ZyXEL Communications USG-300 - V2.20 ED 2 User manual

www.zyxel.com

ZyWALL USG 300

Unified Security Gateway

ZyXEL Communications Corporation

Firmware Version 2.20

Edition 2, 9/2010

Default Login Details

LAN Port P1

IP Address https://192.168.1.1

User Name admin

Password 1234

About This User's Guide

ZyWALL USG 300 User’s Guide

3

About This User's Guide

Intended Audience

This manual is intended for people who want to want to configure the ZyWALL

using the Web Configurator.

How To Use This Guide

•Read Chapter 1 on page 33 chapter for an overview of features available on the

ZyWALL.

•Read Chapter 3 on page 47 for web browser requirements and an introduction

to the main components, icons and menus in the ZyWALL Web Configurator.

•Read Chapter 4 on page 65 if you’re using the installation wizard for first time

setup and you want more detailed information than what the real time online

help provides.

•Read Chapter 5 on page 75 if you’re using the quick setup wizards and you want

more detailed information than what the real time online help provides.

• It is highly recommended you read Chapter 6 on page 93 for detailed

information on essential terms used in the ZyWALL, what prerequisites are

needed to configure a feature and how to use that feature.

• It is highly recommended you read Chapter 7 on page 117 for ZyWALL

application examples.

• Subsequent chapters are arranged by menu item as defined in the Web

Configurator. Read each chapter carefully for detailed information on that menu

item.

• To find specific information in this guide, use the Contents Overview, the

Table of Contents, the Index, or search the PDF file. E-mail

techwriters@zyxel.com.tw if you cannot find the information you require.

Related Documentation

•Quick Start Guide

The Quick Start Guide is designed to show you how to make the ZyWALL

hardware connections and access the Web Configurator wizards. (See the

wizard real time help for information on configuring each screen.) It also

contains a connection diagram and package contents list.

•CLI Reference Guide

The CLI Reference Guide explains how to use the Command-Line Interface (CLI)

to configure the ZyWALL.

Note: It is recommended you use the Web Configurator to configure the ZyWALL.

About This User's Guide

ZyWALL USG 300 User’s Guide

4

• Web Configurator Online Help

Click the help icon in any screen for help in configuring that screen and

supplementary information.

Documentation Feedback

Send your comments, questions or suggestions to: [email protected]

Thank you!

The Technical Writing Team, ZyXEL Communications Corp.,

6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan.

Need More Help?

More help is available at www.zyxel.com.

• Download Library

Search for the latest product updates and documentation from this link. Read

the Tech Doc Overview to find out how to efficiently use the User Guide, Quick

Start Guide and Command Line Interface Reference Guide in order to better

understand how to use your product.

• Knowledge Base

If you have a specific question about your product, the answer may be here.

This is a collection of answers to previously asked questions about ZyXEL

products.

•Forum

This contains discussions on ZyXEL products. Learn from others who use ZyXEL

products and share your experiences as well.

Customer Support

Should problems arise that cannot be solved by the methods listed above, you

should contact your vendor. If you cannot contact your vendor, then contact a

ZyXEL office for the region in which you bought the device.

About This User's Guide

ZyWALL USG 300 User’s Guide

5

See http://www.zyxel.com/web/contact_us.php for contact information. Please

have the following information ready when you contact an office.

• Product model and serial number.

•Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

Disclaimer

Graphics in this book may differ slightly from the product due to differences in

operating systems, operating system versions, or if you installed updated

firmware/software for your device. Every effort has been made to ensure that the

information in this manual is accurate.

Document Conventions

ZyWALL USG 300 User’s Guide

6

Document Conventions

Warnings and Notes

These are how warnings and notes are shown in this User’s Guide.

Warnings tell you about things that could harm you or your device.

Note: Notes tell you other important information (for example, other things you may

need to configure or helpful tips) or recommendations.

Syntax Conventions

• The ZyWALL may be referred to as the “ZyWALL”, the “device”, the “system” or

the “product” in this User’s Guide.

• Product labels, screen names, field labels and field choices are all in bold font.

• A key stroke is denoted by square brackets and uppercase text, for example,

[ENTER] means the “enter” or “return” key on your keyboard.

• “Enter” means for you to type one or more characters and then press the

[ENTER] key. “Select” or “choose” means for you to use one of the predefined

choices.

• A right angle bracket ( > ) within a screen name denotes a mouse click. For

example, Maintenance > Log > Log Setting means you first click

Maintenance in the navigation panel, then the Log sub menu and finally the

Log Setting tab to get to that screen.

• Units of measurement may denote the “metric” value or the “scientific” value.

For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may

denote “1000000” or “1048576” and so on.

• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other

words”.

Document Conventions

ZyWALL USG 300 User’s Guide

7

Icons Used in Figures

Figures in this User’s Guide may use the following generic icons. The ZyWALL icon

is not an exact representation of your device.

ZyWALL Computer Notebook computer

Server Firewall Telephone

Switch Router

Safety Warnings

ZyWALL USG 300 User’s Guide

8

Safety Warnings

• Do NOT use this product near water, for example, in a wet basement or near a swimming

pool.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT store things on the device.

• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk

of electric shock from lightning.

• Connect ONLY suitable accessories to the device.

• Do NOT open the device or unit. Opening or removing covers can expose you to

dangerous high voltage points or other risks. ONLY qualified service personnel should

service or disassemble this device. Please contact your vendor for further information.

• Make sure to connect the cables to the correct ports.

• Place connecting cables carefully so that no one will step on them or stumble over them.

• Always disconnect all cables from this device before servicing or disassembling.

• Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right

supply voltage (for example, 110V AC in North America or 230V AC in Europe).

• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the

product where anyone can walk on the power adaptor or cord.

• Do NOT use the device if the power adaptor or cord is damaged as it might cause

electrocution.

• If the power adaptor or cord is damaged, remove it from the device and the power

source.

• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a

new one.

• Do not use the device outside, and make sure all the connections are indoors. There is a

remote risk of electric shock from lightning.

• CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN

INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.

Dispose them at the applicable collection point for the recycling of electrical and

electronic equipment. For detailed information about recycling of this product, please

contact your local city office, your household waste disposal service or the store where

you purchased the product.

• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your

device.

Your product is marked with this symbol, which is known as the WEEE mark. WEEE

stands for Waste Electronics and Electrical Equipment. It means that used electrical

and electronic products should not be mixed with general waste. Used electrical and

electronic equipment should be treated separately.

Contents Overview

ZyWALL USG 300 User’s Guide

9

Contents Overview

User’s Guide ...........................................................................................................................31

Introducing the ZyWALL ............................................................................................................ 33

Features and Applications ......................................................................................................... 39

Web Configurator ....................................................................................................................... 47

Installation Setup Wizard ........................................................................................................... 65

Quick Setup ............................................................................................................................... 75

Configuration Basics .................................................................................................................. 93

Tutorials ...................................................................................................................................117

L2TP VPN Example .................................................................................................................185

Technical Reference ............................................................................................................223

Dashboard .............................................................................................................................. 225

Monitor .................................................................................................................................... 239

Registration ............................................................................................................................. 283

Signature Update .....................................................................................................................289

Interfaces ................................................................................................................................. 295

Trunks ..................................................................................................................................... 369

Policy and Static Routes .......................................................................................................... 379

Routing Protocols .................................................................................................................... 395

Zones ....................................................................................................................................... 409

DDNS ...................................................................................................................................... 413

NAT .......................................................................................................................................... 419

HTTP Redirect ........................................................................................................................ 429

ALG ......................................................................................................................................... 435

IP/MAC Binding ...................................................................................................................... 443

Authentication Policy ............................................................................................................... 449

Firewall .................................................................................................................................... 457

IPSec VPN ............................................................................................................................... 475

SSL VPN ................................................................................................................................. 517

SSL User Screens ...................................................................................................................531

SSL User Application Screens ................................................................................................ 541

SSL User File Sharing .............................................................................................................543

ZyWALL SecuExtender ...........................................................................................................551

L2TP VPN ................................................................................................................................555

Application Patrol ..................................................................................................................... 559

Anti-Virus .................................................................................................................................585

IDP .......................................................................................................................................... 601

ADP ........................................................................................................................................ 637

Contents Overview

ZyWALL USG 300 User’s Guide

10

Content Filtering ..................................................................................................................... 659

Content Filter Reports ............................................................................................................. 683

Anti-Spam ................................................................................................................................ 691

Device HA ................................................................................................................................ 709

User/Group .............................................................................................................................. 731

Addresses ............................................................................................................................... 747

Services ................................................................................................................................... 753

Schedules ................................................................................................................................ 759

AAA Server ............................................................................................................................. 765

Authentication Method ............................................................................................................. 775

Certificates ............................................................................................................................... 781

ISP Accounts ........................................................................................................................... 803

SSL Application ....................................................................................................................... 807

Endpoint Security ....................................................................................................................815

System ................................................................................................................................... 825

Log and Report ...................................................................................................................... 877

File Manager ........................................................................................................................... 893

Diagnostics ............................................................................................................................. 905

Reboot ..................................................................................................................................... 915

Shutdown .................................................................................................................................917

Troubleshooting ....................................................................................................................... 919

Product Specifications ............................................................................................................. 939

Table of Contents

ZyWALL USG 300 User’s Guide

11

Table of Contents

About This User's Guide..........................................................................................................3

Document Conventions............................................................................................................6

Safety Warnings........................................................................................................................8

Contents Overview ...................................................................................................................9

Table of Contents....................................................................................................................11

Part I: User’s Guide................................................................................ 31

Chapter 1

Introducing the ZyWALL ........................................................................................................33

1.1 Overview and Key Default Settings ..................................................................................... 33

1.2 Rack-mounted Installation ...................................................................................................33

1.2.1 Rack-Mounted Installation Procedure ........................................................................ 34

1.3 Front Panel .......................................................................................................................... 35

1.3.1 Front Panel LEDs ....................................................................................................... 35

1.4 Management Overview ........................................................................................................35

1.5 Starting and Stopping the ZyWALL ...................................................................................... 37

Chapter 2

Features and Applications.....................................................................................................39

2.1 Features .............................................................................................................................. 39

2.2 Applications ......................................................................................................................... 41

2.2.1 VPN Connectivity ....................................................................................................... 42

2.2.2 SSL VPN Network Access ......................................................................................... 42

2.2.3 User-Aware Access Control ....................................................................................... 44

2.2.4 Multiple WAN Interfaces ............................................................................................. 44

2.2.5 Device HA .................................................................................................................. 45

Chapter 3

Web Configurator....................................................................................................................47

3.1 Web Configurator Requirements ......................................................................................... 47

3.2 Web Configurator Access ....................................................................................................47

3.3 Web Configurator Screens Overview .................................................................................. 49

3.3.1 Title Bar ......................................................................................................................50

Table of Contents

ZyWALL USG 300 User’s Guide

12

3.3.2 Navigation Panel ........................................................................................................ 51

3.3.3 Main Window ..............................................................................................................57

3.3.4 Tables and Lists .........................................................................................................59

Chapter 4

Installation Setup Wizard .......................................................................................................65

4.1 Installation Setup Wizard Screens ...................................................................................... 65

4.1.1 Internet Access Setup - WAN Interface ..................................................................... 66

4.1.2 Internet Access: Ethernet .......................................................................................... 66

4.1.3 Internet Access: PPPoE ............................................................................................. 68

4.1.4 Internet Access: PPTP .............................................................................................. 69

4.1.5 ISP Parameters .......................................................................................................... 69

4.1.6 Internet Access Setup - Second WAN Interface ........................................................ 71

4.1.7 Internet Access - Finish ............................................................................................. 71

4.2 Device Registration ........................................................................................................... 72

Chapter 5

Quick Setup.............................................................................................................................75

5.1 Quick Setup Overview ......................................................................................................... 75

5.2 WAN Interface Quick Setup .................................................................................................76

5.2.1 Choose an Ethernet Interface .................................................................................... 76

5.2.2 Select WAN Type ....................................................................................................... 76

5.2.3 Configure WAN Settings ............................................................................................ 77

5.2.4 WAN and ISP Connection Settings ............................................................................ 78

5.2.5 Quick Setup Interface Wizard: Summary ................................................................... 80

5.3 VPN Quick Setup ................................................................................................................. 81

5.4 VPN Setup Wizard: Wizard Type ......................................................................................... 82

5.5 VPN Express Wizard - Scenario ......................................................................................... 83

5.5.1 VPN Express Wizard - Configuration ........................................................................ 84

5.5.2 VPN Express Wizard - Summary .............................................................................. 85

5.5.3 VPN Express Wizard - Finish .................................................................................... 86

5.5.4 VPN Advanced Wizard - Scenario ............................................................................ 87

5.5.5 VPN Advanced Wizard - Phase 1 Settings ............................................................... 88

5.5.6 VPN Advanced Wizard - Phase 2 ............................................................................. 90

5.5.7 VPN Advanced Wizard - Summary ........................................................................... 91

5.5.8 VPN Advanced Wizard - Finish ................................................................................. 92

Chapter 6

Configuration Basics..............................................................................................................93

6.1 Object-based Configuration .................................................................................................93

6.2 Zones, Interfaces, and Physical Ports ................................................................................. 94

6.2.1 Interface Types ...........................................................................................................95

6.2.2 Default Interface and Zone Configuration .................................................................. 96

Table of Contents

ZyWALL USG 300 User’s Guide

13

6.3 Terminology in the ZyWALL .................................................................................................97

6.4 Packet Flow ......................................................................................................................... 98

6.4.1 ZLD 2.20 Packet Flow Enhancements ....................................................................... 98

6.4.2 Routing Table Checking Flow Enhancements ............................................................ 99

6.4.3 NAT Table Checking Flow ........................................................................................ 100

6.5 Feature Configuration Overview ....................................................................................... 101

6.5.1 Feature ..................................................................................................................... 102

6.5.2 Licensing Registration .............................................................................................. 102

6.5.3 Licensing Update ..................................................................................................... 102

6.5.4 Interface ................................................................................................................... 103

6.5.5 Trunks ......................................................................................................................103

6.5.6 Policy Routes ...........................................................................................................103

6.5.7 Static Routes ............................................................................................................105

6.5.8 Zones ....................................................................................................................... 105

6.5.9 DDNS .......................................................................................................................105

6.5.10 NAT ........................................................................................................................105

6.5.11 HTTP Redirect ........................................................................................................ 106

6.5.12 ALG ........................................................................................................................ 107

6.5.13 Auth. Policy ............................................................................................................107

6.5.14 Firewall ................................................................................................................... 107

6.5.15 IPSec VPN .............................................................................................................108

6.5.16 SSL VPN ................................................................................................................108

6.5.17 L2TP VPN .............................................................................................................. 109

6.5.18 Application Patrol ................................................................................................... 109

6.5.19 Anti-Virus .................................................................................................................110

6.5.20 IDP ..........................................................................................................................110

6.5.21 ADP .........................................................................................................................110

6.5.22 Content Filter ...........................................................................................................110

6.5.23 Anti-Spam ................................................................................................................111

6.5.24 Device HA ...............................................................................................................111

6.6 Objects ...............................................................................................................................112

6.6.1 User/Group ................................................................................................................112

6.7 System ................................................................................................................................113

6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM ...................113

6.7.2 Logs and Reports ......................................................................................................114

6.7.3 File Manager .............................................................................................................114

6.7.4 Diagnostics ................................................................................................................114

6.7.5 Shutdown ..................................................................................................................114

Chapter 7

Tutorials................................................................................................................................117

7.1 How to Configure Interfaces, Port Grouping, and Zones ....................................................117

7.1.1 Configure a WAN Ethernet Interface .........................................................................118

Table of Contents

ZyWALL USG 300 User’s Guide

14

7.1.2 Configure Zones ........................................................................................................118

7.1.3 Configure Port Grouping ...........................................................................................119

7.2 How to Configure a Cellular Interface ................................................................................ 120

7.3 How to Configure Load Balancing ..................................................................................... 122

7.3.1 Set Up Available Bandwidth on Ethernet Interfaces ................................................ 123

7.3.2 Configure the WAN Trunk ........................................................................................ 124

7.4 How to Set Up a Wireless LAN .......................................................................................... 125

7.4.1 Set Up User Accounts .............................................................................................. 125

7.4.2 Create the WLAN Interface ...................................................................................... 126

7.4.3 Set Up the Wireless Clients to Use the WLAN Interface .......................................... 129

7.5 How to Set Up an IPSec VPN Tunnel ................................................................................ 141

7.5.1 Set Up the VPN Gateway .........................................................................................142

7.5.2 Set Up the VPN Connection ..................................................................................... 142

7.5.3 Configure Security Policies for the VPN Tunnel ....................................................... 144

7.6 How to Configure a Hub-and-spoke IPSec VPN Without a VPN Concentrator ................. 144

7.7 How to Configure User-aware Access Control .................................................................. 146

7.7.1 Set Up User Accounts .............................................................................................. 147

7.7.2 Set Up User Groups ................................................................................................. 148

7.7.3 Set Up User Authentication Using the RADIUS Server ........................................... 148

7.7.4 Web Surfing Policies With Bandwidth Restrictions .................................................. 150

7.7.5 Set Up MSN Policies ................................................................................................ 153

7.7.6 Set Up Firewall Rules ............................................................................................... 154

7.8 How to Use a RADIUS Server to Authenticate User Accounts based on Groups ............. 155

7.9 How to Use Endpoint Security and Authentication Policies ............................................... 157

7.9.1 Configure the Endpoint Security Objects ................................................................. 157

7.9.2 Configure the Authentication Policy ......................................................................... 159

7.10 How to Configure Service Control ................................................................................... 160

7.10.1 Allow HTTPS Administrator Access Only From the LAN ....................................... 161

7.11 How to Allow Incoming H.323 Peer-to-peer Calls ............................................................ 163

7.11.1 Turn On the ALG .................................................................................................... 164

7.11.2 Set Up a NAT Policy For H.323 .............................................................................. 164

7.11.3 Set Up a Firewall Rule For H.323 ...........................................................................166

7.12 How to Allow Public Access to a Web Server .................................................................. 167

7.12.1 Create the Address Objects ................................................................................... 168

7.12.2 Configure NAT ........................................................................................................ 168

7.12.3 Set Up a Firewall Rule ........................................................................................... 169

7.13 How to Use an IPPBX on the DMZ .................................................................................. 170

7.13.1 Turn On the ALG .................................................................................................... 172

7.13.2 Create the Address Objects ................................................................................... 172

7.13.3 Setup a NAT Policy for the IPPBX ......................................................................... 173

7.13.4 Set Up a WAN to DMZ Firewall Rule for SIP ......................................................... 174

7.13.5 Set Up a DMZ to LAN Firewall Rule for SIP ........................................................... 175

7.14 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic ............... 176

Table of Contents

ZyWALL USG 300 User’s Guide

15

7.14.1 Create the Public IP Address Range Object .......................................................... 176

7.14.2 Configure the Policy Route .................................................................................... 177

7.15 How to Use Active-Passive Device HA ........................................................................... 177

7.15.1 Before You Start ..................................................................................................... 178

7.15.2 Configure Device HA on the Master ZyWALL ........................................................ 179

7.15.3 Configure the Backup ZyWALL .............................................................................. 181

7.15.4 Deploy the Backup ZyWALL .................................................................................. 183

7.15.5 Check Your Device HA Setup ................................................................................ 183

Chapter 8

L2TP VPN Example...............................................................................................................185

8.1 L2TP VPN Example ...........................................................................................................185

8.2 Configuring the Default L2TP VPN Gateway Example ...................................................... 185

8.3 Configuring the Default L2TP VPN Connection Example .................................................. 187

8.4 Configuring the L2TP VPN Settings Example ................................................................... 188

8.5 Configuring L2TP VPN in Windows Vista, XP, or 2000 .....................................................189

8.5.1 Configuring L2TP in Windows Vista ......................................................................... 189

8.5.2 Configuring L2TP in Windows XP ............................................................................ 199

8.5.3 Configuring L2TP in Windows 2000 ......................................................................... 205

Part II: Technical Reference................................................................ 223

Chapter 9

Dashboard............................................................................................................................225

9.1 Overview ............................................................................................................................ 225

9.1.1 What You Can Do in this Chapter ............................................................................ 225

9.2 The Dashboard Screen ..................................................................................................... 225

9.2.1 The CPU Usage Screen ........................................................................................... 232

9.2.2 The Memory Usage Screen ..................................................................................... 233

9.2.3 The Session Usage Screen ..................................................................................... 234

9.2.4 The VPN Status Screen ........................................................................................... 235

9.2.5 The DHCP Table Screen .......................................................................................... 235

9.2.6 The Number of Login Users Screen ......................................................................... 236

Chapter 10

Monitor..................................................................................................................................239

10.1 Overview ..........................................................................................................................239

10.1.1 What You Can Do in this Chapter .......................................................................... 239

10.2 The Port Statistics Screen .............................................................................................. 240

10.2.1 The Port Statistics Graph Screen .......................................................................... 242

10.3 Interface Status Screen ...................................................................................................243

Table of Contents

ZyWALL USG 300 User’s Guide

16

10.4 The Traffic Statistics Screen ............................................................................................ 247

10.5 The Session Monitor Screen .......................................................................................... 250

10.6 The DDNS Status Screen ................................................................................................252

10.7 IP/MAC Binding Monitor .................................................................................................. 253

10.8 The Login Users Screen ................................................................................................. 254

10.9 WLAN Interface Station Monitor Screen .......................................................................... 255

10.10 Cellular Status Screen ...................................................................................................256

10.11 USB Storage Screen .....................................................................................................258

10.12 Application Patrol Statistics ...........................................................................................259

10.12.1 Application Patrol Statistics: General Setup ......................................................... 259

10.12.2 Application Patrol Statistics: Bandwidth Statistics ................................................ 260

10.12.3 Application Patrol Statistics: Protocol Statistics ................................................... 261

10.12.4 Application Patrol Statistics: Individual Protocol Statistics by Rule ..................... 262

10.13 The IPSec Monitor Screen ........................................................................................... 263

10.13.1 Regular Expressions in Searching IPSec SAs ..................................................... 265

10.14 The SSL Connection Monitor Screen ............................................................................ 266

10.15 L2TP over IPSec Session Monitor Screen .................................................................... 267

10.16 The Anti-Virus Statistics Screen .................................................................................... 268

10.17 The IDP Statistics Screen .............................................................................................. 270

10.18 The Content Filter Statistics Screen .............................................................................. 272

10.19 Content Filter Cache Screen ......................................................................................... 273

10.20 The Anti-Spam Statistics Screen ................................................................................... 276

10.21 The Anti-Spam Status Screen ....................................................................................... 278

10.22 Log Screen .................................................................................................................... 279

Chapter 11

Registration...........................................................................................................................283

11.1 Overview .......................................................................................................................... 283

11.1.1 What You Can Do in this Chapter ........................................................................... 283

11.1.2 What you Need to Know ......................................................................................... 283

11.2 The Registration Screen ..................................................................................................285

11.3 The Service Screen .........................................................................................................287

Chapter 12

Signature Update ..................................................................................................................289

12.1 Overview ..........................................................................................................................289

12.1.1 What You Can Do in this Chapter .......................................................................... 289

12.1.2 What you Need to Know ........................................................................................ 289

12.2 The Antivirus Update Screen ........................................................................................... 290

12.3 The IDP/AppPatrol Update Screen .................................................................................. 291

12.4 The System Protect Update Screen ............................................................................... 293

Chapter 13

Interfaces...............................................................................................................................295

Table of Contents

ZyWALL USG 300 User’s Guide

17

13.1 Interface Overview ........................................................................................................... 295

13.1.1 What You Can Do in this Chapter .......................................................................... 295

13.1.2 What You Need to Know ........................................................................................ 296

13.2 Port Grouping ................................................................................................................. 299

13.2.1 Port Grouping Overview ......................................................................................... 299

13.2.2 Port Grouping Screen ............................................................................................ 299

13.3 Ethernet Summary Screen .............................................................................................. 300

13.3.1 Ethernet Edit .........................................................................................................302

13.3.2 Object References ................................................................................................. 309

13.4 PPP Interfaces ................................................................................................................ 310

13.4.1 PPP Interface Summary ..........................................................................................311

13.4.2 PPP Interface Add or Edit .....................................................................................313

13.5 Cellular Configuration Screen (3G) ................................................................................. 317

13.5.1 Cellular Add/Edit Screen ........................................................................................319

13.6 WLAN Interface General Screen ..................................................................................... 326

13.6.1 WLAN Add/Edit Screen .......................................................................................... 329

13.6.2 WLAN Add/Edit: WEP Security .............................................................................. 335

13.6.3 WLAN Add/Edit: WPA-PSK/WPA2-PSK Security ................................................... 336

13.6.4 WLAN Add/Edit: WPA/WPA2 Security ................................................................... 337

13.7 WLAN Interface MAC Filter ............................................................................................ 339

13.8 VLAN Interfaces .............................................................................................................341

13.8.1 VLAN Summary Screen ......................................................................................... 343

13.8.2 VLAN Add/Edit ...................................................................................................... 344

13.9 Bridge Interfaces ............................................................................................................ 351

13.9.1 Bridge Summary .................................................................................................... 353

13.9.2 Bridge Add/Edit ..................................................................................................... 354

13.10 Auxiliary Interface ......................................................................................................... 360

13.10.1 Auxiliary Interface Overview ................................................................................. 360

13.10.2 Auxiliary ................................................................................................................360

13.11 Virtual Interfaces ........................................................................................................... 362

13.11.1 Virtual Interfaces Add/Edit .................................................................................... 363

13.12 Interface Technical Reference ....................................................................................... 364

Chapter 14

Trunks...................................................................................................................................369

14.1 Overview ..........................................................................................................................369

14.1.1 What You Can Do in this Chapter .......................................................................... 369

14.1.2 What You Need to Know ........................................................................................ 370

14.2 The Trunk Summary Screen ............................................................................................ 374

14.3 Configuring a Trunk ........................................................................................................ 375

14.4 Trunk Technical Reference .............................................................................................. 377

Chapter 15

Policy and Static Routes......................................................................................................379

Table of Contents

ZyWALL USG 300 User’s Guide

18

15.1 Policy and Static Routes Overview .................................................................................. 379

15.1.1 What You Can Do in this Chapter .......................................................................... 379

15.1.2 What You Need to Know ....................................................................................... 380

15.2 Policy Route Screen ........................................................................................................382

15.2.1 Policy Route Edit Screen ....................................................................................... 385

15.3 IP Static Route Screen ....................................................................................................389

15.3.1 Static Route Add/Edit Screen ................................................................................. 390

15.4 Policy Routing Technical Reference ................................................................................ 391

Chapter 16

Routing Protocols.................................................................................................................395

16.1 Routing Protocols Overview ............................................................................................ 395

16.1.1 What You Can Do in this Chapter .......................................................................... 395

16.1.2 What You Need to Know ........................................................................................ 395

16.2 The RIP Screen ...............................................................................................................396

16.3 The OSPF Screen ...........................................................................................................397

16.3.1 Configuring the OSPF Screen ................................................................................ 401

16.3.2 OSPF Area Add/Edit Screen ................................................................................. 404

16.3.3 Virtual Link Add/Edit Screen .................................................................................405

16.4 Routing Protocol Technical Reference ............................................................................ 406

Chapter 17

Zones .....................................................................................................................................409

17.1 Zones Overview ............................................................................................................... 409

17.1.1 What You Can Do in this Chapter .......................................................................... 409

17.1.2 What You Need to Know ........................................................................................ 410

17.2 The Zone Screen ..............................................................................................................411

17.3 Zone Edit ........................................................................................................................ 412

Chapter 18

DDNS......................................................................................................................................413

18.1 DDNS Overview ..............................................................................................................413

18.1.1 What You Can Do in this Chapter .......................................................................... 413

18.1.2 What You Need to Know ........................................................................................ 413

18.2 The DDNS Screen ...........................................................................................................414

18.2.1 The Dynamic DNS Add/Edit Screen ...................................................................... 416

Chapter 19

NAT.........................................................................................................................................419

19.1 NAT Overview .................................................................................................................. 419

19.1.1 What You Can Do in this Chapter .......................................................................... 419

19.1.2 What You Need to Know ........................................................................................ 420

19.2 The NAT Screen .............................................................................................................. 420

Table of Contents

ZyWALL USG 300 User’s Guide

19

19.2.1 The NAT Add/Edit Screen ...................................................................................... 422

19.3 NAT Technical Reference ................................................................................................425

Chapter 20

HTTP Redirect......................................................................................................................429

20.1 Overview ..........................................................................................................................429

20.1.1 What You Can Do in this Chapter .......................................................................... 429

20.1.2 What You Need to Know ........................................................................................ 430

20.2 The HTTP Redirect Screen ............................................................................................. 431

20.2.1 The HTTP Redirect Edit Screen ............................................................................. 432

Chapter 21

ALG ........................................................................................................................................435

21.1 ALG Overview ................................................................................................................. 435

21.1.1 What You Can Do in this Chapter .......................................................................... 435

21.1.2 What You Need to Know ........................................................................................ 436

21.1.3 Before You Begin ................................................................................................... 439

21.2 The ALG Screen ..............................................................................................................439

21.3 ALG Technical Reference ................................................................................................ 441

Chapter 22

IP/MAC Binding....................................................................................................................443

22.1 IP/MAC Binding Overview ............................................................................................... 443

22.1.1 What You Can Do in this Chapter .......................................................................... 443

22.1.2 What You Need to Know ........................................................................................ 444

22.2 IP/MAC Binding Summary ............................................................................................... 444

22.2.1 IP/MAC Binding Edit ............................................................................................... 445

22.2.2 Static DHCP Edit .................................................................................................... 446

22.3 IP/MAC Binding Exempt List ........................................................................................... 447

Chapter 23

Authentication Policy...........................................................................................................449

23.1 Overview ..........................................................................................................................449

23.1.1 What You Can Do in this Chapter .......................................................................... 449

23.1.2 What You Need to Know ........................................................................................ 450

23.2 Authentication Policy Screen ...........................................................................................450

23.2.1 Adding Exceptional Services .................................................................................. 452

23.2.2 Creating/Editing an Authentication Policy .............................................................. 453

Chapter 24

Firewall...................................................................................................................................457

24.1 Overview ..........................................................................................................................457

24.1.1 What You Can Do in this Chapter .......................................................................... 457

Table of Contents

ZyWALL USG 300 User’s Guide

20

24.1.2 What You Need to Know ........................................................................................ 458

24.1.3 Firewall Rule Example Applications .......................................................................460

24.1.4 Firewall Rule Configuration Example ..................................................................... 463

24.2 The Firewall Screen ......................................................................................................... 465

24.2.1 Configuring the Firewall Screen ............................................................................. 466

24.2.2 The Firewall Add/Edit Screen ................................................................................. 469

24.3 The Session Limit Screen ................................................................................................ 470

24.3.1 The Session Limit Add/Edit Screen ........................................................................ 472

Chapter 25

IPSec VPN..............................................................................................................................475

25.1 IPSec VPN Overview .......................................................................................................475

25.1.1 What You Can Do in this Chapter .......................................................................... 475

25.1.2 What You Need to Know ........................................................................................ 476

25.1.3 Before You Begin ................................................................................................... 478

25.2 The VPN Connection Screen .......................................................................................... 478

25.2.1 The VPN Connection Add/Edit (IKE) Screen ......................................................... 480

25.2.2 The VPN Connection Add/Edit Manual Key Screen .............................................. 487

25.3 The VPN Gateway Screen .............................................................................................. 490

25.3.1 The VPN Gateway Add/Edit Screen ...................................................................... 491

25.4 VPN Concentrator ..........................................................................................................499

25.4.1 IPSec VPN Concentrator Example ........................................................................ 499

25.4.2 VPN Concentrator Screen ...................................................................................... 502

25.4.3 The VPN Concentrator Add/Edit Screen ................................................................ 502

25.5 IPSec VPN Background Information ............................................................................... 503

Chapter 26

SSL VPN.................................................................................................................................517

26.1 Overview ..........................................................................................................................517

26.1.1 What You Can Do in this Chapter .......................................................................... 517

26.1.2 What You Need to Know ........................................................................................ 517

26.2 The SSL Access Privilege Screen ................................................................................... 520

26.2.1 The SSL Access Policy Add/Edit Screen .............................................................. 522

26.3 The SSL Global Setting Screen ....................................................................................... 524

26.3.1 How to Upload a Custom Logo .............................................................................. 526

26.4 Establishing an SSL VPN Connection ............................................................................. 527

Chapter 27

SSL User Screens.................................................................................................................531

27.1 Overview ..........................................................................................................................531

27.1.1 What You Need to Know ........................................................................................ 531

27.2 Remote User Login .......................................................................................................... 532

27.3 The SSL VPN User Screens ........................................................................................... 537

ZyXEL Communications USG-300 - V2.20 ED 2, ZYWALL USG 300 User manual

Related papers

Other documents