ZyXEL Communications Network Card unified security gateway Manuel d'utilisateur

www.zyxel.comwww.zyxel.comZyWALL USG 20/20WUnified Security GatewayCopyright © 2011 ZyXEL Communications CorporationVersion 2.21Edition 4, 4/2011Defau

Contents OverviewZyWALL USG 20/20W User’s Guide10Schedules ...

Chapter 6 Configuration BasicsZyWALL USG 20/20W User’s Guide1005 Specify the IP address of the HTTP proxy server.6 Specify the port number to use for

Chapter 6 Configuration BasicsZyWALL USG 20/20W User’s Guide1011 Create a VoIP service object for UDP port 5060 traffic (Configuration > Object &g

Chapter 6 Configuration BasicsZyWALL USG 20/20W User’s Guide1026.5.16 Bandwidth ManagementUse bandwidth management (BWM) to configure a BWM rule for

Chapter 6 Configuration BasicsZyWALL USG 20/20W User’s Guide1032 Create a schedule for the work day (Configuration > Object > Schedule). 3 Clic

Chapter 6 Configuration BasicsZyWALL USG 20/20W User’s Guide104The following table introduces the objects. You can also use this table when you want t

Chapter 6 Configuration BasicsZyWALL USG 20/20W User’s Guide1056.7 System This section introduces some of the management features in the ZyWALL. Use

Chapter 6 Configuration BasicsZyWALL USG 20/20W User’s Guide1066.7.3 File ManagerUse these screens to upload, download, delete, or run scripts of CLI

ZyWALL USG 20/20W User’s Guide107CHAPTER 7 TutorialsHere are examples of using the Web Configurator to set up features in the ZyWALL.Note: The tutori

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide108•Convert P5 (lan2) into a dmz interface. This dmz interface is used for a protected local network.

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide109Click Configuration > Network > Interface > Ethernet and double-click the wan1 interface

Table of ContentsZyWALL USG 20/20W User’s Guide11Table of ContentsAbout This User's Guide...

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1101 Click Configuration > Network > Interface > Ethernet and double-click the lan2 interfac

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1112 Enter VPN as the name, select WIZ_VPN_Connection and move it to the Member box and click OK.Fi

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1124 Enable the interface and add it to a zone. It is highly recommended that you set the Zone to WAN

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1136 The ZyWALL automatically adds the cellular interface to the system default WAN trunk. If the Zy

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1141 Click Configuration > Network > Interface > Ethernet and double-click the wan1 entry. E

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1152 Name the trunk and set the Load Balancing Algorithm field to Weighted Round Robin. Add wan1 an

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1163 Select the trunk as the default trunk and click Apply. Figure 65 Configuration > Network &g

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide117In this example, the ZyWALL is router X (1.2.3.4), and the remote IPSec router is router Y (2.2.2

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1187.4.2 Set Up the VPN ConnectionThe VPN connection manages the IPSec SA. You have to set up the ad

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1194 Enable the VPN connection and name it (“VPN_CONN_EXAMPLE”). Under VPN Gateway select Site-to-si

Table of ContentsZyWALL USG 20/20W User’s Guide12Chapter 4Installation Setup Wizard ...

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1207.5 How to Configure User-aware Access ControlYou can configure many policies and security settin

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1212 Enter the same user name that is used in the RADIUS server, and set the User Type to ext-user b

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1222 Enter the name of the group that is used in the example in Table 18 on page 120. In this example

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1231 Click Configuration > Object > AAA Server > RADIUS. Double-click the radius entry. Con

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide124Note: The users will have to log in using the Web Configurator login screen before they can use HT

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1251 Click Configuration > Object > AAA Server > RADIUS. Double-click the radius entry. Bes

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1262 Now you add ext-group-user user objects to identify groups based on the group identifier values.

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide127• Select Endpoint must have Personal Firewall installed and move the Kaspersky Internet Security

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide128Repeat as needed to create endpoint security objects for other Windows operating system versions.7

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1294 Turn on authentication policy and click Apply.Figure 79 Configuration > Auth. Policy T

Table of ContentsZyWALL USG 20/20W User’s Guide136.5.1 Feature ...

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide130user access (logging into SSL VPN for example). See Chapter 43 on page 629 for more on service con

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1314 Select the new rule and click the Add icon.Figure 83 Configuration > System > WWW (Firs

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1326 Click Apply.Figure 85 Configuration > System > WWW (Second Example Admin Service Rule Co

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide133for wan1 IP address 10.0.0.8 to a H.323 device located on the LAN and using IP address 192.168.1.

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1341 Use Configuration > Object > Address > Add to create an address object for the public W

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1352 Click Configuration > Network > NAT > Add.Configure a name for the rule (WAN-LAN_H323

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1361 Click Configuration > Firewall > Add.In the From field select WAN.In the To field select L

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1377.10.1 Create the Address ObjectsUse Configuration > Object > Address > Add to create t

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide138• Keep Enable NAT Loopback selected to allow users connected to other interfaces to access the HTT

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1391 Click Configuration > Firewall > Add. Set the From field as WAN and the To field as DMZ.

Table of ContentsZyWALL USG 20/20W User’s Guide147.5 How to Configure User-aware Access Control ...

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide140address 1.1.1.2 that you will use on the wan1 interface and map to the IPPBX’s private IP address

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1417.11.1 Turn On the ALGClick Configuration > Network > ALG. Select Enable SIP ALG and Enabl

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1422 Create a host address object named IPPBX-Public for thepublic WAN IP address 1.1.1.2. Figure 99

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide143•Click OK. Figure 100 Configuration > Network > NAT > Add 7.11.4 Set Up a WAN to DMZ

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1441 Click Configuration > Firewall > Add. Set the From field as WAN and the To field as DMZ. S

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1451 Click Configuration > Firewall > Add. Set the From field as DMZ and the To field as LAN.

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1467.12.2 Configure the Policy RouteNow you need to configure a policy route that has the ZyWALL use

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide147the WLAN interfaces before or after you install the wireless LAN card. This example shows how to

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1482 Edit this screen as follows.A (internal) name for the WLAN interface displays. You can modify it

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide149Figure 106 Configuration > Network > Interface > WLAN > Add

Table of ContentsZyWALL USG 20/20W User’s Guide158.2.3 The Active Sessions Screen ...

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1503 Turn on the wireless LAN and click Apply.Figure 107 Configuration > Network > Interface

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1511 Open the wireless client utility and click Profile.Figure 108 ZyXEL Wireless Client2 Add a ne

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1523 Select WPA2 as the security type and click Next.Figure 110 ZyXEL Wireless Client > Profile:

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1535 Confirm your settings and click Save.Figure 112 ZyXEL Wireless Client > Profile: Save6 Cli

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1547 The ZYXEL_WPA profile displays in your list of profiles. Figure 114 ZyXEL Wireless Client >

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1552 Name the profile (this example uses ZYXEL_WPA). In the User Info tab, configure wlan_user as th

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1564 Click the TTLS tab and select PAP. Then click OK.Figure 118 Odyssey Access Client Manager >

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1576 Enter the name of the wireless network (“ZYXEL_WPA” in this example) or click Scan to look for

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1581 In Internet Explorer, click Tools > Internet Options > Content and click the Certificates

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1593 Use the wizard screens to import the certificate. You may need to change the Files of Type sett

Table of ContentsZyWALL USG 20/20W User’s Guide1611.2 Port Role ...

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1605 If you get a security warning screen, click Yes to proceed. Figure 125 Internet Explorer Certi

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1616 The Internet Explorer Certificates screen remains open after the import is done. You can see th

Chapter 7 TutorialsZyWALL USG 20/20W User’s Guide1627.13.3.4 Wireless Clients Use the WLAN InterfaceA login screen displays when the wireless client

163PART IITechnical Reference

164

ZyWALL USG 20/20W User’s Guide165CHAPTER 8 Dashboard8.1 OverviewUse the Dashboard screens to check status information about the ZyWALL.8.1.1 What Y

Chapter 8 DashboardZyWALL USG 20/20W User’s Guide166interface status in widgets that you can re-arrange to suit your needs. You can also collapse, ref

Chapter 8 DashboardZyWALL USG 20/20W User’s Guide167The following table describes the labels in this screen. ABCDEUSG 20WTable 19 DashboardLABEL D

Chapter 8 DashboardZyWALL USG 20/20W User’s Guide168Device This field displays the name of the device connected to the extension slot (or none if no d

Chapter 8 DashboardZyWALL USG 20/20W User’s Guide169DHCP Table Click this to look at the IP addresses currently assigned to the ZyWALL’s DHCP clients

Table of ContentsZyWALL USG 20/20W User’s Guide17Chapter 14Routing Protocols...

Chapter 8 DashboardZyWALL USG 20/20W User’s Guide170Interface Status SummaryIf an Ethernet interface does not have any physical ports associated with

Chapter 8 DashboardZyWALL USG 20/20W User’s Guide1718.2.1 The CPU Usage ScreenUse this screen to look at a chart of the ZyWALL’s recent CPU usage. T

Chapter 8 DashboardZyWALL USG 20/20W User’s Guide172The following table describes the labels in this screen. 8.2.2 The Memory Usage ScreenUse this s

Chapter 8 DashboardZyWALL USG 20/20W User’s Guide1738.2.3 The Active Sessions ScreenUse this screen to look at a chart of the ZyWALL’s recent traffi

Chapter 8 DashboardZyWALL USG 20/20W User’s Guide1748.2.4 The VPN Status ScreenUse this screen to look at the VPN tunnels that are currently establis

Chapter 8 DashboardZyWALL USG 20/20W User’s Guide175The following table describes the labels in this screen. 8.2.6 The Number of Login Users ScreenU

Chapter 8 DashboardZyWALL USG 20/20W User’s Guide176The following table describes the labels in this screen. Table 25 Dashboard > Number of Login

ZyWALL USG 20/20W User’s Guide177CHAPTER 9 Monitor9.1 OverviewUse the Monitor screens to check status and statistics information.9.1.1 What You Can

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide178•Use the VPN Monitor > IPSec screen (Section 9.12 on page 196) to display and manage active IPSec

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide179The following table describes the labels in this screen. Table 26 Monitor > System Status >

Table of ContentsZyWALL USG 20/20W User’s Guide1818.2.1 The HTTP Redirect Edit Screen ...

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide1809.2.1 The Port Statistics Graph Screen Use this screen to look at a line graph of packet statistics

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide1819.3 Interface Status ScreenThis screen lists all of the ZyWALL’s interfaces and gives packet stati

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide182Port This field displays the physical port number.Status This field displays the current status of e

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide1839.4 The Traffic Statistics ScreenClick Monitor > System Status > Traffic Statistics to displ

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide184You use the Traffic Statistics screen to tell the ZyWALL when to start and when to stop collecting i

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide185Traffic Type Select the type of report to display. Choices are:Host IP Address/User - displays the

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide186The following table displays the maximum number of records shown in the report, the byte count limit

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide187• Number of bytes transmitted (so far)• Duration (so far)You can look at all the active sessions by

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide188User This field displays when View is set to all sessions. Type the user whose sessions you want to

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide1899.6 The DDNS Status ScreenThe DDNS Status screen shows the status of the ZyWALL’s DDNS domain name

Table of ContentsZyWALL USG 20/20W User’s Guide1923.1 IPSec VPN Overview ...

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide190established a session with the ZyWALL. Devices that have never established a session with the ZyWALL

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide191The following table describes the labels in this screen. 9.9 WLAN Status ScreenThe WLAN Status scr

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide1929.10 The following table describes the labels in this menu.Cellular Status ScreenThis screen displa

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide193Status No device - no 3G device is connected to the ZyWALL.No Service - no 3G network is available

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide1949.10.1 More Information This screen displays more information on your 3G, such as the signal stren

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide195The following table describes the labels in this screen.9.11 USB Storage ScreenThis screen display

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide196The following table describes the labels in this screen.9.12 The IPSec Monitor ScreenYou can use th

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide197screen appears. Click a column’s heading cell to sort the table entries by that column’s criteria.

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide1989.12.1 Regular Expressions in Searching IPSec SAsA question mark (?) lets a single character in the

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide199Once a user logs out, the corresponding entry is removed from the Connection Monitor screen. Figure

Table of ContentsZyWALL USG 20/20W User’s Guide2027.6 Uninstalling the ZyWALL SecuExtender ...

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide2009.14 The Content Filter Statistics ScreenClick Monitor > Anti-X Statistics > Content Filter t

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide201Flush Data Click this button to discard all of the screen’s statistics and update the report displa

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide2029.15 Content Filter Cache ScreenClick Monitor > Anti-X Statistics > Content Filter > Cache

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide203The following table describes the labels in this screen. Table 41 Anti-X > Content Filter >

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide2049.16 The Anti-Spam Statistics ScreenClick Monitor > Anti-X Statistics > Anti-Spam to display

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide205Spam Mails This is the number of e-mails that the ZyWALL has determined to be spam.Spam Mails Detec

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide2069.17 The Anti-Spam Status ScreenClick Monitor > Anti-X Statistics > Anti-Spam > Status to

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide2079.18 Log ScreenLog messages are stored in two separate logs, one for regular log messages and one

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide208The following table describes the labels in this screen. Table 44 Monitor > LogLABEL DESCRIPTI

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide209The Web Configurator saves the filter settings if you leave the View Log screen and return to it la

Table of ContentsZyWALL USG 20/20W User’s Guide2131.1 Overview ...

Chapter 9 MonitorZyWALL USG 20/20W User’s Guide210

ZyWALL USG 20/20W User’s Guide211CHAPTER 10 Registration10.1 OverviewUse the Configuration > Licensing > Registration screens to register your

Chapter 10 RegistrationZyWALL USG 20/20W User’s Guide212Subscription Services Available on the ZyWALLYou can have the ZyWALL use and content filtering

Chapter 10 RegistrationZyWALL USG 20/20W User’s Guide213The following table describes the labels in this screen.Table 45 Configuration > Licensi

Chapter 10 RegistrationZyWALL USG 20/20W User’s Guide214Note: If the ZyWALL is registered already, this screen is read-only and indicates whether tria

Chapter 10 RegistrationZyWALL USG 20/20W User’s Guide215The following table describes the labels in this screen. Table 46 Configuration > Licens

Chapter 10 RegistrationZyWALL USG 20/20W User’s Guide216

ZyWALL USG 20/20W User’s Guide217CHAPTER 11 Interfaces11.1 Interface OverviewUse the Interface screens to configure the ZyWALL’s interfaces. You can

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide21811.1.2 What You Need to Know Interface CharacteristicsInterfaces generally have the following c

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide219virtual--have a lot of similar characteristics. These characteristics are listed in the followi

Table of ContentsZyWALL USG 20/20W User’s Guide2235.1 Overview ...

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide220* - You cannot set up a PPP interface, virtual Ethernet interface or virtual VLAN interface if t

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide221ports at the layer-2 (data link, MAC address) level. This provides wire-speed throughput but no

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide22211.3 Ethernet Summary ScreenThis screen lists every Ethernet interface and virtual interface cr

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide223 Each field is described in the following table. 11.3.1 Ethernet Edit The Ethernet Edit scree

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide224• Enable and disable RIP in the underlying physical port or port group.• Select which direction(

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide225Figure 159 Configuration > Network > Interface > Ethernet > Edit (WAN)

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide226Figure 160 Configuration > Network > Interface > Ethernet > Edit (DMZ) This scre

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide227Interface Type This field is read-only.Internal is for connecting to a local network. Other cor

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide228Metric This option appears when Interface Properties is External or General. Enter the priority

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide229Check Port This field only displays when you set the Check Method to tcp. Specify the port numb

Table of ContentsZyWALL USG 20/20W User’s Guide2339.1.2 What You Need to Know ...

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide230First WINS Server, Second WINS Server Type the IP address of the WINS (Windows Internet Naming

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide231V2-Broadcast This field is effective when RIP is enabled. Select this to send RIP-2 packets usi

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide23211.3.2 Object ReferencesWhen a configuration screen includes an Object References icon, select

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide23311.4 PPP Interfaces Use PPPoE/PPTP interfaces to connect to your ISP. This way, you do not hav

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide23411.4.1 PPP Interface SummaryThis screen lists every PPPoE/PPTP interface. To access this screen

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide23511.4.2 PPP Interface Add or Edit Note: You have to set up an ISP account before you create a P

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide236Figure 164 Configuration > Network > Interface > PPP > Add

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide237Each field is explained in the following table.Table 54 Configuration > Network > Inter

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide238IP Address This field is enabled if you select Use Fixed IP Address.Enter the IP address for thi

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide23911.5 Cellular Configuration Screen (3G)3G (Third Generation) is a digital, packet-switched wir

Table of ContentsZyWALL USG 20/20W User’s Guide2443.4.2 Time Server Synchronization ...

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide240Aside from selecting the 3G network, the 3G card may also select an available 2.5G or 2.75G netw

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide241Figure 165 Configuration > Network > Interface > Cellular The following table desc

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide242Figure 166 Configuration > Network > Interface > Cellular > Add

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide243The following table describes the labels in this screen.Table 57 Configuration > Network &

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide244Dial String Enter the dial string if your ISP provides a string, which would include the APN, to

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide245Egress BandwidthEnter the maximum amount of traffic, in kilobits per second, the ZyWALL can sen

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide246Get Automatically Select this option If your ISP did not assign you a fixed IP address. This is

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide247Time Budget Select this and specify the amount of time (in hours) that the 3G connection can be

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide24811.6 WLAN Interface General ScreenThis feature is available for USG 20W only.The following figu

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide249• Every device in a wireless network must use the same SSID.The SSID is the name of the wireles

Table of ContentsZyWALL USG 20/20W User’s Guide2544.2 Email Daily Report ...

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide250The following table describes the labels in this screen. Table 58 Configuration > Network &

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide251QoS Select the Quality of Service priority for this traffic. •If you select WMM (Wi-Fi Multimed

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide25211.6.1 WLAN Add/Edit ScreenUse the strongest security that every wireless client in the wireles

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide253Figure 169 Configuration > Network > Interface > WLAN > Add (No Security)

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide254The following table describes the general wireless LAN labels in this screen.Table 60 Configur

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide255IP Address Enter the IP address for this interface. Subnet Mask Enter the subnet mask of this i

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide256Pool Size Enter the number of IP addresses to allocate. This number must be at least one and is

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide257Direction This field is effective when RIP is enabled. Select the RIP direction from the drop-d

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide25811.6.2 WLAN Add/Edit: WEP SecurityWEP provides a mechanism for encrypting data using encryption

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide259The following table describes the WEP-related wireless LAN security labels. See Table 60 on pag

Table of ContentsZyWALL USG 20/20W User’s Guide2649.1 Overview ...

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide260The following table describes the WPA-PSK/WPA2-PSK-related wireless LAN security labels.11.6.4

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide261Figure 172 Configuration > Network > Interface > WLAN > Add (WPA/WPA2 Security) T

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide26211.7 WLAN Interface MAC Filter This feature is available for USG 20W only.The MAC filter allows

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide263Figure 173 Network > Interface > WLAN > MAC FilterThe following table describes the

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide26411.8 VLAN Interfaces A Virtual Local Area Network (VLAN) divides a physical network into multip

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide265• Traffic inside each VLAN is layer-2 communication (data link layer, MAC addresses). It is han

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide26611.8.1 VLAN Summary ScreenThis screen lists every VLAN interface and virtual interface created

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide26711.8.2 VLAN Add/Edit This screen lets you configure IP address assignment, interface bandwidth

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide268Figure 177 Configuration > Network > Interface > VLAN > Edit

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide269Each field is explained in the following table. Table 66 Configuration > Network > Inte

27PART IUser’s Guide

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide270Metric Enter the priority of the gateway (if any) on this interface. The ZyWALL decides which ga

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide271DHCP Select what type of DHCP service the ZyWALL provides to the network. Choices are:None - th

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide272Lease time Specify how long each computer can use the information (especially the IP address) be

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide273OSPF Setting See Section 14.3 on page 315 for more information about OSPF.Area Select the area

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide27411.9 Bridge Interfaces This section introduces bridges and bridge interfaces and then explains

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide275If computer B responds to computer A, bridge X records the source address 0B:0B:0B:0B:0B:0B and

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide276remove from a bridge interface when the underlying interface is added or removed.11.9.1 Bridge

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide27711.9.2 Bridge Add/Edit This screen lets you configure IP address assignment, interface bandwid

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide278Figure 179 Configuration > Network > Interface > Bridge > Add

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide279Each field is described in the table below.Table 71 Configuration > Network > Interface

28

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide280Gateway This field is enabled if you select Use Fixed IP Address.Enter the IP address of the gat

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide281IP Pool Start AddressEnter the IP address from which the ZyWALL begins allocating IP addresses.

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide28211.9.3 Virtual Interfaces Add/EditThis screen lets you configure IP address assignment and inte

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide283interface, VLAN interface, or bridge interface in the respective interface summary screen.Figur

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide28411.10 Interface Technical ReferenceHere is more detailed information about interfaces on the Zy

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide285because it is a point-to-point interface. For these interfaces, you can only enter the IP addre

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide286If you set the bandwidth restrictions very high, you effectively remove the restrictions.The ZyW

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide287• IP address - If the DHCP client’s MAC address is in the ZyWALL’s static DHCP table, the inter

Chapter 11 InterfacesZyWALL USG 20/20W User’s Guide288PPPoE/PPTP OverviewPoint-to-Point Protocol over Ethernet (PPPoE, RFC 2516) and Point-to-Point Tu

ZyWALL USG 20/20W User’s Guide289CHAPTER 12 Trunks12.1 OverviewUse trunks for WAN traffic load balancing to increase overall network throughput and

ZyWALL USG 20/20W User’s Guide29CHAPTER 1 Introducing the ZyWALLThis chapter gives an overview of the ZyWALL. It explains the front panel ports, LEDs

Chapter 12 TrunksZyWALL USG 20/20W User’s Guide29012.1.2 What You Need to Know• Add WAN interfaces to trunks to have multiple connections share the t

Chapter 12 TrunksZyWALL USG 20/20W User’s Guide291SpilloverThe spillover load balancing algorithm sends network traffic to the first interface in the

Chapter 12 TrunksZyWALL USG 20/20W User’s Guide29212.2 The Trunk Summary ScreenClick Configuration > Network > Interface > Trunk to open the

Chapter 12 TrunksZyWALL USG 20/20W User’s Guide29312.3 Configuring a Trunk Click Configuration > Network > Interface > Trunk and then the A

Chapter 12 TrunksZyWALL USG 20/20W User’s Guide294Each field is described in the table below. Table 77 Configuration > Network > Interface >

Chapter 12 TrunksZyWALL USG 20/20W User’s Guide29512.4 Trunk Technical ReferenceRound Robin Load Balancing AlgorithmRound Robin scheduling services

Chapter 12 TrunksZyWALL USG 20/20W User’s Guide296

ZyWALL USG 20/20W User’s Guide297CHAPTER 13 Policy and Static Routes13.1 Policy and Static Routes OverviewUse policy routes and static routes to ove

Chapter 13 Policy and Static RoutesZyWALL USG 20/20W User’s Guide298•Use the Static Route screens (see Section 13.3 on page 307) to list and configure

Chapter 13 Policy and Static RoutesZyWALL USG 20/20W User’s Guide299• Policy routes are only used within the ZyWALL itself. Static routes can be prop

About This User's GuideZyWALL USG 20/20W User’s Guide3About This User's GuideIntended AudienceThis manual is intended for people who want

Chapter 1 Introducing the ZyWALLZyWALL USG 20/20W User’s Guide301 Screw the two screws provided with your ZyWALL into the wall 150 mm apart (see the f

Chapter 13 Policy and Static RoutesZyWALL USG 20/20W User’s Guide300• See Section 13.4 on page 309 for more background information on policy routing.1

Chapter 13 Policy and Static RoutesZyWALL USG 20/20W User’s Guide301The following table describes the labels in this screen. Table 78 Configuratio

Chapter 13 Policy and Static RoutesZyWALL USG 20/20W User’s Guide302DSCP Code This is the DSCP value of incoming packets to which this policy route ap

Chapter 13 Policy and Static RoutesZyWALL USG 20/20W User’s Guide30313.2.1 Policy Route Edit ScreenClick Configuration > Network > Routing to

Chapter 13 Policy and Static RoutesZyWALL USG 20/20W User’s Guide304Incoming Select where the packets are coming from; any, an interface, a tunnel, an

Chapter 13 Policy and Static RoutesZyWALL USG 20/20W User’s Guide305VPN Tunnel This field displays when you select VPN Tunnel in the Type field. Sele

Chapter 13 Policy and Static RoutesZyWALL USG 20/20W User’s Guide306Source Network Address TranslationSelect none to not use NAT for the route.Select

Chapter 13 Policy and Static RoutesZyWALL USG 20/20W User’s Guide30713.3 IP Static Route ScreenClick Configuration > Network > Routing > St

Chapter 13 Policy and Static RoutesZyWALL USG 20/20W User’s Guide308The following table describes the labels in this screen. 13.3.1 Static Route Add/

Chapter 13 Policy and Static RoutesZyWALL USG 20/20W User’s Guide30913.4 Policy Routing Technical ReferenceHere is more detailed information about s

Chapter 1 Introducing the ZyWALLZyWALL USG 20/20W User’s Guide31The ZyWALL should be wall-mounted horizontally. The ZyWALL's side panels with ve

Chapter 13 Policy and Static RoutesZyWALL USG 20/20W User’s Guide310following twelve DSCP encodings from AF11 through AF43. The decimal equivalent is

Chapter 13 Policy and Static RoutesZyWALL USG 20/20W User’s Guide3113 Computer A and game server 1 are connected to each other until the connection i

Chapter 13 Policy and Static RoutesZyWALL USG 20/20W User’s Guide312

ZyWALL USG 20/20W User’s Guide313CHAPTER 14 Routing Protocols14.1 Routing Protocols OverviewRouting protocols give the ZyWALL routing information ab

Chapter 14 Routing ProtocolsZyWALL USG 20/20W User’s Guide31414.2 The RIP ScreenRIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a de

Chapter 14 Routing ProtocolsZyWALL USG 20/20W User’s Guide315The following table describes the labels in this screen. 14.3 The OSPF ScreenOSPF (Ope

Chapter 14 Routing ProtocolsZyWALL USG 20/20W User’s Guide316System (AS). OSPF offers some advantages over vector-space routing protocols like RIP.• O

Chapter 14 Routing ProtocolsZyWALL USG 20/20W User’s Guide317Each type of area is illustrated in the following figure.Figure 191 OSPF: Types of Are

Chapter 14 Routing ProtocolsZyWALL USG 20/20W User’s Guide318• An Autonomous System Boundary Router (ASBR) exchanges routing information with routers

Chapter 14 Routing ProtocolsZyWALL USG 20/20W User’s Guide319to logically connect the area to the backbone. This is illustrated in the following exam

Chapter 1 Introducing the ZyWALLZyWALL USG 20/20W User’s Guide321.3 Front PanelThis section introduces the ZyWALL’s front panel.Figure 1 ZyWALL Fro

Chapter 14 Routing ProtocolsZyWALL USG 20/20W User’s Guide320Click Configuration > Network > Routing > OSPF to open the following screen.Figu

Chapter 14 Routing ProtocolsZyWALL USG 20/20W User’s Guide321Type Select how OSPF calculates the cost associated with routing information from static

Chapter 14 Routing ProtocolsZyWALL USG 20/20W User’s Guide32214.3.2 OSPF Area Add/Edit Screen The OSPF Area Add/Edit screen allows you to create a ne

Chapter 14 Routing ProtocolsZyWALL USG 20/20W User’s Guide32314.3.3 Virtual Link Add/Edit Screen The Virtual Link Add/Edit screen allows you to crea

Chapter 14 Routing ProtocolsZyWALL USG 20/20W User’s Guide324322) has the Type set to Normal, a Virtual Link table displays. Click either the Add icon

Chapter 14 Routing ProtocolsZyWALL USG 20/20W User’s Guide325Authentication TypesAuthentication is used to guarantee the integrity, but not the confi

Chapter 14 Routing ProtocolsZyWALL USG 20/20W User’s Guide326

ZyWALL USG 20/20W User’s Guide327CHAPTER 15 Zones15.1 Zones OverviewSet up zones to configure network security and network policies in the ZyWALL. A

Chapter 15 ZonesZyWALL USG 20/20W User’s Guide32815.1.2 What You Need to KnowEffects of Zones on Different Types of TrafficZones effectively divide t

Chapter 15 ZonesZyWALL USG 20/20W User’s Guide32915.2 The Zone ScreenThe Zone screen provides a summary of all zones. In addition, this screen allow

Chapter 1 Introducing the ZyWALLZyWALL USG 20/20W User’s Guide331.4 Management OverviewYou can use the following ways to manage the ZyWALL.Web Confi

Chapter 15 ZonesZyWALL USG 20/20W User’s Guide33015.3 Zone Edit The Zone Edit screen allows you to add or edit a zone. To access this screen, go to t

ZyWALL USG 20/20W User’s Guide331CHAPTER 16 DDNS16.1 DDNS OverviewDynamic DNS (DDNS) services let you use a domain name with a dynamic IP address.16

Chapter 16 DDNSZyWALL USG 20/20W User’s Guide332Note: Record your DDNS account’s user name, password, and domain name to use to configure the ZyWALL.A

Chapter 16 DDNSZyWALL USG 20/20W User’s Guide333Primary Interface/IPThis field displays the interface to use for updating the IP address mapped to th

Chapter 16 DDNSZyWALL USG 20/20W User’s Guide33416.2.1 The Dynamic DNS Add/Edit ScreenThe DDNS Add/Edit screen allows you to add a domain name to the

Chapter 16 DDNSZyWALL USG 20/20W User’s Guide335Username Type the user name used when you registered your domain name. You can use up to 31 alphanume

Chapter 16 DDNSZyWALL USG 20/20W User’s Guide336IP Address The options available in this field vary by DDNS provider.Interface -The ZyWALL uses the IP

ZyWALL USG 20/20W User’s Guide337CHAPTER 17 NAT17.1 NAT OverviewNAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP addre

Chapter 17 NATZyWALL USG 20/20W User’s Guide33817.1.2 What You Need to KnowNAT is also known as virtual server, port forwarding, or port translation.

Chapter 17 NATZyWALL USG 20/20W User’s Guide339Remove To remove an entry, select it and click Remove. The ZyWALL confirms you want to remove it befor

Chapter 1 Introducing the ZyWALLZyWALL USG 20/20W User’s Guide34console port. See the Command Reference Guide for more information about the CLI.Conso

Chapter 17 NATZyWALL USG 20/20W User’s Guide34017.2.1 The NAT Add/Edit ScreenThe NAT Add/Edit screen lets you create new NAT rules and edit existing

Chapter 17 NATZyWALL USG 20/20W User’s Guide341Classification Select what kind of NAT this rule is to perform.Virtual Server - This makes computers o

Chapter 17 NATZyWALL USG 20/20W User’s Guide342Mapped IP Subnet/RangeThis field displays for Many 1:1 NAT. Select to which translated destination IP a

Chapter 17 NATZyWALL USG 20/20W User’s Guide34317.3 NAT Technical ReferenceHere is more detailed information about NAT on the ZyWALL.NAT LoopbackSup

Chapter 17 NATZyWALL USG 20/20W User’s Guide344For example, a LAN user’s computer at IP address 192.168.1.89 queries a public DNS server to resolve th

Chapter 17 NATZyWALL USG 20/20W User’s Guide345SMTP server replied directly to the LAN user without the traffic going through NAT, the source would n

Chapter 17 NATZyWALL USG 20/20W User’s Guide346

ZyWALL USG 20/20W User’s Guide347CHAPTER 18 HTTP Redirect18.1 OverviewHTTP redirect forwards the client’s HTTP request (except HTTP traffic destined

Chapter 18 HTTP RedirectZyWALL USG 20/20W User’s Guide34818.1.2 What You Need to KnowWeb Proxy ServerA proxy server helps client devices make indirec

Chapter 18 HTTP RedirectZyWALL USG 20/20W User’s Guide349Finding Out MoreSee Section 6.5.10 on page 99 for related information on these screens.18.2

Chapter 1 Introducing the ZyWALLZyWALL USG 20/20W User’s Guide35The ZyWALL does not stop or start the system processes when you apply configuration f

Chapter 18 HTTP RedirectZyWALL USG 20/20W User’s Guide35018.2.1 The HTTP Redirect Edit ScreenClick Network > HTTP Redirect to open the HTTP Redire

ZyWALL USG 20/20W User’s Guide351CHAPTER 19 ALG19.1 ALG OverviewApplication Layer Gateway (ALG) allows the following applications to operate properl

Chapter 19 ALGZyWALL USG 20/20W User’s Guide35219.1.2 What You Need to KnowApplication Layer Gateway (ALG), NAT and FirewallThe ZyWALL can function a

Chapter 19 ALGZyWALL USG 20/20W User’s Guide353• There should be only one SIP server (total) on the ZyWALL’s private networks. Any other SIP servers

Chapter 19 ALGZyWALL USG 20/20W User’s Guide354can receive incoming calls from the Internet, LAN IP addresses B and C can still make calls out to the

Chapter 19 ALGZyWALL USG 20/20W User’s Guide355• See Section 19.3 on page 357 for ALG background/technical information.19.1.3 Before You BeginYou mu

Chapter 19 ALGZyWALL USG 20/20W User’s Guide356Enable Configure SIP Inactivity TimeoutSelect this option to have the ZyWALL apply SIP media and signal

Chapter 19 ALGZyWALL USG 20/20W User’s Guide35719.3 ALG Technical ReferenceHere is more detailed information about the Application Layer Gateway.ALG

Chapter 19 ALGZyWALL USG 20/20W User’s Guide358commands from a system running an FTP client. The service allows users to send commands to the server f

ZyWALL USG 20/20W User’s Guide359CHAPTER 20 IP/MAC Binding20.1 IP/MAC Binding OverviewIP address to MAC address binding helps ensure that only the i

Chapter 1 Introducing the ZyWALLZyWALL USG 20/20W User’s Guide36

Chapter 20 IP/MAC BindingZyWALL USG 20/20W User’s Guide36020.1.2 What You Need to KnowDHCPIP/MAC address bindings are based on the ZyWALL’s dynamic a

Chapter 20 IP/MAC BindingZyWALL USG 20/20W User’s Guide36120.2.1 IP/MAC Binding EditClick Configuration > Network > IP/MAC Binding > Edit t

Chapter 20 IP/MAC BindingZyWALL USG 20/20W User’s Guide36220.2.2 Static DHCP EditClick Configuration > Network > IP/MAC Binding > Edit to op

Chapter 20 IP/MAC BindingZyWALL USG 20/20W User’s Guide36320.3 IP/MAC Binding Exempt ListClick Configuration > Network > IP/MAC Binding > E

Chapter 20 IP/MAC BindingZyWALL USG 20/20W User’s Guide364

ZyWALL USG 20/20W User’s Guide365CHAPTER 21 Authentication Policy21.1 Overview Use authentication policies to control who can access the network. Yo

Chapter 21 Authentication PolicyZyWALL USG 20/20W User’s Guide36621.1.2 What You Need to KnowAuthentication Policy and VPNAuthentication policies are

Chapter 21 Authentication PolicyZyWALL USG 20/20W User’s Guide367Click Configuration > Auth. Policy to display the screen. Figure 222 Configurat

Chapter 21 Authentication PolicyZyWALL USG 20/20W User’s Guide368The following table gives an overview of the objects you can configure. Table 103

Chapter 21 Authentication PolicyZyWALL USG 20/20W User’s Guide36921.2.1 Creating/Editing an Authentication PolicyClick Configuration > Auth. Poli

ZyWALL USG 20/20W User’s Guide37CHAPTER 2 Features and ApplicationsThis chapter introduces the main features and applications of the ZyWALL.2.1 Feat

Chapter 21 Authentication PolicyZyWALL USG 20/20W User’s Guide370Figure 224 Configuration > Auth. Policy > Add The following table gives an o

Chapter 21 Authentication PolicyZyWALL USG 20/20W User’s Guide371Schedule Select a schedule that defines when the policy applies. Otherwise, select n

Chapter 21 Authentication PolicyZyWALL USG 20/20W User’s Guide372

ZyWALL USG 20/20W User’s Guide373CHAPTER 22 Firewall22.1 OverviewUse the firewall to block or allow services that use static port numbers. The firew

Chapter 22 FirewallZyWALL USG 20/20W User’s Guide37422.1.2 What You Need to KnowStateful InspectionThe ZyWALL has a stateful inspection firewall. The

Chapter 22 FirewallZyWALL USG 20/20W User’s Guide375To-ZyWALL Rules Rules with ZyWALL as the To Zone apply to traffic going to the ZyWALL itself. By

Chapter 22 FirewallZyWALL USG 20/20W User’s Guide376Firewall and VPN TrafficAfter you create a VPN tunnel and add it to a zone, you can set the firewa

Chapter 22 FirewallZyWALL USG 20/20W User’s Guide377the firewall rule to always be in effect. The following figure shows the results of this rule.Fig

Chapter 22 FirewallZyWALL USG 20/20W User’s Guide378Now you configure a LAN1 to WAN firewall rule that allows IRC traffic from the IP address of the C

Chapter 22 FirewallZyWALL USG 20/20W User’s Guide379• The first row allows any LAN1 computer to access the IRC service on the WAN by logging into the

Chapter 2 Features and ApplicationsZyWALL USG 20/20W User’s Guide38FirewallThe ZyWALL’s firewall is a stateful inspection firewall. The ZyWALL restric

Chapter 22 FirewallZyWALL USG 20/20W User’s Guide3805 The screen for configuring a service object opens. Configure it as follows and click OK.Figure 2

Chapter 22 FirewallZyWALL USG 20/20W User’s Guide3819 The firewall rule appears in the firewall rule summary.Figure 232 Firewall Example: Doom Rule

Chapter 22 FirewallZyWALL USG 20/20W User’s Guide3824 The ZyWALL then sends it to the computer on the LAN1 in Subnet 1. Figure 233 Using Virtual Int

Chapter 22 FirewallZyWALL USG 20/20W User’s Guide383• The ordering of your rules is very important as rules are applied in sequence.Figure 234 Conf

Chapter 22 FirewallZyWALL USG 20/20W User’s Guide384From Zone / To ZoneThis is the direction of travel of packets. Select from which zone the packets

Chapter 22 FirewallZyWALL USG 20/20W User’s Guide38522.2.2 The Firewall Add/Edit ScreenIn the Firewall screen, click the Edit or Add icon to display

Chapter 22 FirewallZyWALL USG 20/20W User’s Guide38622.3 The Session Limit ScreenClick Configuration > Firewall > Session Limit to display the

Chapter 22 FirewallZyWALL USG 20/20W User’s Guide387individual limits for specific users, addresses, or both. The individual limit takes priority if

Chapter 22 FirewallZyWALL USG 20/20W User’s Guide38822.3.1 The Session Limit Add/Edit ScreenClick Configuration > Firewall > Session Limit and

Chapter 22 FirewallZyWALL USG 20/20W User’s Guide389User Select a user name or user group to which to apply the rule. The rule is activated only when

Chapter 2 Features and ApplicationsZyWALL USG 20/20W User’s Guide392.2 ApplicationsThese are some example applications for your ZyWALL. See also Cha

Chapter 22 FirewallZyWALL USG 20/20W User’s Guide390

ZyWALL USG 20/20W User’s Guide391CHAPTER 23 IPSec VPN23.1 IPSec VPN OverviewA virtual private network (VPN) provides secure communications between s

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide392•Use the VPN Gateway screens (see Section 23.2.1 on page 396) to manage the ZyWALL’s VPN gateway

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide393Application ScenariosThe ZyWALL’s application scenarios make it easier to configure your VPN con

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide394• See Section 23.4 on page 415 for IPSec VPN background information.• See Section 5.4 on page 76

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide395SA). Click a column’s heading cell to sort the table entries by that column’s criteria. Click th

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide39623.2.1 The VPN Connection Add/Edit (IKE) ScreenThe VPN Connection Add/Edit Gateway screen allows

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide397Figure 241 Configuration > VPN > IPSec VPN > VPN Connection > Edit (IKE)

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide398Each field is described in the following table. Table 115 Configuration > VPN > IPSec VP

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide399Manual Key Select this option to configure a VPN connection policy that uses a manual key instea

About This User's GuideZyWALL USG 20/20W User’s Guide4• Web Configurator Online HelpClick the help icon in any screen for help in configuring tha

Chapter 2 Features and ApplicationsZyWALL USG 20/20W User’s Guide402.2.2.1 Full Tunnel Mode In full tunnel mode, a virtual connection is created for

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide400Remove Select an entry and click this to delete it. # This field is a sequential value, and it is

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide401Check Method Select how the ZyWALL checks the connection. The peer must be configured to respond

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide402Inbound TrafficSource NAT This translation hides the source address of computers in the remote ne

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide40323.2.2 The VPN Connection Add/Edit Manual Key Screen The VPN Connection Add/Edit Manual Key scr

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide404Secure Gateway AddressType the IP address of the remote IPSec router in the IPSec SA. SPI Type a

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide405Encryption Key This field is applicable when you select an Encryption Algorithm. Enter the encry

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide40623.3 The VPN Gateway ScreenThe VPN Gateway summary screen displays the IPSec VPN gateway policie

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide40723.3.1 The VPN Gateway Add/Edit ScreenThe VPN Gateway Add/Edit screen allows you to create a ne

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide408Figure 244 Configuration > VPN > IPSec VPN > VPN Gateway > Edit Each field is d

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide409My Address Select how the IP address of the ZyWALL in the IKE SA is defined. If you select Inter

Chapter 2 Features and ApplicationsZyWALL USG 20/20W User’s Guide412.2.3 User-Aware Access ControlSet up security policies that restrict access to s

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide410Certificate Select this to have the ZyWALL and remote IPSec router use certificates to authentica

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide411Peer ID Type Select which type of identification is used to identify the remote IPSec router dur

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide412Content This field is disabled if the Peer ID Type is Any. Type the identity of the remote IPSec

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide413Negotiation ModeSelect the negotiation mode to use to negotiate the IKE SA. Choices areMain - th

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide414NAT Traversal Select this if any of these conditions are satisfied.• This IKE SA might be used to

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide41523.4 IPSec VPN Background InformationHere is some more detailed IPSec VPN background informatio

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide416The ZyWALL sends one or more proposals to the remote IPSec router. (In some devices, you can only

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide417keys for the IKE SA and IPSec SA. In main mode, this is done in steps 3 and 4, as illustrated ne

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide418Router identity consists of ID type and content. The ID type can be domain name, IP address, or e

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide419the identity of the remote IPSec router (for example, extended authentication) or if you are tro

Chapter 2 Features and ApplicationsZyWALL USG 20/20W User’s Guide42

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide420If router A does NAT, it might change the IP addresses, port numbers, or both. If router X and ro

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide421CertificatesIt is possible for the ZyWALL and remote IPSec router to authenticate each other wit

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide422EncapsulationThere are two ways to encapsulate packets. Usually, you should use tunnel mode becau

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide423If you enable PFS, the ZyWALL and remote IPSec router perform a DH key exchange every time an IP

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide424NAT for Inbound and Outbound TrafficThe ZyWALL can translate the following types of network addre

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide425• Destination - the original destination address; the remote network (B).• SNAT - the translated

Chapter 23 IPSec VPNZyWALL USG 20/20W User’s Guide426

ZyWALL USG 20/20W User’s Guide427CHAPTER 24 SSL VPN24.1 OverviewUse SSL VPN to allow users to use a web browser for secure remote user login (the re

Chapter 24 SSL VPNZyWALL USG 20/20W User’s Guide428• apply Endpoint Security (EPS) checking to require users’ computers to comply with defined corpora

Chapter 24 SSL VPNZyWALL USG 20/20W User’s Guide42924.2 The SSL Access Privilege ScreenClick VPN > SSL VPN to open the Access Privilege screen. T

ZyWALL USG 20/20W User’s Guide43CHAPTER 3 Web ConfiguratorThe ZyWALL Web Configurator allows easy ZyWALL setup and management using an Internet brows

Chapter 24 SSL VPNZyWALL USG 20/20W User’s Guide43024.2.1 The SSL Access Policy Add/Edit Screen To create a new or edit an existing SSL access policy

Chapter 24 SSL VPNZyWALL USG 20/20W User’s Guide431The following table describes the labels in this screen. Table 123 VPN > SSL VPN > Access

Chapter 24 SSL VPNZyWALL USG 20/20W User’s Guide432Available EPS Objects / Selected EPS ObjectsConfigured endpoint security objects appear on the left

Chapter 24 SSL VPNZyWALL USG 20/20W User’s Guide43324.3 The SSL Global Setting ScreenClick VPN > SSL VPN and click the Global Setting tab to disp

Chapter 24 SSL VPNZyWALL USG 20/20W User’s Guide43424.3.1 How to Upload a Custom LogoFollow the steps below to upload a custom logo to display on the

Chapter 24 SSL VPNZyWALL USG 20/20W User’s Guide435The following shows an example logo on the remote user screen. Figure 255 Example Logo Graphic D

Chapter 24 SSL VPNZyWALL USG 20/20W User’s Guide4362 SSL VPN connection starts. This may take several minutes depending on your network connection. On

ZyWALL USG 20/20W User’s Guide437CHAPTER 25 SSL User Screens25.1 OverviewThis chapter introduces the remote user SSL VPN screens. The following fig

Chapter 25 SSL User ScreensZyWALL USG 20/20W User’s Guide438System RequirementsHere are the browser and computer system requirements for remote user a

Chapter 25 SSL User ScreensZyWALL USG 20/20W User’s Guide4391 Open a web browser and enter the web site address or IP address of the ZyWALL. For exam

Chapter 3 Web ConfiguratorZyWALL USG 20/20W User’s Guide442 Open your web browser, and go to http://192.168.1.1. By default, the ZyWALL automatically

Chapter 25 SSL User ScreensZyWALL USG 20/20W User’s Guide4405 Your computer starts establishing a secure connection to the ZyWALL after a successful l

Chapter 25 SSL User ScreensZyWALL USG 20/20W User’s Guide4417 The ZyWALL tries to install the SecuExtender client. You may need to click a pop-up to

Chapter 25 SSL User ScreensZyWALL USG 20/20W User’s Guide44210 If a screen like the following displays, click Continue Anyway to finish installing the

Chapter 25 SSL User ScreensZyWALL USG 20/20W User’s Guide44325.3 The SSL VPN User ScreensThis section describes the main elements in the remote user

Chapter 25 SSL User ScreensZyWALL USG 20/20W User’s Guide44425.4 Bookmarking the ZyWALLYou can create a bookmark of the ZyWALL by clicking the Add to

Chapter 25 SSL User ScreensZyWALL USG 20/20W User’s Guide4453 An information screen displays to indicate that the SSL VPN connection is about to term

Chapter 25 SSL User ScreensZyWALL USG 20/20W User’s Guide446

ZyWALL USG 20/20W User’s Guide447CHAPTER 26 SSL User Application Screens26.1 SSL User Application Screens OverviewUse the Application screen to acce

Chapter 26 SSL User Application ScreensZyWALL USG 20/20W User’s Guide448

ZyWALL USG 20/20W User’s Guide449CHAPTER 27 ZyWALL SecuExtenderThe ZyWALL automatically loads the ZyWALL SecuExtender client program to your computer

Chapter 3 Web ConfiguratorZyWALL USG 20/20W User’s Guide455 The screen above appears every time you log in using the default user name and default pa

Chapter 27 ZyWALL SecuExtenderZyWALL USG 20/20W User’s Guide45027.2 StatisticsRight-click the ZyWALL SecuExtender icon in the system tray and select

Chapter 27 ZyWALL SecuExtenderZyWALL USG 20/20W User’s Guide45127.3 View LogIf you have problems with the ZyWALL SecuExtender, customer support may

Chapter 27 ZyWALL SecuExtenderZyWALL USG 20/20W User’s Guide452connected but not send any traffic through it until you right-click the icon and resume

ZyWALL USG 20/20W User’s Guide453CHAPTER 28 Bandwidth Management28.1 OverviewBandwidth management provides a convenient way to manage the use of

Chapter 28 Bandwidth ManagementZyWALL USG 20/20W User’s Guide454in a network by grouping similar types of traffic together and treating each type as a

Chapter 28 Bandwidth ManagementZyWALL USG 20/20W User’s Guide455Outbound and Inbound Bandwidth LimitsYou can limit an application’s outbound or inbou

Chapter 28 Bandwidth ManagementZyWALL USG 20/20W User’s Guide456Unused bandwidth is divided equally. Higher priority traffic does not get a larger por

Chapter 28 Bandwidth ManagementZyWALL USG 20/20W User’s Guide457Maximize Bandwidth Usage EffectWith maximize bandwidth usage enabled, after each serv

Chapter 28 Bandwidth ManagementZyWALL USG 20/20W User’s Guide458Here is an overview of what the rules need to accomplish. See the following sections f

Chapter 28 Bandwidth ManagementZyWALL USG 20/20W User’s Guide459• Enable maximize bandwidth usage so the SIP traffic can borrow unused bandwidth.Figu

Chapter 3 Web ConfiguratorZyWALL USG 20/20W User’s Guide463.3.1 Title BarThe title bar provides some icons in the upper right corner.Figure 9 Title

Chapter 28 Bandwidth ManagementZyWALL USG 20/20W User’s Guide46028.1.3.5 FTP WAN to DMZ Bandwidth Management Example• ADSL supports more downstream t

Chapter 28 Bandwidth ManagementZyWALL USG 20/20W User’s Guide46128.2 TheBandwidth Management ScreenThe Bandwidth management screen controls the defa

Chapter 28 Bandwidth ManagementZyWALL USG 20/20W User’s Guide462# This field is a sequential value, and it is not associated with a specific condition

Chapter 28 Bandwidth ManagementZyWALL USG 20/20W User’s Guide46328.2.1 The Bandwidth Management Add/Edit ScreenThe Configuration > Bandwidth Man

Chapter 28 Bandwidth ManagementZyWALL USG 20/20W User’s Guide464The following table describes the labels in this screen. Table 132 Configuration &

Chapter 28 Bandwidth ManagementZyWALL USG 20/20W User’s Guide465Inbound kbpsType how much inbound bandwidth, in kilobits per second, this policy allo

Chapter 28 Bandwidth ManagementZyWALL USG 20/20W User’s Guide466

ZyWALL USG 20/20W User’s Guide467CHAPTER 29 ADP29.1 OverviewThis chapter introduces ADP (Anomaly Detection and Prevention), anomaly profiles and app

Chapter 29 ADPZyWALL USG 20/20W User’s Guide468ADP ProfileAn ADP profile is a set of traffic anomaly rules and protocol anomaly rules that you can act

Chapter 29 ADPZyWALL USG 20/20W User’s Guide46929.2 The ADP General ScreenClick Configuration > Anti-X > ADP > General. Use this screen to

Chapter 3 Web ConfiguratorZyWALL USG 20/20W User’s Guide47The following table describes labels that can appear in this screen. 3.3.2 Navigation Pane

Chapter 29 ADPZyWALL USG 20/20W User’s Guide47029.3 The Profile Summary ScreenUse this screen to:• Create a new profile using an existing base profil

Chapter 29 ADPZyWALL USG 20/20W User’s Guide47129.3.1 Base ProfilesThe ZyWALL comes with base profiles. You use base profiles to create new profiles

Chapter 29 ADPZyWALL USG 20/20W User’s Guide472The following table describes the fields in this screen. 29.3.3 Creating New ADP Profiles You may wan

Chapter 29 ADPZyWALL USG 20/20W User’s Guide473belonging to this profile, make sure you have clicked OK or Save to save the changes before selecting

Chapter 29 ADPZyWALL USG 20/20W User’s Guide474The following table describes the fields in this screen. Table 136 Configuration > ADP > Profi

Chapter 29 ADPZyWALL USG 20/20W User’s Guide47529.3.5 Protocol Anomaly Profiles Protocol anomaly is the third screen in an ADP profile. Protocol ano

Chapter 29 ADPZyWALL USG 20/20W User’s Guide476Figure 292 Profiles: Protocol Anomaly

Chapter 29 ADPZyWALL USG 20/20W User’s Guide477The following table describes the fields in this screen. Table 137 Configuration > ADP > Prof

Chapter 29 ADPZyWALL USG 20/20W User’s Guide478Action To edit what action the ZyWALL takes when a packet matches a signature, select the signature and

Chapter 29 ADPZyWALL USG 20/20W User’s Guide47929.4 ADP Technical ReferenceThis section is divided into traffic anomaly background information and p

Chapter 3 Web ConfiguratorZyWALL USG 20/20W User’s Guide483.3.2.2 Monitor MenuThe monitor menu screens display status and statistics information.3.3.

Chapter 29 ADPZyWALL USG 20/20W User’s Guide480Decoy Port ScansDecoy port scans are scans where the attacker has spoofed the source address. These are

Chapter 29 ADPZyWALL USG 20/20W User’s Guide481Flood DetectionFlood attacks saturate a network with useless data, use up all available bandwidth, and

Chapter 29 ADPZyWALL USG 20/20W User’s Guide482the initiator responds with an ACK (acknowledgment). After this handshake, a connection is established.

Chapter 29 ADPZyWALL USG 20/20W User’s Guide483UDP Flood AttackUDP is a connection-less protocol and it does not require any connection setup procedu

Chapter 29 ADPZyWALL USG 20/20W User’s Guide484DOUBLE-ENCODING ATTACKThis rule is IIS specific. IIS does two passes through the request URI, doing dec

Chapter 29 ADPZyWALL USG 20/20W User’s Guide485WEBROOT-DIRECTORY-TRAVERSAL ATTACKThis is when a directory traversal traverses past the web server roo

Chapter 29 ADPZyWALL USG 20/20W User’s Guide486TRUNCATED-HEADER ATTACKThis is when an ICMP packet is sent which has an ICMP datagram length of less th

ZyWALL USG 20/20W User’s Guide487CHAPTER 30 Content Filtering30.1 OverviewUse the content filtering feature to control access to specific web sites

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide488Content Filtering ProfilesA content filtering profile conveniently stores your custom set

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide489Since the ZyWALL checks the URL’s domain name (or IP address) and file path separately,

Chapter 3 Web ConfiguratorZyWALL USG 20/20W User’s Guide49Interface Port Role Use this screen to set the ZyWALL’s flexible ports as LAN1 or DMZ.Ether

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide490your list of content filter policies, create a denial of access message or specify a redi

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide491Move To change an entry’s position in the numbered list, select it and click Move to dis

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide49230.3 Content Filter Policy Add or Edit ScreenClick Configuration > Anti-X > Conten

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide493filter policy. A content filter policy defines which content filter profile should be ap

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide49430.4 Content Filter Profile Screen Click Configuration > Anti-X > Content Filter &

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide495See Chapter 31 on page 513 for how to view content filtering reports. Figure 299 Confi

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide496Figure 300 Configuration > Anti-X > Content Filter > Filter Profile > Add (

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide497The following table describes the labels in this screen. Table 142 Configuration >

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide498Action for Unsafe Web PagesSelect Pass to allow users to access web pages that match the

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide499Action When Category Server Is UnavailableSelect Pass to allow users to access any reque

About This User's GuideZyWALL USG 20/20W User’s Guide5•ForumThis contains discussions on ZyXEL products. Learn from others who use ZyXEL produc

Chapter 3 Web ConfiguratorZyWALL USG 20/20W User’s Guide50BWMAnti-XADP General Display and manage ADP bindings.Profile Create and manage ADP profiles.

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide500Spyware Effects/Privacy ConcernsThis category includes pages to which spyware (as defined

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide501Nudity This category includes pages containing nude or seminude depictions of the human

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide502Security ConcernsHacking This category includes pages that distribute, promote, or provid

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide503Alternative Spirituality/OccultThis category includes pages that promote and provide inf

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide504Greeting Cards This category includes pages that facilitate the sending of electronic gre

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide505Abortion This category includes pages that provide information or arguments in favor of

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide506Humor/Jokes This category includes pages that primarily focus on comedy, jokes, fun, etc.

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide507Content Servers This category includes servers that provide commercial hosting for a var

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide50830.5.1 Content Filter Blocked and Warning MessagesThese are the content filtering warnin

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide509keyword. Use this screen to add or remove specific sites or keywords from the filter lis

Chapter 3 Web ConfiguratorZyWALL USG 20/20W User’s Guide513.3.2.4 Maintenance MenuUse the maintenance menu screens to manage configuration and firmw

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide510BlockActiveX ActiveX is a tool for building dynamic and active web pages and distributed

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide51130.7 Content Filter Technical ReferenceThis section provides content filtering backgrou

Chapter 30 Content FilteringZyWALL USG 20/20W User’s Guide512External Content Filter Server Lookup ProcedureThe content filter lookup process is descr

ZyWALL USG 20/20W User’s Guide513CHAPTER 31 Content Filter Reports31.1 OverviewYou can view content filtering reports after you have activated the c

Chapter 31 Content Filter ReportsZyWALL USG 20/20W User’s Guide5142 Fill in your myZyXEL.com account information and click Login.Figure 303 myZyXEL.

Chapter 31 Content Filter ReportsZyWALL USG 20/20W User’s Guide5153 A welcome screen displays. Click your ZyWALL’s model name and/or MAC address unde

Chapter 31 Content Filter ReportsZyWALL USG 20/20W User’s Guide5164 In the Service Management screen click Content Filter in the Service Name column t

Chapter 31 Content Filter ReportsZyWALL USG 20/20W User’s Guide5176 Select items under Global Reports to view the corresponding reports.Figure 307

Chapter 31 Content Filter ReportsZyWALL USG 20/20W User’s Guide5188 A chart and/or list of requested web site categories display in the lower half of

Chapter 31 Content Filter ReportsZyWALL USG 20/20W User’s Guide5199 You can click a category in the Categories report or click URLs in the Report Hom

Chapter 3 Web ConfiguratorZyWALL USG 20/20W User’s Guide523.3.3 Main WindowThe main window shows the screen you select in the navigation panel. The m

Chapter 31 Content Filter ReportsZyWALL USG 20/20W User’s Guide520

ZyWALL USG 20/20W User’s Guide521CHAPTER 32 Anti-Spam32.1 OverviewThe anti-spam feature can mark or discard spam (unsolicited commercial or junk e-m

Chapter 32 Anti-SpamZyWALL USG 20/20W User’s Guide522Black ListConfigure black list entries to identify spam. The black list entries have the ZyWALL c

Chapter 32 Anti-SpamZyWALL USG 20/20W User’s Guide523E-mail Header Buffer SizeThe ZyWALL has a 5 K buffer for an individual e-mail header. If an e-ma

Chapter 32 Anti-SpamZyWALL USG 20/20W User’s Guide524spam policies. You can also select the action the ZyWALL takes when the mail sessions threshold i

Chapter 32 Anti-SpamZyWALL USG 20/20W User’s Guide52532.3.1 The Anti-Spam Policy Add or Edit ScreenClick the Add or Edit icon in the Configuration &

Chapter 32 Anti-SpamZyWALL USG 20/20W User’s Guide526check, which e-mail protocols to scan, the scanning options, and the action to take on spam traff

Chapter 32 Anti-SpamZyWALL USG 20/20W User’s Guide52732.4 The Anti-Spam Black List ScreenClick Configuration > Anti-X > Anti-Spam > Black /

Chapter 32 Anti-SpamZyWALL USG 20/20W User’s Guide528specific subject text. Click a column’s heading cell to sort the table entries by that column’s c

Chapter 32 Anti-SpamZyWALL USG 20/20W User’s Guide52932.4.1 The Anti-Spam Black or White List Add/Edit ScreenIn the anti-spam Black List or White Li

Chapter 3 Web ConfiguratorZyWALL USG 20/20W User’s Guide533.3.3.2 Site MapClick Site MAP to see an overview of links to the Web Configurator screens

Chapter 32 Anti-SpamZyWALL USG 20/20W User’s Guide53032.4.2 Regular Expressions in Black or White List EntriesThe following applies for a black or wh

Chapter 32 Anti-SpamZyWALL USG 20/20W User’s Guide53132.5 The Anti-Spam White List ScreenClick Configuration > Anti-X > Anti-Spam > Black/W

Chapter 32 Anti-SpamZyWALL USG 20/20W User’s Guide53232.6 The DNSBL Screen Click Configuration > Anti-X > Anti-Spam > DNSBL to display the a

Chapter 32 Anti-SpamZyWALL USG 20/20W User’s Guide533The following table describes the labels in this screen. Table 150 Configuration > Anti-X &

Chapter 32 Anti-SpamZyWALL USG 20/20W User’s Guide53432.7 Anti-Spam Technical ReferenceHere is more detailed anti-spam information.DNSBL• The ZyWALL

Chapter 32 Anti-SpamZyWALL USG 20/20W User’s Guide535Here is an example of an e-mail classified as spam based on DNSBL replies. Figure 316 DNSBL Sp

Chapter 32 Anti-SpamZyWALL USG 20/20W User’s Guide536Here is an example of an e-mail classified as legitimate based on DNSBL replies. Figure 317 DNS

Chapter 32 Anti-SpamZyWALL USG 20/20W User’s Guide537If the ZyWALL receives conflicting DNSBL replies for an e-mail routing IP address, the ZyWALL cl

Chapter 32 Anti-SpamZyWALL USG 20/20W User’s Guide538

ZyWALL USG 20/20W User’s Guide539CHAPTER 33 User/Group33.1 OverviewThis chapter describes how to set up user accounts, user groups, and user setting

Chapter 3 Web ConfiguratorZyWALL USG 20/20W User’s Guide54The fields vary with the type of object. The following table describes labels that can appea

Chapter 33 User/GroupZyWALL USG 20/20W User’s Guide540Note: The default admin account is always authenticated locally, regardless of the authenticatio

Chapter 33 User/GroupZyWALL USG 20/20W User’s Guide541See Setting up User Attributes in an External Server on page 553 for a list of attributes and h

Chapter 33 User/GroupZyWALL USG 20/20W User’s Guide54233.2 User Summary ScreenThe User screen provides a summary of all user accounts. To access this

Chapter 33 User/GroupZyWALL USG 20/20W User’s Guide543•- [dashes]The first character must be alphabetical (A-Z a-z), an underscore (_), or a dash (-)

Chapter 33 User/GroupZyWALL USG 20/20W User’s Guide544The following table describes the labels in this screen. Table 153 Configuration > User/Gr

Chapter 33 User/GroupZyWALL USG 20/20W User’s Guide54533.3 User Group Summary ScreenUser groups consist of access users and other user groups. You c

Chapter 33 User/GroupZyWALL USG 20/20W User’s Guide54633.3.1 Group Add/Edit ScreenThe Group Add/Edit screen allows you to create a new user group or

Chapter 33 User/GroupZyWALL USG 20/20W User’s Guide54733.4 Setting Screen The Setting screen controls default settings, login settings, lockout sett

Chapter 33 User/GroupZyWALL USG 20/20W User’s Guide548To access this screen, login to the Web Configurator, and click Configuration > Object > U

Chapter 33 User/GroupZyWALL USG 20/20W User’s Guide549User Type These are the kinds of user account the ZyWALL supports.• admin - this user can look

Chapter 3 Web ConfiguratorZyWALL USG 20/20W User’s Guide553.3.4.1 Manipulating Table DisplayHere are some of the ways you can manipulate the Web Con

Chapter 33 User/GroupZyWALL USG 20/20W User’s Guide55033.4.1 Default User Authentication Timeout Settings Edit ScreensThe Default Authentication Time

Chapter 33 User/GroupZyWALL USG 20/20W User’s Guide551To access this screen, go to the Configuration > Object > User/Group > Setting screen

Chapter 33 User/GroupZyWALL USG 20/20W User’s Guide55233.4.2 User Aware Login ExampleAccess users cannot use the Web Configurator to browse the confi

Chapter 33 User/GroupZyWALL USG 20/20W User’s Guide55333.5 User /Group Technical ReferenceThis section provides some information on users who use an

Chapter 33 User/GroupZyWALL USG 20/20W User’s Guide554

ZyWALL USG 20/20W User’s Guide555CHAPTER 34 Addresses34.1 OverviewAddress objects can represent a single IP address or a range of IP addresses. Addr

Chapter 34 AddressesZyWALL USG 20/20W User’s Guide556• RANGE - a range address is defined by a Starting IP Address and an Ending IP Address.• SUBNET -

Chapter 34 AddressesZyWALL USG 20/20W User’s Guide55734.2.1 Address Add/Edit ScreenThe Configuration > Address Add/Edit screen allows you to crea

Chapter 34 AddressesZyWALL USG 20/20W User’s Guide55834.3 Address Group Summary ScreenThe Address Group screen provides a summary of all address grou

Chapter 34 AddressesZyWALL USG 20/20W User’s Guide55934.3.1 Address Group Add/Edit ScreenThe Address Group Add/Edit screen allows you to create a ne

Chapter 3 Web ConfiguratorZyWALL USG 20/20W User’s Guide563 Select a column heading cell’s right border and drag to re-size the column.Figure 18 Res

Chapter 34 AddressesZyWALL USG 20/20W User’s Guide560

ZyWALL USG 20/20W User’s Guide561CHAPTER 35 Services35.1 OverviewUse service objects to define TCP applications, UDP applications, and ICMP messages

Chapter 35 ServicesZyWALL USG 20/20W User’s Guide562Both TCP and UDP use ports to identify the source and destination. Each port is a 16-bit number. S

Chapter 35 ServicesZyWALL USG 20/20W User’s Guide563entries by that column’s criteria. Click the heading cell again to reverse the sort order.Figure

Chapter 35 ServicesZyWALL USG 20/20W User’s Guide56435.2.1 The Service Add/Edit ScreenThe Service Add/Edit screen allows you to create a new service

Chapter 35 ServicesZyWALL USG 20/20W User’s Guide565To access this screen, log in to the Web Configurator, and click Configuration > Object > S

Chapter 35 ServicesZyWALL USG 20/20W User’s Guide56635.3.1 The Service Group Add/Edit ScreenThe Service Group Add/Edit screen allows you to create a

ZyWALL USG 20/20W User’s Guide567CHAPTER 36 Schedules36.1 OverviewUse schedules to set up one-time and recurring schedules for policy routes, firewa

Chapter 36 SchedulesZyWALL USG 20/20W User’s Guide568Finding Out More• See Section 6.6 on page 103 for related information on these screens.• See Sect

Chapter 36 SchedulesZyWALL USG 20/20W User’s Guide56936.2.1 The One-Time Schedule Add/Edit ScreenThe One-Time Schedule Add/Edit screen allows you to

Chapter 3 Web ConfiguratorZyWALL USG 20/20W User’s Guide573.3.4.2 Working with Table EntriesThe tables have icons for working with table entries. A

Chapter 36 SchedulesZyWALL USG 20/20W User’s Guide57036.2.2 The Recurring Schedule Add/Edit ScreenThe Recurring Schedule Add/Edit screen allows you t

Chapter 36 SchedulesZyWALL USG 20/20W User’s Guide571(see Section 36.2 on page 568), and click either the Add icon or an Edit icon in the Recurring s

Chapter 36 SchedulesZyWALL USG 20/20W User’s Guide572

ZyWALL USG 20/20W User’s Guide573CHAPTER 37 AAA Server37.1 Overview You can use a AAA (Authentication, Authorization, Accounting) server to provide

Chapter 37 AAA ServerZyWALL USG 20/20W User’s Guide57437.1.2 RADIUS Server RADIUS (Remote Authentication Dial-In User Service) authentication is a po

Chapter 37 AAA ServerZyWALL USG 20/20W User’s Guide575•Use the Configuration > Object > AAA Server > RADIUS screen (Section 37.3 on page 579

Chapter 37 AAA ServerZyWALL USG 20/20W User’s Guide576organizational boundaries. The following figure shows a basic directory structure branching from

Chapter 37 AAA ServerZyWALL USG 20/20W User’s Guide577• See Section 7.6 on page 124 for an example of how to use a RADIUS server to authenticate user

Chapter 37 AAA ServerZyWALL USG 20/20W User’s Guide578following screen. Use this screen to create a new AD or LDAP entry or edit an existing one. Figu

Chapter 37 AAA ServerZyWALL USG 20/20W User’s Guide57937.3 RADIUS Server SummaryUse the RADIUS screen to manage the list of RADIUS servers the ZyWAL

Chapter 3 Web ConfiguratorZyWALL USG 20/20W User’s Guide58you can also use the [Shift] or [Ctrl] key to select multiple entries, and then use the arro

Chapter 37 AAA ServerZyWALL USG 20/20W User’s Guide580Click Configuration > Object > AAA Server > RADIUS to display the RADIUS screen. Figure

Chapter 37 AAA ServerZyWALL USG 20/20W User’s Guide58137.3.1 Adding a RADIUS Server Click Configuration > Object > AAA Server > RADIUS to d

Chapter 37 AAA ServerZyWALL USG 20/20W User’s Guide582Timeout Specify the timeout period (between 1 and 300 seconds) before the ZyWALL disconnects fro

ZyWALL USG 20/20W User’s Guide583CHAPTER 38 Authentication Method38.1 Overview Authentication method objects set how the ZyWALL authenticates wirele

Chapter 38 Authentication MethodZyWALL USG 20/20W User’s Guide5843 Select Server Mode and select an authentication method object from the drop-down li

Chapter 38 Authentication MethodZyWALL USG 20/20W User’s Guide58538.2.1 Creating an Authentication Method Object Follow the steps below to create an

Chapter 38 Authentication MethodZyWALL USG 20/20W User’s Guide5867 Click OK to save the settings or click Cancel to discard all changes and return to

Chapter 38 Authentication MethodZyWALL USG 20/20W User’s Guide587Add icon Click Add to add a new entry. Click Edit to edit the settings of an entry.

Chapter 38 Authentication MethodZyWALL USG 20/20W User’s Guide588

ZyWALL USG 20/20W User’s Guide589CHAPTER 39 Certificates39.1 OverviewThe ZyWALL can use certificates (also called digital IDs) to authenticate users

ZyWALL USG 20/20W User’s Guide59CHAPTER 4 Installation Setup Wizard4.1 Installation Setup Wizard Screens If you log into the Web Configurator when t

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide5902 Tim keeps the private key and makes the public key openly available. This means that anyone

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide591Factory Default CertificateThe ZyWALL generates its own unique self-signed certificate when y

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide5922 Make sure that the certificate has a “.cer” or “.crt” file name extension.Figure 349 Remot

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide59339.2 The My Certificates Screen Click Configuration > Object > Certificate > My Cer

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide59439.2.1 The My Certificates Add ScreenClick Configuration > Object > Certificate > My

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide595ZyWALL create a self-signed certificate, enroll a certificate with a certification authority

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide596The following table describes the labels in this screen. Table 178 Configuration > Object

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide597Create a certification request and save it locally for later manual enrollmentSelect this to

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide598If you configured the My Certificate Create screen to have the ZyWALL enroll a certificate and

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide59939.2.2 The My Certificates Edit ScreenClick Configuration > Object > Certificate >

Document ConventionsZyWALL USG 20/20W User’s Guide6Document ConventionsWarnings and NotesThese are how warnings and notes are shown in this User’s Gui

Chapter 4 Installation Setup WizardZyWALL USG 20/20W User’s Guide60The screens vary depending on the encapsulation type. Refer to information provided

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide600The following table describes the labels in this screen. Table 179 Configuration > Objec

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide601Key Algorithm This field displays the type of algorithm that was used to generate the certifi

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide60239.2.3 The My Certificates Import Screen Click Configuration > Object > Certificate >

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide60339.3 The Trusted Certificates Screen Click Configuration > Object > Certificate >

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide60439.3.1 The Trusted Certificates Edit Screen Click Configuration > Object > Certificate

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide605authority’s list of revoked certificates before trusting a certificate issued by the certific

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide606The following table describes the labels in this screen. Table 182 Configuration > Objec

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide607Type This field displays general information about the certificate. CA-signed means that a Ce

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide60839.3.2 The Trusted Certificates Import Screen Click Configuration > Object > Certificat

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide609The following table describes the labels in this screen. 39.4 Certificates Technical Referen

Chapter 4 Installation Setup WizardZyWALL USG 20/20W User’s Guide61• IP Address: Enter your (static) public IP address. Auto displays if you selected

Chapter 39 CertificatesZyWALL USG 20/20W User’s Guide610

ZyWALL USG 20/20W User’s Guide611CHAPTER 40 ISP Accounts40.1 OverviewUse ISP accounts to manage Internet Service Provider (ISP) account information

Chapter 40 ISP AccountsZyWALL USG 20/20W User’s Guide612The following table describes the labels in this screen. See the ISP Account Edit section belo

Chapter 40 ISP AccountsZyWALL USG 20/20W User’s Guide613The following table describes the labels in this screen. Table 185 Configuration > Obje

Chapter 40 ISP AccountsZyWALL USG 20/20W User’s Guide614Compression Select On button to turn on stac compression, and select Off to turn off stac comp

ZyWALL USG 20/20W User’s Guide615CHAPTER 41 SSL Application41.1 OverviewYou use SSL application objects in SSL VPN. Configure an SSL application obj

Chapter 41 SSL ApplicationZyWALL USG 20/20W User’s Guide616Remote Desktop ConnectionsUse SSL VPN to allow remote users to manage LAN computers. Depend

Chapter 41 SSL ApplicationZyWALL USG 20/20W User’s Guide6172 Click the Add button and select Web Application in the Type field. In the Server Type fi

Chapter 41 SSL ApplicationZyWALL USG 20/20W User’s Guide618The following table describes the labels in this screen. 41.2.1 Creating/Editing a Web-ba

Chapter 41 SSL ApplicationZyWALL USG 20/20W User’s Guide619The following table describes the labels in this screen. Table 187 Configuration > O

Chapter 4 Installation Setup WizardZyWALL USG 20/20W User’s Guide62• CHAP/PAP - Your ZyWALL accepts either CHAP or PAP when requested by the remote no

Chapter 41 SSL ApplicationZyWALL USG 20/20W User’s Guide620Entry Point This field displays if the Server Type is set to Web Server or OWA.This field i

ZyWALL USG 20/20W User’s Guide621CHAPTER 42 Endpoint Security42.1 Overview Use Endpoint Security (EPS), also known as endpoint control, to make sure

Chapter 42 Endpoint SecurityZyWALL USG 20/20W User’s Guide62242.1.1 What You Can Do in this ChapterUse the Configuration > Object > Endpoint Se

Chapter 42 Endpoint SecurityZyWALL USG 20/20W User’s Guide62342.2 Endpoint Security ScreenThe Endpoint Security screen displays the endpoint securit

Chapter 42 Endpoint SecurityZyWALL USG 20/20W User’s Guide62442.3 Endpoint Security Add/EditClick Configuration > Object > Endpoint Security an

Chapter 42 Endpoint SecurityZyWALL USG 20/20W User’s Guide625

Chapter 42 Endpoint SecurityZyWALL USG 20/20W User’s Guide626The following table gives an overview of the objects you can configure. Table 189 Conf

Chapter 42 Endpoint SecurityZyWALL USG 20/20W User’s Guide627Checking Item - Anti-Virus SoftwareIf you selected Windows as the operating system, you

Chapter 42 Endpoint SecurityZyWALL USG 20/20W User’s Guide628Checking Item - File InformationIf you selected Windows or Linux as the operating system,

ZyWALL USG 20/20W User’s Guide629CHAPTER 43 System43.1 OverviewUse the system screens to configure general ZyWALL settings. 43.1.1 What You Can Do

Chapter 4 Installation Setup WizardZyWALL USG 20/20W User’s Guide634.1.4 Internet Access: PPTP Note: Enter the Internet access information exactly a

Chapter 43 SystemZyWALL USG 20/20W User’s Guide630• Your ZyWALL can act as an SNMP agent, which allows a manager station to manage and monitor the ZyW

Chapter 43 SystemZyWALL USG 20/20W User’s Guide63143.3 USB StorageThe ZyWALL can use a connected USB device to store the system log and other diagno

Chapter 43 SystemZyWALL USG 20/20W User’s Guide632a software mechanism to set the time manually or get the current time and date from an external serv

Chapter 43 SystemZyWALL USG 20/20W User’s Guide633New Time (hh-mm-ss)This field displays the last updated time from the time server or the last time

Chapter 43 SystemZyWALL USG 20/20W User’s Guide63443.4.1 Pre-defined NTP Time Servers ListWhen you turn on the ZyWALL for the first time, the date an

Chapter 43 SystemZyWALL USG 20/20W User’s Guide63543.4.2 Time Server SynchronizationClick the Synchronize Now button to get the time and date from t

Chapter 43 SystemZyWALL USG 20/20W User’s Guide6365 Under Time and Date Setup, enter a Time Server Address (Table 193 on page 634).6 Click Apply.43.5

Chapter 43 SystemZyWALL USG 20/20W User’s Guide63743.6.1 DNS Server Address AssignmentThe ZyWALL can get the DNS server addresses in the following w

Chapter 43 SystemZyWALL USG 20/20W User’s Guide638The following table describes the labels in this screen. Table 195 Configuration > System >

Chapter 43 SystemZyWALL USG 20/20W User’s Guide639DNS Server This is the IP address of a DNS server. This field displays N/A if you have the ZyWALL g

Chapter 4 Installation Setup WizardZyWALL USG 20/20W User’s Guide64• Select Nailed-Up if you do not want the connection to time out. Otherwise, type t

Chapter 43 SystemZyWALL USG 20/20W User’s Guide64043.6.3 Address Record An address record contains the mapping of a Fully-Qualified Domain Name (FQDN

Chapter 43 SystemZyWALL USG 20/20W User’s Guide641The following table describes the labels in this screen. 43.6.6 Domain Zone Forwarder A domain zo

Chapter 43 SystemZyWALL USG 20/20W User’s Guide642The following table describes the labels in this screen. 43.6.8 MX Record A MX (Mail eXchange) reco

Chapter 43 SystemZyWALL USG 20/20W User’s Guide64343.6.9 Adding a MX Record Click the Add icon in the MX Record table to add a MX record.Figure 375

Chapter 43 SystemZyWALL USG 20/20W User’s Guide644The following table describes the labels in this screen. 43.7 WWW OverviewThe following figure sho

Chapter 43 SystemZyWALL USG 20/20W User’s Guide6451 You have disabled that service in the corresponding screen.2 The allowed IP address (address obje

Chapter 43 SystemZyWALL USG 20/20W User’s Guide646Please refer to the following figure.1 HTTPS connection requests from an SSL-aware web browser go to

Chapter 43 SystemZyWALL USG 20/20W User’s Guide647Note: Admin Service Control deals with management access (to the Web Configurator). User Service Co

Chapter 43 SystemZyWALL USG 20/20W User’s Guide648Server Port The HTTPS server listens on port 443 by default. If you change the HTTPS server port to

Chapter 43 SystemZyWALL USG 20/20W User’s Guide649HTTPEnable Select the check box to allow or disallow the computer with the IP address that matches

Chapter 4 Installation Setup WizardZyWALL USG 20/20W User’s Guide654.1.6 Internet Access - Finish You have set up your ZyWALL to access the Internet

Chapter 43 SystemZyWALL USG 20/20W User’s Guide65043.7.5 Service Control RulesClick Add or Edit in the Service Control table in a WWW, SSH, Telnet, F

Chapter 43 SystemZyWALL USG 20/20W User’s Guide651also customize the page that displays after an access user logs into the Web Configurator to access

Chapter 43 SystemZyWALL USG 20/20W User’s Guide652The following figures identify the parts you can customize in the login and access pages.Figure 381

Chapter 43 SystemZyWALL USG 20/20W User’s Guide653•Click Color to display a screen of web-safe colors from which to choose.• Enter the name of the de

Chapter 43 SystemZyWALL USG 20/20W User’s Guide65443.7.7 HTTPS ExampleIf you haven’t changed the default HTTPS port on the ZyWALL, then in your brows

Chapter 43 SystemZyWALL USG 20/20W User’s Guide65543.7.7.2 Netscape Navigator Warning MessagesWhen you attempt to access the ZyWALL HTTPS server, a

Chapter 43 SystemZyWALL USG 20/20W User’s Guide656• The issuing certificate authority of the ZyWALL’s HTTPS server certificate is not one of the brows

Chapter 43 SystemZyWALL USG 20/20W User’s Guide657Apply for a certificate from a Certification Authority (CA) that is trusted by the ZyWALL (see the

Chapter 43 SystemZyWALL USG 20/20W User’s Guide65843.7.7.5.2 Installing Your Personal Certificate(s)You need a password in advance. The CA may issue

Chapter 43 SystemZyWALL USG 20/20W User’s Guide6593 Enter the password given to you by the CA.Figure 391 Personal Certificate Import Wizard 34 Have

Chapter 4 Installation Setup WizardZyWALL USG 20/20W User’s Guide66Use the Registration > Service screen to update your service subscription status

Chapter 43 SystemZyWALL USG 20/20W User’s Guide6605 Click Finish to complete the wizard and begin the import process.Figure 393 Personal Certificate

Chapter 43 SystemZyWALL USG 20/20W User’s Guide6612 When Authenticate Client Certificates is selected on the ZyWALL, the following screen asks you to

Chapter 43 SystemZyWALL USG 20/20W User’s Guide662SSH is a secure communication protocol that combines authentication and data encryption to provide s

Chapter 43 SystemZyWALL USG 20/20W User’s Guide6632 Encryption MethodOnce the identification is verified, both the client and server must agree on th

Chapter 43 SystemZyWALL USG 20/20W User’s Guide664Note: It is recommended that you disable Telnet and FTP when you configure SSH for secure connection

Chapter 43 SystemZyWALL USG 20/20W User’s Guide66543.8.5 Secure Telnet Using SSH ExamplesThis section shows two examples using a command interface a

Chapter 43 SystemZyWALL USG 20/20W User’s Guide666Enter the password to log in to the ZyWALL. The CLI screen displays next. 43.8.5.2 Example 2: Linux

Chapter 43 SystemZyWALL USG 20/20W User’s Guide66743.9.1 Configuring TelnetClick Configuration > System > TELNET to configure your ZyWALL for

Chapter 43 SystemZyWALL USG 20/20W User’s Guide66843.10 FTP You can upload and download the ZyWALL’s firmware and configuration files using FTP. To u

Chapter 43 SystemZyWALL USG 20/20W User’s Guide669be used to access the ZyWALL. You can also specify from which IP addresses the access can come.Figu

Chapter 4 Installation Setup WizardZyWALL USG 20/20W User’s Guide67• Trial Service Activation: You can try a trial service subscription. The trial pe

Chapter 43 SystemZyWALL USG 20/20W User’s Guide67043.11 SNMP Simple Network Management Protocol is a protocol used for exchanging management informat

Chapter 43 SystemZyWALL USG 20/20W User’s Guide671and version two (SNMPv2c). The next figure illustrates an SNMP management operation. Figure 406

Chapter 43 SystemZyWALL USG 20/20W User’s Guide672• GetNext - Allows the manager to retrieve the next object variable from a table or list within an a

Chapter 43 SystemZyWALL USG 20/20W User’s Guide673settings, including from which zones SNMP can be used to access the ZyWALL. You can also specify fr

Chapter 43 SystemZyWALL USG 20/20W User’s Guide67443.12 Vantage CNM Vantage CNM (Centralized Network Management) is a browser-based global management

Chapter 43 SystemZyWALL USG 20/20W User’s Guide67543.12.1 Configuring Vantage CNM Vantage CNM is disabled on the device by default. Click Configurat

Chapter 43 SystemZyWALL USG 20/20W User’s Guide676Tran sfer ProtocolSelect whether the Vantage CNM sessions should use regular HTTP connections or sec

Chapter 43 SystemZyWALL USG 20/20W User’s Guide67743.13 Language Screen Click Configuration > System > Language to open the following screen.

Chapter 43 SystemZyWALL USG 20/20W User’s Guide678

ZyWALL USG 20/20W User’s Guide679CHAPTER 44 Log and Report44.1 OverviewUse these screens to configure daily reporting and log settings. 44.1.1 What

Chapter 4 Installation Setup WizardZyWALL USG 20/20W User’s Guide68

Chapter 44 Log and ReportZyWALL USG 20/20W User’s Guide680Click Configuration > Log & Report > Email Daily Report to display the following s

Chapter 44 Log and ReportZyWALL USG 20/20W User’s Guide681The following table describes the labels in this screen. 44.3 Log Setting Screens The Log

Chapter 44 Log and ReportZyWALL USG 20/20W User’s Guide682The Log Setting tab also controls what information is saved in each log. For the system log,

Chapter 44 Log and ReportZyWALL USG 20/20W User’s Guide68344.3.2 Edit System Log Settings The Log Settings Edit screen controls the detailed setting

Chapter 44 Log and ReportZyWALL USG 20/20W User’s Guide684Figure 412 Configuration > Log & Report > Log Setting > Edit (System Log)

Chapter 44 Log and ReportZyWALL USG 20/20W User’s Guide685The following table describes the labels in this screen. Table 212 Configuration > Log

Chapter 44 Log and ReportZyWALL USG 20/20W User’s Guide686E-mail Server 1 Use the E-Mail Server 1 drop-down list to change the settings for e-mailing

Chapter 44 Log and ReportZyWALL USG 20/20W User’s Guide687Active Select this to activate log consolidation. Log consolidation aggregates multiple log

Chapter 44 Log and ReportZyWALL USG 20/20W User’s Guide68844.3.3 Edit Remote Server Log Settings The Log Settings Edit screen controls the detailed s

Chapter 44 Log and ReportZyWALL USG 20/20W User’s Guide689The following table describes the labels in this screen. Table 213 Configuration > Lo

ZyWALL USG 20/20W User’s Guide69CHAPTER 5 Quick Setup5.1 Quick Setup OverviewThe Web Configurator's quick setup wizards help you configure Inte

Chapter 44 Log and ReportZyWALL USG 20/20W User’s Guide69044.3.4 Active Log Summary ScreenThe Active Log Summary screen allows you to view and to edi

Chapter 44 Log and ReportZyWALL USG 20/20W User’s Guide691The following table describes the fields in this screen. Table 214 Configuration > Lo

Chapter 44 Log and ReportZyWALL USG 20/20W User’s Guide692System log Select which events you want to log by Log Category. There are three choices:disa

ZyWALL USG 20/20W User’s Guide693CHAPTER 45 File Manager45.1 OverviewConfiguration files define the ZyWALL’s settings. Shell scripts are files of co

Chapter 45 File ManagerZyWALL USG 20/20W User’s Guide694 These files have the same syntax, which is also identical to the way you run CLI commands man

Chapter 45 File ManagerZyWALL USG 20/20W User’s Guide695Your configuration files or shell scripts can use “exit” or a command line consisting of a si

Chapter 45 File ManagerZyWALL USG 20/20W User’s Guide69645.2 The Configuration File ScreenClick Maintenance > File Manager > Configuration File

Chapter 45 File ManagerZyWALL USG 20/20W User’s Guide697The following table describes the labels in this screen. Table 216 Maintenance > File M

Chapter 45 File ManagerZyWALL USG 20/20W User’s Guide698Copy Use this button to save a duplicate of a configuration file on the ZyWALL. Click a config

Chapter 45 File ManagerZyWALL USG 20/20W User’s Guide699Apply Use this button to have the ZyWALL use a specific configuration file.Click a configurat

Document ConventionsZyWALL USG 20/20W User’s Guide7Icons Used in FiguresFigures in this User’s Guide may use the following generic icons. The ZyWALL

Chapter 5 Quick SetupZyWALL USG 20/20W User’s Guide705.2 WAN Interface Quick SetupClick WAN Interface in the main Quick Setup screen to open the WAN

Chapter 45 File ManagerZyWALL USG 20/20W User’s Guide70045.3 The Firmware Package Screen Click Maintenance > File Manager > Firmware Package to

Chapter 45 File ManagerZyWALL USG 20/20W User’s Guide701Note: The Web Configurator is the recommended method for uploading firmware. You only need to

Chapter 45 File ManagerZyWALL USG 20/20W User’s Guide702Note: The ZyWALL automatically reboots after a successful upload.The ZyWALL automatically rest

Chapter 45 File ManagerZyWALL USG 20/20W User’s Guide703Each field is described in the following table. Table 218 Maintenance > File Manager &g

Chapter 45 File ManagerZyWALL USG 20/20W User’s Guide704Apply Use this button to have the ZyWALL use a specific shell script file.Click a shell script

ZyWALL USG 20/20W User’s Guide705CHAPTER 46 Diagnostics46.1 OverviewUse the diagnostics screens for troubleshooting.46.1.1 What You Can Do in thi

Chapter 46 DiagnosticsZyWALL USG 20/20W User’s Guide706Click Maintenance > Diagnostics to open the Diagnostic screen. Figure 427 Maintenance >

Chapter 46 DiagnosticsZyWALL USG 20/20W User’s Guide707The following table describes the labels in this screen. 46.3 The Packet Capture ScreenUse t

Chapter 46 DiagnosticsZyWALL USG 20/20W User’s Guide708Note: New capture files overwrite existing files of the same name. Change the File Suffix field

Chapter 46 DiagnosticsZyWALL USG 20/20W User’s Guide709Continuously capture and overwrite old onesSelect this to have the ZyWALL keep capturing traff

Chapter 5 Quick SetupZyWALL USG 20/20W User’s Guide71Otherwise, choose PPPoE or PPTP for a dial-up connection according to the information from your

Chapter 46 DiagnosticsZyWALL USG 20/20W User’s Guide71046.3.1 The Packet Capture Files ScreenClick Maintenance > Diagnostics > Packet Capture &

Chapter 46 DiagnosticsZyWALL USG 20/20W User’s Guide711The following table describes the labels in this screen. 46.3.2 Example of Viewing a Packet C

Chapter 46 DiagnosticsZyWALL USG 20/20W User’s Guide712Figure 431 Packet Capture File Example 46.4 Core Dump ScreenUse the Core Dump screen to hav

Chapter 46 DiagnosticsZyWALL USG 20/20W User’s Guide713The following table describes the labels in this screen. 46.4.1 Core Dump Files ScreenClick

Chapter 46 DiagnosticsZyWALL USG 20/20W User’s Guide71446.5 The System Log ScreenClick Maintenance > Diagnostics > System Log to open the syste

ZyWALL USG 20/20W User’s Guide715CHAPTER 47 Packet Flow Explore47.1 OverviewUse this to get a clear picture on how the ZyWALL determines where to fo

Chapter 47 Packet Flow ExploreZyWALL USG 20/20W User’s Guide716Note: Once a packet matches the criteria of a routing rule, the ZyWALL takes the corres

Chapter 47 Packet Flow ExploreZyWALL USG 20/20W User’s Guide717Figure 439 Maintenance > Packet Flow Explore > Routing Status (Dynamic VPN)Fig

Chapter 47 Packet Flow ExploreZyWALL USG 20/20W User’s Guide718The following table describes the labels in this screen. Table 226 Maintenance >

Chapter 47 Packet Flow ExploreZyWALL USG 20/20W User’s Guide71947.3 The SNAT Status ScreenThe SNAT Status screen allows you to view and quickly link

Chapter 5 Quick SetupZyWALL USG 20/20W User’s Guide72• IP Address Assignment: Select Auto If your ISP did not assign you a fixed IP address. Select St

Chapter 47 Packet Flow ExploreZyWALL USG 20/20W User’s Guide720• use policy routes to control 1-1 NAT by using the policy control-virtual-server-rules

Chapter 47 Packet Flow ExploreZyWALL USG 20/20W User’s Guide721The following table describes the labels in this screen.Table 227 Maintenance > P

Chapter 47 Packet Flow ExploreZyWALL USG 20/20W User’s Guide722

ZyWALL USG 20/20W User’s Guide723CHAPTER 48 Reboot48.1 OverviewUse this to restart the device (for example, if the device begins behaving erraticall

Chapter 48 RebootZyWALL USG 20/20W User’s Guide724

ZyWALL USG 20/20W User’s Guide725CHAPTER 49 Shutdown49.1 OverviewUse this to shutdown the device in preparation for disconnecting the power. See als

Chapter 49 ShutdownZyWALL USG 20/20W User’s Guide726

ZyWALL USG 20/20W User’s Guide727CHAPTER 50 TroubleshootingThis chapter offers some suggestions to solve problems you might encounter. • You can also

Chapter 50 TroubleshootingZyWALL USG 20/20W User’s Guide728• If you’ve forgotten the ZyWALL’s IP address, you can use the commands through the console

Chapter 50 TroubleshootingZyWALL USG 20/20W User’s Guide729The ZyWALL checks the firewall rules in the order that they are listed. So make sure that

Chapter 5 Quick SetupZyWALL USG 20/20W User’s Guide73Authentication TypeUse the drop-down list box to select an authentication protocol for outgoing

Chapter 50 TroubleshootingZyWALL USG 20/20W User’s Guide730The actual cellular data rate you obtain varies depending on the cellular device you use, t

Chapter 50 TroubleshootingZyWALL USG 20/20W User’s Guide731At the time of writing, the ZyWALL does not support ingress bandwidth management. I upload

Chapter 50 TroubleshootingZyWALL USG 20/20W User’s Guide732• Make sure you recorded your DDNS account’s user name, password, and domain name and have

Chapter 50 TroubleshootingZyWALL USG 20/20W User’s Guide733Here are some general suggestions. See also Chapter 23 on page 391.• The system log can of

Chapter 50 TroubleshootingZyWALL USG 20/20W User’s Guide734• If you set up a VPN tunnel across the Internet, make sure your ISP supports AH or ESP (wh

Chapter 50 TroubleshootingZyWALL USG 20/20W User’s Guide735The ZyWALL automatically updates address objects based on an interface’s IP address, subne

Chapter 50 TroubleshootingZyWALL USG 20/20W User’s Guide736I cannot get a certificate to import into the ZyWALL.1 For My Certificates, you can import

Chapter 50 TroubleshootingZyWALL USG 20/20W User’s Guide737I uploaded a logo to use as the screen or window background but it does not display proper

Chapter 50 TroubleshootingZyWALL USG 20/20W User’s Guide738See the CLI Reference Guide for how to determine if you need to recover the firmware and ho

Chapter 50 TroubleshootingZyWALL USG 20/20W User’s Guide7392 Press the RESET button and hold it until the SYS LED begins to blink. (This usually take

Chapter 5 Quick SetupZyWALL USG 20/20W User’s Guide745.2.5 Quick Setup Interface Wizard: SummaryThis screen displays the WAN interface’s settings.Fig

Chapter 50 TroubleshootingZyWALL USG 20/20W User’s Guide740

ZyWALL USG 20/20W User’s Guide741CHAPTER 51 Product SpecificationsThe following specifications are subject to change without notice. See Chapter 2 on

Chapter 51 Product SpecificationsZyWALL USG 20/20W User’s Guide742This table gives details about the ZyWALL’s features. Table 230 ZyW

Chapter 51 Product SpecificationsZyWALL USG 20/20W User’s Guide743Service Groups 50Maximum service object in one group 64Schedule Objects 16ISP Accou

Chapter 51 Product SpecificationsZyWALL USG 20/20W User’s Guide744The following table, which is not exhaustive, lists standards referenced by ZyWALL f

Chapter 51 Product SpecificationsZyWALL USG 20/20W User’s Guide74551.1 Power Adaptor Specifications Built-in service, DNS server RFCs 1034, 1035

Chapter 51 Product SpecificationsZyWALL USG 20/20W User’s Guide746Table 233 European Plug StandardsAC POWER ADAPTOR MODEL PSA18R-120P (ZE)-RINPUT P

ZyWALL USG 20/20W User’s Guide747APPENDIX A Log DescriptionsThis appendix provides descriptions of example log messages for the ZLD-based ZyWALLs. Th

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide748 Table 240 Blocked Web Site LogsLOG MESSAGE DESCRIPTION%s :%s The rating server responde

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide749%s: Proxy mode is detectedThe system detected a proxy connection and blocked access accor

Chapter 5 Quick SetupZyWALL USG 20/20W User’s Guide755.3 VPN Quick SetupClick VPN Setup in the main Quick Setup screen to open the VPN Setup Wizard

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide750Black List checking has been activated.The anti-spam black list has been turned on.Black L

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide751Table 242 SSL VPN LogsLOG MESSAGE DESCRIPTION%s %s from %s has logged in SSLVPNA user h

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide752The %s address-object is wrong type for 'network' in SSL Policy %s.The listed ad

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide753%s %s from %s has been logged out SSLVPN (re-auth timeout)The specified user was signed o

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide754The ZySH logs deal with internal system errors. Table 243 ZySH LogsLOG MESSAGE DESCRIPTI

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide755Can't remove %s 1st:zysh list nameTable OPS%s: cannot retrieve entries from table!1s

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide756Table 244 ADP LogsLOG MESSAGE DESCRIPTIONfrom <zone> to <zone> [type=<typ

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide757Table 245 User LogsLOG MESSAGE DESCRIPTION%s %s from %s has logged in ZyWALLA user logg

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide758 Failed login attempt to ZyWALL from %s (login on a lockout address)A login attempt came f

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide759Registration has failed. Because of lack must fields.The device received an incomplete re

Chapter 5 Quick SetupZyWALL USG 20/20W User’s Guide765.4 VPN Setup Wizard: Wizard TypeA VPN (Virtual Private Network) tunnel is a secure connection t

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide760Do device register. The device started device registration.Do trial service activation.The

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide761Build query message failed.Some information was missing in the packets that the device se

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide762 Content-Filter service has expired.The content filtering service period has expired. The

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide763[DPD] No response from peer. Using existing Phase-1 SA in %u seconds. Trying with Phase-1

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide764[SA] : Tunnel [%s] Phase 1 key group mismatch%s is the tunnel name. When negotiating Phase

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide765IKE Packet Retransmit When retransmitting the IKE packets.Phase 1 IKE SA process doneWhen

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide766 XAUTH succeed! My name: %s%s is the my xauth name. This indicates that my name is valid.X

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide767 Outbound transform operation failAfter encryption or hardware accelerated processing, th

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide768 Firewall %s %s rule %d has been moved to %d.1st %s is from zone, 2nd %s is to zone, 1st

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide769The policy route %d uses empty source address group!Use an empty object group.%d: the pol

Chapter 5 Quick SetupZyWALL USG 20/20W User’s Guide775.5 VPN Express Wizard - Scenario Click the Express radio button as shown in Figure 39 on page

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide770 Table 252 Built-in Services LogsLOG MESSAGE DESCRIPTIONUser on %u.%u.%u.%u has been den

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide771SNMP port has been changed to port %s.An administrator changed the port number for SNMP.%

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide772DNS access control rule %u has been moved to %d.An administrator moved the rule %u to inde

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide773 Access control rule %u of %s was modified.An access control rule was modified successful

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide774DHCP Server executed with cautious mode disabledDHCP Server executed with cautious mode di

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide775Device is rebooted by administrator!An administrator restarted the device.Insufficient me

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide776Update the profile %s has failed because the feature requested is only available to donato

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide777 DDNS profile %s has been renamed as %s.Rename DDNS profile, 1st %s is the original profi

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide778The connectivity-check is activate for %s interfaceThe link status of interface is still a

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide779 Can't get MAC address of %s interface!The connectivity check process can't get

Chapter 5 Quick SetupZyWALL USG 20/20W User’s Guide785.5.1 VPN Express Wizard - Configuration Figure 41 VPN Express Wizard: Step 3 • Secure Gateway

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide780RIP redistribute static routes has been enabled.RIP redistribute static routes has been en

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide781 Invalid OSPF %s authentication of area %s.OSPF md5 or text authentication has been set w

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide782 %s SIP ALG has succeeded.The SIP ALG has been turned on or off. %s: Enable or DisableExtr

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide783Prepare to import "%s" into "My Certificate"%s is the name of a certi

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide784 Export X509 certificate "%s" from "My Certificate" failedThe device w

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide785 15 CRL is too old.16 CRL is not valid.17 CRL signature was not verified correctly.18 CRL

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide786(%s MTU - 8) < %s MTU, %s may not work correctly.An administrator configured ethernet,

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide787Interface %s is disconnected.A PPP interface disconnected successfully. %s: interface nam

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide788"SIM card of interface cellular%d in %s is damaged or not inserted. Please remove the

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide789Interface cellular%d required authentication password.Please set password in cellular%d e

Chapter 5 Quick SetupZyWALL USG 20/20W User’s Guide795.5.2 VPN Express Wizard - Summary This screen provides a read-only summary of the VPN tunnel’s

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide790Duplicated interface name.A duplicate name was not permitted for an interface.This Interfa

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide791name=%s,status=%s,TxPkts=%u,RxPkts=%u,Colli.=%u,TxB/s=%u,RxB/s=%u,UpTime=%sThis log is se

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide792 Station association has failed. Maximum associations have reached the maximum number. Int

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide793 Table 261 Port Grouping LogsLOG MESSAGE DESCRIPTIONInterface %s links up because

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide794 ERROR:#%s, %s Run script failed, this log will be what wrong CLI command is and what erro

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide795 Table 265 E-mail Daily Report LogsLOG MESSAGE DESCRIPTIONEmail Daily Report has been

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide796Table 267 Auth. Policy LogsLOG MESSAGE DESCRIPTIONAuth. Policy featuer is disabled.The a

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide797Windows version check fail in %sA user’s computer did not match the Windows version check

Appendix A Log DescriptionsZyWALL USG 20/20W User’s Guide798

ZyWALL USG 20/20W User’s Guide799APPENDIX B Common ServicesThe following table lists some commonly-used services and their associated protocols and p

Safety WarningsZyWALL USG 20/20W User’s Guide8Safety Warnings• Do NOT use this product near water, for example, in a wet basement or near a swimming p

Chapter 5 Quick SetupZyWALL USG 20/20W User’s Guide805.5.3 VPN Express Wizard - Finish Now you can use the VPN tunnel.Figure 43 VPN Express Wizard:

Appendix B Common ServicesZyWALL USG 20/20W User’s Guide800ESP (IPSEC_TUNNEL)User-Defined 50 The IPSEC ESP (Encapsulation Security Protocol) tunneling

Appendix B Common ServicesZyWALL USG 20/20W User’s Guide801PPTP TCP 1723 Point-to-Point Tunneling Protocol enables secure transfer of data over publi

Appendix B Common ServicesZyWALL USG 20/20W User’s Guide802TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to

ZyWALL USG 20/20W User’s Guide803APPENDIX C Wireless LANsWireless LAN TopologiesThis section discusses ad-hoc and infrastructure wireless LAN topolog

Appendix C Wireless LANsZyWALL USG 20/20W User’s Guide804with each other. When Intra-BSS is disabled, wireless client A and B can still access the wir

Appendix C Wireless LANsZyWALL USG 20/20W User’s Guide805An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their asso

Appendix C Wireless LANsZyWALL USG 20/20W User’s Guide806wireless gateway, but out-of-range of each other, so they cannot "hear" each other,

Appendix C Wireless LANsZyWALL USG 20/20W User’s Guide807Note: Enabling the RTS Threshold causes redundant network overhead that could negatively aff

Appendix C Wireless LANsZyWALL USG 20/20W User’s Guide808(and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has several intermediat

Appendix C Wireless LANsZyWALL USG 20/20W User’s Guide809accounting and control features. It is supported by Windows XP and a number of network devic

Chapter 5 Quick SetupZyWALL USG 20/20W User’s Guide815.5.4 VPN Advanced Wizard - Scenario Click the Advanced radio button as shown in Figure 39 on p

Appendix C Wireless LANsZyWALL USG 20/20W User’s Guide810The following types of RADIUS messages are exchanged between the access point and the RADIUS

Appendix C Wireless LANsZyWALL USG 20/20W User’s Guide811authentication method does not support data encryption with dynamic session key. You must co

Appendix C Wireless LANsZyWALL USG 20/20W User’s Guide812Note: EAP-MD5 cannot be used with Dynamic WEP Key ExchangeFor added security, certificate-bas

Appendix C Wireless LANsZyWALL USG 20/20W User’s Guide813use Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Messag

Appendix C Wireless LANsZyWALL USG 20/20W User’s Guide814authentication. These two features are optional and may not be supported in all wireless devi

Appendix C Wireless LANsZyWALL USG 20/20W User’s Guide8154 The RADIUS server distributes the PMK to the AP. The AP then sets up a key hierarchy and m

Appendix C Wireless LANsZyWALL USG 20/20W User’s Guide8164 The AP and wireless clients use the TKIP or AES encryption process, the PMK and information

Appendix C Wireless LANsZyWALL USG 20/20W User’s Guide817Antenna OverviewAn antenna couples RF signals onto air. A transmitter within a wireless devi

Appendix C Wireless LANsZyWALL USG 20/20W User’s Guide818• Omni-directional antennas send the RF signal out in all directions on a horizontal plane. T

ZyWALL USG 20/20W User’s Guide819APPENDIX D Importing CertificatesThis appendix shows you how to import public key certificates into your web browser

Chapter 5 Quick SetupZyWALL USG 20/20W User’s Guide82• Remote Access (Client Role) - Choose this to connect to an IPSec server. This ZyWALL is the cli

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8201 If your device’s Web Configurator is set to use SSL certification, then the first

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8214 In the Certificate dialog box, click Install Certificate.Figure 458 Internet Ex

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8226 If you want Internet Explorer to Automatically select certificate store based on t

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8238 In the Select Certificate Store dialog box, choose a location in which to save th

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide82410 If you are presented with another Security Warning, click Yes.Figure 464 Intern

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide825Installing a Stand-Alone Certificate File in Internet ExplorerRather than browsing

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8261 Open Internet Explorer and click Tools > Internet Options.Figure 469 Internet

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8273 In the Certificates dialog box, click the Trusted Root Certificates Authorities t

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8286 The next time you go to the web site that issued the public key certificate you ju

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8293 The certificate is stored and you can now connect securely to the Web Configurato

Chapter 5 Quick SetupZyWALL USG 20/20W User’s Guide83that uses a 168-bit key. As a result, 3DES is more secure than DES. It also requires more proces

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8301 Open Firefox and click Tools > Options.Figure 476 Firefox 2: Tools Menu2 In t

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8313 In the Certificate Manager dialog box, click Web Sites > Import.Figure 478

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide832Removing a Certificate in FirefoxThis section shows you how to remove a public key c

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8333 In the Certificate Manager dialog box, select the Web Sites tab, select the certi

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8341 If your device’s Web Configurator is set to use SSL certification, then the first

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide835Installing a Stand-Alone Certificate File in OperaRather than browsing to a ZyXEL W

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8362 In Preferences, click Advanced > Security > Manage certificates.Figure 487

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8373 In the Certificates Manager, click Authorities > Import.Figure 488 Opera 9:

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8385 In the Install authority certificate dialog box, click Install.Figure 490 Opera

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8391 Open Opera and click Tools > Preferences.Figure 492 Opera 9: Tools Menu2 In

Chapter 5 Quick SetupZyWALL USG 20/20W User’s Guide84• Active Protocol: ESP is compatible with NAT, AH is not.• Encapsulation: Tunnel is compatible wi

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8403 In the Certificates manager, select the Authorities tab, select the certificate th

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8412 Click Continue.Figure 495 Konqueror 3.5: Server Authentication3 Click Forever w

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide842Installing a Stand-Alone Certificate File in KonquerorRather than browsing to a ZyXE

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8433 The next time you visit the web site, click the padlock in the address bar to ope

Appendix D Importing CertificatesZyWALL USG 20/20W User’s Guide8444 The next time you go to the web site that issued the public key certificate you ju

ZyWALL USG 20/20W User’s Guide845APPENDIX E Open Software AnnouncementsEnd-User License Agreement for “ZyWALL USG 20” WARNING: ZyXEL Communications

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide846therein shall remain at all times with ZyXEL. Any other use of the Software by

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide847You acknowledge that the Software contains proprietary trade secrets of ZyXEL

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide848THIS LICENSE AGREEMENT IS EXPRESSLY MADE SUBJECT TO ANY APPLICABLE LAWS, REGULA

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide849NOTE: Some components of this product incorporate source code covered under th

Chapter 5 Quick SetupZyWALL USG 20/20W User’s Guide855.5.7 VPN Advanced Wizard - Summary This is a read-only summary of the VPN tunnel settings.Figu

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide850The above copyright notice and this permission notice shall be included in all

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide851---------------/* ================================================== * Copyrig

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide852 * * 5. Products derived from this software may not be called "OpenSSL&quo

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide853 * * This product includes cryptographic software written by Eric Young * (eay

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide854 * as the author of the parts of the library used. * This can be in the form of

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide855 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide856This is the BSD license without the obnoxious advertising clause. It's als

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide857OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.This Prod

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide858work of authorship. For the purposes of this License, Derivative Works shall no

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide859(b) You must cause any modified files to carry prominent notices stating that

Chapter 5 Quick SetupZyWALL USG 20/20W User’s Guide865.5.8 VPN Advanced Wizard - Finish Now you can use the VPN tunnel.Figure 48 VPN Wizard: Step 6

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide8608. Limitation of Liability. In no event and under no legal theory, whether in t

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide861THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WAR

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide862Public License is the better strategy to use in any particular case, based on t

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide863derivative of the original library. The ordinary General Public License theref

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide864software library or work which has been distributed under these terms. A "

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide865part of a whole which is a work based on the Library, the distribution of the

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide866significant if the work can be linked without the Library, or if the work is it

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide867include anything that is normally distributed (in either source or binary form

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide868License. If you cannot distribute so as to satisfy simultaneously your obligati

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide869NO WARRANTY15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WAR

ZyWALL USG 20/20W User’s Guide87CHAPTER 6 Configuration BasicsThis information is provided to help you configure the ZyWALL effectively. Some of it i

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide870commit to using it. (Some other Free Software Foundation software is covered by

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide871copying, distribution and modification are not covered by this License; they a

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide872Program) on a volume of a storage or distribution medium does not bring the oth

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide873all its terms and conditions for copying, distributing or modifying the Progra

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide874Program does not specify a version number of this License, you may choose any v

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide875The Regents of the University of California. All rights reserved. Redistributi

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide876NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE F

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide877Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, California, USA. A

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide878disclaimer and license as libpng-0.96, with the following individuals added to

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide8792. Altered versions must be plainly marked as such and must not be misrepresen

Chapter 6 Configuration BasicsZyWALL USG 20/20W User’s Guide88change an Ethernet interface’s IP address, the ZyWALL automatically updates the rules or

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide880This Product includes pcmcia-cs software under the MPL LicenseMozilla Public Li

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide8811.8.1. "Licensable" means having the right to grant, to the maximum

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide8822.1. The Initial Developer Grant.The Initial Developer hereby grants You a worl

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide883The Modifications which You create or to which You contribute are governed by

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide884(b) Contributor APIsIf Contributor's Modifications include an application

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide885alone, not by the Initial Developer or any Contributor. You hereby agree to in

Appendix E Open Software AnnouncementsZyWALL USG 20/20W User’s Guide886"MOZILLAPL", "MOZPL", "Netscape", "MPL"