User Manual
Page 3
E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide, use the Contents Overview, the Table of features available on the ZyWALL. • Read Chapter 3 on page 43 for web browser requirements and an introduction to the main components, icons and menus in...the Command-Line Interface (CLI) to configure the ZyWALL. ZyWALL USG 50 User's Guide 3 About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to want to configure the ZyWALL using the quick setup wizards and you want more detailed information than what...
E-mail techwriters@zyxel.com.tw if you cannot find specific information in this guide, use the Contents Overview, the Table of features available on the ZyWALL. • Read Chapter 3 on page 43 for web browser requirements and an introduction to the main components, icons and menus in...the Command-Line Interface (CLI) to configure the ZyWALL. ZyWALL USG 50 User's Guide 3 About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to want to configure the ZyWALL using the quick setup wizards and you want more detailed information than what...
User Manual
Page 9
Contents Overview Contents Overview User's Guide ...29 Introducing the ZyWALL ...31 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...109 Technical Reference ...155 Dashboard ...157 Monitor ...169 Registration ......375 SSL VPN ...411 SSL User Screens ...421 SSL User Application Screens 431 ZyWALL SecuExtender ...433 Application Patrol ...437 Anti-Virus ...463 IDP ...479 ADP ...513 Content Filtering ...533 Content Filter Reports ...557 Anti-Spam ...565 User/Group ...583 ZyWALL USG 50 User's Guide 9
Contents Overview Contents Overview User's Guide ...29 Introducing the ZyWALL ...31 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...109 Technical Reference ...155 Dashboard ...157 Monitor ...169 Registration ......375 SSL VPN ...411 SSL User Screens ...421 SSL User Application Screens 431 ZyWALL SecuExtender ...433 Application Patrol ...437 Anti-Virus ...463 IDP ...479 ADP ...513 Content Filtering ...533 Content Filter Reports ...557 Anti-Spam ...565 User/Group ...583 ZyWALL USG 50 User's Guide 9
User Manual
Page 12
...Table of Contents 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 Chapter 4 Installation Setup Wizard ...59 4.1 Installation Setup Wizard Screens 59 4.1.1 Internet Access Setup - Second WAN Interface 65 4.1.7 Internet Access - Scenario 81 5.5.5 VPN Advanced Wizard - ...Setup - Configuration 78 5.5.2 VPN Express Wizard - Finish 86 Chapter 6 Configuration Basics...87 6.1 Object-based Configuration 87 6.2 Zones, Interfaces, and Physical Ports 88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 89 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50...
...Table of Contents 3.3.3 Main Window ...52 3.3.4 Tables and Lists ...54 Chapter 4 Installation Setup Wizard ...59 4.1 Installation Setup Wizard Screens 59 4.1.1 Internet Access Setup - Second WAN Interface 65 4.1.7 Internet Access - Scenario 81 5.5.5 VPN Advanced Wizard - ...Setup - Configuration 78 5.5.2 VPN Express Wizard - Finish 86 Chapter 6 Configuration Basics...87 6.1 Object-based Configuration 87 6.2 Zones, Interfaces, and Physical Ports 88 6.2.1 Interface Types ...89 6.2.2 Default Interface and Zone Configuration 89 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50...
User Manual
Page 14
... Rule 145 7.11 How to Use an IPPBX on the DMZ 146 7.11.1 Turn On the ALG ...148 7.11.2 Create the Address Objects 148 7.11.3 Setup a NAT Policy for the IPPBX 149 7.11.4 Set Up a WAN to DMZ Firewall Rule for SIP 150 7.11.5 Set Up a DMZ to LAN Firewall Rule... 152 7.12.1 Create the Public IP Address Range Object 152 7.12.2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
... Rule 145 7.11 How to Use an IPPBX on the DMZ 146 7.11.1 Turn On the ALG ...148 7.11.2 Create the Address Objects 148 7.11.3 Setup a NAT Policy for the IPPBX 149 7.11.4 Set Up a WAN to DMZ Firewall Rule for SIP 150 7.11.5 Set Up a DMZ to LAN Firewall Rule... 152 7.12.1 Create the Public IP Address Range Object 152 7.12.2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
User Manual
Page 15
...Monitor ...181 9.8 The Login Users Screen 182 9.9 Cellular Status Screen ...183 9.9.1 More Information ...185 9.10 Application Patrol Statistics 186 9.10.1 Application Patrol Statistics: General Setup 187 9.10.2 Application Patrol Statistics: Bandwidth Statistics 188 9.10.3 Application Patrol Statistics: Protocol Statistics 189 9.10.4 Application Patrol Statistics: Individual Protocol Statistics by Rule 190...17 The Anti-Spam Statistics Screen 203 9.18 The Anti-Spam Status Screen 205 9.19 Log Screen ...206 Chapter 10 Registration ...209 10.1 Overview ...209 ZyWALL USG 50 User's Guide 15
...Monitor ...181 9.8 The Login Users Screen 182 9.9 Cellular Status Screen ...183 9.9.1 More Information ...185 9.10 Application Patrol Statistics 186 9.10.1 Application Patrol Statistics: General Setup 187 9.10.2 Application Patrol Statistics: Bandwidth Statistics 188 9.10.3 Application Patrol Statistics: Protocol Statistics 189 9.10.4 Application Patrol Statistics: Individual Protocol Statistics by Rule 190...17 The Anti-Spam Statistics Screen 203 9.18 The Anti-Spam Status Screen 205 9.19 Log Screen ...206 Chapter 10 Registration ...209 10.1 Overview ...209 ZyWALL USG 50 User's Guide 15
User Manual
Page 34
... Figure 4 Managing the ZyWALL: Web Configurator Command-Line Interface (CLI) The CLI allows you to use the following ways to configure the ZyWALL. Web Configurator The Web Configurator allows easy ZyWALL setup and management using remote ...management (for more information about the Web Configurator. Red On The ZyWALL had an error or has failed. 1, 2 ... Blinking The ZyWALL is not ready or has failed. This User's Guide provides information about the CLI. 34 ZyWALL USG 50...
... Figure 4 Managing the ZyWALL: Web Configurator Command-Line Interface (CLI) The CLI allows you to use the following ways to configure the ZyWALL. Web Configurator The Web Configurator allows easy ZyWALL setup and management using remote ...management (for more information about the Web Configurator. Red On The ZyWALL had an error or has failed. 1, 2 ... Blinking The ZyWALL is not ready or has failed. This User's Guide provides information about the CLI. 34 ZyWALL USG 50...
User Manual
Page 43
CHAPTER 3 Web Configurator The ZyWALL Web Configurator allows easy ZyWALL setup and management using an Internet browser. 3.1 Web Configurator Requirements In order to use the Web Configurator, you must • Use Internet Explorer 7 or later, or ... default) • Enable Java permissions (enabled by default) • Enable cookies The recommended screen resolution is 1024 x 768 pixels. 3.2 Web Configurator Access 1 Make sure your ZyWALL hardware is properly connected. See the Quick Start Guide. ZyWALL USG 50 User's Guide 43
CHAPTER 3 Web Configurator The ZyWALL Web Configurator allows easy ZyWALL setup and management using an Internet browser. 3.1 Web Configurator Requirements In order to use the Web Configurator, you must • Use Internet Explorer 7 or later, or ... default) • Enable Java permissions (enabled by default) • Enable cookies The recommended screen resolution is 1024 x 768 pixels. 3.2 Web Configurator Access 1 Make sure your ZyWALL hardware is properly connected. See the Quick Start Guide. ZyWALL USG 50 User's Guide 43
User Manual
Page 45
...Login screen (Figure 9 on page 44) appears after you change the password for the default user account, this screen. Figure 12 Title Bar ZyWALL USG 50 User's Guide 45 Figure 11 Dashboard A BC 3.3 Web Configurator Screens Overview The Web Configurator screen is using the default user name and default... appears every time you log in using its default configuration (see Chapter 4 on page 59); If you click Ignore, the Installation Setup Wizard opens if the ZyWALL is divided into these parts (as shown next. Follow the directions in the upper right corner. title bar • B -...
...Login screen (Figure 9 on page 44) appears after you change the password for the default user account, this screen. Figure 12 Title Bar ZyWALL USG 50 User's Guide 45 Figure 11 Dashboard A BC 3.3 Web Configurator Screens Overview The Web Configurator screen is using the default user name and default... appears every time you log in using its default configuration (see Chapter 4 on page 59); If you click Ignore, the Installation Setup Wizard opens if the ZyWALL is divided into these parts (as shown next. Follow the directions in the upper right corner. title bar • B -...
User Manual
Page 48
...entries. 3.3.2.3 Configuration Menu Use the configuration menu screens to configure the ZyWALL's features. Content Filter Report Collect and display content filter statistics Cache Manage the ZyWALL's URL cache. Table 7 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION Quick Setup Quickly configure WAN interfaces or VPN connections. Chapter 3 Web Configurator ... statistics. VPN Monitor IPSec Displays and manages the active IPSec SAs. IDP Collect and display statistics on the viruses that the ZyWALL has detected. Network 48 ZyWALL USG 50 User's Guide
...entries. 3.3.2.3 Configuration Menu Use the configuration menu screens to configure the ZyWALL's features. Content Filter Report Collect and display content filter statistics Cache Manage the ZyWALL's URL cache. Table 7 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION Quick Setup Quickly configure WAN interfaces or VPN connections. Chapter 3 Web Configurator ... statistics. VPN Monitor IPSec Displays and manages the active IPSec SAs. IDP Collect and display statistics on the viruses that the ZyWALL has detected. Network 48 ZyWALL USG 50 User's Guide
User Manual
Page 59
... to Dashboard to skip the installation setup wizard or click Next to configure and the first WAN interface's type of encapsulation and method of IP address assignment. This chapter provides information on configuring the Web Configurator's installation setup wizard. ZyWALL USG 50 User's Guide 59 CHAPTER 4 Installation Setup Wizard 4.1 Installation Setup Wizard Screens If you configure Internet...
... to Dashboard to skip the installation setup wizard or click Next to configure and the first WAN interface's type of encapsulation and method of IP address assignment. This chapter provides information on configuring the Web Configurator's installation setup wizard. ZyWALL USG 50 User's Guide 59 CHAPTER 4 Installation Setup Wizard 4.1 Installation Setup Wizard Screens If you configure Internet...
User Manual
Page 60
Chapter 4 Installation Setup Wizard The screens vary depending on the encapsulation type. Leave it to you are configuring the first WAN interface. • Encapsulation: Choose the Ethernet option ... are configuring for a dial-up connection according to the information from your ISP. • WAN Interface: This is used as your IP address settings. 60 ZyWALL USG 50 User's Guide Otherwise, choose PPPoE or PPTP for Internet access. • Zone: This is read-only if you don't have two ISPs: Select this screen...
Chapter 4 Installation Setup Wizard The screens vary depending on the encapsulation type. Leave it to you are configuring the first WAN interface. • Encapsulation: Choose the Ethernet option ... are configuring for a dial-up connection according to the information from your ISP. • WAN Interface: This is used as your IP address settings. 60 ZyWALL USG 50 User's Guide Otherwise, choose PPPoE or PPTP for Internet access. • Zone: This is read-only if you don't have two ISPs: Select this screen...
User Manual
Page 61
...computer before you by your (static) public IP address. Leave the field as 0.0.0.0 if you specify here) to configure DNS servers. ZyWALL USG 50 User's Guide 61 Figure 28 Internet Access: Ethernet Encapsulation • Encapsulation: This displays the type of Internet connection you are configuring. ... Address Assignment in the previous screen. The DNS server is the security zone to you can access it. Chapter 4 Installation Setup Wizard Note: Enter the Internet access information exactly as given to which this interface and Internet connection will belong. • ...
...computer before you by your (static) public IP address. Leave the field as 0.0.0.0 if you specify here) to configure DNS servers. ZyWALL USG 50 User's Guide 61 Figure 28 Internet Access: Ethernet Encapsulation • Encapsulation: This displays the type of Internet connection you are configuring. ... Address Assignment in the previous screen. The DNS server is the security zone to you can access it. Chapter 4 Installation Setup Wizard Note: Enter the Internet access information exactly as given to which this interface and Internet connection will belong. • ...
User Manual
Page 62
Chapter 4 Installation Setup Wizard 4.1.3 Internet Access: PPPoE Note: Enter the Internet access information exactly as given to 64 ASCII characters except the [] and ?. Select an authentication protocol for outgoing connection requests. Your ZyWALL accepts PAP only. • ...ZyWALL accepts CHAP only. • PAP - Otherwise, type the Idle Timeout in seconds that elapses before the router automatically disconnects from your ISP. Figure 29 Internet Access: PPPoE Encapsulation 4.1.3.1 ISP Parameters • Type the PPPoE Service Name from the PPPoE server. 62 ZyWALL USG 50...
Chapter 4 Installation Setup Wizard 4.1.3 Internet Access: PPPoE Note: Enter the Internet access information exactly as given to 64 ASCII characters except the [] and ?. Select an authentication protocol for outgoing connection requests. Your ZyWALL accepts PAP only. • ...ZyWALL accepts CHAP only. • PAP - Otherwise, type the Idle Timeout in seconds that elapses before the router automatically disconnects from your ISP. Figure 29 Internet Access: PPPoE Encapsulation 4.1.3.1 ISP Parameters • Type the PPPoE Service Name from the PPPoE server. 62 ZyWALL USG 50...
User Manual
Page 63
...Auto as the IP Address Assignment in the order you specify here) to resolve domain names for VPN, DDNS and the time server. The ZyWALL uses these (in the previous screen. • First / Second DNS Server: These fields display if you selected static IP address assignment....address of a machine in order to access it . Figure 30 Internet Access: PPTP Encapsulation ZyWALL USG 50 User's Guide 63 The Domain Name System (DNS) maps a domain name to configure DNS servers. Chapter 4 Installation Setup Wizard 4.1.3.2 WAN IP Address Assignments • WAN Interface: This is the name of a...
...Auto as the IP Address Assignment in the order you specify here) to resolve domain names for VPN, DDNS and the time server. The ZyWALL uses these (in the previous screen. • First / Second DNS Server: These fields display if you selected static IP address assignment....address of a machine in order to access it . Figure 30 Internet Access: PPTP Encapsulation ZyWALL USG 50 User's Guide 63 The Domain Name System (DNS) maps a domain name to configure DNS servers. Chapter 4 Installation Setup Wizard 4.1.3.2 WAN IP Address Assignments • WAN Interface: This is the name of a...
User Manual
Page 64
... are : • CHAP/PAP - The Domain Name System (DNS) maps a domain name to 64 ASCII characters except the [] and ?. Chapter 4 Installation Setup Wizard 4.1.5 ISP Parameters • Authentication Type - Use up to 31 characters long. • Type the Password associated with a modem or router. • ... / Second DNS Server: These fields display if you specify here) to configure DNS servers. 64 ZyWALL USG 50 User's Guide Your ZyWALL accepts MSCHAP only. • MSCHAP-V2 - Your ZyWALL accepts MSCHAP-V2 only. • Type the User Name given to you do not want to ...
... are : • CHAP/PAP - The Domain Name System (DNS) maps a domain name to 64 ASCII characters except the [] and ?. Chapter 4 Installation Setup Wizard 4.1.5 ISP Parameters • Authentication Type - Use up to 31 characters long. • Type the Password associated with a modem or router. • ... / Second DNS Server: These fields display if you specify here) to configure DNS servers. 64 ZyWALL USG 50 User's Guide Your ZyWALL accepts MSCHAP only. • MSCHAP-V2 - Your ZyWALL accepts MSCHAP-V2 only. • Type the User Name given to you do not want to ...
User Manual
Page 65
Chapter 4 Installation Setup Wizard 4.1.6 Internet Access Setup - The screens for configuring the second WAN interface are similar to the first (see Section 4.1.1 on page 59). Figure 31 Internet Access: Step 3: Second WAN Interface ZyWALL USG 50 User's Guide 65 Second WAN Interface If you selected I have two ISPs, after you configure the First WAN Interface, you can configure the Second WAN Interface.
Chapter 4 Installation Setup Wizard 4.1.6 Internet Access Setup - The screens for configuring the second WAN interface are similar to the first (see Section 4.1.1 on page 59). Figure 31 Internet Access: Step 3: Second WAN Interface ZyWALL USG 50 User's Guide 65 Second WAN Interface If you selected I have two ISPs, after you configure the First WAN Interface, you can configure the Second WAN Interface.
User Manual
Page 66
... trials of subscription security features if you can still activate any ). Click Next and use the following screen to register. 66 ZyWALL USG 50 User's Guide If you want to register your account details, click myZyXEL.com. Figure 32 Internet Access: Ethernet Encapsulation Note: ..., close the window to exit the wizard. 4.2 Device Registration Use this screen displays your ZyWALL with myZXEL.com and activate trial periods of services like Content Filter. Chapter 4 Installation Setup Wizard 4.1.7 Internet Access - Finish You have not already done so. If they are activated...
... trials of subscription security features if you can still activate any ). Click Next and use the following screen to register. 66 ZyWALL USG 50 User's Guide If you want to register your account details, click myZyXEL.com. Figure 32 Internet Access: Ethernet Encapsulation Note: ..., close the window to exit the wizard. 4.2 Device Registration Use this screen displays your ZyWALL with myZXEL.com and activate trial periods of services like Content Filter. Chapter 4 Installation Setup Wizard 4.1.7 Internet Access - Finish You have not already done so. If they are activated...
User Manual
Page 67
...haven't created an account at myZyXEL.com, select this option and configure the following fields to create an account and register your ZyWALL. • Select existing myZyXEL.com account if you already have an account at myZyXEL.com and enter your user name and password... country from six to register your ZyWALL. • Enter a User Name for your service subscription status. Click Check to verify that it again in the fields below to 20 alphanumeric characters (and the underscore). ZyWALL USG 50 User's Guide 67 Chapter 4 Installation Setup Wizard Use the Registration > Service screen...
...haven't created an account at myZyXEL.com, select this option and configure the following fields to create an account and register your ZyWALL. • Select existing myZyXEL.com account if you already have an account at myZyXEL.com and enter your user name and password... country from six to register your ZyWALL. • Enter a User Name for your service subscription status. Click Check to verify that it again in the fields below to 20 alphanumeric characters (and the underscore). ZyWALL USG 50 User's Guide 67 Chapter 4 Installation Setup Wizard Use the Registration > Service screen...
User Manual
Page 68
Figure 33 Registraton: Registered Device 68 ZyWALL USG 50 User's Guide After the trial expires, you activate the trial. Chapter 4 Installation Setup Wizard • Trial Service Activation: You can buy an iCard and enter the license key in the Registration > Service screen to extend the service. The trial period starts the day you can try a trial service subscription.
Figure 33 Registraton: Registered Device 68 ZyWALL USG 50 User's Guide After the trial expires, you activate the trial. Chapter 4 Installation Setup Wizard • Trial Service Activation: You can buy an iCard and enter the license key in the Registration > Service screen to extend the service. The trial period starts the day you can try a trial service subscription.
User Manual
Page 69
This chapter provides information on configuring the quick setup screens in the ZyWALL if you configure Internet and VPN connection settings. Figure 34 Quick Setup • WAN Interface Click this User's Guide for a secure connection to set up a WAN (Internet) ... to open the first Quick Setup screen. See Section 5.4 on page 70. • VPN SETUP Use VPN SETUP to configure a VPN (Virtual Private Network) tunnel for background information. ZyWALL USG 50 User's Guide 69 CHAPTER 5 Quick Setup 5.1 Quick Setup Overview The Web Configurator's quick setup wizards help you use PPPoE...
This chapter provides information on configuring the quick setup screens in the ZyWALL if you configure Internet and VPN connection settings. Figure 34 Quick Setup • WAN Interface Click this User's Guide for a secure connection to set up a WAN (Internet) ... to open the first Quick Setup screen. See Section 5.4 on page 70. • VPN SETUP Use VPN SETUP to configure a VPN (Virtual Private Network) tunnel for background information. ZyWALL USG 50 User's Guide 69 CHAPTER 5 Quick Setup 5.1 Quick Setup Overview The Web Configurator's quick setup wizards help you use PPPoE...