2. Computers & electronics
  3. Networking
  4. Routers
  5. ZyXEL Communications
  6. ZyXEL ZyWALL USG-1000

ZyXEL Communications ZyXEL ZyWALL USG-1000, ZyWALL USG 2000 User manual

  • Hello! I am an AI chatbot trained to assist you with the ZyXEL Communications ZyXEL ZyWALL USG-1000 User manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
www.zyxel.com
www.zyxel.com
ZyWALL USG 2000
Unified Security Gateway
Copyright © 2009
ZyXEL Communications Corporation
Firmware Version 2.12
Edition 1, 6/2009
Default Login Details
LAN Port P1
IP Address https://192.168.1.1
User Name admin
Password 1234
About This User's Guide
ZyWALL USG 2000 User’s Guide
3
About This User's Guide
Intended Audience
This manual is intended for people who want to want to configure the ZyWALL
using the web configurator.
How To Use This Guide
•Read Chapter 1 on page 31 chapter for an overview of features available on the
ZyWALL.
•Read Chapter 3 on page 47 for web browser requirements and an introduction
to the main components, icons and menus in the ZyWALL web configurator.
•Read Chapter 4 on page 59 if you’re using the wizards for first time setup and
you want more detailed information than what the real time online help
provides.
It is highly recommended you read Chapter 5 on page 85 for detailed
information on essential terms used in the ZyWALL, what prerequisites are
needed to configure a feature and how to use that feature.
It is highly recommended you read Chapter 6 on page 103 for ZyWALL
application examples.
Subsequent chapters are arranged by menu item as defined in the web
configurator. Read each chapter carefully for detailed information on that menu
item.
To find specific information in this guide, use the Contents Overview, the
Table of Contents, the Index, or search the PDF file. E-mail
techwriters@zyxel.com.tw if you cannot find the information you require.
Related Documentation
•Quick Start Guide
The Quick Start Guide is designed to show you how to make the ZyWALL
hardware connections, rack mounting and access the web configurator wizards.
(See the wizard real time help for information on configuring each screen.) It
contains a connection diagram, default settings, handy checklists and
information on setting up your network and configuring for Internet access.
•CLI Reference Guide
The CLI Reference Guide explains how to use the Command-Line Interface (CLI)
to configure the ZyWALL.
Note: It is recommended you use the web configurator to configure the ZyWALL.
About This User's Guide
ZyWALL USG 2000 User’s Guide
4
Web Configurator Online Help
Click the help icon in any screen for help in configuring that screen and
supplementary information.
Support Disc
Refer to the included CD for support documents.
ZyXEL Web Site
Please refer to www.zyxel.com
for additional support documentation and
product certifications.
User Guide Feedback
Help us help you. Send all User Guide-related comments, questions or suggestions
for improvement to the following address, or use e-mail instead. Thank you!
The Technical Writing Team,
ZyXEL Communications Corp.,
6 Innovation Road II,
Science-Based Industrial Park,
Hsinchu, 300, Taiwan.
E-mail: [email protected]om.tw
Need More Help?
More help is available at www.zyxel.com.
Download Library
Search for the latest product updates and documentation from this link. Read
the Tech Doc Overview to find out how to efficiently use the User Guide, Quick
Start Guide and Command Line Interface Reference Guide in order to better
understand how to use your product.
Knowledge Base
If you have a specific question about your product, the answer may be here.
This is a collection of answers to previously asked questions about ZyXEL
products.
About This User's Guide
ZyWALL USG 2000 User’s Guide
5
•Forum
This contains discussions on ZyXEL products. Learn from others who use ZyXEL
products and share your experiences as well.
Customer Support
Should problems arise that cannot be solved by the methods listed above, you
should contact your vendor. If you cannot contact your vendor, then contact a
ZyXEL office for the region in which you bought the device.
See http://www.zyxel.com/web/contact_us.php for contact information. Please
have the following information ready when you contact an office.
Product model and serial number.
•Warranty Information.
Date that you received your device.
Brief description of the problem and the steps you took to solve it.
Disclaimer
Graphics in this book may differ slightly from the product due to differences in
operating systems, operating system versions, or if you installed updated
firmware/software for your device. Every effort has been made to ensure that the
information in this manual is accurate.
Document Conventions
ZyWALL USG 2000 User’s Guide
6
Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this User’s Guide.
Warnings tell you about things that could harm you or your
device.
Note: Notes tell you other important information (for example, other things you may
need to configure or helpful tips) or recommendations.
Syntax Conventions
The ZyWALL may be referred to as the “ZyWALL”, the “device”, the “system” or
the “product” in this User’s Guide.
Product labels, screen names, field labels and field choices are all in bold font.
A key stroke is denoted by square brackets and uppercase text, for example,
[ENTER] means the “enter” or “return” key on your keyboard.
“Enter” means for you to type one or more characters and then press the
[ENTER] key. “Select” or “choose” means for you to use one of the predefined
choices.
A right angle bracket ( > ) within a screen name denotes a mouse click. For
example, Maintenance > Log > Log Setting means you first click
Maintenance in the navigation panel, then the Log sub menu and finally the
Log Setting tab to get to that screen.
Units of measurement may denote the “metric” value or the “scientific” value.
For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may
denote “1000000” or “1048576” and so on.
“e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other
words”.
Document Conventions
ZyWALL USG 2000 User’s Guide
7
Icons Used in Figures
Figures in this User’s Guide may use the following generic icons. The ZyWALL icon
is not an exact representation of your device.
ZyWALL Computer Notebook computer
Server Firewall Telephone
Switch Router
Safety Warnings
ZyWALL USG 2000 User’s Guide
8
Safety Warnings
Do NOT use this product near water, for example, in a wet basement or near a swimming
pool.
Do NOT expose your device to dampness, dust or corrosive liquids.
Do NOT store things on the device.
Do NOT install, use, or service this device during a thunderstorm. There is a remote risk
of electric shock from lightning.
Connect ONLY suitable accessories to the device.
Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel should
service or disassemble this device. Please contact your vendor for further information.
Make sure to connect the cables to the correct ports.
Place connecting cables carefully so that no one will step on them or stumble over them.
Always disconnect all cables from this device before servicing or disassembling.
Caution: This unit has more than one power supply cord. Disconnect two power supply
cords before servicing to avoid electric shock. (has multiple power cords, e.g., chassis-
based Ethernet switch. Make sure you specify the correct number of power cords in both
the English and the French that follows)
Attention: Cet appareil comporte plus d'un cordon d'alimentation. Afin de prévenir les
chocs électriques, debrancher les deux cordons d'alimentation avant de faire le
dépannage.
Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right
supply voltage (for example, 110V AC in North America or 230V AC in Europe).
Do NOT remove the plug and connect it to a power outlet by itself; always attach the
plug to the power adaptor first before connecting it to a power outlet.
Do NOT allow anything to rest on the power adaptor or cord and do NOT place the
product where anyone can walk on the power adaptor or cord.
Do NOT use the device if the power adaptor or cord is damaged as it might cause
electrocution.
If the power adaptor or cord is damaged, remove it from the device and the power
source.
Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order
a new one.
Do not use the device outside, and make sure all the connections are indoors. There is a
remote risk of electric shock from lightning.
CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN
INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.
Dispose them at the applicable collection point for the recycling of electrical and
electronic equipment. For detailed information about recycling of this product, please
contact your local city office, your household waste disposal service or the store where
you purchased the product.
Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your
device.
Your product is marked with this symbol, which is known as the WEEE mark. WEEE
stands for Waste Electronics and Electrical Equipment. It means that used electrical
and electronic products should not be mixed with general waste. Used electrical and
electronic equipment should be treated separately.
Contents Overview
ZyWALL USG 2000 User’s Guide
9
Contents Overview
Getting Started .......................................................................................................................29
Introducing the ZyWALL ............................................................................................................31
Features and Applications ......................................................................................................... 39
Web Configurator ....................................................................................................................... 47
Wizard Setup ............................................................................................................................. 59
Configuration Basics .................................................................................................................. 85
Tutorials ................................................................................................................................... 103
Status ....................................................................................................................................... 137
Registration ............................................................................................................................. 153
Signature Update .....................................................................................................................159
Network .................................................................................................................................167
Interfaces ................................................................................................................................. 169
Trunks ......................................................................................................................................225
Policy and Static Routes .......................................................................................................... 235
Routing Protocols .................................................................................................................... 249
Zones ....................................................................................................................................... 261
DDNS ...................................................................................................................................... 265
Virtual Servers ......................................................................................................................... 273
HTTP Redirect ........................................................................................................................ 289
ALG ......................................................................................................................................... 293
IP/MAC Binding ...................................................................................................................... 301
Firewall ..................................................................................................................................307
Firewall .................................................................................................................................... 309
VPN ........................................................................................................................................327
IPSec VPN ............................................................................................................................... 329
SSL VPN ................................................................................................................................. 371
SSL User Screens ................................................................................................................... 383
SSL User Application Screens ................................................................................................ 393
SSL User File Sharing ............................................................................................................. 395
ZyWALL SecuExtender ...........................................................................................................403
L2TP VPN ................................................................................................................................407
L2TP VPN Example .................................................................................................................413
Contents Overview
ZyWALL USG 2000 User’s Guide
10
Application Patrol ................................................................................................................441
Application Patrol ..................................................................................................................... 443
Anti-X ....................................................................................................................................469
Anti-Virus ................................................................................................................................. 471
IDP .......................................................................................................................................... 487
ADP ........................................................................................................................................ 521
Content Filtering ..................................................................................................................... 541
Content Filter Reports ............................................................................................................. 567
Anti-Spam ................................................................................................................................ 575
Device HA .............................................................................................................................593
Device HA .............................................................................................................................. 595
Objects ..................................................................................................................................613
User/Group .............................................................................................................................. 615
Addresses ............................................................................................................................... 631
Services ................................................................................................................................... 637
Schedules ................................................................................................................................ 643
AAA Server ............................................................................................................................. 649
Authentication Method ............................................................................................................. 661
Certificates ............................................................................................................................... 665
ISP Accounts ........................................................................................................................... 687
SSL Application ....................................................................................................................... 691
System ..................................................................................................................................699
System ...................................................................................................................................701
Maintenance, Troubleshooting, & Specifications .............................................................749
File Manager ........................................................................................................................... 751
Logs ........................................................................................................................................ 763
Reports ...................................................................................................................................777
Diagnostics ............................................................................................................................. 795
Reboot ..................................................................................................................................... 797
Troubleshooting .......................................................................................................................799
Product Specifications .............................................................................................................805
Appendices and Index .........................................................................................................813
Table of Contents
ZyWALL USG 2000 User’s Guide
11
Table of Contents
About This User's Guide..........................................................................................................3
Document Conventions............................................................................................................6
Safety Warnings........................................................................................................................8
Contents Overview ...................................................................................................................9
Table of Contents....................................................................................................................11
Part I: Getting Started............................................................................ 29
Chapter 1
Introducing the ZyWALL ........................................................................................................31
1.1 Overview and Key Default Settings ..................................................................................... 31
1.2 Front Panel .......................................................................................................................... 32
1.2.1 Dual Personality Interfaces ........................................................................................ 32
1.2.2 Front Panel LEDs ....................................................................................................... 35
1.3 Management Overview ........................................................................................................36
1.4 Starting and Stopping the ZyWALL ...................................................................................... 37
Chapter 2
Features and Applications.....................................................................................................39
2.1 Features .............................................................................................................................. 39
2.2 Packet Flow ......................................................................................................................... 41
2.2.1 Interface to Interface (Through ZyWALL) ................................................................... 42
2.2.2 Interface to Interface (To/From ZyWALL) ................................................................... 42
2.2.3 Interface to Interface (From VPN Tunnel) .................................................................. 42
2.2.4 Interface to Interface (To VPN Tunnel) ....................................................................... 42
2.3 Applications ......................................................................................................................... 43
2.3.1 VPN Connectivity ....................................................................................................... 43
2.3.2 SSL VPN Network Access ......................................................................................... 43
2.3.3 User-Aware Access Control ....................................................................................... 45
2.3.4 Multiple WAN Interfaces ............................................................................................. 45
2.3.5 Device HA .................................................................................................................. 46
Chapter 3
Web Configurator....................................................................................................................47
Table of Contents
ZyWALL USG 2000 User’s Guide
12
3.1 Web Configurator Requirements ......................................................................................... 47
3.2 Web Configurator Access ....................................................................................................47
3.3 Web Configurator Main Screen ...........................................................................................49
3.3.1 Title Bar ...................................................................................................................... 50
3.3.2 Navigation Panel ........................................................................................................50
3.3.3 Main Window ..............................................................................................................55
3.3.4 Message Bar ..............................................................................................................55
Chapter 4
Wizard Setup...........................................................................................................................59
4.1 Wizard Setup Overview ....................................................................................................... 59
4.2 Installation Setup, One ISP ................................................................................................. 60
4.2.1 Internet Access: Ethernet Encapsulation ................................................................... 61
4.2.2 Internet Access: PPPoE Encapsulation ..................................................................... 63
4.2.3 Internet Access: PPTP Encapsulation ....................................................................... 65
4.2.4 Internet Access - Finish ............................................................................................. 66
4.3 Device Registration .......................................................................................................... 67
4.4 Installation Setup, Two Internet Service Providers .............................................................. 69
4.4.1 Internet Access Wizard Setup Complete ................................................................... 71
4.5 VPN Setup ........................................................................................................................... 71
4.5.1 VPN Express Wizard .................................................................................................. 72
4.5.2 VPN Advanced Wizard ............................................................................................... 77
4.5.3 VPN Advanced Wizard - Finish ................................................................................. 83
Chapter 5
Configuration Basics..............................................................................................................85
5.1 Object-based Configuration .................................................................................................85
5.2 Zones, Interfaces, and Physical Ports ................................................................................. 86
5.2.1 Interface Types ........................................................................................................... 87
5.2.2 Default Interface and Zone Configuration .................................................................. 88
5.3 Terminology in the ZyWALL .................................................................................................89
5.4 Feature Configuration Overview ......................................................................................... 90
5.4.1 Feature ....................................................................................................................... 90
5.4.2 Interface ..................................................................................................................... 90
5.4.3 Trunks ........................................................................................................................91
5.4.4 IPSec VPN ................................................................................................................. 91
5.4.5 SSL VPN ....................................................................................................................91
5.4.6 L2TP VPN .................................................................................................................. 92
5.4.7 Zones .........................................................................................................................92
5.4.8 Device HA .................................................................................................................. 93
5.4.9 DDNS ......................................................................................................................... 93
5.4.10 Policy Routes ...........................................................................................................93
5.4.11 Static Routes ............................................................................................................94
Table of Contents
ZyWALL USG 2000 User’s Guide
13
5.4.12 Firewall ..................................................................................................................... 94
5.4.13 Application Patrol .....................................................................................................95
5.4.14 Anti-Virus .................................................................................................................. 96
5.4.15 IDP ........................................................................................................................... 96
5.4.16 ADP ..........................................................................................................................96
5.4.17 Content Filter ............................................................................................................ 96
5.4.18 Anti-Spam .................................................................................................................97
5.4.19 Virtual Server (Port Forwarding) .............................................................................. 97
5.4.20 HTTP Redirect ......................................................................................................... 98
5.4.21 ALG .......................................................................................................................... 99
5.5 Objects ................................................................................................................................ 99
5.5.1 User/Group ...............................................................................................................100
5.6 System Management and Maintenance ............................................................................ 100
5.6.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM ..................100
5.6.2 File Manager ............................................................................................................101
5.6.3 Licensing Registration ..............................................................................................101
5.6.4 Licensing Update ..................................................................................................... 102
5.6.5 Logs and Reports ..................................................................................................... 102
5.6.6 Diagnostics ...............................................................................................................102
Chapter 6
Tutorials.................................................................................................................................103
6.1 How to Configure Interfaces, Port Grouping, and Zones ...................................................103
6.1.1 Configure a WAN Ethernet Interface ........................................................................ 104
6.1.2 Configure Zones ....................................................................................................... 105
6.1.3 Configure Port Grouping ..........................................................................................105
6.2 How to Configure a Cellular Interface ................................................................................106
6.3 How to Configure Load Balancing ..................................................................................... 109
6.3.1 Set Up Available Bandwidth on Ethernet Interfaces .................................................110
6.3.2 Configure the WAN Trunk .........................................................................................110
6.4 How to Set Up an IPSec VPN Tunnel .................................................................................111
6.4.1 Set Up the VPN Gateway ..........................................................................................111
6.4.2 Set Up the VPN Connection ......................................................................................112
6.4.3 Set Up the Policy Route for the VPN Tunnel .............................................................113
6.4.4 Configure Security Policies for the VPN Tunnel ........................................................115
6.5 How to Configure User-aware Access Control ...................................................................115
6.5.1 Set Up User Accounts ...............................................................................................115
6.5.2 Set Up User Groups ..................................................................................................116
6.5.3 Set Up User Authentication Using the RADIUS Server ............................................116
6.5.4 Set Up Web Surfing Policies With Bandwidth Restrictions .......................................118
6.5.5 Set Up MSN Policies ................................................................................................ 120
6.5.6 Set Up Firewall Rules ............................................................................................... 121
6.6 How to Configure Service Control ..................................................................................... 122
Table of Contents
ZyWALL USG 2000 User’s Guide
14
6.6.1 Allow HTTPS Administrator Access Only From the LAN ......................................... 122
6.7 How to Allow Incoming H.323 Peer-to-peer Calls ............................................................. 125
6.7.1 Turn On the ALG ......................................................................................................126
6.7.2 Set Up a Virtual Server Policy For H.323 ................................................................. 126
6.7.3 Set Up a Firewall Rule For H.323 ............................................................................ 127
6.8 How to Use Active-Passive Device HA ............................................................................. 128
6.8.1 Before You Start ....................................................................................................... 129
6.8.2 Configure Device HA on the Master ZyWALL .......................................................... 130
6.8.3 Configure the Backup ZyWALL ................................................................................ 131
6.8.4 Deploy the Backup ZyWALL .................................................................................... 132
6.8.5 Check Your Device HA Setup .................................................................................. 133
6.9 How to Allow Public Access to a Server ............................................................................ 133
6.9.1 Create the Address Objects ..................................................................................... 133
6.9.2 Configure a Virtual Server ........................................................................................ 134
Chapter 7
Status.....................................................................................................................................137
7.1 Overview ............................................................................................................................ 137
7.1.1 What You Can Do in the Status Screens .................................................................. 137
7.2 The Status Screen .............................................................................................................138
7.2.1 The CPU Usage Screen ........................................................................................... 144
7.2.2 The Memory Usage Screen ..................................................................................... 145
7.2.3 The Session Usage Screen ..................................................................................... 146
7.2.4 The VPN Status Screen ........................................................................................... 147
7.2.5 The DHCP Table Screen ..........................................................................................148
7.2.6 The Port Statistics Screen ........................................................................................ 149
7.2.7 The Port Statistics Graph Screen ............................................................................. 150
7.2.8 The Current Users Screen ....................................................................................... 151
7.2.9 The SEM Status Detail Screen .................................................................................151
Chapter 8
Registration...........................................................................................................................153
8.1 Overview ............................................................................................................................ 153
8.1.1 What You Can Do in the Registration Screens ........................................................ 153
8.1.2 What you Need to Know About Service Registration ............................................... 153
8.2 The Registration Screen ....................................................................................................155
8.3 The Service Screen ........................................................................................................... 157
Chapter 9
Signature Update ..................................................................................................................159
9.1 Overview ............................................................................................................................ 159
9.1.1 What You Can Do in the Update Screens ................................................................159
9.1.2 What you Need to Know About Signature Updates .................................................159
Table of Contents
ZyWALL USG 2000 User’s Guide
15
9.2 The Antivirus Update Screen .............................................................................................160
9.3 The IDP/AppPatrol Update Screen .................................................................................... 161
9.4 The System Protect Update Screen ................................................................................. 163
Part II: Network..................................................................................... 167
Chapter 10
Interfaces...............................................................................................................................169
10.1 Interface Overview ........................................................................................................... 169
10.1.1 What You Can Do in the Interface Screens ............................................................169
10.1.2 What You Need to Know About Interfaces ............................................................. 170
10.2 Interface Status Screen ...................................................................................................173
10.3 Port Grouping ................................................................................................................. 176
10.3.1 Port Grouping Overview ......................................................................................... 176
10.3.2 Port Grouping Screen ............................................................................................176
10.4 Ethernet Summary Screen .............................................................................................. 177
10.4.1 Ethernet Edit .........................................................................................................179
10.5 The Static DHCP Screen .................................................................................................185
10.6 PPP Interfaces ................................................................................................................ 186
10.6.1 PPP Interface Summary .........................................................................................187
10.6.2 PPP Interface Edit .................................................................................................188
10.7 Cellular Configuration Screen (3G) ................................................................................. 192
10.7.1 Cellular Add/Edit Screen ........................................................................................ 195
10.8 Cellular Status Screen .....................................................................................................199
10.9 VLAN Interfaces ............................................................................................................. 201
10.9.1 VLAN Summary Screen ......................................................................................... 203
10.9.2 VLAN Add/Edit ...................................................................................................... 204
10.10 Bridge Interfaces .......................................................................................................... 209
10.10.1 Bridge Summary ...................................................................................................211
10.10.2 Bridge Add/Edit ...................................................................................................212
10.11 Auxiliary Interface ......................................................................................................... 216
10.11.1 Auxiliary Interface Overview ................................................................................. 216
10.11.2 Auxiliary ................................................................................................................ 217
10.12 Virtual Interfaces ........................................................................................................... 219
10.12.1 Virtual Interfaces Add/Edit .................................................................................... 219
10.13 Interface Technical Reference ....................................................................................... 220
Chapter 11
Trunks....................................................................................................................................225
11.1 Overview .......................................................................................................................... 225
11.1.1 What You Can Do in the Trunk Screens ................................................................. 225
Table of Contents
ZyWALL USG 2000 User’s Guide
16
11.1.2 What You Need to Know About Trunks .................................................................. 226
11.2 The Trunk Summary Screen ............................................................................................ 229
11.3 Configuring a Trunk ........................................................................................................231
11.4 Trunk Technical Reference .............................................................................................. 232
Chapter 12
Policy and Static Routes......................................................................................................235
12.1 Policy and Static Routes Overview .................................................................................. 235
12.1.1 What You Can Do in the Routing Screens ............................................................. 236
12.1.2 What You Need to Know About Policy and Static Routes ...................................... 236
12.2 Policy Route Screen ........................................................................................................ 237
12.2.1 Policy Route Edit Screen .......................................................................................239
12.3 IP Static Route Screen ....................................................................................................243
12.3.1 Static Route Add/Edit Screen .................................................................................244
12.4 Policy Routing Technical Reference ................................................................................ 245
Chapter 13
Routing Protocols.................................................................................................................249
13.1 Routing Protocols Overview ............................................................................................ 249
13.1.1 What You Can Do in the RIP and OSPF Screens .................................................. 249
13.1.2 What You Need to Know About Routing Protocols ................................................ 249
13.2 The RIP Screen ...............................................................................................................250
13.3 The OSPF Screen ...........................................................................................................251
13.3.1 Configuring the OSPF Screen ................................................................................255
13.3.2 OSPF Area Add/Edit Screen ................................................................................. 257
13.4 Routing Protocol Technical Reference ............................................................................ 259
Chapter 14
Zones .....................................................................................................................................261
14.1 Zones Overview ............................................................................................................... 261
14.1.1 What You Can Do in the Zones Screens ................................................................ 261
14.1.2 What You Need to Know About Zones ................................................................... 262
14.2 The Zone Screen .............................................................................................................263
14.3 Zone Edit ........................................................................................................................ 264
Chapter 15
DDNS......................................................................................................................................265
15.1 DDNS Overview .............................................................................................................. 265
15.1.1 What You Can Do in the DDNS Screens ............................................................... 265
15.1.2 What You Need to Know About DDNS ................................................................... 265
15.2 The DDNS Screen ...........................................................................................................266
15.2.1 The Dynamic DNS Add/Edit Screen ...................................................................... 268
15.3 The DDNS Status Screen ................................................................................................ 270
Table of Contents
ZyWALL USG 2000 User’s Guide
17
Chapter 16
Virtual Servers.......................................................................................................................273
16.1 Virtual Servers Overview .................................................................................................273
16.1.1 What You Can Do in the Virtual Server Screens .................................................... 273
16.1.2 What You Need to Know About Virtual Servers .....................................................273
16.2 The Virtual Server Screen ............................................................................................... 274
16.2.1 The Virtual Server Add/Edit Screen ....................................................................... 275
16.3 NAT 1:1 and NAT Loopback Examples ...........................................................................278
Chapter 17
HTTP Redirect......................................................................................................................289
17.1 Overview .......................................................................................................................... 289
17.1.1 What You Can Do in the HTTP Redirect Screens .................................................. 289
17.1.2 What You Need to Know About HTTP Redirect ..................................................... 290
17.2 The HTTP Redirect Screen ............................................................................................. 291
17.2.1 The HTTP Redirect Edit Screen ............................................................................. 292
Chapter 18
ALG ........................................................................................................................................293
18.1 ALG Overview ................................................................................................................. 293
18.1.1 What You Can Do in the ALG Screen .................................................................... 293
18.1.2 What You Need to Know About ALG ..................................................................... 294
18.1.3 Before You Begin ................................................................................................... 297
18.2 The ALG Screen ..............................................................................................................297
18.3 ALG Technical Reference ................................................................................................ 299
Chapter 19
IP/MAC Binding....................................................................................................................301
19.1 IP/MAC Binding Overview ...............................................................................................301
19.1.1 What You Can Do in the IP/MAC Binding Screens ................................................ 301
19.1.2 What You Need to Know About IP/MAC Binding ................................................... 302
19.2 IP/MAC Binding Summary ............................................................................................... 302
19.2.1 IP/MAC Binding Edit ...............................................................................................303
19.2.2 Static DHCP Edit .................................................................................................... 304
19.3 IP/MAC Binding Exempt List ...........................................................................................305
19.4 IP/MAC Binding Monitor .................................................................................................. 305
Part III: Firewall .................................................................................... 307
Chapter 20
Firewall...................................................................................................................................309
Table of Contents
ZyWALL USG 2000 User’s Guide
18
20.1 Overview .......................................................................................................................... 309
20.1.1 What You Can Do in the Firewall Screens ............................................................. 309
20.1.2 What You Need to Know About the Firewall ..........................................................310
20.1.3 Firewall Rule Example Applications ....................................................................... 312
20.1.4 Firewall Rule Configuration Example ..................................................................... 315
20.2 The Firewall Screen ......................................................................................................... 317
20.2.1 Configuring the Firewall Screen .............................................................................318
20.2.2 The Firewall Edit Screen ........................................................................................321
20.3 The Session Limit Screen ................................................................................................ 323
20.3.1 The Session Limit Edit Screen ............................................................................... 324
Part IV: VPN.......................................................................................... 327
Chapter 21
IPSec VPN..............................................................................................................................329
21.1 IPSec VPN Overview .......................................................................................................329
21.1.1 What You Can Do in the IPSec VPN Screens ........................................................ 329
21.1.2 What You Need to Know About IPSec VPN ........................................................... 330
21.1.3 Before You Begin ................................................................................................... 332
21.2 The VPN Connection Screen .......................................................................................... 332
21.2.1 The VPN Connection Add/Edit (IKE) Screen ......................................................... 334
21.2.2 The VPN Connection Add/Edit Manual Key Screen ..............................................341
21.3 The VPN Gateway Screen .............................................................................................. 345
21.3.1 The VPN Gateway Add/Edit Screen ......................................................................346
21.4 The VPN Concentrator Screen ........................................................................................ 354
21.4.1 The VPN Concentrator Add/Edit Screen ................................................................355
21.5 The SA Monitor Screen .................................................................................................. 357
21.6 IPSec VPN Background Information ............................................................................... 358
Chapter 22
SSL VPN.................................................................................................................................371
22.1 Overview .......................................................................................................................... 371
22.1.1 What You Can Do in the SSL VPN Screens ..........................................................371
22.1.2 What You Need to Know About SSL VPN .............................................................. 371
22.2 The SSL Access Privilege Screen ...................................................................................373
22.2.1 The SSL Access Policy Add/Edit Screen .............................................................. 375
22.3 The SSL Connection Monitor Screen .............................................................................. 377
22.4 The SSL Global Setting Screen ....................................................................................... 378
22.4.1 How to Upload a Custom Logo .............................................................................. 380
22.5 Establishing an SSL VPN Connection ............................................................................. 381
Table of Contents
ZyWALL USG 2000 User’s Guide
19
Chapter 23
SSL User Screens.................................................................................................................383
23.1 Overview .......................................................................................................................... 383
23.1.1 What You Need to Know About the SSL User Screens .........................................383
23.2 Remote User Login ..........................................................................................................384
23.3 The SSL VPN User Screens ........................................................................................... 389
23.4 Bookmarking the ZyWALL ............................................................................................... 390
23.5 Logging Out of the SSL VPN User Screens ....................................................................390
Chapter 24
SSL User Application Screens ............................................................................................393
24.1 SSL User Application Screens Overview ........................................................................ 393
24.2 The Application Screen ...................................................................................................393
Chapter 25
SSL User File Sharing ..........................................................................................................395
25.1 Overview .......................................................................................................................... 395
25.1.1 What You Need to Know About the SSL VPN File Sharing ...................................395
25.2 The Main File Sharing Screen ......................................................................................... 396
25.3 Opening a File or Folder ..................................................................................................396
25.3.1 Downloading a File .................................................................................................398
25.3.2 Saving a File .......................................................................................................... 399
25.4 Creating a New Folder .....................................................................................................399
25.5 Renaming a File or Folder ...............................................................................................400
25.6 Deleting a File or Folder ..................................................................................................400
25.7 Uploading a File ...............................................................................................................401
Chapter 26
ZyWALL SecuExtender.........................................................................................................403
26.1 The ZyWALL SecuExtender Icon .................................................................................... 403
26.2 Statistics ..........................................................................................................................403
26.3 View Log .......................................................................................................................... 405
26.4 Suspend and Resume the Connection ............................................................................ 405
26.5 Stop the Connection ........................................................................................................ 405
26.6 Uninstalling the ZyWALL SecuExtender .......................................................................... 405
Chapter 27
L2TP VPN...............................................................................................................................407
27.1 Overview .......................................................................................................................... 407
27.1.1 What You Can Do in the L2TP VPN Screens .........................................................407
27.1.2 What You Need to Know About L2TP VPN ............................................................ 407
27.2 L2TP VPN Screen ...........................................................................................................409
27.3 L2TP VPN Session Monitor Screen ................................................................................410
Table of Contents
ZyWALL USG 2000 User’s Guide
20
Chapter 28
L2TP VPN Example...............................................................................................................413
28.1 L2TP VPN Example .........................................................................................................413
28.2 Configuring the Default L2TP VPN Gateway Example .................................................... 414
28.3 Configuring the Default L2TP VPN Connection Example ................................................ 415
28.4 Configuring the L2TP VPN Settings Example ................................................................. 416
28.5 Configuring the Policy Route for L2TP Example ............................................................. 417
28.6 Configuring L2TP VPN in Windows XP and 2000 ...........................................................418
28.6.1 Configuring L2TP in Windows XP .......................................................................... 418
28.6.2 Configuring L2TP in Windows 2000 ....................................................................... 424
Part V: Application Patrol.................................................................... 441
Chapter 29
Application Patrol.................................................................................................................443
29.1 Overview .......................................................................................................................... 443
29.1.1 What You Can Do in the Application Patrol Screens .............................................. 443
29.1.2 What You Need to Know About Application Patrol ................................................444
29.1.3 Application Patrol Bandwidth Management Examples ........................................... 449
29.2 Application Patrol General Screen .................................................................................. 452
29.3 Application Patrol Applications ........................................................................................ 454
29.3.1 The Application Patrol Edit Screen ........................................................................ 455
29.3.2 The Application Patrol Policy Edit Screen ............................................................. 457
29.4 The Other Applications Screen ........................................................................................460
29.4.1 The Other Applications Add/Edit Screen ................................................................463
29.5 Application Patrol Statistics .............................................................................................465
29.5.1 Application Patrol Statistics: General Setup ........................................................... 465
29.5.2 Application Patrol Statistics: Bandwidth Statistics .................................................. 466
29.5.3 Application Patrol Statistics: Protocol Statistics ..................................................... 467
Part VI: Anti-X....................................................................................... 469
Chapter 30
Anti-Virus...............................................................................................................................471
30.1 Overview .......................................................................................................................... 471
30.1.1 What You Can Do in the Anti-Virus Screens .......................................................... 471
30.1.2 What You Need to Know About Anti-Virus ............................................................. 472
30.1.3 Before You Begin ................................................................................................... 474
30.2 Anti-Virus Summary Screen ............................................................................................ 474
/