User Manual
Page 3
.... • To find the information you require. ZyWALL USG 50 User's Guide 3 E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide, use the Command-Line Interface (CLI) to configure the ZyWALL. About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to want...
.... • To find the information you require. ZyWALL USG 50 User's Guide 3 E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide, use the Command-Line Interface (CLI) to configure the ZyWALL. About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to want...
User Manual
Page 5
... in this book may differ slightly from others who use ZyXEL products and share your vendor. Disclaimer Graphics in which you should contact your experiences as well. ZyWALL USG 50 User's Guide 5 Please have the following information ready when... you contact an office. • Product model and serial number. • Warranty Information. • Date that cannot be solved by the methods listed above, you bought the device. See http://www.zyxel.com/web/contact_us.php for the region in this manual...
... in this book may differ slightly from others who use ZyXEL products and share your vendor. Disclaimer Graphics in which you should contact your experiences as well. ZyWALL USG 50 User's Guide 5 Please have the following information ready when... you contact an office. • Product model and serial number. • Warranty Information. • Date that cannot be solved by the methods listed above, you bought the device. See http://www.zyxel.com/web/contact_us.php for the region in this manual...
User Manual
Page 19
...Begin 378 23.2 The VPN Connection Screen 378 23.2.1 The VPN Connection Add/Edit (IKE) Screen 380 23.2.2 The VPN Connection Add/Edit Manual Key Screen 387 23.3 The VPN Gateway Screen 390 23.3.1 The VPN Gateway Add/Edit Screen 391 23.4 IPSec VPN Background Information 399 Chapter ... 25.3 The SSL VPN User Screens 427 25.4 Bookmarking the ZyWALL 428 25.5 Logging Out of the SSL VPN User Screens 428 Chapter 26 SSL User Application Screens 431 26.1 SSL User Application Screens Overview 431 26.2 The Application Screen 431 Chapter 27 ZyWALL SecuExtender...433 ZyWALL USG 50 User's Guide 19
...Begin 378 23.2 The VPN Connection Screen 378 23.2.1 The VPN Connection Add/Edit (IKE) Screen 380 23.2.2 The VPN Connection Add/Edit Manual Key Screen 387 23.3 The VPN Gateway Screen 390 23.3.1 The VPN Gateway Add/Edit Screen 391 23.4 IPSec VPN Background Information 399 Chapter ... 25.3 The SSL VPN User Screens 427 25.4 Bookmarking the ZyWALL 428 25.5 Logging Out of the SSL VPN User Screens 428 Chapter 26 SSL User Application Screens 431 26.1 SSL User Application Screens Overview 431 26.2 The Application Screen 431 Chapter 27 ZyWALL SecuExtender...433 ZyWALL USG 50 User's Guide 19
User Manual
Page 35
... system processes, and then does a warm start occurs when you turn off . ZyWALL USG 50 User's Guide 35 Rebooting the ZyWALL A warm start and stop the system processes or write cached data to the ZyWALL. Clicking Maintenance > Shutdown > Shutdown or using the shutdown command Clicking Maintenance > ... then reboots. Wait for more information about the CLI. Chapter 1 Introducing the ZyWALL Console Port You can cause the firmware to start (without powering down and then manually turn off or remove the power. Disconnecting the power Power off occurs when you...
... system processes, and then does a warm start occurs when you turn off . ZyWALL USG 50 User's Guide 35 Rebooting the ZyWALL A warm start and stop the system processes or write cached data to the ZyWALL. Clicking Maintenance > Shutdown > Shutdown or using the shutdown command Clicking Maintenance > ... then reboots. Wait for more information about the CLI. Chapter 1 Introducing the ZyWALL Console Port You can cause the firmware to start (without powering down and then manually turn off or remove the power. Disconnecting the power Power off occurs when you...
User Manual
Page 176
... the report. Statistics Interface Select the interface from Ethernet, VLAN, bridge and PPPoE/PPTP interfaces. 176 ZyWALL USG 50 User's Guide Apply Click Apply to save your changes back to update it manually in the report. The progress is a limit on page 178 for more information. Chapter 9 Monitor ...You use the Traffic Statistics screen to tell the ZyWALL when to start and stop collecting information for these reports. ...
... the report. Statistics Interface Select the interface from Ethernet, VLAN, bridge and PPPoE/PPTP interfaces. 176 ZyWALL USG 50 User's Guide Apply Click Apply to save your changes back to update it manually in the report. The progress is a limit on page 178 for more information. Chapter 9 Monitor ...You use the Traffic Statistics screen to tell the ZyWALL when to start and stop collecting information for these reports. ...
User Manual
Page 192
...name vary. Timeout This field displays how many seconds the IPSec SA has been active. This field displays N/A if the IPSec SA uses manual keys. You can use a keyword or regular expression. Disconnect Select an IPSec SA and click this button to update the information in the... 30 alphanumeric and characters. The IP addresses, not the address objects, are displayed. For example, use the arrows to display on . 192 ZyWALL USG 50 User's Guide Chapter 9 Monitor Each field is encapsulated. Use up to specify abc, acc and so on each page. Search Click this IPSec...
...name vary. Timeout This field displays how many seconds the IPSec SA has been active. This field displays N/A if the IPSec SA uses manual keys. You can use a keyword or regular expression. Disconnect Select an IPSec SA and click this button to update the information in the... 30 alphanumeric and characters. The IP addresses, not the address objects, are displayed. For example, use the arrows to display on . 192 ZyWALL USG 50 User's Guide Chapter 9 Monitor Each field is encapsulated. Use up to specify abc, acc and so on each page. Search Click this IPSec...
User Manual
Page 201
... Refresh Click this screen. Figure 144 Anti-X > Content Filter > Cache The following table describes the labels in this button to remove them from the cache manually. Remove Select one or more URL entries and click Delete to reload the list of a categorized web site address record. ZyWALL USG 50 User's Guide 201
... Refresh Click this screen. Figure 144 Anti-X > Content Filter > Cache The following table describes the labels in this button to remove them from the cache manually. Remove Select one or more URL entries and click Delete to reload the list of a categorized web site address record. ZyWALL USG 50 User's Guide 201
User Manual
Page 225
...characters, and it does not know how to route the packet to add routing and SNAT settings for all computers in dot decimal notation. ZyWALL USG 50 User's Guide 225 It can be up to belong. This field is the MAC address that the Ethernet interface uses. Select the zone ... not used elsewhere. Enter the IP address of the gateway. The gateway should also change the IP address of your LAN interface, you must manually configure a policy route to its destination. External is the same for the interface. If you change a related address object for this interface. ...
...characters, and it does not know how to route the packet to add routing and SNAT settings for all computers in dot decimal notation. ZyWALL USG 50 User's Guide 225 It can be up to belong. This field is the MAC address that the Ethernet interface uses. Select the zone ... not used elsewhere. Enter the IP address of the gateway. The gateway should also change the IP address of your LAN interface, you must manually configure a policy route to its destination. External is the same for the interface. If you change a related address object for this interface. ...
User Manual
Page 228
...device's MAC address. RIP Setting See Section 14.2 on your network and the IP addresses that they are 1, 2, and 1 and 2. 228 ZyWALL USG 50 User's Guide Direction This field is effective when RIP is enabled. Send Version Receive Version Out-Only - Chapter 11 Interfaces Table 55 Configuration >...list box. Enable RIP Select this to assign this to make use specific IP addresses. In-Only - Select the RIP direction from manually using the interface's IP Pool Start Address and Pool Size. This interface sends and receives routing information. BiDir - The WINS server ...
...device's MAC address. RIP Setting See Section 14.2 on your network and the IP addresses that they are 1, 2, and 1 and 2. 228 ZyWALL USG 50 User's Guide Direction This field is effective when RIP is enabled. Send Version Receive Version Out-Only - Chapter 11 Interfaces Table 55 Configuration >...list box. Enable RIP Select this to assign this to make use specific IP addresses. In-Only - Select the RIP direction from manually using the interface's IP Pool Start Address and Pool Size. This interface sends and receives routing information. BiDir - The WINS server ...
User Manual
Page 229
...the factory assigned default MAC address, a manually specified MAC address, or clone the MAC address of this interface. Have the interface use the factory assigned default MAC address. ZyWALL USG 50 User's Guide 229 otherwise, the ZyWALL uses multicasting. OSPF Setting See Section 14...or BDR. Link Cost Enter the cost (between 1 and 255. As a result, this interface belongs. By default, the ZyWALL uses the factory assigned MAC address to eight characters long. Authentication Select an authentication method, or disable authentication. authenticate OSPF routing ...
...the factory assigned default MAC address, a manually specified MAC address, or clone the MAC address of this interface. Have the interface use the factory assigned default MAC address. ZyWALL USG 50 User's Guide 229 otherwise, the ZyWALL uses multicasting. OSPF Setting See Section 14...or BDR. Link Cost Enter the cost (between 1 and 255. As a result, this interface belongs. By default, the ZyWALL uses the factory assigned MAC address to eight characters long. Authentication Select an authentication method, or disable authentication. authenticate OSPF routing ...
User Manual
Page 232
...PPP interface. Connect To connect an interface, select it and click Edit to open a screen that shows which settings use this to manually establish the connection for an example. # This field is a sequential value, and it before doing so. You might use this ...in testing the interface. Table 57 Configuration > Network > Interface > PPP LABEL DESCRIPTION User Configuration / System Default The ZyWALL comes with any interface. 232 ZyWALL USG 50 User's Guide Configuration > Network > Interface > PPP Each field is not associated with the (non-removable) System Default ...
...PPP interface. Connect To connect an interface, select it and click Edit to open a screen that shows which settings use this to manually establish the connection for an example. # This field is a sequential value, and it before doing so. You might use this ...in testing the interface. Table 57 Configuration > Network > Interface > PPP LABEL DESCRIPTION User Configuration / System Default The ZyWALL comes with any interface. 232 ZyWALL USG 50 User's Guide Configuration > Network > Interface > PPP Each field is not associated with the (non-removable) System Default ...
User Manual
Page 235
... should always be up . Protocol This field is built. IP Address Assignment Click Advanced to use this option if a lot of this interface. ZyWALL USG 50 User's Guide 235 Base Interface Select the interface upon which gateway to display more gateways have the same priority, the... the same base interface. It displays the user name for the interface. In this interface. Dial-onDemand Select this to specify the IP address manually. It displays the PPPoE service name specified in the ISP account. It is enabled if you select Use Fixed IP Address. Use Create new...
... should always be up . Protocol This field is built. IP Address Assignment Click Advanced to use this option if a lot of this interface. ZyWALL USG 50 User's Guide 235 Base Interface Select the interface upon which gateway to display more gateways have the same priority, the... the same base interface. It displays the user name for the interface. In this interface. Dial-onDemand Select this to specify the IP address manually. It displays the PPPoE service name specified in the ISP account. It is enabled if you select Use Fixed IP Address. Use Create new...
User Manual
Page 236
... - 1492. Type the maximum size of each data packet, in bytes, that can move through the interface. Usually, this interface. 236 ZyWALL USG 50 User's Guide Policy Route Click Policy Route to go to make sure it is still available. If a larger packet arrives, the... a domain name or IP address for the connectivity check. Connectivity Check The interface can regularly check the connection to the gateway you can manually configure a policy route to the gateway the first time the gateway passes the connectivity check. Check Fail Tolerance Enter the number of consecutive...
... - 1492. Type the maximum size of each data packet, in bytes, that can move through the interface. Usually, this interface. 236 ZyWALL USG 50 User's Guide Policy Route Click Policy Route to go to make sure it is still available. If a larger packet arrives, the... a domain name or IP address for the connectivity check. Connectivity Check The interface can regularly check the connection to the gateway you can manually configure a policy route to the gateway the first time the gateway passes the connectivity check. Check Fail Tolerance Enter the number of consecutive...
User Manual
Page 239
...you can modify the entry's settings. This field displays the name of the cellular card. Click Apply to the ZyWALL. In the pop-up window that displays, select the slot that you want to create a new cellular interface.... back to save your 3G settings, click Configuration > Network > Interface > Cellular > Add (or Edit). The ZyWALL confirms you want to manually establish the connection. Inactivate To turn on page 230 for an example. # This field is a sequential value, ...and click Remove. This field displays the name of the interface. ZyWALL USG 50 User's Guide 239
...you can modify the entry's settings. This field displays the name of the cellular card. Click Apply to the ZyWALL. In the pop-up window that displays, select the slot that you want to create a new cellular interface.... back to save your 3G settings, click Configuration > Network > Interface > Cellular > Add (or Edit). The ZyWALL confirms you want to manually establish the connection. Inactivate To turn on page 230 for an example. # This field is a sequential value, ...and click Remove. This field displays the name of the interface. ZyWALL USG 50 User's Guide 239
User Manual
Page 241
...the idle timeout. ISP Settings Profile Selection Select Device to use alphanumeric and characters, and it displays none. Select Custom in the ZyWALL. ZyWALL USG 50 User's Guide 241 APN Select Custom to belong. This field is little traffic through the interface or if it costs money to ...keep the connection available. The zone determines the security settings the ZyWALL uses for the interface. Otherwise, it can enter up . You can use one in the profile selection to be able to manually input the APN (Access Point Name) provided by your ISP instructed...
...the idle timeout. ISP Settings Profile Selection Select Device to use alphanumeric and characters, and it displays none. Select Custom in the ZyWALL. ZyWALL USG 50 User's Guide 241 APN Select Custom to belong. This field is little traffic through the interface or if it costs money to ...keep the connection available. The zone determines the security settings the ZyWALL uses for the interface. Otherwise, it can enter up . You can use one in the profile selection to be able to manually input the APN (Access Point Name) provided by your ISP instructed...
User Manual
Page 244
...3G card to which you are not subscribed when necessary, for example when the home network is down , the ZyWALL's 3G Internet connection is exceeded during the month. 244 ZyWALL USG 50 User's Guide Select auto to have the 3G device connect only to an available network. Select Home to have ... networks are charged differently for the user account of network to you are originally subscribed. The ZyWALL decides which you select this option If your region. Select this if you want to manually specify the type of the installed 3G card. If you in this option If the ISP...
...3G card to which you are not subscribed when necessary, for example when the home network is down , the ZyWALL's 3G Internet connection is exceeded during the month. 244 ZyWALL USG 50 User's Guide Select auto to have the 3G device connect only to an available network. Select Home to have ... networks are charged differently for the user account of network to you are originally subscribed. The ZyWALL decides which you select this option If your region. Select this if you want to manually specify the type of the installed 3G card. If you in this option If the ISP...
User Manual
Page 251
...60 characters long. Use Fixed IP Address IP Address You should be up to a VRRP group. Enter the IP address of the VLAN interface. ZyWALL USG 50 User's Guide 251 This field is the same for all computers in the network. Gateway Enter the subnet mask of this interface. The subnet ...Chapter 11 Interfaces Each field is enabled if you select Use Fixed IP Address. Clear this to specify the IP address, subnet mask, and gateway manually. VLAN ID Enter the VLAN ID. It is read-only if you are reserved.) Description Enter a description of the IP address is enabled if...
...60 characters long. Use Fixed IP Address IP Address You should be up to a VRRP group. Enter the IP address of the VLAN interface. ZyWALL USG 50 User's Guide 251 This field is the same for all computers in the network. Gateway Enter the subnet mask of this interface. The subnet ...Chapter 11 Interfaces Each field is enabled if you select Use Fixed IP Address. Clear this to specify the IP address, subnet mask, and gateway manually. VLAN ID Enter the VLAN ID. It is read-only if you are reserved.) Description Enter a description of the IP address is enabled if...
User Manual
Page 254
... to assign to create a new entry. Select the RIP direction from manually using the interface's IP Pool Start Address and Pool Size. In-Only - This interface sends routing information. Otherwise, the ZyWALL assigns an IP address dynamically using a bound IP address on page 298...MAC Binding Select this option to help identify this interface. Direction This field is effective when RIP is enabled. otherwise, the ZyWALL uses multicasting. 254 ZyWALL USG 50 User's Guide This stops anyone else from the drop-down list box. RIP Setting See Section 14.2 on another device's...
... to assign to create a new entry. Select the RIP direction from manually using the interface's IP Pool Start Address and Pool Size. In-Only - This interface sends routing information. Otherwise, the ZyWALL assigns an IP address dynamically using a bound IP address on page 298...MAC Binding Select this option to help identify this interface. Direction This field is effective when RIP is enabled. otherwise, the ZyWALL uses multicasting. 254 ZyWALL USG 50 User's Guide This stops anyone else from the drop-down list box. RIP Setting See Section 14.2 on another device's...
User Manual
Page 255
...Choices are: Same-as-Area - disable authentication Text - ID MD5 Authentication Key This field is available if the Authentication is MD5. ZyWALL USG 50 User's Guide 255 MD5 This field is available if the Authentication is MD5. use . The password can consist of alphanumeric characters and..., this interface when the area is Text. Authentication Select an authentication method, or disable authentication. The ID can manually configure a policy route to the ZyWALL. Related Setting Configure WAN TRUNK Click WAN TRUNK to go to the screen where you can be the DR or...
...Choices are: Same-as-Area - disable authentication Text - ID MD5 Authentication Key This field is available if the Authentication is MD5. ZyWALL USG 50 User's Guide 255 MD5 This field is available if the Authentication is MD5. use . The password can consist of alphanumeric characters and..., this interface when the area is Text. Authentication Select an authentication method, or disable authentication. The ID can manually configure a policy route to the ZyWALL. Related Setting Configure WAN TRUNK Click WAN TRUNK to go to the screen where you can be the DR or...
User Manual
Page 261
Clear this interface. For example, br0, br3, and so on top of this to apply security settings such as firewall, IDP, remote management, anti-virus, and application patrol. It is 0 - 11. Select one VLAN interface. The format is brx, where x is not used in a different bridge interface Select one, and click the >> arrow to add it can use zones to disable this interface. Each bridge interface can become part of the bridge interface. Enter the name of configuration Settings / Hide fields. You use alphanumeric and characters, and it to 60 characters long. ...
Clear this interface. For example, br0, br3, and so on top of this to apply security settings such as firewall, IDP, remote management, anti-virus, and application patrol. It is 0 - 11. Select one VLAN interface. The format is brx, where x is not used in a different bridge interface Select one, and click the >> arrow to add it can use zones to disable this interface. Each bridge interface can become part of the bridge interface. Enter the name of configuration Settings / Hide fields. You use alphanumeric and characters, and it to 60 characters long. ...