User Guide
Page 30
... specific model. 1.2 SD-WAN Mode The ZyWALL VPN models (see table Table 2 on page 28) can be managed through Nebula Orchestrator using the Web Configurator or the Command-Line Interface (CLI). Table 4 UTM Feature List • Application Patrol (AP) • Anomaly Detection & Prevention (ADP) • Anti-Virus (AV) • Secure Socket Layer (SSL) encrypted traffic Inspection • Intrusion Detection & Prevention (IDP) • Content Filtering (CF) • Anti-Spam (AS) The following UTM features work without a UTM license: • Configuration > Content Filter > Trusted Web...
... specific model. 1.2 SD-WAN Mode The ZyWALL VPN models (see table Table 2 on page 28) can be managed through Nebula Orchestrator using the Web Configurator or the Command-Line Interface (CLI). Table 4 UTM Feature List • Application Patrol (AP) • Anomaly Detection & Prevention (ADP) • Anti-Virus (AV) • Secure Socket Layer (SSL) encrypted traffic Inspection • Intrusion Detection & Prevention (IDP) • Content Filtering (CF) • Anti-Spam (AS) The following UTM features work without a UTM license: • Configuration > Content Filter > Trusted Web...
User Guide
Page 42
... the space before the underscore). ZyWALL USG/VPN Series User's Guide 42 If you change the default password, the Login screen appears after -30-days every-time never Router(config)# service-register _setremind every-time Router(config)# See the Command Line Interface (CLI) Reference Guide (RG) for details on all supported commands. 7 Follow the directions in the Update Admin Info screen. otherwise the dashboard appears. If you click Ignore, the Installation Setup Wizard opens if the ZyWALL is using its default configuration;
... the space before the underscore). ZyWALL USG/VPN Series User's Guide 42 If you change the default password, the Login screen appears after -30-days every-time never Router(config)# service-register _setremind every-time Router(config)# See the Command Line Interface (CLI) Reference Guide (RG) for details on all supported commands. 7 Follow the directions in the Update Admin Info screen. otherwise the dashboard appears. If you click Ignore, the Installation Setup Wizard opens if the ZyWALL is using its default configuration;
User Guide
Page 53
... SSL web application or file sharing objects to apply to access a secured network behind the Zyxel Device via a VPN tunnel. Date/Time Configure the current date, time, and time zone in security policies. TELNET Configure telnet server settings for geographic address objects that can be used in the Zyxel Device. Service Service Create and manage TCP and UDP services. Method Authentication Method Create and manage ways of services to apply to -IP address mappings for the Zyxel Device. ISP Account ISP Account Create and manage ISP account information for the connected...
... SSL web application or file sharing objects to apply to access a secured network behind the Zyxel Device via a VPN tunnel. Date/Time Configure the current date, time, and time zone in security policies. TELNET Configure telnet server settings for geographic address objects that can be used in the Zyxel Device. Service Service Create and manage TCP and UDP services. Method Authentication Method Create and manage ways of services to apply to -IP address mappings for the Zyxel Device. ISP Account ISP Account Create and manage ISP account information for the connected...
User Guide
Page 171
... highest security. DH1 (default) refers to generate and verify a message authentication code. Chapter 5 Quick Setup Wizards 5.3.8 VPN Advanced Wizard - phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA (Security Association). Otherwise, enter the WAN IP address or domain name of the remote IPSec device (secure gateway) to use the same secret key, which can be used to Diffie-Hellman Group 5 a 1536 bit random number. • SA Life Time: Set...
... highest security. DH1 (default) refers to generate and verify a message authentication code. Chapter 5 Quick Setup Wizards 5.3.8 VPN Advanced Wizard - phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA (Security Association). Otherwise, enter the WAN IP address or domain name of the remote IPSec device (secure gateway) to use the same secret key, which can be used to Diffie-Hellman Group 5 a 1536 bit random number. • SA Life Time: Set...
User Guide
Page 199
... a specific status. Click the Disconnect icon to a DHCP server. Status This field displays the status of the Zyxel Device's secure services. ZyWALL USG/VPN Series User's Guide 199 This interface is currently assigned. For example, this field to get or to update the IP address for example Anti-Spam. Click Renew to send a new DHCP request to stop a PPPoE/PPTP connection. 6.2.8 Secured Service Status Screen This part shows what Unified Threat Management (UTM) services are...
... a specific status. Click the Disconnect icon to a DHCP server. Status This field displays the status of the Zyxel Device's secure services. ZyWALL USG/VPN Series User's Guide 199 This interface is currently assigned. For example, this field to get or to update the IP address for example Anti-Spam. Click Renew to send a new DHCP request to stop a PPPoE/PPTP connection. 6.2.8 Secured Service Status Screen This part shows what Unified Threat Management (UTM) services are...
User Guide
Page 254
... currently logged into the VPN SSL client. My Address This field displays the IP address of the "abc" at the end and the VPN connection or policy name would still match. Outbound (Bytes) This field displays the amount of traffic that has gone through the IPSec SA from the remote IPSec router to specify any type) of characters in the SA life time, before the Zyxel Device automatically...
... currently logged into the VPN SSL client. My Address This field displays the IP address of the "abc" at the end and the VPN connection or policy name would still match. Outbound (Bytes) This field displays the amount of traffic that has gone through the IPSec SA from the remote IPSec router to specify any type) of characters in the SA life time, before the Zyxel Device automatically...
User Guide
Page 275
... access myZyxel. ZyWALL USG/VPN Series User's Guide 275 Note: ZyWALL models need a license for UTM (Unified Threat Management) functionality - You can purchase an iCard and enter its service subscriptions. • Use the Registration screen (see Section 8.1.2 on page 275) to refresh Zyxel Device registration, go to open the screen as content filtering. • Use the Service screen (see Section 1.1 on page 276) to update. The Zyxel Device should already have a Zyxel Device use UTM services or use...
... access myZyxel. ZyWALL USG/VPN Series User's Guide 275 Note: ZyWALL models need a license for UTM (Unified Threat Management) functionality - You can purchase an iCard and enter its service subscriptions. • Use the Registration screen (see Section 8.1.2 on page 275) to refresh Zyxel Device registration, go to open the screen as content filtering. • Use the Service screen (see Section 1.1 on page 276) to update. The Zyxel Device should already have a Zyxel Device use UTM services or use...
User Guide
Page 312
... duplex mode. Apply Click Apply to save your changes back to its last-saved settings. 10.4 Port Group Note: See Section 1.1 on the port. When auto-negotiation is turned on, a port on the port. Table 110 Configuration > Network > Interface > Port Configuration LABEL DESCRIPTION Edit Select an entry, and click this feature, the Zyxel Device determines the connection speed by detecting the signal on the cable and using half duplex mode. You can set port grouping for the port. When the Zyxel Device's auto...
... duplex mode. Apply Click Apply to save your changes back to its last-saved settings. 10.4 Port Group Note: See Section 1.1 on the port. When auto-negotiation is turned on, a port on the port. Table 110 Configuration > Network > Interface > Port Configuration LABEL DESCRIPTION Edit Select an entry, and click this feature, the Zyxel Device determines the connection speed by detecting the signal on the cable and using half duplex mode. You can set port grouping for the port. When the Zyxel Device's auto...
User Guide
Page 331
.... enter a static IP address. DHCP Setting DHCP Select all if you want the check to 10.10.10.254, or 245 IP addresses. Enter the IP address of DHCP service the Zyxel Device provides to allocate. First DNS Server, Second DNS Server, Third DNS Server If this interface and the Zyxel Device works as the default router, select Custom Defined and enter the IP address. This default router will become the DHCP clients' default gateway. ZyWALL USG/VPN Series User's Guide 331 Select any DHCP services. Enter...
.... enter a static IP address. DHCP Setting DHCP Select all if you want the check to 10.10.10.254, or 245 IP addresses. Enter the IP address of DHCP service the Zyxel Device provides to allocate. First DNS Server, Second DNS Server, Third DNS Server If this interface and the Zyxel Device works as the default router, select Custom Defined and enter the IP address. This default router will become the DHCP clients' default gateway. ZyWALL USG/VPN Series User's Guide 331 Select any DHCP services. Enter...
User Guide
Page 346
... is still available. Check Period Check Timeout Check Fail Tolerance Check Default Gateway Select tcp to have the Zyxel Device regularly ping the gateway you specify to the network. ZyWALL USG/VPN Series User's Guide 346 Customized DUID If you want the DUID is a failure. Request Address Select this to get from the DHCP server. See Section 10.5.6 on the connection check. References Select an entry and click References to open a screen that determine...
... is still available. Check Period Check Timeout Check Fail Tolerance Check Default Gateway Select tcp to have the Zyxel Device regularly ping the gateway you specify to the network. ZyWALL USG/VPN Series User's Guide 346 Customized DUID If you want the DUID is a failure. Request Address Select this to get from the DHCP server. See Section 10.5.6 on the connection check. References Select an entry and click References to open a screen that determine...
User Guide
Page 374
... If this field is the DHCP server for the network. Custom Defined - First WINS Server, Second WINS Server Default Router Zyxel Device - the DHCP clients use another DHCP server for the OPT, LAN and DMZ interfaces. ZyWALL USG/VPN Series User's Guide 374 Choices are currently using. Select what type of IP addresses to allocate. the Zyxel Device routes DHCP requests to one and is blank, the Pool Size must be blank. This number must also be at least...
... If this field is the DHCP server for the network. Custom Defined - First WINS Server, Second WINS Server Default Router Zyxel Device - the DHCP clients use another DHCP server for the OPT, LAN and DMZ interfaces. ZyWALL USG/VPN Series User's Guide 374 Choices are currently using. Select what type of IP addresses to allocate. the Zyxel Device routes DHCP requests to one and is blank, the Pool Size must be blank. This number must also be at least...
User Guide
Page 383
... as security policy, IDP, remote management, anti-virus, and application patrol. Other corresponding configuration options: DHCP server and DHCP relay. Select the zone to which the Zyxel Device is connected or if you may use zones to the default WAN trunk. ZyWALL USG/VPN Series User's Guide 383 Clear this to disable this button to additionally manually configure some related settings. Interface Name Zone For general, the rest of the bridge interface. Table 131 Configuration > Network > Interface > Bridge > Add...
... as security policy, IDP, remote management, anti-virus, and application patrol. Other corresponding configuration options: DHCP server and DHCP relay. Select the zone to which the Zyxel Device is connected or if you may use zones to the default WAN trunk. ZyWALL USG/VPN Series User's Guide 383 Clear this to disable this button to additionally manually configure some related settings. Interface Name Zone For general, the rest of the bridge interface. Table 131 Configuration > Network > Interface > Bridge > Add...
User Guide
Page 394
... 802.3ad Mode. Clear this to disable this interface. Other corresponding configuration options: DHCP server and DHCP relay. Select the zone to which the Zyxel Device is connected or if you want to additionally manually configure some related settings. You can be up . The slaves must manually configure a policy route to add routing and SNAT settings for mii Link Monitoring. it can use zones to apply security settings such as follows: Link Monitoring • active-backup...
... 802.3ad Mode. Clear this to disable this interface. Other corresponding configuration options: DHCP server and DHCP relay. Select the zone to which the Zyxel Device is connected or if you want to additionally manually configure some related settings. You can be up . The slaves must manually configure a policy route to add routing and SNAT settings for mii Link Monitoring. it can use zones to apply security settings such as follows: Link Monitoring • active-backup...
User Guide
Page 453
... external destination ports this NAT rule supports. For LAN users, the Zyxel Device uses the LAN interface's IP address as FTP (see Object > Service > Service Group) This field is available if Mapping Type is Port. If you configure a NAT rule to forward traffic from the users to access the Internal IP device. Select to which translated destination IP address subnet or IP address range this NAT rule forwards packets. You might use the NAT rule's specified External IP address to the Internal IP device. Use the drop...
... external destination ports this NAT rule supports. For LAN users, the Zyxel Device uses the LAN interface's IP address as FTP (see Object > Service > Service Group) This field is available if Mapping Type is Port. If you configure a NAT rule to forward traffic from the users to access the Internal IP device. Select to which translated destination IP address subnet or IP address range this NAT rule forwards packets. You might use the NAT rule's specified External IP address to the Internal IP device. Use the drop...
User Guide
Page 616
... example, configure sales representatives' laptops, tablets, or smartphones to securely connect to manage the Zyxel Device's VPN gateways. A VPN gateway specifies the IPSec routers at either end of a VPN tunnel and the IKE SA settings (phase 1 settings). The second phase uses the IKE SA to securely establish an IPSec SA through which devices behind the Zyxel Device. ZyWALL USG/VPN Series User's Guide 616 Chapter 30 IPSec VPN L2TP VPN L2TP VPN uses the L2TP and IPSec client software included in remote users' Android, iOS, or Windows operating...
... example, configure sales representatives' laptops, tablets, or smartphones to securely connect to manage the Zyxel Device's VPN gateways. A VPN gateway specifies the IPSec routers at either end of a VPN tunnel and the IKE SA settings (phase 1 settings). The second phase uses the IKE SA to securely establish an IPSec SA through which devices behind the Zyxel Device. ZyWALL USG/VPN Series User's Guide 616 Chapter 30 IPSec VPN L2TP VPN L2TP VPN uses the L2TP and IPSec client software included in remote users' Android, iOS, or Windows operating...
User Guide
Page 626
... available. Perfect Forward Secrecy (PFS) The Zyxel Device and the remote IPSec router must be configured to respond to this VPN connection policy. disable PFS DH1 - The longer the key, the more processing power, resulting in the IPSec SA. Both routers must both have at least one proposal that uses the same authentication algorithm. Any security rules or settings configured for each IPSec SA. Select how the Zyxel Device checks the connection. The peer...
... available. Perfect Forward Secrecy (PFS) The Zyxel Device and the remote IPSec router must be configured to respond to this VPN connection policy. disable PFS DH1 - The longer the key, the more processing power, resulting in the IPSec SA. Both routers must both have at least one proposal that uses the same authentication algorithm. Any security rules or settings configured for each IPSec SA. Select how the Zyxel Device checks the connection. The peer...
User Guide
Page 802
... failures allowed before a failure of the highest-numbered copper Ethernet port on the active Zyxel Device (the heartbeat dedicated link port). Subnet Mask Password Retype to Confirm Heartbeat Interval Heartbeat Lost Tolerance Monitor Interface Failover Detection Enable Failover When Interface Failure (Option) Enable Failover When Device Service Fails (Option) Apply & switch to Device HA Pro Apply Reset Note: The active and passive Zyxel Device Management IP addresses must be prompted for the management IP addresses. ZyWALL USG/VPN Series User's Guide...
... failures allowed before a failure of the highest-numbered copper Ethernet port on the active Zyxel Device (the heartbeat dedicated link port). Subnet Mask Password Retype to Confirm Heartbeat Interval Heartbeat Lost Tolerance Monitor Interface Failover Detection Enable Failover When Interface Failure (Option) Enable Failover When Device Service Fails (Option) Apply & switch to Device HA Pro Apply Reset Note: The active and passive Zyxel Device Management IP addresses must be prompted for the management IP addresses. ZyWALL USG/VPN Series User's Guide...
User Guide
Page 959
... secure access by authenticating and encrypting data packets over the network. Server Port You may change the server port number for a service if needed, however you must match the version on the Zyxel Device must use that matches the IP address(es) in the Service Control table to access the Zyxel Device using this screen. Destination Type the IP address of at least 8 printable characters for remote management. The SNMP version on the SNMP manager. Set Community...
... secure access by authenticating and encrypting data packets over the network. Server Port You may change the server port number for a service if needed, however you must match the version on the Zyxel Device must use that matches the IP address(es) in the Service Control table to access the Zyxel Device using this screen. Destination Type the IP address of at least 8 printable characters for remote management. The SNMP version on the SNMP manager. Set Community...
User Guide
Page 1036
... power cord connected to the Zyxel Device and plugged in for about 5 seconds (or until the SYS LED starts to an appropriate power source. ZyWALL USG/VPN Series User's Guide 1036 The Zyxel Device should have a hardware problem. Connect your local vendor. I cannot access the Internet. • Check the Zyxel Device's connection to check it . Make sure your computer or switch. • Ping the Zyxel Device from the LAN. • Check the cable connection between the Zyxel Device and your computer's Ethernet card is installed...
... power cord connected to the Zyxel Device and plugged in for about 5 seconds (or until the SYS LED starts to an appropriate power source. ZyWALL USG/VPN Series User's Guide 1036 The Zyxel Device should have a hardware problem. Connect your local vendor. I cannot access the Internet. • Check the Zyxel Device's connection to check it . Make sure your computer or switch. • Ping the Zyxel Device from the LAN. • Check the cable connection between the Zyxel Device and your computer's Ethernet card is installed...
User Guide
Page 1097
... connection resets 1042 content filter 1037 DDNS 1042 device access 1036 ext-user 1045 firmware package 1044 firmware upload 1047 FTP 1042 H.323 1042 HTTP redirect 1042 IDP 1037, 1041 IDP signatures update 1037 interface 1038 Internet access 1036, 1045 IPSec VPN 1043 LEDs 1036 logo 1047 logs 1047 management access 1046 packet capture 1048 performance 1039, 1040, 1041 policy route 1037, 1045 PPP 1038 RADIUS server 1045 routing 1041 schedules 1046 security policy 1037 security settings...
... connection resets 1042 content filter 1037 DDNS 1042 device access 1036 ext-user 1045 firmware package 1044 firmware upload 1047 FTP 1042 H.323 1042 HTTP redirect 1042 IDP 1037, 1041 IDP signatures update 1037 interface 1038 Internet access 1036, 1045 IPSec VPN 1043 LEDs 1036 logo 1047 logs 1047 management access 1046 packet capture 1048 performance 1039, 1040, 1041 policy route 1037, 1045 PPP 1038 RADIUS server 1045 routing 1041 schedules 1046 security policy 1037 security settings...