User Manual
Page 48
... currently logged into the VPN SSL client portal. Table 7 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION Quick Setup Quickly configure WAN interfaces or VPN connections. IDP Collect and display statistics on the viruses that the ZyWALL has detected. Anti-Spam Report Collect and display spam statistics. Network 48 ZyWALL USG 50 User's Guide VPN Monitor IPSec Displays...
... currently logged into the VPN SSL client portal. Table 7 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION Quick Setup Quickly configure WAN interfaces or VPN connections. IDP Collect and display statistics on the viruses that the ZyWALL has detected. Anti-Spam Report Collect and display spam statistics. Network 48 ZyWALL USG 50 User's Guide VPN Monitor IPSec Displays...
User Manual
Page 49
... IP addresses to which the ZyWALL does not apply IP/MAC binding. VPN Gateway Configure IKE tunnels. ZyWALL USG 50 User's Guide 49 Routing Policy Route Create and manage routing policies. Exempt List Configure ranges of concurrent client NAT/firewall sessions. Firewall Firewall..., including areas and virtual links. PPP Create and manage PPPoE and PPTP interfaces. VPN IPSec VPN VPN Connection Configure IPSec tunnels. Global Setting Configure the ZyWALL's SSL VPN settings that apply to force user authentication. Static Route Create and manage IP static routing...
... IP addresses to which the ZyWALL does not apply IP/MAC binding. VPN Gateway Configure IKE tunnels. ZyWALL USG 50 User's Guide 49 Routing Policy Route Create and manage routing policies. Exempt List Configure ranges of concurrent client NAT/firewall sessions. Firewall Firewall..., including areas and virtual links. PPP Create and manage PPPoE and PPTP interfaces. VPN IPSec VPN VPN Connection Configure IPSec tunnels. Global Setting Configure the ZyWALL's SSL VPN settings that apply to force user authentication. Static Route Create and manage IP static routing...
User Manual
Page 102
...insecure network that uses TCP/IP for assigning to clients, DNS and WINS server addresses), to-ZyWALL firewall, firewall WHERE USED Policy routes, zones Example: See Chapter 7 on page 109. 6.5.16 SSL VPN Use SSL VPN to use application patrol. you want to allow ... it. 1 Create a user account for Bob (User/Group). 102 ZyWALL USG 50 User's Guide These are only used as criteria in exceptions and conditions. The ZyWALL also offers hub-and-spoke VPN. MENU ITEM(S) Configuration > VPN > IPSec VPN; MENU ITEM(S) Configuration > AppPatrol Registration, zones, Schedules, users, user...
...insecure network that uses TCP/IP for assigning to clients, DNS and WINS server addresses), to-ZyWALL firewall, firewall WHERE USED Policy routes, zones Example: See Chapter 7 on page 109. 6.5.16 SSL VPN Use SSL VPN to use application patrol. you want to allow ... it. 1 Create a user account for Bob (User/Group). 102 ZyWALL USG 50 User's Guide These are only used as criteria in exceptions and conditions. The ZyWALL also offers hub-and-spoke VPN. MENU ITEM(S) Configuration > VPN > IPSec VPN; MENU ITEM(S) Configuration > AppPatrol Registration, zones, Schedules, users, user...
User Manual
Page 105
...(such as a user group, address, address group, service, service group, zone, or schedule) to changes, the ZyWALL automatically propagates the change through the features that use the object. The following table introduces the objects. If you update this..., content filter, user settings (force user authentication) AAA server Authentication methods authentication methods VPN gateways (extended authentication), WWW (client authentication) certificates VPN gateways, WWW, SSH, FTP SSL Application SSL VPN Endpoint Security Authentication policies, SSL VPN ZyWALL USG 50 User's Guide 105
...(such as a user group, address, address group, service, service group, zone, or schedule) to changes, the ZyWALL automatically propagates the change through the features that use the object. The following table introduces the objects. If you update this..., content filter, user settings (force user authentication) AAA server Authentication methods authentication methods VPN gateways (extended authentication), WWW (client authentication) certificates VPN gateways, WWW, SSH, FTP SSL Application SSL VPN Endpoint Security Authentication policies, SSL VPN ZyWALL USG 50 User's Guide 105
User Manual
Page 169
...statistics for each physical port. • Use the System Status > Interface Status screen (Section 9.3 on page 173) to see all of the ZyWALL's interfaces and their packet statistics. • Use the System Status > Traffic Statistics screen (see Section 9.4 on page 175) to start or ...statistics for each protocol. • Use the VPN Monitor > IPSec screen (Section 9.11 on page 191) to display and manage active IPSec SAs. • Use the VPN Monitor > SSL screen (see Section 9.12 on page 193) to list the users currently logged into the VPN SSL client portal. ZyWALL USG 50 User's Guide 169
...statistics for each physical port. • Use the System Status > Interface Status screen (Section 9.3 on page 173) to see all of the ZyWALL's interfaces and their packet statistics. • Use the System Status > Traffic Statistics screen (see Section 9.4 on page 175) to start or ...statistics for each protocol. • Use the VPN Monitor > IPSec screen (Section 9.11 on page 191) to display and manage active IPSec SAs. • Use the VPN Monitor > SSL screen (see Section 9.12 on page 193) to list the users currently logged into the VPN SSL client portal. ZyWALL USG 50 User's Guide 169
User Manual
Page 193
...into the VPN SSL client portal. A VPN connection named "testabc" would not match. Chapter 9 Monitor Wildcards (*) let multiple VPN connection or policy names match the pattern. For example, use a question mark or asterisk. 9.12 The SSL Connection Monitor Screen The ZyWALL keeps track of active SSL VPN connections. .... Figure 136 Monitor > VPN Monitor > SSL The following : • View a list of the users who are in this screen to do not use "*abc" (without the quotation marks) to display the user list. ZyWALL USG 50 User's Guide 193 A VPN connection or policy name named...
...into the VPN SSL client portal. A VPN connection named "testabc" would not match. Chapter 9 Monitor Wildcards (*) let multiple VPN connection or policy names match the pattern. For example, use a question mark or asterisk. 9.12 The SSL Connection Monitor Screen The ZyWALL keeps track of active SSL VPN connections. .... Figure 136 Monitor > VPN Monitor > SSL The following : • View a list of the users who are in this screen to do not use "*abc" (without the quotation marks) to display the user list. ZyWALL USG 50 User's Guide 193 A VPN connection or policy name named...
User Manual
Page 411
... the local network. This allows them to perform the following tasks: ZyWALL USG 50 User's Guide 411 CHAPTER 24 SSL VPN 24.1 Overview Use SSL VPN to allow users to use a web browser for secure remote user login (the remote users do not need a VPN router or VPN client software. 24.1.1 What You Can Do in this Chapter • Use...
... the local network. This allows them to perform the following tasks: ZyWALL USG 50 User's Guide 411 CHAPTER 24 SSL VPN 24.1 Overview Use SSL VPN to allow users to use a web browser for secure remote user login (the remote users do not need a VPN router or VPN client software. 24.1.1 What You Can Do in this Chapter • Use...
User Manual
Page 418
...file from your computer. Click Apply to verify that the new logo displays properly. 418 ZyWALL USG 50 User's Guide Make sure the file is terminated successfully. Chapter 24 SSL VPN Table 122 VPN > SSL VPN > Global Setting (continued) LABEL DESCRIPTION Logout Message Specify a message to display on the...user SSL VPN screens. 1 Click VPN > SSL VPN and click the Global Setting tab to display the configuration screen. 2 Click Browse to be GIF, JPG, or PNG format. The ZyXEL company logo is recommended. You can upload a graphic logo to locate the logo graphic. Update Client ...
...file from your computer. Click Apply to verify that the new logo displays properly. 418 ZyWALL USG 50 User's Guide Make sure the file is terminated successfully. Chapter 24 SSL VPN Table 122 VPN > SSL VPN > Global Setting (continued) LABEL DESCRIPTION Logout Message Specify a message to display on the...user SSL VPN screens. 1 Click VPN > SSL VPN and click the Global Setting tab to display the configuration screen. 2 Click Browse to be GIF, JPG, or PNG format. The ZyXEL company logo is recommended. You can upload a graphic logo to locate the logo graphic. Update Client ...
User Manual
Page 420
Once the connection is up for SSL VPN access, an "SSL VPN connection is not set up , you should see the client portal screen. For more information on user portal screens, refer to SSL VPN check box and try logging in the Login screen. Clear the Login to Chapter 25 on your network connection. Figure 246 SSL VPN Client Portal Screen Example If the user account is not activated" message displays in again. The following shows an example. Chapter 24 SSL VPN 2 SSL VPN connection starts. This may take several minutes depending on page 421. 420 ZyWALL USG 50 User's Guide
Once the connection is up for SSL VPN access, an "SSL VPN connection is not set up , you should see the client portal screen. For more information on user portal screens, refer to SSL VPN check box and try logging in the Login screen. Clear the Login to Chapter 25 on your network connection. Figure 246 SSL VPN Client Portal Screen Example If the user account is not activated" message displays in again. The following shows an example. Chapter 24 SSL VPN 2 SSL VPN connection starts. This may take several minutes depending on page 421. 420 ZyWALL USG 50 User's Guide
User Manual
Page 421
...(A) logs into the ZyWALL, the ZyWALL automatically loads the ZyWALL SecuExtender client program to access the web server (WWW) on the ZyWALL SecuExtender. ZyWALL USG 50 User's Guide 421... The following methods. • Using a supported web browser Once you have successfully logged into the ZyWALL from the Internet to your computer. CHAPTER 25 SSL User Screens 25.1 Overview This chapter introduces the remote user SSL VPN...
...(A) logs into the ZyWALL, the ZyWALL automatically loads the ZyWALL SecuExtender client program to access the web server (WWW) on the ZyWALL SecuExtender. ZyWALL USG 50 User's Guide 421... The following methods. • Using a supported web browser Once you have successfully logged into the ZyWALL from the Internet to your computer. CHAPTER 25 SSL User Screens 25.1 Overview This chapter introduces the remote user SSL VPN...
User Manual
Page 433
ZyWALL USG 50 User's Guide 433 For example, to access resources behind the ZyWALL. • Gray: the SSL VPN tunnel's connection is suspended. You can connect to the SSL application and network resources.You can use the VNC remote desktop program, you can also use another application to use Outlook for e-mail instead of the ZyWALL's web-based e-mail...
ZyWALL USG 50 User's Guide 433 For example, to access resources behind the ZyWALL. • Gray: the SSL VPN tunnel's connection is suspended. You can connect to the SSL application and network resources.You can use the VNC remote desktop program, you can also use another application to use Outlook for e-mail instead of the ZyWALL's web-based e-mail...
User Manual
Page 660
... Remote Desktop (supported in the navigation panel. 660 ZyWALL USG 50 User's Guide The remote user's computer does not use VNC or RDP client software. The address of the web site is useful for an internal web site. Chapter 43 SSL Application Remote Desktop Connections Use SSL VPN to allow remote users to access web sites. 43...
... Remote Desktop (supported in the navigation panel. 660 ZyWALL USG 50 User's Guide The remote user's computer does not use VNC or RDP client software. The address of the web site is useful for an internal web site. Chapter 43 SSL Application Remote Desktop Connections Use SSL VPN to allow remote users to access web sites. 43...
User Manual
Page 666
... 44.1.1 What You Can Do in order to gain access. When a client attempts to log in, the ZyWALL checks the client's computer against the endpoint security objects one-by-one of the force authentication or SSL VPN policy's endpoint security objects in this Chapter Use the Configuration > Object ... on the OS of how to use endpoint security and authentication policies. 666 ZyWALL USG 50 User's Guide Finding Out More See Section 7.7 on the OS, EPS can configure an authentication policy or SSL VPN policy to use multiple endpoint security objects. Depending on page 133 for the ...
... 44.1.1 What You Can Do in order to gain access. When a client attempts to log in, the ZyWALL checks the client's computer against the endpoint security objects one-by-one of the force authentication or SSL VPN policy's endpoint security objects in this Chapter Use the Configuration > Object ... on the OS of how to use endpoint security and authentication policies. 666 ZyWALL USG 50 User's Guide Finding Out More See Section 7.7 on the OS, EPS can configure an authentication policy or SSL VPN policy to use multiple endpoint security objects. Depending on page 133 for the ...
User Manual
Page 693
... different number on importing certificates for where you want to use HTTPS to log into SSL VPN for example). Redirect HTTP to HTTPS To allow only secure Web Configurator access, select this...to create a new entry. If you take this to use HTTPS to the HTTPS client. You can also specify the IP addresses from which the administrators can use the default...to access. This displays whether the computer with which the computer is the ZyWALL's (non-configurable) default policy. ZyWALL USG 50 User's Guide 693 To apply other configured rule. You can also specify the...
... different number on importing certificates for where you want to use HTTPS to log into SSL VPN for example). Redirect HTTP to HTTPS To allow only secure Web Configurator access, select this...to create a new entry. If you take this to use HTTPS to the HTTPS client. You can also specify the IP addresses from which the administrators can use the default...to access. This displays whether the computer with which the computer is the ZyWALL's (non-configurable) default policy. ZyWALL USG 50 User's Guide 693 To apply other configured rule. You can also specify the...
User Manual
Page 694
...for a service if needed, however you must have to use HTTP to log into the ZyWALL (to log into SSL VPN for where you typed. The ZyWALL applies this action. This is the ZyWALL's (non-configurable) default policy. This displays whether the computer with the IP address specified above... to create a new entry. method screen. 694 ZyWALL USG 50 User's Guide Server Port You may change an entry's position in the numbered list, select the method and click Move to display a field to access. Zone Address Action Authentication Client Authentication Method The entry with a hyphen (-) instead ...
...for a service if needed, however you must have to use HTTP to log into the ZyWALL (to log into SSL VPN for where you typed. The ZyWALL applies this action. This is the ZyWALL's (non-configurable) default policy. This displays whether the computer with the IP address specified above... to create a new entry. method screen. 694 ZyWALL USG 50 User's Guide Server Port You may change an entry's position in the numbered list, select the method and click Move to display a field to access. Zone Address Action Authentication Client Authentication Method The entry with a hyphen (-) instead ...
User Manual
Page 788
... been changed '2nd- SSL VPN policy rule %s The listed SSL VPN policy (%s) has been inserted in the specified SSL VPN policy (%s). has been deleted. 788 ZyWALL USG 50 User's Guide The SSL VPN policy %s The first WINS server setting has been modified in the listed SSL VPN policy (second %s), so the listed address (third %s) will not be injected to client side. The SSL VPN policy %s The...
... been changed '2nd- SSL VPN policy rule %s The listed SSL VPN policy (%s) has been inserted in the specified SSL VPN policy (%s). has been deleted. 788 ZyWALL USG 50 User's Guide The SSL VPN policy %s The first WINS server setting has been modified in the listed SSL VPN policy (second %s), so the listed address (third %s) will not be injected to client side. The SSL VPN policy %s The...
User Manual
Page 925
... and CA 634 and FTP 714 and HTTPS 690 and IKE SA 405 and SSH 709 and VPN gateways 378 and WWW 693 certification path 634, 644, 650 expired 634 factory-default 635 file ...CHAP/PAP 657 checking order 91 CLI 34, 54 button 54 messages 54 popup window 54 Reference Guide 3 client 433 CNM 720 cold start 35 commands 34 sent by Web Configurator 54 Common Event Format (CEF) 727,...connection monitor (in SSL) 193 connectivity check 226, 236, 243, 252, 264, 384 console port 35 speed 681 content filter troubleshooting 760 content filtering 533, 534 and address groups 533, 534, 539 ZyWALL USG 50 User's Guide ...
... and CA 634 and FTP 714 and HTTPS 690 and IKE SA 405 and SSH 709 and VPN gateways 378 and WWW 693 certification path 634, 644, 650 expired 634 factory-default 635 file ...CHAP/PAP 657 checking order 91 CLI 34, 54 button 54 messages 54 popup window 54 Reference Guide 3 client 433 CNM 720 cold start 35 commands 34 sent by Web Configurator 54 Common Event Format (CEF) 727,...connection monitor (in SSL) 193 connectivity check 226, 236, 243, 252, 264, 384 console port 35 speed 681 content filter troubleshooting 760 content filtering 533, 534 and address groups 533, 534, 539 ZyWALL USG 50 User's Guide ...
User Manual
Page 939
... 710 how connection is established 707 versions 708 with Linux 711 with Microsoft Windows 710 SSL 411, 416, 690 access policy 411 and AAA 623 and AD 623 and LDAP 623 certificates 422 client 433 client virtual desktop logo 418 computer names 416 connection monitor 193 full tunnel mode 416 global...user screen links 659 summary 661 types 659 web-based 659, 662 web-based example 660 where used 105 SSL policy add 414 edit 414 objects used 412 ZyWALL USG 50 User's Guide Index SSL VPN 411 access policy 411 configuration overview 102 full tunnel mode 41, 411 network access mode 40 prerequisites 102 ...
... 710 how connection is established 707 versions 708 with Linux 711 with Microsoft Windows 710 SSL 411, 416, 690 access policy 411 and AAA 623 and AD 623 and LDAP 623 certificates 422 client 433 client virtual desktop logo 418 computer names 416 connection monitor 193 full tunnel mode 416 global...user screen links 659 summary 661 types 659 web-based 659, 662 web-based example 660 where used 105 SSL policy add 414 edit 414 objects used 412 ZyWALL USG 50 User's Guide Index SSL VPN 411 access policy 411 configuration overview 102 full tunnel mode 41, 411 network access mode 40 prerequisites 102 ...
User Manual
Page 942
...user objects 583 user portal links 659 logo 418 see SSL user screens 421, 427 user sessions, see sessions user SSL screens 421, 427 access methods 421 bookmarks 428 certificates...virtual interfaces 216 basic characteristics 217 not DHCP clients 267 vs asymmetrical routes 365 vs triangle routes 365 Virtual Local Area Network, see VPN virus 491 attack 464, 491 boot sector ...477 e-mail 477 file infector 477 life cycle 477 macro 477 mutation 477 polymorphic 477 scan 464 VLAN 246 advantages 247 and MAC address 247 ID 247 troubleshooting 763 942 ZyWALL USG 50...
...user objects 583 user portal links 659 logo 418 see SSL user screens 421, 427 user sessions, see sessions user SSL screens 421, 427 access methods 421 bookmarks 428 certificates...virtual interfaces 216 basic characteristics 217 not DHCP clients 267 vs asymmetrical routes 365 vs triangle routes 365 Virtual Local Area Network, see VPN virus 491 attack 464, 491 boot sector ...477 e-mail 477 file infector 477 life cycle 477 macro 477 mutation 477 polymorphic 477 scan 464 VLAN 246 advantages 247 and MAC address 247 ID 247 troubleshooting 763 942 ZyWALL USG 50...