User Manual
Page 9
Contents Overview Contents Overview User's Guide ...29 Introducing the ZyWALL ...31 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...109 Technical ... ...343 Authentication Policy ...349 Firewall ...357 IPSec VPN ...375 SSL VPN ...411 SSL User Screens ...421 SSL User Application Screens 431 ZyWALL SecuExtender ...433 Application Patrol ...437 Anti-Virus ...463 IDP ...479 ADP ...513 Content Filtering ...533 Content Filter Reports ...557 Anti-Spam ...565 User/Group ...583 ZyWALL USG 50 User's Guide 9
Contents Overview Contents Overview User's Guide ...29 Introducing the ZyWALL ...31 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...109 Technical ... ...343 Authentication Policy ...349 Firewall ...357 IPSec VPN ...375 SSL VPN ...411 SSL User Screens ...421 SSL User Application Screens 431 ZyWALL SecuExtender ...433 Application Patrol ...437 Anti-Virus ...463 IDP ...479 ADP ...513 Content Filtering ...533 Content Filter Reports ...557 Anti-Spam ...565 User/Group ...583 ZyWALL USG 50 User's Guide 9
User Manual
Page 11
... of Contents...11 Part I: User's Guide 29 Chapter 1 Introducing the ZyWALL ...31 1.1 Overview and Key Default Settings 31 1.2 Rack-mounted Installation 32...ZyWALL 35 Chapter 2 Features and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...40 2.2.2 SSL VPN Network Access 40 2.2.3 User-Aware Access Control 42 2.2.4 Multiple WAN Interfaces 42 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...45 3.3.2 Navigation Panel ...47 ZyWALL USG 50...
... of Contents...11 Part I: User's Guide 29 Chapter 1 Introducing the ZyWALL ...31 1.1 Overview and Key Default Settings 31 1.2 Rack-mounted Installation 32...ZyWALL 35 Chapter 2 Features and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...40 2.2.2 SSL VPN Network Access 40 2.2.3 User-Aware Access Control 42 2.2.4 Multiple WAN Interfaces 42 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...45 3.3.2 Navigation Panel ...47 ZyWALL USG 50...
User Manual
Page 12
......89 6.2.2 Default Interface and Zone Configuration 89 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50 User's Guide Phase 2 84 5.5.7 VPN Advanced Wizard - Scenario 81 5.5.5 VPN Advanced Wizard - Scenario 77 5.5.1 VPN Express Wizard - Finish 66 4.2 Device Registration ...66 Chapter 5 Quick...4 Installation Setup Wizard ...59 4.1 Installation Setup Wizard Screens 59 4.1.1 Internet Access Setup - Summary 85 5.5.8 VPN Advanced Wizard - Finish 80 5.5.4 VPN Advanced Wizard - WAN Interface 59 4.1.2 Internet Access: Ethernet 60 4.1.3 Internet Access: PPPoE 62 4.1.4 Internet ...
......89 6.2.2 Default Interface and Zone Configuration 89 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50 User's Guide Phase 2 84 5.5.7 VPN Advanced Wizard - Scenario 81 5.5.5 VPN Advanced Wizard - Scenario 77 5.5.1 VPN Express Wizard - Finish 66 4.2 Device Registration ...66 Chapter 5 Quick...4 Installation Setup Wizard ...59 4.1 Installation Setup Wizard Screens 59 4.1.1 Internet Access Setup - Summary 85 5.5.8 VPN Advanced Wizard - Finish 80 5.5.4 VPN Advanced Wizard - WAN Interface 59 4.1.2 Internet Access: Ethernet 60 4.1.3 Internet Access: PPPoE 62 4.1.4 Internet ...
User Manual
Page 13
... 6.5.8 Zones ...98 6.5.9 DDNS ...99 6.5.10 NAT ...99 6.5.11 HTTP Redirect ...99 6.5.12 ALG ...100 6.5.13 Auth. Policy ...100 6.5.14 Firewall ...101 6.5.15 IPSec VPN ...102 6.5.16 SSL VPN ...102 6.5.17 Application Patrol 102 6.5.18 Anti-Virus ...103 6.5.19 IDP ...103 6.5.20 ADP ...103 6.5.21 Content Filter ...104 6.5.22 Anti-Spam ...104 6.6 Objects... a WAN Ethernet Interface 110 7.1.2 Configure Port Roles 111 7.1.3 Configure the DMZ Interface for a Local Network 111 7.1.4 Configure Zones ...112 7.2 How to Configure a Cellular Interface 113 ZyWALL USG 50 User's Guide 13
... 6.5.8 Zones ...98 6.5.9 DDNS ...99 6.5.10 NAT ...99 6.5.11 HTTP Redirect ...99 6.5.12 ALG ...100 6.5.13 Auth. Policy ...100 6.5.14 Firewall ...101 6.5.15 IPSec VPN ...102 6.5.16 SSL VPN ...102 6.5.17 Application Patrol 102 6.5.18 Anti-Virus ...103 6.5.19 IDP ...103 6.5.20 ADP ...103 6.5.21 Content Filter ...104 6.5.22 Anti-Spam ...104 6.6 Objects... a WAN Ethernet Interface 110 7.1.2 Configure Port Roles 111 7.1.3 Configure the DMZ Interface for a Local Network 111 7.1.4 Configure Zones ...112 7.2 How to Configure a Cellular Interface 113 ZyWALL USG 50 User's Guide 13
User Manual
Page 14
... Available Bandwidth on Ethernet Interfaces 115 7.3.2 Configure the WAN Trunk 116 7.4 How to Set Up an IPSec VPN Tunnel 118 7.4.1 Set Up the VPN Gateway 119 7.4.2 Set Up the VPN Connection 120 7.4.3 Configure Security Policies for the VPN Tunnel 121 7.5 How to Configure User-aware Access Control 122 7.5.1 Set Up User Accounts 122 7.5.2 Set... 152 7.12.1 Create the Public IP Address Range Object 152 7.12.2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
... Available Bandwidth on Ethernet Interfaces 115 7.3.2 Configure the WAN Trunk 116 7.4 How to Set Up an IPSec VPN Tunnel 118 7.4.1 Set Up the VPN Gateway 119 7.4.2 Set Up the VPN Connection 120 7.4.3 Configure Security Policies for the VPN Tunnel 121 7.5 How to Configure User-aware Access Control 122 7.5.1 Set Up User Accounts 122 7.5.2 Set... 152 7.12.1 Create the Public IP Address Range Object 152 7.12.2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
User Manual
Page 15
... Do in this Chapter 157 8.2 The Dashboard Screen ...157 8.2.1 The CPU Usage Screen 162 8.2.2 The Memory Usage Screen 163 8.2.3 The Active Sessions Screen 164 8.2.4 The VPN Status Screen 165 8.2.5 The DHCP Table Screen 165 8.2.6 The Number of Login Users Screen 166 Chapter 9 Monitor...169 9.1 Overview ...169 9.1.1 What You Can Do in... 9.17 The Anti-Spam Statistics Screen 203 9.18 The Anti-Spam Status Screen 205 9.19 Log Screen ...206 Chapter 10 Registration ...209 10.1 Overview ...209 ZyWALL USG 50 User's Guide 15
... Do in this Chapter 157 8.2 The Dashboard Screen ...157 8.2.1 The CPU Usage Screen 162 8.2.2 The Memory Usage Screen 163 8.2.3 The Active Sessions Screen 164 8.2.4 The VPN Status Screen 165 8.2.5 The DHCP Table Screen 165 8.2.6 The Number of Login Users Screen 166 Chapter 9 Monitor...169 9.1 Overview ...169 9.1.1 What You Can Do in... 9.17 The Anti-Spam Statistics Screen 203 9.18 The Anti-Spam Status Screen 205 9.19 Log Screen ...206 Chapter 10 Registration ...209 10.1 Overview ...209 ZyWALL USG 50 User's Guide 15
User Manual
Page 19
... Policy Add/Edit Screen 414 24.3 The SSL Global Setting Screen 416 24.3.1 How to Upload a Custom Logo 418 24.4 Establishing an SSL VPN Connection 419 Chapter 25 SSL User Screens ...421 25.1 Overview ...421 25.1.1 What You Need to Know 421 25.2 Remote User Login ...422... 25.3 The SSL VPN User Screens 427 25.4 Bookmarking the ZyWALL 428 25.5 Logging Out of the SSL VPN User Screens 428 Chapter 26 SSL User Application Screens 431 26.1 SSL User Application Screens Overview 431 26.2 The Application Screen 431 Chapter 27 ZyWALL SecuExtender...433 ZyWALL USG 50 User's Guide 19
... Policy Add/Edit Screen 414 24.3 The SSL Global Setting Screen 416 24.3.1 How to Upload a Custom Logo 418 24.4 Establishing an SSL VPN Connection 419 Chapter 25 SSL User Screens ...421 25.1 Overview ...421 25.1.1 What You Need to Know 421 25.2 Remote User Login ...422... 25.3 The SSL VPN User Screens 427 25.4 Bookmarking the ZyWALL 428 25.5 Logging Out of the SSL VPN User Screens 428 Chapter 26 SSL User Application Screens 431 26.1 SSL User Application Screens Overview 431 26.2 The Application Screen 431 Chapter 27 ZyWALL SecuExtender...433 ZyWALL USG 50 User's Guide 19
User Manual
Page 24
Table of Contents 40.1.2 Before You Begin 627 40.1.3 Example: Selecting a VPN Authentication Method 627 40.2 Authentication Method Objects 628 40.2.1 Creating an Authentication Method Object 629 Chapter 41 Certificates ...633 41.1 Overview ...633 41.1.1 What You ... Can Do in this Chapter 666 44.1.2 What You Need to Know 666 44.2 Endpoint Security Screen 667 44.3 Endpoint Security Add/Edit 669 24 ZyWALL USG 50 User's Guide
Table of Contents 40.1.2 Before You Begin 627 40.1.3 Example: Selecting a VPN Authentication Method 627 40.2 Authentication Method Objects 628 40.2.1 Creating an Authentication Method Object 629 Chapter 41 Certificates ...633 41.1 Overview ...633 41.1.1 What You ... Can Do in this Chapter 666 44.1.2 What You Need to Know 666 44.2 Endpoint Security Screen 667 44.3 Endpoint Security Add/Edit 669 24 ZyWALL USG 50 User's Guide
User Manual
Page 31
... excellent throughput, making it an ideal solution for your company. ZyWALL USG 50 User's Guide 31 CHAPTER 1 Introducing the ZyWALL This chapter gives an overview of dual WAN Gigabit Ethernet ports and load balancing. The ZyWALL's security features include VPN, firewall, anti-virus, content filtering, IDP (Intrusion Detection and Prevention), ADP (Anomaly Detection and Protection), and...
... excellent throughput, making it an ideal solution for your company. ZyWALL USG 50 User's Guide 31 CHAPTER 1 Introducing the ZyWALL This chapter gives an overview of dual WAN Gigabit Ethernet ports and load balancing. The ZyWALL's security features include VPN, firewall, anti-virus, content filtering, IDP (Intrusion Detection and Prevention), ADP (Anomaly Detection and Protection), and...
User Manual
Page 37
... Virtual Private Networks (VPN) Use IPSec, SSL to zones. The rest of this section provides more of the following: • Multiple WAN ports and configure load balancing between two sites over the Internet or any insecure network that uses TCP/IP for communication. ZyWALL USG 50 User's Guide 37 ...As a result, it is much simpler to set up and to change security settings in the ZyWALL. It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP ...
... Virtual Private Networks (VPN) Use IPSec, SSL to zones. The rest of this section provides more of the following: • Multiple WAN ports and configure load balancing between two sites over the Internet or any insecure network that uses TCP/IP for communication. ZyWALL USG 50 User's Guide 37 ...As a result, it is much simpler to set up and to change security settings in the ZyWALL. It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP ...
User Manual
Page 40
Chapter 2 Features and Applications 2.2.1 VPN Connectivity Set up additional connections to the Internet to your network. You can configure the ZyWALL to provide SSL VPN network access to remote users. 40 ZyWALL USG 50 User's Guide Figure 5 Applications: VPN Connectivity 2.2.2 SSL VPN Network Access You can also set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to provide better service.
Chapter 2 Features and Applications 2.2.1 VPN Connectivity Set up additional connections to the Internet to your network. You can configure the ZyWALL to provide SSL VPN network access to remote users. 40 ZyWALL USG 50 User's Guide Figure 5 Applications: VPN Connectivity 2.2.2 SSL VPN Network Access You can also set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to provide better service.
User Manual
Page 48
...TAB FUNCTION Quick Setup Quickly configure WAN interfaces or VPN connections. IDP Collect and display statistics on the viruses that the ZyWALL has detected. SSL Lists users currently logged into the VPN SSL client portal. Service View the licensed service status...Statistics Displays bandwidth and protocol statistics. Status Displays how many mail sessions the ZyWALL is currently checking and DNSBL (Domain Name Service-based spam Black List) statistics. Network 48 ZyWALL USG 50 User's Guide Signature Update Anti-Virus Update anti-virus signatures immediately or ...
...TAB FUNCTION Quick Setup Quickly configure WAN interfaces or VPN connections. IDP Collect and display statistics on the viruses that the ZyWALL has detected. SSL Lists users currently logged into the VPN SSL client portal. Service View the licensed service status...Statistics Displays bandwidth and protocol statistics. Status Displays how many mail sessions the ZyWALL is currently checking and DNSBL (Domain Name Service-based spam Black List) statistics. Network 48 ZyWALL USG 50 User's Guide Signature Update Anti-Virus Update anti-virus signatures immediately or ...
User Manual
Page 49
...Configure IKE tunnels. Static Route Create and manage IP static routing information. ALG Configure SIP, H.323, and FTP pass-through settings. VPN IPSec VPN VPN Connection Configure IPSec tunnels. Global Setting Configure the ZyWALL's SSL VPN settings that apply to define various policies. Trunk Create and manage trunks (groups of IP addresses to which the...Role Use this screen to force user authentication. HTTP Redirect Set up and manage port forwarding rules. Ethernet Manage Ethernet interfaces and virtual Ethernet interfaces. ZyWALL USG 50 User's Guide 49
...Configure IKE tunnels. Static Route Create and manage IP static routing information. ALG Configure SIP, H.323, and FTP pass-through settings. VPN IPSec VPN VPN Connection Configure IPSec tunnels. Global Setting Configure the ZyWALL's SSL VPN settings that apply to define various policies. Trunk Create and manage trunks (groups of IP addresses to which the...Role Use this screen to force user authentication. HTTP Redirect Set up and manage port forwarding rules. Ethernet Manage Ethernet interfaces and virtual Ethernet interfaces. ZyWALL USG 50 User's Guide 49
User Manual
Page 61
... selected static IP address assignment. • IP Subnet Mask: Enter the subnet mask for VPN, DDNS and the time server. Auto displays if you by your ISP. Enter a DNS server's IP address(es). The ZyWALL uses these (in the previous screen. The DNS server is the security zone to an ... a computer before you can access it , you must know the IP address of the interface that will connect with your (static) public IP address. ZyWALL USG 50 User's Guide 61 Leave the field as the IP Address Assignment in the order you do not want to configure DNS servers. The following fields...
... selected static IP address assignment. • IP Subnet Mask: Enter the subnet mask for VPN, DDNS and the time server. Auto displays if you by your ISP. Enter a DNS server's IP address(es). The ZyWALL uses these (in the previous screen. The DNS server is the security zone to an ... a computer before you can access it , you must know the IP address of the interface that will connect with your (static) public IP address. ZyWALL USG 50 User's Guide 61 Leave the field as the IP Address Assignment in the order you do not want to configure DNS servers. The following fields...
User Manual
Page 63
... the order you selected static IP address assignment. Figure 30 Internet Access: PPTP Encapsulation ZyWALL USG 50 User's Guide 63 Enter a DNS server's IP address(es). The Domain Name System (DNS) maps a domain name to resolve domain names for VPN, DDNS and the time server. If you must know the IP address of the...
... the order you selected static IP address assignment. Figure 30 Internet Access: PPTP Encapsulation ZyWALL USG 50 User's Guide 63 Enter a DNS server's IP address(es). The Domain Name System (DNS) maps a domain name to resolve domain names for VPN, DDNS and the time server. If you must know the IP address of the...
User Manual
Page 64
... the requirements of the PPTP server. • Type a Connection ID or connection name. Select an authentication protocol for VPN, DDNS and the time server. Your ZyWALL accepts PAP only. • MSCHAP - This field is optional and depends on the interface you are : •...if you can use alphanumeric and _@$./ characters, and it . • Select Nailed-Up if you specify here) to configure DNS servers. 64 ZyWALL USG 50 User's Guide Options are configuring to 64 ASCII characters except the [] and ?. Chapter 4 Installation Setup Wizard 4.1.5 ISP Parameters • Authentication ...
... the requirements of the PPTP server. • Type a Connection ID or connection name. Select an authentication protocol for VPN, DDNS and the time server. Your ZyWALL accepts PAP only. • MSCHAP - This field is optional and depends on the interface you are : •...if you can use alphanumeric and _@$./ characters, and it . • Select Nailed-Up if you specify here) to configure DNS servers. 64 ZyWALL USG 50 User's Guide Options are configuring to 64 ASCII characters except the [] and ?. Chapter 4 Installation Setup Wizard 4.1.5 ISP Parameters • Authentication ...
User Manual
Page 69
... settings. CHAPTER 5 Quick Setup 5.1 Quick Setup Overview The Web Configurator's quick setup wizards help you use PPPoE or PPTP. ZyWALL USG 50 User's Guide 69 See Section 5.2 on page 70. • VPN SETUP Use VPN SETUP to set up a WAN (Internet) connection. In the Web Configurator, click Configuration > Quick Setup to open a wizard to configure...
... settings. CHAPTER 5 Quick Setup 5.1 Quick Setup Overview The Web Configurator's quick setup wizards help you use PPPoE or PPTP. ZyWALL USG 50 User's Guide 69 See Section 5.2 on page 70. • VPN SETUP Use VPN SETUP to set up a WAN (Internet) connection. In the Web Configurator, click Configuration > Quick Setup to open a wizard to configure...
User Manual
Page 74
...domain names for an interface with a static IP address. The ZyWALL uses a system DNS server (in the order you must know the IP address of the PPTP server. 74 ZyWALL USG 50 User's Guide Click Next to the right. Table 12 Interface ...Wizard: Summary WAN LABEL DESCRIPTION Encapsulation This displays what encapsulation this screen. Chapter 5 Quick Setup Table 11 WAN and ISP Connection Settings (continued) LABEL DESCRIPTION First DNS Server Second DNS Server These fields only display for VPN...
...domain names for an interface with a static IP address. The ZyWALL uses a system DNS server (in the order you must know the IP address of the PPTP server. 74 ZyWALL USG 50 User's Guide Click Next to the right. Table 12 Interface ...Wizard: Summary WAN LABEL DESCRIPTION Encapsulation This displays what encapsulation this screen. Chapter 5 Quick Setup Table 11 WAN and ISP Connection Settings (continued) LABEL DESCRIPTION First DNS Server Second DNS Server These fields only display for VPN...
User Manual
Page 75
... fields display the DNS server IP address(es). The VPN wizard creates corresponding VPN connection and VPN gateway settings and address objects that you specified a connection ID, it displays here. Click Next. Figure 41 VPN Quick Setup Wizard ZyWALL USG 50 User's Guide 75 Chapter 5 Quick Setup Table 12 ...router automatically disconnects from the PPPoE server. 0 means no timeout. Zone This field displays to open the VPN Setup Wizard Welcome screen. Yes means the ZyWALL uses the idle timeout. First DNS Server If the IP Address Assignment is static or dynamic (Auto). ...
... fields display the DNS server IP address(es). The VPN wizard creates corresponding VPN connection and VPN gateway settings and address objects that you specified a connection ID, it displays here. Click Next. Figure 41 VPN Quick Setup Wizard ZyWALL USG 50 User's Guide 75 Chapter 5 Quick Setup Table 12 ...router automatically disconnects from the PPPoE server. 0 means no timeout. Zone This field displays to open the VPN Setup Wizard Welcome screen. Yes means the ZyWALL uses the idle timeout. First DNS Server If the IP Address Assignment is static or dynamic (Auto). ...
User Manual
Page 76
... Network) tunnel is a secure connection to another ZLD-based ZyWALL or other IPSec device. 76 ZyWALL USG 50 User's Guide The VPN connection can be to another ZLD-based ZyWALL using certificates. Use this screen to select which type of VPN connection you want to configure detailed VPN security settings such as using a pre-shared key and default...
... Network) tunnel is a secure connection to another ZLD-based ZyWALL or other IPSec device. 76 ZyWALL USG 50 User's Guide The VPN connection can be to another ZLD-based ZyWALL using certificates. Use this screen to select which type of VPN connection you want to configure detailed VPN security settings such as using a pre-shared key and default...