User Guide
Page 34
If you change the default password, the Login screen appears after -30-days every-time never Router(config)# service-register _setremind every-time Router(config)# See the Command Line Interface (CLI) Reference Guide (RG) for details on all supported commands. 7 Follow the directions in the Update Admin Info screen. main window ZyWALL USG FLEX Series User's Guide 34 Chapter 1 Introduction If you select Never and you click Apply. If you click Ignore, the Installation Setup Wizard opens if the ZyWALL...
If you change the default password, the Login screen appears after -30-days every-time never Router(config)# service-register _setremind every-time Router(config)# See the Command Line Interface (CLI) Reference Guide (RG) for details on all supported commands. 7 Follow the directions in the Update Admin Info screen. main window ZyWALL USG FLEX Series User's Guide 34 Chapter 1 Introduction If you select Never and you click Apply. If you click Ignore, the Installation Setup Wizard opens if the ZyWALL...
User Guide
Page 75
... Zyxel Device Always use "the WAN interface" rather than the specific name used in your model. ZyWALL USG FLEX Series User's Guide 75 Chapter 3 Hardware, Interfaces and Zones 3.3 Default Zones, Interfaces, and Ports The default configurations for each model at the time of writing. Table 16 Default Physical Port - Table 17 Default Zone - Interface Mapping ZONE / INTERFACE SFP WAN • USG FLEX 100 sfp_ppp WAN1_PPP LAN1 LAN1 LAN2 LAN2 DMZ DMZ OPT opt_ppp Table 18 Default Zone - For example, this guide may be configured as follows. The following table...
... Zyxel Device Always use "the WAN interface" rather than the specific name used in your model. ZyWALL USG FLEX Series User's Guide 75 Chapter 3 Hardware, Interfaces and Zones 3.3 Default Zones, Interfaces, and Ports The default configurations for each model at the time of writing. Table 16 Default Physical Port - Table 17 Default Zone - Interface Mapping ZONE / INTERFACE SFP WAN • USG FLEX 100 sfp_ppp WAN1_PPP LAN1 LAN1 LAN2 LAN2 DMZ DMZ OPT opt_ppp Table 18 Default Zone - For example, this guide may be configured as follows. The following table...
User Guide
Page 87
ZyWALL USG FLEX Series User's Guide 87 You can initiate the VPN connection. • Pre-Shared Key: VPN tunnel password. See the commands reference guide for details on the network behind your Zyxel Device that can initiate the VPN connection. • Copy and paste the Configuration for Secure Gateway commands into another ZLD-based Zyxel Device's command line interface to configure it to serve as a shell script file with a ".zysh" filename extension. If this VPN tunnel. It identifies a communicating party during a phase 1 IKE...
ZyWALL USG FLEX Series User's Guide 87 You can initiate the VPN connection. • Pre-Shared Key: VPN tunnel password. See the commands reference guide for details on the network behind your Zyxel Device that can initiate the VPN connection. • Copy and paste the Configuration for Secure Gateway commands into another ZLD-based Zyxel Device's command line interface to configure it to serve as a shell script file with a ".zysh" filename extension. If this VPN tunnel. It identifies a communicating party during a phase 1 IKE...
User Guide
Page 149
..., and it is enabled. Offline for Firmware Update) • Offline for Firmware Update: APs that were rebooted before updating firmware • Un-Mgmt: APs that are not managed by the Zyxel Device This field displays the AP's description, which you can configure by default. This field displays the MAC address of the AP. Click Apply to save your changes back to disable the AP's LED suppression mode. Select an AP...
..., and it is enabled. Offline for Firmware Update) • Offline for Firmware Update: APs that were rebooted before updating firmware • Un-Mgmt: APs that are not managed by the Zyxel Device This field displays the AP's description, which you can configure by default. This field displays the MAC address of the AP. Click Apply to save your changes back to disable the AP's LED suppression mode. Select an AP...
User Guide
Page 196
.... Reboot device Remove the selected rule Select one or multiple APs and click this button to force the AP(s) to remove the AP(s) from the manged AP list. Select an AP and click this button to restart. Chapter 8 Wireless Table 81 Configuration > Wireless > AP Management > Mgnt. This field is not available if the selected AP doesn't support suppression mode. Reset Enable Column Freeze Edit the selected rule Add to use...
.... Reboot device Remove the selected rule Select one or multiple APs and click this button to force the AP(s) to remove the AP(s) from the manged AP list. Select an AP and click this button to restart. Chapter 8 Wireless Table 81 Configuration > Wireless > AP Management > Mgnt. This field is not available if the selected AP doesn't support suppression mode. Reset Enable Column Freeze Edit the selected rule Add to use...
User Guide
Page 237
... DHCP services. ZyWALL USG FLEX Series User's Guide 237 The Zyxel Device resumes routing to the network. Enter the number of consecutive failures before the Zyxel Device stops routing to the network. Select what type of the domain names or IP addresses responds. Select the method that domain name or IP address on another DHCP server for the network. the Zyxel Device routes DHCP requests to one or more DHCP servers you specified to the gateway you specify. Enable Connectivity Check Check...
... DHCP services. ZyWALL USG FLEX Series User's Guide 237 The Zyxel Device resumes routing to the network. Enter the number of consecutive failures before the Zyxel Device stops routing to the network. Select what type of the domain names or IP addresses responds. Select the method that domain name or IP address on another DHCP server for the network. the Zyxel Device routes DHCP requests to one or more DHCP servers you specified to the gateway you specify. Enable Connectivity Check Check...
User Guide
Page 252
..., the Zyxel Device can receive from the interface's default MAC address. The Zyxel Device resumes routing to get from this table. Enable Connectivity Check Select this table. Enter the number of the object. Enter the number of each data packet, in this to turn on the connection check. Remove Select an entry and click this to delete it from the DHCPv6 server. See Section 9.4.4 on page 245 for more information. Type the maximum...
..., the Zyxel Device can receive from the interface's default MAC address. The Zyxel Device resumes routing to get from this table. Enable Connectivity Check Select this table. Enter the number of the object. Enter the number of each data packet, in this to turn on the connection check. Remove Select an entry and click this to delete it from the DHCPv6 server. See Section 9.4.4 on page 245 for more information. Type the maximum...
User Guide
Page 279
... more DHCP servers you specify two domain names or IP addresses for the network. The DHCP server(s) may be blank. Enter the IP address of another network. If this to specify a domain name or IP address for the OPT, LAN and DMZ interfaces. ZyWALL USG FLEX Series User's Guide 279 Chapter 9 Interfaces Table 111 Configuration > Network > Interface > VLAN > Add / Edit (continued) LABEL DESCRIPTION Connectivity Check Enable Connectivity Check Check Method The Zyxel Device can assign every IP address allowed by the interface's IP address and...
... more DHCP servers you specify two domain names or IP addresses for the network. The DHCP server(s) may be blank. Enter the IP address of another network. If this to specify a domain name or IP address for the OPT, LAN and DMZ interfaces. ZyWALL USG FLEX Series User's Guide 279 Chapter 9 Interfaces Table 111 Configuration > Network > Interface > VLAN > Add / Edit (continued) LABEL DESCRIPTION Connectivity Check Enable Connectivity Check Check Method The Zyxel Device can assign every IP address allowed by the interface's IP address and...
User Guide
Page 288
... Zyxel Device automatically adds default SNAT settings for traffic flowing from this screen. For example, br0, br3, and so on the type of configuration fields. Select the zone to which the Zyxel Device is connected or if you want to additionally manually configure some related settings. You use zones to add routing and SNAT settings for connecting to an external network (like the Internet). Spaces are editing the interface. Click this button to create...
... Zyxel Device automatically adds default SNAT settings for traffic flowing from this screen. For example, br0, br3, and so on the type of configuration fields. Select the zone to which the Zyxel Device is connected or if you want to additionally manually configure some related settings. You use zones to add routing and SNAT settings for connecting to an external network (like the Internet). Spaces are editing the interface. Click this button to create...
User Guide
Page 293
... the network. Type the maximum size of a DHCP server for future use another IP address as the default router. Allowed values are currently using. Enter the IP address of each data packet, in kilobits per second, the Zyxel Device can allocate 10.10.10.10 to DHCP Server, you set this interface and the Zyxel Device works as the default router, select Custom Defined and enter the IP address. There is optional. ZyWALL USG FLEX Series User's Guide...
... the network. Type the maximum size of a DHCP server for future use another IP address as the default router. Allowed values are currently using. Enter the IP address of each data packet, in kilobits per second, the Zyxel Device can allocate 10.10.10.10 to DHCP Server, you set this interface and the Zyxel Device works as the default router, select Custom Defined and enter the IP address. There is optional. ZyWALL USG FLEX Series User's Guide...
User Guide
Page 351
... example, if you configure a NAT rule to forward traffic from the WAN to a LAN server, enabling NAT loopback allows users connected to other security policies, according to the source IP address and mapped IP address. This field is available if Mapping Type is Ports. This field is available if Mapping Type is Ports. For users connected to the same interface as the Internal IP device, the Zyxel Device uses that is Port or Ports. The Zyxel Device still checks other interfaces to also access the server. Port - Service...
... example, if you configure a NAT rule to forward traffic from the WAN to a LAN server, enabling NAT loopback allows users connected to other security policies, according to the source IP address and mapped IP address. This field is available if Mapping Type is Ports. This field is available if Mapping Type is Ports. For users connected to the same interface as the Internal IP device, the Zyxel Device uses that is Port or Ports. The Zyxel Device still checks other interfaces to also access the server. Port - Service...
User Guide
Page 376
Chapter 15 UPnP Make sure your computer is connected to manually add port mappings. Figure 259 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to the LAN port of the Zyxel Device. 1 Open File Explorer and click Network. 2 Right-click the Zyxel Device icon and select Properties. Figure 258 Network Connections 3 In the Internet Connection Properties window, click Settings to see port mappings. ZyWALL USG FLEX Series User's Guide 376
Chapter 15 UPnP Make sure your computer is connected to manually add port mappings. Figure 259 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to the LAN port of the Zyxel Device. 1 Open File Explorer and click Network. 2 Right-click the Zyxel Device icon and select Properties. Figure 258 Network Connections 3 In the Internet Connection Properties window, click Settings to see port mappings. ZyWALL USG FLEX Series User's Guide 376
User Guide
Page 397
... an IPSec VPN tunnel to remote (peer) Zyxel Device Y to -site lines. The authentication can also combine multiple IPSec VPN connections into one single bidirectional ISAKMP Security Association (SA). IPSec VPN consists of standardized cryptographic techniques to encrypt IKE communications. It is used in one secure network. Figure 283 IPSec VPN Example Internet Key Exchange (IKE): IKEv1 and IKEv2 The Zyxel Device supports IKEv1 and IKEv2 for secure data communications across a public network. IPSec VPN Internet Protocol Security (IPSec) VPN connects IPSec routers or remote users...
... an IPSec VPN tunnel to remote (peer) Zyxel Device Y to -site lines. The authentication can also combine multiple IPSec VPN connections into one single bidirectional ISAKMP Security Association (SA). IPSec VPN consists of standardized cryptographic techniques to encrypt IKE communications. It is used in one secure network. Figure 283 IPSec VPN Example Internet Key Exchange (IKE): IKEv1 and IKEv2 The Zyxel Device supports IKEv1 and IKEv2 for secure data communications across a public network. IPSec VPN Internet Protocol Security (IPSec) VPN connects IPSec routers or remote users...
User Guide
Page 409
... 19 IPSec VPN Table 161 Configuration > VPN > IPSec VPN > VPN Connection > Add/Edit (continued) LABEL DESCRIPTION Encryption This field is applicable when the Active Protocol is also slower. SHA is generally considered stronger than MD5, but require more secure, but it is ignored in increased latency and decreased throughput. Perfect Forward Secrecy (PFS) The Zyxel Device and the remote IPSec router must use a 1536-bit random number DH14 - ZyWALL USG FLEX Series User's Guide 409...
... 19 IPSec VPN Table 161 Configuration > VPN > IPSec VPN > VPN Connection > Add/Edit (continued) LABEL DESCRIPTION Encryption This field is applicable when the Active Protocol is also slower. SHA is generally considered stronger than MD5, but require more secure, but it is ignored in increased latency and decreased throughput. Perfect Forward Secrecy (PFS) The Zyxel Device and the remote IPSec router must use a 1536-bit random number DH14 - ZyWALL USG FLEX Series User's Guide 409...
User Guide
Page 467
... Zyxel Device enable the SSO feature. Click OK to save your changes back to create the user accounts instead. 1 Click Configuration > Object > User/Group > User. In this example the users are authenticated by an external (RADIUS) authentication server. Then, set up this feature in the SSO screen. This example uses the Web Configurator. Users need to a default or user-defined login page. This field is available for users when their traffic matches this policy. ZyWALL USG FLEX...
... Zyxel Device enable the SSO feature. Click OK to save your changes back to create the user accounts instead. 1 Click Configuration > Object > User/Group > User. In this example the users are authenticated by an external (RADIUS) authentication server. Then, set up this feature in the SSO screen. This example uses the Web Configurator. Users need to a default or user-defined login page. This field is available for users when their traffic matches this policy. ZyWALL USG FLEX...
User Guide
Page 665
... at Zyxel Device configuration (web, CLI) Access Users user Perform basic diagnostics (CLI) Access network services guest ext-user Browse user-mode commands (CLI) Access network services External user account LOGIN METHOD(S) WWW, TELNET, SSH, FTP, Console WWW, TELNET, SSH, Console WWW, TELNET, SSH WWW WWW ZyWALL USG FLEX Series User's Guide 665 In addition, this screen. Chapter 39 Object Table 271 Configuration > Object > Zone > Add/Edit (continued) LABEL DESCRIPTION OK Click OK to save your customized settings and exit this screen allows you to configure the MAC addresses or...
... at Zyxel Device configuration (web, CLI) Access Users user Perform basic diagnostics (CLI) Access network services guest ext-user Browse user-mode commands (CLI) Access network services External user account LOGIN METHOD(S) WWW, TELNET, SSH, FTP, Console WWW, TELNET, SSH, Console WWW, TELNET, SSH WWW WWW ZyWALL USG FLEX Series User's Guide 665 In addition, this screen. Chapter 39 Object Table 271 Configuration > Object > Zone > Add/Edit (continued) LABEL DESCRIPTION OK Click OK to save your customized settings and exit this screen allows you to configure the MAC addresses or...
User Guide
Page 690
... higher priority traffic. Balance Ratio This field is not available when you selected the Tunnel forwarding mode, select a VLAN interface. Select this one. All the wireless station's traffic goes through it . Access categories minimize the delay of data packets. This is recommended if an SSID is tagged as surfing the Internet. ZyWALL USG FLEX Series User's Guide 690 The Zyxel Device assigns access categories to the SSID is used to...
... higher priority traffic. Balance Ratio This field is not available when you selected the Tunnel forwarding mode, select a VLAN interface. Select this one. All the wireless station's traffic goes through it . Access categories minimize the delay of data packets. This is recommended if an SSID is tagged as surfing the Internet. ZyWALL USG FLEX Series User's Guide 690 The Zyxel Device assigns access categories to the SSID is used to...
User Guide
Page 801
To change it, the new port number should be able to modify the entry's settings. It is the index number of the service control rule. To apply other configured rule. method screen. HSTS (HTTP Strict Transport Security) may require multiple connections to different sites to get the pictures on the Zyxel Device the user is redirected to a local web server to display the blocking message. For example, you typed. ZyWALL USG FLEX Series User's Guide 801...
To change it, the new port number should be able to modify the entry's settings. It is the index number of the service control rule. To apply other configured rule. method screen. HSTS (HTTP Strict Transport Security) may require multiple connections to different sites to get the pictures on the Zyxel Device the user is redirected to a local web server to display the blocking message. For example, you typed. ZyWALL USG FLEX Series User's Guide 801...
User Guide
Page 897
... your computer to the CONSOLE port using a console cable. Connect your computer's Ethernet card is installed and functioning properly. Make sure the Internet gateway device (such as a DSL modem) is the default) and then press [ENTER]. Use the installation setup wizard again and make sure that you have a terminal emulation communications program (such as provided by the Zyxel Device's LAN IP address (192.168.1.1 is working properly. • Check the WAN interface's status in the same...
... your computer to the CONSOLE port using a console cable. Connect your computer's Ethernet card is installed and functioning properly. Make sure the Internet gateway device (such as a DSL modem) is the default) and then press [ENTER]. Use the installation setup wizard again and make sure that you have a terminal emulation communications program (such as provided by the Zyxel Device's LAN IP address (192.168.1.1 is working properly. • Check the WAN interface's status in the same...
User Guide
Page 918
...,000 12,000 1024 2000 1000 32 32 128 5 32 128 200 300 (Extend by license) 512 1000 200 128 1000 200 128 32 16 24 1000 Admin User Max. TCP Concurrent Sessions (Forwarding, NAT/Firewall) 300,000 Session Rate NAT Max. ADP Rule Number User Profile Max. VERSION MODEL NAME # Of MAC Interface VLAN Virtual (Alias) PPP (System Default) PPP (User Created) Bridge Tunnel (GRE/IPv6 Transition) Routing Static Route Policy Route Reserved Sessions For Managed Devices Max OSPF Areas...
...,000 12,000 1024 2000 1000 32 32 128 5 32 128 200 300 (Extend by license) 512 1000 200 128 1000 200 128 32 16 24 1000 Admin User Max. TCP Concurrent Sessions (Forwarding, NAT/Firewall) 300,000 Session Rate NAT Max. ADP Rule Number User Profile Max. VERSION MODEL NAME # Of MAC Interface VLAN Virtual (Alias) PPP (System Default) PPP (User Created) Bridge Tunnel (GRE/IPv6 Transition) Routing Static Route Policy Route Reserved Sessions For Managed Devices Max OSPF Areas...