User Manual
Page 48
... display spam statistics. Status Displays how many mail sessions the ZyWALL is currently checking and DNSBL (Domain Name Service-based spam Black List) statistics. Network 48 ZyWALL USG 50 User's Guide VPN Monitor IPSec Displays and manages the active IPSec SAs. IDP ...delete related session information. SSL Lists users currently logged into the VPN SSL client portal. Table 7 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION Quick Setup Quickly configure WAN interfaces or VPN connections. Chapter 3 Web Configurator Table 6 Monitor Menu Screens ...
... display spam statistics. Status Displays how many mail sessions the ZyWALL is currently checking and DNSBL (Domain Name Service-based spam Black List) statistics. Network 48 ZyWALL USG 50 User's Guide VPN Monitor IPSec Displays and manages the active IPSec SAs. IDP ...delete related session information. SSL Lists users currently logged into the VPN SSL client portal. Table 7 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION Quick Setup Quickly configure WAN interfaces or VPN connections. Chapter 3 Web Configurator Table 6 Monitor Menu Screens ...
User Manual
Page 49
... domain names. Exempt List Configure ranges of IP addresses to force user authentication. VPN IPSec VPN VPN Connection Configure IPSec tunnels. ZyWALL USG 50 User's Guide 49 Bridge Create and manage bridges and virtual bridge interfaces. Trunk Create and manage trunks (groups of concurrent client NAT/firewall sessions. Zone Configure zones used to all connections. ALG Configure...
... domain names. Exempt List Configure ranges of IP addresses to force user authentication. VPN IPSec VPN VPN Connection Configure IPSec tunnels. ZyWALL USG 50 User's Guide 49 Bridge Create and manage bridges and virtual bridge interfaces. Trunk Create and manage trunks (groups of concurrent client NAT/firewall sessions. Zone Configure zones used to all connections. ALG Configure...
User Manual
Page 77
... -site - This ZyWALL can initiate the VPN tunnel. Choose this VPN connection (and VPN gateway). This ZyWALL is case-sensitive. Only the remote IPSec device can initiate the VPN tunnel. • Remote Access (Client Role) - This value is the client (dial-in user) and can initiate the VPN tunnel. • Site-to allow incoming connections from IPSec VPN clients. ZyWALL USG 50 User's Guide...
... -site - This ZyWALL can initiate the VPN tunnel. Choose this VPN connection (and VPN gateway). This ZyWALL is case-sensitive. Only the remote IPSec device can initiate the VPN tunnel. • Remote Access (Client Role) - This value is the client (dial-in user) and can initiate the VPN tunnel. • Site-to allow incoming connections from IPSec VPN clients. ZyWALL USG 50 User's Guide...
User Manual
Page 81
... has a static IP address or a domain name. Only the clients can initiate the VPN tunnel. • Remote Access (Server Role) - Chapter 5 Quick Setup 5.5.4 VPN Advanced Wizard - Choose this if the remote IPSec device has a dynamic IP address. ZyWALL USG 50 User's Guide 81 This ZyWALL can initiate the VPN tunnel. • Site-to identify this to display the...
... has a static IP address or a domain name. Only the clients can initiate the VPN tunnel. • Remote Access (Server Role) - Chapter 5 Quick Setup 5.5.4 VPN Advanced Wizard - Choose this if the remote IPSec device has a dynamic IP address. ZyWALL USG 50 User's Guide 81 This ZyWALL can initiate the VPN tunnel. • Site-to identify this to display the...
User Manual
Page 82
...for the chosen scenario. Both sender and receiver must have the same negotiation mode. • Encryption Algorithm: 3DES and AES use on DES 82 ZyWALL USG 50 User's Guide phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA (Security Association). Use 0.0.0.0 if...Internet Key Exchange) negotiation - Figure 48 VPN Advanced Wizard: Phase 1 Settings • Secure Gateway: If Any displays in user) and can be used to encrypt and decrypt the message or to use encryption. This ZyWALL is the client (dial-in this field is not ...
...for the chosen scenario. Both sender and receiver must have the same negotiation mode. • Encryption Algorithm: 3DES and AES use on DES 82 ZyWALL USG 50 User's Guide phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA (Security Association). Use 0.0.0.0 if...Internet Key Exchange) negotiation - Figure 48 VPN Advanced Wizard: Phase 1 Settings • Secure Gateway: If Any displays in user) and can be used to encrypt and decrypt the message or to use encryption. This ZyWALL is the client (dial-in this field is not ...
User Manual
Page 84
... IPSec SA when the SA life time expires. 84 ZyWALL USG 50 User's Guide You can also specify a subnet. Select this may affect throughput). The longer the AES key, the higher the security (this to -site and remote access client role scenarios. This must match the remote IP address...Mask): Type the IP address of a computer behind the remote IPSec device. DH5 refers to Diffie-Hellman Group 1 a 768 bit random number. Figure 49 VPN Advanced Wizard: Step 4 • Active Protocol: ESP is compatible with NAT, AH is not. • Encapsulation: Tunnel is compatible with NAT, Transport is...
... IPSec SA when the SA life time expires. 84 ZyWALL USG 50 User's Guide You can also specify a subnet. Select this may affect throughput). The longer the AES key, the higher the security (this to -site and remote access client role scenarios. This must match the remote IP address...Mask): Type the IP address of a computer behind the remote IPSec device. DH5 refers to Diffie-Hellman Group 1 a 768 bit random number. Figure 49 VPN Advanced Wizard: Step 4 • Active Protocol: ESP is compatible with NAT, AH is not. • Encapsulation: Tunnel is compatible with NAT, Transport is...
User Manual
Page 93
... Policy Route to 1 NAT rules. If a private network server will initiate sessions to the outside clients use to send packets through the appropriate interface or VPN tunnel. ZyWALL USG 50 User's Guide 93 Chapter 6 Configuration Basics of the sections, the ZyWALL stops checking the packets against the routing table and moves on page 324 for more...
... Policy Route to 1 NAT rules. If a private network server will initiate sessions to the outside clients use to send packets through the appropriate interface or VPN tunnel. ZyWALL USG 50 User's Guide 93 Chapter 6 Configuration Basics of the sections, the ZyWALL stops checking the packets against the routing table and moves on page 324 for more...
User Manual
Page 102
...list, IP pool for assigning to clients, DNS and WINS server addresses), to-ZyWALL firewall, firewall WHERE USED Policy routes, zones Example: See Chapter 7 on page 109. 6.5.16 SSL VPN Use SSL VPN to use the Quick Setup VPN Setup wizard. Example: Suppose you can...user groups, addresses PREREQUISITES (source, destination), address groups (source, destination). Chapter 6 Configuration Basics 6.5.15 IPSec VPN Use IPSec VPN to provide secure communication between two sites over the Internet or any insecure network that uses TCP/IP for Bob (User/Group). 102 ZyWALL USG 50 User's Guide
...list, IP pool for assigning to clients, DNS and WINS server addresses), to-ZyWALL firewall, firewall WHERE USED Policy routes, zones Example: See Chapter 7 on page 109. 6.5.16 SSL VPN Use SSL VPN to use the Quick Setup VPN Setup wizard. Example: Suppose you can...user groups, addresses PREREQUISITES (source, destination), address groups (source, destination). Chapter 6 Configuration Basics 6.5.15 IPSec VPN Use IPSec VPN to provide secure communication between two sites over the Internet or any insecure network that uses TCP/IP for Bob (User/Group). 102 ZyWALL USG 50 User's Guide
User Manual
Page 105
..., firewall, application patrol, content filter, user settings (force user authentication) AAA server Authentication methods authentication methods VPN gateways (extended authentication), WWW (client authentication) certificates VPN gateways, WWW, SSH, FTP SSL Application SSL VPN Endpoint Security Authentication policies, SSL VPN ZyWALL USG 50 User's Guide 105 Move your cursor over a configuration object that use this information in response to...
..., firewall, application patrol, content filter, user settings (force user authentication) AAA server Authentication methods authentication methods VPN gateways (extended authentication), WWW (client authentication) certificates VPN gateways, WWW, SSH, FTP SSL Application SSL VPN Endpoint Security Authentication policies, SSL VPN ZyWALL USG 50 User's Guide 105 Move your cursor over a configuration object that use this information in response to...
User Manual
Page 157
You can also display other status screens for more information. • Use the VPN status screen (see Section 8.2.1 on page 162) to look at the VPN tunnels that are currently established. • Use the DHCP Table screen (see Section 8.2.5 on page 157) to see Section ... The dashboard displays general device information, system status, system resource usage, licensed service status, and ZyWALL USG 50 User's Guide 157 CHAPTER 8 Dashboard 8.1 Overview Use the Dashboard screens to DHCP clients and the IP addresses reserved for the following. • Use the main Dashboard screen (see ...
You can also display other status screens for more information. • Use the VPN status screen (see Section 8.2.1 on page 162) to look at the VPN tunnels that are currently established. • Use the DHCP Table screen (see Section 8.2.5 on page 157) to see Section ... The dashboard displays general device information, system status, system resource usage, licensed service status, and ZyWALL USG 50 User's Guide 157 CHAPTER 8 Dashboard 8.1 Overview Use the Dashboard screens to DHCP clients and the IP addresses reserved for the following. • Use the main Dashboard screen (see ...
User Manual
Page 161
...ZyWALL to system default configuration - The ZyWALL was turned on page 162. ZyWALL USG 50 User's Guide 161 System Status System Uptime This field displays how long the ZyWALL has been running since it last restarted or was unable to apply the lastgood.conf configuration file and fell back to the ZyWALL's DHCP clients...the license. Current This field displays the current date and time in to pop-open a list of users currently logged in the ZyWALL. VPN Status Click this to log in progress - Current Login User This field displays the user name used to look at the IP ...
...ZyWALL to system default configuration - The ZyWALL was turned on page 162. ZyWALL USG 50 User's Guide 161 System Status System Uptime This field displays how long the ZyWALL has been running since it last restarted or was unable to apply the lastgood.conf configuration file and fell back to the ZyWALL's DHCP clients...the license. Current This field displays the current date and time in to pop-open a list of users currently logged in the ZyWALL. VPN Status Click this to log in progress - Current Login User This field displays the user name used to look at the IP ...
User Manual
Page 165
...the icon beside DHCP Table in the dashboard. To access this screen, click VPN Status in the window right away. 8.2.5 The DHCP Table Screen Use this screen. Figure 119 Dashboard > DHCP Table ZyWALL USG 50 User's Guide 165 Refresh Interval Select how often you want this screen to ...the IP addresses currently assigned to update the information in the dashboard. Refresh Click this to DHCP clients and the IP addresses reserved for specific MAC addresses. Table 23 Dashboard > VPN Status LABEL DESCRIPTION # This field is a sequential value, and it is encapsulated. Figure 118 ...
...the icon beside DHCP Table in the dashboard. To access this screen, click VPN Status in the window right away. 8.2.5 The DHCP Table Screen Use this screen. Figure 119 Dashboard > DHCP Table ZyWALL USG 50 User's Guide 165 Refresh Interval Select how often you want this screen to ...the IP addresses currently assigned to update the information in the dashboard. Refresh Click this to DHCP clients and the IP addresses reserved for specific MAC addresses. Table 23 Dashboard > VPN Status LABEL DESCRIPTION # This field is a sequential value, and it is encapsulated. Figure 118 ...
User Manual
Page 169
...information. ZyWALL USG 50 User's...Section 9.3 on page 173) to see all of the ZyWALL's interfaces and their packet statistics. • Use the ...9.6 on page 181) to view the status of the ZyWALL's DDNS domain names. • Use the System Status >...a list of devices that have received an IP address from ZyWALL interfaces with IP/MAC binding enabled. • Use the ... look at a list of the users currently logged into the ZyWALL. • Use the System Status > Cellular Status screen (...VPN Monitor > IPSec screen (Section 9.11 on page 191) to display and manage active IPSec SAs. • Use the VPN...
...information. ZyWALL USG 50 User's...Section 9.3 on page 173) to see all of the ZyWALL's interfaces and their packet statistics. • Use the ...9.6 on page 181) to view the status of the ZyWALL's DDNS domain names. • Use the System Status >...a list of devices that have received an IP address from ZyWALL interfaces with IP/MAC binding enabled. • Use the ... look at a list of the users currently logged into the ZyWALL. • Use the System Status > Cellular Status screen (...VPN Monitor > IPSec screen (Section 9.11 on page 191) to display and manage active IPSec SAs. • Use the VPN...
User Manual
Page 191
... set to manage active IPSec SAs. Cancel Click Cancel to the WAN is how much of the application's traffic the ZyWALL has discarded without notifying the client (in kilobytes). So for a connection initiated from the LAN to the WAN, the traffic sent from the LAN to...the ZyWALL has discarded and notified the client that column's criteria. The following table describes the labels in kilobits per second. Click the heading cell again to sort the table entries by that the traffic was rejected (in kilobits per second. Figure 135 Monitor > VPN Monitor > IPSec ZyWALL USG 50 User's...
... set to manage active IPSec SAs. Cancel Click Cancel to the WAN is how much of the application's traffic the ZyWALL has discarded without notifying the client (in kilobytes). So for a connection initiated from the LAN to the WAN, the traffic sent from the LAN to...the ZyWALL has discarded and notified the client that column's criteria. The following table describes the labels in kilobits per second. Click the heading cell again to sort the table entries by that the traffic was rejected (in kilobits per second. Figure 135 Monitor > VPN Monitor > IPSec ZyWALL USG 50 User's...
User Manual
Page 193
..." matches, no matter how many characters are currently logged into the VPN SSL client portal. Table 41 Monitor > VPN Monitor > SSL LABEL DESCRIPTION Disconnect Select a connection and click this screen. Figure 136 Monitor > VPN Monitor > SSL The following : • View a list of ... Screen The ZyWALL keeps track of a VPN connection or policy name has the ZyWALL check the beginning and end and ignore the middle. ZyWALL USG 50 User's Guide 193 Click Monitor > VPN Monitor > SSL to specify any VPN connection or policy name starting with "abc". A VPN connection named ...
..." matches, no matter how many characters are currently logged into the VPN SSL client portal. Table 41 Monitor > VPN Monitor > SSL LABEL DESCRIPTION Disconnect Select a connection and click this screen. Figure 136 Monitor > VPN Monitor > SSL The following : • View a list of ... Screen The ZyWALL keeps track of a VPN connection or policy name has the ZyWALL check the beginning and end and ignore the middle. ZyWALL USG 50 User's Guide 193 Click Monitor > VPN Monitor > SSL to specify any VPN connection or policy name starting with "abc". A VPN connection named ...
User Manual
Page 377
... or the addresses of the devices behind the remote IPSec router). This creates a dynamic IPSec VPN rule that can initiate the VPN tunnel. ZyWALL USG 50 User's Guide 377 Only the remote IPSec router can let multiple clients connect. This ZyWALL is the client (dial-in users. Only this if the remote IPSec router has a static IP address...
... or the addresses of the devices behind the remote IPSec router). This creates a dynamic IPSec VPN rule that can initiate the VPN tunnel. ZyWALL USG 50 User's Guide 377 Only the remote IPSec router can let multiple clients connect. This ZyWALL is the client (dial-in users. Only this if the remote IPSec router has a static IP address...
User Manual
Page 382
... be a number. It may use . 382 ZyWALL USG 50 User's Guide Only the remote IPSec router can initiate the VPN tunnel. Select the VPN gateway this VPN connection is to pass through the IPSec SA. Table 113 Configuration > VPN > IPSec VPN > VPN Connection > Edit LABEL DESCRIPTION Show Advance Settings /...this check box to detect and reject old or duplicate packets to allow incoming connections from IPSec VPN clients. Enable Replay Select this if you the ZyWALL to send NetBIOS (Network Basic Input/Output System) packets through IPSec SAs in order to Detection ...
... be a number. It may use . 382 ZyWALL USG 50 User's Guide Only the remote IPSec router can initiate the VPN tunnel. Select the VPN gateway this VPN connection is to pass through the IPSec SA. Table 113 Configuration > VPN > IPSec VPN > VPN Connection > Edit LABEL DESCRIPTION Show Advance Settings /...this check box to detect and reject old or duplicate packets to allow incoming connections from IPSec VPN clients. Enable Replay Select this if you the ZyWALL to send NetBIOS (Network Basic Input/Output System) packets through IPSec SAs in order to Detection ...
User Manual
Page 411
... internal network. This allows them to perform the following tasks: ZyWALL USG 50 User's Guide 411 CHAPTER 24 SSL VPN 24.1 Overview Use SSL VPN to allow users to use a web browser for secure remote user login (the remote users do not need a VPN router or VPN client software. 24.1.1 What You Can Do in this Chapter •...
... internal network. This allows them to perform the following tasks: ZyWALL USG 50 User's Guide 411 CHAPTER 24 SSL VPN 24.1 Overview Use SSL VPN to allow users to use a web browser for secure remote user login (the remote users do not need a VPN router or VPN client software. 24.1.1 What You Can Do in this Chapter •...
User Manual
Page 420
This may take several minutes depending on user portal screens, refer to SSL VPN check box and try logging in the Login screen. Once the connection is not activated" message displays in again. Figure 246 SSL VPN Client Portal Screen Example If the user account is not set up for SSL VPN access, an "SSL VPN connection is up, you should see the client portal screen. Clear the Login to Chapter 25 on page 421. 420 ZyWALL USG 50 User's Guide The following shows an example. Chapter 24 SSL VPN 2 SSL VPN connection starts. For more information on your network connection.
This may take several minutes depending on user portal screens, refer to SSL VPN check box and try logging in the Login screen. Once the connection is not activated" message displays in again. Figure 246 SSL VPN Client Portal Screen Example If the user account is not set up for SSL VPN access, an "SSL VPN connection is up, you should see the client portal screen. Clear the Login to Chapter 25 on page 421. 420 ZyWALL USG 50 User's Guide The following shows an example. Chapter 24 SSL VPN 2 SSL VPN connection starts. For more information on your network connection.
User Manual
Page 788
... %s will not be injected to client side. There are no users or user groups configured for 'network' in SSL Policy %s. dns' value. The SSL VPN policy %s has been changed '2nd- The SSL VPN policy %s does not configure users or user groups. of SSL VPN policies. has been deleted. 788 ZyWALL USG 50 User's Guide Appendix A Log Descriptions...
... %s will not be injected to client side. There are no users or user groups configured for 'network' in SSL Policy %s. dns' value. The SSL VPN policy %s has been changed '2nd- The SSL VPN policy %s does not configure users or user groups. of SSL VPN policies. has been deleted. 788 ZyWALL USG 50 User's Guide Appendix A Log Descriptions...