's Guide
Figure 5 Applications: VPN Connectivity 2.2.2 SSL VPN Network Access You can also set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to your network. You can configure the ZyWALL to provide SSL VPN network access to provide better service. Chapter 2 Features and Applications 2.2.1 VPN Connectivity Set up additional connections to the Internet to remote users. 40 ZyWALL USG 50 User's Guide
User Manual
Page 42
In either case, you can balance the loads between them. Chapter 2 Features and Applications 2.2.3 User-Aware Access Control Set up multiple connections on the user who is trying to sensitive information and shared resources based on different ports. Figure 8 Applications: Multiple WAN Interfaces 42 ZyWALL USG 50 User's Guide Figure 7 Applications: User-Aware Access Control 2.2.4 Multiple WAN Interfaces Set up multiple connections to the Internet on the same port, or set up security policies that restrict access to access it.
In either case, you can balance the loads between them. Chapter 2 Features and Applications 2.2.3 User-Aware Access Control Set up multiple connections on the user who is trying to sensitive information and shared resources based on different ports. Figure 8 Applications: Multiple WAN Interfaces 42 ZyWALL USG 50 User's Guide Figure 7 Applications: User-Aware Access Control 2.2.4 Multiple WAN Interfaces Set up multiple connections to the Internet on the same port, or set up security policies that restrict access to access it.
User Manual
Page 44
... number the next time you logged in the One-Time Password field. If you log in. 4 Click Login. Figure 10 Update Admin Info Screen 44 ZyWALL USG 50 User's Guide The number is configured to use an ASAS authentication server, use the token to its HTTPS server, and it in using the default.... If your web browser, and go to generate a number. You must use the OTP (One-Time Password) token to http://192.168.1.1. By default, the ZyWALL automatically routes this setting. Figure 9 Login Screen 3 Type the user name (default: "admin") and password (default: "1234").
... number the next time you logged in the One-Time Password field. If you log in. 4 Click Login. Figure 10 Update Admin Info Screen 44 ZyWALL USG 50 User's Guide The number is configured to use an ASAS authentication server, use the token to its HTTPS server, and it in using the default.... If your web browser, and go to generate a number. You must use the OTP (One-Time Password) token to http://192.168.1.1. By default, the ZyWALL automatically routes this setting. Figure 9 Login Screen 3 Type the user name (default: "admin") and password (default: "1234").
User Manual
Page 49
... various policies. Routing Policy Route Create and manage routing policies. RIP Configure device-level RIP settings. Auth. Session Limit Limit the number of IP addresses to each supported interface. VPN IPSec VPN VPN Connection Configure IPSec tunnels. ZyWALL USG 50 User's Guide 49 Ethernet Manage Ethernet interfaces and virtual Ethernet interfaces. Cellular Configure a cellular...
... various policies. Routing Policy Route Create and manage routing policies. RIP Configure device-level RIP settings. Auth. Session Limit Limit the number of IP addresses to each supported interface. VPN IPSec VPN VPN Connection Configure IPSec tunnels. ZyWALL USG 50 User's Guide 49 Ethernet Manage Ethernet interfaces and virtual Ethernet interfaces. Cellular Configure a cellular...
User Manual
Page 50
...Profile Create and manage ADP profiles. Black/White List Set up anti-virus policies and check the anti-virus engine type and the antivirus license and signature status. Group Create and manage groups of addresses. 50 ZyWALL USG 50 User's Guide Address Group Create and manage groups ...of users. Content Filter General Create and manage content filter policies. Object User/Group User Create and manage users. Black/White List Set up anti-virus black (blocked) and...
...Profile Create and manage ADP profiles. Black/White List Set up anti-virus policies and check the anti-virus engine type and the antivirus license and signature status. Group Create and manage groups of addresses. 50 ZyWALL USG 50 User's Guide Address Group Create and manage groups ...of users. Content Filter General Create and manage content filter policies. Object User/Group User Create and manage users. Black/White List Set up anti-virus black (blocked) and...
User Manual
Page 51
... Configure the default RADIUS settings. Console Speed Set the console speed. SSH Configure SSH server and SSH service settings. Language Select the Web Configurator language. Log & Report ZyWALL USG 50 User's Guide 51 Endpoint Security Create Endpoint Security (EPS) objects. Date/Time Configure the current date, time, and time zone in the ZyWALL. AAA Server Active Directory...
... Configure the default RADIUS settings. Console Speed Set the console speed. SSH Configure SSH server and SSH service settings. Language Select the Web Configurator language. Log & Report ZyWALL USG 50 User's Guide 51 Endpoint Security Create Endpoint Security (EPS) objects. Date/Time Configure the current date, time, and time zone in the ZyWALL. AAA Server Active Directory...
User Manual
Page 52
...the current firmware version and to send. Shell Script Manage and run diagnostics, and reboot or shut down the ZyWALL. Packet Capture Capture packets for the ZyWALL. Log Setting Configure the system log, e-mail logs, and remote syslog servers. 3.3.2.4 Maintenance Menu Use the maintenance menu ... Window The main window shows the screen you log in the navigation panel. Figure 15 Warning Message 52 ZyWALL USG 50 User's Guide Reboot Restart the ZyWALL. Right after you select in , the Dashboard screen is displayed. Table 8 Maintenance Menu Screens Summary FOLDER OR...
...the current firmware version and to send. Shell Script Manage and run diagnostics, and reboot or shut down the ZyWALL. Packet Capture Capture packets for the ZyWALL. Log Setting Configure the system log, e-mail logs, and remote syslog servers. 3.3.2.4 Maintenance Menu Use the maintenance menu ... Window The main window shows the screen you log in the navigation panel. Figure 15 Warning Message 52 ZyWALL USG 50 User's Guide Reboot Restart the ZyWALL. Right after you select in , the Dashboard screen is displayed. Table 8 Maintenance Menu Screens Summary FOLDER OR...
User Manual
Page 53
... Site Map 3.3.3.3 Object Reference Click Object Reference to the Web Configurator screens. The following example shows which configuration settings reference the object. Click a screen's link to go to show which configuration settings reference the ldap-users user object (in this case the first firewall rule). Figure 17 Object Reference ZyWALL USG 50 User's Guide 53
... Site Map 3.3.3.3 Object Reference Click Object Reference to the Web Configurator screens. The following example shows which configuration settings reference the object. Click a screen's link to go to show which configuration settings reference the ldap-users user object (in this case the first firewall rule). Figure 17 Object Reference ZyWALL USG 50 User's Guide 53
User Manual
Page 54
... the following. Service This is not associated with the type of setting that references the object. Name This field identifies the configuration item that references the selected object. See the Command Reference Guide for how to display their entries. 54 ZyWALL USG 50 User's Guide Description If the referencing configuration item has a description configured...
... the following. Service This is not associated with the type of setting that references the object. Name This field identifies the configuration item that references the selected object. See the Command Reference Guide for how to display their entries. 54 ZyWALL USG 50 User's Guide Description If the referencing configuration item has a description configured...
User Manual
Page 57
...entries. Activate To turn off an entry, select it before doing so. Move To change an entry's position in the table. In some lists ZyWALL USG 50 User's Guide 57 Remove To remove an entry, select it and click Activate. You can select an entry and click Add to open a screen... after the selected entry. For example, if you type 6, the entry you want to open a screen that you can modify the entry's settings. The ZyWALL confirms you want to put that you can often use the entry. Inactivate To turn on page 230 for the most common table icons. Edit...
...entries. Activate To turn off an entry, select it before doing so. Move To change an entry's position in the table. In some lists ZyWALL USG 50 User's Guide 57 Remove To remove an entry, select it and click Activate. You can select an entry and click Add to open a screen... after the selected entry. For example, if you type 6, the entry you want to open a screen that you can modify the entry's settings. The ZyWALL confirms you want to put that you can often use the entry. Inactivate To turn on page 230 for the most common table icons. Edit...