Zyxel-communications 200 Series Manuale Utente

www.zyxel.comZyWALL USG 100/200 SeriesUnified Security GatewayUser’s GuideVersion 2.105/2008Edition 1DEFAULT LOGINLAN1 Port P4IP Address http://192.1

Contents OverviewZyWALL USG 100/200 Series User’s Guide10Anti-X ...

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide1004.8.4 VPN Advanced WizardClick the Advanced radio button as shown in Figure 34 on page

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide1014.8.5 VPN Advanced Wizard - Remote Gateway The Remote Gateway policy identifies the I

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide102The following table describes the labels in this screen.4.8.6 VPN Advanced Wizard - Ph

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide103" Multiple SAs connecting through a secure gateway must have the same negotiation

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide104The following table describes the labels in this screen.Table 20 VPN Advanced Wizard:

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide1054.8.7 VPN Advanced Wizard - Phase 2 Active Protocol: ESP is compatible with NAT, AH i

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide1064.8.8 VPN Advanced Wizard - Summary This summary of VPN tunnel settings is read-only.N

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide107Figure 43 VPN Wizard: Step 6: Advanced" If you have not already done so, you ca

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide108

ZyWALL USG 100/200 Series User’s Guide109CHAPTER 5 Configuration BasicsThis section provides information to help you configure the ZyWALL effectively

Table of ContentsZyWALL USG 100/200 Series User’s Guide11Table of ContentsAbout This User's Guide...

Chapter 5 Configuration BasicsZyWALL USG 100/200 Series User’s Guide1105.2 Zones, Interfaces, and Physical PortsZones (groups of interfaces and VPN t

Chapter 5 Configuration BasicsZyWALL USG 100/200 Series User’s Guide111• Bridge interfaces create a software connection between Ethernet or VLAN inte

Chapter 5 Configuration BasicsZyWALL USG 100/200 Series User’s Guide112Table 24 ZyWALL USG 100 Default Port, Interface, and Zone Configuration• The

Chapter 5 Configuration BasicsZyWALL USG 100/200 Series User’s Guide1135.4 Feature Configuration OverviewThis section provides information about co

Chapter 5 Configuration BasicsZyWALL USG 100/200 Series User’s Guide114" PREQUISITES or WHERE USED does not appear if there are no prerequisites

Chapter 5 Configuration BasicsZyWALL USG 100/200 Series User’s Guide115Example: See Chapter 6 on page 125.5.4.5 SSL VPNUse SSL VPN to provide secure

Chapter 5 Configuration BasicsZyWALL USG 100/200 Series User’s Guide116Example: See Chapter 6 on page 125.5.4.9 DDNSDynamic DNS maps a domain name to

Chapter 5 Configuration BasicsZyWALL USG 100/200 Series User’s Guide117" The ZyWALL checks the policy routes in the order that they are listed.

Chapter 5 Configuration BasicsZyWALL USG 100/200 Series User’s Guide1185.4.13 Application PatrolUse application patrol to control which individuals c

Chapter 5 Configuration BasicsZyWALL USG 100/200 Series User’s Guide1195.4.16 ADPUse ADP to detect and take action on traffic and protocol anomalies

Table of ContentsZyWALL USG 100/200 Series User’s Guide123.1 Web Configurator Requirements ...

Chapter 5 Configuration BasicsZyWALL USG 100/200 Series User’s Guide120The ZyWALL does not check to-ZyWALL firewall rules for packets that are redirec

Chapter 5 Configuration BasicsZyWALL USG 100/200 Series User’s Guide1215.5 ObjectsObjects store information and are referenced by other features. If

Chapter 5 Configuration BasicsZyWALL USG 100/200 Series User’s Guide1225.6 System Management and MaintenanceThis section introduces some of the manag

Chapter 5 Configuration BasicsZyWALL USG 100/200 Series User’s Guide1235.6.3 Licensing RegistrationUse these screens to register your ZyWALL and sub

Chapter 5 Configuration BasicsZyWALL USG 100/200 Series User’s Guide124

ZyWALL USG 100/200 Series User’s Guide125CHAPTER 6 TutorialsThis chapter provides some examples of using the web configurator to set up features in t

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide126Click Network > Interface > Ethernet and the wan1 interface’s Edit icon. Configure t

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide127Figure 48 Network > Interface > Ethernet > Edit opt 2 Set DHCP to DHCP Server

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide128Figure 49 Network > Interface > Ethernet > Edit opt > More Settings 6.1.3 H

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide1296.2 How to Configure a Cellular InterfaceUse 3G cards for cellular WAN (Internet) connec

Table of ContentsZyWALL USG 100/200 Series User’s Guide135.2 Zones, Interfaces, and Physical Ports ...

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide130Figure 52 Network > Interface > Cellular > Edit 5 Go to the Status screen. The

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide131Figure 53 Status The ZyWALL automatically balances the traffic load amongst the availab

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide1321 Click Object > User/Group > User and the Add wlan_user Edit icon.2 Set the User Na

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide133Figure 55 Network > Interface > WLAN > Add (WPA/WPA2 Security) 3 Turn on the w

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide1346.3.3 How to Set Up the Wireless Clients to Use the WLAN InterfaceThe following sections

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide135Figure 58 ZyXEL Wireless Client > Profile3 Select WPA2 as the security type and clic

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide136Figure 60 ZyXEL Wireless Client > Profile: Security Settings5 Confirm your settings a

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide137Figure 63 ZyXEL Wireless Client > Profile: ActivateSince the ZyXEL utility does not

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide138Figure 65 Odyssey Access Client Manager > Profiles > User Info 3 Click the Authent

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide139Figure 67 Odyssey Access Client Manager > Profiles > Authentication 5 Click Netwo

Table of ContentsZyWALL USG 100/200 Series User’s Guide146.3 How to Set Up a WLAN Interface ...

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide140Figure 69 Odyssey Access Client Manager > Networks > Add Use the next section to i

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide1412 Click Import.Figure 71 Internet Explorer: Tools > Internet Options > Content &g

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide142Figure 73 Internet Explorer Certificate Import Wizard Certificate Store Screen5 If you g

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide143Figure 75 Internet Explorer: Trusted Root Certification AuthoritiesAs shown here, the M

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide144Figure 77 Funk Odyssey Access Wireless Client Login Example 6.4 How to Set Up an IPSec

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide145Figure 79 VPN > IPSec VPN > VPN Gateway > Add6.4.2 How to Set Up the VPN Conn

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide146Figure 81 VPN > IPSec VPN > VPN Connection > Add6.4.3 How to Set Up the Policy

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide147and destination address objects here. The next-hop is the VPN connection that you created

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide1486.5 How to Configure User-aware Access ControlYou can configure many policies and securit

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide1492 Enter the name of the group that is used in Table 31 on page 148. In this example, it i

Table of ContentsZyWALL USG 100/200 Series User’s Guide157.2.4 The VPN Status Screen ...

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide150Figure 87 Object > Auth. method > Add4 Click System > WWW. In the Authenticatio

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide1511 Click AppPatrol. If application patrol and bandwidth management are not enabled, enable

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide152Figure 93 AppPatrol > Common > http > Edit Default5 Click the Add icon in the p

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide153Figure 95 Object > Schedule > Add (Recurring)3 Follow the steps in Section 6.5.4

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide154Figure 97 Firewall > LAN1 to DMZ > Edit3 Click the Add icon at the top of the rule

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide155You do not have to change many of the ZyWALL’s settings from the defaults to set up this

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide156Figure 101 Network > Interface > Trunk > WAN_TRUNK > Edit6.7 How to Configu

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide157Figure 102 System > WWW3 In the Zone field select LAN1 and click OK. Figure 103 Sy

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide158Figure 104 System > WWW (First Example Admin Service Rule Configured)5 Set the Zone t

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide159Figure 106 System > WWW (Second Example Admin Service Rule Configured)Now administra

Table of ContentsZyWALL USG 100/200 Series User’s Guide1610.5.6 Interface Wizard: Summary (Non-WAN) ...

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide1606.8.1 How to Turn On the ALGClick Network > ALG. Select Enable H.323 transformations a

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide161Figure 110 Network > Virtual Server > Add6.8.3 How to Set Up a Firewall Rule For

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide162Figure 112 Firewall > Add 4 Configure an address object for the ZyWALL’s 10.0.0.8 WAN

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide163An Ethernet switch connects both ZyWALLs’ lan1 interfaces to LAN1. Whichever ZyWALL is fu

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide1642 Configure 192.168.1.3 as the Management IP and 255.255.255.0 as the Subnet Mask. Click O

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide165Figure 119 Device HA > General: Master ZyWALL Example6.9.3 How to Configure the Bac

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide166Figure 121 Device HA > Active-Passive Mode: Backup ZyWALL Example5 Click the General

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide167Maintenance > File Manager > Configuration File screen to save copies of the ZyWALL

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide168Figure 125 Creating the Address Object for the wan2 Public IP Address 6.10.2 How to Con

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide169The firewall allows traffic from the WAN zone to the DMZ zone by default so your configur

Table of ContentsZyWALL USG 100/200 Series User’s Guide1712.4 Policy Routing Technical Reference ...

Chapter 6 TutorialsZyWALL USG 100/200 Series User’s Guide170

ZyWALL USG 100/200 Series User’s Guide171CHAPTER 7 Status7.1 OverviewUse the Status screens to check status information about the ZyWALL.7.1.1 Wha

Chapter 7 StatusZyWALL USG 100/200 Series User’s Guide172Figure 127 Status The following table describes the labels in this screen. Table 32 Stat

Chapter 7 StatusZyWALL USG 100/200 Series User’s Guide173Current Date/TimeThis field displays the current date and time in the ZyWALL. The format is

Chapter 7 StatusZyWALL USG 100/200 Series User’s Guide174Signature VersionThis field displays the version number, date, and time of the current set of

Chapter 7 StatusZyWALL USG 100/200 Series User’s Guide1757.2.1 The CPU Usage ScreenUse this screen to look at a chart of the ZyWALL’s recent CPU usa

Chapter 7 StatusZyWALL USG 100/200 Series User’s Guide176Figure 128 Status > CPU UsageThe following table describes the labels in this screen. 7

Chapter 7 StatusZyWALL USG 100/200 Series User’s Guide177Figure 129 Status > Memory UsageThe following table describes the labels in this screen

Chapter 7 StatusZyWALL USG 100/200 Series User’s Guide178Figure 130 Status > Session UsageThe following table describes the labels in this screen

Chapter 7 StatusZyWALL USG 100/200 Series User’s Guide179Figure 131 Status > VPN StatusThe following table describes the labels in this screen.

Table of ContentsZyWALL USG 100/200 Series User’s Guide1817.1.2 What You Need to Know About HTTP Redirect ...

Chapter 7 StatusZyWALL USG 100/200 Series User’s Guide180The following table describes the labels in this screen. 7.2.6 The Port Statistics ScreenUse

Chapter 7 StatusZyWALL USG 100/200 Series User’s Guide181The following table describes the labels in this screen. 7.2.7 The Port Statistics Graph Sc

Chapter 7 StatusZyWALL USG 100/200 Series User’s Guide182Figure 134 Status > Port Statistics > Switch to Graphic View The following table de

Chapter 7 StatusZyWALL USG 100/200 Series User’s Guide183Figure 135 Status > Current UsersThe following table describes the labels in this scree

Chapter 7 StatusZyWALL USG 100/200 Series User’s Guide184Cellular System This field displays the type of the network to which the ZyWALL is connected.

ZyWALL USG 100/200 Series User’s Guide185CHAPTER 8 Registration8.1 OverviewUse the Licensing > Registration screens to register your ZyWALL and m

Chapter 8 RegistrationZyWALL USG 100/200 Series User’s Guide186Subscription Services Available on the ZyWALLYou can have the ZyWALL use anti-virus, ID

Chapter 8 RegistrationZyWALL USG 100/200 Series User’s Guide187Figure 137 Licensing > RegistrationThe following table describes the labels in th

Chapter 8 RegistrationZyWALL USG 100/200 Series User’s Guide188" If the ZyWALL is registered already, this screen is read-only and indicates whet

Chapter 8 RegistrationZyWALL USG 100/200 Series User’s Guide1898.3 The Service ScreenUse this screen to display the status of your service registrat

Table of ContentsZyWALL USG 100/200 Series User’s Guide1920.4.1 The VPN Concentrator Add/Edit Screen ...

Chapter 8 RegistrationZyWALL USG 100/200 Series User’s Guide190

ZyWALL USG 100/200 Series User’s Guide191CHAPTER 9 Signature Update9.1 OverviewThis chapter shows you how to update the ZyWALL’s signature packages.

Chapter 9 Signature UpdateZyWALL USG 100/200 Series User’s Guide192Figure 140 Licensing > Update >Anti-Virus The following table describes the

Chapter 9 Signature UpdateZyWALL USG 100/200 Series User’s Guide1939.3 The IDP/AppPatrol Update ScreenClick Licensing > Update > IDP/AppPatrol

Chapter 9 Signature UpdateZyWALL USG 100/200 Series User’s Guide194Figure 142 Downloading IDP SignaturesFigure 143 Successful IDP Signature Downlo

Chapter 9 Signature UpdateZyWALL USG 100/200 Series User’s Guide195Figure 144 Licensing > Update > System Protect The following table describ

Chapter 9 Signature UpdateZyWALL USG 100/200 Series User’s Guide196Figure 145 Downloading System Protect SignaturesFigure 146 Successful System Pr

197PART IINetworkInterface (199)Trunks (269)Policy and Static Routes (277)Routing Protocols (287)Zones (299)DDNS (303)Virtual Servers (309)HTTP

198

ZyWALL USG 100/200 Series User’s Guide199CHAPTER 10 Interface10.1 Interface OverviewUse the Interface screens to configure the ZyWALL’s interfaces.

Table of ContentsZyWALL USG 100/200 Series User’s Guide20Chapter 25L2TP VPN...

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide20010.1.2 What You Need to Know About InterfacesInterface CharacteristicsInterfaces general

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide201Trunks and the auxiliary interface have many characteristics that are specific to each t

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide202* - You cannot set up a PPPoE/PPTP interface, virtual Ethernet interface or virtual VLAN

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide203Figure 147 Network > Interface > Status Each field is described in the following

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide204Status This field displays the current status of each interface. The possible values depe

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide20510.3 The Port Role ScreenTo access this screen, click Network > Interface > Port

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide206Each section in this screen is described below.10.4 The Ethernet Summary ScreenThis scre

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide207Figure 149 Network > Interface > EthernetEach field is described in the followin

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide208" If you create IP address objects based on an interface’s IP address, subnet, or ga

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide209Figure 150 Network > Interface > Ethernet > Edit (Opt)

Table of ContentsZyWALL USG 100/200 Series User’s Guide21Chapter 28Anti-Virus...

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide210Each field is described in the table below. The OPT interface’s Edit > Configuration s

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide211Ingress BandwidthThis is reserved for future use.Enter the maximum amount of traffic, in

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide212More Settings/Less SettingsClick this button to display a greater or lesser number of con

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide213Overwrite Default MAC AddressSelect this option to have the interface use a different MA

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide21410.5 Interface WizardsYou can use the interface wizard (instead of the regular Ethernet

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide215Figure 152 Interface Wizard: OPT Interface First Screen The following table descr

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide216Figure 154 Interface Wizard: Non-WAN OPT Interface Setup The following table descr

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide217Figure 155 Interface Wizard: WAN Interface Zone and IP Address Setup The following

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide218The following table describes the labels in this screen. Table 56 Interface Wizard: WAN

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide21910.5.6 Interface Wizard: Summary (Non-WAN)Use this screen to review the local interface

Table of ContentsZyWALL USG 100/200 Series User’s Guide22Chapter 30 ADP ...

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide220Figure 158 Interface Wizard: Summary WAN (PPTP Shown) The following table describe

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide22110.6 The PPP Interfaces ScreenUse PPP interfaces (PPPoE/PPTP interfaces) to connect to

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide22210.6.1 PPP Interface Edit ScreenThis screen lets you configure new or existing PPPoE/PPT

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide223Figure 161 Network > Interface > PPP > Edit > ConfigurationEach field is e

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide224Description Enter a description of this interface. It is not used elsewhere. You can use

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide225Ingress BandwidthThis is reserved for future use.Enter the maximum amount of traffic, in

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide22610.7 Cellular Configuration Screen (3G)3G (Third Generation) is a digital, packet-switch

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide227" Install (or connect) a compatible 3G card to use a cellular connection. See Chapt

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide22810.7.1 Cellular Add/Edit ScreenTo change your 3G settings, click Network > Interface

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide229The following table describes the labels in this screen.Table 63 Interface > Cellul

Table of ContentsZyWALL USG 100/200 Series User’s Guide2333.2 Before You Begin ...

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide230PIN Code This field displays with a GSM or HSDPA 3G card. A PIN (Personal Identification

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide23110.8 Cellular Status ScreenTo check your 3G connection status, click Network > Inter

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide232The following table describes the labels in this screen.Table 64 Interface > Cellula

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide23310.9 WLAN Interface General ScreenThe following figure provides an example of a wireles

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide234Figure 166 Network > Interface > WLAN The following table describes the general w

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide23510.9.1 WLAN Add/Edit ScreenUse the strongest security that every wireless client in the

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide236• WPA2-PSK and WPA-PSK do not employ user authentication and are known as the personal ve

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide237Figure 167 Network > Interface > WLAN > Add (No Security)

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide238The following table describes the general wireless LAN labels in this screen.Table 67 N

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide239Egress BandwidthEnter the maximum amount of traffic, in kilobits per second, the ZyWALL

Table of ContentsZyWALL USG 100/200 Series User’s Guide2435.4.1 Force User Authentication Policy Add/Edit Screen ...

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide240Lease time Specify how long each computer can use the information (especially the IP addr

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide24110.9.2 WLAN Add/Edit Screen: WEP SecurityWEP provides a mechanism for encrypting data u

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide242Figure 169 Network > Interface > WLAN > Add (WEP Security) The following table

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide243The following table describes the WPA-PSK/WPA2-PSK-related wireless LAN security labels

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide244The following table describes the WPA/WPA2-related wireless LAN security labels. Table 70

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide24510.10 WLAN Interface MAC Filter ScreenThe MAC filter allows you to give specific wirele

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide246If you set the filter to deny access and add the MAC address of a connected device, the Z

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide24710.12 VLAN Interface ScreenA Virtual Local Area Network (VLAN) divides a physical netwo

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide248Figure 176 Example: After VLANEach VLAN is a separate network with separate IP addresse

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide249" Each VLAN interface is created on top of only one Ethernet interface.Otherwise, V

Table of ContentsZyWALL USG 100/200 Series User’s Guide2539.3 Active Directory or LDAP Group Summary Screen ...

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide25010.12.2 Configuring the VLAN Add/Edit ScreenThis screen lets you configure IP address as

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide251Figure 178 Network > Interface > VLAN > EditEach field is explained in the fo

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide252Interface Name This field is read-only if you are editing an existing VLAN interface. Ent

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide253Connectivity Check The interface can regularly check the connection to the gateway you s

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide254IP Pool Start AddressEnter the IP address from which the ZyWALL begins allocating IP addr

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide25510.13 Bridge Interface ScreenA bridge creates a connection between two or more network

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide256Bridge Interface OverviewA bridge interface creates a software bridge between the members

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide25710.13.2 Configuring the Bridge Add/Edit ScreenThis screen lets you configure IP address

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide258Figure 182 Network > Interface > Bridge > Add

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide259Each field is described in the table below.Table 80 Network > Interface > Bridge

Table of ContentsZyWALL USG 100/200 Series User’s Guide26Chapter 43 System ...

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide260Interface ParametersEgress BandwidthEnter the maximum amount of traffic, in kilobits per

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide26110.14 Auxiliary Interface ScreenUse the auxiliary interface as a backup WAN interface o

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide262" You must connect an external modem to use the auxiliary port.The ZyWALL uses the a

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide26310.15 Virtual Interface ScreenUse virtual interfaces to tell the ZyWALL where to route

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide264Like other interfaces, virtual interfaces have an IP address, subnet mask, and gateway us

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide26510.16 Interface Technical ReferenceHere is more detailed information about interfaces o

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide266In the example above, if the ZyWALL gets a packet with a destination address of 5.5.5.5,

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide267In DHCP, every network has at least one DHCP server. When a computer (a DHCP client) joi

Chapter 10 InterfaceZyWALL USG 100/200 Series User’s Guide268WINSWINS (Windows Internet Naming Service) is a Windows implementation of NetBIOS Name Se

ZyWALL USG 100/200 Series User’s Guide269CHAPTER 11 Trunks11.1 OverviewUse trunks for WAN traffic load balancing to increase overall network through

Table of ContentsZyWALL USG 100/200 Series User’s Guide2743.12 Vantage CNM ...

Chapter 11 TrunksZyWALL USG 100/200 Series User’s Guide270• If that interface’s connection goes down, the ZyWALL can still send its traffic through an

Chapter 11 TrunksZyWALL USG 100/200 Series User’s Guide271Least Load First The least load first algorithm uses the current (or recent) outbound bandw

Chapter 11 TrunksZyWALL USG 100/200 Series User’s Guide272Figure 189 Weighted Round Robin Algorithm ExampleSpilloverThe spillover load balancing alg

Chapter 11 TrunksZyWALL USG 100/200 Series User’s Guide273Figure 191 Network > Interface > Trunk The following table describes the items in t

Chapter 11 TrunksZyWALL USG 100/200 Series User’s Guide274Figure 192 Network > Interface > Trunk > EditEach field is described in the table

Chapter 11 TrunksZyWALL USG 100/200 Series User’s Guide27511.3 Trunk Technical ReferenceRound Robin Load Balancing AlgorithmRound Robin scheduling s

Chapter 11 TrunksZyWALL USG 100/200 Series User’s Guide276

ZyWALL USG 100/200 Series User’s Guide277CHAPTER 12 Policy and Static Routes12.1 Policy and Static Routes OverviewUse policy routes and static route

Chapter 12 Policy and Static RoutesZyWALL USG 100/200 Series User’s Guide27812.1.1 What You Can Do in the Policy and Static Route Screens•Use the Pol

Chapter 12 Policy and Static RoutesZyWALL USG 100/200 Series User’s Guide279Policy Routes Versus Static Routes• Policy routes are more flexible than

Table of ContentsZyWALL USG 100/200 Series User’s Guide28Chapter 48Reboot...

Chapter 12 Policy and Static RoutesZyWALL USG 100/200 Series User’s Guide280The following table describes the labels in this screen. Table 89 Netwo

Chapter 12 Policy and Static RoutesZyWALL USG 100/200 Series User’s Guide28112.2.1 Policy Route Edit ScreenClick Network > Routing to open the Po

Chapter 12 Policy and Static RoutesZyWALL USG 100/200 Series User’s Guide282Schedule Select a schedule or select Create Object to configure a new one

Chapter 12 Policy and Static RoutesZyWALL USG 100/200 Series User’s Guide28312.3 IP Static Route ScreenClick Network > Routing > Static Route

Chapter 12 Policy and Static RoutesZyWALL USG 100/200 Series User’s Guide284Figure 196 Network > Routing > Static RouteThe following table des

Chapter 12 Policy and Static RoutesZyWALL USG 100/200 Series User’s Guide28512.4 Policy Routing Technical ReferenceHere is more detailed information

Chapter 12 Policy and Static RoutesZyWALL USG 100/200 Series User’s Guide286Incoming service: Game (UDP: 1234)Trigger service: Game-1 (UDP: 5670-5678)

ZyWALL USG 100/200 Series User’s Guide287CHAPTER 13 Routing Protocols13.1 Routing Protocols OverviewRouting protocols give the ZyWALL routing inform

Chapter 13 Routing ProtocolsZyWALL USG 100/200 Series User’s Guide28813.2 The RIP ScreenRIP (Routing Information Protocol, RFC 1058 and RFC 1389) all

Chapter 13 Routing ProtocolsZyWALL USG 100/200 Series User’s Guide28913.3 The OSPF ScreenOSPF (Open Shortest Path First, RFC 2328) is a link-state p

List of FiguresZyWALL USG 100/200 Series User’s Guide29List of FiguresFigure 1 ZyWALL USG 200 Front Panel ...

Chapter 13 Routing ProtocolsZyWALL USG 100/200 Series User’s Guide290• A normal area is a group of adjacent networks. A normal area has routing inform

Chapter 13 Routing ProtocolsZyWALL USG 100/200 Series User’s Guide291• An Area Border Router (ABR) connects two or more areas. It is a member of all

Chapter 13 Routing ProtocolsZyWALL USG 100/200 Series User’s Guide292Figure 202 OSPF: Virtual LinkIn this example, area 100 does not have a direct c

Chapter 13 Routing ProtocolsZyWALL USG 100/200 Series User’s Guide293The following table describes the labels in this screen. See Section 13.3.2 on p

Chapter 13 Routing ProtocolsZyWALL USG 100/200 Series User’s Guide294Figure 204 Network > Routing > OSPF > EditThe following table describe

Chapter 13 Routing ProtocolsZyWALL USG 100/200 Series User’s Guide29513.4 Routing Protocol Technical ReferenceHere is more detailed information abou

Chapter 13 Routing ProtocolsZyWALL USG 100/200 Series User’s Guide296• The packet’s message-digest is the same as the one the ZyWALL calculates using

Chapter 13 Routing ProtocolsZyWALL USG 100/200 Series User’s Guide297

Chapter 13 Routing ProtocolsZyWALL USG 100/200 Series User’s Guide298

ZyWALL USG 100/200 Series User’s Guide299CHAPTER 14 Zones14.1 Zones OverviewSet up zones to configure network security and network policies in the

About This User's GuideZyWALL USG 100/200 Series User’s Guide3About This User's GuideIntended AudienceThis manual is intended for people w

List of FiguresZyWALL USG 100/200 Series User’s Guide30Figure 39 VPN Advanced Wizard: Step 2 ...

Chapter 14 ZonesZyWALL USG 100/200 Series User’s Guide30014.1.2 What You Need to Know About ZonesEffects of Zones on Different Types of TrafficZones

Chapter 14 ZonesZyWALL USG 100/200 Series User’s Guide301Figure 206 Network > Zone The following table describes the labels in this screen.

Chapter 14 ZonesZyWALL USG 100/200 Series User’s Guide302Member List Available Interface lists the interfaces that do not belong to any zone. The word

ZyWALL USG 100/200 Series User’s Guide303CHAPTER 15 DDNS15.1 DDNS OverviewDynamic DNS (DDNS) services let you use a domain name with a dynamic IP a

Chapter 15 DDNSZyWALL USG 100/200 Series User’s Guide304" Record your DDNS account’s user name, password, and domain name to use to configure the

Chapter 15 DDNSZyWALL USG 100/200 Series User’s Guide30515.2.1 The Dynamic DNS Add/Edit ScreenThe DDNS Add/Edit screen allows you to add a domain na

Chapter 15 DDNSZyWALL USG 100/200 Series User’s Guide306The following table describes the labels in this screen. Table 102 Network > DDNS > Ad

Chapter 15 DDNSZyWALL USG 100/200 Series User’s Guide30715.3 The DDNS Status ScreenThe DDNS Status screen shows the status of the ZyWALL’s DDNS doma

Chapter 15 DDNSZyWALL USG 100/200 Series User’s Guide308Figure 210 Network > DDNS > Status The following table describes the labels in

ZyWALL USG 100/200 Series User’s Guide309CHAPTER 16 Virtual Servers16.1 Virtual Servers OverviewVirtual servers are computers on a private network b

List of FiguresZyWALL USG 100/200 Series User’s Guide31Figure 82 Network > Routing > Policy Route ...

Chapter 16 Virtual ServersZyWALL USG 100/200 Series User’s Guide310Finding Out More• See Section 5.4.19 on page 119 for related information on these s

Chapter 16 Virtual ServersZyWALL USG 100/200 Series User’s Guide31116.2.1 The Virtual Server Add/Edit ScreenThe Virtual Server Add/Edit screen lets

Chapter 16 Virtual ServersZyWALL USG 100/200 Series User’s Guide312Original IP Use the drop-down list box to indicate which destination IP address thi

Chapter 16 Virtual ServersZyWALL USG 100/200 Series User’s Guide31316.3 NAT 1:1 and NAT Loopback ExamplesThe following sections provide examples of

Chapter 16 Virtual ServersZyWALL USG 100/200 Series User’s Guide314NAT 1:1 Address ObjectsFirst create two address objects for the private and public

Chapter 16 Virtual ServersZyWALL USG 100/200 Series User’s Guide315Figure 217 NAT 1:1 Example Virtual ServerThe wan2 interface has a different IP a

Chapter 16 Virtual ServersZyWALL USG 100/200 Series User’s Guide316Figure 219 NAT 1:1 Example Policy RouteClick Network > Routing > Policy Rou

Chapter 16 Virtual ServersZyWALL USG 100/200 Series User’s Guide317Figure 221 Create a Firewall RuleNAT Loopback ExampleThe NAT 1:1 Example on page

Chapter 16 Virtual ServersZyWALL USG 100/200 Series User’s Guide318NAT Loopback Virtual ServerWhen a LAN1 user sends SMTP traffic to IP address 1.1.1.

Chapter 16 Virtual ServersZyWALL USG 100/200 Series User’s Guide319NAT Loopback Policy RouteWithout a NAT loopback policy route, the LAN1 user SMTP t

List of FiguresZyWALL USG 100/200 Series User’s Guide32Figure 125 Creating the Address Object for the wan2 Public IP Address ...

Chapter 16 Virtual ServersZyWALL USG 100/200 Series User’s Guide320Figure 227 Create a Policy RouteNow the LAN1 SMTP server replies to the ZyWALL’s

ZyWALL USG 100/200 Series User’s Guide321CHAPTER 17 HTTP Redirect17.1 OverviewHTTP redirect forwards the client’s HTTP request (except HTTP traffic

Chapter 17 HTTP RedirectZyWALL USG 100/200 Series User’s Guide32217.1.2 What You Need to Know About HTTP RedirectWeb Proxy ServerA proxy server helps

Chapter 17 HTTP RedirectZyWALL USG 100/200 Series User’s Guide323" You can configure up to one HTTP redirect rule for each (incoming) interface.

Chapter 17 HTTP RedirectZyWALL USG 100/200 Series User’s Guide324The following table describes the labels in this screen. Table 107 Network > HTT

ZyWALL USG 100/200 Series User’s Guide325CHAPTER 18 ALG18.1 ALG OverviewApplication Layer Gateway (ALG) allows the following applications to operate

Chapter 18 ALGZyWALL USG 100/200 Series User’s Guide32618.1.2 What You Need to Know About ALGApplication Layer Gateway (ALG), NAT and FirewallThe ZyW

Chapter 18 ALGZyWALL USG 100/200 Series User’s Guide327• The SIP ALG allows UDP packets with a specified port destination to pass through.• The ZyWAL

Chapter 18 ALGZyWALL USG 100/200 Series User’s Guide328For example, you configure firewall and virtual server rules to allow LAN IP address A to recei

Chapter 18 ALGZyWALL USG 100/200 Series User’s Guide329Figure 236 Network > ALG The following table describes the labels in this screen. Table

List of FiguresZyWALL USG 100/200 Series User’s Guide33Figure 168 Network > Interface > Ethernet > Edit > Edit static DHCP table ...

Chapter 18 ALGZyWALL USG 100/200 Series User’s Guide33018.3 ALG Technical ReferenceHere is more detailed information about the Application Layer Gate

Chapter 18 ALGZyWALL USG 100/200 Series User’s Guide331H.323H.323 is a standard teleconferencing protocol suite that provides audio, data and video c

Chapter 18 ALGZyWALL USG 100/200 Series User’s Guide332

333PART IIIFirewallFirewall (335)

334

ZyWALL USG 100/200 Series User’s Guide335CHAPTER 19 Firewall19.1 OverviewUse the firewall to block or allow services that use static port numbers.

Chapter 19 FirewallZyWALL USG 100/200 Series User’s Guide33619.1.2 What You Need to Know About the FirewallStateful InspectionThe ZyWALL has a statef

Chapter 19 FirewallZyWALL USG 100/200 Series User’s Guide337To-ZyWALL Rules Rules with ZyWALL as the To Zone apply to traffic going to the ZyWALL its

Chapter 19 FirewallZyWALL USG 100/200 Series User’s Guide338Firewall and VPN TrafficAfter you create a VPN tunnel and add it to a zone, you can set th

Chapter 19 FirewallZyWALL USG 100/200 Series User’s Guide339• The second row is the firewall’s default policy that allows all traffic from the LAN to

List of FiguresZyWALL USG 100/200 Series User’s Guide34Figure 211 Multiple Servers Behind NAT Example ...

Chapter 19 FirewallZyWALL USG 100/200 Series User’s Guide340• The third row is (still) the firewall’s default policy of allowing all traffic from LAN1

Chapter 19 FirewallZyWALL USG 100/200 Series User’s Guide341Figure 240 Firewall Example: Select the Traveling Direction of Traffic2 Select From WA

Chapter 19 FirewallZyWALL USG 100/200 Series User’s Guide342Figure 243 Firewall Example: Create a Service Object6 Enter the name of the firewall rul

Chapter 19 FirewallZyWALL USG 100/200 Series User’s Guide34319.2 The Firewall ScreenAsymmetrical RoutesIf an alternate gateway on LAN1 has an IP add

Chapter 19 FirewallZyWALL USG 100/200 Series User’s Guide344• Besides configuring the firewall, you also need to configure virtual servers (NAT port f

Chapter 19 FirewallZyWALL USG 100/200 Series User’s Guide345From ZoneTo ZoneThis is the direction of travel of packets. Select from which zone the pa

Chapter 19 FirewallZyWALL USG 100/200 Series User’s Guide34619.2.2 The Firewall Edit ScreenIn the Firewall screen, click the Edit or Add icon to disp

Chapter 19 FirewallZyWALL USG 100/200 Series User’s Guide347Description Enter a descriptive name of up to 60 printable ASCII characters for the firew

Chapter 19 FirewallZyWALL USG 100/200 Series User’s Guide348

349PART IVVPNIPSec VPN (351)SSL VPN (385)SSL User Screens (395)SSL User Application Screens (401)SSL User File Sharing (403)L2TP VPN (409)L2TP V

List of FiguresZyWALL USG 100/200 Series User’s Guide35Figure 254 VPN > IPSec VPN > VPN Gateway ...

350

ZyWALL USG 100/200 Series User’s Guide351CHAPTER 20 IPSec VPN20.1 IPSec VPN OverviewA virtual private network (VPN) provides secure communications b

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide352• Use the VPN Concentrator screens (see Section 20.4 on page 369) to combine several IPSe

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide353You should set up the following features before you set up the VPN tunnel.• In any VPN c

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide354Each field is discussed in the following table. See Section 20.2.2 on page 360 and Sectio

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide35520.2.1 The VPN Connection Add/Edit (IKE) ScreenThe VPN Connection Add/Edit Gateway scre

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide356Figure 252 VPN > IPSec VPN > VPN Connection > Edit (IKE)

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide357Each field is described in the following table. Table 116 VPN > IPSec VPN > VPN

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide358SA Life Time Type the maximum number of seconds the IPSec SA can last. Shorter life time

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide359Related SettingsAdd this VPN connection to IPSec_VPN zone.Select this check box to add t

List of FiguresZyWALL USG 100/200 Series User’s Guide36Figure 297 VPN > L2TP VPN ...

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide36020.2.2 The VPN Connection Add/Edit Manual Key Screen The VPN Connection Add/Edit Manual

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide361Figure 253 VPN > IPSec VPN > VPN Connection > Manual Key > EditThis table

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide362Encapsulation ModeSelect which type of encapsulation the IPSec SA uses. Choices areTunnel

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide36320.3 The VPN Gateway ScreenThe VPN Gateway summary screen displays the IPSec VPN gatewa

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide36420.3.1 The VPN Gateway Add/Edit ScreenThe VPN Gateway Add/Edit screen allows you to crea

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide365Figure 255 VPN > IPSec VPN > VPN Gateway > EditEach field is described in the

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide366Peer Gateway AddressSelect how the IP address of the remote IPSec router in the IKE SA is

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide367Peer ID Type Select which type of identification is used to identify the remote IPSec ro

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide368Encryption Select which key size and encryption algorithm to use in the IKE SA. Choices a

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide36920.4 The VPN Concentrator ScreenA VPN concentrator combines several IPSec VPN connectio

List of FiguresZyWALL USG 100/200 Series User’s Guide37Figure 340 IP Security Policy Properties: IP Filter List ...

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide370Figure 257 VPN > IPSec VPN > ConcentratorEach field is discussed in the following

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide37120.5 The SA Monitor Screen You can use the SA Monitor screen to display and to manage a

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide372Figure 260 VPN > IPSec VPN > SA MonitorEach field is described in the following t

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide37320.6 IPSec VPN Background InformationHere is some more detailed IPSec VPN background in

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide374The ZyWALL sends one or more proposals to the remote IPSec router. (In some devices, you

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide375DH public-key cryptography is based on DH key groups. Each key group is a fixed number o

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide376Router identity consists of ID type and content. The ID type can be domain name, IP addre

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide377Main mode takes six steps to establish an IKE SA.Steps 1 - 2: The ZyWALL sends its propo

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide378Extended AuthenticationExtended authentication is often used when multiple IPSec routers

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide379IPSec SA OverviewOnce the ZyWALL and remote IPSec router have established the IKE SA, th

List of FiguresZyWALL USG 100/200 Series User’s Guide38Figure 383 Anti-X > IDP > Profile > Edit > IDP Service Group ...

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide380These modes are illustrated below.In tunnel mode, the ZyWALL uses the active protocol to

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide381IPSec SA using Manual KeysYou might set up an IPSec SA using manual keys when you want t

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide382Figure 266 VPN Example: NAT for Inbound and Outbound TrafficSource Address in Outbound

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide383You have to specify one or more rules when you set up this kind of NAT. The ZyWALL check

Chapter 20 IPSec VPNZyWALL USG 100/200 Series User’s Guide384

ZyWALL USG 100/200 Series User’s Guide385CHAPTER 21 SSL VPN21.1 OverviewUse SSL VPN to allow users to use a web browser for secure remote user login

Chapter 21 SSL VPNZyWALL USG 100/200 Series User’s Guide386Full Tunnel Mode In full tunnel mode, a virtual connection is created for remote users with

Chapter 21 SSL VPNZyWALL USG 100/200 Series User’s Guide387Finding Out More• See Section 5.4.5 on page 115 for related information on these screens.•

Chapter 21 SSL VPNZyWALL USG 100/200 Series User’s Guide388Figure 270 VPN > SSL VPN > Access Privilege > Add/Edit The following table desc

Chapter 21 SSL VPNZyWALL USG 100/200 Series User’s Guide38921.3 The SSL Connection Monitor Screen The ZyWALL keeps track of the users who are curren

List of FiguresZyWALL USG 100/200 Series User’s Guide39Figure 426 Anti-X > Anti-Spam > Black/White List > White List ...

Chapter 21 SSL VPNZyWALL USG 100/200 Series User’s Guide390• Log out individual users and delete related session information. Once a user logs out, th

Chapter 21 SSL VPNZyWALL USG 100/200 Series User’s Guide391Figure 272 VPN > SSL VPN > Global Setting The following table describes the labels

Chapter 21 SSL VPNZyWALL USG 100/200 Series User’s Guide39221.4.1 How to Upload a Custom LogoFollow the steps below to upload a custom logo to displa

Chapter 21 SSL VPNZyWALL USG 100/200 Series User’s Guide393Figure 274 SSL VPN Client Portal Screen Example If the user account is not set up for SS

Chapter 21 SSL VPNZyWALL USG 100/200 Series User’s Guide394

ZyWALL USG 100/200 Series User’s Guide395CHAPTER 22 SSL User Screens22.1 OverviewThis chapter introduces the remote user SSL VPN screens. The follow

Chapter 22 SSL User ScreensZyWALL USG 100/200 Series User’s Guide396• Firefox 1.0 and above• Mozilla 1.7.3 and above• Sun’s Java (Java Runtime Environ

Chapter 22 SSL User ScreensZyWALL USG 100/200 Series User’s Guide397Figure 277 Login Security Screen 3 A login screen displays. Enter the user na

Chapter 22 SSL User ScreensZyWALL USG 100/200 Series User’s Guide398Figure 280 SecuExtender Progress 7 The Application screen displays showing the

Chapter 22 SSL User ScreensZyWALL USG 100/200 Series User’s Guide399The following table describes the various parts of a remote user screen. 22.4 Bo

About This User's GuideZyWALL USG 100/200 Series User’s Guide4Click the help icon in any screen for help in configuring that screen and supplemen

List of FiguresZyWALL USG 100/200 Series User’s Guide40Figure 469 Object > AAA Server > RADIUS > Group > Add ...

Chapter 22 SSL User ScreensZyWALL USG 100/200 Series User’s Guide400Figure 284 Logout: Connection Termination Progress

ZyWALL USG 100/200 Series User’s Guide401CHAPTER 23 SSL User Application Screens23.1 SSL User Application Screens OverviewUse the Application screen

Chapter 23 SSL User Application ScreensZyWALL USG 100/200 Series User’s Guide402

ZyWALL USG 100/200 Series User’s Guide403CHAPTER 24 SSL User File Sharing24.1 OverviewThe File Sharing screen lets you access files on a file server

Chapter 24 SSL User File SharingZyWALL USG 100/200 Series User’s Guide404Figure 286 File Sharing 24.3 Opening a File or FolderYou can open a file i

Chapter 24 SSL User File SharingZyWALL USG 100/200 Series User’s Guide4054 A list of files/folders displays. Click on a file to open it in a separate

Chapter 24 SSL User File SharingZyWALL USG 100/200 Series User’s Guide406Figure 289 File Sharing: Save a Word File 24.4 Creating a New FolderTo cr

Chapter 24 SSL User File SharingZyWALL USG 100/200 Series User’s Guide407Figure 291 File Sharing: Rename A popup window displays. Specify the new n

Chapter 24 SSL User File SharingZyWALL USG 100/200 Series User’s Guide40824.7 Uploading a FileFollow the steps below to upload a file to the file ser

ZyWALL USG 100/200 Series User’s Guide409CHAPTER 25 L2TP VPN25.1 OverviewL2TP VPN lets remote users use the L2TP and IPSec client software included

List of FiguresZyWALL USG 100/200 Series User’s Guide41Figure 512 SSL Client Authentication ...

Chapter 25 L2TP VPNZyWALL USG 100/200 Series User’s Guide410IPSec Configuration Required for L2TP VPNYou must configure an IPSec VPN connection for L2

Chapter 25 L2TP VPNZyWALL USG 100/200 Series User’s Guide411Finding Out More• See Section 5.4.6 on page 115 for related information on these screens.

Chapter 25 L2TP VPNZyWALL USG 100/200 Series User’s Guide41225.3 L2TP VPN Session Monitor ScreenClick VPN > L2TP VPN > Session Monitor to open

Chapter 25 L2TP VPNZyWALL USG 100/200 Series User’s Guide413Hostname This field displays the name of the computer that has this L2TP VPN connection w

Chapter 25 L2TP VPNZyWALL USG 100/200 Series User’s Guide414

ZyWALL USG 100/200 Series User’s Guide415CHAPTER 26 L2TP VPN ExampleThis chapter shows how to create a basic L2TP VPN tunnel.26.1 L2TP VPN ExampleTh

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide416Figure 300 VPN > IPSec VPN > VPN Gateway > Edit • Configure the My Addr

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide417Figure 302 VPN > IPSec VPN > VPN Connection > Edit 2 Click the Policy

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide41826.4 Configuring the L2TP VPN Settings Example1 Click VPN > L2TP VPN to open t

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide419Figure 305 Routing > Add: L2TP VPN Example2 Configure the following.• Enable

List of FiguresZyWALL USG 100/200 Series User’s Guide42Figure 555 WLAN Card Installation ...

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide4202 Click Next in the Welcome screen.3 Select Connect to the network at my workplace

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide421Figure 308 New Connection Wizard: Connection Name6 Select Do not dial the initi

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide422Figure 310 New Connection Wizard: VPN Server Selection8 Click Finish.9 The Conne

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide423Figure 312 Connect L2TP to ZyWALL: Security11 Select Optional encryption (conne

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide424Figure 314 L2TP to ZyWALL Properties > Security13 Select the Use pre-shared k

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide425Figure 317 Connect L2TP to ZyWALL16 A window appears while the user name and pa

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide4261 Click Start > Run. Type regedit and click OK.Figure 320 Starting the Regist

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide427Figure 323 ProhibitIpSec DWORD Value6 Restart the computer and continue with th

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide428Figure 326 Add > IP Security Policy Management > Finish4 Right-click IP Se

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide429Figure 328 IP Security Policy: Name6 Clear the Activate the default response ru

List of TablesZyWALL USG 100/200 Series User’s Guide43List of TablesTable 1 Front Panel LEDs ...

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide4308 In the properties dialog box, click Add > Next.Figure 331 IP Security Polic

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide431Figure 333 IP Security Policy Properties: Network Type11 Select Use this string

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide432Figure 335 IP Security Policy Properties: IP Filter List13 Type ZyWALL WAN_IP in

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide433Figure 337 Filter Properties: Addressing15 Configure the following in the Filte

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide434Figure 339 IP Security Policy Properties: IP Filter List17 Select Require Secur

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide43526.6.2.3 Configure the Windows 2000 Network ConnectionAfter you have configured

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide436Figure 344 New Connection Wizard: Destination Address4 Select For all users and

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide4376 Click Properties.Figure 347 Connect L2TP to ZyWALL7 Click Security and select

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide438Figure 349 Connect L2TP to ZyWALL: Security > Advanced9 Click Networking and

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide439Figure 351 Connect L2TP to ZyWALL11 A ZyWALL-L2TP icon displays in your system

List of TablesZyWALL USG 100/200 Series User’s Guide44Table 39 Status > Port Statistics > Switch to Graphic View ...

Chapter 26 L2TP VPN ExampleZyWALL USG 100/200 Series User’s Guide440

441PART VApplication PatrolApplication Patrol (443)

442

ZyWALL USG 100/200 Series User’s Guide443CHAPTER 27 Application Patrol27.1 OverviewApplication patrol provides a convenient way to manage the use of

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide44427.1.2 What You Need to Know About Application Patrol" The ZyWALL checks

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide445The application patrol bandwidth management is more flexible and powerful than

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide446• Inbound traffic is limited to 500 kbs. The connection initiator is on LAN1 so

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide447Figure 356 Bandwidth Management BehaviorConfigured Rate EffectIn the followin

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide448Priority and Over Allotment of Bandwidth EffectServer A has a configured rate th

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide449Figure 357 Application Patrol Bandwidth Management Example27.1.3.1 Setting t

List of TablesZyWALL USG 100/200 Series User’s Guide45Table 82 Network > Interface > Bridge > Add ...

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide450Figure 358 SIP Any to WAN Bandwidth Management Example27.1.3.3 SIP WAN to Any

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide451Figure 360 FTP WAN to DMZ Bandwidth Management Example27.1.3.6 FTP LAN to DM

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide452" You must register for the IDP/AppPatrol signature service (at least the t

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide45327.3 Application Patrol ApplicationsUse the application patrol Common, Instant

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide45427.3.1 The Application Patrol Edit ScreenUse this screen to edit the settings f

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide455Service Port This is available if the Classification is Service Ports. You can

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide45627.3.2 The Application Patrol Policy Edit Screen The Application Policy Edit sc

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide457Schedule Select a schedule that defines when the policy applies or select Creat

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide45827.4 The Other Applications ScreenSometimes, the ZyWALL cannot identify the app

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide459Figure 366 AppPatrol > OtherThe following table describes the labels in th

List of TablesZyWALL USG 100/200 Series User’s Guide46Table 125 Objects ...

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide46027.4.1 The Other Applications Add/Edit ScreenThe Other Configuration Add/Edit s

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide461Figure 367 AppPatrol > Other > EditThe following table describes the la

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide46227.5 Application Patrol StatisticsThis screen displays a bandwidth usage graph

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide463Figure 368 AppPatrol > Statistics: General SetupThe following table descri

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide464• Different colors represent different protocols.27.5.3 Application Patrol Sta

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide465Inbound Kbps This is the incoming bandwidth usage for traffic that matched this

Chapter 27 Application PatrolZyWALL USG 100/200 Series User’s Guide466

467PART VIAnti-XAnti-Virus (469)IDP (483)ADP (513)Content Filtering (531)Content Filter Reports (551)Anti-Spam (559)

468

ZyWALL USG 100/200 Series User’s Guide469CHAPTER 28 Anti-Virus28.1 OverviewUse the ZyWALL’s anti-virus feature to protect your connected network fro

List of TablesZyWALL USG 100/200 Series User’s Guide47Table 168 ADP > Profile > Traffic Anomaly ...

Chapter 28 Anti-VirusZyWALL USG 100/200 Series User’s Guide47028.1.2 What You Need to Know About Anti-VirusAnti-Virus EnginesSubscribe to signature f

Chapter 28 Anti-VirusZyWALL USG 100/200 Series User’s Guide471" Since the ZyWALL erases the infected portion of the file before sending it, you

Chapter 28 Anti-VirusZyWALL USG 100/200 Series User’s Guide472Figure 372 Anti-X > Anti-Virus > General The following table describes the label

Chapter 28 Anti-VirusZyWALL USG 100/200 Series User’s Guide47328.2.1 Anti-Virus Policy Add or Edit ScreenClick the Add or Edit icon in the Anti-X &g

Chapter 28 Anti-VirusZyWALL USG 100/200 Series User’s Guide474Figure 373 Anti-X > Anti-Virus > General > Add The following table describes

Chapter 28 Anti-VirusZyWALL USG 100/200 Series User’s Guide47528.3 Anti-Virus Black ListClick Anti-X > Anti-Virus > Black/White List to displa

Chapter 28 Anti-VirusZyWALL USG 100/200 Series User’s Guide476Figure 374 Anti-X > Anti-Virus > Black/White List > Black ListThe following t

Chapter 28 Anti-VirusZyWALL USG 100/200 Series User’s Guide477Figure 375 Anti-X > Anti-Virus > Black/White List > Black List (or White Lis

Chapter 28 Anti-VirusZyWALL USG 100/200 Series User’s Guide478Figure 376 Anti-X > Anti-Virus > Black/White List > White List The following

Chapter 28 Anti-VirusZyWALL USG 100/200 Series User’s Guide479Figure 377 Anti-X > Anti-Virus > Signature: Search by SeverityThe following tab

List of TablesZyWALL USG 100/200 Series User’s Guide48Table 211 Object > AAA Server > Active Directory (or LDAP) > Default ...

Chapter 28 Anti-VirusZyWALL USG 100/200 Series User’s Guide48028.7 Anti-Virus Technical ReferenceTypes of Computer Viruses The following table descri

Chapter 28 Anti-VirusZyWALL USG 100/200 Series User’s Guide481• HAV scanners are slow in stopping virus threats through real-time traffic (such as fr

Chapter 28 Anti-VirusZyWALL USG 100/200 Series User’s Guide482

ZyWALL USG 100/200 Series User’s Guide483CHAPTER 29 IDP29.1 OverviewThis chapter introduces packet inspection IDP (Intrusion, Detection and Prevent

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide484" You can only apply one IDP profile to one traffic flow.Base IDP ProfilesBase IDP profile

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide485Figure 378 Anti-X > IDP > GeneralThe following table describes the screens in this scr

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide48629.2.1 Configuring IDP PoliciesClick Anti-X > IDP > General and then an Add or Edit icon

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide487Figure 379 Anti-X > IDP > General > AddThe following table describes the screens in

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide488Figure 380 Base ProfilesThe following table describes this screen. 29.4 The Profile Summary

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide489Figure 381 Anti-X > IDP > ProfileThe following table describes the fields in this scre

List of TablesZyWALL USG 100/200 Series User’s Guide49Table 254 Maintenance > Log > Log Setting ...

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide4903 Type a new profile name4 Enable or disable individual signatures.5 Edit the default log optio

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide491Figure 382 Anti-X > IDP > Profile > Edit : Group View

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide492The following table describes the fields in this screen. Table 156 Anti-X > IDP > Prof

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide49329.6.2 Policy TypesThis section describes IDP policy types, also known as attack types, as ca

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide49429.6.3 IDP Service GroupsAn IDP service group is a set of related packet inspection signatures

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide495The following figure shows the WEB_PHP service group that contains signatures related to attac

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide496Figure 384 Anti-X > IDP > Profile: Query ViewThe following table describes the fields i

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide49729.6.5 Query ExampleThis example shows a search with these criteria:• Severity: severe and hi

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide498Figure 386 Query Example Search Results29.7 Introducing IDP Custom Signatures Create custom

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide499Figure 387 IP v4 Packet Headers The header fields are discussed below: Table 160 IP v4 Pa

Document ConventionsZyWALL USG 100/200 Series User’s Guide5Document ConventionsWarnings and NotesThese are how warnings and notes are shown in this U

List of TablesZyWALL USG 100/200 Series User’s Guide50Table 297 Device HA Logs ...

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide50029.8 Configuring Custom SignaturesSelect Anti-X > IDP > Custom Signatures. The first scr

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide501The following table describes the fields in this screen. 29.8.1 Creating or Editing a Custom

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide502Figure 389 Anti-X > IDP > Custom Signatures > Add/Edit

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide503The following table describes the fields in this screen. Table 162 Anti-X > IDP > Cust

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide504IP Options IP options is a variable-length list of IP options for a datagram that define IP Sec

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide50529.8.2 Custom Signature ExampleBefore creating a custom signature, you must first clearly und

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide50629.8.2.2 Analyze PacketsThen use a packet sniffer such as TCPdump or Ethereal to investigate s

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide507Figure 393 Example Custom Signature

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide50829.8.3 Applying Custom SignaturesAfter you create your custom signature, it becomes available

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide509Figure 395 Custom Signature Log29.9 IDP Technical ReferenceThis section contains some backg

51PART IGetting StartedIntroducing the ZyWALL (53)Features and Applications (57)Web Configurator (65)Configuration Basics (109)Tutorials (125)Sta

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide510The rule header contains the rule's:• Action•Protocol• Source and destination IP addresses

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide511" Not all Snort functionality is supported in the ZyWALL.

Chapter 29 IDPZyWALL USG 100/200 Series User’s Guide512

ZyWALL USG 100/200 Series User’s Guide513CHAPTER 30 ADP30.1 OverviewThis chapter introduces ADP (Anomaly Detection and Prevention), anomaly profile

Chapter 30 ADPZyWALL USG 100/200 Series User’s Guide514ADP ProfileAn ADP profile is a set of traffic anomaly rules and protocol anomaly rules that you

Chapter 30 ADPZyWALL USG 100/200 Series User’s Guide515The following table describes the screens in this screen. 30.2.1 Configuring ADP PoliciesClic

Chapter 30 ADPZyWALL USG 100/200 Series User’s Guide516The following table describes the screens in this screen. 30.3 The Profile Summary ScreenUse t

Chapter 30 ADPZyWALL USG 100/200 Series User’s Guide517These are the default base profiles at the time of writing. 30.3.2 Configuring The ADP Profil

Chapter 30 ADPZyWALL USG 100/200 Series User’s Guide518ADP profiles consist of traffic anomaly profiles and protocol anomaly profiles. To create a new

Chapter 30 ADPZyWALL USG 100/200 Series User’s Guide519Figure 400 Profiles: Traffic Anomaly

52

Chapter 30 ADPZyWALL USG 100/200 Series User’s Guide520The following table describes the fields in this screen. 30.3.5 Protocol Anomaly Profiles Pro

Chapter 30 ADPZyWALL USG 100/200 Series User’s Guide521Protocol anomaly rules may be updated when you upload new firmware.30.3.6 Protocol Anomaly Co

Chapter 30 ADPZyWALL USG 100/200 Series User’s Guide522Figure 401 Profiles: Protocol Anomaly

Chapter 30 ADPZyWALL USG 100/200 Series User’s Guide523The following table describes the fields in this screen. 30.4 Technical ReferenceThis sectio

Chapter 30 ADPZyWALL USG 100/200 Series User’s Guide524Many connection attempts to different ports (services) may indicate a port scan. These are some

Chapter 30 ADPZyWALL USG 100/200 Series User’s Guide525Flood DetectionFlood attacks saturate a network with useless data, use up all available bandwi

Chapter 30 ADPZyWALL USG 100/200 Series User’s Guide526Figure 403 TCP Three-Way HandshakeA SYN flood attack is when an attacker sends a series of SY

Chapter 30 ADPZyWALL USG 100/200 Series User’s Guide527Protocol Anomaly Background InformationThe following sections may help you configure the proto

Chapter 30 ADPZyWALL USG 100/200 Series User’s Guide528OVERSIZE-CHUNK-ENCODING ATTACKThis rule is an anomaly detector for abnormally large chunk sizes

Chapter 30 ADPZyWALL USG 100/200 Series User’s Guide529TRUNCATED-HEADER ATTACKThis is when a UDP packet is sent which has a UDP datagram length of le

ZyWALL USG 100/200 Series User’s Guide53CHAPTER 1 Introducing the ZyWALLThis chapter gives an overview of the ZyWALL. It explains the front panel por

Chapter 30 ADPZyWALL USG 100/200 Series User’s Guide530

ZyWALL USG 100/200 Series User’s Guide531CHAPTER 31 Content Filtering31.1 OverviewUse the content filtering feature to control access to specific we

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide532The ZyWALL can disable web proxies and block web features such as ActiveX control

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide53331.2 Content Filter General ScreenClick Anti-X > Content Filter > General

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide534Filter Profile This column displays the name of the content filter profile that e

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide53531.3 Content Filter Policy Add or Edit ScreenClick Anti-X > Content Filter &

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide53631.4 Content Filter Profile Screen Click Anti-X > Content Filter > Filter

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide5371 Log into myZyXEL.com and click your device’s link to open it’s Service Managem

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide538Unrated Web Pages Select Block to prevent users from accessing web pages that the

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide539Alcohol/Tobacco Selecting this category excludes pages that promote or offer the

Chapter 1 Introducing the ZyWALLZyWALL USG 100/200 Series User’s Guide54Figure 2 ZyWALL USG 100 Front PanelThe following table describes the LEDs.1.

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide540Alternative Spirituality/OccultSelecting this category excludes pages that promot

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide541Computers/Internet Selecting this category excludes pages that sponsor or provid

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide542Religion Selecting this category excludes pages that promote and provide informat

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide54331.6 Content Filter Customization Screen Click Anti-X > Content Filter >

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide544Figure 409 Anti-X > Content Filter > Filter Profile > Customization Th

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide545Java Java is a programming language and development environment for building dow

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide54631.7 Content Filter Cache ScreenClick Anti-X > Content Filter > Cache to d

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide547Figure 410 Anti-X > Content Filter > Cache The following table describes

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide54831.8 Content Filter Technical ReferenceThis section provides content filtering b

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide5493 Use the Content Filter Cache screen to configure how long a web site address r

Chapter 1 Introducing the ZyWALLZyWALL USG 100/200 Series User’s Guide55Figure 3 Managing the ZyWALL: Web ConfiguratorCommand-Line Interface (CLI)T

Chapter 31 Content FilteringZyWALL USG 100/200 Series User’s Guide550

ZyWALL USG 100/200 Series User’s Guide551CHAPTER 32 Content Filter Reports32.1 OverviewYou can view content filtering reports after you have activat

Chapter 32 Content Filter ReportsZyWALL USG 100/200 Series User’s Guide5523 A welcome screen displays. Click your ZyWALL’s model name and/or MAC addre

Chapter 32 Content Filter ReportsZyWALL USG 100/200 Series User’s Guide5535 Enter your ZyXEL device's MAC address (in lower case) in the Name fi

Chapter 32 Content Filter ReportsZyWALL USG 100/200 Series User’s Guide554Figure 417 Blue Coat: Report Home9 Select a time period in the Date Range

Chapter 32 Content Filter ReportsZyWALL USG 100/200 Series User’s Guide555Figure 418 Global Report Screen Example11 You can click a category in the

Chapter 32 Content Filter ReportsZyWALL USG 100/200 Series User’s Guide556Figure 419 Requested URLs Example32.3 Web Site SubmissionYou may find tha

Chapter 32 Content Filter ReportsZyWALL USG 100/200 Series User’s Guide557Figure 420 Web Page Review Process Screen3 Type the web site’s URL in the

Chapter 32 Content Filter ReportsZyWALL USG 100/200 Series User’s Guide558

ZyWALL USG 100/200 Series User’s Guide559CHAPTER 33 Anti-Spam33.1 OverviewThe anti-spam feature can mark or discard spam (unsolicited commercial or

Chapter 1 Introducing the ZyWALLZyWALL USG 100/200 Series User’s Guide56" It is recommended you use the shutdown command before turning off the Z

Chapter 33 Anti-SpamZyWALL USG 100/200 Series User’s Guide560matches a black list entry as spam and immediately takes the configured action for dealin

Chapter 33 Anti-SpamZyWALL USG 100/200 Series User’s Guide561Figure 421 DNSBL Example1 The ZyWALL checks the e-mail’s header for sender or relay IP

Chapter 33 Anti-SpamZyWALL USG 100/200 Series User’s Guide562Figure 422 Anti-X > Anti-Spam > GeneralThe following table describes the labels i

Chapter 33 Anti-SpamZyWALL USG 100/200 Series User’s Guide56333.3.1 The Anti-Spam Policy Add or Edit ScreenClick the Add or Edit icon in the Anti-X

Chapter 33 Anti-SpamZyWALL USG 100/200 Series User’s Guide564The following table describes the labels in this screen.33.4 The Anti-Spam Black List Sc

Chapter 33 Anti-SpamZyWALL USG 100/200 Series User’s Guide565Figure 424 Anti-X > Anti-Spam > Black/White List > Black ListThe following ta

Chapter 33 Anti-SpamZyWALL USG 100/200 Series User’s Guide566Use this screen to configure an anti-spam black list entry to identify spam e-mail. You c

Chapter 33 Anti-SpamZyWALL USG 100/200 Series User’s Guide56733.4.2 Regular Expressions in Black or White List EntriesThe following applies for a bl

Chapter 33 Anti-SpamZyWALL USG 100/200 Series User’s Guide56833.6 The DNSBL Screen Click Anti-X > Anti-Spam > DNSBL to display the anti-spam DN

Chapter 33 Anti-SpamZyWALL USG 100/200 Series User’s Guide569Figure 427 Anti-X > Anti-Spam > DNSBLThe following table describes the labels in

ZyWALL USG 100/200 Series User’s Guide57CHAPTER 2 Features and ApplicationsThis chapter introduces the main features and applications of the ZyWALL.2

Chapter 33 Anti-SpamZyWALL USG 100/200 Series User’s Guide57033.6.1 The DNSBL Add/Edit ScreenClick the Add or Edit icon in the Anti-X > Anti-Spam

Chapter 33 Anti-SpamZyWALL USG 100/200 Series User’s Guide571The following table describes the labels in this screen. 33.7 The Anti-Spam Status Scre

Chapter 33 Anti-SpamZyWALL USG 100/200 Series User’s Guide572Avg. Response Time (sec)This is the average for how long it takes to receive a reply from

573PART VIIDevice HADevice HA (575)

574

ZyWALL USG 100/200 Series User’s Guide575CHAPTER 34 Device HA34.1 OverviewDevice HA lets a backup ZyWALL (B) automatically take over if a master Zy

Chapter 34 Device HAZyWALL USG 100/200 Series User’s Guide576Management AccessYou can configure a separate management IP address for each interface. Y

Chapter 34 Device HAZyWALL USG 100/200 Series User’s Guide577Figure 431 Device HA > GeneralThe following table describes the labels in this scre

Chapter 34 Device HAZyWALL USG 100/200 Series User’s Guide57834.3 The Active-Passive Mode Screen Virtual RouterThe master and backup ZyWALL form a si

Chapter 34 Device HAZyWALL USG 100/200 Series User’s Guide579Enable monitoring for the same interfaces on the master and backup ZyWALLs. Each monitor

Chapter 2 Features and ApplicationsZyWALL USG 100/200 Series User’s Guide58Intrusion Detection and Prevention (IDP)IDP (Intrusion Detection and Protec

Chapter 34 Device HAZyWALL USG 100/200 Series User’s Guide580Figure 435 Device HA > Active-Passive ModeThe following table describes the labels i

Chapter 34 Device HAZyWALL USG 100/200 Series User’s Guide581Authentication Select the authentication method the virtual router uses. Every interface

Chapter 34 Device HAZyWALL USG 100/200 Series User’s Guide58234.4 Configuring an Active-Passive Mode Monitored InterfaceThe Device HA Active-Passive

Chapter 34 Device HAZyWALL USG 100/200 Series User’s Guide58334.5 The Legacy Mode ScreenVirtual Router Redundancy Protocol (VRRP)Legacy mode device

Chapter 34 Device HAZyWALL USG 100/200 Series User’s Guide584Figure 437 Device HA > Legacy ModeThe following table describes the labels in this s

Chapter 34 Device HAZyWALL USG 100/200 Series User’s Guide58534.7 The Legacy Mode Add/Edit ScreenUse the VRRP Group Add/Edit screen to add or edit V

Chapter 34 Device HAZyWALL USG 100/200 Series User’s Guide586Figure 438 Device HA > Legacy Mode > AddThe following table describes the labels

Chapter 34 Device HAZyWALL USG 100/200 Series User’s Guide58734.8 Device HA Technical ReferenceLegacy Mode ZyWALL VRRP ApplicationIn VRRP, a virtual

Chapter 34 Device HAZyWALL USG 100/200 Series User’s Guide588Figure 439 Example: VRRP, Normal OperationThe VR ID is not shown. In normal operation,

Chapter 34 Device HAZyWALL USG 100/200 Series User’s Guide589• System protect signatures• Certificates (My Certificates, and Trusted Certificates)Syn

Chapter 2 Features and ApplicationsZyWALL USG 100/200 Series User’s Guide59Application PatrolApplication patrol (App. Patrol) manages instant messeng

Chapter 34 Device HAZyWALL USG 100/200 Series User’s Guide590

591PART VIIIObjectsUser/Group (593)Addresses (607)Services (613)Schedules (619)AAA Server (625)Authentication Method (635)Certificates (639)SSL

592

ZyWALL USG 100/200 Series User’s Guide593CHAPTER 35 User/Group35.1 OverviewThis chapter describes how to set up user accounts, user groups, and user

Chapter 35 User/GroupZyWALL USG 100/200 Series User’s Guide594" The default admin account is always authenticated locally, regardless of the auth

Chapter 35 User/GroupZyWALL USG 100/200 Series User’s Guide595" You cannot put access users and admin users in the same user group." You ca

Chapter 35 User/GroupZyWALL USG 100/200 Series User’s Guide596Figure 441 Object > User/GroupThe following table describes the labels in this scre

Chapter 35 User/GroupZyWALL USG 100/200 Series User’s Guide597To access this screen, go to the User screen (see Section 35.2 on page 595), and click

Chapter 35 User/GroupZyWALL USG 100/200 Series User’s Guide59835.3 User Group Summary ScreenUser groups consist of access users and other user groups

Chapter 35 User/GroupZyWALL USG 100/200 Series User’s Guide599Figure 444 User/Group > Group > AddThe following table describes the labels in

Document ConventionsZyWALL USG 100/200 Series User’s Guide6Icons Used in FiguresFigures in this User’s Guide may use the following generic icons. The

Chapter 2 Features and ApplicationsZyWALL USG 100/200 Series User’s Guide602.2.2 Interface to Interface (To/From ZyWALL)To: Ethernet -> VLAN ->

Chapter 35 User/GroupZyWALL USG 100/200 Series User’s Guide600Figure 445 Object > User/Group > SettingThe following table describes the labels

Chapter 35 User/GroupZyWALL USG 100/200 Series User’s Guide601Maximum number per access accountThis field is effective when Limit ... for access acco

Chapter 35 User/GroupZyWALL USG 100/200 Series User’s Guide60235.4.1 Force User Authentication Policy Add/Edit ScreenUse this screen to specify a con

Chapter 35 User/GroupZyWALL USG 100/200 Series User’s Guide603The following table describes the labels in this screen. 35.4.2 User Aware Login Exam

Chapter 35 User/GroupZyWALL USG 100/200 Series User’s Guide604The following table describes the labels in this screen. 35.5 User /Group Technical Re

Chapter 35 User/GroupZyWALL USG 100/200 Series User’s Guide605Creating a Large Number of Ext-User AccountsIf you plan to create a large number of Ext

Chapter 35 User/GroupZyWALL USG 100/200 Series User’s Guide606

ZyWALL USG 100/200 Series User’s Guide607CHAPTER 36 Addresses36.1 OverviewAddress objects can represent a single IP address or a range of IP addres

Chapter 36 AddressesZyWALL USG 100/200 Series User’s Guide608Figure 450 Object > Address > AddressThe following table describes the labels in

Chapter 36 AddressesZyWALL USG 100/200 Series User’s Guide609The following table describes the labels in this screen. 36.3 Address Group Summary Scr

Chapter 2 Features and ApplicationsZyWALL USG 100/200 Series User’s Guide61Figure 4 Applications: VPN Connectivity2.3.2 SSL VPN Network Access You

Chapter 36 AddressesZyWALL USG 100/200 Series User’s Guide610The following table describes the labels in this screen. See Section 36.3.1 on page 610 f

Chapter 36 AddressesZyWALL USG 100/200 Series User’s Guide611Available This field displays the names of the address and address group objects that ca

Chapter 36 AddressesZyWALL USG 100/200 Series User’s Guide612

ZyWALL USG 100/200 Series User’s Guide613CHAPTER 37 Services37.1 OverviewUse service objects to define TCP applications, UDP applications, and ICMP

Chapter 37 ServicesZyWALL USG 100/200 Series User’s Guide614Service Objects and Service GroupsUse service objects to define IP protocols.• TCP applica

Chapter 37 ServicesZyWALL USG 100/200 Series User’s Guide615The following table describes the labels in this screen. 37.2.1 The Service Add/Edit Sc

Chapter 37 ServicesZyWALL USG 100/200 Series User’s Guide61637.3 The Service Group Summary Screen The Service Group summary screen provides a summary

Chapter 37 ServicesZyWALL USG 100/200 Series User’s Guide61737.3.1 The Service Group Add/Edit ScreenThe Service Group Add/Edit screen allows you to

Chapter 37 ServicesZyWALL USG 100/200 Series User’s Guide618

ZyWALL USG 100/200 Series User’s Guide619CHAPTER 38 Schedules38.1 OverviewUse schedules to set up one-time and recurring schedules for policy routes

Chapter 2 Features and ApplicationsZyWALL USG 100/200 Series User’s Guide62Figure 6 Network Access Mode: Full Tunnel Mode 2.3.3 User-Aware Access C

Chapter 38 SchedulesZyWALL USG 100/200 Series User’s Guide62038.2 The Schedule Summary ScreenThe Schedule summary screen provides a summary of all sc

Chapter 38 SchedulesZyWALL USG 100/200 Series User’s Guide62138.2.1 The One-Time Schedule Add/Edit ScreenThe One-Time Schedule Add/Edit screen allow

Chapter 38 SchedulesZyWALL USG 100/200 Series User’s Guide62238.2.2 The Recurring Schedule Add/Edit ScreenThe Recurring Schedule Add/Edit screen allo

Chapter 38 SchedulesZyWALL USG 100/200 Series User’s Guide623Week Days Select each day of the week the recurring schedule is effective.OK Click OK to

Chapter 38 SchedulesZyWALL USG 100/200 Series User’s Guide624

ZyWALL USG 100/200 Series User’s Guide625CHAPTER 39 AAA Server39.1 Overview You can use a AAA (Authentication, Authorization, Accounting) server to

Chapter 39 AAA ServerZyWALL USG 100/200 Series User’s Guide626Figure 462 RADIUS Server Network Example39.1.3 ASASASAS (Authenex Strong Authenticati

Chapter 39 AAA ServerZyWALL USG 100/200 Series User’s Guide627RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protoco

Chapter 39 AAA ServerZyWALL USG 100/200 Series User’s Guide628Bind DN A bind DN is used to authenticate with an LDAP/AD server. For example a bind DN

Chapter 39 AAA ServerZyWALL USG 100/200 Series User’s Guide62939.3 Active Directory or LDAP Group Summary ScreenYou can configure a group of AD or L

Chapter 2 Features and ApplicationsZyWALL USG 100/200 Series User’s Guide63Figure 8 Applications: Multiple WAN Interfaces2.3.5 Device HASet up an

Chapter 39 AAA ServerZyWALL USG 100/200 Series User’s Guide630Figure 466 Object > AAA Server > Active Directory (or LDAP) > Group > Add

Chapter 39 AAA ServerZyWALL USG 100/200 Series User’s Guide63139.4 Configuring a Default RADIUS ServerTo configure the default external RADIUS serve

Chapter 39 AAA ServerZyWALL USG 100/200 Series User’s Guide63239.5 Configuring a Group of RADIUS Servers You can configure a group of RADIUS servers

Chapter 39 AAA ServerZyWALL USG 100/200 Series User’s Guide633The following table describes the labels in this screen. Table 216 Object > AAA Se

Chapter 39 AAA ServerZyWALL USG 100/200 Series User’s Guide634

ZyWALL USG 100/200 Series User’s Guide635CHAPTER 40 Authentication Method40.1 Overview Authentication method objects set how the ZyWALL authenticate

Chapter 40 Authentication MethodZyWALL USG 100/200 Series User’s Guide636Figure 470 Example: Using Authentication Method in VPN 40.2 Viewing Authen

Chapter 40 Authentication MethodZyWALL USG 100/200 Series User’s Guide63740.3 Creating an Authentication Method Object Follow the steps below to cre

Chapter 40 Authentication MethodZyWALL USG 100/200 Series User’s Guide638The following table describes the labels in this screen. Table 218 Object

ZyWALL USG 100/200 Series User’s Guide639CHAPTER 41 Certificates41.1 OverviewThe ZyWALL can use certificates (also called digital IDs) to authentica

Chapter 2 Features and ApplicationsZyWALL USG 100/200 Series User’s Guide64

Chapter 41 CertificatesZyWALL USG 100/200 Series User’s Guide640message, no-one can have altered it (because they cannot re-sign the message with Tim’

Chapter 41 CertificatesZyWALL USG 100/200 Series User’s Guide641• PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses lowercas

Chapter 41 CertificatesZyWALL USG 100/200 Series User’s Guide642Figure 474 Certificate Details 4 Use a secure method to verify that the certificate

Chapter 41 CertificatesZyWALL USG 100/200 Series User’s Guide64341.2.1 The My Certificates Add ScreenClick Object > Certificate > My Certifica

Chapter 41 CertificatesZyWALL USG 100/200 Series User’s Guide644Figure 476 Object > Certificate > My Certificates > AddThe following table

Chapter 41 CertificatesZyWALL USG 100/200 Series User’s Guide645Organization Identify the company or group to which the certificate owner belongs. Yo

Chapter 41 CertificatesZyWALL USG 100/200 Series User’s Guide646If you configured the My Certificate Create screen to have the ZyWALL enroll a certifi

Chapter 41 CertificatesZyWALL USG 100/200 Series User’s Guide647Figure 477 Object > Certificate > My Certificates > Edit The following

Chapter 41 CertificatesZyWALL USG 100/200 Series User’s Guide648Type This field displays general information about the certificate. CA-signed means th

Chapter 41 CertificatesZyWALL USG 100/200 Series User’s Guide64941.2.3 The My Certificates Import Screen Click Object > Certificate > My Certi

ZyWALL USG 100/200 Series User’s Guide65CHAPTER 3 Web ConfiguratorThe ZyWALL web configurator allows easy ZyWALL setup and management using an Intern

Chapter 41 CertificatesZyWALL USG 100/200 Series User’s Guide650The following table describes the labels in this screen. 41.3 The Trusted Certificat

Chapter 41 CertificatesZyWALL USG 100/200 Series User’s Guide65141.3.1 The Trusted Certificates Edit Screen Click Object > Certificate > Trust

Chapter 41 CertificatesZyWALL USG 100/200 Series User’s Guide652Figure 480 Object > Certificate > Trusted Certificates > Edit The following

Chapter 41 CertificatesZyWALL USG 100/200 Series User’s Guide653Refresh Click Refresh to display the certification path.Enable X.509v3 CRL Distributi

Chapter 41 CertificatesZyWALL USG 100/200 Series User’s Guide65441.3.2 The Trusted Certificates Import Screen Click Object > Certificate > Trus

Chapter 41 CertificatesZyWALL USG 100/200 Series User’s Guide655Figure 481 Object > Certificate > Trusted Certificates > ImportThe followi

Chapter 41 CertificatesZyWALL USG 100/200 Series User’s Guide656

ZyWALL USG 100/200 Series User’s Guide657CHAPTER 42 SSL Application42.1 OverviewYou use SSL application objects in SSL VPN. Configure an SSL applica

Chapter 42 SSL ApplicationZyWALL USG 100/200 Series User’s Guide6581 Click Object > SSL Application in the navigation panel. 2 Click the Add button

Chapter 42 SSL ApplicationZyWALL USG 100/200 Series User’s Guide65942.2.1 Creating/Editing a Web-based SSL Application ObjectA web-based application

Chapter 3 Web ConfiguratorZyWALL USG 100/200 Series User’s Guide66Figure 10 Login Screen 3 Type the user name (default: “admin”) and password (defa

Chapter 42 SSL ApplicationZyWALL USG 100/200 Series User’s Guide66042.2.2 Creating/Editing a File Sharing SSL Application ObjectYou can specify the n

Chapter 42 SSL ApplicationZyWALL USG 100/200 Series User’s Guide661" You must then configure the shared folder on the file server for remote acc

Chapter 42 SSL ApplicationZyWALL USG 100/200 Series User’s Guide662

663PART IXSystemSystem (665)

664

ZyWALL USG 100/200 Series User’s Guide665CHAPTER 43 System43.1 OverviewUse the system screens to configure general ZyWALL settings. 43.1.1 What Y

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide666• Vantage CNM (Centralized Network Management) is a browser-based global management tool tha

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide667Figure 487 System > Date and TimeThe following table describes the labels in this scre

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide66843.3.1 Pre-defined NTP Time Servers ListWhen you turn on the ZyWALL for the first time, the

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide669The ZyWALL continues to use the following pre-defined list of NTP time servers if you do no

Chapter 3 Web ConfiguratorZyWALL USG 100/200 Series User’s Guide67Follow the directions in this screen. If you change the default password, the Login

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide67043.4 Console Port SpeedThis section shows you how to set the console port speed when you co

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide67143.5.2 Configuring the DNS ScreenClick System > DNS to change your ZyWALL’s DNS setting

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide672Domain Zone A domain zone is a fully qualified domain name without the host. For example, zy

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide67343.5.3 Address Record An address record contains the mapping of a fully qualified domain n

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide674The following table describes the labels in this screen. 43.5.6 Domain Zone Forwarder A do

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide675The following table describes the labels in this screen. 43.5.8 MX Record A MX (Mail eXcha

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide67643.5.10 Adding a DNS Service Control RuleClick the Add icon in the Service Control table to

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide677Figure 495 Secure and Insecure Service Access From the WAN• See Section 5.6.1 on page 122

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide67843.6.3 HTTPSYou can set the ZyWALL to use HTTP or HTTPS (HTTPS adds security) for web confi

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide67943.6.4 Configuring WWW Click System > WWW to open the WWW screen. Use this screen to sp

Chapter 3 Web ConfiguratorZyWALL USG 100/200 Series User’s Guide68The icons provide the following functions.3.3.2 Navigation PanelUse the menu items

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide680Server Port The HTTPS server listens on port 443 by default. If you change the HTTPS server

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide68143.6.5 Service Control RulesClick Add or Edit in the Service Control table in a WWW, SSH,

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide682The following table describes the labels in this screen. 43.6.6 HTTPS ExampleIf you haven’

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide68343.6.6.2 Netscape Navigator Warning MessagesWhen you attempt to access the ZyWALL HTTPS se

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide684• For the browser to trust a self-signed certificate, import the self-signed certificate int

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide68543.6.6.5.1 Installing the CA’s Certificate1 Double click the CA’s trusted certificate to p

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide686Figure 505 Personal Certificate Import Wizard 12 The file name and path of the certificate

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide687Figure 507 Personal Certificate Import Wizard 34 Have the wizard determine where the cert

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide688Figure 509 Personal Certificate Import Wizard 56 You should see the following screen when

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide689Figure 512 SSL Client Authentication3 You next see the web configurator login screen.Figu

Chapter 3 Web ConfiguratorZyWALL USG 100/200 Series User’s Guide69Interface Status Use this screen to see information about all of the ZyWALL’s inter

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide690Figure 514 SSH Communication Over the WAN Example43.7.1 How SSH WorksThe following figure

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide69143.7.2 SSH Implementation on the ZyWALLYour ZyWALL supports SSH versions 1 and 2 using RSA

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide69243.7.5 Secure Telnet Using SSH ExamplesThis section shows two examples using a command inte

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide69343.7.5.2 Example 2: LinuxThis section describes how to access the ZyWALL using the OpenSSH

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide694Figure 520 System > TelnetThe following table describes the labels in this screen. 43.

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide69543.9.1 Configuring FTPTo change your ZyWALL’s FTP settings, click System > FTP tab. The

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide69643.10 SNMP Simple Network Management Protocol is a protocol used for exchanging management

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide697An agent is a management software module that resides in a managed device (the ZyWALL). An

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide69843.10.3 Configuring SNMP To change your ZyWALL’s SNMP settings, click System > SNMP tab.

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide69943.11 Dial-in ManagementConnect an external serial modem to the AUX port to provide a mana

Safety WarningsZyWALL USG 100/200 Series User’s Guide7Safety Warnings1 For your safety, be sure to read and follow all warning notices and instructio

Chapter 3 Web ConfiguratorZyWALL USG 100/200 Series User’s Guide70AppPatrol General Use this screen to enable or disable traffic management by applica

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide700Figure 524 System > Dial-in Mgmt The following table describes the labels in this scre

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide701Figure 525 System > Vantage CNMThe following table describes the labels in this screen

Chapter 43 SystemZyWALL USG 100/200 Series User’s Guide70243.13 Language Screen Click System > Language to open the following screen. Use this scr

703PART XMaintenance, Troubleshooting, & SpecificationsFile Manager (705)Logs (715)Reports (727)Diagnostics (741)Reboot (743)Troubleshooting

704

ZyWALL USG 100/200 Series User’s Guide705CHAPTER 44 File Manager44.1 OverviewConfiguration files define the ZyWALL’s settings. Shell scripts are fi

Chapter 44 File ManagerZyWALL USG 100/200 Series User’s Guide706 These files have the same syntax, which is also identical to the way you run CLI comm

Chapter 44 File ManagerZyWALL USG 100/200 Series User’s Guide707" “exit” or “!'” must follow sub commands if it is to make the ZyWALL exit

Chapter 44 File ManagerZyWALL USG 100/200 Series User’s Guide708Once your ZyWALL is configured and functioning properly, it is highly recommended that

Chapter 44 File ManagerZyWALL USG 100/200 Series User’s Guide709The following table describes the labels in this screen. Table 249 Maintenance >

Chapter 3 Web ConfiguratorZyWALL USG 100/200 Series User’s Guide71User/Group User Use this screen to create and manage users.Group Use this screen to

Chapter 44 File ManagerZyWALL USG 100/200 Series User’s Guide71044.3 The Firmware Package Screen Click Maintenance > File Manager > Firmware Pa

Chapter 44 File ManagerZyWALL USG 100/200 Series User’s Guide711The ZyWALL’s firmware package cannot go through the ZyWALL when you enable the anti-v

Chapter 44 File ManagerZyWALL USG 100/200 Series User’s Guide712" The ZyWALL automatically reboots after a successful upload.The ZyWALL automatic

Chapter 44 File ManagerZyWALL USG 100/200 Series User’s Guide713Each field is described in the following table. Table 251 Maintenance > File Ma

Chapter 44 File ManagerZyWALL USG 100/200 Series User’s Guide714Browse... Click Browse... to find the .zysh file you want to upload. Upload Click Up

ZyWALL USG 100/200 Series User’s Guide715CHAPTER 45 Logs45.1 OverviewThis chapter provides general information about the ZyWALL’s log feature. See

Chapter 45 LogsZyWALL USG 100/200 Series User’s Guide716Figure 538 Maintenance > Log > View LogEvents that generate an alert (as well as a log

Chapter 45 LogsZyWALL USG 100/200 Series User’s Guide717The Web configurator saves the filter settings if you leave the View Log screen and return to

Chapter 45 LogsZyWALL USG 100/200 Series User’s Guide718The Log Settings Summary screen provides a summary of all the settings. You can use the Log Se

Chapter 45 LogsZyWALL USG 100/200 Series User’s Guide71945.4.2 Edit System Log Settings The Log Settings Edit screen controls the detailed settings

Chapter 3 Web ConfiguratorZyWALL USG 100/200 Series User’s Guide723.3.3 Main WindowThe main window shows the screen you select in the menu. It is dis

Chapter 45 LogsZyWALL USG 100/200 Series User’s Guide720Figure 540 Maintenance > Log > Log Setting > Edit (System Log)

Chapter 45 LogsZyWALL USG 100/200 Series User’s Guide721The following table describes the labels in this screen. Table 255 Maintenance > Log >

Chapter 45 LogsZyWALL USG 100/200 Series User’s Guide72245.4.3 Edit Remote Server Log Settings The Log Settings Edit screen controls the detailed set

Chapter 45 LogsZyWALL USG 100/200 Series User’s Guide723Figure 541 Maintenance > Log > Log Setting > Edit (Remote Server)

Chapter 45 LogsZyWALL USG 100/200 Series User’s Guide724The following table describes the labels in this screen. 45.4.4 Active Log Summary ScreenThe

Chapter 45 LogsZyWALL USG 100/200 Series User’s Guide725Figure 542 Active Log SummaryThis screen provides a different view and a different way of i

Chapter 45 LogsZyWALL USG 100/200 Series User’s Guide726Selection Select what information you want to log from each Log Category (except All Logs; see

ZyWALL USG 100/200 Series User’s Guide727CHAPTER 46 Reports46.1 OverviewThis chapter provides information about the report screens. Use the Report

Chapter 46 ReportsZyWALL USG 100/200 Series User’s Guide728Figure 543 Maintenance > Report > Traffic StatisticsThere is a limit on the number

Chapter 46 ReportsZyWALL USG 100/200 Series User’s Guide729Flush Data Click this button to discard all of the screen’s statistics and update the repo

Chapter 3 Web ConfiguratorZyWALL USG 100/200 Series User’s Guide73Figure 14 Warning Messages Click Refresh Now to update the screen. Close the popu

Chapter 46 ReportsZyWALL USG 100/200 Series User’s Guide730The following table displays the maximum number of records shown in the report, the byte co

Chapter 46 ReportsZyWALL USG 100/200 Series User’s Guide731Figure 544 Maintenance > Report > SessionThe following table describes the labels

Chapter 46 ReportsZyWALL USG 100/200 Series User’s Guide73246.4 The Anti-Virus Report ScreenClick Maintenance > Report > Anti-Virus to display

Chapter 46 ReportsZyWALL USG 100/200 Series User’s Guide733The statistics display as follows when you display the top entries by source.Figure 546

Chapter 46 ReportsZyWALL USG 100/200 Series User’s Guide734Figure 548 Maintenance > Report > IDP: Signature Name The following table describes

Chapter 46 ReportsZyWALL USG 100/200 Series User’s Guide735The statistics display as follows when you display the top entries by source.Figure 549

Chapter 46 ReportsZyWALL USG 100/200 Series User’s Guide736Figure 551 Maintenance > Report > Anti-Spam: Sender IP The following table describe

Chapter 46 ReportsZyWALL USG 100/200 Series User’s Guide73746.7 The Email Daily Report ScreenClick Maintenance > Report > Email Daily Report t

Chapter 46 ReportsZyWALL USG 100/200 Series User’s Guide738Figure 552 Maintenance > Report > Email Daily Report The following table describes

Chapter 46 ReportsZyWALL USG 100/200 Series User’s Guide739Password This box is effective when you select the SMTP Authentication check box. Type the

Chapter 3 Web ConfiguratorZyWALL USG 100/200 Series User’s Guide74Click Refresh Now to update the screen. For example, if you just enabled a particula

Chapter 46 ReportsZyWALL USG 100/200 Series User’s Guide740

ZyWALL USG 100/200 Series User’s Guide741CHAPTER 47 Diagnostics47.1 The Diagnostics ScreenThe Diagnostics screen provides an easy way for you to ge

Chapter 47 DiagnosticsZyWALL USG 100/200 Series User’s Guide742

ZyWALL USG 100/200 Series User’s Guide743CHAPTER 48 Reboot48.1 OverviewUse this to restart the device (for example, if the device begins behaving er

Chapter 48 RebootZyWALL USG 100/200 Series User’s Guide744

ZyWALL USG 100/200 Series User’s Guide745CHAPTER 49 TroubleshootingThis chapter offers some suggestions to solve problems you might encounter. V I ca

Chapter 49 TroubleshootingZyWALL USG 100/200 Series User’s Guide746• If you have the ZyWALL and remote IPSec router use certificates to authenticate e

Chapter 49 TroubleshootingZyWALL USG 100/200 Series User’s Guide747V I changed the LAN IP address and can no longer access the Internet.The ZyWALL au

Chapter 49 TroubleshootingZyWALL USG 100/200 Series User’s Guide74849.1 Resetting the ZyWALLIf you cannot access the ZyWALL by any method, try restar

ZyWALL USG 100/200 Series User’s Guide749CHAPTER 50 Product Specifications50.1 General SpecificationsThe following specifications are subject to cha

ZyWALL USG 100/200 Series User’s Guide75CHAPTER 4 Wizard Setup4.1 Wizard Setup OverviewThe web configurator's setup wizards help you configure

Chapter 50 Product SpecificationsZyWALL USG 100/200 Series User’s Guide7501 It is recommended that you do NOT wall-mount the ZyWALL. A wall-mounting k

Chapter 50 Product SpecificationsZyWALL USG 100/200 Series User’s Guide751USER PROFILESMaximum Local Users 192 128Maximum Admin Users 5 5Maximum User

Chapter 50 Product SpecificationsZyWALL USG 100/200 Series User’s Guide752Admin E-mail Addresses 2 2Syslog Servers 4 4IDPMaximum Number of IDP Profile

Chapter 50 Product SpecificationsZyWALL USG 100/200 Series User’s Guide753The following table, which is not exhaustive, lists standards referenced by

Chapter 50 Product SpecificationsZyWALL USG 100/200 Series User’s Guide75450.2 3G or WLAN PCMCIA Card InstallationOnly insert a compatible 802.11b/g-

Chapter 50 Product SpecificationsZyWALL USG 100/200 Series User’s Guide755POWER CONSUMPTION 20 W MAX. SAFETY STANDARDS UL, CUL (UL 60950-1 FIRST EDIT

Chapter 50 Product SpecificationsZyWALL USG 100/200 Series User’s Guide756

757PART XIAppendices and IndexCommon Services (815)Displaying Anti-Virus Alert Messages in Windows (819)Open Software Announcements (845)Legal Info

758

ZyWALL USG 100/200 Series User’s Guide759APPENDIX A Log DescriptionsThis appendix provides descriptions of example log messages. Table 276 Conte

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide76Figure 16 Wizard Setup Welcome 4.2 Installation Setup, One ISP The wizard screens

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide760%s: Service is unavailableContent filter rating service is temporarily unavailable

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide761Anti-Spam policy %d has been inserted.The anti-spam policy with the specified ind

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide762DNSBL domain %s has been deleted.The specified DNSBL domain name (%s) has been rem

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide763The %s address-object is wrong type for '1st-dns' in SSL Policy %s.The

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide764The SSL VPN policy %s does not configure users or user groups.There are no users o

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide765Failed login attempt to SSLVPN from %s (reach the max. number of simultaneous log

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide766The ZySH logs deal with internal system errors. User %s has been granted an L2TP o

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide767can't get name for entry %d!1st:zysh entry indexcan't get reference cou

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide768Table 283 ADP LogsLOG MESSAGE DESCRIPTIONfrom <zone> to <zone> [type

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide769Reloading Anti-Virus signature reference table has failed.The ZyWALL failed to re

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide77The following table describes the labels in this screen.4.3 Step 1 Internet Access Enc

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide770AV signature update has failed.An anti-virus signatures update failed for unknown

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide771%s, due to decompress malfunction, %s could not be decompressed. Action on file:

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide772 Failed login attempt to ZyWALL from %s (reach the max. number of simultaneous log

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide773Standard service activation has failed:%s.Standard service activation failed, thi

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide774Change Anti-Virus engine type has failed. Because of lack must fields.The device f

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide775IDP signature download has failed.The device still cannot download the IDP signat

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide776System bootup. Do expiration daily-check.The device processes a service expiration

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide777Download file size is wrong.The file size downloaded for AS is not identical with

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide778Custom signature import error: line <line>, sid <sid>, <error_messa

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide779IDP system-protect signature update from version <version> to version <v

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide78Figure 18 Ethernet Encapsulation: Auto: FinishYou have set up your ZyWALL to access th

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide780IDP system-protect signature update failed. Invalid signature content.An IDP syste

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide781Table 288 Application PatrolMESSAGE EXPLANATIONService=%s Mode=%s Rule=%s Acces

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide782 System fatal error: 60011002.The device failed to get the application patrol prot

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide783[SA] : Tunnel [%s] Phase 1 authentication method mismatch%s is the tunnel name. W

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide784Cannot resolve Secure Gateway Addr %s for Tunnel [%s]1st %s is my ip address. 2nd

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide785Tunnel [%s] Sending IKE request%s is the tunnel name. The device sent an IKE requ

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide786 Table 290 IPSec LogsLOG MESSAGE DESCRIPTIONCorrupt packet, Inbound transform o

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide787 Firewall rule %d has been moved to %d.1st %d is the old global index of rule, 2

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide788 To send message to policy route daemon failed!Failed to send control message to p

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide789HTTPS port has been changed to default port.An administrator changed the port num

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide79Figure 19 Ethernet Encapsulation: StaticThe following table describes the labels in t

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide790DHCP Server on Interface %s will be reapplied due to Device HA status is ActiveWhe

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide791 Interface %s ping check is failed. Zone Forwarder removes DNS servers in records

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide792%s is dead at %s A daemon (process) is gone (was killed by the operating system).

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide793DHCP request received via interface %s (%s:%s), src_mac: %s with requested IP: %s

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide794Update the profile %s has failed because of invalid system parameters.Some system

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide795Update the profile %s has failed because WAN interface was link-down.DDNS profile

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide796 DDNS Initialization has failed.Initialize DDNS failed,All DDNS profiles are delet

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide797 Can't get BROADCAST address of %s interfaceThe connectivity check process c

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide798Master firmware version can not be recognized. Stop syncing from Master.Synchroniz

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide799 Device HA authentication string of AH for VRRP group %s maybe wrong.A VRRP group

Safety WarningsZyWALL USG 100/200 Series User’s Guide8

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide80" Enter the Internet access information exactly as given to you by your ISP.WAN Int

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide800Invalid RIP text authentication.RIP text authentication has been set without setti

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide801RIP v2-broadcast on interface %s has been enabled.RIP v2-broadcast on interface %

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide802 Interface %s does not belong to any OSPF area.Interface %s has been set OSPF auth

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide803 Table 300 PKI LogsLOG MESSAGE DESCRIPTIONGenerate X509certifiate "%s"

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide804Import PKCS#7 certificate "%s" into "My Certificate" successfu

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide805 CODE DESCRIPTION1 Algorithm mismatch between the certificate and the search con

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide806AUX Interface disconnecting failed. This AUX interface is not enabled.The AUX inte

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide807Interface %s links down. Default route will not apply until interface %s links up

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide808Interface %s connect failed: Connect timeout.A PPPOE connection timed out due to a

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide809"Incorrect PIN code of interface cellular%d. Please check the PIN code setti

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide814.3.4 PPPoE: Auto IP Address AssignmentIf you select Auto as the IP Address Assignment

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide810Create interface %s has failed. Wlan device does not exist.The wireless device fai

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide811 Table 303 Account LogsLOG MESSAGE DESCRIPTIONAccount %s %s has been deleted.

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide812 Table 306 File Manager LogsLOG MESSAGE DESCRIPTIONERROR:#%s, %s Apply configura

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide813

Appendix A Log DescriptionsZyWALL USG 100/200 Series User’s Guide814

ZyWALL USG 100/200 Series User’s Guide815APPENDIX B Common ServicesThe following table lists some commonly-used services and their associated protoco

Appendix B Common ServicesZyWALL USG 100/200 Series User’s Guide816FTP TCPTCP2021File Transfer Program, a program to enable fast transfer of files, in

Appendix B Common ServicesZyWALL USG 100/200 Series User’s Guide817RTSP TCP/UDP 554 The Real Time Streaming (media control) Protocol (RTSP) is a remo

Appendix B Common ServicesZyWALL USG 100/200 Series User’s Guide818

ZyWALL USG 100/200 Series User’s Guide819APPENDIX C Displaying Anti-Virus AlertMessages in WindowsWith the anti-virus packet scan, when a virus is de

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide82Figure 22 PPPoE Encapsulation: Auto: FinishYou have set up your ZyWALL to access the I

Appendix C Displaying Anti-Virus Alert Messages in WindowsZyWALL USG 100/200 Series User’s Guide820Figure 557 Windows XP: Starting the Messenger Ser

Appendix C Displaying Anti-Virus Alert Messages in WindowsZyWALL USG 100/200 Series User’s Guide821Figure 559 Windows 2000: Starting the Messenger

Appendix C Displaying Anti-Virus Alert Messages in WindowsZyWALL USG 100/200 Series User’s Guide822Figure 562 Windows 98 SE: Task Bar Properties

Appendix C Displaying Anti-Virus Alert Messages in WindowsZyWALL USG 100/200 Series User’s Guide823Figure 564 Windows 98 SE: Startup: Create Shortc

Appendix C Displaying Anti-Virus Alert Messages in WindowsZyWALL USG 100/200 Series User’s Guide824Figure 566 Windows 98 SE: Startup: Shortcut

ZyWALL USG 100/200 Series User’s Guide825APPENDIX D Importing CertificatesThis appendix shows importing certificates examples using Netscape Navigato

Appendix D Importing CertificatesZyWALL USG 100/200 Series User’s Guide826Figure 568 Login Screen2 Click Install Certificate to open the Install Cer

Appendix D Importing CertificatesZyWALL USG 100/200 Series User’s Guide827Figure 570 Certificate Import Wizard 14 Select where you would like to st

Appendix D Importing CertificatesZyWALL USG 100/200 Series User’s Guide828Figure 572 Certificate Import Wizard 36 Click Yes to add the ZyWALL certi

Appendix D Importing CertificatesZyWALL USG 100/200 Series User’s Guide829Figure 574 Certificate General Information after Import

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide83Figure 23 PPPoE Encapsulation: StaticThe following table describes the labels in this

Appendix D Importing CertificatesZyWALL USG 100/200 Series User’s Guide830

ZyWALL USG 100/200 Series User’s Guide831APPENDIX E Wireless LANsWireless LAN TopologiesThis section discusses ad-hoc and infrastructure wireless LAN

Appendix E Wireless LANsZyWALL USG 100/200 Series User’s Guide832Figure 576 Basic Service SetESSAn Extended Service Set (ESS) consists of a series o

Appendix E Wireless LANsZyWALL USG 100/200 Series User’s Guide833Figure 577 Infrastructure WLANChannelA channel is the radio frequency(ies) used by

Appendix E Wireless LANsZyWALL USG 100/200 Series User’s Guide834Figure 578 RTS/CTSWhen station A sends data to the AP, it might not know that the

Appendix E Wireless LANsZyWALL USG 100/200 Series User’s Guide835If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previous

Appendix E Wireless LANsZyWALL USG 100/200 Series User’s Guide836Wireless security methods available on the ZyWALL are data encryption, wireless clien

Appendix E Wireless LANsZyWALL USG 100/200 Series User’s Guide837Determines the network services available to authenticated users once they are conne

Appendix E Wireless LANsZyWALL USG 100/200 Series User’s Guide838For EAP-TLS authentication type, you must first have a wired connection to the networ

Appendix E Wireless LANsZyWALL USG 100/200 Series User’s Guide839Dynamic WEP Key ExchangeThe AP maps a unique key that is generated with the RADIUS s

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide844.3.6 Step 2 Internet Access PPPoE " Enter the Internet access information exactly

Appendix E Wireless LANsZyWALL USG 100/200 Series User’s Guide840Encryption WPA improves data encryption by using Temporal Key Integrity Protocol (TKI

Appendix E Wireless LANsZyWALL USG 100/200 Series User’s Guide841Wireless Client WPA SupplicantsA wireless client supplicant is the software that run

Appendix E Wireless LANsZyWALL USG 100/200 Series User’s Guide8423 The AP and wireless clients generate a common PMK (Pairwise Master Key). The key it

Appendix E Wireless LANsZyWALL USG 100/200 Series User’s Guide843Antenna OverviewAn antenna couples RF signals onto air. A transmitter within a wirel

Appendix E Wireless LANsZyWALL USG 100/200 Series User’s Guide844Positioning AntennasIn general, antennas should be mounted as high as practically pos

ZyWALL USG 100/200 Series User’s Guide845APPENDIX F Open Software AnnouncementsNotice Information herein is subject to change without notice. Compani

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide846" This Product includes Netkit Telnet -0.17 software under the Net

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide847" This Product includes expat-1.95.6 software under the Expat Lic

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide848The above copyright notice and this permission notice shall be included

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide849OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide85Figure 24 PPPoE Encapsulation: Static: FinishYou have set up your ZyWALL to access th

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide850ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBI

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide851" This Product includes bind-9.2.3 software under the Internet So

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide852THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRAN

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide853"Work" shall mean the work of authorship, whether in Source

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide854(d) If the Work includes a "NOTICE" text file as part of its

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide855Version 1.1Copyright (c) 1999-2003 The Apache Software Foundation. All

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide85659 Temple Place, Suite 330, Boston, MA 02111-1307 USAEveryone is permit

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide857When a program is linked with a library, whether statically or using a

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide858Library is not restricted, and output from such a program is covered on

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide8594. You may copy and distribute the Library (or a portion or derivative

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide86Figure 25 PPTP Encapsulation: AutoThe following table describes the labels in this scr

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide860copy of the library already present on the user's computer system,

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide861simultaneously your obligations under this License and any other perti

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide86216. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITI

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide863To protect your rights, we need to make restrictions that forbid anyon

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide864c) If the modified program normally reads commands interactively when r

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide8654. You may not copy, modify, sublicense, or distribute the Program exc

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide86610. If you wish to incorporate parts of the Program into other free pro

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide867Redistributions in binary form must reproduce the above copyright noti

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide868The Public LicenseVersion 2.8, 17 August 2003Redistribution and use of

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide869End-User License Agreement for “ZyWALL USG 100 and ZyWALL USG 200”WARN

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide87The ZyWALL applies the configuration settings. Figure 26 PPTP Encapsulation: Auto: Fi

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide870You acknowledge that the Software contains proprietary trade secrets of

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide871ORDERS, OR OTHER RESTRICTIONS. YOU AGREE TO INDEMNIFY ZyXEL AGAINST A

Appendix F Open Software AnnouncementsZyWALL USG 100/200 Series User’s Guide872

ZyWALL USG 100/200 Series User’s Guide873APPENDIX G Legal InformationCopyrightCopyright © 2008 by ZyXEL Communications Corporation.The contents of th

Appendix G Legal InformationZyWALL USG 100/200 Series User’s Guide874If this device does cause harmful interference to radio/television reception, whi

Appendix G Legal InformationZyWALL USG 100/200 Series User’s Guide875ZyXEL Limited WarrantyZyXEL warrants to the original end user (purchaser) that t

Appendix G Legal InformationZyWALL USG 100/200 Series User’s Guide876

ZyWALL USG 100/200 Series User’s Guide877APPENDIX H Customer SupportIn the event of problems that cannot be solved by using this manual, you should c

Appendix H Customer SupportZyWALL USG 100/200 Series User’s Guide878• Address: 1005F, ShengGao International Tower, No.137 XianXia Rd., Shanghai• Web:

Appendix H Customer SupportZyWALL USG 100/200 Series User’s Guide879Germany• Support E-mail: [email protected]• Sales E-mail: [email protected]• Telephon

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide884.3.8 PPTP: Static IP Address AssignmentIf you select Static as the IP Address Assignme

Appendix H Customer SupportZyWALL USG 100/200 Series User’s Guide880Malaysia• Support E-mail: [email protected]• Sales E-mail: [email protected]•

Appendix H Customer SupportZyWALL USG 100/200 Series User’s Guide881Singapore• Support E-mail: [email protected]• Sales E-mail: [email protected]

Appendix H Customer SupportZyWALL USG 100/200 Series User’s Guide882Turkey• Support E-mail: [email protected]• Telephone: +90 212 222 55 22• Fax: +90-2

IndexZyWALL USG 100/200 Series User’s Guide883IndexNumerics3DES 3743G 1293G see also cellular 226AAAA server 625AD 626and users 594directory service 6

IndexZyWALL USG 100/200 Series User’s Guide884alerts 717, 721, 724, 725anti-spam 564anti-virus 475IDP 492ALG 325, 330and firewall 325, 327and NAT 326a

IndexZyWALL USG 100/200 Series User’s Guide885allowing through the firewall 344vs virtual interfaces 343AT command strings 699authenticationLDAP/AD 62

IndexZyWALL USG 100/200 Series User’s Guide886and FTP 695and HTTPS 678and IKE SA 378and SSH 691and synchronization (device HA) 589and VPN gateways 353

IndexZyWALL USG 100/200 Series User’s Guide887copyright 873CPU usage 173, 175CTS (Clear to Send) 834current date/time 173, 666and schedules 619dayligh

IndexZyWALL USG 100/200 Series User’s Guide888double-encoding 527DTR 699Dynamic Domain Name System. See DDNS.Dynamic Host Configuration Protocol. See

IndexZyWALL USG 100/200 Series User’s Guide889vs application patrol 335, 337firmwareand restart 710boot module. See boot module.current version 172, 7

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide894.3.9 Step 2 Internet Access PPTP " Enter the Internet access information exactly

IndexZyWALL USG 100/200 Series User’s Guide890custom signature example 505custom signatures 498false negatives 489false positives 489inline profile 48

IndexZyWALL USG 100/200 Series User’s Guide891trunks. See also trunks.types 200virtual. See also virtual interfaces.VLAN. See also VLAN interfaces.whe

IndexZyWALL USG 100/200 Series User’s Guide892Default_L2TP_VPN_GW example 415DNS 412example 415, 418IPSec configuration 410policy route 410policy rout

IndexZyWALL USG 100/200 Series User’s Guide893NNAT 285, 3091 to 1 example 313address mapping. See policy routes.ALG. See ALG.and address objects 282an

IndexZyWALL USG 100/200 Series User’s Guide894Pairwise Master Key (PMK) 840, 842payload option 504payload size 505PCMCIA card installation 754Peanut H

IndexZyWALL USG 100/200 Series User’s Guide895RRADIUS 625, 626, 836advantages 625and IKE SA 378and PPPoE 268and users 594message types 837messages 837

IndexZyWALL USG 100/200 Series User’s Guide896and force user authentication policies 603and policy routes 282, 455, 457, 459, 461one-time 619recurring

IndexZyWALL USG 100/200 Series User’s Guide897spam 559specifications 749device 749feature 750hardware 749spillover (for load balancing) 272SQL slammer

IndexZyWALL USG 100/200 Series User’s Guide898SYN flood 526synchronization 576and subscription services 576information synchronized 588password 581, 5

IndexZyWALL USG 100/200 Series User’s Guide899messages 613port numbers 613UDP Decoder 520UDP decoy portscan 524UDP distributed portscan 524UDP flood a

Contents OverviewZyWALL USG 100/200 Series User’s Guide9Contents OverviewGetting Started ...

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide904.3.9.3 WAN IP Address Assignments You do not configure this section if you selected Au

IndexZyWALL USG 100/200 Series User’s Guide900Virtual Private Network. See VPN.virtual router 578Virtual Router ID number (VRID). 584Virtual Router Re

IndexZyWALL USG 100/200 Series User’s Guide901white listanti-spam 564, 566, 567whitelist 567anti-spam 559Wi-Fi Protected Access 839Windows Internet Na

IndexZyWALL USG 100/200 Series User’s Guide902

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide914.4 Device Registration Use this screen to register your ZyWALL with myZXEL.com and

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide92Figure 30 Registration: Registered Device4.5 Installation Setup, Two Internet Service

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide93Figure 31 Internet Access: Step 1: First WAN InterfaceAfter you configure the First W

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide94Figure 33 Internet Access: Finish " You can register your ZyWALL with myZyXEL.com

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide95Figure 34 VPN Wizard: Wizard TypeThe following table describes the labels in this scr

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide96Figure 35 VPN Express Wizard: Step 2 The following table describes the labels in this

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide97Pre-Shared Key: Type the password. Both ends of the VPN tunnel must use the same passwo

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide98Figure 37 VPN Express Wizard: Step 4 The following table describes the labels in this

Chapter 4 Wizard SetupZyWALL USG 100/200 Series User’s Guide99Local Policy: IP address and subnet mask of the computers on the network behind your Zy