ZyXEL Communications ZyXEL ZyWALL USG-1000 User manual

www.zyxel.com

ZyWALL USG 2000

Unified Security Gateway

ZyXEL Communications Corporation

Firmware Version 2.12

Edition 1, 6/2009

Default Login Details

LAN Port P1

IP Address https://192.168.1.1

User Name admin

Password 1234

About This User's Guide

ZyWALL USG 2000 User’s Guide

3

About This User's Guide

Intended Audience

This manual is intended for people who want to want to configure the ZyWALL

using the web configurator.

How To Use This Guide

•Read Chapter 1 on page 31 chapter for an overview of features available on the

ZyWALL.

•Read Chapter 3 on page 47 for web browser requirements and an introduction

to the main components, icons and menus in the ZyWALL web configurator.

•Read Chapter 4 on page 59 if you’re using the wizards for first time setup and

you want more detailed information than what the real time online help

provides.

• It is highly recommended you read Chapter 5 on page 85 for detailed

information on essential terms used in the ZyWALL, what prerequisites are

needed to configure a feature and how to use that feature.

• It is highly recommended you read Chapter 6 on page 103 for ZyWALL

application examples.

• Subsequent chapters are arranged by menu item as defined in the web

configurator. Read each chapter carefully for detailed information on that menu

item.

• To find specific information in this guide, use the Contents Overview, the

Table of Contents, the Index, or search the PDF file. E-mail

techwriters@zyxel.com.tw if you cannot find the information you require.

Related Documentation

•Quick Start Guide

The Quick Start Guide is designed to show you how to make the ZyWALL

hardware connections, rack mounting and access the web configurator wizards.

(See the wizard real time help for information on configuring each screen.) It

contains a connection diagram, default settings, handy checklists and

information on setting up your network and configuring for Internet access.

•CLI Reference Guide

The CLI Reference Guide explains how to use the Command-Line Interface (CLI)

to configure the ZyWALL.

Note: It is recommended you use the web configurator to configure the ZyWALL.

About This User's Guide

ZyWALL USG 2000 User’s Guide

4

• Web Configurator Online Help

Click the help icon in any screen for help in configuring that screen and

supplementary information.

• Support Disc

Refer to the included CD for support documents.

• ZyXEL Web Site

Please refer to www.zyxel.com

for additional support documentation and

product certifications.

User Guide Feedback

Help us help you. Send all User Guide-related comments, questions or suggestions

for improvement to the following address, or use e-mail instead. Thank you!

The Technical Writing Team,

ZyXEL Communications Corp.,

6 Innovation Road II,

Science-Based Industrial Park,

Hsinchu, 300, Taiwan.

E-mail: [email protected]om.tw

Need More Help?

More help is available at www.zyxel.com.

• Download Library

Search for the latest product updates and documentation from this link. Read

the Tech Doc Overview to find out how to efficiently use the User Guide, Quick

Start Guide and Command Line Interface Reference Guide in order to better

understand how to use your product.

• Knowledge Base

If you have a specific question about your product, the answer may be here.

This is a collection of answers to previously asked questions about ZyXEL

products.

About This User's Guide

ZyWALL USG 2000 User’s Guide

5

•Forum

This contains discussions on ZyXEL products. Learn from others who use ZyXEL

products and share your experiences as well.

Customer Support

Should problems arise that cannot be solved by the methods listed above, you

should contact your vendor. If you cannot contact your vendor, then contact a

ZyXEL office for the region in which you bought the device.

See http://www.zyxel.com/web/contact_us.php for contact information. Please

have the following information ready when you contact an office.

• Product model and serial number.

•Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

Disclaimer

Graphics in this book may differ slightly from the product due to differences in

operating systems, operating system versions, or if you installed updated

firmware/software for your device. Every effort has been made to ensure that the

information in this manual is accurate.

Document Conventions

ZyWALL USG 2000 User’s Guide

6

Document Conventions

Warnings and Notes

These are how warnings and notes are shown in this User’s Guide.

Warnings tell you about things that could harm you or your

device.

Note: Notes tell you other important information (for example, other things you may

need to configure or helpful tips) or recommendations.

Syntax Conventions

• The ZyWALL may be referred to as the “ZyWALL”, the “device”, the “system” or

the “product” in this User’s Guide.

• Product labels, screen names, field labels and field choices are all in bold font.

• A key stroke is denoted by square brackets and uppercase text, for example,

[ENTER] means the “enter” or “return” key on your keyboard.

• “Enter” means for you to type one or more characters and then press the

[ENTER] key. “Select” or “choose” means for you to use one of the predefined

choices.

• A right angle bracket ( > ) within a screen name denotes a mouse click. For

example, Maintenance > Log > Log Setting means you first click

Maintenance in the navigation panel, then the Log sub menu and finally the

Log Setting tab to get to that screen.

• Units of measurement may denote the “metric” value or the “scientific” value.

For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may

denote “1000000” or “1048576” and so on.

• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other

words”.

Document Conventions

ZyWALL USG 2000 User’s Guide

7

Icons Used in Figures

Figures in this User’s Guide may use the following generic icons. The ZyWALL icon

is not an exact representation of your device.

ZyWALL Computer Notebook computer

Server Firewall Telephone

Switch Router

Safety Warnings

ZyWALL USG 2000 User’s Guide

8

Safety Warnings

• Do NOT use this product near water, for example, in a wet basement or near a swimming

pool.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT store things on the device.

• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk

of electric shock from lightning.

• Connect ONLY suitable accessories to the device.

• Do NOT open the device or unit. Opening or removing covers can expose you to

dangerous high voltage points or other risks. ONLY qualified service personnel should

service or disassemble this device. Please contact your vendor for further information.

• Make sure to connect the cables to the correct ports.

• Place connecting cables carefully so that no one will step on them or stumble over them.

• Always disconnect all cables from this device before servicing or disassembling.

• Caution: This unit has more than one power supply cord. Disconnect two power supply

cords before servicing to avoid electric shock. (has multiple power cords, e.g., chassis-

based Ethernet switch. Make sure you specify the correct number of power cords in both

the English and the French that follows)

• Attention: Cet appareil comporte plus d'un cordon d'alimentation. Afin de prévenir les

chocs électriques, debrancher les deux cordons d'alimentation avant de faire le

dépannage.

• Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right

supply voltage (for example, 110V AC in North America or 230V AC in Europe).

• Do NOT remove the plug and connect it to a power outlet by itself; always attach the

plug to the power adaptor first before connecting it to a power outlet.

• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the

product where anyone can walk on the power adaptor or cord.

• Do NOT use the device if the power adaptor or cord is damaged as it might cause

electrocution.

• If the power adaptor or cord is damaged, remove it from the device and the power

source.

• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order

a new one.

• Do not use the device outside, and make sure all the connections are indoors. There is a

remote risk of electric shock from lightning.

• CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN

INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.

Dispose them at the applicable collection point for the recycling of electrical and

electronic equipment. For detailed information about recycling of this product, please

contact your local city office, your household waste disposal service or the store where

you purchased the product.

• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your

device.

Your product is marked with this symbol, which is known as the WEEE mark. WEEE

stands for Waste Electronics and Electrical Equipment. It means that used electrical

and electronic products should not be mixed with general waste. Used electrical and

electronic equipment should be treated separately.

Contents Overview

ZyWALL USG 2000 User’s Guide

9

Contents Overview

Getting Started .......................................................................................................................29

Introducing the ZyWALL ............................................................................................................31

Features and Applications ......................................................................................................... 39

Web Configurator ....................................................................................................................... 47

Wizard Setup ............................................................................................................................. 59

Configuration Basics .................................................................................................................. 85

Tutorials ................................................................................................................................... 103

Status ....................................................................................................................................... 137

Registration ............................................................................................................................. 153

Signature Update .....................................................................................................................159

Network .................................................................................................................................167

Interfaces ................................................................................................................................. 169

Trunks ......................................................................................................................................225

Policy and Static Routes .......................................................................................................... 235

Routing Protocols .................................................................................................................... 249

Zones ....................................................................................................................................... 261

DDNS ...................................................................................................................................... 265

Virtual Servers ......................................................................................................................... 273

HTTP Redirect ........................................................................................................................ 289

ALG ......................................................................................................................................... 293

IP/MAC Binding ...................................................................................................................... 301

Firewall ..................................................................................................................................307

Firewall .................................................................................................................................... 309

VPN ........................................................................................................................................327

IPSec VPN ............................................................................................................................... 329

SSL VPN ................................................................................................................................. 371

SSL User Screens ................................................................................................................... 383

SSL User Application Screens ................................................................................................ 393

SSL User File Sharing ............................................................................................................. 395

ZyWALL SecuExtender ...........................................................................................................403

L2TP VPN ................................................................................................................................407

L2TP VPN Example .................................................................................................................413

Contents Overview

ZyWALL USG 2000 User’s Guide

10

Application Patrol ................................................................................................................441

Application Patrol ..................................................................................................................... 443

Anti-X ....................................................................................................................................469

Anti-Virus ................................................................................................................................. 471

IDP .......................................................................................................................................... 487

ADP ........................................................................................................................................ 521

Content Filtering ..................................................................................................................... 541

Content Filter Reports ............................................................................................................. 567

Anti-Spam ................................................................................................................................ 575

Device HA .............................................................................................................................593

Device HA .............................................................................................................................. 595

Objects ..................................................................................................................................613

User/Group .............................................................................................................................. 615

Addresses ............................................................................................................................... 631

Services ................................................................................................................................... 637

Schedules ................................................................................................................................ 643

AAA Server ............................................................................................................................. 649

Authentication Method ............................................................................................................. 661

Certificates ............................................................................................................................... 665

ISP Accounts ........................................................................................................................... 687

SSL Application ....................................................................................................................... 691

System ..................................................................................................................................699

System ...................................................................................................................................701

Maintenance, Troubleshooting, & Specifications .............................................................749

File Manager ........................................................................................................................... 751

Logs ........................................................................................................................................ 763

Reports ...................................................................................................................................777

Diagnostics ............................................................................................................................. 795

Reboot ..................................................................................................................................... 797

Troubleshooting .......................................................................................................................799

Product Specifications .............................................................................................................805

Appendices and Index .........................................................................................................813

Table of Contents

ZyWALL USG 2000 User’s Guide

11

Table of Contents

About This User's Guide..........................................................................................................3

Document Conventions............................................................................................................6

Safety Warnings........................................................................................................................8

Contents Overview ...................................................................................................................9

Table of Contents....................................................................................................................11

Part I: Getting Started............................................................................ 29

Chapter 1

Introducing the ZyWALL ........................................................................................................31

1.1 Overview and Key Default Settings ..................................................................................... 31

1.2 Front Panel .......................................................................................................................... 32

1.2.1 Dual Personality Interfaces ........................................................................................ 32

1.2.2 Front Panel LEDs ....................................................................................................... 35

1.3 Management Overview ........................................................................................................36

1.4 Starting and Stopping the ZyWALL ...................................................................................... 37

Chapter 2

Features and Applications.....................................................................................................39

2.1 Features .............................................................................................................................. 39

2.2 Packet Flow ......................................................................................................................... 41

2.2.1 Interface to Interface (Through ZyWALL) ................................................................... 42

2.2.2 Interface to Interface (To/From ZyWALL) ................................................................... 42

2.2.3 Interface to Interface (From VPN Tunnel) .................................................................. 42

2.2.4 Interface to Interface (To VPN Tunnel) ....................................................................... 42

2.3 Applications ......................................................................................................................... 43

2.3.1 VPN Connectivity ....................................................................................................... 43

2.3.2 SSL VPN Network Access ......................................................................................... 43

2.3.3 User-Aware Access Control ....................................................................................... 45

2.3.4 Multiple WAN Interfaces ............................................................................................. 45

2.3.5 Device HA .................................................................................................................. 46

Chapter 3

Web Configurator....................................................................................................................47

Table of Contents

ZyWALL USG 2000 User’s Guide

12

3.1 Web Configurator Requirements ......................................................................................... 47

3.2 Web Configurator Access ....................................................................................................47

3.3 Web Configurator Main Screen ...........................................................................................49

3.3.1 Title Bar ...................................................................................................................... 50

3.3.2 Navigation Panel ........................................................................................................50

3.3.3 Main Window ..............................................................................................................55

3.3.4 Message Bar ..............................................................................................................55

Chapter 4

Wizard Setup...........................................................................................................................59

4.1 Wizard Setup Overview ....................................................................................................... 59

4.2 Installation Setup, One ISP ................................................................................................. 60

4.2.1 Internet Access: Ethernet Encapsulation ................................................................... 61

4.2.2 Internet Access: PPPoE Encapsulation ..................................................................... 63

4.2.3 Internet Access: PPTP Encapsulation ....................................................................... 65

4.2.4 Internet Access - Finish ............................................................................................. 66

4.3 Device Registration .......................................................................................................... 67

4.4 Installation Setup, Two Internet Service Providers .............................................................. 69

4.4.1 Internet Access Wizard Setup Complete ................................................................... 71

4.5 VPN Setup ........................................................................................................................... 71

4.5.1 VPN Express Wizard .................................................................................................. 72

4.5.2 VPN Advanced Wizard ............................................................................................... 77

4.5.3 VPN Advanced Wizard - Finish ................................................................................. 83

Chapter 5

Configuration Basics..............................................................................................................85

5.1 Object-based Configuration .................................................................................................85

5.2 Zones, Interfaces, and Physical Ports ................................................................................. 86

5.2.1 Interface Types ........................................................................................................... 87

5.2.2 Default Interface and Zone Configuration .................................................................. 88

5.3 Terminology in the ZyWALL .................................................................................................89

5.4 Feature Configuration Overview ......................................................................................... 90

5.4.1 Feature ....................................................................................................................... 90

5.4.2 Interface ..................................................................................................................... 90

5.4.3 Trunks ........................................................................................................................91

5.4.4 IPSec VPN ................................................................................................................. 91

5.4.5 SSL VPN ....................................................................................................................91

5.4.6 L2TP VPN .................................................................................................................. 92

5.4.7 Zones .........................................................................................................................92

5.4.8 Device HA .................................................................................................................. 93

5.4.9 DDNS ......................................................................................................................... 93

5.4.10 Policy Routes ...........................................................................................................93

5.4.11 Static Routes ............................................................................................................94

Table of Contents

ZyWALL USG 2000 User’s Guide

13

5.4.12 Firewall ..................................................................................................................... 94

5.4.13 Application Patrol .....................................................................................................95

5.4.14 Anti-Virus .................................................................................................................. 96

5.4.15 IDP ........................................................................................................................... 96

5.4.16 ADP ..........................................................................................................................96

5.4.17 Content Filter ............................................................................................................ 96

5.4.18 Anti-Spam .................................................................................................................97

5.4.19 Virtual Server (Port Forwarding) .............................................................................. 97

5.4.20 HTTP Redirect ......................................................................................................... 98

5.4.21 ALG .......................................................................................................................... 99

5.5 Objects ................................................................................................................................ 99

5.5.1 User/Group ...............................................................................................................100

5.6 System Management and Maintenance ............................................................................ 100

5.6.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM ..................100

5.6.2 File Manager ............................................................................................................101

5.6.3 Licensing Registration ..............................................................................................101

5.6.4 Licensing Update ..................................................................................................... 102

5.6.5 Logs and Reports ..................................................................................................... 102

5.6.6 Diagnostics ...............................................................................................................102

Chapter 6

Tutorials.................................................................................................................................103

6.1 How to Configure Interfaces, Port Grouping, and Zones ...................................................103

6.1.1 Configure a WAN Ethernet Interface ........................................................................ 104

6.1.2 Configure Zones ....................................................................................................... 105

6.1.3 Configure Port Grouping ..........................................................................................105

6.2 How to Configure a Cellular Interface ................................................................................106

6.3 How to Configure Load Balancing ..................................................................................... 109

6.3.1 Set Up Available Bandwidth on Ethernet Interfaces .................................................110

6.3.2 Configure the WAN Trunk .........................................................................................110

6.4 How to Set Up an IPSec VPN Tunnel .................................................................................111

6.4.1 Set Up the VPN Gateway ..........................................................................................111

6.4.2 Set Up the VPN Connection ......................................................................................112

6.4.3 Set Up the Policy Route for the VPN Tunnel .............................................................113

6.4.4 Configure Security Policies for the VPN Tunnel ........................................................115

6.5 How to Configure User-aware Access Control ...................................................................115

6.5.1 Set Up User Accounts ...............................................................................................115

6.5.2 Set Up User Groups ..................................................................................................116

6.5.3 Set Up User Authentication Using the RADIUS Server ............................................116

6.5.4 Set Up Web Surfing Policies With Bandwidth Restrictions .......................................118

6.5.5 Set Up MSN Policies ................................................................................................ 120

6.5.6 Set Up Firewall Rules ............................................................................................... 121

6.6 How to Configure Service Control ..................................................................................... 122

Table of Contents

ZyWALL USG 2000 User’s Guide

14

6.6.1 Allow HTTPS Administrator Access Only From the LAN ......................................... 122

6.7 How to Allow Incoming H.323 Peer-to-peer Calls ............................................................. 125

6.7.1 Turn On the ALG ......................................................................................................126

6.7.2 Set Up a Virtual Server Policy For H.323 ................................................................. 126

6.7.3 Set Up a Firewall Rule For H.323 ............................................................................ 127

6.8 How to Use Active-Passive Device HA ............................................................................. 128

6.8.1 Before You Start ....................................................................................................... 129

6.8.2 Configure Device HA on the Master ZyWALL .......................................................... 130

6.8.3 Configure the Backup ZyWALL ................................................................................ 131

6.8.4 Deploy the Backup ZyWALL .................................................................................... 132

6.8.5 Check Your Device HA Setup .................................................................................. 133

6.9 How to Allow Public Access to a Server ............................................................................ 133

6.9.1 Create the Address Objects ..................................................................................... 133

6.9.2 Configure a Virtual Server ........................................................................................ 134

Chapter 7

Status.....................................................................................................................................137

7.1 Overview ............................................................................................................................ 137

7.1.1 What You Can Do in the Status Screens .................................................................. 137

7.2 The Status Screen .............................................................................................................138

7.2.1 The CPU Usage Screen ........................................................................................... 144

7.2.2 The Memory Usage Screen ..................................................................................... 145

7.2.3 The Session Usage Screen ..................................................................................... 146

7.2.4 The VPN Status Screen ........................................................................................... 147

7.2.5 The DHCP Table Screen ..........................................................................................148

7.2.6 The Port Statistics Screen ........................................................................................ 149

7.2.7 The Port Statistics Graph Screen ............................................................................. 150

7.2.8 The Current Users Screen ....................................................................................... 151

7.2.9 The SEM Status Detail Screen .................................................................................151

Chapter 8

Registration...........................................................................................................................153

8.1 Overview ............................................................................................................................ 153

8.1.1 What You Can Do in the Registration Screens ........................................................ 153

8.1.2 What you Need to Know About Service Registration ............................................... 153

8.2 The Registration Screen ....................................................................................................155

8.3 The Service Screen ........................................................................................................... 157

Chapter 9

Signature Update ..................................................................................................................159

9.1 Overview ............................................................................................................................ 159

9.1.1 What You Can Do in the Update Screens ................................................................159

9.1.2 What you Need to Know About Signature Updates .................................................159

Table of Contents

ZyWALL USG 2000 User’s Guide

15

9.2 The Antivirus Update Screen .............................................................................................160

9.3 The IDP/AppPatrol Update Screen .................................................................................... 161

9.4 The System Protect Update Screen ................................................................................. 163

Part II: Network..................................................................................... 167

Chapter 10

Interfaces...............................................................................................................................169

10.1 Interface Overview ........................................................................................................... 169

10.1.1 What You Can Do in the Interface Screens ............................................................169

10.1.2 What You Need to Know About Interfaces ............................................................. 170

10.2 Interface Status Screen ...................................................................................................173

10.3 Port Grouping ................................................................................................................. 176

10.3.1 Port Grouping Overview ......................................................................................... 176

10.3.2 Port Grouping Screen ............................................................................................176

10.4 Ethernet Summary Screen .............................................................................................. 177

10.4.1 Ethernet Edit .........................................................................................................179

10.5 The Static DHCP Screen .................................................................................................185

10.6 PPP Interfaces ................................................................................................................ 186

10.6.1 PPP Interface Summary .........................................................................................187

10.6.2 PPP Interface Edit .................................................................................................188

10.7 Cellular Configuration Screen (3G) ................................................................................. 192

10.7.1 Cellular Add/Edit Screen ........................................................................................ 195

10.8 Cellular Status Screen .....................................................................................................199

10.9 VLAN Interfaces ............................................................................................................. 201

10.9.1 VLAN Summary Screen ......................................................................................... 203

10.9.2 VLAN Add/Edit ...................................................................................................... 204

10.10 Bridge Interfaces .......................................................................................................... 209

10.10.1 Bridge Summary ...................................................................................................211

10.10.2 Bridge Add/Edit ...................................................................................................212

10.11 Auxiliary Interface ......................................................................................................... 216

10.11.1 Auxiliary Interface Overview ................................................................................. 216

10.11.2 Auxiliary ................................................................................................................ 217

10.12 Virtual Interfaces ........................................................................................................... 219

10.12.1 Virtual Interfaces Add/Edit .................................................................................... 219

10.13 Interface Technical Reference ....................................................................................... 220

Chapter 11

Trunks....................................................................................................................................225

11.1 Overview .......................................................................................................................... 225

11.1.1 What You Can Do in the Trunk Screens ................................................................. 225

Table of Contents

ZyWALL USG 2000 User’s Guide

16

11.1.2 What You Need to Know About Trunks .................................................................. 226

11.2 The Trunk Summary Screen ............................................................................................ 229

11.3 Configuring a Trunk ........................................................................................................231

11.4 Trunk Technical Reference .............................................................................................. 232

Chapter 12

Policy and Static Routes......................................................................................................235

12.1 Policy and Static Routes Overview .................................................................................. 235

12.1.1 What You Can Do in the Routing Screens ............................................................. 236

12.1.2 What You Need to Know About Policy and Static Routes ...................................... 236

12.2 Policy Route Screen ........................................................................................................ 237

12.2.1 Policy Route Edit Screen .......................................................................................239

12.3 IP Static Route Screen ....................................................................................................243

12.3.1 Static Route Add/Edit Screen .................................................................................244

12.4 Policy Routing Technical Reference ................................................................................ 245

Chapter 13

Routing Protocols.................................................................................................................249

13.1 Routing Protocols Overview ............................................................................................ 249

13.1.1 What You Can Do in the RIP and OSPF Screens .................................................. 249

13.1.2 What You Need to Know About Routing Protocols ................................................ 249

13.2 The RIP Screen ...............................................................................................................250

13.3 The OSPF Screen ...........................................................................................................251

13.3.1 Configuring the OSPF Screen ................................................................................255

13.3.2 OSPF Area Add/Edit Screen ................................................................................. 257

13.4 Routing Protocol Technical Reference ............................................................................ 259

Chapter 14

Zones .....................................................................................................................................261

14.1 Zones Overview ............................................................................................................... 261

14.1.1 What You Can Do in the Zones Screens ................................................................ 261

14.1.2 What You Need to Know About Zones ................................................................... 262

14.2 The Zone Screen .............................................................................................................263

14.3 Zone Edit ........................................................................................................................ 264

Chapter 15

DDNS......................................................................................................................................265

15.1 DDNS Overview .............................................................................................................. 265

15.1.1 What You Can Do in the DDNS Screens ............................................................... 265

15.1.2 What You Need to Know About DDNS ................................................................... 265

15.2 The DDNS Screen ...........................................................................................................266

15.2.1 The Dynamic DNS Add/Edit Screen ...................................................................... 268

15.3 The DDNS Status Screen ................................................................................................ 270

Table of Contents

ZyWALL USG 2000 User’s Guide

17

Chapter 16

Virtual Servers.......................................................................................................................273

16.1 Virtual Servers Overview .................................................................................................273

16.1.1 What You Can Do in the Virtual Server Screens .................................................... 273

16.1.2 What You Need to Know About Virtual Servers .....................................................273

16.2 The Virtual Server Screen ............................................................................................... 274

16.2.1 The Virtual Server Add/Edit Screen ....................................................................... 275

16.3 NAT 1:1 and NAT Loopback Examples ...........................................................................278

Chapter 17

HTTP Redirect......................................................................................................................289

17.1 Overview .......................................................................................................................... 289

17.1.1 What You Can Do in the HTTP Redirect Screens .................................................. 289

17.1.2 What You Need to Know About HTTP Redirect ..................................................... 290

17.2 The HTTP Redirect Screen ............................................................................................. 291

17.2.1 The HTTP Redirect Edit Screen ............................................................................. 292

Chapter 18

ALG ........................................................................................................................................293

18.1 ALG Overview ................................................................................................................. 293

18.1.1 What You Can Do in the ALG Screen .................................................................... 293

18.1.2 What You Need to Know About ALG ..................................................................... 294

18.1.3 Before You Begin ................................................................................................... 297

18.2 The ALG Screen ..............................................................................................................297

18.3 ALG Technical Reference ................................................................................................ 299

Chapter 19

IP/MAC Binding....................................................................................................................301

19.1 IP/MAC Binding Overview ...............................................................................................301

19.1.1 What You Can Do in the IP/MAC Binding Screens ................................................ 301

19.1.2 What You Need to Know About IP/MAC Binding ................................................... 302

19.2 IP/MAC Binding Summary ............................................................................................... 302

19.2.1 IP/MAC Binding Edit ...............................................................................................303

19.2.2 Static DHCP Edit .................................................................................................... 304

19.3 IP/MAC Binding Exempt List ...........................................................................................305

19.4 IP/MAC Binding Monitor .................................................................................................. 305

Part III: Firewall .................................................................................... 307

Chapter 20

Firewall...................................................................................................................................309

Table of Contents

ZyWALL USG 2000 User’s Guide

18

20.1 Overview .......................................................................................................................... 309

20.1.1 What You Can Do in the Firewall Screens ............................................................. 309

20.1.2 What You Need to Know About the Firewall ..........................................................310

20.1.3 Firewall Rule Example Applications ....................................................................... 312

20.1.4 Firewall Rule Configuration Example ..................................................................... 315

20.2 The Firewall Screen ......................................................................................................... 317

20.2.1 Configuring the Firewall Screen .............................................................................318

20.2.2 The Firewall Edit Screen ........................................................................................321

20.3 The Session Limit Screen ................................................................................................ 323

20.3.1 The Session Limit Edit Screen ............................................................................... 324

Part IV: VPN.......................................................................................... 327

Chapter 21

IPSec VPN..............................................................................................................................329

21.1 IPSec VPN Overview .......................................................................................................329

21.1.1 What You Can Do in the IPSec VPN Screens ........................................................ 329

21.1.2 What You Need to Know About IPSec VPN ........................................................... 330

21.1.3 Before You Begin ................................................................................................... 332

21.2 The VPN Connection Screen .......................................................................................... 332

21.2.1 The VPN Connection Add/Edit (IKE) Screen ......................................................... 334

21.2.2 The VPN Connection Add/Edit Manual Key Screen ..............................................341

21.3 The VPN Gateway Screen .............................................................................................. 345

21.3.1 The VPN Gateway Add/Edit Screen ......................................................................346

21.4 The VPN Concentrator Screen ........................................................................................ 354

21.4.1 The VPN Concentrator Add/Edit Screen ................................................................355

21.5 The SA Monitor Screen .................................................................................................. 357

21.6 IPSec VPN Background Information ............................................................................... 358

Chapter 22

SSL VPN.................................................................................................................................371

22.1 Overview .......................................................................................................................... 371

22.1.1 What You Can Do in the SSL VPN Screens ..........................................................371

22.1.2 What You Need to Know About SSL VPN .............................................................. 371

22.2 The SSL Access Privilege Screen ...................................................................................373

22.2.1 The SSL Access Policy Add/Edit Screen .............................................................. 375

22.3 The SSL Connection Monitor Screen .............................................................................. 377

22.4 The SSL Global Setting Screen ....................................................................................... 378

22.4.1 How to Upload a Custom Logo .............................................................................. 380

22.5 Establishing an SSL VPN Connection ............................................................................. 381

Table of Contents

ZyWALL USG 2000 User’s Guide

19

Chapter 23

SSL User Screens.................................................................................................................383

23.1 Overview .......................................................................................................................... 383

23.1.1 What You Need to Know About the SSL User Screens .........................................383

23.2 Remote User Login ..........................................................................................................384

23.3 The SSL VPN User Screens ........................................................................................... 389

23.4 Bookmarking the ZyWALL ............................................................................................... 390

23.5 Logging Out of the SSL VPN User Screens ....................................................................390

Chapter 24

SSL User Application Screens ............................................................................................393

24.1 SSL User Application Screens Overview ........................................................................ 393

24.2 The Application Screen ...................................................................................................393

Chapter 25

SSL User File Sharing ..........................................................................................................395

25.1 Overview .......................................................................................................................... 395

25.1.1 What You Need to Know About the SSL VPN File Sharing ...................................395

25.2 The Main File Sharing Screen ......................................................................................... 396

25.3 Opening a File or Folder ..................................................................................................396

25.3.1 Downloading a File .................................................................................................398

25.3.2 Saving a File .......................................................................................................... 399

25.4 Creating a New Folder .....................................................................................................399

25.5 Renaming a File or Folder ...............................................................................................400

25.6 Deleting a File or Folder ..................................................................................................400

25.7 Uploading a File ...............................................................................................................401

Chapter 26

ZyWALL SecuExtender.........................................................................................................403

26.1 The ZyWALL SecuExtender Icon .................................................................................... 403

26.2 Statistics ..........................................................................................................................403

26.3 View Log .......................................................................................................................... 405

26.4 Suspend and Resume the Connection ............................................................................ 405

26.5 Stop the Connection ........................................................................................................ 405

26.6 Uninstalling the ZyWALL SecuExtender .......................................................................... 405

Chapter 27

L2TP VPN...............................................................................................................................407

27.1 Overview .......................................................................................................................... 407

27.1.1 What You Can Do in the L2TP VPN Screens .........................................................407

27.1.2 What You Need to Know About L2TP VPN ............................................................ 407

27.2 L2TP VPN Screen ...........................................................................................................409

27.3 L2TP VPN Session Monitor Screen ................................................................................410

Table of Contents

ZyWALL USG 2000 User’s Guide

20

Chapter 28

L2TP VPN Example...............................................................................................................413

28.1 L2TP VPN Example .........................................................................................................413

28.2 Configuring the Default L2TP VPN Gateway Example .................................................... 414

28.3 Configuring the Default L2TP VPN Connection Example ................................................ 415

28.4 Configuring the L2TP VPN Settings Example ................................................................. 416

28.5 Configuring the Policy Route for L2TP Example ............................................................. 417

28.6 Configuring L2TP VPN in Windows XP and 2000 ...........................................................418

28.6.1 Configuring L2TP in Windows XP .......................................................................... 418

28.6.2 Configuring L2TP in Windows 2000 ....................................................................... 424

Part V: Application Patrol.................................................................... 441

Chapter 29

Application Patrol.................................................................................................................443

29.1 Overview .......................................................................................................................... 443

29.1.1 What You Can Do in the Application Patrol Screens .............................................. 443

29.1.2 What You Need to Know About Application Patrol ................................................444

29.1.3 Application Patrol Bandwidth Management Examples ........................................... 449

29.2 Application Patrol General Screen .................................................................................. 452

29.3 Application Patrol Applications ........................................................................................ 454

29.3.1 The Application Patrol Edit Screen ........................................................................ 455

29.3.2 The Application Patrol Policy Edit Screen ............................................................. 457

29.4 The Other Applications Screen ........................................................................................460

29.4.1 The Other Applications Add/Edit Screen ................................................................463

29.5 Application Patrol Statistics .............................................................................................465

29.5.1 Application Patrol Statistics: General Setup ........................................................... 465

29.5.2 Application Patrol Statistics: Bandwidth Statistics .................................................. 466

29.5.3 Application Patrol Statistics: Protocol Statistics ..................................................... 467

Part VI: Anti-X....................................................................................... 469

Chapter 30

Anti-Virus...............................................................................................................................471

30.1 Overview .......................................................................................................................... 471

30.1.1 What You Can Do in the Anti-Virus Screens .......................................................... 471

30.1.2 What You Need to Know About Anti-Virus ............................................................. 472

30.1.3 Before You Begin ................................................................................................... 474

30.2 Anti-Virus Summary Screen ............................................................................................ 474

Page is loading ...

ZyXEL Communications ZyXEL ZyWALL USG-1000 User manual

This manual is also suitable for

ZyXEL Communications ZyXEL ZyWALL USG-1000 User manual

Related papers

Other documents