User Manual
Page 3
E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide, use the Contents Overview, the Table of features available on the ZyWALL. • Read Chapter 3 on page 43 for web browser requirements and an introduction to the main components, icons and menus in the Web Configurator... what the real time online help for information on page 31 chapter for an overview of Contents, the Index, or search the PDF file. ZyWALL USG 50 User's Guide 3 About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to want to ...
E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide, use the Contents Overview, the Table of features available on the ZyWALL. • Read Chapter 3 on page 43 for web browser requirements and an introduction to the main components, icons and menus in the Web Configurator... what the real time online help for information on page 31 chapter for an overview of Contents, the Index, or search the PDF file. ZyWALL USG 50 User's Guide 3 About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to want to ...
User Manual
Page 4
... in any screen for help in order to better understand how to use your product. • Knowledge Base If you have a specific question about ZyXEL products. 4 ZyWALL USG 50 User's Guide The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Read the Tech Doc Overview to find out...
... in any screen for help in order to better understand how to use your product. • Knowledge Base If you have a specific question about ZyXEL products. 4 ZyWALL USG 50 User's Guide The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Read the Tech Doc Overview to find out...
User Manual
Page 10
Contents Overview Addresses ...599 Services ...605 Schedules ...611 AAA Server ...617 Authentication Method ...627 Certificates ...633 ISP Accounts ...655 SSL Application ...659 Endpoint Security ...665 System ...675 Log and Report ...723 File Manager ...737 Diagnostics ...749 Reboot ...755 Shutdown ...757 Troubleshooting ...759 Product Specifications ...775 10 ZyWALL USG 50 User's Guide
Contents Overview Addresses ...599 Services ...605 Schedules ...611 AAA Server ...617 Authentication Method ...627 Certificates ...633 ISP Accounts ...655 SSL Application ...659 Endpoint Security ...665 System ...675 Log and Report ...723 File Manager ...737 Diagnostics ...749 Reboot ...755 Shutdown ...757 Troubleshooting ...759 Product Specifications ...775 10 ZyWALL USG 50 User's Guide
User Manual
Page 27
Table of Contents Chapter 51 Troubleshooting...759 51.1 Resetting the ZyWALL ...773 51.2 Getting More Troubleshooting Help 774 Chapter 52 Product Specifications ...775 52.1 Power Adaptor Specifications 780 Appendix A Log Descriptions 783 Appendix B Common Services 841 Appendix C Importing Certificates 845 Appendix D Open Software Announcements 871 Appendix E Legal Information 917 Index...921 ZyWALL USG 50 User's Guide 27
Table of Contents Chapter 51 Troubleshooting...759 51.1 Resetting the ZyWALL ...773 51.2 Getting More Troubleshooting Help 774 Chapter 52 Product Specifications ...775 52.1 Power Adaptor Specifications 780 Appendix A Log Descriptions 783 Appendix B Common Services 841 Appendix C Importing Certificates 845 Appendix D Open Software Announcements 871 Appendix E Legal Information 917 Index...921 ZyWALL USG 50 User's Guide 27
User Manual
Page 59
... services. See the feature-specific chapters in the upper right corner to display or hide the help. • Click Go to Dashboard to skip the installation setup wizard or click Next to configure and the first WAN interface's type of encapsulation and method of IP address assignment. ZyWALL USG 50 User's Guide 59 This...
... services. See the feature-specific chapters in the upper right corner to display or hide the help. • Click Go to Dashboard to skip the installation setup wizard or click Next to configure and the first WAN interface's type of encapsulation and method of IP address assignment. ZyWALL USG 50 User's Guide 59 This...
User Manual
Page 69
... the first Quick Setup screen. See Section 5.4 on configuring the quick setup screens in the ZyWALL if you configure Internet and VPN connection settings. See the feature-specific chapters in this link to configure a VPN (Virtual Private Network) tunnel for background information. ZyWALL USG 50 User's Guide 69 This chapter provides information on page 76.
... the first Quick Setup screen. See Section 5.4 on configuring the quick setup screens in the ZyWALL if you configure Internet and VPN connection settings. See the feature-specific chapters in this link to configure a VPN (Virtual Private Network) tunnel for background information. ZyWALL USG 50 User's Guide 69 This chapter provides information on page 76.
User Manual
Page 88
...object. Here is an overview of interfaces and VPN tunnels) simplify security settings. Use interfaces in configuring other features. 88 ZyWALL USG 50 User's Guide You use them. Figure 52 Zones, Interfaces, and Physical Ethernet Ports Zones Interfaces WAN wan1 wan2 Physical Ports ... Ports (P1, P2, ...) The physical port is a group of common objects, see what objects are configured and which configuration settings reference specific objects. 6.2 Zones, Interfaces, and Physical Ports Zones (groups of zones, interfaces, and physical ports in a screen that uses objects, you...
...object. Here is an overview of interfaces and VPN tunnels) simplify security settings. Use interfaces in configuring other features. 88 ZyWALL USG 50 User's Guide You use them. Figure 52 Zones, Interfaces, and Physical Ethernet Ports Zones Interfaces WAN wan1 wan2 Physical Ports ... Ports (P1, P2, ...) The physical port is a group of common objects, see what objects are configured and which configuration settings reference specific objects. 6.2 Zones, Interfaces, and Physical Ports Zones (groups of zones, interfaces, and physical ports in a screen that uses objects, you...
User Manual
Page 101
...Configure to control traffic for remote management. You could configure a firewall rule to allow VoIP sessions from the SIP proxy server on schedules, specific users (or user groups), source or destination addresses (or address groups) and services (or service groups). By default, the firewall only ... set to the LAN so VoIP users on the LAN can configure firewall rules based on DMZ to No. Note: The ZyWALL checks the firewall rules in the sequence. ZyWALL USG 50 User's Guide 101 You can receive calls. 1 Create a VoIP service object for UDP port 5060 traffic (Configuration > Object...
...Configure to control traffic for remote management. You could configure a firewall rule to allow VoIP sessions from the SIP proxy server on schedules, specific users (or user groups), source or destination addresses (or address groups) and services (or service groups). By default, the firewall only ... set to the LAN so VoIP users on the LAN can configure firewall rules based on DMZ to No. Note: The ZyWALL checks the firewall rules in the sequence. ZyWALL USG 50 User's Guide 101 You can receive calls. 1 Create a VoIP service object for UDP port 5060 traffic (Configuration > Object...
User Manual
Page 104
... You can access what content and at what to use the category-based content filtering. MENU ITEM(S) Configuration > Anti-X > Anti-Spam 104 ZyWALL USG 50 User's Guide You must have not done so already (Configuration > Object > User/Group). 2 Create a schedule for matched web sites (Block ...Profile. You can configure a category-based profile. 4 Name the profile and enable it ) and click OK. 8 Click General to go to specific categories of the wizards. Chapter 6 Configuration Basics 6.5.21 Content Filter Use content filtering to block or allow access to the screen where you can ...
... You can access what content and at what to use the category-based content filtering. MENU ITEM(S) Configuration > Anti-X > Anti-Spam 104 ZyWALL USG 50 User's Guide You must have not done so already (Configuration > Object > User/Group). 2 Create a schedule for matched web sites (Block ...Profile. You can configure a category-based profile. 4 Name the profile and enable it ) and click OK. 8 Click General to go to specific categories of the wizards. Chapter 6 Configuration Basics 6.5.21 Content Filter Use content filtering to block or allow access to the screen where you can ...
User Manual
Page 106
... SNMP, Vantage CNM, Language To-ZyWALL firewall, zones, addresses, address groups, certificates PREREQUISITES (WWW, SSH, FTP, Vantage CNM), authentication methods (WWW) 106 ZyWALL USG 50 User's Guide If you want to force users to log in the ZyWALL. Use Language to select a language...ZyWALL looks for the ZyWALL. MENU ITEM(S) Object > User/Group Addresses, address groups, schedules. Chapter 6 Configuration Basics 6.6.1 User/Group Use these screens to set the console speed. Use Host Name to configure the system and domain name for the specific type in the ZyWALL. The ZyWALL...
... SNMP, Vantage CNM, Language To-ZyWALL firewall, zones, addresses, address groups, certificates PREREQUISITES (WWW, SSH, FTP, Vantage CNM), authentication methods (WWW) 106 ZyWALL USG 50 User's Guide If you want to force users to log in the ZyWALL. Use Language to select a language...ZyWALL looks for the ZyWALL. MENU ITEM(S) Object > User/Group Addresses, address groups, schedules. Chapter 6 Configuration Basics 6.6.1 User/Group Use these screens to set the console speed. Use Host Name to configure the system and domain name for the specific type in the ZyWALL. The ZyWALL...
User Manual
Page 109
... the following example configuration (see Chapter 3 on page 89 for the default configuration). • You want to be able to set up features in the ZyWALL. ZyWALL USG 50 User's Guide 109 CHAPTER 7 Tutorials Here are examples of using the Web Configurator, see Section 6.2.2 on page 43 for all VPN tunnels so you create... uses a static IP address of 1.2.3.4. Note: The tutorials featured here require a basic understanding of connecting to and using the Web Configurator to apply security settings specifically for details.
... the following example configuration (see Chapter 3 on page 89 for the default configuration). • You want to be able to set up features in the ZyWALL. ZyWALL USG 50 User's Guide 109 CHAPTER 7 Tutorials Here are examples of using the Web Configurator, see Section 6.2.2 on page 43 for all VPN tunnels so you create... uses a static IP address of 1.2.3.4. Note: The tutorials featured here require a basic understanding of connecting to and using the Web Configurator to apply security settings specifically for details.
User Manual
Page 122
Chapter 7 Tutorials 7.5 How to Configure User-aware Access Control You can configure many policies and security settings for specific users or groups of traffic. See Bandwidth Management on bandwidth management. First, set up the following example, where you might create a...30~18:00) Boss (Andy) Yes 100K Yes Guest (guest) Yes 50K No Others No --- The ZyWALL has its default settings. 7.5.1 Set Up User Accounts Set up user authentication using the RADIUS server. Click the Add icon. 122 ZyWALL USG 50 User's Guide This is illustrated in the RADIUS server.
Chapter 7 Tutorials 7.5 How to Configure User-aware Access Control You can configure many policies and security settings for specific users or groups of traffic. See Bandwidth Management on bandwidth management. First, set up the following example, where you might create a...30~18:00) Boss (Andy) Yes 100K Yes Guest (guest) Yes 50K No Others No --- The ZyWALL has its default settings. 7.5.1 Set Up User Accounts Set up user authentication using the RADIUS server. Click the Add icon. 122 ZyWALL USG 50 User's Guide This is illustrated in the RADIUS server.
User Manual
Page 131
ZyWALL USG 50 User's Guide 131 Figure 83 Configuration > Firewall > Add 3 Repeat this process to set up firewall rules for one of the user groups that are allowed ... previous example showed how to have a RADIUS server authenticate individual user accounts. If the RADIUS server has different user groups distinguished by the value of a specific attribute, you can configure the make a couple of user accounts defined in the configuration to have the RADIUS server authenticate groups of slight changes in...
ZyWALL USG 50 User's Guide 131 Figure 83 Configuration > Firewall > Add 3 Repeat this process to set up firewall rules for one of the user groups that are allowed ... previous example showed how to have a RADIUS server authenticate individual user accounts. If the RADIUS server has different user groups distinguished by the value of a specific attribute, you can configure the make a couple of user accounts defined in the configuration to have the RADIUS server authenticate groups of slight changes in...
User Manual
Page 133
...the remaining groups of user accounts in the RADIUS server. Chapter 7 Tutorials 2 Now you add ext-group-user user objects to access the network. ZyWALL USG 50 User's Guide 133 Figure 85 Configuration > Object > User/Group > User > Add 3 Repeat this process to set the User Type to ext-group... to Use Endpoint Security and Authentication Policies Here is how to use endpoint security to make sure that users' computers meet specific security requirements before they are allowed to identify groups based on the group identifier values. Click Configuration > Object > User/Group > User.
...the remaining groups of user accounts in the RADIUS server. Chapter 7 Tutorials 2 Now you add ext-group-user user objects to access the network. ZyWALL USG 50 User's Guide 133 Figure 85 Configuration > Object > User/Group > User > Add 3 Repeat this process to set the User Type to ext-group... to Use Endpoint Security and Authentication Policies Here is how to use endpoint security to make sure that users' computers meet specific security requirements before they are allowed to identify groups based on the group identifier values. Click Configuration > Object > User/Group > User.
User Manual
Page 157
...specific MAC addresses. • Use the Current Users screen (see the ZyWALL's general device information, system status, system resource usage, licensed service status, and interface status. The dashboard displays general device information, system status, system resource usage, licensed service status, and ZyWALL USG 50... User's Guide 157 CHAPTER 8 Dashboard 8.1 Overview Use the Dashboard screens to check status information about the ZyWALL. 8.1.1 What You Can Do in the navigation panel.
...specific MAC addresses. • Use the Current Users screen (see the ZyWALL's general device information, system status, system resource usage, licensed service status, and interface status. The dashboard displays general device information, system status, system resource usage, licensed service status, and ZyWALL USG 50... User's Guide 157 CHAPTER 8 Dashboard 8.1 Overview Use the Dashboard screens to check status information about the ZyWALL. 8.1.1 What You Can Do in the navigation panel.
User Manual
Page 161
... default configuration - Fallback to the system default settings. See Section 8.2.1 on page 165. Click the icon to the ZyWALL. The ZyWALL was turned on. ZyWALL USG 50 User's Guide 161 Number of This field displays the number of the configuration failed after firmware update - OK - Problematic...VPN tunnels that can appear. DHCP Table Click this to the ZyWALL's DHCP clients and the IP addresses reserved for specific MAC addresses. Boot Status This field displays details about the ZyWALL's startup state. A firmware update was unable to apply the ...
... default configuration - Fallback to the system default settings. See Section 8.2.1 on page 165. Click the icon to the ZyWALL. The ZyWALL was turned on. ZyWALL USG 50 User's Guide 161 Number of This field displays the number of the configuration failed after firmware update - OK - Problematic...VPN tunnels that can appear. DHCP Table Click this to the ZyWALL's DHCP clients and the IP addresses reserved for specific MAC addresses. Boot Status This field displays details about the ZyWALL's startup state. A firmware update was unable to apply the ...
User Manual
Page 162
...when you display the entries by Signature Name. See Table 146 on page 490 for more information. Figure 115 Dashboard > CPU Usage 162 ZyWALL USG 50 User's Guide To access this screen, click CPU Usage in the list of the most commonly detected viruses. Top 5 Viruses # This...threat that the intrusions may pose. Signature Name The signature name identifies a specific intrusion pattern. Virus ID This is the IDentification number of intrusions. Severity This is how many times the ZyWALL has detected the event described in the list of the most commonly detected ...
...when you display the entries by Signature Name. See Table 146 on page 490 for more information. Figure 115 Dashboard > CPU Usage 162 ZyWALL USG 50 User's Guide To access this screen, click CPU Usage in the list of the most commonly detected viruses. Top 5 Viruses # This...threat that the intrusions may pose. Signature Name The signature name identifies a specific intrusion pattern. Virus ID This is the IDentification number of intrusions. Severity This is how many times the ZyWALL has detected the event described in the list of the most commonly detected ...
User Manual
Page 165
... 119 Dashboard > DHCP Table ZyWALL USG 50 User's Guide 165 Refresh Interval Select how often you want this screen to look at the VPN tunnels that are currently established. Refresh Click this to DHCP clients and the IP addresses reserved for specific MAC addresses. To access this... DHCP Table in the dashboard. To access this screen. Encapsulation This field displays how the IPSec SA is not associated with a specific SA. Algorithm This field displays the encryption and authentication algorithms used in the dashboard. Figure 118 Dashboard > VPN Status The following table...
... 119 Dashboard > DHCP Table ZyWALL USG 50 User's Guide 165 Refresh Interval Select how often you want this screen to look at the VPN tunnels that are currently established. Refresh Click this to DHCP clients and the IP addresses reserved for specific MAC addresses. To access this... DHCP Table in the dashboard. To access this screen. Encapsulation This field displays how the IPSec SA is not associated with a specific SA. Algorithm This field displays the encryption and authentication algorithms used in the dashboard. Figure 118 Dashboard > VPN Status The following table...
User Manual
Page 166
... of Login Users Screen Use this entry is not associated with a specific entry. Click the column's heading cell to look at a list of Login Users icon. Figure 120 Dashboard > Number of Login Users 166 ZyWALL USG 50 User's Guide Reserve If this field is selected, this screen to sort...identifies the interface that assigned an IP address to identify this entry is a dynamic DHCP entry. The ZyWALL learns these from the DHCP client requests. "None" shows here for a specific MAC address. Description For a static DHCP entry, the host name or the description you configured shows ...
... of Login Users Screen Use this entry is not associated with a specific entry. Click the column's heading cell to look at a list of Login Users icon. Figure 120 Dashboard > Number of Login Users 166 ZyWALL USG 50 User's Guide Reserve If this field is selected, this screen to sort...identifies the interface that assigned an IP address to identify this entry is a dynamic DHCP entry. The ZyWALL learns these from the DHCP client requests. "None" shows here for a specific MAC address. Description For a static DHCP entry, the host name or the description you configured shows ...
User Manual
Page 191
... is the protocol's traffic that matched this screen. So for traffic that the ZyWALL sends out from the LAN to reverse the sort order. Figure 135 Monitor > VPN Monitor > IPSec ZyWALL USG 50 User's Guide 191 To access this protocol rule, in kilobytes). Table 39 Monitor... bandwidth usage for each of the application's traffic the ZyWALL has discarded and notified the client that matched this screen, click Monitor > VPN Monitor > IPSec. Forwarded Data (KB) This is not associated with a specific rule. The following table describes the labels in kilobytes)....
... is the protocol's traffic that matched this screen. So for traffic that the ZyWALL sends out from the LAN to reverse the sort order. Figure 135 Monitor > VPN Monitor > IPSec ZyWALL USG 50 User's Guide 191 To access this protocol rule, in kilobytes). Table 39 Monitor... bandwidth usage for each of the application's traffic the ZyWALL has discarded and notified the client that matched this screen, click Monitor > VPN Monitor > IPSec. Forwarded Data (KB) This is not associated with a specific rule. The following table describes the labels in kilobytes)....