2. Computers & electronics
  3. Networking
  4. Routers
  5. ZyXEL
  6. Communications Network Router USG 2000

ZyXEL Communications Network Router USG 2000, USG 2000 User manual

  • Hello! I am an AI chatbot trained to assist you with the ZyXEL Communications Network Router USG 2000 User manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
www.zyxel.com
www.zyxel.com
ZyWALL USG 2000
Unified Security Gateway
Copyright © 2010
ZyXEL Communications Corporation
Firmware Version 2.12
Edition 1, 3/2010
Default Login Details
LAN Port P1
IP Address https://192.168.1.1
User Name admin
Password 1234
About This User's Guide
ZyWALL USG 2000 User’s Guide
3
About This User's Guide
Intended Audience
This manual is intended for people who want to want to configure the ZyWALL
using the Web Configurator.
How To Use This Guide
•Read Chapter 1 on page 33 chapter for an overview of features available on the
ZyWALL.
•Read Chapter 3 on page 51 for web browser requirements and an introduction
to the main components, icons and menus in the ZyWALL Web Configurator.
•Read Chapter 4 on page 67 if you’re using the installation wizard for first time
setup and you want more detailed information than what the real time online
help provides.
•Read Chapter 5 on page 77 if you’re using the quick setup wizards and you want
more detailed information than what the real time online help provides.
It is highly recommended you read Chapter 6 on page 95 for detailed
information on essential terms used in the ZyWALL, what prerequisites are
needed to configure a feature and how to use that feature.
It is highly recommended you read Chapter 7 on page 119 for ZyWALL
application examples.
Subsequent chapters are arranged by menu item as defined in the Web
Configurator. Read each chapter carefully for detailed information on that menu
item.
To find specific information in this guide, use the Contents Overview, the
Table of Contents, the Index, or search the PDF file. E-mail
techwriters@zyxel.com.tw if you cannot find the information you require.
Related Documentation
•Quick Start Guide
The Quick Start Guide is designed to show you how to make the ZyWALL
hardware connections and access the Web Configurator wizards. (See the
wizard real time help for information on configuring each screen.) It also
contains a connection diagram and package contents list.
•CLI Reference Guide
The CLI Reference Guide explains how to use the Command-Line Interface (CLI)
to configure the ZyWALL.
Note: It is recommended you use the Web Configurator to configure the ZyWALL.
About This User's Guide
ZyWALL USG 2000 User’s Guide
4
Web Configurator Online Help
Click the help icon in any screen for help in configuring that screen and
supplementary information.
Documentation Feedback
Send your comments, questions or suggestions to: [email protected]
Thank you!
The Technical Writing Team, ZyXEL Communications Corp.,
6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan.
Need More Help?
More help is available at www.zyxel.com.
Download Library
Search for the latest product updates and documentation from this link. Read
the Tech Doc Overview to find out how to efficiently use the User Guide, Quick
Start Guide and Command Line Interface Reference Guide in order to better
understand how to use your product.
Knowledge Base
If you have a specific question about your product, the answer may be here.
This is a collection of answers to previously asked questions about ZyXEL
products.
•Forum
This contains discussions on ZyXEL products. Learn from others who use ZyXEL
products and share your experiences as well.
Customer Support
Should problems arise that cannot be solved by the methods listed above, you
should contact your vendor. If you cannot contact your vendor, then contact a
ZyXEL office for the region in which you bought the device.
About This User's Guide
ZyWALL USG 2000 User’s Guide
5
See http://www.zyxel.com/web/contact_us.php for contact information. Please
have the following information ready when you contact an office.
Product model and serial number.
•Warranty Information.
Date that you received your device.
Brief description of the problem and the steps you took to solve it.
Disclaimer
Graphics in this book may differ slightly from the product due to differences in
operating systems, operating system versions, or if you installed updated
firmware/software for your device. Every effort has been made to ensure that the
information in this manual is accurate.
Document Conventions
ZyWALL USG 2000 User’s Guide
6
Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this User’s Guide.
Warnings tell you about things that could harm you or your device.
Note: Notes tell you other important information (for example, other things you may
need to configure or helpful tips) or recommendations.
Syntax Conventions
The ZyWALL may be referred to as the “ZyWALL”, the “device”, the “system” or
the “product” in this User’s Guide.
Product labels, screen names, field labels and field choices are all in bold font.
A key stroke is denoted by square brackets and uppercase text, for example,
[ENTER] means the “enter” or “return” key on your keyboard.
“Enter” means for you to type one or more characters and then press the
[ENTER] key. “Select” or “choose” means for you to use one of the predefined
choices.
A right angle bracket ( > ) within a screen name denotes a mouse click. For
example, Maintenance > Log > Log Setting means you first click
Maintenance in the navigation panel, then the Log sub menu and finally the
Log Setting tab to get to that screen.
Units of measurement may denote the “metric” value or the “scientific” value.
For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may
denote “1000000” or “1048576” and so on.
“e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other
words”.
Document Conventions
ZyWALL USG 2000 User’s Guide
7
Icons Used in Figures
Figures in this User’s Guide may use the following generic icons. The ZyWALL icon
is not an exact representation of your device.
ZyWALL Computer Notebook computer
Server Firewall Telephone
Switch Router
Safety Warnings
ZyWALL USG 2000 User’s Guide
8
Safety Warnings
Do NOT use this product near water, for example, in a wet basement or near a swimming
pool.
Do NOT expose your device to dampness, dust or corrosive liquids.
Do NOT store things on the device.
Do NOT install, use, or service this device during a thunderstorm. There is a remote risk
of electric shock from lightning.
Connect ONLY suitable accessories to the device.
Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel should
service or disassemble this device. Please contact your vendor for further information.
Make sure to connect the cables to the correct ports.
Place connecting cables carefully so that no one will step on them or stumble over them.
Always disconnect all cables from this device before servicing or disassembling.
Caution: This unit has more than one power supply cord. Disconnect two power supply
cords before servicing to avoid electric shock. (has multiple power cords, e.g., chassis-
based Ethernet switch. Make sure you specify the correct number of power cords in both
the English and the French that follows)
Attention: Cet appareil comporte plus d'un cordon d'alimentation. Afin de prévenir les
chocs électriques, debrancher les deux cordons d'alimentation avant de faire le
dépannage.
Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right
supply voltage (for example, 110V AC in North America or 230V AC in Europe).
Do NOT allow anything to rest on the power adaptor or cord and do NOT place the
product where anyone can walk on the power adaptor or cord.
Do NOT use the device if the power adaptor or cord is damaged as it might cause
electrocution.
If the power adaptor or cord is damaged, remove it from the device and the power
source.
Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a
new one.
Do not use the device outside, and make sure all the connections are indoors. There is a
remote risk of electric shock from lightning.
CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN
INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.
Dispose them at the applicable collection point for the recycling of electrical and
electronic equipment. For detailed information about recycling of this product, please
contact your local city office, your household waste disposal service or the store where
you purchased the product.
Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your
device.
Your product is marked with this symbol, which is known as the WEEE mark. WEEE
stands for Waste Electronics and Electrical Equipment. It means that used electrical
and electronic products should not be mixed with general waste. Used electrical and
electronic equipment should be treated separately.
Contents Overview
ZyWALL USG 2000 User’s Guide
9
Contents Overview
Users Guide ...........................................................................................................................31
Introducing the ZyWALL ............................................................................................................33
Features and Applications ......................................................................................................... 43
Web Configurator ....................................................................................................................... 51
Installation Setup Wizard ........................................................................................................... 67
Quick Setup ............................................................................................................................... 77
Configuration Basics .................................................................................................................. 95
Tutorials ...................................................................................................................................119
L2TP VPN Example .................................................................................................................171
Technical Reference ............................................................................................................207
Dashboard .............................................................................................................................. 209
Monitor .................................................................................................................................... 223
Registration ............................................................................................................................. 265
Signature Update .....................................................................................................................271
Interfaces ................................................................................................................................. 277
Trunks ..................................................................................................................................... 337
Policy and Static Routes .......................................................................................................... 347
Routing Protocols .................................................................................................................... 363
Zones ....................................................................................................................................... 377
DDNS ...................................................................................................................................... 381
NAT ..........................................................................................................................................387
HTTP Redirect ........................................................................................................................ 397
ALG ......................................................................................................................................... 401
IP/MAC Binding ...................................................................................................................... 409
Authentication Policy ............................................................................................................... 415
Firewall .................................................................................................................................... 423
IPSec VPN ............................................................................................................................... 441
SSL VPN ................................................................................................................................. 481
SSL User Screens ................................................................................................................... 493
SSL User Application Screens ................................................................................................ 503
SSL User File Sharing ............................................................................................................. 505
ZyWALL SecuExtender ...........................................................................................................513
L2TP VPN ................................................................................................................................517
Application Patrol ..................................................................................................................... 521
Anti-Virus ................................................................................................................................. 547
IDP .......................................................................................................................................... 563
ADP ........................................................................................................................................ 597
Contents Overview
ZyWALL USG 2000 User’s Guide
10
Content Filtering ..................................................................................................................... 617
Content Filter Reports ............................................................................................................. 641
Anti-Spam ................................................................................................................................ 649
Device HA ................................................................................................................................667
User/Group .............................................................................................................................. 689
Addresses ............................................................................................................................... 705
Services ....................................................................................................................................711
Schedules ................................................................................................................................ 717
AAA Server ............................................................................................................................. 723
Authentication Method ............................................................................................................. 733
Certificates ............................................................................................................................... 739
ISP Accounts ........................................................................................................................... 761
SSL Application ....................................................................................................................... 765
Endpoint Security .................................................................................................................... 773
System ...................................................................................................................................783
Log and Report ...................................................................................................................... 833
File Manager ........................................................................................................................... 847
Diagnostics ............................................................................................................................. 859
Reboot ..................................................................................................................................... 865
Shutdown ................................................................................................................................. 867
Troubleshooting .......................................................................................................................869
Product Specifications .............................................................................................................891
Table of Contents
ZyWALL USG 2000 User’s Guide
11
Table of Contents
About This User's Guide..........................................................................................................3
Document Conventions............................................................................................................6
Safety Warnings........................................................................................................................8
Contents Overview ...................................................................................................................9
Table of Contents....................................................................................................................11
Part I: Users Guide................................................................................ 31
Chapter 1
Introducing the ZyWALL ........................................................................................................33
1.1 Overview and Key Default Settings ..................................................................................... 33
1.2 Rack-mounted Installation ................................................................................................... 33
1.2.1 Rack-Mounted Installation Procedure ........................................................................ 34
1.3 Front Panel .......................................................................................................................... 35
1.3.1 Dual Personality Interfaces ........................................................................................ 35
1.3.2 Maximizing Throughput .............................................................................................. 39
1.3.3 Front Panel LEDs ....................................................................................................... 39
1.4 Management Overview ........................................................................................................40
1.5 Starting and Stopping the ZyWALL ...................................................................................... 41
Chapter 2
Features and Applications.....................................................................................................43
2.1 Features .............................................................................................................................. 43
2.2 Applications ......................................................................................................................... 45
2.2.1 VPN Connectivity ....................................................................................................... 46
2.2.2 SSL VPN Network Access ......................................................................................... 46
2.2.3 User-Aware Access Control ....................................................................................... 48
2.2.4 Multiple WAN Interfaces ............................................................................................. 48
2.2.5 Device HA .................................................................................................................. 49
Chapter 3
Web Configurator....................................................................................................................51
3.1 Web Configurator Requirements ......................................................................................... 51
3.2 Web Configurator Access ....................................................................................................51
Table of Contents
ZyWALL USG 2000 User’s Guide
12
3.3 Web Configurator Screens Overview .................................................................................. 53
3.3.1 Title Bar ...................................................................................................................... 54
3.3.2 Navigation Panel ........................................................................................................54
3.3.3 Main Window ..............................................................................................................60
3.3.4 Tables and Lists .........................................................................................................63
Chapter 4
Installation Setup Wizard.......................................................................................................67
4.1 Installation Setup Wizard Screens ...................................................................................... 67
4.1.1 Internet Access Setup - WAN Interface ..................................................................... 68
4.1.2 Internet Access: Ethernet .......................................................................................... 68
4.1.3 Internet Access: PPPoE ............................................................................................. 70
4.1.4 Internet Access: PPTP .............................................................................................. 71
4.1.5 ISP Parameters .......................................................................................................... 71
4.1.6 Internet Access Setup - Second WAN Interface ........................................................ 73
4.1.7 Internet Access - Finish ............................................................................................. 73
4.2 Device Registration ........................................................................................................... 74
Chapter 5
Quick Setup.............................................................................................................................77
5.1 Quick Setup Overview .........................................................................................................77
5.2 WAN Interface Quick Setup .................................................................................................78
5.2.1 Choose an Ethernet Interface .................................................................................... 78
5.2.2 Select WAN Type ....................................................................................................... 78
5.2.3 Configure WAN Settings ............................................................................................ 79
5.2.4 WAN and ISP Connection Settings ............................................................................ 80
5.2.5 Quick Setup Interface Wizard: Summary ................................................................... 82
5.3 VPN Quick Setup ................................................................................................................. 83
5.4 VPN Setup Wizard: Wizard Type ......................................................................................... 84
5.5 VPN Express Wizard - Scenario ......................................................................................... 85
5.5.1 VPN Express Wizard - Configuration ........................................................................ 86
5.5.2 VPN Express Wizard - Summary .............................................................................. 87
5.5.3 VPN Express Wizard - Finish .................................................................................... 88
5.5.4 VPN Advanced Wizard - Scenario ............................................................................ 89
5.5.5 VPN Advanced Wizard - Phase 1 Settings ............................................................... 90
5.5.6 VPN Advanced Wizard - Phase 2 ............................................................................. 92
5.5.7 VPN Advanced Wizard - Summary ........................................................................... 93
5.5.8 VPN Advanced Wizard - Finish ................................................................................. 94
Chapter 6
Configuration Basics..............................................................................................................95
6.1 Object-based Configuration .................................................................................................95
6.2 Zones, Interfaces, and Physical Ports ................................................................................. 96
Table of Contents
ZyWALL USG 2000 User’s Guide
13
6.2.1 Interface Types ........................................................................................................... 97
6.2.2 Default Interface and Zone Configuration .................................................................. 98
6.3 Terminology in the ZyWALL .................................................................................................99
6.4 Packet Flow ....................................................................................................................... 100
6.4.1 ZLD 2.20 Packet Flow Enhancements ..................................................................... 100
6.4.2 Routing Table Checking Flow Enhancements .......................................................... 101
6.4.3 NAT Table Checking Flow ........................................................................................102
6.5 Feature Configuration Overview ....................................................................................... 103
6.5.1 Feature ..................................................................................................................... 104
6.5.2 Licensing Registration ..............................................................................................104
6.5.3 Licensing Update ..................................................................................................... 104
6.5.4 Interface ................................................................................................................... 105
6.5.5 Trunks ......................................................................................................................105
6.5.6 Policy Routes ...........................................................................................................105
6.5.7 Static Routes ............................................................................................................107
6.5.8 Zones ....................................................................................................................... 107
6.5.9 DDNS ....................................................................................................................... 107
6.5.10 NAT ........................................................................................................................ 107
6.5.11 HTTP Redirect ........................................................................................................ 108
6.5.12 ALG ........................................................................................................................ 109
6.5.13 Auth. Policy ............................................................................................................109
6.5.14 Firewall ................................................................................................................... 109
6.5.15 IPSec VPN ..............................................................................................................110
6.5.16 SSL VPN .................................................................................................................110
6.5.17 L2TP VPN ...............................................................................................................111
6.5.18 Application Patrol ....................................................................................................111
6.5.19 Anti-Virus .................................................................................................................112
6.5.20 IDP ..........................................................................................................................112
6.5.21 ADP .........................................................................................................................112
6.5.22 Content Filter ...........................................................................................................112
6.5.23 Anti-Spam ................................................................................................................113
6.5.24 Device HA ...............................................................................................................113
6.6 Objects ...............................................................................................................................114
6.6.1 User/Group ................................................................................................................114
6.7 System ................................................................................................................................115
6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM ...................115
6.7.2 Logs and Reports ......................................................................................................116
6.7.3 File Manager .............................................................................................................116
6.7.4 Diagnostics ................................................................................................................116
6.7.5 Shutdown ..................................................................................................................116
Chapter 7
Tutorials................................................................................................................................119
Table of Contents
ZyWALL USG 2000 User’s Guide
14
7.1 How to Configure Interfaces, Port Grouping, and Zones ....................................................119
7.1.1 Configure a WAN Ethernet Interface ........................................................................ 120
7.1.2 Configure Zones ....................................................................................................... 120
7.1.3 Configure Port Grouping .......................................................................................... 121
7.2 How to Configure a Cellular Interface ................................................................................122
7.3 How to Configure Load Balancing ..................................................................................... 124
7.3.1 Set Up Available Bandwidth on Ethernet Interfaces ................................................ 125
7.3.2 Configure the WAN Trunk ........................................................................................126
7.4 How to Set Up an IPSec VPN Tunnel ................................................................................ 127
7.4.1 Set Up the VPN Gateway .........................................................................................128
7.4.2 Set Up the VPN Connection ..................................................................................... 129
7.4.3 Configure Security Policies for the VPN Tunnel ....................................................... 130
7.5 How to Configure a Hub-and-spoke IPSec VPN Without a VPN Concentrator ................. 131
7.6 How to Configure User-aware Access Control .................................................................. 133
7.6.1 Set Up User Accounts .............................................................................................. 134
7.6.2 Set Up User Groups .................................................................................................134
7.6.3 Set Up User Authentication Using the RADIUS Server ...........................................135
7.6.4 Web Surfing Policies With Bandwidth Restrictions ..................................................137
7.6.5 Set Up MSN Policies ................................................................................................ 140
7.6.6 Set Up Firewall Rules ............................................................................................... 141
7.7 How to Use a RADIUS Server to Authenticate User Accounts based on Groups ............. 142
7.8 How to Use Endpoint Security and Authentication Policies ............................................... 144
7.8.1 Configure the Endpoint Security Objects ................................................................. 144
7.8.2 Configure the Authentication Policy ......................................................................... 146
7.9 How to Configure Service Control ..................................................................................... 147
7.9.1 Allow HTTPS Administrator Access Only From the LAN ......................................... 148
7.10 How to Allow Incoming H.323 Peer-to-peer Calls ........................................................... 150
7.10.1 Turn On the ALG .................................................................................................... 151
7.10.2 Set Up a NAT Policy For H.323 ..............................................................................151
7.10.3 Set Up a Firewall Rule For H.323 ..........................................................................153
7.11 How to Allow Public Access to a Web Server .................................................................. 154
7.11.1 Create the Address Objects ...................................................................................155
7.11.2 Configure NAT ........................................................................................................ 155
7.11.3 Set Up a Firewall Rule ............................................................................................156
7.12 How to Use an IPPBX on the DMZ .................................................................................. 157
7.12.1 Turn On the ALG .................................................................................................... 159
7.12.2 Create the Address Objects ...................................................................................159
7.12.3 Setup a NAT Policy for the IPPBX ......................................................................... 160
7.12.4 Set Up a WAN to DMZ Firewall Rule for SIP ......................................................... 161
7.12.5 Set Up a DMZ to LAN Firewall Rule for SIP ...........................................................162
7.13 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic ...............163
7.13.1 Create the Public IP Address Range Object .......................................................... 163
7.13.2 Configure the Policy Route .................................................................................... 164
Table of Contents
ZyWALL USG 2000 User’s Guide
15
7.14 How to Use Active-Passive Device HA ........................................................................... 164
7.14.1 Before You Start .....................................................................................................165
7.14.2 Configure Device HA on the Master ZyWALL ........................................................ 166
7.14.3 Configure the Backup ZyWALL .............................................................................. 168
7.14.4 Deploy the Backup ZyWALL .................................................................................. 170
7.14.5 Check Your Device HA Setup ................................................................................170
Chapter 8
L2TP VPN Example...............................................................................................................171
8.1 L2TP VPN Example ...........................................................................................................171
8.2 Configuring the Default L2TP VPN Gateway Example ...................................................... 171
8.3 Configuring the Default L2TP VPN Connection Example .................................................. 173
8.4 Configuring the L2TP VPN Settings Example ...................................................................174
8.5 Configuring L2TP VPN in Windows Vista, XP, or 2000 ..................................................... 175
8.5.1 Configuring L2TP in Windows Vista ......................................................................... 175
8.5.2 Configuring L2TP in Windows XP ............................................................................ 185
8.5.3 Configuring L2TP in Windows 2000 ......................................................................... 191
Part II: Technical Reference................................................................ 207
Chapter 9
Dashboard............................................................................................................................209
9.1 Overview ............................................................................................................................ 209
9.1.1 What You Can Do in this Chapter ............................................................................ 209
9.2 The Dashboard Screen ..................................................................................................... 209
9.2.1 The CPU Usage Screen ........................................................................................... 216
9.2.2 The Memory Usage Screen ..................................................................................... 217
9.2.3 The Session Usage Screen ..................................................................................... 218
9.2.4 The VPN Status Screen ........................................................................................... 219
9.2.5 The DHCP Table Screen ..........................................................................................219
9.2.6 The Number of Login Users Screen ......................................................................... 220
Chapter 10
Monitor..................................................................................................................................223
10.1 Overview .......................................................................................................................... 223
10.1.1 What You Can Do in this Chapter .......................................................................... 223
10.2 The Port Statistics Screen .............................................................................................. 224
10.2.1 The Port Statistics Graph Screen .......................................................................... 226
10.3 Interface Status Screen ...................................................................................................227
10.4 The Traffic Statistics Screen ............................................................................................230
10.5 The Session Monitor Screen .......................................................................................... 233
Table of Contents
ZyWALL USG 2000 User’s Guide
16
10.6 The DDNS Status Screen ................................................................................................ 236
10.7 IP/MAC Binding Monitor .................................................................................................. 236
10.8 The Login Users Screen ................................................................................................. 238
10.9 Cellular Status Screen .....................................................................................................239
10.10 Application Patrol Statistics ........................................................................................... 241
10.10.1 Application Patrol Statistics: General Setup ......................................................... 241
10.10.2 Application Patrol Statistics: Bandwidth Statistics ................................................ 242
10.10.3 Application Patrol Statistics: Protocol Statistics ................................................... 243
10.10.4 Application Patrol Statistics: Individual Protocol Statistics by Rule ..................... 244
10.11 The IPSec Monitor Screen ............................................................................................245
10.11.1 Regular Expressions in Searching IPSec SAs ..................................................... 247
10.12 The SSL Connection Monitor Screen ............................................................................ 248
10.13 L2TP over IPSec Session Monitor Screen .................................................................... 249
10.14 The Anti-Virus Statistics Screen ....................................................................................250
10.15 The IDP Statistics Screen .............................................................................................. 252
10.16 The Content Filter Statistics Screen .............................................................................. 254
10.17 Content Filter Cache Screen ......................................................................................... 255
10.18 The Anti-Spam Statistics Screen ...................................................................................258
10.19 The Anti-Spam Status Screen ....................................................................................... 260
10.20 Log Screen .................................................................................................................... 261
Chapter 11
Registration...........................................................................................................................265
11.1 Overview .......................................................................................................................... 265
11.1.1 What You Can Do in this Chapter ........................................................................... 265
11.1.2 What you Need to Know ......................................................................................... 265
11.2 The Registration Screen ..................................................................................................267
11.3 The Service Screen ......................................................................................................... 269
Chapter 12
Signature Update ..................................................................................................................271
12.1 Overview .......................................................................................................................... 271
12.1.1 What You Can Do in this Chapter .......................................................................... 271
12.1.2 What you Need to Know ........................................................................................ 271
12.2 The Antivirus Update Screen ........................................................................................... 272
12.3 The IDP/AppPatrol Update Screen .................................................................................. 273
12.4 The System Protect Update Screen ...............................................................................275
Chapter 13
Interfaces...............................................................................................................................277
13.1 Interface Overview ........................................................................................................... 277
13.1.1 What You Can Do in this Chapter .......................................................................... 277
13.1.2 What You Need to Know ........................................................................................ 278
Table of Contents
ZyWALL USG 2000 User’s Guide
17
13.2 Port Grouping ................................................................................................................. 280
13.2.1 Port Grouping Overview ......................................................................................... 281
13.2.2 Port Grouping Screen ............................................................................................281
13.3 Ethernet Summary Screen .............................................................................................. 282
13.3.1 Ethernet Edit .........................................................................................................284
13.3.2 Object References ................................................................................................. 291
13.4 PPP Interfaces ................................................................................................................ 292
13.4.1 PPP Interface Summary .........................................................................................293
13.4.2 PPP Interface Add or Edit ..................................................................................... 295
13.5 Cellular Configuration Screen (3G) ................................................................................. 299
13.5.1 Cellular Add/Edit Screen ........................................................................................ 301
13.6 VLAN Interfaces ............................................................................................................. 308
13.6.1 VLAN Summary Screen ......................................................................................... 310
13.6.2 VLAN Add/Edit .......................................................................................................311
13.7 Bridge Interfaces ............................................................................................................ 318
13.7.1 Bridge Summary .................................................................................................... 320
13.7.2 Bridge Add/Edit .....................................................................................................321
13.8 Auxiliary Interface ........................................................................................................... 327
13.8.1 Auxiliary Interface Overview ................................................................................... 327
13.8.2 Auxiliary .................................................................................................................. 327
13.9 Virtual Interfaces .............................................................................................................329
13.9.1 Virtual Interfaces Add/Edit ......................................................................................330
13.10 Interface Technical Reference ....................................................................................... 331
Chapter 14
Trunks...................................................................................................................................337
14.1 Overview .......................................................................................................................... 337
14.1.1 What You Can Do in this Chapter .......................................................................... 337
14.1.2 What You Need to Know ........................................................................................ 338
14.2 The Trunk Summary Screen ............................................................................................342
14.3 Configuring a Trunk ........................................................................................................ 343
14.4 Trunk Technical Reference .............................................................................................. 345
Chapter 15
Policy and Static Routes......................................................................................................347
15.1 Policy and Static Routes Overview .................................................................................. 347
15.1.1 What You Can Do in this Chapter .......................................................................... 347
15.1.2 What You Need to Know ....................................................................................... 348
15.2 Policy Route Screen ........................................................................................................ 350
15.2.1 Policy Route Edit Screen .......................................................................................353
15.3 IP Static Route Screen ....................................................................................................357
15.3.1 Static Route Add/Edit Screen .................................................................................358
15.4 Policy Routing Technical Reference ................................................................................ 359
Table of Contents
ZyWALL USG 2000 User’s Guide
18
Chapter 16
Routing Protocols.................................................................................................................363
16.1 Routing Protocols Overview ............................................................................................ 363
16.1.1 What You Can Do in this Chapter .......................................................................... 363
16.1.2 What You Need to Know ........................................................................................ 363
16.2 The RIP Screen ............................................................................................................... 364
16.3 The OSPF Screen ...........................................................................................................365
16.3.1 Configuring the OSPF Screen ................................................................................369
16.3.2 OSPF Area Add/Edit Screen ................................................................................. 372
16.3.3 Virtual Link Add/Edit Screen ................................................................................. 373
16.4 Routing Protocol Technical Reference ............................................................................ 374
Chapter 17
Zones .....................................................................................................................................377
17.1 Zones Overview ............................................................................................................... 377
17.1.1 What You Can Do in this Chapter .......................................................................... 377
17.1.2 What You Need to Know ........................................................................................ 378
17.2 The Zone Screen .............................................................................................................379
17.3 Zone Edit ........................................................................................................................380
Chapter 18
DDNS......................................................................................................................................381
18.1 DDNS Overview .............................................................................................................. 381
18.1.1 What You Can Do in this Chapter .......................................................................... 381
18.1.2 What You Need to Know ........................................................................................ 381
18.2 The DDNS Screen ...........................................................................................................382
18.2.1 The Dynamic DNS Add/Edit Screen ...................................................................... 384
Chapter 19
NAT.........................................................................................................................................387
19.1 NAT Overview .................................................................................................................. 387
19.1.1 What You Can Do in this Chapter .......................................................................... 387
19.1.2 What You Need to Know ........................................................................................ 388
19.2 The NAT Screen .............................................................................................................. 388
19.2.1 The NAT Add/Edit Screen ......................................................................................390
19.3 NAT Technical Reference ................................................................................................393
Chapter 20
HTTP Redirect......................................................................................................................397
20.1 Overview .......................................................................................................................... 397
20.1.1 What You Can Do in this Chapter .......................................................................... 397
20.1.2 What You Need to Know ........................................................................................ 398
20.2 The HTTP Redirect Screen .............................................................................................399
Table of Contents
ZyWALL USG 2000 User’s Guide
19
20.2.1 The HTTP Redirect Edit Screen ............................................................................. 400
Chapter 21
ALG ........................................................................................................................................401
21.1 ALG Overview ................................................................................................................. 401
21.1.1 What You Can Do in this Chapter .......................................................................... 401
21.1.2 What You Need to Know ........................................................................................ 402
21.1.3 Before You Begin ................................................................................................... 405
21.2 The ALG Screen ..............................................................................................................405
21.3 ALG Technical Reference ................................................................................................ 407
Chapter 22
IP/MAC Binding....................................................................................................................409
22.1 IP/MAC Binding Overview ............................................................................................... 409
22.1.1 What You Can Do in this Chapter .......................................................................... 409
22.1.2 What You Need to Know ........................................................................................ 410
22.2 IP/MAC Binding Summary ............................................................................................... 410
22.2.1 IP/MAC Binding Edit ................................................................................................411
22.2.2 Static DHCP Edit .................................................................................................... 412
22.3 IP/MAC Binding Exempt List ...........................................................................................413
Chapter 23
Authentication Policy...........................................................................................................415
23.1 Overview .......................................................................................................................... 415
23.1.1 What You Can Do in this Chapter .......................................................................... 415
23.1.2 What You Need to Know ........................................................................................ 416
23.2 Authentication Policy Screen ........................................................................................... 416
23.2.1 Creating/Editing an Authentication Policy .............................................................. 419
Chapter 24
Firewall...................................................................................................................................423
24.1 Overview .......................................................................................................................... 423
24.1.1 What You Can Do in this Chapter .......................................................................... 423
24.1.2 What You Need to Know ........................................................................................ 424
24.1.3 Firewall Rule Example Applications ....................................................................... 426
24.1.4 Firewall Rule Configuration Example ..................................................................... 429
24.2 The Firewall Screen ......................................................................................................... 431
24.2.1 Configuring the Firewall Screen .............................................................................432
24.2.2 The Firewall Add/Edit Screen ................................................................................. 435
24.3 The Session Limit Screen ................................................................................................ 436
24.3.1 The Session Limit Add/Edit Screen ........................................................................438
Chapter 25
IPSec VPN..............................................................................................................................441
Table of Contents
ZyWALL USG 2000 User’s Guide
20
25.1 IPSec VPN Overview .......................................................................................................441
25.1.1 What You Can Do in this Chapter .......................................................................... 441
25.1.2 What You Need to Know ........................................................................................ 442
25.1.3 Before You Begin ................................................................................................... 444
25.2 The VPN Connection Screen .......................................................................................... 444
25.2.1 The VPN Connection Add/Edit (IKE) Screen ......................................................... 446
25.2.2 The VPN Connection Add/Edit Manual Key Screen ..............................................453
25.3 The VPN Gateway Screen .............................................................................................. 456
25.3.1 The VPN Gateway Add/Edit Screen ...................................................................... 457
25.4 VPN Concentrator ..........................................................................................................465
25.4.1 IPSec VPN Concentrator Example ........................................................................ 465
25.4.2 VPN Concentrator Screen ......................................................................................468
25.4.3 The VPN Concentrator Add/Edit Screen ................................................................468
25.5 IPSec VPN Background Information ............................................................................... 469
Chapter 26
SSL VPN.................................................................................................................................481
26.1 Overview .......................................................................................................................... 481
26.1.1 What You Can Do in this Chapter .......................................................................... 481
26.1.2 What You Need to Know ........................................................................................ 481
26.2 The SSL Access Privilege Screen ...................................................................................484
26.2.1 The SSL Access Policy Add/Edit Screen .............................................................. 486
26.3 The SSL Global Setting Screen ....................................................................................... 488
26.3.1 How to Upload a Custom Logo .............................................................................. 490
26.4 Establishing an SSL VPN Connection ............................................................................. 491
Chapter 27
SSL User Screens.................................................................................................................493
27.1 Overview .......................................................................................................................... 493
27.1.1 What You Need to Know ........................................................................................ 493
27.2 Remote User Login ..........................................................................................................494
27.3 The SSL VPN User Screens ........................................................................................... 499
27.4 Bookmarking the ZyWALL ............................................................................................... 500
27.5 Logging Out of the SSL VPN User Screens ....................................................................500
Chapter 28
SSL User Application Screens ............................................................................................503
28.1 SSL User Application Screens Overview ........................................................................ 503
28.2 The Application Screen ...................................................................................................503
Chapter 29
SSL User File Sharing ..........................................................................................................505
29.1 Overview .......................................................................................................................... 505
/