User Manual
Page 9
Contents Overview Contents Overview User's Guide ...29 Introducing the ZyWALL ...31 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...109 Technical ... ...343 Authentication Policy ...349 Firewall ...357 IPSec VPN ...375 SSL VPN ...411 SSL User Screens ...421 SSL User Application Screens 431 ZyWALL SecuExtender ...433 Application Patrol ...437 Anti-Virus ...463 IDP ...479 ADP ...513 Content Filtering ...533 Content Filter Reports ...557 Anti-Spam ...565 User/Group ...583 ZyWALL USG 50 User's Guide 9
Contents Overview Contents Overview User's Guide ...29 Introducing the ZyWALL ...31 Features and Applications ...37 Web Configurator ...43 Installation Setup Wizard ...59 Quick Setup ...69 Configuration Basics ...87 Tutorials ...109 Technical ... ...343 Authentication Policy ...349 Firewall ...357 IPSec VPN ...375 SSL VPN ...411 SSL User Screens ...421 SSL User Application Screens 431 ZyWALL SecuExtender ...433 Application Patrol ...437 Anti-Virus ...463 IDP ...479 ADP ...513 Content Filtering ...533 Content Filter Reports ...557 Anti-Spam ...565 User/Group ...583 ZyWALL USG 50 User's Guide 9
User Manual
Page 11
... of Contents...11 Part I: User's Guide 29 Chapter 1 Introducing the ZyWALL ...31 1.1 Overview and Key Default Settings 31 1.2 Rack-mounted Installation 32...ZyWALL 35 Chapter 2 Features and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...40 2.2.2 SSL VPN Network Access 40 2.2.3 User-Aware Access Control 42 2.2.4 Multiple WAN Interfaces 42 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...45 3.3.2 Navigation Panel ...47 ZyWALL USG 50...
... of Contents...11 Part I: User's Guide 29 Chapter 1 Introducing the ZyWALL ...31 1.1 Overview and Key Default Settings 31 1.2 Rack-mounted Installation 32...ZyWALL 35 Chapter 2 Features and Applications ...37 2.1 Features ...37 2.2 Applications ...39 2.2.1 VPN Connectivity ...40 2.2.2 SSL VPN Network Access 40 2.2.3 User-Aware Access Control 42 2.2.4 Multiple WAN Interfaces 42 Chapter 3 Web Configurator...43 3.1 Web Configurator Requirements 43 3.2 Web Configurator Access ...43 3.3 Web Configurator Screens Overview 45 3.3.1 Title Bar ...45 3.3.2 Navigation Panel ...47 ZyWALL USG 50...
User Manual
Page 12
... Interface Types ...89 6.2.2 Default Interface and Zone Configuration 89 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50 User's Guide Finish 66 4.2 Device Registration ...66 Chapter 5 Quick Setup ...69 5.1... Quick Setup Overview ...69 5.2 WAN Interface Quick Setup 70 5.2.1 Choose an Ethernet Interface 70 5.2.2 Select WAN Type ...70 5.2.3 Configure WAN Settings 71 5.2.4 WAN and ISP Connection Settings 72 5.2.5 Quick Setup Interface Wizard: Summary 74 5.3 VPN Quick Setup ...75 5.4 VPN...
... Interface Types ...89 6.2.2 Default Interface and Zone Configuration 89 6.3 Terminology in the ZyWALL 91 12 ZyWALL USG 50 User's Guide Finish 66 4.2 Device Registration ...66 Chapter 5 Quick Setup ...69 5.1... Quick Setup Overview ...69 5.2 WAN Interface Quick Setup 70 5.2.1 Choose an Ethernet Interface 70 5.2.2 Select WAN Type ...70 5.2.3 Configure WAN Settings 71 5.2.4 WAN and ISP Connection Settings 72 5.2.5 Quick Setup Interface Wizard: Summary 74 5.3 VPN Quick Setup ...75 5.4 VPN...
User Manual
Page 13
Policy ...100 6.5.14 Firewall ...101 6.5.15 IPSec VPN ...102 6.5.16 SSL VPN ...102 6.5.17 Application Patrol 102 6.5.18 Anti-Virus ...103 6.5.19 IDP ...103 6.5.20 ADP ...103 6.5.21 Content Filter ...104 6.5.22 Anti-Spam ......Interface 110 7.1.2 Configure Port Roles 111 7.1.3 Configure the DMZ Interface for a Local Network 111 7.1.4 Configure Zones ...112 7.2 How to Configure a Cellular Interface 113 ZyWALL USG 50 User's Guide 13 Table of Contents 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 6.5.1 ...
Policy ...100 6.5.14 Firewall ...101 6.5.15 IPSec VPN ...102 6.5.16 SSL VPN ...102 6.5.17 Application Patrol 102 6.5.18 Anti-Virus ...103 6.5.19 IDP ...103 6.5.20 ADP ...103 6.5.21 Content Filter ...104 6.5.22 Anti-Spam ......Interface 110 7.1.2 Configure Port Roles 111 7.1.3 Configure the DMZ Interface for a Local Network 111 7.1.4 Configure Zones ...112 7.2 How to Configure a Cellular Interface 113 ZyWALL USG 50 User's Guide 13 Table of Contents 6.4 Packet Flow ...91 6.4.1 Routing Table Checking Flow 92 6.4.2 NAT Table Checking Flow 94 6.5 Feature Configuration Overview 95 6.5.1 ...
User Manual
Page 14
... Available Bandwidth on Ethernet Interfaces 115 7.3.2 Configure the WAN Trunk 116 7.4 How to Set Up an IPSec VPN Tunnel 118 7.4.1 Set Up the VPN Gateway 119 7.4.2 Set Up the VPN Connection 120 7.4.3 Configure Security Policies for the VPN Tunnel 121 7.5 How to Configure User-aware Access Control 122 7.5.1 Set Up User Accounts 122 7.5.2 Set... 152 7.12.1 Create the Public IP Address Range Object 152 7.12.2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
... Available Bandwidth on Ethernet Interfaces 115 7.3.2 Configure the WAN Trunk 116 7.4 How to Set Up an IPSec VPN Tunnel 118 7.4.1 Set Up the VPN Gateway 119 7.4.2 Set Up the VPN Connection 120 7.4.3 Configure Security Policies for the VPN Tunnel 121 7.5 How to Configure User-aware Access Control 122 7.5.1 Set Up User Accounts 122 7.5.2 Set... 152 7.12.1 Create the Public IP Address Range Object 152 7.12.2 Configure the Policy Route 153 Part II: Technical Reference 155 Chapter 8 Dashboard ...157 14 ZyWALL USG 50 User's Guide
User Manual
Page 15
... Do in this Chapter 157 8.2 The Dashboard Screen ...157 8.2.1 The CPU Usage Screen 162 8.2.2 The Memory Usage Screen 163 8.2.3 The Active Sessions Screen 164 8.2.4 The VPN Status Screen 165 8.2.5 The DHCP Table Screen 165 8.2.6 The Number of Login Users Screen 166 Chapter 9 Monitor...169 9.1 Overview ...169 9.1.1 What You Can Do in... 9.17 The Anti-Spam Statistics Screen 203 9.18 The Anti-Spam Status Screen 205 9.19 Log Screen ...206 Chapter 10 Registration ...209 10.1 Overview ...209 ZyWALL USG 50 User's Guide 15
... Do in this Chapter 157 8.2 The Dashboard Screen ...157 8.2.1 The CPU Usage Screen 162 8.2.2 The Memory Usage Screen 163 8.2.3 The Active Sessions Screen 164 8.2.4 The VPN Status Screen 165 8.2.5 The DHCP Table Screen 165 8.2.6 The Number of Login Users Screen 166 Chapter 9 Monitor...169 9.1 Overview ...169 9.1.1 What You Can Do in... 9.17 The Anti-Spam Statistics Screen 203 9.18 The Anti-Spam Status Screen 205 9.19 Log Screen ...206 Chapter 10 Registration ...209 10.1 Overview ...209 ZyWALL USG 50 User's Guide 15
User Manual
Page 19
... Policy Add/Edit Screen 414 24.3 The SSL Global Setting Screen 416 24.3.1 How to Upload a Custom Logo 418 24.4 Establishing an SSL VPN Connection 419 Chapter 25 SSL User Screens ...421 25.1 Overview ...421 25.1.1 What You Need to Know 421 25.2 Remote User Login ...422... 25.3 The SSL VPN User Screens 427 25.4 Bookmarking the ZyWALL 428 25.5 Logging Out of the SSL VPN User Screens 428 Chapter 26 SSL User Application Screens 431 26.1 SSL User Application Screens Overview 431 26.2 The Application Screen 431 Chapter 27 ZyWALL SecuExtender...433 ZyWALL USG 50 User's Guide 19
... Policy Add/Edit Screen 414 24.3 The SSL Global Setting Screen 416 24.3.1 How to Upload a Custom Logo 418 24.4 Establishing an SSL VPN Connection 419 Chapter 25 SSL User Screens ...421 25.1 Overview ...421 25.1.1 What You Need to Know 421 25.2 Remote User Login ...422... 25.3 The SSL VPN User Screens 427 25.4 Bookmarking the ZyWALL 428 25.5 Logging Out of the SSL VPN User Screens 428 Chapter 26 SSL User Application Screens 431 26.1 SSL User Application Screens Overview 431 26.2 The Application Screen 431 Chapter 27 ZyWALL SecuExtender...433 ZyWALL USG 50 User's Guide 19
User Manual
Page 24
Table of Contents 40.1.2 Before You Begin 627 40.1.3 Example: Selecting a VPN Authentication Method 627 40.2 Authentication Method Objects 628 40.2.1 Creating an Authentication Method Object 629 Chapter 41 Certificates ...633 41.1 Overview ...633 41.1.1 What You ... Can Do in this Chapter 666 44.1.2 What You Need to Know 666 44.2 Endpoint Security Screen 667 44.3 Endpoint Security Add/Edit 669 24 ZyWALL USG 50 User's Guide
Table of Contents 40.1.2 Before You Begin 627 40.1.3 Example: Selecting a VPN Authentication Method 627 40.2 Authentication Method Objects 628 40.2.1 Creating an Authentication Method Object 629 Chapter 41 Certificates ...633 41.1 Overview ...633 41.1.1 What You ... Can Do in this Chapter 666 44.1.2 What You Need to Know 666 44.2 Endpoint Security Screen 667 44.3 Endpoint Security Add/Edit 669 24 ZyWALL USG 50 User's Guide
User Manual
Page 31
...network and enforce security policies efficiently. The ZyWALL lets you set ports to be part of the ZyWALL's features. Its flexible configuration helps network administrators set up the network and enforce security policies efficiently. ZyWALL USG 50 User's Guide 31 The DeMilitarized Zone (...detailed overview of the LAN1, or DMZ. Flexible configuration helps you set up multiple networks for your company. The ZyWALL's security features include VPN, firewall, anti-virus, content filtering, IDP (Intrusion Detection and Prevention), ADP (Anomaly Detection and Protection), and ...
...network and enforce security policies efficiently. The ZyWALL lets you set ports to be part of the ZyWALL's features. Its flexible configuration helps network administrators set up the network and enforce security policies efficiently. ZyWALL USG 50 User's Guide 31 The DeMilitarized Zone (...detailed overview of the LAN1, or DMZ. Flexible configuration helps you set up multiple networks for your company. The ZyWALL's security features include VPN, firewall, anti-virus, content filtering, IDP (Intrusion Detection and Prevention), ADP (Anomaly Detection and Protection), and ...
User Manual
Page 37
.... • One or more 3G (cellular) connections. The ZyWALL also offers hub-and-spoke IPSec VPN. As a result, it is much simpler to set up and to zones. You can create your own custom zones. ZyWALL USG 50 User's Guide 37 High Availability To ensure the ZyWALL provides reliable, secure Internet access, set up one or...
.... • One or more 3G (cellular) connections. The ZyWALL also offers hub-and-spoke IPSec VPN. As a result, it is much simpler to set up and to zones. You can create your own custom zones. ZyWALL USG 50 User's Guide 37 High Availability To ensure the ZyWALL provides reliable, secure Internet access, set up one or...
User Manual
Page 40
Figure 5 Applications: VPN Connectivity 2.2.2 SSL VPN Network Access You can also set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to remote users. 40 ZyWALL USG 50 User's Guide Chapter 2 Features and Applications 2.2.1 VPN Connectivity Set up additional connections to the Internet to provide better service. You can configure the ZyWALL to provide SSL VPN network access to your network.
Figure 5 Applications: VPN Connectivity 2.2.2 SSL VPN Network Access You can also set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to remote users. 40 ZyWALL USG 50 User's Guide Chapter 2 Features and Applications 2.2.1 VPN Connectivity Set up additional connections to the Internet to provide better service. You can configure the ZyWALL to provide SSL VPN network access to your network.
User Manual
Page 48
...ZyWALL USG 50 User's Guide IDP Collect and display statistics on the viruses that the ZyWALL has detected. Chapter 3 Web Configurator Table 6 Monitor Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION AppPatrol Statistics Displays bandwidth and protocol statistics. Log Lists log entries. 3.3.2.3 Configuration Menu Use the configuration menu screens to configure the ZyWALL... device and activate trial services. SSL Lists users currently logged into the VPN SSL client portal. VPN Monitor IPSec Displays and manages the active IPSec SAs. Content Filter Report Collect ...
...ZyWALL USG 50 User's Guide IDP Collect and display statistics on the viruses that the ZyWALL has detected. Chapter 3 Web Configurator Table 6 Monitor Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION AppPatrol Statistics Displays bandwidth and protocol statistics. Log Lists log entries. 3.3.2.3 Configuration Menu Use the configuration menu screens to configure the ZyWALL... device and activate trial services. SSL Lists users currently logged into the VPN SSL client portal. VPN Monitor IPSec Displays and manages the active IPSec SAs. Content Filter Report Collect ...
User Manual
Page 49
...) for devices connected to all connections. ZyWALL USG 50 User's Guide 49 Exempt List Configure ranges of IP addresses to force user authentication. VLAN Create and manage VLAN interfaces and virtual VLAN interfaces. NAT Set up and manage HTTP redirection rules. Global Setting Configure the ZyWALL's SSL VPN settings that apply to each supported interface...
...) for devices connected to all connections. ZyWALL USG 50 User's Guide 49 Exempt List Configure ranges of IP addresses to force user authentication. VLAN Create and manage VLAN interfaces and virtual VLAN interfaces. NAT Set up and manage HTTP redirection rules. Global Setting Configure the ZyWALL's SSL VPN settings that apply to each supported interface...
User Manual
Page 61
... display if you selected static IP address assignment. • IP Subnet Mask: Enter the subnet mask for VPN, DDNS and the time server. Enter a DNS server's IP address(es). ZyWALL USG 50 User's Guide 61 Figure 28 Internet Access: Ethernet Encapsulation • Encapsulation: This displays the type of Internet...extremely important because without it, you must know the IP address of a computer before you by your (static) public IP address. The ZyWALL uses these (in the previous screen. Leave the field as the IP Address Assignment in the order you specify here) to you can access...
... display if you selected static IP address assignment. • IP Subnet Mask: Enter the subnet mask for VPN, DDNS and the time server. Enter a DNS server's IP address(es). ZyWALL USG 50 User's Guide 61 Figure 28 Internet Access: Ethernet Encapsulation • Encapsulation: This displays the type of Internet...extremely important because without it, you must know the IP address of a computer before you by your (static) public IP address. The ZyWALL uses these (in the previous screen. Leave the field as the IP Address Assignment in the order you specify here) to you can access...
User Manual
Page 63
The Domain Name System (DNS) maps a domain name to resolve domain names for VPN, DDNS and the time server. The ZyWALL uses these (in the order you selected static IP address assignment. The DNS server is the security zone to which this interface and Internet connection... a DNS server's IP address(es). Leave the field as the IP Address Assignment in order to configure DNS servers. Figure 30 Internet Access: PPTP Encapsulation ZyWALL USG 50 User's Guide 63 If you do not configure a DNS server, you must know the IP address of a machine in the previous screen. • First / Second...
The Domain Name System (DNS) maps a domain name to resolve domain names for VPN, DDNS and the time server. The ZyWALL uses these (in the order you selected static IP address assignment. The DNS server is the security zone to which this interface and Internet connection... a DNS server's IP address(es). Leave the field as the IP Address Assignment in order to configure DNS servers. Figure 30 Internet Access: PPTP Encapsulation ZyWALL USG 50 User's Guide 63 If you do not configure a DNS server, you must know the IP address of a machine in the previous screen. • First / Second...
User Manual
Page 64
...; Type a Base IP Address (static) assigned to you by your ISP. • Zone This is the security zone to configure DNS servers. 64 ZyWALL USG 50 User's Guide Leave the field as the IP Address Assignment in the order you specify here) to 31 characters long. 4.1.5.2 WAN IP Address Assignments •...Type the User Name given to time out. The ZyWALL uses these (in the previous screen. • First / Second DNS Server: These fields display if you can be up to an IP address and vice versa. Select an authentication protocol for VPN, DDNS and the time server. Re-type your (...
...; Type a Base IP Address (static) assigned to you by your ISP. • Zone This is the security zone to configure DNS servers. 64 ZyWALL USG 50 User's Guide Leave the field as the IP Address Assignment in the order you specify here) to 31 characters long. 4.1.5.2 WAN IP Address Assignments •...Type the User Name given to time out. The ZyWALL uses these (in the previous screen. • First / Second DNS Server: These fields display if you can be up to an IP address and vice versa. Select an authentication protocol for VPN, DDNS and the time server. Re-type your (...
User Manual
Page 69
... connection to set up a WAN (Internet) connection. See Section 5.4 on page 70. • VPN SETUP Use VPN SETUP to open the first Quick Setup screen. ZyWALL USG 50 User's Guide 69 See the feature-specific chapters in the Web Configurator. This wizard creates matching ISP ...account settings in the ZyWALL if you configure Internet and VPN connection settings. CHAPTER 5 Quick Setup 5.1 Quick ...
... connection to set up a WAN (Internet) connection. See Section 5.4 on page 70. • VPN SETUP Use VPN SETUP to open the first Quick Setup screen. ZyWALL USG 50 User's Guide 69 See the feature-specific chapters in the Web Configurator. This wizard creates matching ISP ...account settings in the ZyWALL if you configure Internet and VPN connection settings. CHAPTER 5 Quick Setup 5.1 Quick ...
User Manual
Page 74
...you do not configure a DNS server, you specify here) to configure DNS servers. The ZyWALL uses a system DNS server (in the order you must know the IP address of the PPTP server. 74 ZyWALL USG 50 User's Guide Click Next to the Internet. Table 12 Interface Wizard: Summary WAN LABEL ...and only appears for a PPTP interface. Click Back to return to access it . If you do not want to resolve domain names for VPN, DDNS and the time server. It displays the PPPoE service name specified in this interface uses to connect to continue. 5.2.5 Quick Setup Interface...
...you do not configure a DNS server, you specify here) to configure DNS servers. The ZyWALL uses a system DNS server (in the order you must know the IP address of the PPTP server. 74 ZyWALL USG 50 User's Guide Click Next to the Internet. Table 12 Interface Wizard: Summary WAN LABEL ...and only appears for a PPTP interface. Click Back to return to access it . If you do not want to resolve domain names for VPN, DDNS and the time server. It displays the PPPoE service name specified in this interface uses to connect to continue. 5.2.5 Quick Setup Interface...
User Manual
Page 75
... connection can use later in the main Quick Setup screen to you specified a connection ID, it displays here. Figure 41 VPN Quick Setup Wizard ZyWALL USG 50 User's Guide 75 Yes means the ZyWALL uses the idle timeout. Idle Timeout This is static or dynamic (Auto). First DNS Server If the IP Address Assignment is...
... connection can use later in the main Quick Setup screen to you specified a connection ID, it displays here. Figure 41 VPN Quick Setup Wizard ZyWALL USG 50 User's Guide 75 Yes means the ZyWALL uses the idle timeout. Idle Timeout This is static or dynamic (Auto). First DNS Server If the IP Address Assignment is...
User Manual
Page 76
... ZLD-based ZyWALL or other IPSec device. 76 ZyWALL USG 50 User's Guide Advanced: Use this wizard to configure detailed VPN security settings such as using a pre-shared key and default security settings. Figure 42 VPN Setup Wizard: Wizard Type Express: Use this wizard to create a VPN connection with another ZLD-based ZyWALL using certificates. The VPN connection can...
... ZLD-based ZyWALL or other IPSec device. 76 ZyWALL USG 50 User's Guide Advanced: Use this wizard to configure detailed VPN security settings such as using a pre-shared key and default security settings. Figure 42 VPN Setup Wizard: Wizard Type Express: Use this wizard to create a VPN connection with another ZLD-based ZyWALL using certificates. The VPN connection can...