User Guide
Page 2
...37 Set Up an IPv6-in-IPv4 Tunnel Video Example 42 Content Filtering Video Example 56 ZyWALL IPSec VPN Client Configuration Provisioning Video Example 72 SSL VPN Video Example 74 Configuring L2TP VPN on configuring each screen.) It also contains a connection diagram and package contents list. ...in Windows 7 Video Example 85 Bandwidth Management Video Example 100 AppPatrol Video Example 117 2 ZyWALL USG100-PLUS User's Guide Related Documentation • Quick Start Guide The Quick Start Guid shows how to configure the ZyWALL. KEEP THIS GUIDE FOR FUTURE REFERENCE. Videos IMPORTANT! ...
...37 Set Up an IPv6-in-IPv4 Tunnel Video Example 42 Content Filtering Video Example 56 ZyWALL IPSec VPN Client Configuration Provisioning Video Example 72 SSL VPN Video Example 74 Configuring L2TP VPN on configuring each screen.) It also contains a connection diagram and package contents list. ...in Windows 7 Video Example 85 Bandwidth Management Video Example 100 AppPatrol Video Example 117 2 ZyWALL USG100-PLUS User's Guide Related Documentation • Quick Start Guide The Quick Start Guid shows how to configure the ZyWALL. KEEP THIS GUIDE FOR FUTURE REFERENCE. Videos IMPORTANT! ...
User Guide
Page 3
... 1.1 Overview ...5 1.2 Default Zones, Interfaces, and Ports 7 1.3 Management Overview ...7 1.4 Web Configurator ...8 1.5 Stopping the ZyWALL ...19 1.6 Rack-mounting ...19 1.7 Front Panel ...20 How to Set Up Your Network ...21 2.1 Wizard Overview ...21 ... Policy Configuration ...60 Create Secure Connections Across the Internet 63 4.1 IPSec VPN ...63 4.2 VPN Concentrator Example ...65 4.3 Hub-and-spoke IPSec VPN Without VPN Concentrator 67 4.4 ZyWALL IPSec VPN Client Configuration Provisioning 69 4.5 SSL VPN ...73 4.6 L2TP VPN with Android, iOS, and Windows 75 4.7 One-Time Password Version 2...
... 1.1 Overview ...5 1.2 Default Zones, Interfaces, and Ports 7 1.3 Management Overview ...7 1.4 Web Configurator ...8 1.5 Stopping the ZyWALL ...19 1.6 Rack-mounting ...19 1.7 Front Panel ...20 How to Set Up Your Network ...21 2.1 Wizard Overview ...21 ... Policy Configuration ...60 Create Secure Connections Across the Internet 63 4.1 IPSec VPN ...63 4.2 VPN Concentrator Example ...65 4.3 Hub-and-spoke IPSec VPN Without VPN Concentrator 67 4.4 ZyWALL IPSec VPN Client Configuration Provisioning 69 4.5 SSL VPN ...73 4.6 L2TP VPN with Android, iOS, and Windows 75 4.7 One-Time Password Version 2...
User Guide
Page 6
... address and enters his user name and password to securely connect to -use their web browsers for a very easy-to the ZyWALL's network. Figure 4 SSL VPN With Full Tunnel Mode LAN (192.168.1.X) https:// Web Mail File Share Non-Web Web-based Application Application Server User-Aware Access Control Set ...so he were part of access and can only access the Internet. Here full tunnel mode creates a virtual connection for Web Configurator, Web access, SSL VPN, and ZyXEL IPSec VPN client user logins. User B has a lower level of the internal network. User C is trying to access it.
... address and enters his user name and password to securely connect to -use their web browsers for a very easy-to the ZyWALL's network. Figure 4 SSL VPN With Full Tunnel Mode LAN (192.168.1.X) https:// Web Mail File Share Non-Web Web-based Application Application Server User-Aware Access Control Set ...so he were part of access and can only access the Internet. Here full tunnel mode creates a virtual connection for Web Configurator, Web access, SSL VPN, and ZyXEL IPSec VPN client user logins. User B has a lower level of the internal network. User C is trying to access it.
User Guide
Page 12
...viruses that the ZyWALL has detected. Anti-Spam...ZyWALL is currently checking and DNSBL (Domain Name Service-based spam Black List) statistics. IP/MAC Binding Lists the devices that have received an IP address from ZyWALL interfaces using IP/MAC binding. VPN... Monitor IPSec Displays and manages the active IPSec SAs. You can re-arrange to the ZyWALL...the ZyWALL. L2TP over IPSec Displays details about the ZyWALL's... ZyWALL's URL cache. Log Lists log entries. 12 ZyWALL USG100... Displays the status of the ZyWALL's DDNS domain names. Chapter ...
...viruses that the ZyWALL has detected. Anti-Spam...ZyWALL is currently checking and DNSBL (Domain Name Service-based spam Black List) statistics. IP/MAC Binding Lists the devices that have received an IP address from ZyWALL interfaces using IP/MAC binding. VPN... Monitor IPSec Displays and manages the active IPSec SAs. You can re-arrange to the ZyWALL...the ZyWALL. L2TP over IPSec Displays details about the ZyWALL's... ZyWALL's URL cache. Log Lists log entries. 12 ZyWALL USG100... Displays the status of the ZyWALL's DDNS domain names. Chapter ...
User Guide
Page 13
...VLAN interfaces and virtual VLAN interfaces. IP/MAC Binding Summary Configure IP to which the ZyWALL does not apply IP/MAC binding. Exempt List Configure ranges of concurrent client NAT/firewall sessions. Licensing Registration Registration Register the device and activate trial services. DDNS ... define various policies. Routing Policy Route Create and manage routing policies. ALG Configure SIP, H.323, and FTP pass-through settings. VPN ZyWALL USG100-PLUS User's Guide 13 Trunk Create and manage trunks (groups of interfaces) for load balancing. NAT Set up and manage ...
...VLAN interfaces and virtual VLAN interfaces. IP/MAC Binding Summary Configure IP to which the ZyWALL does not apply IP/MAC binding. Exempt List Configure ranges of concurrent client NAT/firewall sessions. Licensing Registration Registration Register the device and activate trial services. DDNS ... define various policies. Routing Policy Route Create and manage routing policies. ALG Configure SIP, H.323, and FTP pass-through settings. VPN ZyWALL USG100-PLUS User's Guide 13 Trunk Create and manage trunks (groups of interfaces) for load balancing. NAT Set up and manage ...
User Guide
Page 14
... off and manage anti-spam policies. Concentrator Combine IPSec VPN connections into a single secure network Configuration Provisioning Set who can retrieve VPN rule settings from the ZyWALL using the ZyWALL IPSec VPN Client. Forbidden Web Sites Create a list of virus file patterns. Global Setting Configure the ZyWALL's SSL VPN settings that bypass content filtering policies. AppPatrol General Enable...
... off and manage anti-spam policies. Concentrator Combine IPSec VPN connections into a single secure network Configuration Provisioning Set who can retrieve VPN rule settings from the ZyWALL using the ZyWALL IPSec VPN Client. Forbidden Web Sites Create a list of virus file patterns. Global Setting Configure the ZyWALL's SSL VPN settings that bypass content filtering policies. AppPatrol General Enable...
User Guide
Page 46
.... 4 Then, set up the authentication method, Click Configuration > Object > Auth. Click the Add icon. 5 Configure the ZyWALL's security settings. The ZyWALL only apply's a zone's rules to the interfaces that the traffic would also match. • Even if you have configured... comes before giving them access. 1 Set up user accounts in authenticating wireless clients, HTTP and HTTPS clients, IPSec gateways (extended authentication), L2TP VPN, and authentication policy. 3.2.1 What Can Go Wrong • The ZyWALL always authenticates the default admin account locally, regardless of users.
.... 4 Then, set up the authentication method, Click Configuration > Object > Auth. Click the Add icon. 5 Configure the ZyWALL's security settings. The ZyWALL only apply's a zone's rules to the interfaces that the traffic would also match. • Even if you have configured... comes before giving them access. 1 Set up user accounts in authenticating wireless clients, HTTP and HTTPS clients, IPSec gateways (extended authentication), L2TP VPN, and authentication policy. 3.2.1 What Can Go Wrong • The ZyWALL always authenticates the default admin account locally, regardless of users.
User Guide
Page 63
... create secure connections across the Internet. • IPSec VPN on page 63 • VPN Concentrator Example on page 65 • Hub-and-spoke IPSec VPN Without VPN Concentrator on page 67 • ZyWALL IPSec VPN Client Configuration Provisioning on page 69 • SSL VPN on page 73 • L2TP VPN with Android, iOS, and Windows on page 75 •...
... create secure connections across the Internet. • IPSec VPN on page 63 • VPN Concentrator Example on page 65 • Hub-and-spoke IPSec VPN Without VPN Concentrator on page 67 • ZyWALL IPSec VPN Client Configuration Provisioning on page 69 • SSL VPN on page 73 • L2TP VPN with Android, iOS, and Windows on page 75 •...
User Guide
Page 69
...-PLUS User's Guide 69 Figure 29 IPSec VPN Configuration Provisioning Process 1 User Charlotte with the ZyWALL IPSec VPN Client sends her user name and password to the ZyWALL. 2 The ZyWALL sends the settings for the matching VPN rule. 4.4.1 Overview of What to Do 1 Create a VPN rule on the ZyWALL using the VPN Configuration Provisioning wizard. 2 Configure a username and password for...
...-PLUS User's Guide 69 Figure 29 IPSec VPN Configuration Provisioning Process 1 User Charlotte with the ZyWALL IPSec VPN Client sends her user name and password to the ZyWALL. 2 The ZyWALL sends the settings for the matching VPN rule. 4.4.1 Overview of What to Do 1 Create a VPN rule on the ZyWALL using the VPN Configuration Provisioning wizard. 2 Configure a username and password for...
User Guide
Page 70
... this rule's settings using the ZyWALL IPSec VPN Client. 4 On the ZyWALL IPSec VPN Client, select Configuration > Get From Server. 5 Enter the WAN IP address or URL for the ZyWALL. Figure 30 ZyWALL IPSec VPN Client with VPN Tunnel Connected 4.4.2 Configuration Steps 1 In the ZyWALL Quick Setup wizard, use the VPN Settings for Configuration Provisioning wizard to create a VPN rule that can access the...
... this rule's settings using the ZyWALL IPSec VPN Client. 4 On the ZyWALL IPSec VPN Client, select Configuration > Get From Server. 5 Enter the WAN IP address or URL for the ZyWALL. Figure 30 ZyWALL IPSec VPN Client with VPN Tunnel Connected 4.4.2 Configuration Steps 1 In the ZyWALL Quick Setup wizard, use the VPN Settings for Configuration Provisioning wizard to create a VPN rule that can access the...
User Guide
Page 71
The rule settings are now imported from the ZyWALL into the ZyWALL IPSec VPN Client. Chapter 4 Create Secure Connections Across the Internet 6 Click OK. ZyWALL USG100-PLUS User's Guide 71
The rule settings are now imported from the ZyWALL into the ZyWALL IPSec VPN Client. Chapter 4 Create Secure Connections Across the Internet 6 Click OK. ZyWALL USG100-PLUS User's Guide 71
User Guide
Page 72
...the user name and password are configured . After clicking play, you may be Local. 72 ZyWALL USG100-PLUS User's Guide Chapter 4 Create Secure Connections Across the Internet 4.4.3 ZyWALL IPSec VPN Client Configuration Provisioning Video Example Use Adobe Reader 9 or later or a recent version of Foxit ... an actual different IP address. • There is a login problem: Reenter the user name (Login) and password in the ZyWALL IPSec VPN Client exactly as configured on the network environment. Check that the rule does not contain AH active protocol, NULL encryption, SHA512 authentication,...
...the user name and password are configured . After clicking play, you may be Local. 72 ZyWALL USG100-PLUS User's Guide Chapter 4 Create Secure Connections Across the Internet 4.4.3 ZyWALL IPSec VPN Client Configuration Provisioning Video Example Use Adobe Reader 9 or later or a recent version of Foxit ... an actual different IP address. • There is a login problem: Reenter the user name (Login) and password in the ZyWALL IPSec VPN Client exactly as configured on the network environment. Check that the rule does not contain AH active protocol, NULL encryption, SHA512 authentication,...
User Guide
Page 73
...) on your computer. Chapter 4 Create Secure Connections Across the Internet • There's a network connectivity problem between the ZyWALL and the ZyWALL IPSec VPN Client: Check that the correct ZyWALL IP address and HTTPS port (if the default port was changed) was entered. Here a user uses his user name ...and password to network resources in through the ZyWALL, you were on which the ZyWALL IPSec VPN Client is no reply, check that the entry has a yellow Status icon. 4.5 SSL VPN SSL VPN uses remote users' web browsers to provide the easiest-to-use of the...
...) on your computer. Chapter 4 Create Secure Connections Across the Internet • There's a network connectivity problem between the ZyWALL and the ZyWALL IPSec VPN Client: Check that the correct ZyWALL IP address and HTTPS port (if the default port was changed) was entered. Here a user uses his user name ...and password to network resources in through the ZyWALL, you were on which the ZyWALL IPSec VPN Client is no reply, check that the entry has a yellow Status icon. 4.5 SSL VPN SSL VPN uses remote users' web browsers to provide the easiest-to-use of the...
User Guide
Page 75
...configuration disconnects SSL VPN network extension sessions. Figure 32 L2TP VPN Example 172.16.1.2 LAN1_SUBNET: 192.168.1.x L2TP_POOL: 192.168.10.10~192.168.10.20 • The ZyWALL has a WAN interface with Android, iOS, and Windows L2TP VPN uses the L2TP and IPSec client software included in... in the Default_L2TP_VPN_GW and set the VPN connection L2TP VPN uses, the L2TP client IP address pool, the authentication method, and the allowed users. 4 Configure a policy route to let remote users access resources on the network behind the ZyWALL. 1 L2TP VPN uses one of 172.16.1.2. •...
...configuration disconnects SSL VPN network extension sessions. Figure 32 L2TP VPN Example 172.16.1.2 LAN1_SUBNET: 192.168.1.x L2TP_POOL: 192.168.10.10~192.168.10.20 • The ZyWALL has a WAN interface with Android, iOS, and Windows L2TP VPN uses the L2TP and IPSec client software included in... in the Default_L2TP_VPN_GW and set the VPN connection L2TP VPN uses, the L2TP client IP address pool, the authentication method, and the allowed users. 4 Configure a policy route to let remote users access resources on the network behind the ZyWALL. 1 L2TP VPN uses one of 172.16.1.2. •...
User Guide
Page 77
... this example). • Set the Destination Address to the IP address pool that the ZyWALL assigns to the remote users (L2TP_POOL in this example)). • Set the next hop to be the VPN tunnel that you are using for the users allowed to create a user object for L2TP... VPN. Click Create New Object > User/Group to use the tunnel. Enable the connection. Set IP Address Pool to create an IP address pool for the L2TP VPN clients. Chapter 4 Create Secure Connections Across the Internet 3 Click Configuration > VPN > L2TP VPN and then Create New Object >...
... this example). • Set the Destination Address to the IP address pool that the ZyWALL assigns to the remote users (L2TP_POOL in this example)). • Set the next hop to be the VPN tunnel that you are using for the users allowed to create a user object for L2TP... VPN. Click Create New Object > User/Group to use the tunnel. Enable the connection. Set IP Address Pool to create an IP address pool for the L2TP VPN clients. Chapter 4 Create Secure Connections Across the Internet 3 Click Configuration > VPN > L2TP VPN and then Create New Object >...
User Guide
Page 78
...a routing policy that sends the ZyWALL's return traffic back through a WAN trunk. • Set Incoming to Tunnel and select your L2TP VPN connection. • Set the Source Address to be the VPN tunnel that you are using for L2TP. If some of the traffic from the L2TP clients needs to go to the Internet..., create a policy route to send traffic from the L2TP tunnels out through the L2TP VPN tunnel. • Set Incoming to ZyWALL. • Set Destination Address to the L2TP address pool. • Set ...
...a routing policy that sends the ZyWALL's return traffic back through a WAN trunk. • Set Incoming to Tunnel and select your L2TP VPN connection. • Set the Source Address to be the VPN tunnel that you are using for L2TP. If some of the traffic from the L2TP clients needs to go to the Internet..., create a policy route to send traffic from the L2TP tunnels out through the L2TP VPN tunnel. • Set Incoming to ZyWALL. • Set Destination Address to the L2TP address pool. • Set ...
User Guide
Page 90
...SafeWord 2008 authentication server software, hardware OTPv2 tokens, and software OTPv2 tokens for Web Configurator, Web access, SSL VPN, and ZyXEL IPSec VPN client user logins. For each login a user must use his normal account user name and password (the second ...kind of identification). Figure 33 OTPv2 Example ***** OTP PIN SafeWord 2008 Authentication Server File Server Email Server Web-based Application Here is no longer valid. Purchase the ZyWALL...
...SafeWord 2008 authentication server software, hardware OTPv2 tokens, and software OTPv2 tokens for Web Configurator, Web access, SSL VPN, and ZyXEL IPSec VPN client user logins. For each login a user must use his normal account user name and password (the second ...kind of identification). Figure 33 OTPv2 Example ***** OTP PIN SafeWord 2008 Authentication Server File Server Email Server Web-based Application Here is no longer valid. Purchase the ZyWALL...