User Manual
Page 9
Contents Overview Contents Overview User's Guide ...29 Introducing the ZyWALL ...31 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...109 Technical Reference ...155 Dashboard ...157 Monitor ...169 ...357 IPSec VPN ...375 SSL VPN ...411 SSL User Screens ...421 SSL User Application Screens 431 ZyWALL SecuExtender ...433 Application Patrol ...437 Anti-Virus ...463 IDP ...479 ADP ...513 Content Filtering ...533 Content Filter Reports ...557 Anti-Spam ...565 User/Group ...583 ZyWALL USG 50 User's...
Contents Overview Contents Overview User's Guide ...29 Introducing the ZyWALL ...31 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...109 Technical Reference ...155 Dashboard ...157 Monitor ...169 ...357 IPSec VPN ...375 SSL VPN ...411 SSL User Screens ...421 SSL User Application Screens 431 ZyWALL SecuExtender ...433 Application Patrol ...437 Anti-Virus ...463 IDP ...479 ADP ...513 Content Filtering ...533 Content Filter Reports ...557 Anti-Spam ...565 User/Group ...583 ZyWALL USG 50 User's...
User Manual
Page 12
... Configuration 89 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50 User's Guide Phase 1 Settings 82 5.5.6 VPN Advanced Wizard - Phase 2 84 5.5.7 VPN Advanced Wizard - Second WAN Interface 65 4.1.7 Internet Access - Configuration 78 5.5.2 VPN Express Wizard - Summary 85 5.5.8 VPN Advanced Wizard - Finish 80 5.5.4 VPN Advanced Wizard - Finish 66 4.2 Device Registration ...66 Chapter 5 Quick Setup ...69 5.1 Quick Setup Overview ...69 5.2 WAN Interface Quick...
... Configuration 89 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50 User's Guide Phase 1 Settings 82 5.5.6 VPN Advanced Wizard - Phase 2 84 5.5.7 VPN Advanced Wizard - Second WAN Interface 65 4.1.7 Internet Access - Configuration 78 5.5.2 VPN Express Wizard - Summary 85 5.5.8 VPN Advanced Wizard - Finish 80 5.5.4 VPN Advanced Wizard - Finish 66 4.2 Device Registration ...66 Chapter 5 Quick Setup ...69 5.1 Quick Setup Overview ...69 5.2 WAN Interface Quick...
User Manual
Page 14
... Configure the WAN Trunk 116 7.4 How to Set Up an IPSec VPN Tunnel 118 7.4.1 Set Up the VPN Gateway 119 7.4.2 Set Up the VPN Connection 120 7.4.3 Configure Security Policies for the VPN Tunnel 121 7.5 How to Configure User-aware Access Control 122 7.5.1 Set...Use an IPPBX on the DMZ 146 7.11.1 Turn On the ALG ...148 7.11.2 Create the Address Objects 148 7.11.3 Setup a NAT Policy for the IPPBX 149 7.11.4 Set Up a WAN to DMZ Firewall Rule for SIP 150 7.11.5 Set ....2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
... Configure the WAN Trunk 116 7.4 How to Set Up an IPSec VPN Tunnel 118 7.4.1 Set Up the VPN Gateway 119 7.4.2 Set Up the VPN Connection 120 7.4.3 Configure Security Policies for the VPN Tunnel 121 7.5 How to Configure User-aware Access Control 122 7.5.1 Set...Use an IPPBX on the DMZ 146 7.11.1 Turn On the ALG ...148 7.11.2 Create the Address Objects 148 7.11.3 Setup a NAT Policy for the IPPBX 149 7.11.4 Set Up a WAN to DMZ Firewall Rule for SIP 150 7.11.5 Set ....2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
User Manual
Page 15
... 8.2.1 The CPU Usage Screen 162 8.2.2 The Memory Usage Screen 163 8.2.3 The Active Sessions Screen 164 8.2.4 The VPN Status Screen 165 8.2.5 The DHCP Table Screen 165 8.2.6 The Number of Login Users Screen 166 Chapter 9 Monitor... Status Screen ...183 9.9.1 More Information ...185 9.10 Application Patrol Statistics 186 9.10.1 Application Patrol Statistics: General Setup 187 9.10.2 Application Patrol Statistics: Bandwidth Statistics 188 9.10.3 Application Patrol Statistics: Protocol Statistics 189 9.10.4 ...Chapter 10 Registration ...209 10.1 Overview ...209 ZyWALL USG 50 User's Guide 15
... 8.2.1 The CPU Usage Screen 162 8.2.2 The Memory Usage Screen 163 8.2.3 The Active Sessions Screen 164 8.2.4 The VPN Status Screen 165 8.2.5 The DHCP Table Screen 165 8.2.6 The Number of Login Users Screen 166 Chapter 9 Monitor... Status Screen ...183 9.9.1 More Information ...185 9.10 Application Patrol Statistics 186 9.10.1 Application Patrol Statistics: General Setup 187 9.10.2 Application Patrol Statistics: Bandwidth Statistics 188 9.10.3 Application Patrol Statistics: Protocol Statistics 189 9.10.4 ...Chapter 10 Registration ...209 10.1 Overview ...209 ZyWALL USG 50 User's Guide 15
User Manual
Page 48
... signatures immediately or by a schedule. Network 48 ZyWALL USG 50 User's Guide You can also log out individual users...IDP Collect and display statistics on the viruses that the ZyWALL has detected. Signature Update Anti-Virus Update anti-virus ... that the ZyWALL has detected. Licensing Registration Registration Register the device and activate trial services. VPN Monitor IPSec ...VPN SSL client portal. Anti-Spam Report Collect and display spam statistics. Log Lists log entries. 3.3.2.3 Configuration Menu Use the configuration menu screens to configure the ZyWALL...
... signatures immediately or by a schedule. Network 48 ZyWALL USG 50 User's Guide You can also log out individual users...IDP Collect and display statistics on the viruses that the ZyWALL has detected. Signature Update Anti-Virus Update anti-virus ... that the ZyWALL has detected. Licensing Registration Registration Register the device and activate trial services. VPN Monitor IPSec ...VPN SSL client portal. Anti-Spam Report Collect and display spam statistics. Log Lists log entries. 3.3.2.3 Configuration Menu Use the configuration menu screens to configure the ZyWALL...
User Manual
Page 61
... address assignment. The following fields display if you selected static IP address assignment. • IP Subnet Mask: Enter the subnet mask for VPN, DDNS and the time server. Auto displays if you selected Auto as the IP Address Assignment in the order you by your (static)...server is the security zone to which this interface and Internet connection will belong. • IP Address: Enter your ISP. ZyWALL USG 50 User's Guide 61 Chapter 4 Installation Setup Wizard Note: Enter the Internet access information exactly as given to you specify here) to resolve domain names for this WAN ...
... address assignment. The following fields display if you selected static IP address assignment. • IP Subnet Mask: Enter the subnet mask for VPN, DDNS and the time server. Auto displays if you selected Auto as the IP Address Assignment in the order you by your (static)...server is the security zone to which this interface and Internet connection will belong. • IP Address: Enter your ISP. ZyWALL USG 50 User's Guide 61 Chapter 4 Installation Setup Wizard Note: Enter the Internet access information exactly as given to you specify here) to resolve domain names for this WAN ...
User Manual
Page 63
The ZyWALL uses these (in the order you do not configure a DNS server, you must know the IP address of a ...it . Auto displays if you selected Auto as the IP Address Assignment in order to resolve domain names for VPN, DDNS and the time server. Chapter 4 Installation Setup Wizard 4.1.3.2 WAN IP Address Assignments • WAN Interface: This is the name of the interface that will ... Internet access information exactly as given to an IP address and vice versa. Figure 30 Internet Access: PPTP Encapsulation ZyWALL USG 50 User's Guide 63 Enter a DNS server's IP address(es).
The ZyWALL uses these (in the order you do not configure a DNS server, you must know the IP address of a ...it . Auto displays if you selected Auto as the IP Address Assignment in order to resolve domain names for VPN, DDNS and the time server. Chapter 4 Installation Setup Wizard 4.1.3.2 WAN IP Address Assignments • WAN Interface: This is the name of the interface that will ... Internet access information exactly as given to an IP address and vice versa. Figure 30 Internet Access: PPTP Encapsulation ZyWALL USG 50 User's Guide 63 Enter a DNS server's IP address(es).
User Manual
Page 64
...4 Installation Setup Wizard 4.1.5 ISP Parameters • Authentication Type - Options are configuring to connect with your ISP. • Zone This is optional and depends on the interface you configure to 64 ASCII characters except the [] and ?. Your ZyWALL accepts CHAP...it , you must follow the "c:id" and "n:name" format. Select an authentication protocol for VPN, DDNS and the time server. Your ZyWALL accepts MSCHAP only. • MSCHAP-V2 - This field can use alphanumeric and _@$./ characters,...Assignment in the next field to configure DNS servers. 64 ZyWALL USG 50 User's Guide
...4 Installation Setup Wizard 4.1.5 ISP Parameters • Authentication Type - Options are configuring to connect with your ISP. • Zone This is optional and depends on the interface you configure to 64 ASCII characters except the [] and ?. Your ZyWALL accepts CHAP...it , you must follow the "c:id" and "n:name" format. Select an authentication protocol for VPN, DDNS and the time server. Your ZyWALL accepts MSCHAP only. • MSCHAP-V2 - This field can use alphanumeric and _@$./ characters,...Assignment in the next field to configure DNS servers. 64 ZyWALL USG 50 User's Guide
User Manual
Page 69
... PPTP. See Section 5.2 on page 70. • VPN SETUP Use VPN SETUP to open the first Quick Setup screen. ZyWALL USG 50 User's Guide 69 This chapter provides information on page 76. This wizard creates matching ISP account settings in the ZyWALL if you configure Internet and VPN connection settings. Figure 34 Quick Setup • WAN Interface Click this User's Guide...
... PPTP. See Section 5.2 on page 70. • VPN SETUP Use VPN SETUP to open the first Quick Setup screen. ZyWALL USG 50 User's Guide 69 This chapter provides information on page 76. This wizard creates matching ISP account settings in the ZyWALL if you configure Internet and VPN connection settings. Figure 34 Quick Setup • WAN Interface Click this User's Guide...
User Manual
Page 74
...it, you must know the IP address of the PPTP server. 74 ZyWALL USG 50 User's Guide The ZyWALL uses a system DNS server (in the order you can access it . Click Next to resolve domain names for VPN, DDNS and the time server. Server IP This field only appears for...labels in the ISP account. Table 12 Interface Wizard: Summary WAN LABEL DESCRIPTION Encapsulation This displays what encapsulation this screen. Chapter 5 Quick Setup Table 11 WAN and ISP Connection Settings (continued) LABEL DESCRIPTION First DNS Server Second DNS Server These fields only display for mapping a...
...it, you must know the IP address of the PPTP server. 74 ZyWALL USG 50 User's Guide The ZyWALL uses a system DNS server (in the order you can access it . Click Next to resolve domain names for VPN, DDNS and the time server. Server IP This field only appears for...labels in the ISP account. Table 12 Interface Wizard: Summary WAN LABEL DESCRIPTION Encapsulation This displays what encapsulation this screen. Chapter 5 Quick Setup Table 11 WAN and ISP Connection Settings (continued) LABEL DESCRIPTION First DNS Server Second DNS Server These fields only display for mapping a...
User Manual
Page 75
... settings and address objects that you specified a connection ID, it displays here. Figure 41 VPN Quick Setup Wizard ZyWALL USG 50 User's Guide 75 Second DNS Server Close Click Close to exit the wizard. 5.3 VPN Quick Setup Click VPN Setup in configuring more VPN connections or other features. Nailed-Up If No displays the connection will belong. Click Next. Idle...
... settings and address objects that you specified a connection ID, it displays here. Figure 41 VPN Quick Setup Wizard ZyWALL USG 50 User's Guide 75 Second DNS Server Close Click Close to exit the wizard. 5.3 VPN Quick Setup Click VPN Setup in configuring more VPN connections or other features. Nailed-Up If No displays the connection will belong. Click Next. Idle...
User Manual
Page 76
... select which type of VPN connection you want to configure. Chapter 5 Quick Setup 5.4 VPN Setup Wizard: Wizard Type A VPN (Virtual Private Network) tunnel is a secure connection to another ZLD-based ZyWALL or other IPSec device. 76 ZyWALL USG 50 User's Guide Use this wizard to create a VPN connection with another ZLD-based ZyWALL using certificates. Figure 42 VPN Setup Wizard: Wizard Type Express...
... select which type of VPN connection you want to configure. Chapter 5 Quick Setup 5.4 VPN Setup Wizard: Wizard Type A VPN (Virtual Private Network) tunnel is a secure connection to another ZLD-based ZyWALL or other IPSec device. 76 ZyWALL USG 50 User's Guide Use this wizard to create a VPN connection with another ZLD-based ZyWALL using certificates. Figure 42 VPN Setup Wizard: Wizard Type Express...
User Manual
Page 77
... server. Only the remote IPSec device can initiate the VPN tunnel. • Remote Access (Client Role) - Figure 43 VPN Express Wizard: Step 2 Rule Name: Type the name used to -site with Dynamic Peer - This ZyWALL can initiate the VPN tunnel. ZyWALL USG 50 User's Guide 77 Chapter 5 Quick Setup 5.5 VPN Express Wizard - The clients have dynamic IP addresses and...
... server. Only the remote IPSec device can initiate the VPN tunnel. • Remote Access (Client Role) - Figure 43 VPN Express Wizard: Step 2 Rule Name: Type the name used to -site with Dynamic Peer - This ZyWALL can initiate the VPN tunnel. ZyWALL USG 50 User's Guide 77 Chapter 5 Quick Setup 5.5 VPN Express Wizard - The clients have dynamic IP addresses and...
User Manual
Page 78
... WAN IP address or domain name of the remote IPSec device (secure gateway) to 31 pairs of the VPN tunnel must match the local IP address configured on the remote IPSec device. 78 ZyWALL USG 50 User's Guide Use 8 to 31 case-sensitive ASCII characters or 8 to identify the remote IPSec router by its..., it is not used on both ends. • Local Policy (IP/Mask): Type the IP address of a computer behind the remote IPSec device. Chapter 5 Quick Setup 5.5.1 VPN Express Wizard - You can also specify a subnet. This must match the remote IP address configured on your network.
... WAN IP address or domain name of the remote IPSec device (secure gateway) to 31 pairs of the VPN tunnel must match the local IP address configured on the remote IPSec device. 78 ZyWALL USG 50 User's Guide Use 8 to 31 case-sensitive ASCII characters or 8 to identify the remote IPSec router by its..., it is not used on both ends. • Local Policy (IP/Mask): Type the IP address of a computer behind the remote IPSec device. Chapter 5 Quick Setup 5.5.1 VPN Express Wizard - You can also specify a subnet. This must match the remote IP address configured on your network.
User Manual
Page 79
See the commands reference guide for Secure Gateway commands into another ZLD-based ZyWALL's command line interface to configure it . Chapter 5 Quick Setup 5.5.2 VPN Express Wizard - You can also use a text editor to run the script in this field displays Any, ... • Secure Gateway: IP address or domain name of the VPN tunnel's configuration and also commands that can initiate the VPN connection. • Pre-Shared Key: VPN tunnel password. If this VPN tunnel. Then you can use the tunnel. ZyWALL USG 50 User's Guide 79 If this list. It identifies a communicating party...
See the commands reference guide for Secure Gateway commands into another ZLD-based ZyWALL's command line interface to configure it . Chapter 5 Quick Setup 5.5.2 VPN Express Wizard - You can also use a text editor to run the script in this field displays Any, ... • Secure Gateway: IP address or domain name of the VPN tunnel's configuration and also commands that can initiate the VPN connection. • Pre-Shared Key: VPN tunnel password. If this VPN tunnel. Then you can use the tunnel. ZyWALL USG 50 User's Guide 79 If this list. It identifies a communicating party...
User Manual
Page 80
Click Close to exit the wizard. 80 ZyWALL USG 50 User's Guide Finish Now you have not already done so, use the VPN tunnel. Figure 46 VPN Express Wizard: Step 6 Note: If you can use the myZyXEL.com link and register your ZyWALL with myZyXEL.com and activate trials of services like Content Filter. Chapter 5 Quick Setup 5.5.3 VPN Express Wizard -
Click Close to exit the wizard. 80 ZyWALL USG 50 User's Guide Finish Now you have not already done so, use the VPN tunnel. Figure 46 VPN Express Wizard: Step 6 Note: If you can use the myZyXEL.com link and register your ZyWALL with myZyXEL.com and activate trials of services like Content Filter. Chapter 5 Quick Setup 5.5.3 VPN Express Wizard -
User Manual
Page 81
...known as shown in users. Chapter 5 Quick Setup 5.5.4 VPN Advanced Wizard - Choose this to -site with Dynamic Peer - Only the remote IPSec device can initiate the VPN tunnel. • Site-to allow incoming connections from IPSec VPN clients. You may use 1-31 alphanumeric characters,... remote IPSec device has a dynamic IP address. Choose this VPN connection (and VPN gateway). Select the scenario that best describes your intended VPN connection. Only the clients can initiate the VPN tunnel. ZyWALL USG 50 User's Guide 81 Scenario Click the Advanced radio button as dial...
...known as shown in users. Chapter 5 Quick Setup 5.5.4 VPN Advanced Wizard - Choose this to -site with Dynamic Peer - Only the remote IPSec device can initiate the VPN tunnel. • Site-to allow incoming connections from IPSec VPN clients. You may use 1-31 alphanumeric characters,... remote IPSec device has a dynamic IP address. Choose this VPN connection (and VPN gateway). Select the scenario that best describes your intended VPN connection. Only the clients can initiate the VPN tunnel. ZyWALL USG 50 User's Guide 81 Scenario Click the Advanced radio button as dial...
User Manual
Page 82
...: Multiple SAs connecting through a secure gateway must know the same secret key, which can initiate the VPN tunnel. 5.5.5 VPN Advanced Wizard - Chapter 5 Quick Setup • Remote Access (Client Role) - This ZyWALL is the client (dial-in this field is configurable, enter the WAN IP address or domain name of... a dynamic WAN IP address. • My Address (interface): Select an interface from dynamic IP addresses to use on DES 82 ZyWALL USG 50 User's Guide phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA (Security Association).
...: Multiple SAs connecting through a secure gateway must know the same secret key, which can initiate the VPN tunnel. 5.5.5 VPN Advanced Wizard - Chapter 5 Quick Setup • Remote Access (Client Role) - This ZyWALL is the client (dial-in this field is configurable, enter the WAN IP address or domain name of... a dynamic WAN IP address. • My Address (interface): Select an interface from dynamic IP addresses to use on DES 82 ZyWALL USG 50 User's Guide phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA (Security Association).
User Manual
Page 83
Chapter 5 Quick Setup that uses a 168-bit key. AES128 uses a 128-bit key and is there before... a password or Certificate to the remote IPSec device. If it responds, the ZyWALL transmits the data. Note: The remote IPSec device must pass through the IKE SA. ZyWALL USG 50 User's Guide 83 MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) ...processing power, resulting in the main IPSec VPN screens or the User's Guide VPN, NAT, and NAT Traversal on page 403 for at least 15 seconds, the ZyWALL sends a message to use one of the ZyWALL's certificates. If there has been no traffic...
Chapter 5 Quick Setup that uses a 168-bit key. AES128 uses a 128-bit key and is there before... a password or Certificate to the remote IPSec device. If it responds, the ZyWALL transmits the data. Note: The remote IPSec device must pass through the IKE SA. ZyWALL USG 50 User's Guide 83 MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) ...processing power, resulting in the main IPSec VPN screens or the User's Guide VPN, NAT, and NAT Traversal on page 403 for at least 15 seconds, the ZyWALL sends a message to use one of the ZyWALL's certificates. If there has been no traffic...
User Manual
Page 102
... that uses TCP/IP for assigning to clients, DNS and WINS server addresses), to-ZyWALL firewall, firewall WHERE USED Policy routes, zones Example: See Chapter 7 on page 109. 6.5.16 SSL VPN Use SSL VPN to use the Quick Setup VPN Setup wizard. You can also use application patrol. These are only used as criteria in... when they can do so). You can subscribe using it. 1 Create a user account for Bob (User/Group). 102 ZyWALL USG 50 User's Guide Example: Suppose you can also specify allowed amounts of the wizards. You must subscribe to give remote users secure network access. MENU ITEM...
... that uses TCP/IP for assigning to clients, DNS and WINS server addresses), to-ZyWALL firewall, firewall WHERE USED Policy routes, zones Example: See Chapter 7 on page 109. 6.5.16 SSL VPN Use SSL VPN to use the Quick Setup VPN Setup wizard. You can also use application patrol. These are only used as criteria in... when they can do so). You can subscribe using it. 1 Create a user account for Bob (User/Group). 102 ZyWALL USG 50 User's Guide Example: Suppose you can also specify allowed amounts of the wizards. You must subscribe to give remote users secure network access. MENU ITEM...