User Guide
Page 3
Warnings tell you about things that screen. Zyxel Device Generic Router Wireless Router / Access Point Switch Internet Firewall Server Network Cloud Smartphone USB Dongle ZyWALL USG/VPN Series User's Guide 3 Icons Used in Figures Figures in bold font. • A right angle bracket ( > ) within a screen name denotes a mouse click. Syntax Conventions ...
Warnings tell you about things that screen. Zyxel Device Generic Router Wireless Router / Access Point Switch Internet Firewall Server Network Cloud Smartphone USB Dongle ZyWALL USG/VPN Series User's Guide 3 Icons Used in Figures Figures in bold font. • A right angle bracket ( > ) within a screen name denotes a mouse click. Syntax Conventions ...
User Guide
Page 35
... some Zyxel Device application scenarios. All models need a license to renew your license(s). Figure 1 myZyxel Login Chapter 1 Introduction 1.3.1 Grace Period UTM licenses have a 15-day grace period after a license expires. Figure 2 Applications: Security Router Applications: Security Router ZyWALL USG/VPN Series User's Guide 35 Security Router Security includes a Stateful Packet Inspection (SPI) firewall...
... some Zyxel Device application scenarios. All models need a license to renew your license(s). Figure 1 myZyxel Login Chapter 1 Introduction 1.3.1 Grace Period UTM licenses have a 15-day grace period after a license expires. Figure 2 Applications: Security Router Applications: Security Router ZyWALL USG/VPN Series User's Guide 35 Security Router Security includes a Stateful Packet Inspection (SPI) firewall...
User Guide
Page 94
... Mode Figure 73 Easy Mode Dashboard The Easy Mode dashboard contains the following. • System information, such as firmware version, the length of time the Zyxel Device has been on in order for the service to be prompted to create a secure policy when a service is licensed and you turn it on... and a button to test the connection. • VPN tunnel information and a button to monitor and create VPN tunnels. • Security information such as if the firewall is enabled and if supported security services are licensed. You will be used. • Network Client...
... Mode Figure 73 Easy Mode Dashboard The Easy Mode dashboard contains the following. • System information, such as firmware version, the length of time the Zyxel Device has been on in order for the service to be prompted to create a secure policy when a service is licensed and you turn it on... and a button to test the connection. • VPN tunnel information and a button to monitor and create VPN tunnels. • Security information such as if the firewall is enabled and if supported security services are licensed. You will be used. • Network Client...
User Guide
Page 114
...VPN A VPN is unclear. What is not a firewall blocking VPN traffic in front of the Zyxel Devices. • Select IPSec VPN Settings for one should be a VPN gateway like the Zyxel Device itself or a computer with each other . ZyWALL USG/VPN Series User's Guide 114 Two networks (...sites) behind the other . See the client VPN software's help if anything is a secure, private connection between a Zyxel Device and a computer with each other...
...VPN A VPN is unclear. What is not a firewall blocking VPN traffic in front of the Zyxel Devices. • Select IPSec VPN Settings for one should be a VPN gateway like the Zyxel Device itself or a computer with each other . ZyWALL USG/VPN Series User's Guide 114 Two networks (...sites) behind the other . See the client VPN software's help if anything is a secure, private connection between a Zyxel Device and a computer with each other...
User Guide
Page 302
... > RTLS LABEL DESCRIPTION Enable Select this screen to allow RTLS traffic if the Zyxel Device security policy control is enabled or the Ekahau RTLS Controller is behind a firewall. Reset Click Reset to return the screen to the Zyxel Device. ZyWALL USG/VPN Series User's Guide 302 Table 105 RTLS Traffic Port Numbers PORT NUMBER... Ekahau Wi-Fi tags. Server Port Specify the server port number of the Ekahau RTLS Controller. For example, if the Ekahau RTLS Controller is behind a firewall, open this screen.
... > RTLS LABEL DESCRIPTION Enable Select this screen to allow RTLS traffic if the Zyxel Device security policy control is enabled or the Ekahau RTLS Controller is behind a firewall. Reset Click Reset to return the screen to the Zyxel Device. ZyWALL USG/VPN Series User's Guide 302 Table 105 RTLS Traffic Port Numbers PORT NUMBER... Ekahau Wi-Fi tags. Server Port Specify the server port number of the Ekahau RTLS Controller. For example, if the Ekahau RTLS Controller is behind a firewall, open this screen.
User Guide
Page 414
.... It uses the following ports: UDP 500, Protocol 50, UDP 1701 and UDP 4500. When security is a priority, L2TP is used to make sure that firewalls support both PPTP sessions. It sets up virtual private networks (VPN) in unsecured TCP/IP environments. PPTP is convenient and easy-to-use, but you... have to set up. ZyWALL USG/VPN Series User's Guide 414 Chapter 10 Interfaces PPTP is used to start and manage the second one. 2 The second one runs on TCP...
.... It uses the following ports: UDP 500, Protocol 50, UDP 1701 and UDP 4500. When security is a priority, L2TP is used to make sure that firewalls support both PPTP sessions. It sets up virtual private networks (VPN) in unsecured TCP/IP environments. PPTP is convenient and easy-to-use, but you... have to set up. ZyWALL USG/VPN Series User's Guide 414 Chapter 10 Interfaces PPTP is used to start and manage the second one. 2 The second one runs on TCP...
User Guide
Page 458
...policy route to forward HTTP traffic from lan1 to dmz. E-mail clients also generally use mail server protocols such as a HTTP redirect rule, the Zyxel Device checks the HTTP redirect rules first and forwards HTTP traffic to a proxy server if matched. Chapter 14 Redirect Service Even if you set ...sending messages while the newer POP3 can be the same server). You also need to proxy server A. ZyWALL USG/VPN Series User's Guide 458 SMTP Simple Mail Transfer Protocol (SMTP) is : 1 Firewall 2 SMTP Redirect 3 Policy Route Even if you to the SMTP server. The older POP2 requires ...
...policy route to forward HTTP traffic from lan1 to dmz. E-mail clients also generally use mail server protocols such as a HTTP redirect rule, the Zyxel Device checks the HTTP redirect rules first and forwards HTTP traffic to a proxy server if matched. Chapter 14 Redirect Service Even if you set ...sending messages while the newer POP3 can be the same server). You also need to proxy server A. ZyWALL USG/VPN Series User's Guide 458 SMTP Simple Mail Transfer Protocol (SMTP) is : 1 Firewall 2 SMTP Redirect 3 Policy Route Even if you to the SMTP server. The older POP2 requires ...
User Guide
Page 459
... LAN1 to LAN2 firewall rule to allow SMTP messages from lan1 to SMTP server A. Remove To remove an entry, select it before doing so. The Zyxel Device confirms you can configure up to one HTTP redirect rule and one SMTP redirect rule for each (incoming) interface. ZyWALL USG/VPN Series ...forward SMTP messages from lan1 to lan2. Chapter 14 Redirect Service For SMTP traffic between lan2 and wan1: • a from LAN2 to WAN firewall rule (default) to allow SMTP messages from SMTP server A to the Internet. 14.2 The Redirect Service Screen To configure redirection of the redirect ...
... LAN1 to LAN2 firewall rule to allow SMTP messages from lan1 to SMTP server A. Remove To remove an entry, select it before doing so. The Zyxel Device confirms you can configure up to one HTTP redirect rule and one SMTP redirect rule for each (incoming) interface. ZyWALL USG/VPN Series ...forward SMTP messages from lan1 to lan2. Chapter 14 Redirect Service For SMTP traffic between lan2 and wan1: • a from LAN2 to WAN firewall rule (default) to allow SMTP messages from SMTP server A to the Internet. 14.2 The Redirect Service Screen To configure redirection of the redirect ...
User Guide
Page 471
... enter the password to bypass the security policy. Select this check box to move it . Select through Firewall Outgoing WAN Interface Support LAN List Select this check box to allow computers outside the private network to contact...the Member list. Make sure the computer is installed in a private network (behind the Zyxel Device) to automatically configure the Zyxel Device to allow traffic from UPnP-enabled or NAT-PMP-enabled applications to access the web...for example, MSN packets). UPnP server is connected to the Zyxel Device. ZyWALL USG/VPN Series User's Guide 471
... enter the password to bypass the security policy. Select this check box to move it . Select through Firewall Outgoing WAN Interface Support LAN List Select this check box to allow computers outside the private network to contact...the Member list. Make sure the computer is installed in a private network (behind the Zyxel Device) to automatically configure the Zyxel Device to allow traffic from UPnP-enabled or NAT-PMP-enabled applications to access the web...for example, MSN packets). UPnP server is connected to the Zyxel Device. ZyWALL USG/VPN Series User's Guide 471
User Guide
Page 687
... B gets almost no effect on how much of available bandwidth and a higher priority. So server A gets its configured rate of rules used by firewalls, to it's configured rate (800 kbps), leaving only 200 kbps for a total of 200 kbps. The priority has no bandwidth with this configuration....Bandwidth Effect Server A has a configured rate that equals the total amount of the unused bandwidth each server gets. ZyWALL USG/VPN Series User's Guide 687 Even though the Zyxel Device still attempts to let all traffic get through and not be lost, regardless of its configured rate of ...
... B gets almost no effect on how much of available bandwidth and a higher priority. So server A gets its configured rate of rules used by firewalls, to it's configured rate (800 kbps), leaving only 200 kbps for a total of 200 kbps. The priority has no bandwidth with this configuration....Bandwidth Effect Server A has a configured rate that equals the total amount of the unused bandwidth each server gets. ZyWALL USG/VPN Series User's Guide 687 Even though the Zyxel Device still attempts to let all traffic get through and not be lost, regardless of its configured rate of ...
User Guide
Page 992
... (not enabled by default, unlike other services) ip telnet server # open WAN-to-ZyWALL firewall for TW_TEAM for remote management / to-ZyWALL firewall rules # use "exit" or a command line consisting of a single "!" ZyWALL USG/VPN Series User's Guide 992 If you remove the first command, you run the... example as a configuration file because the rest of a command line to make the Zyxel Device exit sub ...
... (not enabled by default, unlike other services) ip telnet server # open WAN-to-ZyWALL firewall for TW_TEAM for remote management / to-ZyWALL firewall rules # use "exit" or a command line consisting of a single "!" ZyWALL USG/VPN Series User's Guide 992 If you remove the first command, you run the... example as a configuration file because the rest of a command line to make the Zyxel Device exit sub ...
User Guide
Page 1059
... 256 256 256 32 32 32 32 32 32 32 32 32 32 32 16 16 16 16 16 16 16 16 16 16 16 ZyWALL USG/VPN Series User's Guide 1059 ADP Rule Number Application Patrol Max. Address Object in Each Orofile (object + object group) User Profile Max. ...Version Model Name 4.35 USG40 # of MAC Addresses Interface VLAN Virtual(alias) per Host Rules ADP Max. Virtual Server Number Firewall (Secure policy) Max Firewall ACL Rule Number = Secure Policy Number Max Session Limit per interface PPP (System Default) PPP (User Created) Bridge Tunnel (GRE/IPv6 Transition) Routing...
... 256 256 256 32 32 32 32 32 32 32 32 32 32 32 16 16 16 16 16 16 16 16 16 16 16 ZyWALL USG/VPN Series User's Guide 1059 ADP Rule Number Application Patrol Max. Address Object in Each Orofile (object + object group) User Profile Max. ...Version Model Name 4.35 USG40 # of MAC Addresses Interface VLAN Virtual(alias) per Host Rules ADP Max. Virtual Server Number Firewall (Secure policy) Max Firewall ACL Rule Number = Secure Policy Number Max Session Limit per interface PPP (System Default) PPP (User Created) Bridge Tunnel (GRE/IPv6 Transition) Routing...
User Guide
Page 1062
...500 Service Group 300 Max. Zone Number (System 8 Default) Max. Zone Number (User 32 Defined) Trunk Max. Virtual Server Number 1024 Firewall (Secure Policy) Max Firewall ACL Rule Number = Secure Policy Number Max Session Limit per Host Rules 10000 1000 ADP Max. ADP Rule Number 32 Application Patrol Max.... 16 9 16 2,000 400 256 1,000 200 256 32 16 24 1,000 200 256 32(PPP+3G) 16 16 16 9 32 1 1 1 ZyWALL USG/VPN Series User's Guide 1062 BGP Neighbor 5 BGP Max. Appendix C Product Features Policy Route 4000 Reserved Sessions For 500 Managed Devices Max OSPF areas...
...500 Service Group 300 Max. Zone Number (System 8 Default) Max. Zone Number (User 32 Defined) Trunk Max. Virtual Server Number 1024 Firewall (Secure Policy) Max Firewall ACL Rule Number = Secure Policy Number Max Session Limit per Host Rules 10000 1000 ADP Max. ADP Rule Number 32 Application Patrol Max.... 16 9 16 2,000 400 256 1,000 200 256 32 16 24 1,000 200 256 32(PPP+3G) 16 16 16 9 32 1 1 1 ZyWALL USG/VPN Series User's Guide 1062 BGP Neighbor 5 BGP Max. Appendix C Product Features Policy Route 4000 Reserved Sessions For 500 Managed Devices Max OSPF areas...
User Guide
Page 1085
...) 754 file extensions configuration files 991 shell scripts 991 file infector 758 file manager 991 file sharing SSL application create 909 Firefox 40 firewall and SMTP redirect 458 firmware and restart 997 current version 193, 1001 getting updated 997 uploading 1000 uploading with FTP 955 firmware package ... free guest account 561 free time 561 configuration 561 G Generic Routing Encapsulation, see HTTPS redirect to HTTPS 935 vs HTTPS 932 HTTP redirect ZyWALL USG/VPN Series User's Guide 1085 global SSL setting 655 user portal logo 656 Grace Period 35 GRE 414 GSM 353 Guide CLI Reference ...
...) 754 file extensions configuration files 991 shell scripts 991 file infector 758 file manager 991 file sharing SSL application create 909 Firefox 40 firewall and SMTP redirect 458 firmware and restart 997 current version 193, 1001 getting updated 997 uploading 1000 uploading with FTP 955 firmware package ... free guest account 561 free time 561 configuration 561 G Generic Routing Encapsulation, see HTTPS redirect to HTTPS 935 vs HTTPS 932 HTTP redirect ZyWALL USG/VPN Series User's Guide 1085 global SSL setting 655 user portal logo 656 Grace Period 35 GRE 414 GSM 353 Guide CLI Reference ...
User Guide
Page 1094
... routes 584, 587 troubleshooting 1037 security settings troubleshooting 1037 Security Threat web pages 711 sensitivity level 595 serial number 193 service control 931 and to-ZyWALL security policy 931 and users 932 limitations 931 timeouts 932 service groups 860 and security policy 589 in IDP 732 service objects 859 and IP... inactivity timeout 466 signaling port 466 troubleshooting 1042 SMS 965 send account information 965 ViaNett account 965 SMS gateway 965 SMTP 761 SMTP redirect and firewall 458 and policy routes 458 packet flow 458 ZyWALL USG/VPN Series User's Guide 1094
... routes 584, 587 troubleshooting 1037 security settings troubleshooting 1037 Security Threat web pages 711 sensitivity level 595 serial number 193 service control 931 and to-ZyWALL security policy 931 and users 932 limitations 931 timeouts 932 service groups 860 and security policy 589 in IDP 732 service objects 859 and IP... inactivity timeout 466 signaling port 466 troubleshooting 1042 SMS 965 send account information 965 ViaNett account 965 SMS gateway 965 SMTP 761 SMTP redirect and firewall 458 and policy routes 458 packet flow 458 ZyWALL USG/VPN Series User's Guide 1094