2. Computers & electronics
  3. Networking
  4. Routers
  5. ZyXEL
  6. ATP800
ATP800

ZyXEL ATP800, ATP100, ATP200, ATP500 User guide

  • Hello! I am an AI chatbot trained to assist you with the ZyXEL ATP800 User guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Default Login Details
User’s Guide
ZyWALL ATP Series
Copyright © 2019 Zyxel Communications Corporation
LAN Port IP Address https://192.168.1.1
User Name admin
Password 1234
Version 4.35 Edition 1, 08/2019
ZyWALL ATP Series User’s Guide
2
IMPORTANT!
READ CAREFULLY BEFORE USE.
KEEP THIS GUIDE FOR FUTURE REFERENCE.
This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots
and graphics in this book may differ slightly from your product due to differences in product features or
web configurator brand style. Every effort has been made to ensure that the information in this manual
is accurate.
Note: The version number on the cover page refers to the Zyxel Device’s latest firmware
version to which this User’s Guide applies.
Related Documentation
•Quick Start Guide
The Quick Start Guide shows how to connect the Zyxel Device and access the Web Configurator
wizards. (See the wizard real time help for information on configuring each screen.) It also contains a
connection diagram and package contents list.
•CLI Reference Guide
The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the
Zyxel Device.
Note: It is recommended you use the Web Configurator to configure the Zyxel Device.
Web Configurator Online Help
Click the help icon in any screen for help in configuring that screen and supplementary information.
•More Information
Go to support.zyxel.com to find other information on
Zyxel Device.
ZyWALL ATP Series User’s Guide
3
Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this guide.
Warnings tell you about things that could harm you or your device.
Note: Notes tell you other important information (for example, other things you may need to
configure or helpful tips) or recommendations.
Syntax Conventions
All models in this series may be referred to as the “Zyxel Device” in this guide.
Product labels, screen names, field labels and field choices are all in bold font.
A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Configuration >
Network > Interface > Ethernet means you first click Configuration in the navigation panel, then
Network, then the Interface sub menu and finally the Ethernet tab to get to that screen.
Icons Used in Figures
Figures in this user guide may use the following generic icons. The Zyxel Device icon is not an exact
representation of your device.
Zyxel Device Generic Router Wireless Router / Access Point
Switch Firewall Server
Internet Network Cloud Smartphone
USB Dongle
Contents Overview
ZyWALL ATP Series User’s Guide
4
Contents Overview
Introduction ........................................................................................................................................... 24
Initial Setup Wizard ............................................................................................................................... 48
Hardware, Interfaces and Zones ........................................................................................................ 67
Quick Setup Wizards ............................................................................................................................. 74
Dashboard .......................................................................................................................................... 108
Monitor ................................................................................................................................................. 118
Licensing .............................................................................................................................................. 185
Wireless ................................................................................................................................................. 191
Interfaces ............................................................................................................................................. 212
Routing ................................................................................................................................................. 309
DDNS ................................................................................................................................................... 336
NAT ....................................................................................................................................................... 342
Redirect Service .................................................................................................................................. 350
ALG ....................................................................................................................................................... 356
UPnP ..................................................................................................................................................... 363
IP/MAC Binding ................................................................................................................................... 378
Layer 2 Isolation .................................................................................................................................. 383
DNS Inbound LB .................................................................................................................................. 387
IPnP ....................................................................................................................................................... 393
IPSec VPN ............................................................................................................................................ 395
SSL VPN ................................................................................................................................................ 431
L2TP VPN .............................................................................................................................................. 437
BWM (Bandwidth Management) ..................................................................................................443
Web Authentication .......................................................................................................................... 459
Security Policy ..................................................................................................................................... 488
Application Patrol ............................................................................................................................... 514
Content Filter ....................................................................................................................................... 523
Anti-Malware ....................................................................................................................................... 542
Reputation Filter .................................................................................................................................. 555
IDP ........................................................................................................................................................ 565
Sandboxing ......................................................................................................................................... 583
Email Security ...................................................................................................................................... 587
SSL Inspection ...................................................................................................................................... 598
IP Exception ......................................................................................................................................... 610
Object .................................................................................................................................................. 613
Device HA ........................................................................................................................................... 716
Cloud CNM ........................................................................................................................................ 723
System .................................................................................................................................................. 731
Log and Report ................................................................................................................................... 792
Contents Overview
ZyWALL ATP Series User’s Guide
5
File Manager ....................................................................................................................................... 805
Diagnostics ......................................................................................................................................... 820
Packet Flow Explore ........................................................................................................................... 841
Shutdown ............................................................................................................................................. 848
Troubleshooting .................................................................................................................................. 849
Table of Contents
ZyWALL ATP Series User’s Guide
6
Table of Contents
Document Conventions ......................................................................................................................3
Contents Overview .............................................................................................................................4
Table of Contents.................................................................................................................................6
Part I: User’s Guide..........................................................................................23
Chapter 1
Introduction ........................................................................................................................................24
1.1 Overview ......................................................................................................................................... 24
1.2 Registration at myZyxel .................................................................................................................. 24
1.2.1 Grace Period ......................................................................................................................... 25
1.2.2 Applications ........................................................................................................................... 25
1.3 Management Overview ................................................................................................................ 28
1.4 Web Configurator ........................................................................................................................... 29
1.4.1 Web Configurator Access .................................................................................................... 29
1.4.2 Web Configurator Screens Overview ................................................................................. 32
1.4.3 Navigation Panel .................................................................................................................. 37
1.4.4 Tables and Lists ...................................................................................................................... 44
Chapter 2
Initial Setup Wizard.............................................................................................................................48
2.1 Initial Setup Wizard Screens .......................................................................................................... 48
2.1.1 Internet Access Setup - WAN Interface ............................................................................. 48
2.1.2 Internet Access: Ethernet .................................................................................................... 49
2.1.3 Internet Access: PPPoE ......................................................................................................... 50
2.1.4 Internet Access: PPTP ........................................................................................................... 52
2.1.5 Internet Access: L2TP ............................................................................................................ 54
2.1.6 Internet Access Setup - Second WAN Interface ............................................................... 56
2.1.7 Internet Access: Congratulations ....................................................................................... 57
2.1.8 Date and Time Settings ........................................................................................................ 58
2.1.9 Register Device ..................................................................................................................... 58
2.1.10 Activate Service .................................................................................................................. 60
2.1.11 Service Settings .................................................................................................................... 61
2.1.12 Service Settings: SecuReporter ..........................................................................................62
2.1.13 Wireless Settings: AP Controller ......................................................................................... 64
2.1.14 Wireless Settings: SSID & Security ...................................................................................... 64
Table of Contents
ZyWALL ATP Series User’s Guide
7
2.1.15 Remote Management ......................................................................................................65
Chapter 3
Hardware, Interfaces and Zones......................................................................................................67
3.1 Hardware Overview ....................................................................................................................... 67
3.1.1 Front Panels ............................................................................................................................ 67
3.1.2 Rear Panels ............................................................................................................................ 69
3.2 Mounting ......................................................................................................................................... 70
3.2.1 Rack-mounting ...................................................................................................................... 70
3.2.2 Wall-mounting ....................................................................................................................... 71
3.3 Default Zones, Interfaces, and Ports ............................................................................................ 72
3.4 Stopping the Zyxel Device ............................................................................................................ 73
Chapter 4
Quick Setup Wizards..........................................................................................................................74
4.1 Quick Setup Overview ................................................................................................................... 74
4.2 WAN Interface Quick Setup .......................................................................................................... 75
4.2.1 Choose an Ethernet Interface .............................................................................................75
4.2.2 Select WAN Type ................................................................................................................... 76
4.2.3 Configure WAN IP Settings ................................................................................................... 76
4.2.4 ISP and WAN and ISP Connection Settings ........................................................................ 77
4.2.5 Quick Setup Interface Wizard: Summary ........................................................................... 80
4.3 VPN Setup Wizard ........................................................................................................................... 81
4.3.1 Welcome ................................................................................................................................ 81
4.3.2 VPN Setup Wizard: Wizard Type .......................................................................................... 82
4.3.3 VPN Express Wizard - Scenario ............................................................................................ 83
4.3.4 VPN Express Wizard - Configuration ................................................................................... 84
4.3.5 VPN Express Wizard - Summary ........................................................................................... 84
4.3.6 VPN Express Wizard - Finish .................................................................................................. 85
4.3.7 VPN Advanced Wizard - Scenario ..................................................................................... 86
4.3.8 VPN Advanced Wizard - Phase 1 Settings ........................................................................ 87
4.3.9 VPN Advanced Wizard - Phase 2 ....................................................................................... 89
4.3.10 VPN Advanced Wizard - Summary .................................................................................. 90
4.3.11 VPN Advanced Wizard - Finish ......................................................................................... 92
4.4 VPN Settings for Configuration Provisioning Wizard: Wizard Type ............................................. 93
4.4.1 Configuration Provisioning Express Wizard - VPN Settings ............................................... 93
4.4.2 Configuration Provisioning VPN Express Wizard - Configuration .................................... 94
4.4.3 VPN Settings for Configuration Provisioning Express Wizard - Summary ........................ 95
4.4.4 VPN Settings for Configuration Provisioning Express Wizard - Finish ................................ 96
4.4.5 VPN Settings for Configuration Provisioning Advanced Wizard - Scenario ................... 97
4.4.6 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 1 Settings ...... 98
4.4.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 2 .................. 100
4.4.8 VPN Settings for Configuration Provisioning Advanced Wizard - Summary ................ 100
Table of Contents
ZyWALL ATP Series User’s Guide
8
4.4.9 VPN Settings for Configuration Provisioning Advanced Wizard- Finish ........................ 103
4.5 VPN Settings for L2TP VPN Settings Wizard ................................................................................. 103
4.5.1 L2TP VPN Settings ................................................................................................................ 104
4.5.2 L2TP VPN Settings ................................................................................................................ 105
4.5.3 VPN Settings for L2TP VPN Setting Wizard - Summary .................................................... 105
4.5.4 VPN Settings for L2TP VPN Setting Wizard Completed ................................................... 107
Chapter 5
Dashboard........................................................................................................................................108
5.1 Overview ....................................................................................................................................... 108
5.1.1 What You Can Do in this Chapter ..................................................................................... 108
5.2 The General Screen ..................................................................................................................... 108
5.2.1 Device Information Screen ................................................................................................110
5.2.2 System Status Screen .......................................................................................................... 111
5.2.3 Tx/Rx Statistics ...................................................................................................................... 111
5.2.4 The Latest Logs Screen ....................................................................................................... 112
5.2.5 System Resources Screen ................................................................................................... 112
5.2.6 DHCP Table Screen ............................................................................................................. 113
5.2.7 Number of Login Users Screen ........................................................................................... 114
5.2.8 Current Login User ............................................................................................................... 115
5.2.9 VPN Status ............................................................................................................................ 115
5.2.10 SSL VPN Status .................................................................................................................... 115
5.3 The Advanced Threat Protection Screen .................................................................................. 116
Part II: Technical Reference.........................................................................117
Chapter 6
Monitor..............................................................................................................................................118
6.1 Overview ....................................................................................................................................... 118
6.1.1 What You Can Do in this Chapter ..................................................................................... 118
6.2 The Port Statistics Screen ............................................................................................................ 120
6.2.1 The Port Statistics Graph Screen ....................................................................................... 121
6.3 Interface Status Screen ................................................................................................................ 122
6.4 The Traffic Statistics Screen .......................................................................................................... 126
6.5 The Session Monitor Screen ........................................................................................................ 128
6.6 The Login Users Screen ................................................................................................................ 130
6.7 IGMP Statistics ............................................................................................................................... 132
6.8 The DDNS Status Screen ............................................................................................................... 133
6.9 IP/MAC Binding ............................................................................................................................. 133
6.10 Cellular Status Screen ................................................................................................................ 134
6.10.1 More Information .............................................................................................................. 137
Table of Contents
ZyWALL ATP Series User’s Guide
9
6.11 The UPnP Port Status Screen ..................................................................................................... 138
6.12 USB Storage Screen .................................................................................................................... 139
6.13 Ethernet Neighbor Screen ........................................................................................................ 140
6.14 FQDN Object Screen ................................................................................................................ 141
6.15 AP Information: AP List ............................................................................................................... 143
6.15.1 AP List: More Information ................................................................................................ 145
6.15.2 AP List: Config AP ............................................................................................................. 148
6.16 AP Information: Radio List .......................................................................................................... 150
6.16.1 Radio List: More Information ............................................................................................152
6.17 AP Information: Top N APs ........................................................................................................ 153
6.18 AP Information: Single AP .......................................................................................................... 155
6.19 ZyMesh ......................................................................................................................................... 156
6.20 SSID Info ....................................................................................................................................... 157
6.21 Station Info: Station List .............................................................................................................. 157
6.22 Station Info: Top N Stations ........................................................................................................ 158
6.23 Station Info: Single Station ......................................................................................................... 159
6.24 Detected Device ....................................................................................................................... 160
6.25 The IPSec Screen ........................................................................................................................ 161
6.26 The SSL Screen ............................................................................................................................. 163
6.27 The L2TP over IPSec Screen ....................................................................................................... 163
6.28 The Content Filter Screen .......................................................................................................... 164
6.29 The App Patrol Screen ............................................................................................................... 166
6.30 The Anti-Malware Screen .......................................................................................................... 167
6.31 The Reputation Filter Screen ...................................................................................................... 169
6.32 The IDP Screen ............................................................................................................................ 171
6.33 The Email Security Screens ......................................................................................................... 173
6.33.1 Email Security Summary ................................................................................................... 173
6.33.2 The Email Security Status Screen ..................................................................................... 175
6.34 The Sandboxing Screen ............................................................................................................. 177
6.35 The SSL Inspection Screens ........................................................................................................ 178
6.35.1 Certificate Cache List ....................................................................................................... 179
6.36 Log Screens ................................................................................................................................. 180
6.36.1 View Log ............................................................................................................................ 180
6.36.2 View AP Log ....................................................................................................................... 182
Chapter 7
Licensing...........................................................................................................................................185
7.1 Registration Overview .................................................................................................................. 185
7.1.1 What you Need to Know ....................................................................................................185
7.1.2 Registration Screen ............................................................................................................. 186
7.1.3 Service Screen ..................................................................................................................... 186
7.2 Signature Update ......................................................................................................................... 188
7.2.1 What you Need to Know ....................................................................................................188
Table of Contents
ZyWALL ATP Series User’s Guide
10
7.2.2 The Signature Screen .......................................................................................................... 189
7.2.3 Auto Update ........................................................................................................................ 189
Chapter 8
Wireless.............................................................................................................................................191
8.1 Overview ....................................................................................................................................... 191
8.1.1 What You Can Do in this Chapter ..................................................................................... 191
8.2 Controller Screen ......................................................................................................................... 191
8.3 AP Management Screens ........................................................................................................... 192
8.3.1 Mgnt. AP List ....................................................................................................................... 192
8.3.2 AP Policy .............................................................................................................................. 196
8.3.3 AP Group ............................................................................................................................. 197
8.3.4 Firmware ............................................................................................................................... 203
8.4 Rogue AP ....................................................................................................................................... 204
8.4.1 Add/Edit Rogue/Friendly List .............................................................................................. 206
8.5 Auto Healing ................................................................................................................................. 207
8.6 RTLS Overview ............................................................................................................................... 208
8.6.1 What You Can Do in this Chapter ..................................................................................... 208
8.6.2 Before You Begin ................................................................................................................. 208
8.6.3 Configuring RTLS .................................................................................................................. 209
8.7 Technical Reference .................................................................................................................... 210
8.7.1 Dynamic Channel Selection .............................................................................................. 210
8.7.2 Load Balancing ................................................................................................................... 211
Chapter 9
Interfaces..........................................................................................................................................212
9.1 Interface Overview ...................................................................................................................... 212
9.1.1 What You Can Do in this Chapter ..................................................................................... 212
9.1.2 What You Need to Know ................................................................................................... 212
9.1.3 What You Need to Do First ................................................................................................. 217
9.2 Port Role ......................................................................................................................................... 217
9.3 Port Configuration ........................................................................................................................ 218
9.4 Ethernet Summary Screen ........................................................................................................... 219
9.4.1 Ethernet Edit ........................................................................................................................ 221
9.4.2 Proxy ARP ............................................................................................................................. 237
9.4.3 Virtual Interfaces ................................................................................................................ 238
9.4.4 References ........................................................................................................................... 239
9.4.5 Add/Edit DHCPv6 Request/Release Options ................................................................... 240
9.4.6 Add/Edit DHCP Extended Options ................................................................................... 241
9.5 PPP Interfaces ............................................................................................................................... 242
9.5.1 PPP Interface Summary ...................................................................................................... 243
9.5.2 PPP Interface Add or Edit .................................................................................................. 244
9.6 Cellular Configuration Screen ..................................................................................................... 249
Table of Contents
ZyWALL ATP Series User’s Guide
11
9.6.1 Cellular Choose Slot ........................................................................................................... 252
9.6.2 Add / Edit Cellular Configuration ...................................................................................... 252
9.7 Tunnel Interfaces .......................................................................................................................... 258
9.7.1 Configuring a Tunnel .......................................................................................................... 260
9.7.2 Tunnel Add or Edit Screen .................................................................................................. 261
9.8 VLAN Interfaces ........................................................................................................................... 265
9.8.1 VLAN Summary Screen ....................................................................................................... 266
9.8.2 VLAN Add/Edit ................................................................................................................... 267
9.9 Bridge Interfaces .......................................................................................................................... 278
9.9.1 Bridge Summary .................................................................................................................. 280
9.9.2 Bridge Add/Edit .................................................................................................................. 281
9.10 VTI ................................................................................................................................................. 292
9.10.1 Restrictions for IPSec Virtual Tunnel Interface ................................................................ 292
9.10.2 VTI Screen .......................................................................................................................... 293
9.10.3 VTI Add/Edit ....................................................................................................................... 293
9.11 Trunk Overview ........................................................................................................................... 297
9.11.1 What You Need to Know ................................................................................................. 297
9.12 The Trunk Summary Screen ........................................................................................................ 300
9.12.1 Configuring a User-Defined Trunk ................................................................................... 301
9.12.2 Configuring the System Default Trunk ............................................................................ 303
9.13 Interface Technical Reference ................................................................................................. 304
Chapter 10
Routing..............................................................................................................................................309
10.1 Policy and Static Routes Overview ........................................................................................... 309
10.1.1 What You Can Do in this Chapter ................................................................................... 309
10.1.2 What You Need to Know ................................................................................................ 310
10.2 Policy Route Screen ................................................................................................................... 311
10.2.1 Policy Route Edit Screen .................................................................................................. 313
10.3 IP Static Route Screen ................................................................................................................ 318
10.3.1 Static Route Add/Edit Screen .......................................................................................... 318
10.4 Policy Routing Technical Reference ........................................................................................320
10.5 Routing Protocols Overview ..................................................................................................... 320
10.5.1 What You Need to Know ................................................................................................. 321
10.6 The RIP Screen ............................................................................................................................. 321
10.7 The OSPF Screen ......................................................................................................................... 323
10.7.1 Configuring the OSPF Screen .......................................................................................... 326
10.7.2 OSPF Area Add/Edit Screen ........................................................................................... 327
10.7.3 Virtual Link Add/Edit Screen ...........................................................................................329
10.8 BGP (Border Gateway Protocol) .............................................................................................. 330
10.8.1 Allow BGP Packets to Enter the Zyxel Device ................................................................ 331
10.8.2 Configuring the BGP Screen ............................................................................................ 331
10.8.3 The BGP Neighbors Screen .............................................................................................. 333
Table of Contents
ZyWALL ATP Series User’s Guide
12
10.8.4 Example Scenario ............................................................................................................. 334
Chapter 11
DDNS ................................................................................................................................................336
11.1 DDNS Overview ........................................................................................................................... 336
11.1.1 What You Can Do in this Chapter ................................................................................... 336
11.1.2 What You Need to Know ................................................................................................. 336
11.2 The DDNS Screen ........................................................................................................................ 337
11.2.1 The Dynamic DNS Add/Edit Screen ................................................................................ 338
Chapter 12
NAT....................................................................................................................................................342
12.1 NAT Overview ............................................................................................................................. 342
12.1.1 What You Can Do in this Chapter ................................................................................... 342
12.1.2 What You Need to Know ................................................................................................. 342
12.2 The NAT Screen ........................................................................................................................... 343
12.2.1 The NAT Add/Edit Screen .................................................................................................345
12.3 NAT Technical Reference .......................................................................................................... 348
Chapter 13
Redirect Service...............................................................................................................................350
13.1 Overview ..................................................................................................................................... 350
13.1.1 HTTP Redirect ..................................................................................................................... 350
13.1.2 SMTP Redirect .................................................................................................................... 350
13.1.3 What You Can Do in this Chapter ................................................................................... 351
13.1.4 What You Need to Know ................................................................................................. 351
13.2 The Redirect Service Screen ..................................................................................................... 353
13.2.1 The Redirect Service Edit Screen ..................................................................................... 354
Chapter 14
ALG....................................................................................................................................................356
14.1 ALG Overview ............................................................................................................................. 356
14.1.1 What You Need to Know ................................................................................................. 356
14.1.2 Before You Begin ............................................................................................................... 359
14.2 The ALG Screen .......................................................................................................................... 359
14.3 ALG Technical Reference ......................................................................................................... 361
Chapter 15
UPnP...................................................................................................................................................363
15.1 UPnP and NAT-PMP Overview ................................................................................................... 363
15.2 What You Need to Know ........................................................................................................... 363
15.2.1 NAT Traversal ..................................................................................................................... 363
15.2.2 Cautions with UPnP and NAT-PMP .................................................................................. 364
Table of Contents
ZyWALL ATP Series User’s Guide
13
15.3 UPnP Screen ................................................................................................................................ 364
15.4 Technical Reference .................................................................................................................. 365
15.4.1 Turning on UPnP in Windows 7 Example ......................................................................... 365
15.4.2 Turn on UPnP in Windows 10 Example ............................................................................ 369
15.4.3 Auto-discover Your UPnP-enabled Network Device .................................................... 371
15.4.4 Web Configurator Easy Access in Windows 7 ............................................................... 374
15.4.5 Web Configurator Easy Access in Windows 10 ............................................................. 376
Chapter 16
IP/MAC Binding................................................................................................................................378
16.1 IP/MAC Binding Overview ......................................................................................................... 378
16.1.1 What You Can Do in this Chapter ................................................................................... 378
16.1.2 What You Need to Know ................................................................................................. 378
16.2 IP/MAC Binding Summary ......................................................................................................... 379
16.2.1 IP/MAC Binding Edit .......................................................................................................... 380
16.2.2 Static DHCP Edit ................................................................................................................ 381
16.3 IP/MAC Binding Exempt List ....................................................................................................... 382
Chapter 17
Layer 2 Isolation...............................................................................................................................383
17.1 Overview ..................................................................................................................................... 383
17.1.1 What You Can Do in this Chapter ................................................................................... 383
17.2 Layer-2 Isolation General Screen ............................................................................................. 383
17.3 White List Screen ......................................................................................................................... 384
17.3.1 Add/Edit White List Rule ................................................................................................... 385
Chapter 18
DNS Inbound LB................................................................................................................................387
18.1 DNS Inbound Load Balancing Overview ................................................................................. 387
18.1.1 What You Can Do in this Chapter ................................................................................... 387
18.2 The DNS Inbound LB Screen ...................................................................................................... 388
18.2.1 The DNS Inbound LB Add/Edit Screen ............................................................................ 389
18.2.2 The DNS Inbound LB Add/Edit Member Screen ............................................................ 391
Chapter 19
IPnP....................................................................................................................................................393
19.1 IPnP Overview ............................................................................................................................ 393
19.1.1 What You Can Do in this Chapter ................................................................................... 393
19.2 IPnP Screen .................................................................................................................................. 394
Chapter 20
IPSec VPN .........................................................................................................................................395
20.1 Virtual Private Networks (VPN) Overview ................................................................................. 395
Table of Contents
ZyWALL ATP Series User’s Guide
14
20.1.1 What You Can Do in this Chapter ................................................................................... 397
20.1.2 What You Need to Know ................................................................................................. 397
20.1.3 Before You Begin ............................................................................................................... 400
20.2 The VPN Connection Screen ..................................................................................................... 400
20.2.1 The VPN Connection Add/Edit Screen .......................................................................... 402
20.3 The VPN Gateway Screen ......................................................................................................... 409
20.3.1 The VPN Gateway Add/Edit Screen ............................................................................... 410
20.4 VPN Concentrator ..................................................................................................................... 417
20.4.1 VPN Concentrator Requirements and Suggestions ...................................................... 417
20.4.2 VPN Concentrator Screen ............................................................................................... 418
20.4.3 The VPN Concentrator Add/Edit Screen ........................................................................ 418
20.5 Zyxel Device IPSec VPN Client Configuration Provisioning .................................................... 419
20.6 IPSec VPN Background Information ......................................................................................... 421
Chapter 21
SSL VPN..............................................................................................................................................431
21.1 Overview ..................................................................................................................................... 431
21.1.1 What You Can Do in this Chapter ................................................................................... 431
21.1.2 What You Need to Know ................................................................................................. 431
21.2 The SSL Access Privilege Screen ................................................................................................ 432
21.2.1 The SSL Access Privilege Policy Add/Edit Screen ......................................................... 433
21.3 The SSL Global Setting Screen ................................................................................................... 435
Chapter 22
L2TP VPN............................................................................................................................................437
22.1 Overview ..................................................................................................................................... 437
22.1.1 What You Can Do in this Chapter ................................................................................... 437
22.1.2 What You Need to Know ................................................................................................. 437
22.2 L2TP VPN Screen ......................................................................................................................... 438
22.2.1 Example: L2TP and Zyxel Device Behind a NAT Router ................................................ 440
Chapter 23
BWM (Bandwidth Management) .................................................................................................443
23.1 Overview ..................................................................................................................................... 443
23.1.1 What You Can Do in this Chapter ................................................................................... 443
23.1.2 What You Need to Know ................................................................................................ 443
23.2 The Bandwidth Management Configuration .......................................................................... 447
23.2.1 The Bandwidth Management Add/Edit Screen ............................................................ 450
Chapter 24
Web Authentication ........................................................................................................................459
24.1 Web Auth Overview ................................................................................................................... 459
24.1.1 What You Can Do in this Chapter ................................................................................... 459
Table of Contents
ZyWALL ATP Series User’s Guide
15
24.1.2 What You Need to Know ................................................................................................. 460
24.2 Web Authentication General Screen ...................................................................................... 460
24.2.1 User-aware Access Control Example ............................................................................. 465
24.2.2 Authentication Type Screen ............................................................................................ 471
24.2.3 Custom Web Portal / User Agreement File Screen ....................................................... 475
24.3 SSO Overview .............................................................................................................................. 476
24.4 SSO - Zyxel Device Configuration ............................................................................................. 478
24.4.1 Configuration Overview ................................................................................................... 478
24.4.2 Configure the Zyxel Device to Communicate with SSO .............................................. 478
24.4.3 Enable Web Authentication ............................................................................................ 479
24.4.4 Create a Security Policy ................................................................................................... 481
24.4.5 Configure User Information ..............................................................................................482
24.4.6 Configure an Authentication Method ........................................................................... 483
24.4.7 Configure Active Directory ..............................................................................................484
24.5 SSO Agent Configuration .......................................................................................................... 485
Chapter 25
Security Policy..................................................................................................................................488
25.1 Overview ..................................................................................................................................... 488
25.2 One Security ................................................................................................................................ 489
25.3 What You Can Do in this Chapter ............................................................................................ 492
25.3.1 What You Need to Know ................................................................................................. 492
25.4 The Security Policy Screen ......................................................................................................... 494
25.4.1 Configuring the Security Policy Control Screen ............................................................ 495
25.4.2 The Security Policy Control Add/Edit Screen ................................................................. 499
25.5 Anomaly Detection and Prevention Overview ...................................................................... 500
25.5.1 The Anomaly Detection and Prevention General Screen ........................................... 501
25.5.2 Creating New ADP Profiles ..............................................................................................502
25.5.3 Traffic Anomaly Profiles ................................................................................................... 503
25.5.4 Protocol Anomaly Profiles ................................................................................................ 506
25.6 The Session Control Screen ........................................................................................................ 509
25.6.1 The Session Control Add/Edit Screen .............................................................................. 510
25.7 Security Policy Example Applications ......................................................................................511
Chapter 26
Application Patrol............................................................................................................................514
26.1 Overview ..................................................................................................................................... 514
26.1.1 What You Can Do in this Chapter ................................................................................... 514
26.1.2 What You Need to Know ................................................................................................ 514
26.2 Application Patrol Profile ........................................................................................................... 515
26.2.1 Apply to a Security Policy ................................................................................................ 516
26.2.2 The Application Patrol Profile Add/Edit Screen - My Application ............................... 519
26.2.3 The Application Patrol Profile Add/Edit Screen - Query Result .................................... 520
Table of Contents
ZyWALL ATP Series User’s Guide
16
Chapter 27
Content Filter ....................................................................................................................................523
27.1 Overview ..................................................................................................................................... 523
27.1.1 What You Can Do in this Chapter ................................................................................... 523
27.1.2 What You Need to Know ................................................................................................. 523
27.1.3 Before You Begin ............................................................................................................... 525
27.2 Content Filter Profile Screen ...................................................................................................... 525
27.2.1 Apply to a Security Policy ................................................................................................ 526
27.2.2 Content Filter Add Profile Category Service .................................................................. 529
27.2.3 Content Filter Add Filter Profile Custom Service ........................................................... 535
27.3 Content Filter Trusted Web Sites Screen ................................................................................. 538
27.4 Content Filter Forbidden Web Sites Screen ............................................................................ 539
27.5 Content Filter Technical Reference ......................................................................................... 540
Chapter 28
Anti-Malware....................................................................................................................................542
28.1 Overview ..................................................................................................................................... 542
28.1.1 What You Can Do in this Chapter ................................................................................... 546
28.2 Anti-Malware Screen ................................................................................................................. 547
28.3 The Black List Screen .................................................................................................................. 550
28.4 The White List Screen .................................................................................................................. 551
28.5 Anti-Malware Signature Searching ........................................................................................... 552
28.6 Anti-Malware Technical Reference ......................................................................................... 553
Chapter 29
Reputation Filter ...............................................................................................................................555
29.1 Overview ..................................................................................................................................... 555
29.1.1 What You Need to Know ................................................................................................. 555
29.1.2 What You Can Do in this Chapter ................................................................................... 555
29.2 IP Reputation Screen .................................................................................................................. 555
29.2.1 IP Reputation White List Screen ....................................................................................... 558
29.2.2 IP Reputation Black List Screen ........................................................................................ 559
29.3 Botnet Filter Screen ..................................................................................................................... 560
29.3.1 Botnet Filter White List Screen .......................................................................................... 563
29.3.2 Botnet Filter Black List Screen ........................................................................................... 564
Chapter 30
IDP .....................................................................................................................................................565
30.1 Overview ..................................................................................................................................... 565
30.1.1 What You Can Do in this Chapter ................................................................................... 565
30.1.2 What You Need To Know ................................................................................................. 565
30.1.3 Before You Begin ............................................................................................................... 565
30.2 The IDP Screen ............................................................................................................................ 565
Table of Contents
ZyWALL ATP Series User’s Guide
17
30.2.1 Query Example .................................................................................................................. 570
30.3 IDP Custom Signatures .............................................................................................................. 571
30.3.1 Add / Edit Custom Signatures ......................................................................................... 572
30.3.2 Custom Signature Example ............................................................................................. 576
30.3.3 Applying Custom Signatures ............................................................................................ 578
30.3.4 Verifying Custom Signatures ............................................................................................ 579
30.4 The White List Screen ................................................................................................................. 579
30.5 IDP Technical Reference ........................................................................................................... 580
Chapter 31
Sandboxing ......................................................................................................................................583
31.1 Overview ..................................................................................................................................... 583
31.1.1 What You Need to Know ................................................................................................. 584
31.2 Sandboxing Screen .................................................................................................................... 584
Chapter 32
Email Security...................................................................................................................................587
32.1 Overview ..................................................................................................................................... 587
32.1.1 What You Can Do in this Chapter ................................................................................... 587
32.1.2 What You Need to Know ................................................................................................. 587
32.2 Before You Begin ........................................................................................................................ 588
32.3 The Email Security Screen .......................................................................................................... 589
32.4 The Black List / White List Screen ............................................................................................... 592
32.4.1 The Black or White List Add/Edit Screen ......................................................................... 593
32.4.2 Regular Expressions in Black or White List Entries ........................................................... 594
32.5 Email Security Technical Reference ......................................................................................... 594
Chapter 33
SSL Inspection...................................................................................................................................598
33.1 Overview ..................................................................................................................................... 598
33.1.1 What You Can Do in this Chapter ................................................................................... 598
33.1.2 What You Need To Know ................................................................................................. 598
33.1.3 Before You Begin ............................................................................................................... 599
33.2 The SSL Inspection Profile Screen .............................................................................................. 599
33.2.1 Apply to a Security Policy ................................................................................................ 600
33.2.2 Add / Edit SSL Inspection Profiles .................................................................................... 603
33.3 Exclude List Screen .................................................................................................................... 604
33.4 Certificate Update Screen ....................................................................................................... 606
33.5 Install a CA Certificate in a Browser ......................................................................................... 607
Chapter 34
IP Exception......................................................................................................................................610
34.1 Overview ..................................................................................................................................... 610
Table of Contents
ZyWALL ATP Series User’s Guide
18
34.2 The IP Exception Screen ............................................................................................................ 610
34.2.1 The IP Exception Add/Edit Screen ................................................................................. 611
Chapter 35
Object...............................................................................................................................................613
35.1 Zones Overview .......................................................................................................................... 613
35.1.1 What You Need to Know ................................................................................................. 613
35.1.2 The Zone Screen ................................................................................................................ 614
35.2 User/Group Overview ................................................................................................................ 616
35.2.1 What You Need To Know ................................................................................................. 616
35.2.2 User/Group User Summary Screen .................................................................................. 618
35.2.3 User/Group Group Summary Screen .............................................................................. 623
35.2.4 User/Group Setting Screen ............................................................................................. 624
35.2.5 User/Group MAC Address Summary Screen ................................................................ 629
35.2.6 User /Group Technical Reference .................................................................................. 631
35.3 AP Profile Overview .................................................................................................................... 631
35.3.1 Radio Screen ..................................................................................................................... 632
35.3.2 SSID Screen ....................................................................................................................... 638
35.4 MON Profile ................................................................................................................................ 647
35.4.1 Overview ............................................................................................................................ 647
35.4.2 Configuring MON Profile ................................................................................................. 648
35.4.3 Add/Edit MON Profile ....................................................................................................... 649
35.4.4 Technical Reference ........................................................................................................ 650
35.5 ZyMesh Overview ....................................................................................................................... 651
35.5.1 ZyMesh Profile .................................................................................................................... 653
35.5.2 Add/Edit ZyMesh Profile ................................................................................................... 654
35.6 Address/Geo IP Overview ......................................................................................................... 654
35.6.1 What You Need To Know ................................................................................................. 655
35.6.2 Address Summary Screen ................................................................................................ 655
35.6.3 Address Group Summary Screen .................................................................................... 659
35.6.4 Geo IP Summary Screen .................................................................................................. 661
35.7 Service Overview ........................................................................................................................ 664
35.7.1 What You Need to Know ................................................................................................. 664
35.7.2 The Service Summary Screen .......................................................................................... 665
35.7.3 The Service Group Summary Screen ............................................................................. 667
35.8 Schedule Overview ................................................................................................................... 669
35.8.1 What You Need to Know ................................................................................................. 669
35.8.2 The Schedule Screen ........................................................................................................ 669
35.8.3 The Schedule Group Screen ............................................................................................ 672
35.9 AAA Server Overview ............................................................................................................... 674
35.9.1 Directory Service (AD/LDAP) ........................................................................................... 675
35.9.2 RADIUS Server .................................................................................................................... 675
35.9.3 ASAS .................................................................................................................................... 675
Table of Contents
ZyWALL ATP Series User’s Guide
19
35.9.4 What You Need To Know ................................................................................................. 676
35.9.5 Active Directory or LDAP Server Summary ..................................................................... 677
35.9.6 RADIUS Server Summary ...................................................................................................681
35.10 Auth. Method Overview ........................................................................................................ 684
35.10.1 Before You Begin ............................................................................................................. 684
35.10.2 Example: Selecting a VPN Authentication Method ................................................... 684
35.10.3 Authentication Method Objects ................................................................................... 685
35.10.4 Two-Factor Authentication VPN Access ...................................................................... 687
35.10.5 Two-Factor Authentication Admin Access .................................................................. 690
35.11 Certificate Overview ............................................................................................................... 692
35.11.1 What You Need to Know ............................................................................................... 692
35.11.2 Verifying a Certificate .................................................................................................... 694
35.11.3 The My Certificates Screen ............................................................................................ 695
35.11.4 The Trusted Certificates Screen .................................................................................... 704
35.11.5 Certificates Technical Reference ................................................................................. 709
35.12 ISP Account Overview ............................................................................................................ 709
35.12.1 ISP Account Summary ....................................................................................................709
35.13 DHCPv6 Overview .................................................................................................................... 712
35.13.1 The DHCPv6 Request Screen ......................................................................................... 712
35.13.2 The DHCPv6 Lease Screen ............................................................................................. 714
Chapter 36
Device HA.........................................................................................................................................716
36.1 Device HA Overview .................................................................................................................. 716
36.1.1 What You Can Do in These Screens ................................................................................ 716
36.2 Device HA Status ........................................................................................................................ 716
36.3 Device HA Pro ............................................................................................................................. 718
36.3.1 Deploying Device HA Pro ................................................................................................ 719
36.3.2 Configuring Device HA Pro .............................................................................................. 719
36.4 View Log ...................................................................................................................................... 721
Chapter 37
Cloud CNM......................................................................................................................................723
37.1 Cloud CNM Overview ................................................................................................................ 723
37.1.1 What You Can Do in this Chapter ................................................................................... 723
37.2 Cloud CNM SecuManager ....................................................................................................... 723
37.3 Cloud CNM SecuReporter ......................................................................................................... 726
Chapter 38
System...............................................................................................................................................731
38.1 Overview ..................................................................................................................................... 731
38.1.1 What You Can Do in this Chapter ................................................................................... 731
38.2 Host Name ................................................................................................................................... 732
Table of Contents
ZyWALL ATP Series User’s Guide
20
38.3 USB Storage ................................................................................................................................. 732
38.4 Date and Time ............................................................................................................................ 733
38.4.1 Pre-defined NTP Time Servers List ..................................................................................... 736
38.4.2 Time Server Synchronization ............................................................................................ 736
38.5 Console Port Speed ................................................................................................................... 737
38.6 DNS Overview ............................................................................................................................. 738
38.6.1 DNS Server Address Assignment ...................................................................................... 738
38.6.2 Configuring the DNS Screen ............................................................................................ 738
38.6.3 (IPv6) Address Record ...................................................................................................... 742
38.6.4 PTR Record ......................................................................................................................... 742
38.6.5 Adding an (IPv6) Address/PTR Record .......................................................................... 742
38.6.6 CNAME Record ................................................................................................................. 743
38.6.7 Adding a CNAME Record ................................................................................................ 743
38.6.8 Domain Zone Forwarder ................................................................................................. 744
38.6.9 Adding a Domain Zone Forwarder ................................................................................. 744
38.6.10 MX Record ...................................................................................................................... 745
38.6.11 Adding a MX Record ...................................................................................................... 745
38.6.12 Security Option Control .................................................................................................. 746
38.6.13 Editing a Security Option Control .................................................................................. 746
38.6.14 Adding a DNS Service Control Rule .............................................................................. 747
38.7 WWW Overview .......................................................................................................................... 748
38.7.1 Service Access Limitations ............................................................................................... 748
38.7.2 System Timeout .................................................................................................................. 748
38.7.3 HTTPS ................................................................................................................................... 748
38.7.4 Configuring WWW Service Control ................................................................................. 749
38.7.5 Service Control Rules ........................................................................................................ 752
38.7.6 Customizing the WWW Login Page ................................................................................ 753
38.7.7 HTTPS Example ................................................................................................................... 758
38.8 SSH ............................................................................................................................................. 765
38.8.1 How SSH Works .................................................................................................................. 766
38.8.2 SSH Implementation on the Zyxel Device ...................................................................... 767
38.8.3 Requirements for Using SSH ..............................................................................................767
38.8.4 Configuring SSH ................................................................................................................. 767
38.8.5 Service Control Rules ........................................................................................................ 768
38.8.6 Secure Telnet Using SSH Examples .................................................................................. 769
38.9 Telnet ........................................................................................................................................... 770
38.9.1 Configuring Telnet ............................................................................................................. 770
38.9.2 Service Control Rules ........................................................................................................ 772
38.10 FTP .............................................................................................................................................. 772
38.10.1 Configuring FTP ................................................................................................................ 772
38.10.2 Service Control Rules ...................................................................................................... 774
38.11 SNMP ......................................................................................................................................... 774
38.11.1 SNMPv3 and Security ...................................................................................................... 775
/