ZyXEL UAG715 User guide

Quick Start Guide

www.zyxel.com

UAG715

Unified Access Gateway

Version 2.50

Edition 1, 08/2012

User’s Guide

Default Login Details

LAN IP Address https://192.168.1.1

User Name admin

Password 1234

UAG715 User’s Guide2

IMPORTANT!

READ CAREFULLY BEFORE USE.

KEEP THIS GUIDE FOR FUTURE REFERENCE.

Screenshots and graphics in this book may differ slightly from your product due to differences in

your product firmware or your computer operating system. Every effort has been made to ensure

that the information in this manual is accurate.

Related Documentation

•Quick Start Guide

The Quick Start Guide shows how to connect the UAG and access the Web Configurator wizards.

(See the wizard real time help for information on configuring each screen.) It also contains a

package contents list.

• CLI Reference Guide

The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the

UAG.

Note: It is recommended you use the Web Configurator to configure the UAG.

• Web Configurator Online Help

Click the help icon in any screen for help in configuring that screen and supplementary

information.

Contents Overview

UAG715 User’s Guide

3

Contents Overview

Introduction .............................................................................................................................................19

Hardware Installation and Connection ....................................................................................................34

Installation Setup Wizard ........................................................................................................................37

Quick Setup Wizards ...............................................................................................................................47

Dashboard ...............................................................................................................................................63

Monitor ....................................................................................................................................................73

Registration .............................................................................................................................................97

Interfaces ..............................................................................................................................................103

Trunks ...................................................................................................................................................143

Policy and Static Routes .......................................................................................................................153

Routing Protocols ..................................................................................................................................165

Zones ....................................................................................................................................................177

DDNS ....................................................................................................................................................181

NAT .......................................................................................................................................................187

VPN 1-1 Mapping ..................................................................................................................................195

HTTP Redirect ......................................................................................................................................201

SMTP Redirect ......................................................................................................................................205

ALG .......................................................................................................................................................209

IP/MAC Binding .....................................................................................................................................217

Web Authentication ...............................................................................................................................223

Firewall ..................................................................................................................................................239

IPSec VPN ............................................................................................................................................253

SSL VPN ...............................................................................................................................................285

SSL User Screens .................................................................................................................................295

ZyWALL SecuExtender .........................................................................................................................303

Bandwidth Management .......................................................................................................................307

ADP .......................................................................................................................................................317

Content Filtering ....................................................................................................................................333

User/Group ............................................................................................................................................355

Addresses .............................................................................................................................................368

Services ................................................................................................................................................373

Schedules .............................................................................................................................................378

AAA Server ...........................................................................................................................................382

Authentication Method ..........................................................................................................................390

Certificates ............................................................................................................................................394

ISP Accounts .........................................................................................................................................411

SSL Application .....................................................................................................................................414

Endpoint Security ..................................................................................................................................419

System ..................................................................................................................................................427

Contents Overview

UAG715 User’s Guide

4

Log and Report .....................................................................................................................................467

File Manager .........................................................................................................................................481

Diagnostics ...........................................................................................................................................492

Packet Flow Explore .............................................................................................................................500

Reboot ...................................................................................................................................................509

Shutdown ..............................................................................................................................................510

Troubleshooting ....................................................................................................................................511

Table of Contents

UAG715 User’s Guide

5

Table of Contents

Contents Overview ..............................................................................................................................3

Table of Contents .................................................................................................................................5

Chapter 1

Introduction.........................................................................................................................................19

1.1 Overview ...........................................................................................................................................19

1.1.1 Key Applications ......................................................................................................................19

1.2 Default Zones, Interfaces, and Ports .................................................................................................21

1.3 Management Overview .....................................................................................................................22

1.4 Web Configurator ..............................................................................................................................22

1.4.1 Web Configurator Access ........................................................................................................23

1.4.2 Web Configurator Screens Overview ......................................................................................23

1.4.3 Navigation Panel .....................................................................................................................26

1.4.4 Tables and Lists .......................................................................................................................30

1.5 Stopping the UAG .............................................................................................................................33

Chapter 2

Hardware Installation and Connection .............................................................................................34

2.1 Rack-mounting ..................................................................................................................................34

2.2 Front Panel ........................................................................................................................................35

2.2.1 Front Panel LEDs ....................................................................................................................36

2.3 Rear Panel ........................................................................................................................................36

Chapter 3

Installation Setup Wizard...................................................................................................................37

3.1 Installation Setup Wizard Screens ...................................................................................................37

3.1.1 Internet Access Setup - WAN Interface ..................................................................................37

3.1.2 Internet Access: Ethernet .......................................................................................................38

3.1.3 Internet Access: PPPoE ..........................................................................................................39

3.1.4 Internet Access: PPTP ...........................................................................................................41

3.1.5 ISP Parameters .......................................................................................................................41

3.1.6 Internet Access Setup - Second WAN Interface ......................................................................42

3.1.7 Internet Access - Finish ..........................................................................................................43

3.2 Device Registration .........................................................................................................................44

Chapter 4

Quick Setup Wizards..........................................................................................................................47

4.1 Quick Setup Overview .......................................................................................................................47

4.2 WAN Interface Quick Setup ..............................................................................................................47

Table of Contents

UAG715 User’s Guide

6

4.2.1 Choose an Ethernet Interface ..................................................................................................48

4.2.2 Select WAN Type .....................................................................................................................48

4.2.3 Configure WAN Settings ..........................................................................................................49

4.2.4 WAN and ISP Connection Settings .........................................................................................49

4.2.5 Quick Setup Interface Wizard: Summary ................................................................................51

4.3 VPN Setup Wizard ............................................................................................................................52

4.3.1 Welcome ..................................................................................................................................53

4.3.2 VPN Setup Wizard: Wizard Type .............................................................................................53

4.3.3 VPN Express Wizard - Scenario .............................................................................................54

4.3.4 VPN Express Wizard - Configuration .....................................................................................55

4.3.5 VPN Express Wizard - Summary ...........................................................................................56

4.3.6 VPN Express Wizard - Finish .................................................................................................56

4.3.7 VPN Advanced Wizard - Scenario .........................................................................................57

4.3.8 VPN Advanced Wizard - Phase 1 Settings .............................................................................58

4.3.9 VPN Advanced Wizard - Phase 2 ...........................................................................................59

4.3.10 VPN Advanced Wizard - Summary ......................................................................................60

4.3.11 VPN Advanced Wizard - Finish .............................................................................................61

Chapter 5

Dashboard...........................................................................................................................................63

5.1 Overview ...........................................................................................................................................63

5.1.1 What You Can Do in this Chapter ............................................................................................63

5.2 The Dashboard Screen .....................................................................................................................63

5.2.1 The CPU Usage Screen ..........................................................................................................68

5.2.2 The Memory Usage Screen .....................................................................................................68

5.2.3 The Active Sessions Screen ....................................................................................................69

5.2.4 The VPN Status Screen ...........................................................................................................70

5.2.5 The DHCP Table Screen .........................................................................................................70

5.2.6 The Number of Login Users Screen ........................................................................................71

Chapter 6

Monitor.................................................................................................................................................73

6.1 Overview ...........................................................................................................................................73

6.1.1 What You Can Do in this Chapter ............................................................................................73

6.2 The Port Statistics Screen ...............................................................................................................74

6.2.1 The Port Statistics Graph Screen ...........................................................................................75

6.3 Interface Status Screen ....................................................................................................................76

6.4 The Traffic Statistics Screen ..............................................................................................................78

6.5 The Session Monitor Screen ............................................................................................................80

6.6 The DDNS Status Screen .................................................................................................................82

6.7 IP/MAC Binding Monitor ....................................................................................................................83

6.8 The Login Users Screen ..................................................................................................................83

6.9 USB Storage Screen .........................................................................................................................84

Table of Contents

UAG715 User’s Guide

7

6.10 VPN 1-1 Mapping Status .................................................................................................................85

6.11 VPN 1-1 Mapping Statistics .............................................................................................................86

6.12 The IPSec Monitor Screen ..............................................................................................................87

6.12.1 Regular Expressions in Searching IPSec SAs ......................................................................88

6.13 The SSL Connection Monitor Screen ..............................................................................................88

6.14 The Content Filter Statistics Screen ................................................................................................89

6.15 Content Filter Cache Screen ...........................................................................................................91

6.16 Log Screen ......................................................................................................................................93

Chapter 7

Registration.........................................................................................................................................97

7.1 Overview ...........................................................................................................................................97

7.1.1 What You Can Do in this Chapter ............................................................................................97

7.1.2 What you Need to Know ..........................................................................................................97

7.2 Registration Screen ...........................................................................................................................98

7.3 Service Screen ................................................................................................................................100

Chapter 8

Interfaces...........................................................................................................................................103

8.1 Interface Overview ..........................................................................................................................103

8.1.1 What You Can Do in this Chapter ..........................................................................................103

8.1.2 What You Need to Know ........................................................................................................103

8.2 Port Role Screen .............................................................................................................................106

8.3 Ethernet Summary Screen ..............................................................................................................107

8.3.1 Ethernet Edit .........................................................................................................................108

8.3.2 Object References .................................................................................................................115

8.4 PPP Interfaces ................................................................................................................................115

8.4.1 PPP Interface Summary ........................................................................................................116

8.4.2 PPP Interface Add or Edit .....................................................................................................117

8.5 VLAN Interfaces .............................................................................................................................121

8.5.1 VLAN Summary Screen ........................................................................................................122

8.5.2 VLAN Add/Edit ......................................................................................................................123

8.6 Bridge Interfaces ............................................................................................................................128

8.6.1 Bridge Summary ....................................................................................................................130

8.6.2 Bridge Add/Edit .....................................................................................................................131

8.7 Virtual Interfaces .............................................................................................................................136

8.7.1 Virtual Interfaces Add/Edit .....................................................................................................136

8.8 Interface Technical Reference .........................................................................................................137

Chapter 9

Trunks................................................................................................................................................143

9.1 Overview .........................................................................................................................................143

9.1.1 What You Can Do in this Chapter ..........................................................................................143

Table of Contents

UAG715 User’s Guide

8

9.1.2 What You Need to Know ........................................................................................................143

9.2 The Trunk Summary Screen ...........................................................................................................146

9.2.1 Configuring a User-Defined Trunk .........................................................................................148

9.2.2 Configuring the System Default Trunk ..................................................................................150

Chapter 10

Policy and Static Routes..................................................................................................................153

10.1 Policy and Static Routes Overview ...............................................................................................153

10.1.1 What You Can Do in this Chapter ........................................................................................153

10.1.2 What You Need to Know .....................................................................................................154

10.2 Policy Route Screen ......................................................................................................................155

10.2.1 Policy Route Edit Screen .....................................................................................................157

10.3 IP Static Route Screen ..................................................................................................................161

10.3.1 Static Route Add/Edit Screen ..............................................................................................162

10.4 Policy Routing Technical Reference ..............................................................................................163

Chapter 11

Routing Protocols.............................................................................................................................165

11.1 Routing Protocols Overview ..........................................................................................................165

11.1.1 What You Can Do in this Chapter ........................................................................................165

11.1.2 What You Need to Know ......................................................................................................165

11.2 The RIP Screen .............................................................................................................................165

11.3 The OSPF Screen .........................................................................................................................167

11.3.1 Configuring the OSPF Screen .............................................................................................170

11.3.2 OSPF Area Add/Edit Screen ...............................................................................................172

11.3.3 Virtual Link Add/Edit Screen ...............................................................................................174

11.4 Routing Protocol Technical Reference ..........................................................................................174

Chapter 12

Zones.................................................................................................................................................177

12.1 Zones Overview ............................................................................................................................177

12.1.1 What You Can Do in this Chapter ........................................................................................177

12.1.2 What You Need to Know ......................................................................................................177

12.2 The Zone Screen ..........................................................................................................................178

12.3 Zone Edit .......................................................................................................................................179

Chapter 13

DDNS..................................................................................................................................................181

13.1 DDNS Overview ............................................................................................................................181

13.1.1 What You Can Do in this Chapter ........................................................................................181

13.1.2 What You Need to Know ......................................................................................................181

13.2 The DDNS Screen ........................................................................................................................182

13.2.1 The Dynamic DNS Add/Edit Screen ....................................................................................183

Table of Contents

UAG715 User’s Guide

9

Chapter 14

NAT.....................................................................................................................................................187

14.1 NAT Overview ...............................................................................................................................187

14.1.1 What You Can Do in this Chapter ........................................................................................187

14.1.2 What You Need to Know ......................................................................................................187

14.2 The NAT Screen ............................................................................................................................188

14.2.1 The NAT Add/Edit Screen ....................................................................................................189

14.3 NAT Technical Reference ..............................................................................................................191

Chapter 15

VPN 1-1 Mapping ..............................................................................................................................195

15.1 VPN 1-1 Mapping Overview ..........................................................................................................195

15.1.1 What You Can Do in this Chapter ........................................................................................195

15.1.2 What You Need to Know ......................................................................................................196

15.2 The VPN 1-1 Mapping Screen ......................................................................................................196

15.2.1 The VPN 1-1 Mapping Edit Screen .....................................................................................197

15.3 The VPN 1-1 Mapping Profile Screen ...........................................................................................198

Chapter 16

HTTP Redirect...................................................................................................................................201

16.1 Overview .......................................................................................................................................201

16.1.1 What You Can Do in this Chapter ........................................................................................201

16.1.2 What You Need to Know ......................................................................................................201

16.2 The HTTP Redirect Screen ...........................................................................................................202

16.2.1 The HTTP Redirect Edit Screen ..........................................................................................203

Chapter 17

SMTP Redirect ..................................................................................................................................205

17.1 Overview .......................................................................................................................................205

17.1.1 What You Can Do in this Chapter ........................................................................................205

17.1.2 What You Need to Know ......................................................................................................205

17.2 The SMTP Redirect Screen ..........................................................................................................206

17.2.1 The SMTP Redirect Edit Screen .........................................................................................207

Chapter 18

ALG ....................................................................................................................................................209

18.1 ALG Overview ...............................................................................................................................209

18.1.1 What You Can Do in this Chapter ........................................................................................209

18.1.2 What You Need to Know ......................................................................................................209

18.1.3 Before You Begin .................................................................................................................212

18.2 The ALG Screen ...........................................................................................................................212

18.3 ALG Technical Reference .............................................................................................................214

Table of Contents

UAG715 User’s Guide

10

Chapter 19

IP/MAC Binding.................................................................................................................................217

19.1 IP/MAC Binding Overview .............................................................................................................217

19.1.1 What You Can Do in this Chapter ........................................................................................217

19.1.2 What You Need to Know ......................................................................................................217

19.2 IP/MAC Binding Summary ............................................................................................................218

19.2.1 IP/MAC Binding Edit ............................................................................................................219

19.2.2 Static DHCP Edit .................................................................................................................220

19.3 IP/MAC Binding Exempt List .........................................................................................................220

Chapter 20

Web Authentication..........................................................................................................................223

20.1 Overview .......................................................................................................................................223

20.1.1 What You Can Do in this Chapter ........................................................................................224

20.1.2 What You Need to Know ......................................................................................................224

20.2 Web Authentication Screen ...........................................................................................................225

20.2.1 Creating/Editing an Authentication Policy ............................................................................228

20.3 User-aware Access Control Example ...........................................................................................230

20.3.1 Set Up User Accounts .........................................................................................................230

20.3.2 Set Up User Groups ............................................................................................................231

20.3.3 Set Up User Authentication Using the RADIUS Server .......................................................231

20.3.4 User Group Authentication Using the RADIUS Server ........................................................234

20.4 Endpoint Security (EPS) Example ................................................................................................235

20.4.1 Configure the Endpoint Security Objects .............................................................................235

20.4.2 Configure the Authentication Policy .....................................................................................237

Chapter 21

Firewall ..............................................................................................................................................239

21.1 Overview .......................................................................................................................................239

21.1.1 What You Can Do in this Chapter ........................................................................................239

21.1.2 What You Need to Know ......................................................................................................239

21.2 The Firewall Screen ......................................................................................................................242

21.2.1 Configuring the Firewall Screen ..........................................................................................242

21.2.2 The Firewall Add/Edit Screen ..............................................................................................245

21.3 The Session Limit Screen .............................................................................................................246

21.3.1 The Session Limit Add/Edit Screen .....................................................................................247

21.4 Firewall Rule Configuration Example ............................................................................................248

21.5 Firewall Rule Example Applications ..............................................................................................250

Chapter 22

IPSec VPN..........................................................................................................................................253

22.1 Virtual Private Networks (VPN) Overview .....................................................................................253

22.1.1 What You Can Do in this Chapter ........................................................................................254

Table of Contents

UAG715 User’s Guide

11

22.1.2 What You Need to Know ......................................................................................................254

22.1.3 Before You Begin .................................................................................................................256

22.2 The VPN Connection Screen ........................................................................................................256

22.2.1 The VPN Connection Add/Edit (IKE) Screen .......................................................................257

22.2.2 The VPN Connection Add/Edit Manual Key Screen ............................................................263

22.3 The VPN Gateway Screen ...........................................................................................................265

22.3.1 The VPN Gateway Add/Edit Screen ...................................................................................266

22.4 IPSec VPN Background Information .............................................................................................272

Chapter 23

SSL VPN ............................................................................................................................................285

23.1 Overview .......................................................................................................................................285

23.1.1 What You Can Do in this Chapter ........................................................................................285

23.1.2 What You Need to Know ......................................................................................................285

23.2 The SSL Access Privilege Screen ................................................................................................286

23.2.1 The SSL Access Policy Add/Edit Screen ...........................................................................287

23.3 The SSL Global Setting Screen ...................................................................................................290

23.3.1 How to Upload a Custom Logo ............................................................................................292

23.4 SSL VPN Example ........................................................................................................................293

Chapter 24

SSL User Screens.............................................................................................................................295

24.1 Overview .......................................................................................................................................295

24.1.1 What You Need to Know ......................................................................................................295

24.2 Remote SSL User Login ...............................................................................................................296

24.3 The SSL VPN User Screens .........................................................................................................299

24.4 Bookmarking the UAG ..................................................................................................................300

24.5 Logging Out of the SSL VPN User Screens ..................................................................................301

24.6 SSL User Application Screen ........................................................................................................301

Chapter 25

ZyWALL SecuExtender ....................................................................................................................303

25.1 The ZyWALL SecuExtender Icon ..................................................................................................303

25.2 Status ............................................................................................................................................303

25.3 View Log .......................................................................................................................................304

25.4 Suspend and Resume the Connection .........................................................................................305

25.5 Stop the Connection ......................................................................................................................305

25.6 Uninstalling the ZyWALL SecuExtender .......................................................................................305

Chapter 26

Bandwidth Management...................................................................................................................307

26.1 Overview .......................................................................................................................................307

26.1.1 What You Can Do in this Chapter ........................................................................................307

Table of Contents

UAG715 User’s Guide

12

26.1.2 What You Need to Know .....................................................................................................307

26.2 The Bandwidth Management Screen ............................................................................................311

26.2.1 The Bandwidth Management Add/Edit Screen ....................................................................313

Chapter 27

ADP ....................................................................................................................................................317

27.1 Overview .......................................................................................................................................317

27.1.1 What You Can Do in this Chapter .......................................................................................317

27.1.2 What You Need To Know .....................................................................................................317

27.1.3 Before You Begin .................................................................................................................318

27.2 The ADP General Screen .............................................................................................................318

27.3 The Profile Summary Screen .......................................................................................................319

27.3.1 Configuring The ADP Profile Summary Screen ...................................................................319

27.3.2 Base Profiles .......................................................................................................................320

27.3.3 Creating New ADP Profiles .................................................................................................321

27.3.4 Traffic Anomaly Profiles ......................................................................................................321

27.3.5 Protocol Anomaly Profiles ..................................................................................................324

27.3.6 Protocol Anomaly Configuration ..........................................................................................324

27.4 ADP Technical Reference .............................................................................................................327

Chapter 28

Content Filtering...............................................................................................................................333

28.1 Overview .......................................................................................................................................333

28.1.1 What You Can Do in this Chapter ........................................................................................333

28.1.2 What You Need to Know ......................................................................................................333

28.1.3 Before You Begin .................................................................................................................334

28.2 Content Filter General Screen ......................................................................................................335

28.2.1 Content Filter Policy Add or Edit Screen ............................................................................337

28.3 Content Filter Profile Screen ........................................................................................................338

28.4 Content Filter Category Service Screen .......................................................................................339

28.4.1 Content Filter Blocked and Warning Messages ...................................................................350

28.5 Content Filter Custom Service Screen .........................................................................................350

28.6 Content Filter Technical Reference ...............................................................................................353

Chapter 29

User/Group........................................................................................................................................355

29.1 Overview .......................................................................................................................................355

29.1.1 What You Can Do in this Chapter ........................................................................................355

29.1.2 What You Need To Know .....................................................................................................355

29.2 User Summary Screen ..................................................................................................................357

29.2.1 User Add/Edit Screen ..........................................................................................................358

29.3 User Group Summary Screen .......................................................................................................360

29.3.1 Group Add/Edit Screen ........................................................................................................361

Table of Contents

UAG715 User’s Guide

13

29.4 The User/Group Setting Screen ...................................................................................................362

29.4.1 Default User Settings Edit Screens .....................................................................................364

29.4.2 User Aware Login Example .................................................................................................365

29.5 User /Group Technical Reference .................................................................................................366

Chapter 30

Addresses .........................................................................................................................................368

30.1 Overview .......................................................................................................................................368

30.1.1 What You Can Do in this Chapter ........................................................................................368

30.1.2 What You Need To Know .....................................................................................................368

30.2 Address Summary Screen ............................................................................................................368

30.2.1 Address Add/Edit Screen ....................................................................................................369

30.3 Address Group Summary Screen .................................................................................................370

30.3.1 Address Group Add/Edit Screen .........................................................................................371

Chapter 31

Services.............................................................................................................................................373

31.1 Overview .......................................................................................................................................373

31.1.1 What You Can Do in this Chapter ........................................................................................373

31.1.2 What You Need to Know ......................................................................................................373

31.2 The Service Summary Screen ......................................................................................................374

31.2.1 The Service Add/Edit Screen ..............................................................................................375

31.3 The Service Group Summary Screen ..........................................................................................376

31.3.1 The Service Group Add/Edit Screen ...................................................................................376

Chapter 32

Schedules..........................................................................................................................................378

32.1 Overview .......................................................................................................................................378

32.1.1 What You Can Do in this Chapter ........................................................................................378

32.1.2 What You Need to Know ......................................................................................................378

32.2 The Schedule Summary Screen ...................................................................................................379

32.2.1 The One-Time Schedule Add/Edit Screen ...........................................................................380

32.2.2 The Recurring Schedule Add/Edit Screen ...........................................................................381

Chapter 33

AAA Server........................................................................................................................................382

33.1 Overview .......................................................................................................................................382

33.1.1 Directory Service (AD/LDAP) ..............................................................................................382

33.1.2 RADIUS Server ...................................................................................................................382

33.1.3 What You Can Do in this Chapter ........................................................................................383

33.1.4 What You Need To Know .....................................................................................................383

33.2 Active Directory or LDAP Server Summary ..................................................................................384

33.2.1 Adding an Active Directory or LDAP Server ........................................................................385

Table of Contents

UAG715 User’s Guide

14

33.3 RADIUS Server Summary .............................................................................................................387

33.3.1 Adding a RADIUS Server ...................................................................................................388

Chapter 34

Authentication Method.....................................................................................................................390

34.1 Overview .......................................................................................................................................390

34.1.1 What You Can Do in this Chapter ........................................................................................390

34.1.2 Before You Begin .................................................................................................................390

34.1.3 Example: Selecting a VPN Authentication Method ..............................................................390

34.2 Authentication Method Objects .....................................................................................................391

34.2.1 Creating an Authentication Method Object ..........................................................................391

Chapter 35

Certificates........................................................................................................................................394

35.1 Overview .......................................................................................................................................394

35.1.1 What You Can Do in this Chapter ........................................................................................394

35.1.2 What You Need to Know ......................................................................................................394

35.1.3 Verifying a Certificate ...........................................................................................................396

35.2 The My Certificates Screen ...........................................................................................................397

35.2.1 The My Certificates Add Screen ..........................................................................................398

35.2.2 The My Certificates Edit Screen ..........................................................................................401

35.2.3 The My Certificates Import Screen .....................................................................................404

35.3 The Trusted Certificates Screen ..................................................................................................405

35.3.1 The Trusted Certificates Edit Screen ..................................................................................406

35.3.2 The Trusted Certificates Import Screen ..............................................................................409

Chapter 36

ISP Accounts.....................................................................................................................................411

36.1 Overview .......................................................................................................................................411

36.1.1 What You Can Do in this Chapter ........................................................................................411

36.2 ISP Account Summary ..................................................................................................................411

36.2.1 ISP Account Edit .................................................................................................................412

Chapter 37

SSL Application................................................................................................................................414

37.1 Overview .......................................................................................................................................414

37.1.1 What You Can Do in this Chapter ........................................................................................414

37.1.2 What You Need to Know ......................................................................................................414

37.1.3 Example: Specifying a Web Site for Access ........................................................................415

37.2 The SSL Application Screen .........................................................................................................416

37.2.1 Creating/Editing an SSL Application Object ........................................................................417

Chapter 38

Endpoint Security.............................................................................................................................419

Table of Contents

UAG715 User’s Guide

15

38.1 Overview .......................................................................................................................................419

38.1.1 What You Can Do in this Chapter ........................................................................................419

38.1.2 What You Need to Know ......................................................................................................420

38.2 Endpoint Security Screen ..............................................................................................................420

38.3 Endpoint Security Add/Edit ...........................................................................................................421

Chapter 39

System...............................................................................................................................................427

39.1 Overview .......................................................................................................................................427

39.1.1 What You Can Do in this Chapter ........................................................................................427

39.2 Host Name ....................................................................................................................................428

39.3 USB Storage .................................................................................................................................428

39.4 Date and Time ...............................................................................................................................429

39.4.1 Pre-defined NTP Time Servers List .....................................................................................432

39.4.2 Time Server Synchronization ...............................................................................................432

39.5 Console Port Speed ......................................................................................................................433

39.6 DNS Overview ...............................................................................................................................434

39.6.1 DNS Server Address Assignment .......................................................................................434

39.6.2 Configuring the DNS Screen ...............................................................................................434

39.6.3 Address Record ..................................................................................................................436

39.6.4 PTR Record .........................................................................................................................436

39.6.5 Adding an Address/PTR Record .........................................................................................436

39.6.6 Domain Zone Forwarder .....................................................................................................437

39.6.7 Adding a Domain Zone Forwarder ......................................................................................437

39.6.8 MX Record ..........................................................................................................................438

39.6.9 Adding a MX Record ...........................................................................................................438

39.6.10 Adding a DNS Service Control Rule ..................................................................................439

39.7 WWW Overview ............................................................................................................................439

39.7.1 Service Access Limitations ..................................................................................................440

39.7.2 System Timeout ...................................................................................................................440

39.7.3 HTTPS .................................................................................................................................440

39.7.4 Configuring WWW Service Control .....................................................................................441

39.7.5 Service Control Rules ..........................................................................................................444

39.7.6 Customizing the WWW Login Page ....................................................................................445

39.7.7 HTTPS Example ..................................................................................................................449

39.8 SSH ............................................................................................................................................456

39.8.1 How SSH Works ..................................................................................................................457

39.8.2 SSH Implementation on the UAG ........................................................................................458

39.8.3 Requirements for Using SSH ...............................................................................................458

39.8.4 Configuring SSH ..................................................................................................................458

39.8.5 Secure Telnet Using SSH Examples ...................................................................................459

39.9 Telnet ............................................................................................................................................461

39.9.1 Configuring Telnet ................................................................................................................461

Table of Contents

UAG715 User’s Guide

16

39.10 FTP ............................................................................................................................................462

39.10.1 Configuring FTP ................................................................................................................462

39.11 SNMP .........................................................................................................................................463

39.11.1 Supported MIBs .................................................................................................................464

39.11.2 SNMP Traps ......................................................................................................................465

39.11.3 Configuring SNMP .............................................................................................................465

Chapter 40

Log and Report .................................................................................................................................467

40.1 Overview .......................................................................................................................................467

40.1.1 What You Can Do In this Chapter ........................................................................................467

40.2 Email Daily Report ........................................................................................................................467

40.3 Log Setting Screens .....................................................................................................................469

40.3.1 Log Setting Summary ..........................................................................................................469

40.3.2 Edit System Log Settings ...................................................................................................471

40.3.3 Edit Log on USB Storage Setting .......................................................................................473

40.3.4 Edit Remote Server Log Settings .......................................................................................475

40.3.5 Active Log Summary Screen ...............................................................................................477

Chapter 41

File Manager......................................................................................................................................481

41.1 Overview .......................................................................................................................................481

41.1.1 What You Can Do in this Chapter ........................................................................................481

41.1.2 What you Need to Know ......................................................................................................481

41.2 The Configuration File Screen ......................................................................................................483

41.3 The Firmware Package Screen ....................................................................................................487

41.4 The Shell Script Screen ...............................................................................................................489

Chapter 42

Diagnostics ......................................................................................................................................492

42.1 Overview .......................................................................................................................................492

42.1.1 What You Can Do in this Chapter ........................................................................................492

42.2 The Diagnostics Screen ................................................................................................................492

42.2.1 The Diagnostics Files Screen ..............................................................................................493

42.3 The Packet Capture Screen ..........................................................................................................494

42.3.1 The Packet Capture Files Screen ........................................................................................496

42.4 Core Dump Screen .......................................................................................................................497

42.4.1 Core Dump Files Screen .....................................................................................................497

42.5 The System Log Screen ................................................................................................................498

Chapter 43

Packet Flow Explore.........................................................................................................................500

43.1 Overview .......................................................................................................................................500

Table of Contents

UAG715 User’s Guide

17

43.1.1 What You Can Do in this Chapter ........................................................................................500

43.2 The Routing Status Screen ...........................................................................................................500

43.3 The SNAT Status Screen ..............................................................................................................505

Chapter 44

Reboot ...............................................................................................................................................509

44.1 Overview .......................................................................................................................................509

44.1.1 What You Need To Know .....................................................................................................509

44.2 The Reboot Screen .......................................................................................................................509

Chapter 45

Shutdown...........................................................................................................................................510

45.1 Overview .......................................................................................................................................510

45.1.1 What You Need To Know .....................................................................................................510

45.2 The Shutdown Screen ...................................................................................................................510

Chapter 46

Troubleshooting................................................................................................................................511

46.1 Resetting the UAG ........................................................................................................................519

46.2 Getting More Troubleshooting Help ..............................................................................................520

Appendix A Legal Information..........................................................................................................521

Index ..................................................................................................................................................525

Table of Contents

UAG715 User’s Guide

18

UAG715 User’s Guide 19

CHAPTER 1

Introduction

1.1 Overview

The UAG is a comprehensive service gateway. Its flexible configuration helps network

administrators set up the network and enforce security policies efficiently.

The UAG provides excellent throughput with the reliability of dual WAN Gigabit Ethernet ports and

load balancing. It also provides bandwidth management, NAT, port forwarding, policy routing, DHCP

server and many other powerful features.

You can use web authentication to allow guests to access the network only after they authenticate

with the UAG through a specifically designated login web page. You can also forward the

authenticated client's e-mail messages to a specific SMTP server.

The UAG’s security features include VPN, firewall, content filtering, ADP (Anomaly Detection and

Protection), and certificates.

The UAG lets you set up multiple networks for your company. The De-Militarized Zone (DMZ)

increases LAN security by providing separate ports for connecting publicly accessible servers. The

UAG also provides two separate LAN networks. You can set ports to be part of the LAN1, LAN2 or

DMZ. Alternatively, you can deploy the UAG as a transparent firewall in an existing network with

minimal configuration.

1.1.1 Key Applications

Here are some UAG application scenarios. The following chapters have configuration tutorials.

Security Router

Security features include a stateful inspection firewall, anomaly detection & prevention, and content

filtering.

Figure 1 Applications: Security Router

Chapter 1 Introduction

UAG715 User’s Guide

20

VPN Connectivity

Set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to

provide secure access to your network.

Figure 2 Applications: VPN Connectivity

SSL VPN Network Access

SSL VPN lets remote users use their web browsers for a very easy-to-use VPN solution. A user just

browses to the UAG’s web address and enters his user name and password to securely connect to

the UAG’s network. Here full tunnel mode creates a virtual connection for a remote user and gives

him a private IP address in the same subnet as the local network so he can access network

resources in the same way as if he were part of the internal network.

Figure 3 SSL VPN With Full Tunnel Mode

User-Aware Access Control

Set up security policies to restrict access to sensitive information and shared resources based on

the user who is trying to access it. In the following figure user A can access both the Internet and

an internal file server. User B has a lower level of access and can only access the Internet. User C is

not even logged in and cannot access either.

Authentication Server

File

Email

Web-based

Server

Application

Web Mail

Web-based Application

https://

Application Server

Non-Web

LAN (192.168.1.X)

Page is loading ...

ZyXEL UAG715 User guide

ZyXEL UAG715 User guide

Related papers

Other documents