IMPORTANT!
READ CAREFULLY BEFORE USE.
KEEP THIS GUIDE FOR FUTURE REFERENCE.
Related Documentation
support.zyxel.com
Document Conventions
Warnings and Notes
Warnings tell you about things that could harm you or your device.
Syntax Conventions
bold
Configuration >
Network > Interface > Ethernet Configuration
Network Interface Ethernet
Icons Used in Figures
Contents Overview
Table of Contents
Document Conventions ......................................................................................................................3
Contents Overview .............................................................................................................................4
Table of Contents .................................................................................................................................5
Part I: User’s Guide.......................................................................................... 22
Chapter 1
Introduction ........................................................................................................................................23
Chapter 2
Initial Setup Wizard.............................................................................................................................57
Chapter 3
Hardware, Interfaces and Zones ......................................................................................................83
Chapter 4
Easy Mode..........................................................................................................................................89
Chapter 5
Quick Setup Wizards........................................................................................................................153
Chapter 6
Dashboard........................................................................................................................................199
Part II: Technical Reference......................................................................... 209
Chapter 7
Monitor..............................................................................................................................................210
Chapter 8
Licensing...........................................................................................................................................260
Chapter 9
Wireless .............................................................................................................................................263
Chapter 10
Interfaces..........................................................................................................................................277
Chapter 11
Routing ..............................................................................................................................................376
Chapter 12
DDNS ................................................................................................................................................403
Chapter 13
NAT ....................................................................................................................................................409
Chapter 14
Redirect Service...............................................................................................................................418
Chapter 15
ALG....................................................................................................................................................424
Chapter 16
UPnP...................................................................................................................................................431
Chapter 17
IP/MAC Binding................................................................................................................................446
Chapter 18
Layer 2 Isolation ...............................................................................................................................451
Chapter 19
DNS Inbound LB................................................................................................................................455
Chapter 20
IPSec VPN .........................................................................................................................................461
Chapter 21
SSL VPN..............................................................................................................................................499
Chapter 22
L2TP VPN............................................................................................................................................505
Chapter 23
BWM (Bandwidth Management) .................................................................................................510
Chapter 24
Web Authentication ........................................................................................................................526
Chapter 25
Security Policy..................................................................................................................................559
Chapter 26
Content Filter ....................................................................................................................................589
Chapter 27
Anti-Spam.........................................................................................................................................631
Chapter 28
Object ...............................................................................................................................................647
Chapter 29
Mgmt. & Analytics...........................................................................................................................736
Chapter 30
System...............................................................................................................................................748
Chapter 31
Log and Report.................................................................................................................................810
Chapter 32
File Manager ....................................................................................................................................823
Chapter 33
Diagnostics ......................................................................................................................................839
Chapter 34
Packet Flow Explore ........................................................................................................................855
Chapter 35
Shutdown ..........................................................................................................................................862
Part III: Appendices and Troubleshooting.................................................. 870
Chapter 36
Troubleshooting................................................................................................................................871
P
ART
I
User’s Guide
C
HAPTER
1
Introduction
1.1 Overview
1.1.1 Model Feature Differences
FEATURE/MODEL
USG FLEX 50
(USG20-VPN)
USG FLEX 20W
(USG20W-VPN)
1.2 On Premises Mode
Initial Setup Wizard On Premises Mode
FEATURE/MODEL
USG FLEX 50
(USG20-VPN)
USG FLEX 20W
(USG20W-VPN)
Figure 1
Nebula Mode
1.3 Nebula Mode
Initial Setup Wizard Nebula Mode
Figure 2
On Premises Mode
1.3.1 NCC Portal
https://nebula.zyxel.com
Go Let’s Start
Native Mode Native Mode
1.3.2 Your Zyxel Device
WAN
LAN
SYS
Maintenance > File Manager > Configuration File startup-config.conf
Download
Native Mode Reset
1.3.3 Your Email Account for ZTP
Native Mode
1.4 Change the Mode
On Premises Mode Nebula Mode
Nebula Mode On Premises Mode
1.4.1 From Nebula Mode to On Premises Mode
https://nebula.zyxel.com
Organization-wide > Configuration > Inventory
Remove
On Premises Mode
Maintenance > File
Manager > Configuration File
Upload Configuration File Browse startup-config.conf
Upload
1.4.2 From On Premises Mode to Nebula Mode
Maintenance File Manager Configuration File
Reset
Nebula Mode
Native Mode ZTP Native Mode
1.5 Registration at myZyxel
Configuration Licensing Registration
Service
http://portal.myZyxel.com
Figure 3
1.5.1 Applications
Security Router
Figure 4
IPv6 Routing
Figure 5
VPN Connectivity
Figure 6
SSL VPN Network Access
Figure 7
User-Aware Access Control
A
B C
Figure 8
Load Balancing
Figure 9
1.6 Management Overview
Web Configurator
Figure 10
Figure 11
Command-Line Interface (CLI)
FTP
SNMP
SETTING VALUE
CloudCNM
CloudCNM
Management Authentication
1.7 Web Configurator
1.7.1 Web Configurator Access
Login
Configuration System
Language
Login
Update Admin Info
Configuration Object User/Group Setting Password Complexity
Password must changed every (days)
Apply
Terms of Use Acknowledge
Terms of Use
Password Change Notification
Configuration Object User/
Group User OK
Network Risk Warning
OK
Never
Update Admin Info Login
Apply Ignore Installation Setup Wizard
1.7.2 Security Check for Web Interface Overview
1.7.2.1 Secure SSL Access from the Internet to the Zyxel Device
A B C
Figure 12
1.7.2.2 Secure SSL VPN Access from the Internet to the Network Behind the Zyxel Device
Figure 13
1.7.2.3 Change the Default IPSec VPN Provisioning Port
ABBREVIATION COUNTRY
Figure 14
1.7.2.4 Change the Default Port for Two-Factor VPN Access Authentication
Object Auth. Method Two-factor Authentication VPN Access
Figure 15
Overall Port Configuration Example
1.7.2.5 Other Security Measures
Maintenance Firmware Management
Enable Password Complexity Object User/Grou
Setting
1.7.3 The Security Check for Web Interface Screen
REMOTE
MANAGEMENT
SSL VPN
IPSEC VPN
PROVISIONING
TWO-FACTOR VPN
ACCESS
AUTHENTICATION
Figure 16
LABEL DESCRIPTION
1.7.4 Remote Access to the Zyxel Device Networks
Monitor Network Status Device Insight
Configuration Object Device Insight
1.7.5 Web Configurator Screens Overview
A
B
C
Figure 17
OK
Cancel
LABEL DESCRIPTION
Figure 18
Title Bar
Figure 19
LABEL DESCRIPTION
About
About
Figure 20
Figure 21
Site Map
Site MAP
Off
Refresh
All Notifications
Initial Setup Wizard Easy Mode Easy Mode
LABEL DESCRIPTION
LABEL DESCRIPTION
Figure 22
Web Console
Web Console
Figure 23
Reference
Reference Reference
Refresh
Figure 24
CLI Messages
CLI
LABEL DESCRIPTION
N/A
Cancel
Figure 25
1.7.6 Navigation Panel
Figure 26
Dashboard
Monitor Menu
FOLDER OR LINK TAB FUNCTION
Configuration Menu
FOLDER OR LINK TAB FUNCTION
FOLDER OR LINK TAB FUNCTION
FOLDER OR LINK TAB FUNCTION
FOLDER OR LINK TAB FUNCTION
FOLDER OR LINK TAB FUNCTION
Maintenance Menu
1.7.7 Tables and Lists
FOLDER
OR LINK
TAB FUNCTION
Figure 27
Figure 28
Figure 29
Figure 30
Figure 31
Figure 32
LABEL DESCRIPTION
Add
Edit
Remove
Activate
Inactivate
Connect
Disconnect
References
Move
Working with Lists
Figure 33
C
HAPTER
2
Initial Setup Wizard
2.1 Initial Setup Wizard: Select Management Mode
Initial Setup Wizard
Initial Setup Wizard
Logout Initial Setup Wizard Next Finish
On Premises Mode
Nebula Mode
Figure 34
2.1.1 Welcome Screen
On Premises Mode Welcome
Figure 35
2.1.2 Internet Access Setup - WAN Interface
I have two ISPs
VLAN Tagged
Encapsulation Ethernet
PPPoE PPTP L2TP
MTU
WAN Interface
Zone
IP Address Assignment Auto
Static
DHCP Option 60 Auto IP Address Assignment
Figure 36
2.1.3 Internet Access: Ethernet
IP Address Assignment Auto
IP Address Assignment Static,
• VLAN ID
Encapsulation
MTU
First WAN Interface
Zone:
IP Address Auto Auto IP Address
Assignment
DHCP Option 60 Auto IP Address Assignment
IP Subnet Mask
Gateway IP Address
First / Second DNS Server
2.1.3.1 Possible Errors
Figure 37
2.1.4 Internet Access: PPPoE
2.1.4.1 Internet Access - First WAN Interface
• VLAN ID
2.1.4.2 ISP Parameters
• VLAN ID
Encapsulation
MTU
Service Name
Authentication Type
Chap/PAP
Chap
PAP
MSCHAP
MSCHAP-V2
User Name
Password
Nailed-Up Idle Timeout
2.1.4.3 WAN IP Address Assignments
WAN Interface
Zone:
IP Address Auto Auto IP Address
Assignment
First / Second DNS Server
2.1.4.4 Possible Errors
Service Name Authentication Type
Figure 38
2.1.5 Internet Access: PPTP
2.1.5.1 ISP Parameters
MTU
Authentication Type
Chap/PAP
Chap
PAP
MSCHAP
MSCHAP-V2
User Name
Password
Nailed-Up Idle Timeout
2.1.5.2 PPTP Configuration
Base Interface
Base IP Address
IP Subnet Mask
Gateway IP Address
Server IP
Connection ID
2.1.5.3 WAN IP Address Assignments
First WAN Interface
Zone
IP Address Auto IP Address
Assignment
First / Second DNS Server
2.1.5.4 Possible Errors
Service IP Base IP Address, IP Subnet Mask, Gateway IP
Address, Connection ID Authentication Type
Figure 39
2.1.6 Internet Access: L2TP
2.1.6.1 ISP Parameters
Authentication Type
Chap/PAP
Chap
PAP
MSCHAP
MSCHAP-V2
User Name
Password
Nailed-Up Idle Timeout
2.1.6.2 L2TP Configuration
Base Interface
Base IP Address
IP Subnet Mask
Gateway IP Address
Server IP
2.1.6.3 WAN IP Address Assignments
WAN Interface
Zone:
IP Address Auto Auto IP Address
Assignment
First / Second DNS Server
2.1.6.4 Possible Errors
Server IP Subnet Mask Gateway IP Address, IP Subnet Mask
Authentication Type
Figure 40
2.1.7 Internet Access Setup - Second WAN Interface
I have two ISPs First WAN Interface
Second WAN Interface
Figure 41
2.1.8 Internet Access: Congratulations
Connection Test Back
Figure 42
2.1.9 Date and Time Settings
Sync. Now
Figure 43
2.1.10 Register Device
Register
Figure 44
Figure 45
Refresh Configuration > Licensing > Registration
Nebula Mode Next
Figure 46
2.1.11 Activate Service
Figure 47
Refresh
Refresh
2.1.12 Service Settings
I have read SecuReporter GDPR and agree policy
Content Filter
Email Security
SecuReporter
Figure 48
2.1.13 Service Settings: SecuReporter
Server Status
Connected
Timeout
Fail
Device Name
Organization
Select from existing organization
Create new organization
Partially Anonymous
Fully Anonymous
Non-Anonymous
Figure 49
Figure 50
2.1.14 Wireless Settings: Management Mode
Management Mode Built-in AP
AP Controller
Next
Figure 51
2.1.15 Wireless Settings: AP Controller
Yes No
Figure 52
2.1.16 Wireless Settings: SSID & Security
SSID Setting
SSID
Security Mode Pre-Shared Key None
Pre-Shared Key
Hidden SSID
Enable Intra-BSS Traffic Blocking
For Zyxel Devices with Built - in AP Only
Bridged to
Figure 53
2.1.17 Remote Management
Policy Control
Figure 54
Allow secure remote management from WAN Policy Control
Restrict access only to trusted host
Allow SSL VPN access from WAN
Restrict access by GeoIP
Figure 55
2.2 Nebula Mode Initial Setup Wizard
Nebula Mode
Figure 56
2.2.1 Connect to Internet (WAN)
I have two ISPs
VLAN Tagged
Encapsulation Ethernet
PPPoE
MTU
WAN Interface
IP Address Assignment Auto
Static
DHCP Option 60 Auto IP Address Assignment
Figure 57
2.2.2 Internet Access: Ethernet
IP Address Assignment Auto
IP Address Assignment Static,
• VLAN ID
Encapsulation
MTU
First WAN Interface
IP Address Auto Auto IP Address
Assignment
DHCP Option 60 Auto IP Address Assignment
IP Subnet Mask
Gateway IP Address
First / Second DNS Server
2.2.2.1 Possible Errors
Figure 58
2.2.3 Internet Access: PPPoE
Internet Access - First WAN Interface
• VLAN ID
ISP Parameters
Encapsulation
MTU
Service Name
Authentication Type
Chap/PAP
Chap
PAP
MSCHAP
MSCHAP-V2
User Name
Password
IP Address Assignments
WAN Interface
IP Address Auto IP Address Assignment Auto
IP Subnet Mask
Gateway IP Address
First / Second DNS Server
2.2.3.1 Possible Errors
Figure 59
2.2.4 Internet Access: Congratulations
Connection Test Back
Next
On Premises Mode Next
Figure 60
2.2.5 QR Code
Native Mode Finish
Figure 61
Nebula Mode Go to Nebula
Back
Figure 62
C
HAPTER
3
Hardware, Interfaces and
Zones
3.1 Hardware Overview
3.1.1 Front Panels
Figure 63
Figure 64
LED COLOR STATUS DESCRIPTION
3.1.2 Rear Panels
Figure 65
LABEL DESCRIPTION
SYS
Maintenance > Diagnostics > System Log
Configuration > System > USB Storage
LED COLOR STATUS DESCRIPTION
3.2 Installation Scenarios
WARNING! Do NOT block the ventilation holes on the Zyxel Device.
Allow 100 mm clearance for the ventilation holes to prevent your Zyxel
Device from overheating. Do not store things on the Zyxel Device. Do
not place a Zyxel Device on another high temperature device.
Overheating could affect the performance of your Zyxel Device, or
even damage it.
3.2.1 Desk-mounting
LABEL DESCRIPTION
Figure 66
3.2.2 Wall-mounting
Figure 67
MODEL NAME DISTANCE “X”
Figure 68
Figure 69
Wall-mount the Zyxel Device horizontally. The Zyxel Device's side
panels with ventilation slots should not be facing up or down as this
position is less safe.
3.3 Default Zones, Interfaces, and Ports
3.4 Stopping the Zyxel Device
Maintenance > Shutdown > Shutdown
PORT / INTERFACE P1 P2 P3 P4 P5 P6 P7 P8
ZONE / INTERFACE WAN LAN1 LAN2 DMZ OPT
NO
DEFAULT
ZONE
C
HAPTER
4
Easy Mode
4.1 Overview
Easy Mode
Expert Mode
Easy Mode WAN1
LAN1 WAN1
WAN2
Expert Mode
Expert Mode
Expert Mode
Figure 70
OPT P6 guest Configuration
Network Interface Port Role Expert Mode
OPT
4.1.1 Objects and Rules
EZ_ Expert Mode
Easy Mode EZ_
Expert Mode EZ_
Easy Mode EZ_ EZ_ Expert Mode
Easy Mode
EZ_ EZ_
EZ_ Expert Mode
Easy Mode
4.1.2 Wizards and Links
Next >
< Back Exit X
Easy Mode
Figure 71
EZ_
OBJECT/
RULE
SCREEN EDIT DELETE
Initial Setup Wizard
VPN Wizard
Port Forwarding Wizard
Wi-Fi and Guest Wizard
Security Service Wizard
MyZyxel Portal
One Security Portal
Expert Mode
4.1.3 Easy Mode Settings
Easy Mode Settings
Figure 72
Create Recovery Point
Create Recovery Point
Restore Last Recovery Point -
Restart
Shutdown
4.1.4 Easy Mode Dashboard
Cloud Helper
What’s New
Upgrade Now Upgrade
Now
Figure 73
Easy Mode
Figure 74
System
Internet
VPN
Security
• Network Client
+
LAN1 Guest IP Address, MAC Address
Name
Network Client
LAN
Guest Network
Wi-Fi
Guest
4.2 Initial Setup Wizard - Language and Overview
Figure 75
Easy Mode Expert Mode
4.2.1 Initial Setup Wizard - Internet
Figure 76
DHCP
Ethernet Fixed IP
PPPoE
4.2.2 Initial Setup Wizard - Internet Access Errors
WAN 1 Down
WAN1
WAN1
PPPoE Error
DHCP Error
Ethernet Fixed IP Error
4.2.3 Initial Setup Wizard - Date and Time
Figure 77
Synch Now
4.2.4 Initial Setup Wizard - Register Device
Figure 78
Figure 79
Register
4.2.5 Initial Setup Wizard - Activate Services
Figure 80
Figure 81
Refresh
Refresh
4.2.6 Initial Setup Wizard - Wi-Fi
Figure 82
Enable Wi-Fi Network
Wi-Fi
Password
Password
Enable Guest Wi-Fi Network
Wi-Fi
Password
Wi-Fi and Guest Wizard
4.2.7 Initial Setup Wizard - Congratulations
Figure 83
Initial Wizard Security Service Port Forwarding Guest LAN VPN
Finish
Initial Wizard Finish Continue
Security Service (Content Filter, IDP, Anti Virus)
Port Forwarding
Guest LAN (Wired Network)
OPT
VPN
restore point
4.3 Initial Setup Wizard - Security Service
Figure 84
Enable Content Filter Chat
Chat
Chat
Dating & Personals
Gambling
Games
Hacking
Illegal Software
Instant Messaging
Job Search
Pornography/Sexually Explicit
Social Networking
Streaming Media & Downloads
Tasteless
Violence
Enable IDP
Enable Anti-Virus
Security Service Wizard
4.4 Initial Setup Wizard - Port Forwarding
Figure 85
Client
FTP HTTP HTTPS Available
Member
Port Forwarding Wizard
Add here
4.5 Initial Setup Wizard - Guest LAN
Figure 86
Enable Guest Network (for wired clients) OPT P6
LAN/DMZ
OPT P6
LAN/DMZ
Enable Guest Network (for wired clients)
OPT P6
4.5.1 Connecting AP Scenarios
Enable Guest
Wi-Fi Network Guest LAN (Wired Network)
4.6 Initial Setup Wizard - VPN
Figure 87
Launch Initial Setup Wizard Exit
IPSec VPN Settings
IPSec VPN Settings for Configuration Provisioning
VPN Settings for L2TP VPN Settings
4.6.1 VPN Setup Wizard: Wizard Type
Express
Advanced
Figure 88
4.6.2 VPN Express Wizard - Scenario
Express
Figure 89
IKE Version
Rule Name
Site-to-site
Site-to-site with Dynamic Peer
Remote Access (Server Role)
Remote Access (Client Role)
SITE-TO-SITE
SITE-TO-SITE WITH
DYNAMIC PEER
REMOTE ACCESS
(SERVER ROLE)
REMOTE ACCESS
(CLIENT ROLE)
4.6.3 VPN Express Wizard - Configuration
Figure 90
My Address (interface)
Secure Gateway Any
Pre-Shared Key
Local Policy (IP/Mask)
Remote Policy (IP/Mask) Any
4.6.4 VPN Express Wizard - Summary
Figure 91
Rule Name
Secure Gateway Any
Pre-Shared Key
Local Policy
Remote Policy
Any
Configuration for Secure Gateway
4.6.5 VPN Express Wizard - Finish
VPN > IPSec VPN
> VPN Gateway VPN > IPSec VPN > VPN Connection
Figure 92
Close
4.6.6 VPN Advanced Wizard - Scenario
Advanced
Figure 93
IKE Version
Rule Name
Site-to-site
Site-to-site with Dynamic Peer
Remote Access (Server Role)
Remote Access (Client Role)
4.6.7 VPN Advanced Wizard - Phase 1 Settings
Figure 94
Secure Gateway Any
My Address (interface)
Negotiation Mode Main Aggressive
Main
Aggressive
Encryption Algorithm 3DES AES
3DES
ES128
Authentication Algorithm MD5 SHA512
Key Group DH5 DH1 DH2
SA Life Time
NAT Traversal
Dead Peer Detection (DPD)
Authentication Method Pre-Shared Key Certificate
4.6.8 VPN Advanced Wizard - Phase 2
Figure 95
Active Protocol ESP AH
Encapsulation Tunnel Transport
Encryption Algorithm 3DES AES AES
Null
Authentication Algorithm MD5 SHA512
SA Life Time
Perfect Forward Secrecy (PFS)
DH5 DH1 DH2
Local Policy (IP/Mask)
Remote Policy (IP/Mask)
Nailed-Up
4.6.9 VPN Advanced Wizard - Summary
Figure 96
Rule Name
Secure Gateway
Pre-Shared Key
Local Policy
Remote Policy
Configuration for Remote Gateway
Save
4.6.10 VPN Advanced Wizard - Finish
VPN > IPSec VPN
> VPN VPN > IPSec VPN > VPN Connection
Figure 97
Close
4.7 VPN Settings for Configuration Provisioning Wizard:
Wizard Type
Use VPN Settings for Configuration Provisioning
Figure 98
not
AH
NULL
SHA512
Express
Advanced
Figure 99
4.7.1 Configuration Provisioning Express Wizard - VPN Settings
Express
Figure 100
IKE Version
Rule Name
Application Scenario Remote Access (Server Role)
4.7.2 Configuration Provisioning VPN Express Wizard - Configuration
Next
Figure 101
• My Address (interface)
Secure Gateway Any
Pre-Shared Key
Local Policy (IP/Mask)
Remote Policy (IP/Mask) Any
4.7.3 VPN Settings for Configuration Provisioning Express Wizard - Summary
Figure 102
Rule Name
Secure Gateway Any
Pre-Shared Key
Local Policy
Remote Policy Any
Configuration for Secure Gateway
Save
4.7.4 VPN Settings for Configuration Provisioning Express Wizard - Finish
VPN > IPSec VPN
> VPN Gateway VPN > IPSec VPN > VPN Connection
Figure 103
Close
4.7.5 VPN Settings for Configuration Provisioning Advanced Wizard -
Scenario
Advanced
Figure 104
IKE Version
Rule Name
Application Scenario Remote Access (Server Role)
Next
4.7.6 VPN Settings for Configuration Provisioning Advanced Wizard - Phase
1 Settings
Figure 105
Secure Gateway Any
My Address (interface)
Negotiation Mode Main Aggressive
Main
Aggressive
Encryption Algorithm 3DES AES
Authentication Algorithm
MD5 SHA1
SHA256
Key Group DH5 DH1 DH2
DH5
SA Life Time
Authentication Method Pre-Shared Key Certificate
4.7.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase
2
Figure 106
Active Protocol ESP AH
Encapsulation Tunnel Transport
Encryption Algorithm 3DES AES AES
Null
Authentication Algorithm
MD5 SHA1
SHA256
SA Life Time
Perfect Forward Secrecy (PFS):
DH5 DH1 DH2
Local Policy (IP/Mask)
Remote Policy (IP/Mask) ny
Nailed-Up
4.7.8 VPN Settings for Configuration Provisioning Advanced Wizard -
Summary
Figure 107
Rule Name
Secure Gateway ny
Pre-Shared Key
Local Policy
Remote Policy Any
Negotiation Mode Main Aggressive
Main
Aggressive
Encryption Algorithm
DES
3DES
AES128
AES192
AES256
Authentication Algorithm
MD5
SHA1
SHA256
Key Group DH5 DH1 DH2
DH1
DH2
DH5
Active Protocol ESP AH
Encapsulation Tunnel Transport
Encryption Algorithm
DES
3DES
AES128
AES192
AES256
Null
Authentication Algorithm
MD5
SHA1
SHA256
Configuration for Secure Gateway
Save
4.7.9 VPN Settings for Configuration Provisioning Advanced Wizard- Finish
VPN > IPSec VPN
> VPN VPN > IPSec VPN > VPN Connection
Figure 108
Close
4.8 VPN Settings for L2TP VPN Settings Wizard
VPN Settings for L2TP VPN Settings
Figure 109
Configuration > Quick Setup > VPN Setting VPN Settings for L2TP VPN Settings
Figure 110
Next
4.8.1 L2TP VPN Settings 1
Figure 111
Rule Name
My Address (interface)
Pre-Shared Key
Next
4.8.2 L2TP VPN Settings 2
Figure 112
IP Address Pool
Starting IP Address
End IP Address
First DNS Server (Optional)
Second DNS Server (Optional)
Allow L2TP traffic Through WAN
Next
4.8.3 VPN Settings for L2TP VPN Setting Wizard - Summary
Figure 113
Rule Name
Secure Gateway Any”
Pre-Shared Key
My Address (Interface)
IP Address Pool
Save
4.8.4 VPN Settings for L2TP VPN Setting Wizard Completed
Figure 114
VPN > L2TP VPN
VPN > IPSec VPN > VPN Connection VPN Gateway
4.9 Port Forwarding
Figure 115
Client
FTP HTTP HTTPS Available
Member
4.9.1 Port Forwarding > Add Client
Edit Client List
Name IP Address MAC Address
Edit Client
List
4.9.2 Port Forwarding > Add Service
Edit Service List
Add
Service Name Starting Port
Ending Port
4.9.3 Port Forwarding > UPnP
Enable UPnP Refresh
Enable UPnP
Finish Port Forwarding Wizard
4.10 Wi-Fi and Guest Network Wizard
Figure 116
Enable Wi-Fi Network
Wi-Fi
Password
Enable Guest Wi-Fi Network
Duration
Wi-Fi Password
Guest Wi-Fi Network Duration
4.10.1 Guest LAN (Wired Network)
Figure 117
Enable Guest Network (for wired clients) OPT P6
LAN/DMZ
OPT P6
LAN/DMZ
Enable Guest Network (for wired clients)
OPT P6
4.10.2 Connecting AP Scenarios
Enable Guest
Wi-Fi Network Guest LAN (Wired Network)
4.11 Security Service Wizard
Figure 118
Figure 119
portal.myzyxel.com
Refresh
Refresh
4.11.1 Security Service Wizard 2 - Content Filter Categories
Figure 120
Enable Content Filter with following contents blocked
Chat Chat
Enable IDP
Enable Anti-Virus
4.11.2 Security Service Wizard 3 - Websites
Figure 121
Add
4.11.3 Security Service Wizard 4 - Exemptions
Figure 122
Add Client Address Client List
Name IP Address MAC Address
4.11.4 Security Service Wizard 5 - IDP/AV
Figure 123
4.12 MyZyxel Portal
Figure 124
MyZyxel Portal
MyZyxel Portal
4.13 One Security Portal
Figure 125
ONESECURITY ICON SCREEN
ONESECURITY ICON SCREEN
C
HAPTER
5
Quick Setup Wizards
5.1 Quick Setup Overview
Quick Setup Quick Setup
Figure 126
• WAN Interface
• Remote Access VPN Setup
Zyxel VPN Client
L2TP over IPSec Client
• VPN Setup
VPN Setup
Use VPN Settings for Configuration Provisioning
VPN Settings for L2TP VPN Settings
• Wireless Setup
• Wizard Help
5.2 WAN Interface Quick Setup
WAN Interface Quick Setup WAN Interface Quick Setup Wizard
Welcome Next
Figure 127
5.2.1 Choose an Ethernet Interface
Next
Figure 128
5.2.2 Select WAN Type
WAN Type Selection Ethernet
PPPoE PPTP L2TP
Figure 129
5.2.3 Configure WAN IP Settings
Figure 130
Figure 131
WAN Interface
Zone
IP Address Assignment Auto
Static
5.2.4 ISP and WAN and ISP Connection Settings
Ethernet IP Address Assignment Auto IP Address Assignment Static
PPTP PPPoE
Figure 132
Figure 133
Figure 134
ISP Parameter
Encapsulation
Service Name
Authentication Type:
CHAP/PAP
CHAP
PAP
MSCHAP
MSCHAP-V2
User Name
Password:
Retype to Confirm
Nailed-Up Nailed-Up
Idle Timeout
PPTP Configuration
Base Interface
Base IP Address
IP Subnet Mask
Gateway IP Address
Server IP
Connection ID:
IP Address Assignment
WAN Interface
Zone
IP Address
IP Subnet Mask
Gateway IP Address
First DNS Server / Second DNS Server
0.0.0.0
5.2.5 Quick Setup Interface Wizard: Summary
Figure 135
Encapsulation
Service Name
Server IP
User Name
Nailed-Up No Yes
Idle Timeout:
Connection ID
WAN Interface
Zone
IP Address Assignment Auto
IP Address
IP Subnet Mask
Gateway IP Address:
First DNS Server /Second DNS Server IP Address Assignment Static
5.3 Remote Access VPN Setup-Scenario
IKEv2 IPSec Client
L2TP over IPSec Client
Figure 136
5.3.1 IKEv2 IPSec Client- VPN Configuration
Full Tunnel Split
Tunnel
Full Tunnel
Figure 137
Interface
Domain Name/ IPv4
Auto
Manual
Host IP Address Host Domain Name
IP Address Domain Name
IP Address Domain Name
Configuration Object Certificate My Certificate
IP Address Domain Name
Full Tunnel Allow Client VPN Traffic Through WAN
Allow Client VPN Traffic Through WAN
Split Tunnel
LAN DMZ guest
Figure 138
IP Address Pool
Customer Defined
Second DNS Server
Upload Bandwidth Limit
Upload Bandwidth Limit
Configuration VPN
IPSec VPN Configuration Provisioning
5.3.2 IKEv2 IPSec Client- User Authentication
Figure 139
Member
Configuration Object
User/Group User Add A User
5.3.3 IKEv2 IPSec Client- Summary
Figure 140
RemoteAccess_Wiz
Save RemoteAccess_Wiz VPN PSec VPN VPN Connection
VPN IPSec VPN VPN Gateway
5.3.4 IKEv2 IPSec Client-Config Provision
Non SecuExtender VPN Client
Figure 141
5.3.5 L2TP over IPSec Client-VPN Configuration
L2TP over IPSec Client
Full Tunnel
Figure 142
Pre-Shared Key
Interface
Domain Name/ IPv4
Full Tunnel Allow Client VPN Traffic Through WAN
Allow Client VPN Traffic Through
WAN
Figure 143
IP Address Pool
Customer
Defined
Second DNS Server
5.3.6 L2TP over IPSec Client- User Authentication
Figure 144
Member
Configuration Object
User/Group User Add A User
5.3.7 L2TP over IPSec Client- Summary
Figure 145
RemoteAccess_L2TP_Wiz
Save RemoteAccess_L2TP_Wiz VPN L2TP VPN
5.3.8 L2TP over IPSec Client-Config Provision
Figure 146
5.4 VPN Setup Wizard
VPN Setup Quick Setup Welcome
5.4.1 Welcome
Configuration > VPN > IPSec VPN > VPN Gateway
Configuration > VPN > IPSec VPN > VPN Connection
VPN Settings
VPN Settings for Configuration Provisioning
VPN Settings for L2TP VPN Settings
Figure 147
5.4.2 VPN Setup Wizard: Wizard Type
Express
Advanced
Figure 148
5.4.3 VPN Express Wizard - Scenario
Express
Figure 149
IKE (Internet Key Exchange) Version: IKEv1 and IKEv2
Scenario
Rule Name
Site-to-site
Site-to-site with Dynamic Peer
Remote Access (Server Role)
Remote Access (Client Role)
5.4.4 VPN Express Wizard - Configuration
Figure 150
My Address (interface)
Secure Gateway Any
Pre-Shared Key
Local Policy (IP/Mask)
Remote Policy (IP/Mask) Any
5.4.5 VPN Express Wizard - Summary
Figure 151
Rule Name
Secure Gateway Any
Pre-Shared Key
Local Policy
Remote Policy
Any
Configuration for Secure Gateway
5.4.6 VPN Express Wizard - Finish
VPN > IPSec VPN
> VPN Gateway VPN > IPSec VPN > VPN Connection
Figure 152
Close
5.4.7 VPN Advanced Wizard - Scenario
Advanced
Figure 153
IKE (Internet Key Exchange) Version: IKEv1 and IKEv2
Scenario
Rule Name
Site-to-site
Site-to-site with Dynamic Peer
Remote Access (Server Role)
Remote Access (Client Role)
5.4.8 VPN Advanced Wizard - Phase 1 Settings
Figure 154
Secure Gateway Any
My Address (interface)
Negotiation Mode Main Aggressive
Main
Aggressive
Encryption Algorithm 3DES AES
3DES
AES128
Authentication Algorithm MD5 SHA512
Key Group DH5 DH1 DH2
SA Life Time
NAT Traversal
Dead Peer Detection (DPD)
Authentication Method Pre-Shared Key Certificate
5.4.9 VPN Advanced Wizard - Phase 2
Figure 155
Active Protocol ESP AH
Encapsulation Tunnel Transport
Encryption Algorithm 3DES AES AES
Null
Authentication Algorithm MD5 SHA512
SA Life Time
Perfect Forward Secrecy (PFS)
DH5 DH1 DH2
Local Policy (IP/Mask)
Remote Policy (IP/Mask)
Nailed-Up
5.4.10 VPN Advanced Wizard - Summary
Figure 156
Rule Name
Secure Gateway
Pre-Shared Key
Certificate
Local Policy
Remote Policy
Negotiation Mode Main Aggressive
Main
Aggressive
Encryption Algorithm
DES
3DES
AES128
AES192
AES256
Authentication Algorithm
MD5
SHA1
SHA256
Key Group DH5 DH1 DH2
DH1
DH2
DH5
Active Protocol ESP AH
Encapsulation Tunnel Transport
Encryption Algorithm
DES
3DES
AES128
AES192
AES256
Null
Authentication Algorithm
MD5
SHA1
SHA256
Configuration for Remote Gateway
Save
5.4.11 VPN Advanced Wizard - Finish
VPN > IPSec VPN
> VPN VPN > IPSec VPN > VPN Connection
Figure 157
Close
5.5 VPN Settings for Configuration Provisioning Wizard:
Wizard Type
Use VPN Settings for Configuration Provisioning
not
AH
NULL
SHA512
Express
Advanced
Figure 158
5.5.1 Configuration Provisioning Express Wizard - VPN Settings
Express
Figure 159
IKE
IKEv2
Rule Name
Application Scenario Remote Access (Server Role)
5.5.2 Configuration Provisioning VPN Express Wizard - Configuration
Next
Figure 160
My Address (interface)
Secure Gateway Any
Pre-Shared Key
Local Policy (IP/Mask)
Remote Policy (IP/Mask) Any
5.5.3 VPN Settings for Configuration Provisioning Express Wizard - Summary
Figure 161
Rule Name
Secure Gateway Any
Pre-Shared Key
Local Policy
Remote Policy Any
Configuration for Secure Gateway
Save
5.5.4 VPN Settings for Configuration Provisioning Express Wizard - Finish
Configuration >
VPN > IPSec VPN > VPN Gateway Configuration > VPN
> IPSec VPN > VPN Connection
Figure 162
Close
5.5.5 VPN Settings for Configuration Provisioning Advanced Wizard -
Scenario
Advanced
Figure 163
IKE
IKEv2
Rule Name
Application Scenario Remote Access (Server Role)
Next
5.5.6 VPN Settings for Configuration Provisioning Advanced Wizard - Phase
1 Settings
Figure 164
Secure Gateway Any
My Address (interface)
Negotiation Mode Main Aggressive
Main
Aggressive
Encryption Algorithm 3DES AES
Authentication Algorithm
MD5 SHA1
SHA256
Key Group DH5 DH1 DH2
DH5
SA Life Time
Authentication Method Pre-Shared Key Certificate
5.5.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase
2
Figure 165
Active Protocol ESP AH
Encapsulation Tunnel Transport
Encryption Algorithm 3DES AES AES
Null
Authentication Algorithm
MD5 SHA1
SHA256
SA Life Time
Perfect Forward Secrecy (PFS):
DH5 DH1 DH2
Local Policy (IP/Mask)
Remote Policy (IP/Mask) Any
Nailed-Up
5.5.8 VPN Settings for Configuration Provisioning Advanced Wizard -
Summary
Figure 166
Rule Name
Secure Gateway ny
Pre-Shared Key
Local Policy
Remote Policy Any
Negotiation Mode Main Aggressive
Main
Aggressive
Encryption Algorithm
DES
3DES
AES128
AES192
AES256
Authentication Algorithm
MD5
SHA1
SHA256
Key Group DH5 DH1 DH2
DH1
DH2
DH5
Active Protocol ESP AH
Encapsulation Tunnel Transport
Encryption Algorithm
DES
3DES
AES128
AES192
AES256
Null
Authentication Algorithm
MD5
SHA1
SHA256
Configuration for Secure Gateway
Save
5.5.9 VPN Settings for Configuration Provisioning Advanced Wizard - Finish
VPN > IPSec VPN
> VPN VPN > IPSec VPN > VPN Connection
Figure 167
Close
5.6 VPN Settings for L2TP VPN Settings Wizard
VPN Settings for L2TP VPN Settings Configuration > Quick Setup >
VPN Setup VPN Settings for L2TP VPN Settings
Figure 168
Next
5.6.1 L2TP VPN Settings
Figure 169
Rule Name
My Address (interface)
Pre-Shared Key
Next
5.6.2 L2TP VPN Settings
Figure 170
IP Address Pool RANGE SUBNET
Starting IP Address
End IP Address
Network SUBNET
Netmask
First DNS Server (Optional)
Second DNS Server (Optional)
Allow L2TP traffic Through WAN
Next
5.6.3 VPN Settings for L2TP VPN Setting Wizard - Summary
Figure 171
Rule Name
Secure Gateway: Any
Pre-Shared Key
My Address (Interface)
IP Address Pool
Save
5.6.4 VPN Settings for L2TP VPN Setting Wizard - Completed
Figure 172
Configuration >
VPN > L2TP VPN Configuration > VPN > IPSec VPN > VPN Connection VPN
Gateway
5.7 Wireless Setup Wizard
Wireless Setup Quick Setup
Summary
Figure 173
5.7.1 SSID
SSID
Edit
Figure 174
Activate
Wireless Name SSID)
Outgoing Interface
Security Mode
WPA2 WEP WPA
Configuration > Wireless
WPA2, Pre-Shared Key Open
OK Cancel
Next
5.7.2 Radio
Radio
Figure 175
Figure 176
DCS
Manual
Output Power
20 MHz
20/40MHz 20/40/80MHz
5.7.3 Summary
Summary
Figure 177
Summary Save
Back
5.7.4 Wizard Completed
Wizard Completed
Figure 178
Close
C
HAPTER
6
Dashboard
6.1 Overview
Dashboard
6.1.1 What You Can Do in this Chapter
Dashboard
Dashboard
6.2 The General Screen
Dashboard Dashboard
Figure 179
LABEL DESCRIPTION
6.2.1 Device Information Screen
Device Information
Figure 180
Figure 181
Inactive
Down
Speed / Duplex
Full Half
none
Inactive
Connected
Disconnected
LABEL DESCRIPTION
LABEL DESCRIPTION
Host Name
6.2.2 System Status Screen
Figure 182
6.2.3 Tx/Rx Statistics
Firmware Package
LABEL DESCRIPTION
LABEL DESCRIPTION
OK
Firmware update OK
Problematic configuration after firmware update
System default configuration
Fallback to lastgood configuration
Fallback to system default configuration
Booting in progress
Date/Time
Figure 183
6.2.4 The Latest Logs Screen
Figure 184
6.2.5 System Resources Screen
LABEL DESCRIPTION
LABEL DESCRIPTION
Figure 185
6.2.6 DHCP Table Screen
LABEL DESCRIPTION
Show CPU Usage
Show Memory Usage
Detail Session Monitor
Show Active Sessions
Figure 186
6.2.7 Number of Login Users Screen
LABEL DESCRIPTION
Apply
Apply
Figure 187
6.2.8 Current Login User
Figure 188
6.2.9 VPN Status
Figure 189
LABEL DESCRIPTION
ext-user
6.2.10 SSL VPN Status
Figure 190
Figure 191
6.3 The VPN Screen
Configuration VPN IPSec VPN
Figure 192
LABEL DESCRIPTION
Refresh
P
ART
II
Technical Reference
C
HAPTER
7
Monitor
7.1 Overview
Monitor
7.1.1 What You Can Do in this Chapter
Monitor
Traffic Statistics > Port Statistics
Traffic Statistics > Port Statistics > Graph View
Traffic Statistics > Interface Status
Traffic Statistics > Traffic Statistics
Traffic Statistics > Session Monitor
Network Status > DHCP Table
Network Status Device Insight
Network Status > Login Users
Network Status > IGMP Statistics
Network Status > DDNS Status
Network Status > IP/MAC Binding
Network Status > Cellular Status
Network Status > UPnP Port Status
Network Status > USB Storage
• Network Status > Ethernet Neighbor
Network Status > FQDN Object
Wireless > AP Information Radio List
Wireless > SSID Info
Wireless > Station Info Station List
Wireless > Station Info Top N Stations
Wireless > Station Info Single Station
VPN Monitor IPSec
VPN Monitor > SSL
VPN Monitor > L2TP over IPSec
Security Statistics > Content Filter
Security Statistics > Anti-Spam Summary
Security Statistics > Anti-Spam Status
Log > View Log
7.2 The Port Statistics Screen
Monitor > Traffic Statistics Port Statistics
Figure 193
7.2.1 The Port Statistics Graph Screen
Port Statistics Status Switch to Graphic View Button
LABEL DESCRIPTION
Set Interval
Poll Interval
Poll Interval Set Interval
Down
Speed / Duplex
Full Half
Figure 194
7.3 Interface Status Screen
Monitor >
Traffic Statistics > Interface Summary
LABEL DESCRIPTION
Figure 195
LABEL DESCRIPTION
Expand
Inactive
Down
Speed / Duplex
Full Half
Inactive
Connected
Disconnected
Up
Up
Connected
Disconnected
Up
Down
Static
DHCP Client
DHCP
relay DHCP server DDNS RIP OSPF n/a
Renew
Connect
n/a
LABEL DESCRIPTION
Remote Gateway Address
Expand
Inactive
Down
Speed / Duplex
Full Half
Inactive
Connected
Disconnected
Up
Up
Connected
Disconnected
Up
Down
LABEL DESCRIPTION
7.4 The Traffic Statistics Screen
Monitor > Traffic Statistics > Traffic Statistics Traffic Statistics
Traffic Statistics
Traffic Statistics
DHCP
relay DHCP server DDNS RIP OSPF n/a
Renew
Connect
n/a
Expand
Down
Speed / Duplex
Full Half
Connected
LABEL DESCRIPTION
Figure 196
LABEL DESCRIPTION
Refresh
Apply
Reset
Host IP Address/User
Service/Port
Web Site Hits
Country
Traffic Type Host IP Address/User
Ingress
Egress
Direction Ingress Direction Egress
Traffic Type Service/Port
Ingress
Egress
Direction Ingress Direction Egress
Traffic Type Web Site Hits
Traffic Type Country
Ingress
Egress
Direction Ingress Direction Egress
Ingress
Egress
LABEL DESCRIPTION
LABEL DESCRIPTION
7.5 The Session Monitor Screen
Session Monitor
Monitor > Traffic Statistics > Session Monitor
Figure 197
LABEL DESCRIPTION
sessions by users
sessions by services
sessions by source IP
session by source region
sessions by destination IP
sessions by destination region
all sessions User Service Source Address Destination
Address
User Service Source Address Destination Address, Source Country Destination
Country
View all sessions
View all sessions
View all sessions
View all sessions
View all sessions
View all sessions
Clear Clear All
Log > View Log
sessions by users all sessions + -
sessions by services + -
sessions by source IP + -
sessions by destination IP + -
LABEL DESCRIPTION
7.6 The DHCP Table Screen
Monitor > Network Status > DHCP Table
Figure 198
LABEL DESCRIPTION
Export Save
Configuration Network Interface Ethernet VLAN DCHP Setting.
7.7 The Device Insight Screen
Device Insight
Device Insight
IP address
Yes
LABEL DESCRIPTION
Device Insight
Device Insight
A B
C
Figure 199
Monitor Device Inventory
Figure 200
LABEL DESCRIPTION
Edit
Description
Remove
Device Insight
Remove
Add to block list
Remove from block list
Feedback
Category Operating System Type
7.7.1 The Device Insight Edit Screen
Monitor Network Status Device
Insight Edit
Figure 201
LABEL DESCRIPTION
LABEL DESCRIPTION
7.7.2 The Device Insight Feedback Screen
Monitor Network Status Device
Insight Feedback
Figure 202
LABEL DESCRIPTION
7.8 The Login Users Screen
Monitor > Network Status > Login Users
Figure 203
LABEL DESCRIPTION
unlimited
Private IP
ext-
user
7.9 IGMP Statistics
Monitor Network Status IGMP Statistics
Figure 204
Accounting-on
Accounting-off
N/A
LABEL DESCRIPTION
LABEL DESCRIPTION
7.10 The DDNS Status Screen
DDNS Status Monitor >
Network Status > DDNS Status
Figure 205
7.11 IP/MAC Binding
Monitor > Network Status > IP/MAC Binding IP/MAC Binding
LABEL DESCRIPTION
Updating
Figure 206
7.12 Cellular Status Screen
Monitor > Network Status > Cellular
Status
Figure 207
LABEL DESCRIPTION
LABEL DESCRIPTION
No device
No Service
Limited Service
Device detected
Device error
Probe device fail
Probe device ok
Init device fail
Init device ok
Check lock fail
Device locked
SIM error
SIM locked-PUK
SIM locked-PIN
Unlock PUK fail
Unlock PIN fail
Unlock device fail
Device unlocked
Get dev-info fail
Get dev-info ok
Searching network
Get signal fail
Network found
Apply config
Inactive
Active
Incorrect device
Correct device
Set band fail
Set band ok
Set profile fail
Set profile ok
PPP fail
Need auth-password
Device ready
Limited Service
LABEL DESCRIPTION
7.12.1 More Information
Monitor > Network Status
> Cellular Status > More Information
Figure 208
UMTS UMTS/HSDPA GPRS EDGE
1xRTT EVDO Rev.0 EVDO Rev.A
LABEL DESCRIPTION
LABEL DESCRIPTION
Limited Service
7.13 The UPnP Port Status Screen
Monitor > Network Status > UPnP Port Status
Figure 209
UMTS UMTS/HSDPA GPRS EDGE
1xRTT EVDO Rev.0 EVDO Rev.A
Signal Quality
LABEL DESCRIPTION
LABEL DESCRIPTION
7.14 USB Storage Screen
Monitor > Network Status
> USB Storage
Figure 210
External Port
Internal Client Internal Port
Internal Client
Internal Port Internal Client
Internal Client
Internal Port Internal
Port
Internal Client
Internal Client
LABEL DESCRIPTION
LABEL DESCRIPTION
7.15 Ethernet Neighbor Screen
System > ZON
System > ZON
Monitor > Network Status > Ethernet Neighbor
Unknown
Ready
Remove Now
Unused
Remove Now
Use It
none
Deactivated
OutofSpace
Mounting
Removing
none
LABEL DESCRIPTION
Figure 211
7.16 FQDN Object Screen
Monitor > Network Status > FQDN Object FQDN Object
Configuration > Object > Address/Geo IP > Address Configuration
> Object > Address/Geo IP > Address Group
LABEL DESCRIPTION
Port Role
Network > Interface > Ethernet > Edit
Port Role
Object > Address
Security Policy > Policy Control > Add
Figure 212
LABEL DESCRIPTION
Configuration > Object > Address/Geo IP IPv4 Address
Configuration
Configuration > Object > Address/Geo IP IPv6 Address
Configuration
7.17 AP Information: Radio List
Monitor > Wireless > AP Information > Radio List Radio List
Figure 213
LABEL DESCRIPTION
LABEL DESCRIPTION
UnderLoad OverLoad
N/A
n/a
AP Mode
Wall Ceiling
N/A
LABEL DESCRIPTION
7.17.1 Radio List: More Information
More
Information Radio List
Figure 214
7.18 SSID Info
Monitor > Wireless > SSID Info
Figure 215
LABEL DESCRIPTION
Local Bridge Tunnel
7.19 Station Info: Station List
Station Info Station List Top N Stations Single Station
Monitor > Wireless > Station Info > Station List
Figure 216
LABEL DESCRIPTION
Station Info >
Station List
Station Info > Station
List
Refresh
LABEL DESCRIPTION
7.20 Station Info: Top N Stations
Monitor >
Wireless > Station Info > Top N Stations
Figure 217
Refresh
LABEL DESCRIPTION
LABEL DESCRIPTION
Refresh
7.21 Station Info: Single Station
Monitor > Wireless >
Station Info > Single Station
Figure 218
7.22 The IPSec Screen
IPSec Monitor
Monitor > VPN Monitor IPSec
LABEL DESCRIPTION
Refresh
Figure 219
LABEL DESCRIPTION
Search
Search
N/A
7.22.1 Regular Expressions in Searching IPSec SAs
7.23 The SSL Screen
Monitor
> VPN Monitor > SSL
Figure 220
N/A
LABEL DESCRIPTION
7.24 The L2TP over IPSec Screen
Monitor > VPN Monitor > L2TP over IPSec
Figure 221
LABEL DESCRIPTION
Refresh
LABEL DESCRIPTION
Refresh
7.25 The Content Filter Screen
Monitor > Security Statistics > Content Filter
7.25.1 Web Content Filter
Figure 222
LABEL DESCRIPTION
Apply
Flush Data
7.25.2 DNS Content Filter
Figure 223
Apply
Reset
LABEL DESCRIPTION
7.26 The Anti-Spam Screens
Anti-Spam Summary Status
7.26.1 Anti-Spam Summary
Monitor > Security Statistics > Anti-Spam Summary
LABEL DESCRIPTION
Apply
Flush Data
Apply
Reset
Figure 224
LABEL DESCRIPTION
Apply
Flush Data
Apply
Reset
7.26.2 The Anti-Spam Status Screen
Monitor > Security Statistics > Anti-Spam Status Anti-Spam Status
Anti-Spam Status
Email
Security > Status
Email Security > Summary
Email
Security > Status
Email Security > Summary
Sender IP
Sender Email Address
Sender IP
Sender Email Address
LABEL DESCRIPTION
Figure 225
LABEL DESCRIPTION
7.27 Log Screens
All Logs
Debug Log
7.27.1 View Log
Monitor > Log
View Log
Figure 226
LABEL DESCRIPTION
Category Email Log Now Refresh Clear
Category Priority Source Address Destination
Address Source Interface Destination Interface Service Keyword Protocol Search
All Logs
Debug Log
any emerg alert
crit error warn notice info
Category Debug Log
Message
Source Destination Note
Reset
Active
Send Log To Log Settings
Priority
Category
x
x Message
LABEL DESCRIPTION
C
HAPTER
8
Licensing
8.1 Registration Overview
Configuration > Licensing > Registration
Registration
Service
8.1.1 What you Need to Know
Subscription Services Available
Configuration > Licensing > Registration > Service
8.1.2 Registration Screen
Refresh
Refresh
Configuration > Licensing > Registration
Figure 227
8.1.3 Service Screen
Activate
Configuration > Licensing > Registration Service
Figure 228
LABEL DESCRIPTION
Activated
Not Activated Expired
Expired Not Licensed
Default
Status Default
Trial
Standard
N/A
Buy
Standard Renew
Activate
LABEL DESCRIPTION
C
HAPTER
9
Wireless
9.1 Overview
Wireless
Licenses
9.1.1 What You Can Do in this Chapter
Built-in AP
9.2 Built-in AP
Configuration > Wireless > Built-in AP Built-in AP Mode
Figure 229
LABEL DESCRIPTION
9.2.1 Wireless > Built-in AP > General >Add/Edit SSID
Add Configuration > Wireless > Built-in AP then
Edit
Edit
Activate
Inactivate
Apply
Reset
LABEL DESCRIPTION
Figure 230
LABEL DESCRIPTION
Activate Inactivate
disable
WMM
WMM_VOICE
WMM_VIDEO
WMM_BEST_EFFORT
WMM_BACKGROUND
open wep wpa2 wpa2-mix
RADIUS Server Type Internal
Configuration > Object >
Auth. Method
auto
aes
Security Mode wpa2 wpa2-mix
Enable Disable
LABEL DESCRIPTION
wpa2 Security Mode Cipher Type
aes
Optional
Required
Internal External
allow
deny
LABEL DESCRIPTION
9.2.2 Wireless > Built-in AP > Radio
Configuration >
Wireless > Built-in AP > Radio
OK
Cancel
LABEL DESCRIPTION
Figure 231
Figure 232
LABEL DESCRIPTION
Advanced Settings
11b/g
11b/g/n
20/40MHz
20MHz
DCS
Channel Selection Manual
Manual
Channel Selection DCS
Channel Selection DCS
auto
2.4 GHz Channel
Deployment
manual
Channel Selection DCS 2.4 GHz Channel
Selection Method manual
LABEL DESCRIPTION
Channel Selection DCS 2.4 GHz Channel
Selection Method auto
Three-Channel Deployment
Four-Channel Deployment
Channel Selection DCS
20/40MHz 20/40/80MHz
Short Long
LABEL DESCRIPTION
Multicast to Unicast
Fixed Multicast Rate
LABEL DESCRIPTION
9.3 Technical Reference
9.3.1 Dynamic Channel Selection
11a
11a/n
11ac
20 MHz
20/40 MHz
20/40/80 MHz
11ac
11ax 802.11 Mode
DCS
Channel Selection Manual
Manual
OK
Cancel
LABEL DESCRIPTION
Figure 233
Figure 234
Figure 235
9.3.2 Load Balancing
Load balancing by station number
Load balancing by traffic level
C
HAPTER
10
Interfaces
10.1 Interface Overview
Interface
Ports
Interfaces
Zones
10.1.1 What You Can Do in this Chapter
Port Role
Port Configuration
Ethernet
PPP
Cellular
Tunnel
VLAN
Bridge
VTI
Trunk
10.1.2 What You Need to Know
Interface Characteristics
Types of Interfaces
Interface > Port Roles Interface > Port Groups
Ethernet interfaces
Tunnel interfaces
VLAN interfaces
Bridge interfaces
PPP interfaces
Cellular interfaces
Virtual interfaces
virtual Ethernet interfaces virtual VLAN interfaces virtual bridge interfaces
Trunk interfaces
CHARACTERISTICS ETHERNET ETHERNET PPP CELLULAR VLAN BRIDGE VIRTUAL
x x x
x
Relationships Between Interfaces
INTERFACE REQUIRED PORT / INTERFACE
CHARACTERISTICS ETHERNET ETHERNET PPP CELLULAR VLAN BRIDGE VIRTUAL
IPv6 Overview
IPv6 Addressing
Prefix and Prefix Length
INTERFACE REQUIRED PORT / INTERFACE
Link-local Address
Subnet Masking
Stateless Autoconfiguration
Prefix Delegation
IPv6 Router Advertisement
DHCPv6
10.1.3 What You Need to Do First
Configuration System IPv6
10.2 Port Role
Configuration > Network > Interface > Port Role Port Role
lan1 lan2 ext-wlan, ext-lan
dmz
Figure 236
Apply
Reset
10.3 Port Configuration
Configuration Network Interface Port Configuration
Figure 237
10.4 Ethernet Summary Screen
Configuration System IPv6
Configuration > Network
Interface > Ethernet
LABEL DESCRIPTION
Auto Negotiate 1000Mbps-Full Duplex 100Mbps-Full Duplex 100Mbps-Half Duplex
10Mbps-Full Duplex 10Mbps-Half Duplex
Auto Negotiate
Apply
Reset
Figure 238
LABEL DESCRIPTION
Configuration IPv6 Configuration
Edit
Remove
Activate
Inactivate
Create Virtual Interface
References
10.4.1 Ethernet Edit
Ethernet Edit
Edit Ethernet Summary
Edit Configuration
STATIC DHCP
STATIC LINK LOCAL DHCP
SLAAC
Apply
Reset
LABEL DESCRIPTION
10.4.1.1 IGMP Proxy
Figure 239
Figure 240
Figure 241
Figure 242
LABEL DESCRIPTION
OPT
internal external
internal
external
general
Interface Type external general
Interface Type external general
Interface Type external general
Interface Type external general
IGMP Upstream
IGMP Downstream
LABEL DESCRIPTION
References
OK
N/A
Client
Server
Relay
LABEL DESCRIPTION
Client
References
Server
Client
Relay
Relay
Low Medium High
LABEL DESCRIPTION
Interface Type internal
OK
LABEL DESCRIPTION
Interface Properties External General
icmp
tcp
Check Method tcp
any one
all
Interface Type internal general
None
DHCP Relay
DHCP Server
DHCP Relay
DHCP Server
LABEL DESCRIPTION
Static DHCP Table
Pool Size
Subnet Mask Subnet Mask IP Pool
Start Address
IP Pool Start Address
Custom Defined
From ISP
Zyxel Device
DHCP Server
Custom Defined
infinite
days, hours, and minutes
DHCP server
LABEL DESCRIPTION
DHCP Server
IP Pool Start Address Pool Size
Monitor System Status DHCP Table
Export
Monitor System Status DHCP Table
Browse Upload
LABEL DESCRIPTION
BiDir
In-Only
Out-Only
1 2 1 and 2
1 2 1 and 2
None
Same-as-Area
None
Text
MD5
Authentication Text
Authentication MD5
Authentication MD5
Interface Properties External General
Clone by host
LABEL DESCRIPTION
10.4.2 Proxy ARP
Proxy ARP
Add IPv4 Address IPv4 CIDR IPv4
Range
IPv4 Address
Remove
PPPoE/PPTP
VLAN
WAN TRUNK
Policy Route
Interface Type general
Interface Type
internal external
OK
Cancel
LABEL DESCRIPTION
Figure 243
Add Edit Add Proxy ARP
Figure 244
10.4.3 Virtual Interfaces
LABEL DESCRIPTION
IPv4 Address IPv4 CIDR IPv4 Range
IPv4 Address
OK
Cancel
Create Virtual Interface
Figure 245
LABEL DESCRIPTION
10.4.4 References
References
References References
Figure 246
10.4.5 Add/Edit DHCPv6 Request/Release Options
Configuration > Network > Interface > Ethernet > Edit DHCPv6 Server
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
N/A
Cancel
DHCPv6 Client DHCPv6 Setting Add DHCPv6 Request Options
DHCPv6 Lease Options
Figure 247
Select one object OK
Cancel
10.4.6 Add/Edit DHCP Extended Options
Configuration >
Network > Interface > Ethernet > Edit DHCP Server DHCP Setting Add
Edit Extended Options
Figure 248
LABEL DESCRIPTION
User Defined
Option
User Defined
Option
User Defined Option
User Defined
TFTP Server Name
(66) TEXT
Time Server (4) NTP Server (41) SIP Server (120) CAPWAP AC (138) TFTP
Server (150)
VIVC (124) VIVS (125)
VIVC (124)
VIVS (125)
Cancel
OPTION NAME CODE DESCRIPTION
LABEL DESCRIPTION
10.5 PPP Interfaces
Figure 249
10.5.1 PPP Interface Summary
Configuration > Network
Interface PPP
Figure 250
LABEL DESCRIPTION
System Default
User Configuration System Default
Edit
Remove
Activate
Inactivate
Connect
Dial-on-Demand
Disconnect
References
10.5.2 PPP Interface Add or Edit
Configuration
System IPv6
Add Edit
Apply
Reset
LABEL DESCRIPTION
Figure 251
LABEL DESCRIPTION
Create new Object
Show Advanced Settings Hide Advanced Settings
Use Fixed IP Address
Use Fixed IP Address
References
OK
Client
N/A
LABEL DESCRIPTION
References
icmp
tcp
LABEL DESCRIPTION
10.6 Cellular Configuration Screen
3G
4G
Check Method tcp
WAN TRUNK
Policy Route
OK
Cancel
LABEL DESCRIPTION
Configuration > Network > Interface Cellular
NAME TYPE
MOBILE PHONE AND DATA STANDARDS
DATA
SPEED
GSM-BASED CDMA-BASED
Figure 252
LABEL DESCRIPTION
Edit
Remove
Activate
Inactivate
Connect
Disconnect
References
10.6.1 Cellular Choose Slot
Configuration > Network > Interface Cellular > Add
Edit
Add Cellular configuration
10.6.2 Add / Edit Cellular Configuration
Apply
Reset
LABEL DESCRIPTION
Figure 253
LABEL DESCRIPTION
none
Device
Profile 1
Custom
Device Custom
None:
CHAP
PAP
None
Device
None
Device
None
Device
LABEL DESCRIPTION
icmp
tcp
Check Method tcp
WAN TRUNK
Policy Route
Use Fixed IP Address
LABEL DESCRIPTION
auto
GPRS / EDGE (GSM) only
UMTS / HSDPA (WCDMA) only
LTE only
Home
Auto
Download
Upload
Download/Upload
LABEL DESCRIPTION
10.7 Tunnel Interfaces
GRE Tunneling
Figure 254
None Log Log-alert
Log Log-alert recurring every
Allow Disallow
Keep Drop
New connection Allow Current connection Drop
New connection Disallow Current connection Keep
None Log
Log-alert Log Log-alert
recurring every
OK
Cancel
LABEL DESCRIPTION
IPv6 Over IPv4 Tunnels
Figure 255
IPv6-in-IPv4 Tunneling
Figure 256
6to4 Tunneling
Figure 257
10.7.1 Configuring a Tunnel
Network
Interface Tunnel
Figure 258
Internet
IPv6
IPv4
IPv6
IPv6
LABEL DESCRIPTION
Edit
10.7.2 Tunnel Add or Edit Screen
Configuration > Network > Interface > Tunnel >
Add Edit
Remove
Activate
Inactivate
References
Remote Gateway Address
GRE IPv6-in-IPv4 6to4
Apply
Reset
LABEL DESCRIPTION
Figure 259
LABEL DESCRIPTION
x x
GRE IPv6-in-IPv4 6to4
Relay Router
6to4 Prefix
6to4 Prefix
LABEL DESCRIPTION
Automatic 6to4
icmp
tcp
Check Method tcp
OK
Cancel
LABEL DESCRIPTION
10.8 VLAN Interfaces
Figure 260
A B C
Figure 261
A B
VLAN Interfaces Overview
10.8.1 VLAN Summary Screen
Configuration System IPv6
Configuration > Network > Interface
VLAN
Figure 262
10.8.2 VLAN Add/Edit
Edit Add
LABEL DESCRIPTION
Configuration IPv6 Configuration
Edit
Remove
Activate
Inactivate
Create
Virtual Interface
References
STATIC
DHCP
Apply
Reset
Figure 263
LABEL DESCRIPTION
internal
external
general
Configuration > BWM
Use Fixed IP Address
Use Fixed IP Address
Use Fixed IP Address
IGMP Upstream
IGMP Downstream
LABEL DESCRIPTION
References
OK
N/A
Client
Server
Relay
LABEL DESCRIPTION
Client
References
Server
Client
Relay
Relay
Low Medium High
LABEL DESCRIPTION
References
OK
LABEL DESCRIPTION
icmp
tcp
Check Method tcp
any one
all
None
DHCP Relay
DHCP Server
DHCP Relay
DHCP Server
Add Static DHCP
Pool Size
LABEL DESCRIPTION
Subnet Mask Subnet Mask
IP Pool Start Address
IP Pool Start Address
Custom Defined
From ISP
Zyxel Device
DHCP Server
Custom Defined
infinite
days, hours, and minutes
DHCP server
IP Pool Start Address Pool Size
LABEL DESCRIPTION
Monitor System Status DHCP Table
Export
Monitor System Status DHCP Table
Browse Upload
BiDir
In-Only
Out-Only
1 2 1 and 2
1 2 1 and 2
None
LABEL DESCRIPTION
Same-as-Area
None
Text
MD5
Authentication Text
Authentication MD5
Authentication MD5
Interface Properties External General
Add IPv4 Address IPv4 CIDR IPv4
Range
IPv4 Address
Remove
WAN TRUNK
Policy Route
LABEL DESCRIPTION
10.9 Bridge Interfaces
Bridge Overview
OK
Cancel
LABEL DESCRIPTION
MAC ADDRESS PORT
Bridge Interface Overview
10.9.1 Bridge Summary
Configuration System IPv6
Configuration Network Interface
Bridge
MAC ADDRESS PORT
IP ADDRESS(ES) DESTINATION IP ADDRESS(ES) DESTINATION
Figure 264
LABEL DESCRIPTION
Configuration IPv6 Configuration
Edit
Remove
Activate
Inactivate
Create Virtual Interface
References
STATIC
DHCP
Apply
Reset
10.9.2 Bridge Add/Edit
Add Edit
Bridge Summary
Figure 265
LABEL DESCRIPTION
internal
external
general
x x
>>
<<
Use Fixed IP Address
Use Fixed IP Address
Use Fixed IP Address
IGMP Upstream
IGMP Downstream
LABEL DESCRIPTION
References
OK
N/A
Client
Server
Relay
Client
LABEL DESCRIPTION
References
Server
Client
Relay
Relay
Low Medium High
LABEL DESCRIPTION
References
OK
None
DHCP Relay
DHCP Server
DHCP Relay
LABEL DESCRIPTION
DHCP Server
Add Static DHCP
Pool Size
Subnet Mask Subnet Mask
IP Pool Start Address
IP Pool Start Address
Custom Defined
From ISP
Zyxel Device
DHCP Server
Custom Defined
infinite
days, hours, and minutes
DHCP server
LABEL DESCRIPTION
DHCP Server
IP Pool Start Address Pool Size
icmp
tcp
LABEL DESCRIPTION
10.10 VTI
Check Method tcp
any one
all
Add IPv4 Address IPv4 CIDR IPv4
Range
IPv4 Address
Remove
WAN TRUNK
Policy Route
OK
Cancel
LABEL DESCRIPTION
Figure 266
10.10.1 Restrictions for IPSec Virtual Tunnel Interface
10.10.2 VTI Screen
Configuration > Network > Interface > VTI
Figure 267
10.10.3 VTI Add/Edit
VPN Tunnel Interface
Add Edit Network > Interface > VTI
LABEL DESCRIPTION
Edit
Remove
Activate
Inactivate
References
VPN Tunnel Interface
Apply
Reset
Figure 268
LABEL DESCRIPTION
VPN Tunnel Interface
VPN Tunnel Interface
IGMP Upstream
IGMP Downstream
vpn-rule
icmp
tcp
Check Method tcp
LABEL DESCRIPTION
BiDir
In-Only
Out-Only
1 2 1 and 2
1 2 1 and 2
None
Same-as-Area
None
Text
MD5
Authentication Text
Authentication MD5
Authentication MD5
WAN TRUNK
Policy Route
OK
Cancel
LABEL DESCRIPTION
10.11 Trunk Overview
Trunk
Add Trunk
Add System Default
10.11.1 What You Need to Know
A B B
A
A
A
Load Balancing Algorithms
Least Load First
Figure 269
Weighted Round Robin
INTERFACE
OUTBOUND
LOAD BALANCING INDEX
(M/A)
AVAILABLE (A) MEASURED (M)
Figure 270
Spillover
Figure 271
10.12 The Trunk Summary Screen
Configuration > Network > Interface > Trunk Trunk
Figure 272
LABEL DESCRIPTION
10.12.1 Configuring a User-Defined Trunk
Configuration > Network > Interface > Trunk User Configuration Add Edit
following
Figure 273
SYSTEM_DEFAULT_WAN_TRUNK
User Configuration
Edit
Remove
References
LABEL DESCRIPTION
LABEL DESCRIPTION
Weighted Round Robin
Least Load First
Spillover
Least Load First Spillover
Outbound Inbound Outbound + Inbound
Add
Edit
Remove
Move
Active
Passive
10.12.2 Configuring the System Default Trunk
Configuration > Network > Interface > Trunk System Default
Edit following
Figure 274
OK
Cancel
LABEL DESCRIPTION
10.13 Interface Technical Reference
LABEL DESCRIPTION
Weighted Round Robin
Least Load First
Spillover
Active
Passive
OK
Cancel
IP Address Assignment
Figure 275
IP ADDRESS(ES) DESTINATION
IP ADDRESS(ES) DESTINATION
Interface Parameters
DHCP Settings
WINS
PPPoE/PPTP/L2TP Overview
START IP ADDRESS POOL SIZE RANGE OF ASSIGNED IP ADDRESS
C
HAPTER
11
Routing
11.1 Policy and Static Routes Overview
A
A R1
R2
R3
Figure 276
11.1.1 What You Can Do in this Chapter
Policy Route
Static Route
11.1.2 What You Need to Know
Policy Routing
How You Can Use Policy Routing
WAN
Static Routes
Policy Routes Versus Static Routes
DiffServ
DSCP Marking and Per-Hop Behavior
11.2 Policy Route Screen
Configuration > Network > Routing Policy Route
Configuration System IPv6
Figure 277
LABEL DESCRIPTION
IPv4 Configuration IPv6 Configuration
Add
Edit
Remove
Activate
Inactivate
Move
11.2.1 Policy Route Edit Screen
Configuration > Network > Routing Policy Route Add Edit
IPv4 Configuration IPv6 Configuration Add Policy Route Policy Route Edit
Address Translation
any
none
any
any
any
default
af af
any
any
preserve
default
af af
none
Apply
Reset
LABEL DESCRIPTION
Figure 278
Figure 279
LABEL DESCRIPTION
Auto Destination Address
User Define
any
default
af af
User Define
none
Auto
Gateway
Gateway
VPN Tunnel
Trunk
Interface
Gateway Type
VPN Tunnel Type
VPN Tunnel Type
Trunk Type
Interface Type
LABEL DESCRIPTION
User Define
af af
preserve
default
none
outgoing-interface
Create new Object
Interface Trunk Type
Interface Gateway
Type
OK
Cancel
LABEL DESCRIPTION
11.3 IP Static Route Screen
Configuration > Network > Routing > Static Route Static Route
Configuration System IPv6
Figure 280
11.3.1 Static Route Add/Edit Screen
Add Edit
LABEL DESCRIPTION
IPv4 Configuration IPv6 Configuration
Edit
Remove
Figure 281
Figure 282
LABEL DESCRIPTION
Subnet Mask
Prefix Length
Gateway IP
Interface Prefix Length
Destination IP
Gateway IP Interface
OK
Cancel
11.4 Policy Routing Technical Reference
NAT and SNAT
Assured Forwarding (AF) PHB for DiffServ
Maximize Bandwidth Usage
11.5 Routing Protocols Overview
CLASS 1 CLASS 2 CLASS 3 CLASS 4
RIP
OSPF
OSPF Area Add/Edit
BGP
11.5.1 What You Need to Know
11.6 The RIP Screen
Authentication
redistribute
Metric
RIP
Configuration > Network Routing > RIP
RIP OSPF
Figure 283
LABEL DESCRIPTION
None
Text
MD5
Authentication Text
Authentication MD5
Authentication MD5
11.7 The OSPF Screen
OSPF Areas
Figure 284
OSPF Routers
SOURCE \ TYPE OF AREA NORMAL NSSA STUB
Figure 285
Virtual Links
Figure 286
OSPF Configuration
11.7.1 Configuring the OSPF Screen
OSPF Add/Edit
Configuration > Network Routing > OSPF
Figure 287
LABEL DESCRIPTION
Default
User Defined
User Define.
Normal NSSA Stub
Type 1 Type 2
Type 1 Metric
Type 2 Metric
11.7.2 OSPF Area Add/Edit Screen
OSPF Area Add/Edit
OSPF Add
Edit
Figure 288
Type
Edit
Remove
References
Refresh
Type
LABEL DESCRIPTION
LABEL DESCRIPTION
Normal
Stub
NSSA
None
Text
MD5
Authentication Text
Authentication MD5
Authentication MD5
Type Normal
Edit
Remove
11.7.3 Virtual Link Add/Edit Screen
Virtual Link Add/Edit
Add Edit
Figure 289
Same as Area
None
Text
MD5
Same as Area Authentication
OK
Cancel
LABEL DESCRIPTION
11.8 BGP (Border Gateway Protocol)
Figure 290
LABEL DESCRIPTION
Same as Area
None
Text
MD5
Same as Area Authentication
Authentication Text
Authentication MD5
Authentication MD5
OK
Cancel
11.8.1 Allow BGP Packets to Enter the Zyxel Device
Configuration > Object > Service > Service Group
Default_Allow_WAN_To_ZyWALL Edit
Available Member
OK
Figure 291
11.8.2 Configuring the BGP Screen
Configuration > Network Routing > BGP
Figure 292
LABEL DESCRIPTION
Connected
Edit
Remove
Edit
11.8.3 The BGP Neighbors Screen
Configuration > Network Routing > BGP > Add Neighbors
Figure 293
Remove
LABEL DESCRIPTION
LABEL DESCRIPTION
11.8.4 Example Scenario
11.8.4.1 Scenario: CE - PE (MLPS)
CE PE
MPLS
CE
PE
MPLS:
Gateway
Interface
None
Keepalive Time
Keepalive
Time Hold Time
Hold Time
Keepalive Time
OK
Cancel
LABEL DESCRIPTION
Figure 294
11.8.4.2 CE - PE Configuration Process
Configuration > Network Routing > BGP
Configuration > Network Routing > BGP > Add Neighbors
C
HAPTER
12
DDNS
12.1 DDNS Overview
12.1.1 What You Can Do in this Chapter
DDNS
DDNS Add/Edit
12.1.2 What You Need to Know
PROVIDER SERVICE TYPES SUPPORTED WEBSITE
12.2 The DDNS Screen
DDNS
Configuration > Network > DDNS
Figure 295
LABEL DESCRIPTION
Edit
Remove
Activate
Inactivate
from interface
auto detected
custom
from interface
auto detected
custom
12.2.1 The Dynamic DNS Add/Edit Screen
DDNS Add/Edit
Configuration > Network > DDNS Add
Edit
Figure 296
LABEL DESCRIPTION
Figure 297
LABEL DESCRIPTION
User custom DYNDNS Server
URL Additional DDNS Options
Backup Binding Address
Any
Interface
Primary Binding Address Interface
Auto
Custom
IP Address Custom
Primary Binding Interface
Any None
Interface
Backup Binding Address Interface
Auto
Custom
IP Address Custom
LABEL DESCRIPTION
User custom DDNS Type
User custom DDNS Type
User custom DDNS Type
OK
Cancel
LABEL DESCRIPTION
C
HAPTER
13
NAT
13.1 Overview
Network > NAT
13.2 NAT Overview
A
B C
Figure 298
13.2.1 What You Can Do in this Chapter
NAT
13.2.2 What You Need to Know
Well-known Ports
PORT TCP/UDP DESCRIPTION
13.3 The NAT Screen
NAT
Configuration > Network > NAT
Figure 299
LABEL DESCRIPTION
SiteToSite VPN 1-1 SNAT
(SiteToSite VPN Static-Dynamic Route 1-1 SNAT)
Edit
Remove
Activate
Inactivate
Move
Virtual Server 1:1 NAT Many 1:1
NAT
13.3.1 The NAT Add/Edit Screen
NAT Add/Edit
NAT Add Edit
Figure 300
any
any
any
LABEL DESCRIPTION
LABEL DESCRIPTION
Virtual Server
1:1 NAT
Many 1:1 NAT -
any
User Defined User Defined
Internal IP
any
User Defined User Defined
External IP User Defined
Many 1:1 NAT
User Defined User Defined
Internal IP User Defined
Many 1:1 NAT
Original IP
Any
Port
Ports
Service Object > Service > Service
Service-Group
Object > Service > Service Group
Mapping Type Port Ports TCP UDP Any
Mapping Type Port
Mapping Type Port
Mapping Type Ports
Mapping Type Ports
Mapping Type Ports
Mapping Type Ports
Incoming Interface External IP
Internal IP Internal IP
Internal IP
LABEL DESCRIPTION
User-Defined External IP
External Port
OK No
13.4 NAT Technical Reference
NAT Loopback
Security Policy
OK
Cancel NAT
LABEL DESCRIPTION
Figure 301
Figure 302
Figure 303
C
HAPTER
14
Redirect Service
14.1 Overview
14.1.1 HTTP Redirect
A DMZ
LAN1
A A
A
Figure 304
14.1.2 SMTP Redirect
A lan2
LAN2 lan1 LAN1
A A
Figure 305
14.1.3 What You Can Do in this Chapter
Redirect Service
14.1.4 What You Need to Know
Web Proxy Server
HTTP Redirect, Security Policy and Policy Route
lan1 dmz
lan1 dmz
lan1 A
dmz wan1
dmz wan1
A
SMTP
SMTP Redirect, Firewall and Policy Route
lan1 lan2
lan1 lan2
lan1 A
lan2 wan1
lan2 wan1
A
14.2 The Redirect Service Screen
Configuration > Network > HTTP Redirect
Figure 306
LABEL DESCRIPTION
Edit
Remove
Activate
Inactivate
Move
14.2.1 The Redirect Service Edit Screen
Network > Redirect Service Redirect Service Add Edit
Redirect Service Edit
Figure 307
any
Apply
Reset
LABEL DESCRIPTION
LABEL DESCRIPTION
HTTP Redirect SMTP redirect.
any
OK
Cancel
LABEL DESCRIPTION
C
HAPTER
15
ALG
15.1 ALG Overview
1 2 A B
Figure 308
15.1.1 What You Need to Know
Application Layer Gateway (ALG), NAT and Security Policy
FTP ALG
H.323 ALG
Figure 309
SIP ALG
Configuration > BWM
Peer-to-Peer Calls and the Zyxel Device
VoIP Calls from the WAN with Multiple Outgoing Calls
A
1 A
1
B C 2 A
B C
Figure 310
VoIP with Multiple WAN IP Addresses
A
1
B 2
A
B 2
Figure 311
15.1.2 Before You Begin
15.2 The ALG Screen
Configuration > Network > ALG ALG
Figure 312
LABEL DESCRIPTION
15.3 ALG Technical Reference
Add
Apply
Reset
LABEL DESCRIPTION
ALG
ALG and Trunks
FTP
H.323
SIP
RTP
C
HAPTER
16
UPnP
16.1 UPnP and NAT-PMP Overview
16.2 What You Need to Know
16.2.1 NAT Traversal
16.2.2 Cautions with UPnP and NAT-PMP
16.3 UPnP Screen
Configuration > Network > UPnP
Figure 313
16.4 Technical Reference
16.4.1 Turning on UPnP in Windows 7 Example
Control Panel Network and Sharing Center.
LABEL DESCRIPTION
Available
Member Member
Apply
Reset
Change Advanced Sharing Settings
Turn on network discovery Save Changes
16.4.1.1 Auto-discover Your UPnP-enabled Network Device
Windows Explorer Network
Properties
Figure 314
Internet Connection Properties Settings
Figure 315
Add
Figure 316
Figure 317
OK
Figure 318
Open Network and Sharing Center Local Area Network
Figure 319
16.4.2 Turn on UPnP in Windows 10 Example
Network Setting > Home Networking > UPnP
Settings Network & Internet
Network and Sharing Center
Change advanced sharing settings
Domain Turn on network discovery Save Changes
16.4.3 Auto-discover Your UPnP-enabled Network Device
File Explorer Network
Properties
Figure 320
Internet Connection Properties Settings
Figure 321
Add
Figure 322
Figure 323
OK
Figure 324
Open Network & Internet settings Network and Sharing Center
Connections
Figure 325
16.4.4 Web Configurator Easy Access in Windows 7
Windows Explorer
Network
Figure 326
Network Infrastructure
View device webpage
Figure 327
Properties Network Device
Figure 328
16.4.5 Web Configurator Easy Access in Windows 10
File Explorer
Network
Figure 329
Network Infrastructure
View device webpage
Figure 330
Properties Network Device
Figure 331
C
HAPTER
17
IP/MAC Binding
17.1 IP/MAC Binding Overview
Figure 332
17.1.1 What You Can Do in this Chapter
Summary Edit
Exempt List
17.1.2 What You Need to Know
DHCP
Interfaces Used With IP/MAC Binding
17.2 IP/MAC Binding Summary
Configuration > Network > IP/MAC Binding IP/MAC Binding Summary
Figure 333
LABEL DESCRIPTION
Edit
Activate
Inactivate
17.2.1 IP/MAC Binding Edit
Configuration > Network > IP/MAC Binding > Edit IP/MAC Binding Edit
Figure 334
Apply
Reset
LABEL DESCRIPTION
LABEL DESCRIPTION
Edit
17.2.2 Static DHCP Edit
Configuration > Network > IP/MAC Binding > Edit IP/MAC Binding Edit
Add Edit
Figure 335
Remove
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
OK
Cancel
17.3 IP/MAC Binding Exempt List
Configuration > Network > IP/MAC Binding > Exempt List IP/MAC Binding Exempt List
Figure 336
LABEL DESCRIPTION
Edit
Remove
Add
Remove
Apply
C
HAPTER
18
Layer 2 Isolation
18.1 Overview
C
D C
B A
Figure 337
18.1.1 What You Can Do in this Chapter
General
Allow List
18.2 Layer-2 Isolation General Screen
Configuration > Network > Layer 2 Isolation
Figure 338
18.3 Allow List Screen
Configuration > Network > Layer 2 Isolation > Allow List
LABEL DESCRIPTION
Available
Member Member
Apply
Reset
Figure 339
18.3.1 Add/Edit Allow List Rule
Add Edit
LABEL DESCRIPTION
Activate
Inactivate
Apply
Reset
Figure 340
LABEL DESCRIPTION
OK
Cancel
C
HAPTER
19
DNS Inbound LB
19.1 DNS Inbound Load Balancing Overview
A D
D Z
B
Figure 341
19.1.1 What You Can Do in this Chapter
Inbound LB
Inbound LB Add/Edit
1
2
3
1
2
3
19.2 The DNS Inbound LB Screen
Inbound LB
Configuration > Network > Inbound LB
Figure 342
LABEL DESCRIPTION
Edit
Remove
Activate
Inactivate
Move
19.2.1 The DNS Inbound LB Add/Edit Screen
Add DNS Load Balancing
Query From
Configuration > Network > Inbound LB Add Edit
Weighted Round Robin
Least Connection
Least Load - Outbound
Least Load - Inbound
Least Load - Total
LABEL DESCRIPTION
Figure 343
LABEL DESCRIPTION
19.2.2 The DNS Inbound LB Add/Edit Member Screen
Add Load Balancing Member
Configuration > Network > DNS Inbound LB > Add or Edit Add Edit
Weighted Round Robin
Least Connection
Least Load - Outbound
Least Load - Inbound
Least Load - Total
Edit
Remove
Weighted Round Robin
OK
Cancel
LABEL DESCRIPTION
Figure 344
LABEL DESCRIPTION
Static Dynamic
DHCP Client
Weighted Round Robin
Monitor Interface
OK
Cancel
C
HAPTER
20
IPSec VPN
20.1 Virtual Private Networks (VPN) Overview
IPSec VPN
X
Y A B
Figure 345
Internet Key Exchange (IKE): IKEv1 and IKEv2
Main Mode
Aggressive Mode Main Mode Aggressive Mode
VPN Connection VPN Gateway
SSL VPN
Figure 346
L2TP VPN
Figure 347
20.1.1 What You Can Do in this Chapter
VPN Connection
VPN Gateway
VPN Concentrator
Configuration Provisioning
20.1.2 What You Need to Know
Figure 348
A B
A B
X Y
X Y
Application Scenarios
Finding Out More
SITE-TO-SITE
SITE-TO-SITE WITH
DYNAMIC PEER
REMOTE ACCESS
(SERVER ROLE)
REMOTE ACCESS
(CLIENT ROLE)
VPN TUNNEL
INTERFACE
20.1.3 Before You Begin
20.2 The VPN Connection Screen
Configuration > VPN > IPSec VPN VPN Connection VPN Connection
Figure 349
LABEL DESCRIPTION
Edit
Remove
Activate
Inactivate
Connect
Disconnect
20.2.1 The VPN Connection Add/Edit Screen
VPN Connection Add/Edit Gateway
Configuration > VPN Connection
Add Edit
References
Apply
Reset
LABEL DESCRIPTION
Figure 350
LABEL DESCRIPTION
Custom Size
Auto
VPN Gateway VPN
Tunnel Interface
Narrowed
Site-to-site
Site-to-site with Dynamic Peer
Remote Access (Server Role)
Remote Access (Client Role)
VPN Tunnel Interface
Configuration > Network > Interface > VTI
Create Object
Create new Object
Create new Object
Remote Access (Server Role) VPN Gateway
Remote
Access (Server Role)
LABEL DESCRIPTION
AH
AH
Authentication
ESP AH
ESP Encryption
Authentication
AH ESP
Tunnel
Transport
LABEL DESCRIPTION
Active Protocol ESP
NULL
DES
3DES
AES128
AES192
AES256
SHA1 SHA256 SHA512 MD5 MD5
none
DH1
DH2
DH5
DH14
icmp
tcp
LABEL DESCRIPTION
Check Method tcp
any one
all
Create
Object
Source
SNAT
Create Object
Create
Object
Source
SNAT
Create
Object
Source
SNAT
Create Object
Create
Object
Source
SNAT
LABEL DESCRIPTION
20.3 The VPN Gateway Screen
VPN Gateway
Configuration > VPN Network IPSec VPN VPN Gateway
Add
Move
TCP UDP All
TCP UDP
TCP UDP
OK
Cancel
LABEL DESCRIPTION
Figure 351
LABEL DESCRIPTION
Edit
Remove
Activate
Inactivate
References
IKEv1 IKEv2 IKEv1
IKEv2
Apply
Reset
20.3.1 The VPN Gateway Add/Edit Screen
VPN Gateway Add/Edit
VPN Gateway summary
Add Edit
Figure 352
LABEL DESCRIPTION
IKEv1 IKEv2 IKEv1
Interface
Domain Name / IP
Static Address
Fall back to Primary Peer Gateway when possible
Fallback Check Interval
Dynamic Address
unmasked
My Certificates
Trusted Certificates
User-Based PSK
IPv4 IPv6
DNS
E-mail
LABEL DESCRIPTION
Local ID Type
IP
My Address
Local ID Type
DNS
E-mail
IP
DNS
E-mail
Any
Subject Name
LABEL DESCRIPTION
Peer ID Type Any
Peer ID Type
IP
DNS
E-mail
IP
DNS
E-mail
Subject Name
Peer ID Type IP
Secure Gateway
Address
Peer ID Type
Main
Aggressive
LABEL DESCRIPTION
DES
3DES
AES128
AES192
AES256
SHA1 SHA256 SHA512 MD5 MD5
x
DH1
DH2
DH5
DH14
LABEL DESCRIPTION
X-Auth IKEv1 Extended Authentication
Protocol IKEv2
User Name
Password
Client Mode
Client Mode
IKEv2
Allowed User
LABEL DESCRIPTION
20.4 VPN Concentrator
Figure 353
1
2
User Name
Password
Client Mode
Client Mode
Object Auth. Method Two-factor Authentication
VPN Access
Show Advanced Settings IKEv1 IKE Version X-Auth IPSec
VPN Add VPN Gateway Mode Config IPSec VPN Add VPN Connection
Show Advanced Settings IKEv2 IKE Version Extended
Authentication Protocol IPSec VPN Add VPN Gateway Configuration
Payload IPSec VPN Add VPN Connection
Configuration VPN L2TP VPN
OK
Cancel
LABEL DESCRIPTION
B C D E A
20.4.1 VPN Concentrator Requirements and Suggestions
20.4.2 VPN Concentrator Screen
VPN Concentrator
Configuration > VPN IPSec VPN Concentrator
Figure 354
20.4.3 The VPN Concentrator Add/Edit Screen
VPN Concentrator Add/Edit
VPN Concentrator summary Add
Edit
Figure 355
LABEL DESCRIPTION
LABEL DESCRIPTION
Available
Member
20.5 Zyxel Device IPSec VPN Client Configuration
Provisioning
Configuration > VPN > IPSec VPN > Configuration Provisioning
not
AH
NULL
SHA512
Quick Setup VPN Settings for Configuration Provisioning
OK
Cancel
LABEL DESCRIPTION
Figure 356
LABEL DESCRIPTION
default Object > Auth Method.
Object > User/Group
VPN
Connection Allowed User
VPN Connection Allowed
User
20.6 IPSec VPN Background Information
IKE SA Overview
Add
Add
Add
Move
Edit
Remove
Activate Enable Configuration Provisioning
Inactivate
Move Move
Apply
Enable Configuration Provisioning
Upload Bandwidth Limit
Upload Bandwidth Limit
admin limited-admin
6in4
4in6
4in4
Apply
Reset
LABEL DESCRIPTION
IP Addresses of the Zyxel Device and Remote IPSec Router
IKE SA Proposal
Figure 357
Diffie-Hellman (DH) Key Exchange
Figure 358
Authentication
Figure 359
ZYXEL DEVICE REMOTE IPSEC ROUTER
Any
Additional Topics for IKE SA
Negotiation Mode
VPN, NAT, and NAT Traversal
A X Y
ZYXEL DEVICE REMOTE IPSEC ROUTER
Figure 360
A X Y
A A
A X Y
X Y
A X Y
X-Auth / Extended Authentication
Certificates
IPSec SA Overview
Local Network and Remote Network
Active Protocol
Encapsulation
Figure 361
Original Packet
IPSec SA Proposal and Perfect Forward Secrecy
Additional Topics for IPSec SA
Authentication and the Security Parameter Index (SPI)
Transport Mode Packet
Tunnel Mode Packet
Figure 361
NAT for Inbound and Outbound Traffic
Figure 362
Source Address in Outbound Packets (Outbound Traffic, Source NAT)
M
B
M M
M
B
A
Source Address in Inbound Packets (Inbound Traffic, Source NAT)
B
A
Destination Address in Inbound Packets (Inbound Traffic, Destination NAT)
A
B
A
IPSec VPN Example Scenario
Figure 363
C
HAPTER
21
SSL VPN
21.1 Overview
21.1.1 What You Can Do in this Chapter
VPN > SSL VPN > Access Privilege
VPN > SSL VPN Global Setting
21.1.2 What You Need to Know
Full Tunnel Mode
Figure 364
SSL Access Policy
SSL Access Policy Objects
21.2 The SSL Access Privilege Screen
VPN > SSL VPN Access Privilege
Figure 365
OBJECT TYPE
OBJECT
SCREEN
DESCRIPTION
21.2.1 The SSL Access Privilege Policy Add/Edit Screen
Add Edit Access Privilege
LABEL DESCRIPTION
Add
Edit
Remove
Activate
Inactivate
Move
References
Apply
Reset
Figure 366
LABEL DESCRIPTION
21.3 The SSL Global Setting Screen
VPN > SSL VPN Global Setting
Selectable User/Group Objects
Selected User/Group Objects
Selected User/Group Objects
Network List
Selectable Address
Objects Selected Address Objects
Selected Address Objects
OK Access Privilege
Cancel Access Privilege
LABEL DESCRIPTION
LABEL DESCRIPTION
Apply
Reset
C
HAPTER
22
L2TP VPN
22.1 Overview
Figure 367
22.1.1 What You Can Do in this Chapter
L2TP VPN
VPN Setup Wizard Quick Setup
22.1.2 What You Need to Know
IPSec Configuration Required for L2TP VPN
Pre-Shared Key
Secure Gateway 0.0.0.0
Using the Quick Setup VPN Setup Wizard
VPN Setup Wizard
Configuration Quick Setup VPN Setup VPN Settings for L2TP VPN Settings
Policy Route
Quick Setup VPN
Setup Allow L2TP traffic through WAN
Figure 368
22.2 L2TP VPN Screen
Configuration > VPN > L2TP VPN
Figure 369
LABEL DESCRIPTION
Create new Object
My Certificates
22.2.1 Example: L2TP and Zyxel Device Behind a NAT Router
Figure 370
Configuration > Object > Address/GEO IP > Address
Create new Object
any
Custom Defined
From ISP
Apply
Reset
LABEL DESCRIPTION
Configuration > VPN > IPSec VPN > VPN Connection Add IPv4 Configuration
Remote Access (Server Role)
Local Policy
Configuration > VPN > L2TP VPN VPN Connection
C
HAPTER
23
BWM (Bandwidth
Management)
23.1 Overview
23.1.1 What You Can Do in this Chapter
BWM
23.1.2 What You Need to Know
BWM Type
Shared Per user Per-Source-IP
Shared
Per user
Per-Source-IP
Per user
A B C
Figure 371
DiffServ and DSCP Marking
Connection and Packet Directions
Figure 372
Outbound and Inbound Bandwidth Limits
Figure 373
Bandwidth Management Priority
Maximize Bandwidth Usage
Bandwidth Management Behavior
A B
A
B
Figure 374
Configured Rate Effect
POLICY CONFIGURED RATE MAX. B. U. PRIORITY ACTUAL RATE
Priority Effect
A
B
Maximize Bandwidth Usage Effect
A
B
A B
Priority and Over Allotment of Bandwidth Effect
A
B
23.2 The Bandwidth Management Configuration
Configuration > BWM
POLICY CONFIGURED RATE MAX. B. U. PRIORITY ACTUAL RATE
POLICY CONFIGURED RATE MAX. B. U. PRIORITY ACTUAL RATE
POLICY CONFIGURED RATE MAX. B. U. PRIORITY ACTUAL RATE
Figure 375
LABEL DESCRIPTION
Add
Activate
Inactivate
Move
default
Shared
Per User
Per-Source-IP
any
none
any
any
any
default
af af
App Application Object
Application Object
Obj Service Object
Service Object
In
no
Out
no
Pri Pri Pri
In
Out
preserve
default
af af
LABEL DESCRIPTION
23.2.1 The Bandwidth Management Add/Edit Screen
Configuration > Bandwidth Management Add/Edit
802.1P Marking
Priority Code
Configuration > Bandwidth Management
Add Edit
Apply
Reset
LABEL DESCRIPTION
TPID Priority VID
Figure 376
Figure 377
LABEL DESCRIPTION
Create new Object
any
Create Object
none
Create new Object
any
Create new Object
any
User Defined
any
default
af af
Service Object
any
Application Object
BitTorrent
User Defined
af
af
preserve
default
0
0
LABEL DESCRIPTION
23.2.1.1 Adding Objects for the BWM Policy
User Schedule Address Configuration BWM
Add Create New Object Add User
BWM Type Shared
Maximize Bandwidth Usage
log log alert
no
OK
Cancel
LABEL DESCRIPTION
Figure 378
LABEL DESCRIPTION
Figure 379
Use Default
Lease Time
Reauthentication Time
LABEL DESCRIPTION
Figure 380
LABEL DESCRIPTION
One
Time or Recurring.
LABEL DESCRIPTION
C
HAPTER
24
Web Authentication
24.1 Web Auth Overview
Figure 381
24.1.1 What You Can Do in this Chapter
Configuration > Web Authentication
Configuration > Web Authentication > SSO
24.1.2 What You Need to Know
Single Sign-On
Forced User Authentication
Login Login
Login
Google Authentication
Summary of User Authentication Methods
CLIENT
SINGLE SIGN-
ON
GOOGLE
AUTHENTICATOR
USER AUTHENTICATION STEPS
24.2 Web Authentication General Screen
Web Authentication General
Figure 382
LABEL DESCRIPTION
User Agreement
Add
Figure 383
Remove
Add
Edit
Remove
Activate
Inactivate
Move
LABEL DESCRIPTION
Creating Exceptional Services
Add Exceptional Services
->
<-
OK Web Authentication
Cancel Web Authentication
Default
none
unnecessary
required
force
n/a Authentication unnecessary
n/a
LABEL DESCRIPTION
Figure 384
Creating/Editing an Authentication Policy
Configuration > Web Authentication > General Add
Edit Web Authentication Policy Summary Auth. Policy
Add/Edit
Figure 385
LABEL DESCRIPTION
any
any
any
any
none
none
unnecessary
required Force User Authentication
default-web-portal
default-user-agreement
OK
Cancel
24.2.1 User-aware Access Control Example
24.2.1.1 Set Up User Accounts
Configuration > Object > User/Group > User Add
User Type ext-user
OK
Figure 386
24.2.1.2 Set Up User Groups
Configuration > Object > User/Group > Group Add
Object Leo
Member OK
Figure 387
24.2.1.3 Set Up User Authentication Using the RADIUS Server
Configuration > Object > AAA Server > RADIUS radius
OK
Figure 388
Configuration > Object > Auth. Method default Add
group radius
OK
Figure 389
Configuration > Web Authentication Web Authentication > General Enable
Web Authentication Apply
Figure 390
Web Authentication Policy Summary Add
Enable Policy Authentication
required Force User Authentication
OK
Figure 391
24.2.1.4 User Group Authentication Using the RADIUS Server
Configuration > Object > AAA Server > RADIUS radius
Group Membership Attribute
Class
Figure 392
Configuration > Object > User/
Group > User Add
User Type ext-group-user Group Identifier
Associated AAA Server Object radius
Figure 393
24.2.2 Authentication Type Screen
Configuration > Web Authentication Authentication Type
Figure 394
LABEL DESCRIPTION
Add
Edit
Remove
Add/Edit an Authentication Type Profile
Add Web Authentication > Authentication Type
Edit Type
Figure 395
System > WWW > Login Page
System Default Page
External Page
Reset
LABEL DESCRIPTION
Figure 396
LABEL DESCRIPTION
User Agreement
Type Web Portal
Configuration > Web Authentication > Web Portal Customize File
Type User Agreement
Idle timeout
Enable Idle Detection
Configuration > Web Authentication > User Agreement Customize File
LABEL DESCRIPTION
24.2.3 Custom Web Portal / User Agreement File Screen
Configuration > Web Authentication Custom Web Portal File Custom User
Agreement File
Figure 397
OK
Cancel
LABEL DESCRIPTION
Figure 398
24.2.4 Facebook Wi-Fi Screen
Configuration > Web Authentication: General
LABEL DESCRIPTION
Remove
Download
Browse... Upload
Configuration > Web Authentication Facebook Wi-Fi
Figure 399
24.2.4.1 How to Configure Facebook for Facebook Wi-Fi
LABEL DESCRIPTION
Apply
Configure
User idle timeout
Apply
Reset
Configure
Create Page
Get Started
Save Settings
24.2.4.2 How to use the Zyxel Device’s Facebook Wi-Fi
Bypass Mode Require
Wi-Fi code
Continue Browsing
24.3 SSO Overview
U DC
Configuration > Web Authentication
Figure 400
24.4 SSO - Zyxel Device
Configuration
ZYXEL DEVICE SSO
SCREEN FIELD SCREEN FIELD
24.4.1 Configuration Overview
24.4.2 Configure the Zyxel Device to Communicate with SSO
Configuration > Web Authentication > SSO
SSO
Figure 401
LABEL DESCRIPTION
Gateway Port
Agent Listening Port
24.4.3 Enable Web Authentication
Web Authentication
Enable Policy, Single Sign-On required Authentication
any source address
Agent Listening Port
LABEL DESCRIPTION
24.4.4 Create a Security Policy
Configuration > Security Policy > Policy Control
24.4.5 Configure User Information
User ext-group-user
Group Identifier Group Membership
24.4.6 Configure an Authentication Method
group ad
24.4.7 Configure Active Directory
AAA Setup
Base DN Bind DN
24.5 SSO Agent Configuration
Configure Zyxel SSO Agent
Agent Listening Port AD server
Gateway
Server Address Port Base DN Bind DN Login Name Attribute Group Membership
Group Membership Group
Identifier
Gateway IP Gateway Port PreShareKey
Configuration > Web Authentication > SSO Generate Key
Check PreShareKey
Enable
Zyxel SSO Agent
C
HAPTER
25
Security Policy
25.1 Overview
Figure 402
25.2 One Security
Figure 403
1
2
3
4
Figure 404
1
2
2
3
Figure 405
ONESECURITY ICON SCREEN
3
25.3 What You Can Do in this Chapter
Security Policy Control
Anomaly Detection and Prevention
Session Control
25.3.1 What You Need to Know
Stateful Inspection
Zones
Default Directional Security Policy Behavior
ONESECURITY ICON SCREEN
FROM ZONE TO ZONE BEHAVIOR
To-Device Policies
Device To Zone
From Any To Device
Global Security Policies
from any to any
from any to any
Security Policy Rule Criteria
User Specific Security Policies
FROM ZONE TO ZONE BEHAVIOR
Session Limits
25.4 The Security Policy Screen
Asymmetrical Routes
A
A Subnet 2
Subnet 1
Figure 406
25.4.1 Configuring the Security Policy Control Screen
Configuration > Security Policy > Policy Control Security Policy
Figure 407
LABEL DESCRIPTION
Show Filter
any
Add
Edit
Remove
Activate
Inactivate
Move
Clone
Clone
LABEL DESCRIPTION
25.4.2 The Security Check for Web Interface Screen
Secure It
Default
LAN LAN
any To Zone
any From Zone
any any
ZyWALL
none
deny allow reject
log log alert
no
Apply
Reset
LABEL DESCRIPTION
Figure 408
LABEL DESCRIPTION
25.4.3 The Security Policy Control Add/Edit Screen
Security Policy Control Edit Add Security Policy Edit or Add
Figure 409
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
any
Device
any
any
Configuration Object Device Insight
any
any
any
none
deny
reject
allow
log log alert no
25.5 Anomaly Detection and Prevention Overview
Traffic Anomalies
Protocol Anomalies
Configuration > Security Policy > ADP Profile
Configuration > Security Policy > ADP General
25.5.1 The Anomaly Detection and Prevention General Screen
Configuration > Security Policy > ADP > General
Configuration > Security Service
none
Log log log alert no
none
Configuration > Security Service > Content Filter
none
Configuration > Security Service > SSL Inspection
OK
Cancel
LABEL DESCRIPTION
Figure 410
LABEL DESCRIPTION
Add
Priority
Activate
Inactivate
Move
25.5.2 Creating New ADP Profiles
Configuration > Security Policy > ADP > Profile
OK
Configuration > Security Policy > ADP > Profile
Figure 411
From ZyWALL
From LAN
From WAN
LABEL DESCRIPTION
25.5.3 Traffic Anomaly Profiles
Configuration > Security Policy > ADP > Profile Edit Add
Traffic Anomaly
LABEL DESCRIPTION
Configuration > Security Policy
> ADP > Profile
Add none all Base Profile
none Log no Action
none
all Log log Action block
References
Refresh
Clone
Clone
Figure 412
LABELS DESCRIPTION
Activate
Inactivate
Log
log log alert no
Action
none
block
Name
Log
Action
OK
Cancel
Save
OK
LABELS DESCRIPTION
25.5.4 Protocol Anomaly Profiles
Teardrop
IP Spoofing
Figure 413
LABEL DESCRIPTION
Activate
Inactivate
Log
log log alert no
Action
original setting
none
drop
reject-sender
reject-receiver
reject-both
Name
25.5.5 The ADP Allow List Screen
Configuration Security Policy ADP Allow List
Figure 414
Log
Action
OK
Cancel
Save
OK
LABEL DESCRIPTION
LABEL DESCRIPTION
Add
Edit
Remove
Activate
Inactivate
25.5.6 Creating New ADP Allow List Rule
Configuration > Security Policy > ADP > Allow List
Figure 415
Apply
Reset
LABEL DESCRIPTION
LABEL DESCRIPTION
any
any
any
OK
Cancel
25.6 The Session Control Screen
Configuration > Security Policy > Session Control Security Policy Session Control
Figure 416
LABEL DESCRIPTION
25.6.1 The Session Control Add/Edit Screen
Configuration > Security Policy > Session Control Add Edit Add or Edit
Figure 417
Add
Edit
Remove
Activate
Inactivate
Move
Apply
Reset
LABEL DESCRIPTION
25.7 Security Policy Example Applications
Figure 418
LABEL DESCRIPTION
any
any
any
any
Default Session per Host
Security Policy Session Control
OK
Cancel
Figure 419
# USER SOURCE DESTINATION SCHEDULE SERVICE ACTION
# USER SOURCE DESTINATION SCHEDULE SERVICE ACTION
Figure 420
Figure 421
# USER SOURCE DESTINATION SCHEDULE SERVICE ACTION
# USER SOURCE DESTINATION SCHEDULE SERVICE ACTION
C
HAPTER
26
Content Filter
26.1 Overview
26.1.1 What You Can Do in this Chapter
Web Content Filter General
Web Content Filter Trusted Web Sites
Web Content Filter Forbidden Web Sites
DNS Content Filter General
DNS Content Filter Allow List
DNS Content Filter Block List
26.1.2 What You Need to Know
Web Content Filter
Web Content Filtering Process
Web Content Filtering Policies
Web Content Filtering Profiles
Web Content Filtering Configuration Guidelines
External Web Filtering Service
HTTPS Domain Filter
Keyword Blocking URL Checking
DNS Content Filter
DNS Content Filter Process
Finding Out More
26.1.3 Before You Begin
Licensing Registration
26.2 Web Content Filter General Screen
Configuration > Security Service> Content Filter > Web Content Filter> General Web
Content Filter General
Content Filter
Figure 422
LABEL DESCRIPTION
26.2.1 Apply to a Security Policy
Action
Configuration > Security Policy > Policy Control
Redirect URL
References
Configuration > Security Policy > Policy Control
Apply
Reset
LABEL DESCRIPTION
Figure 423
LABEL DESCRIPTION
Show Filter
any
Default
LAN LAN
any To Zone
any From Zone
any any
ZyWALL
none
deny allow reject
log log alert
no
OK
Cancel
LABEL DESCRIPTION
26.2.2 Web Content Filter Add Category Service
Configuration > Security Service > Content Filter > Web Content Filter > General > Add or Edit
Add
Figure 424
LABEL DESCRIPTION
https://www.google.com.tw/?gws_rd=ssl#q=porn&safe=active
Pass
Block
Content Filter General
Log
Pass
Block
Content Filter General
Warn
Log
Pass
Block
Warn
Content Filter Server Unavailable Timeout
Log
Block Warn Log Action for Managed Web
Pages Action for Unrated Web Pages Action When Category Server is
Unavailable
Monitor Log View Log Priority
URL to test
OK
Cancel
LABEL DESCRIPTION
CATEGORY DESCRIPTION
26.2.3 Content Filter Add Filter Profile Custom Service
Configuration > Security Service > Content Filter > Web Content Filter> General > Add or Edit >
Custom Service Custom Service
Figure 425
LABEL DESCRIPTION
Trusted Web Sites
Trusted Web Sites
LABEL DESCRIPTION
26.3 Web Content Filter Trusted Web Sites Screen
Configuration > Security Service > Content Filter > Web Content Filter > Trusted/Forbidden Web
Sites> Trusted Web Sites Trusted Web Sites
Web Content Filter Profiles
Common Trusted Web Sites
OK
Cancel
LABEL DESCRIPTION
Figure 426
26.4 Web Content Filter Forbidden Web Sites Screen
Configuration > Security Service > Content Filter > Web Content Filter > Trusted/Forbidden Web
Sites> Forbidden Web Sites Forbidden Web Sites
Filter Profiles
Common Forbidden Web Sites
LABEL DESCRIPTION
Apply
Reset
Figure 427
26.5 DNS Content Filter General Screen
Configuration > Security Service> Content Filter > DNS Content Filter> General DNS
Content Filter General
LABEL DESCRIPTION
Apply
Reset
Content Filter
Figure 428
LABEL DESCRIPTION
default
custom defined
References
Configuration > Security Policy > Policy Control
Apply
Reset
26.5.1 DNS Content Filter Add Profile
Configuration > Security Service > Content Filter > DNS Content Filter > General > Add or Edit
Add
Figure 429
LABEL DESCRIPTION
pass
redirect
log
alert
none
OK
Cancel
CATEGORY DESCRIPTION
26.6 DNS Content Filter Allow List Screen
Configuration > Security Service > Content Filter > DNS Content Filter > Allow List Allow
List DNS
Content Filter Profiles
Figure 430
LABEL DESCRIPTION
Activate
Inactivate
26.7 DNS Content Filter Block List Screen
Configuration > Security Service > Content Filter > DNS Content Filter > Block List Block
List DNS Content
Filter Profiles
Figure 431
26.8 Content Filter Technical Reference
External Content Filter Server Lookup Procedure
LABEL DESCRIPTION
Activate
Inactivate
Figure 432
Content Filter Cache
C
HAPTER
27
Anti-Spam
27.1 Overview
llow
List Block List
27.1.1 What You Can Do in this Chapter
General Profile
Mail Scan
Block/Allow List
DNSBL
27.1.2 What You Need to Know
Allow List
Block List
SMTP and POP3
E-mail Headers
File > Properties > Details Message Source
E-mail Header Buffer Size
DNSBL
Finding Out More
27.2 Before You Begin
27.3 The Anti-Spam Profile Screen
Configuration > Security Service Anti-Spam Anti-Spam Profile
Figure 433
LABEL DESCRIPTION
Forward Session
Drop Session
Add
References
Refresh
27.3.1 The Anti-Spam Profile Add or Edit Screen
Add Edit Configuration > Security Service Anti-Spam > Profile
Activated Not
Activated Expired
Expired Not Licensed
Buy Standard
Renew
Activate
None
Standard
Trial
Apply
Reset
LABEL DESCRIPTION
Figure 434
LABEL DESCRIPTION
no
log
log alert
27.4 The Mail Scan Screen
Configuration > Security Service Anti-Spam > Mail Scan Mail Scan
Configuration > Security Service Anti-Spam > Profile > Add/Edit
Figure 435
drop
forward
forward with tag
forward
forward with tag
OK
Cancel
LABEL DESCRIPTION
27.5 The Anti-Spam Block List Screen
Configuration > Security Service Anti-Spam > Block/Allow List Anti-Spam Block List
LABEL DESCRIPTION
drop
forward
forward with tag
forward
forward with tag
Actions when Query Timeout
Apply
Reset
Figure 436
LABEL DESCRIPTION
Activate
Inactivate
Apply
Reset
27.5.1 The Anti-Spam Block or Allow List Add/Edit Screen
Block List Allow List Add Edit
Figure 437
LABEL DESCRIPTION
Subject
IP Address
IPv6 Address
E-Mail Address
Mail Header
Subject
IP Address
IPv6 Address
IP
E-Mail
27.5.2 Regular Expressions in Block or Allow List Entries
27.6 The Anti-Spam Allow List Screen
Configuration > Security Service Anti-Spam > Block/Allow List Allow List
Anti-Spam Allow List
Mail Header
Mail Header
OK
Cancel
LABEL DESCRIPTION
Figure 438
LABEL DESCRIPTION
Activate
Inactivate
Apply
Reset
27.7 The DNSBL Screen
Configuration > Security Service > Anti-Spam > DNSBL DNSBL
Figure 439
LABEL DESCRIPTION
first N IPs
last N IPs
27.8 Anti-Spam Technical Reference
DNSBL
drop
forward
forward with tag
forward
forward with tag
Actions when Query Timeout
Activate
Inactivate
Apply
Reset
LABEL DESCRIPTION
Figure 440
Figure 441
Figure 442
C
HAPTER
28
Object
28.1 The Device Insight Screen
Configuration Security Policy Policy Control.
Device Insight
Device Insight
Policy Control
Configuration Object Device Insight
Figure 443
28.1.1 Device Insight Add/Edit Screen
Device Insight Add/Edit
Configuration Object Device Insight Add/Edit
LABEL DESCRIPTION
Edit
Remove
References
Figure 444
28.1.2 Example: Block a Profile
LAN2_To_LAN1
LABEL DESCRIPTION
Object Device Insight Add
OK
Configuration Security Policy Policy Control Add
LAN2_To_LAN1
PROFILE NAME DESCRIPTION CATEGORY
OPERATING
SYSTEM
APPLIED POLICY
TO FROM ACTION DEVICE INSIGHT PROFILE
Add Policy From To
Action deny OK
Device
28.2 Zones Overview
Figure 445
Zone
28.2.1 What You Need to Know
Intra-zone Traffic
Inter-zone Traffic
Extra-zone Traffic
C
Any All
28.2.2 The Zone Screen
Zone
Configuration > Object > Zone
Figure 446
28.2.2.1 Zone Edit
Zone Edit Zone
Add Edit
LABEL DESCRIPTION
System Default
User Configuration
Edit
Remove
References
Figure 447
28.3 User/Group Overview
User
Group
Setting
LABEL DESCRIPTION
Available
Member
OK
Cancel
MAC Address
28.3.1 What You Need To Know
User Account
User Types
admin
Ext-User Accounts
ext-user
ext-user
ext-user
ext-user
ext-user
TYPE ABILITIES LOGIN METHOD(S)
ext-user
User
ad-users ldap-users radius-users
Ext-Group-User Accounts
Ext-Group-User
Dynamic-Guest Accounts
billing-users ua-users trial-users
billing-users
ua-users
trial-users
User Groups
admin
User Awareness
Finding Out More
28.3.2 User/Group User Summary Screen
User
Configuration > Object > User/Group
Figure 448
LABEL DESCRIPTION
Edit
Remove
References
28.3.3 User Add/Edit General Screen
User Add/Edit General
28.3.3.1 Rules for User Names
-
limited-admin
dynamic-guest
user
guest
ext-user
ext-group-user
guest-manager
Account Generator
LABEL DESCRIPTION
User Add
Edit
Figure 449
Figure 450
LABEL DESCRIPTION
Local Administrator
limited-admin
user
guest
ext-user
ext-group-user
ext-user ext-group-user
Enable
Password Complexity Configuration > Object > User/Group > Setting
ext-user ext-group-user
ext-group-user
Group Membership Attribute
ext-group-user
admin limited-admin
Figure 451
Figure 452
Use Default Settings
Use Manual Settings
LABEL DESCRIPTION
28.3.4 User Add/Edit Two-factor Authentication Screen
User Add/Edit Two-factor Authentication
Use Default Settings Authentication Timeout Settings
Use Manual Settings
Renew
Use Default Settings Authentication Timeout Settings
Use Manual Settings
Lease Time
ext-group-user
ext-group-user
User Name Test
OK
Cancel
Save
Two-factor Authentication
LABEL DESCRIPTION
ACCESS TYPE TWO-FACTOR AUTHENTICATION METHODS FACTOR 2 PASSWORD
Object > Auth. Method > Two-
factor Authentication > VPN Access Object > Auth. Method > Two-factor Authentication > Admin
Access.
Object > User/Group > User Add Edit
Figure 453
ACCESS TYPE TWO-FACTOR AUTHENTICATION METHODS FACTOR 2 PASSWORD
Figure 454
LABEL DESCRIPTION
Object > Auth. Method > Two-factor Authentication > VPN Access.
• SSL VPN Access
• IPSec VPN Access
L2TP/IPSec VPN Access
Object > Auth. Method > Two-factor
Authentication > Admin Access.
• Web
• SSH
• TELNET
Default User Defined PIN code by SMS/Email Google
Authenticator
Google Authenticator
Scan Barcode
Verify your device
Download
28.3.5 User/Group Group Summary Screen
Group
Configuration >
Object > User/Group > Group
Figure 455
28.3.5.1 Group Add/Edit Screen
Group Add/Edit
Group Add
Edit
Regenerate backup codes
Admin
Access
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
Edit
Remove
References
Figure 456
28.3.6 User/Group Setting Screen
Setting
Configuration > Object > User/Group >
Setting
LABEL DESCRIPTION
Member
Available
Member
Available
OK
Cancel
Figure 457
LABEL DESCRIPTION
Edit
admin
limited-admin
user
guest
ext-user
ext-group-user
Renew
Lease Time
Updating lease time automatically
User idle
timeout
Enable user idle detection
Default
Custom
LABEL DESCRIPTION
28.3.6.1 Default User Authentication Timeout Settings Edit Screens
Default Authentication Timeout Settings Edit
Configuration > Object > User/Group > Setting
Default Authentication Timeout Settings Edit
Figure 458
Limit ... for administration account
Limit ... for access account
Enable logon retry limit
lockout period
Enable logon retry limit
logon retry limit
maximum retry count
Apply
Reset
LABEL DESCRIPTION
28.3.6.2 User Aware Login Example
LABEL DESCRIPTION
admin
limited-admin
dynamic-guest
user
guest
ext-user
ext-group-user
guest-manager
Account Generator
Renew
Lease Time
OK
Cancel
Figure 459
28.3.7 User/Group MAC Address Summary Screen
Configuration > Object > User/Group > MAC
Address
LABEL DESCRIPTION
User-defined lease time
Lease time User Add/Edit
Lease time Setting
Allow renewing lease time automatically
Setting
Renew
Figure 460
28.3.7.1 MAC Address Add/Edit Screen
MAC Address Add Edit
Figure 461
LABEL DESCRIPTION
Edit
Remove
LABEL DESCRIPTION
OK
Cancel
28.3.8 User /Group Technical Reference
Setting up User Attributes in an External Server
Creating a Large Number of Ext-User Accounts
Ext-User
KEYWORD CORRESPONDING ATTRIBUTE IN WEB CONFIGURATOR
User Type
Lease Time
Reauthentication Time
Figure 462
Figure 463
Built-in System Accounts
28.4 Address/Geo IP Overview
Address
Address Add/Edit
Address Group Address Group Add/
Edit
Geo IP
28.4.1 What You Need To Know
Configuration > Device
HA> Device HA Pro >
Password
28.4.2 Address Summary Screen
HOST IP Address to define a
RANGE Starting IP Address Ending IP Address
SUBNET Network Netmask
INTERFACE IP
INTERFACE SUBNET
INTERFACE GATEWAY
GEOGRAPHY
FQDN
Address
Configuration > Object Address > Address
HTTP:// WWW. ZYXEL. COM
FQDN
Figure 464
LABEL DESCRIPTION
Edit
Remove
References
INTERFACE
28.4.2.1 IPv4 Address Add/Edit Screen
Configuration > Object > Address/GeoIP > Address > Add/Edit (IPv4)
Address
Add Edit IPv4 Address Configuration
Figure 465
Edit
Remove
References
INTERFACE
LABEL DESCRIPTION
LABEL DESCRIPTION
Address Type HOST
Address Type RANGE
28.4.2.2 IPv6 Address Add/Edit Screen
Configuration > Object > Address/GeoIP > Address > Add/Edit (IPv6)
Address
Add Edit IPv6 Address Configuration
Figure 466
Address Type RANGE
Address Type SUBNET
Address Type SUBNET
INTERFACE IP INTERFACE SUBNET INTERFACE GATEWAY Address Type
GEOGRAPHY Address Type
GEOGRAPHY
Configuration Object Address/Geo IP Geo IP
GEOGRAPHY
Geography Address Type
FQDN Address Type
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
Address Type HOST
28.4.3 Address Group Summary Screen
Address Group
Configuration > Object Address/Geo IP > Address Group
Figure 467
Address Type RANGE
Address Type RANGE
Address Type SUBNET
INTERFACE IP INTERFACE SUBNET INTERFACE GATEWAY Address Type
LINK LOCAL
STATIC SLAAC
DHCPv6
Geography Address Type
FQDN Address Type
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
Edit
Remove
References
28.4.3.1 Address Group Add/Edit Screen
Address Group Add/Edit
Address Group
Add Edit IPv4 Address Group Configuration IPv6 Address Group
Configuration
Figure 468
Edit
Remove
References
LABEL DESCRIPTION
LABEL DESCRIPTION
28.4.4 Geo IP Summary Screen
Member
Available
Member
Available
OK
Cancel
LABEL DESCRIPTION
Figure 469
28.4.4.1 Add Custom IPv4/IPv6 Address to Geography Screen
Geo IP Add Custom IPv4 to
Geography Rules Custom IPv6 to Geography Rules
LABEL DESCRIPTION
Apply
Remove
HOST RANGE SUBNET.
Region to Continent
Region List
Apply
Reset
Figure 470
28.5 Service Overview
Service
Service Group
28.5.1 What You Need to Know
IP Protocols
LABEL DESCRIPTION
HOST RANGE SUBNET
Address Type HOST
Address Type RANGE
Address Type RANGE
Address Type SUBNET
Address Type SUBNET
OK
Cancel
Service Objects and Service Groups
28.5.2 The Service Summary Screen
Service
Configuration > Object > Service >
Service
Figure 471
28.5.2.1 The Service Add/Edit Screen
Service Add/Edit
Service Add
Edit
Figure 472
LABEL DESCRIPTION
Edit
Remove
References
28.5.3 The Service Group Summary Screen
Service Group
HTTP HTTPS, SSH, TELNET
Object > Service > Service Group > Default_Allow_WAN_To_ZyWALL
WAN_to_Device
Configuration > Object Service
Service Group
Figure 473
LABEL DESCRIPTION
TCP UDP ICMP ICMPv6 User Defined
IP Protocol TCP UDP
IP Protocol ICMP ICMPv6
IP Protocol User Defined
OK
Cancel
28.5.3.1 The Service Group Add/Edit Screen
Service Group Add/Edit
Service Group
Add Edit
Figure 474
LABEL DESCRIPTION
Edit
Remove
References
Service Group Add/Edit
28.6 Schedule Overview
Schedule
One-Time Schedule Add/Edit
Recurring Schedule Add/Edit
28.6.1 What You Need to Know
One-time Schedules
Recurring Schedules
LABEL DESCRIPTION
Member
Available
Member
Available
OK
Cancel
28.6.2 The Schedule Screen
Schedule
Configuration > Object Schedule
Figure 475
LABEL DESCRIPTION
Edit
Remove
References
Edit
Remove
References
28.6.2.1 The One-Time Schedule Add/Edit Screen
One-Time Schedule Add/Edit
Schedule
Add Edit One Time
Figure 476
LABEL DESCRIPTION
Year
Month
Day
Hour
Minute
Year
Month
Day
Hour
Minute
OK
Cancel
28.6.2.2 The Recurring Schedule Add/Edit Screen
Recurring Schedule Add/Edit
Schedule
Add Edit Recurring
Figure 477
Year Month Day
LABEL DESCRIPTION
Hour
Minute
Hour
Minute
OK
Cancel
28.6.3 The Schedule Group Screen
Schedule Group
Configuration > Object Schedule >Group
Figure 478
28.6.3.1 The Schedule Group Add/Edit Screen
Schedule Group Add/Edit
Schedule Add Edit
Schedule Group
LABEL DESCRIPTION
Edit
Remove
References
Figure 479
28.7 AAA Server Overview
AAA Server
LABEL DESCRIPTION
Member
Available
Member
Available
OK
Cancel
28.7.1 Directory Service (AD/LDAP)
Figure 480
28.7.2 RADIUS Server
Figure 481
28.7.3 ASAS
Configuration > Object > AAA Server
Configuration > Object > AAA Server > Active Directory LDAP
Configuration > Object > AAA Server > RADIUS
28.7.4 What You Need To Know
AAA Servers Supported by the Zyxel Device
Directory Structure
Figure 482
Distinguished Name (DN)
Base DN
Bind DN
28.7.5 Active Directory or LDAP Server Summary
Active Directory LDAP
Configuration > Object > AAA Server > Active Directory LDAP Active Directory
LDAP
Figure 483
28.7.5.1 Adding an Active Directory or LDAP Server
Object > AAA Server > Active Directory LDAP Active Directory LDAP
Add Edit
LABEL DESCRIPTION
Edit
Remove
References
Figure 484
LABEL DESCRIPTION
LDAP
Use SSL
ext-group-user
ext-group-user
Enable
Active Directory
Active Directory
Active Directory
Active Directory
Active Directory
LABEL DESCRIPTION
28.7.6 RADIUS Server Summary
RADIUS
Configuration > Object > AAA Server > RADIUS RADIUS
Figure 485
28.7.6.1 Adding a RADIUS Server
Configuration > Object > AAA Server > RADIUS RADIUS Add
Edit
Username Test
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
Edit
Remove
References
Figure 486
LABEL DESCRIPTION
LABEL DESCRIPTION
28.8 Auth. Method Overview
Configuration > Object > Auth. Method
Configuration > Object > Auth. Method > Two-Factor Authentication
28.8.1 Before You Begin
28.8.2 Example: Selecting a VPN Authentication Method
Auth. Method VPN
Gateway
Configuration > VPN > IPSec VPN > VPN Gateway Edit
Show Advance Setting Enable Extended Authentication
Server Mode
OK
ext-group-user
ext-group-user
OK
Cancel
LABEL DESCRIPTION
Figure 487
28.8.3 Authentication Method Objects
Configuration > Object > Auth. Method
Figure 488
28.8.3.1 Creating an Authentication Method Object
LABEL DESCRIPTION
Edit
Remove
References
Configuration > Object > Auth. Method
Add
Name
Add
Method List
Method List
OK Cancel
Figure 489
LABEL DESCRIPTION
Add
Edit
Remove
28.8.4 Two-Factor Authentication
28.8.4.1 Overview
Move
AAA
Server
OK
Cancel
LABEL DESCRIPTION
Figure 490
VPN Access Via a VPN tunnel
Valid Time
Admin Access Via the Web Configurator, SSH, or Telnet
Valid Time
28.8.4.2 Pre-configuration
Object > User/Group > User > Edit > Two-factor Authentication
Object > Auth. Method > Two-factor Authentication
HTTP HTTPS System > WWW > Service Control
SSH Telnet System > SSH System > TELNET
HTTP HTTPS, SSH, TELNET Object > Service > Service Group >
Default_Allow_WAN_To_ZyWALL
WAN_to_Device
Email Authentication
Mail Server System > Notification > Mail Server.
SMS Authentication
Mail Server System > Notification > Mail Server.
SMS System > Notification > SMS.
Google Authentication
System > Notification > SMS
System > Notification > Mail Server
Valid Time Configuration > Object > Auth. Method > Two-factor
Authentication > VPN Access
Google Authenticator Settings
28.8.5 Two-Factor Authentication VPN Access
Configuration > Object > Auth. Method > Two-factor Authentication > VPN Access
Figure 491
LABEL DESCRIPTION
28.8.6 Two-Factor Authentication Admin Access
Web SSH TELNET
Selectable User/Group Objects
Selected User/Group Objects
Selectable User/Group Objects
Object > User/Group > User
Object > User/Group > User
Configuration Object User/Group User Add Two-factor Authentication
http https HTTP HTTPS System > WWW > Service Control
From Interface User-Defined: wan1 2
User-Defined
Use
Multilingual file
Download the default 2FA-msg.txt example
Restore Customized File to Default
Select a File Path
Upload
Apply
Reset
LABEL DESCRIPTION
Configuration > Object > Auth. Method > Two-factor Authentication > Admin Access
Figure 492
28.9 Certificate Overview
LABEL DESCRIPTION
All
SMS Object > User/Group > User
Email Object > User/Group > User
Apply
Reset
My Certificates
Trusted Certificates
28.9.1 What You Need to Know
Advantages of Certificates
Self-signed Certificates
Factory Default Certificate
Certificate File Formats
28.9.2 Verifying a Certificate
Figure 493
Certificate Details
Thumbprint Algorithm Thumbprint
Figure 494
Thumbprint
Algorithm Thumbprint
28.9.3 The My Certificates Screen
Configuration > Object > Certificate > My Certificates My Certificates
Figure 495
LABEL DESCRIPTION
Edit
Remove
References
Figure 496
Mail Subject
Mail To
Send Certificate with Private Key
Password
E-mail Content
Compress as a ZIP File
Send Email
Cancel
Figure 497
LABEL DESCRIPTION
28.9.3.1 The My Certificates Add Screen
Configuration > Object > Certificate > My Certificates Add My
Certificates Add
REQ
My Certificate
Import
SELF
CERT
Subject
Import
Refresh
LABEL DESCRIPTION
Figure 498
LABEL DESCRIPTION
Host IP Address Host IPv6
Address Host Domain Name E-Mail
My Certificate Create
Return
My Certificate Create Return My Certificate Create
28.9.3.2 The My Certificates Edit Screen
Configuration > Object > Certificate > My Certificates Edit My
Certificate Edit
My Certificate Details
My Certificate Details
OK
Cancel My Certificates
LABEL DESCRIPTION
Figure 499
LABEL DESCRIPTION
Refresh
Refresh
Subject Name
LABEL DESCRIPTION
28.9.3.3 The My Certificates Import Screen
Configuration > Object > Certificate > My Certificates > Import My Certificate Import
My Certificates
Figure 500
Save File Download Save As
Save
Save File Download Save As
Save
OK
Cancel My Certificates
LABEL DESCRIPTION
28.9.4 The Trusted Certificates Screen
Configuration > Object > Certificate > Trusted Certificates Trusted Certificates
Figure 501
LABEL DESCRIPTION
Browse
Browse
OK
Cancel My Certificates
LABEL DESCRIPTION
Edit
Remove
References
28.9.4.1 The Trusted Certificates Edit Screen
Configuration > Object > Certificate > Trusted Certificates Edit
Trusted Certificates Edit
Subject
Import
LABEL DESCRIPTION
Figure 502
LABEL DESCRIPTION
Refresh
Refresh
LDAP Server
OCSP Server
Subject Name
28.9.4.2 The Trusted Certificates Import Screen
Configuration > Object > Certificate > Trusted Certificates > Import Trusted Certificates
Import
Save File Download Save As
Save
OK
Cancel Trusted Certificates
LABEL DESCRIPTION
Figure 503
28.9.5 Certificates Technical Reference
OCSP
28.10 ISP Account Overview
Object ISP Account
28.10.1 ISP Account Summary
Configuration > Object ISP Account
LABEL DESCRIPTION
Browse
Browse
OK
Cancel
Figure 504
28.10.1.1 ISP Account Add/Edit
ISP Account Add/Edit
ISP Account
Add Edit ISP Account Edit
LABEL DESCRIPTION
Edit
Remove
References
Figure 505
LABEL DESCRIPTION
pppoe
pptp
l2tp
CHAP/PAP
Chap
PAP
MSCHAP
MSCHAP-V2
PPTP
nomppe
mppe-40
mppe-128
PPTP
On Off
OK
ISP Account
ISP Account Edit
Cancel ISP Account
LABEL DESCRIPTION
C
HAPTER
29
Mgmt. & Analytics
29.1 Mgmt. & Analytics Overview
CNM
ID
Nebula
29.1.1 What You Can Do in this Chapter
Mgmt. & Analytics > SecuManager
Mgmt. & Analytics > SecuReporter
Mgmt. & Analytics > Nebula
29.2 Cloud CNM SecuManager
Figure 506
Configuration > Cloud CNM > SecuManager
Figure 507
LABEL DESCRIPTION
CNM ID
CNM ID CNM URL
Auto
CNM ID
CNM URL
CNM ID
CNM URL
HTTP HTTPS CNM URL
HTTPS Transfer Protocol
CNM URL HTTP
Transfer Protocol
29.3 Cloud CNM SecuReporter
Apply
Reset
LABEL DESCRIPTION
Figure 508
How to activate and enable SecuReporter
Service Status Activated Configuration Cloud CNM SecuReporter
Configuration > Licensing > Registration > Service
Figure 509
Configuration Cloud CNM SecuReporter
Enable SecuReporter
Apply
How to add this Zyxel Device to SecuReporter
Settings Organization & Devices Add
Organization Unclaimed Device
SecuReporter Banner
Figure 510
Continue
Server Status
Connected
Timeout
Fail
Device Name
Organization
Select from existing organization
Create new organization
Partially Anonymous
Fully Anonymous
Non-Anonymous
Figure 511
Configuration Cloud CNM SecuReporter
Figure 512
LABEL DESCRIPTION
Standard
Trial
Activated Not
Activated Expired
Expired Not Licensed
Trial
Standard
Apply
Reset
29.4 Nebula
29.4.1 Scenario A-Native Mode
Nebula Internet
Access
Test
Apply & Go To Nebula
Apply & Go to Nebula
Configuration Mgmt. & Analytics Nebula
Figure 513
LABEL DESCRIPTION
P2 P3 Port 2 Port 3
29.4.2 Scenario B-Zero Touch Provisioning (ZTP)
Inactive
Down
Speed/Duplex
Full Halt
Up
Down
Connected
Disconnected
Static
Dynamic
DHCP Client
Test
LABEL DESCRIPTION
Figure 514
C
HAPTER
30
System
30.1 Overview
30.1.1 What You Can Do in this Chapter
System > Host Name
System > USB Storage
System > Date/Time
System > Console Speed
System > DNS
System > WWW
System > SSH
System > TELNET
System > FTP
System > SNMP
Auth. Server
Notification > Mail Server
Notification > SMS
Notification > Response Message
System > Language
System > IPv6
System > ZON
System Advanced
30.2 Host Name
Configuration > System
> Host Name Host Name
Figure 515
30.3 USB Storage
LABEL DESCRIPTION
Apply
Reset
Configuration > System > USB Storage
Figure 516
30.4 Date and Time
Configuration >
System > Date/Time
LABEL DESCRIPTION
MB %
Apply
Reset
Figure 517
LABEL DESCRIPTION
Apply
Time and Date Setup Manual
Apply
Time and Date Setup Manual
Apply
Apply Synchronize Now
Time Server Address
Enable Daylight
Saving at
Second Sunday March at
Last Sunday March
at
Enable Daylight
Saving at
First Sunday November at
Last Sunday October
at
LABEL DESCRIPTION
30.4.1 Pre-defined NTP Time Servers List
30.4.2 Time Server Synchronization
Synchronize Now
Time Server Address
Loading
Figure 518
Current Time Current Date
View Log
Date/Time
System > Date/Time
Manual Time and Date Setup
Apply
Reset
LABEL DESCRIPTION
New Time
New Date
Time Zone Setup Time Zone
Enable Daylight Saving
Apply
System > Date/Time
Get from Time Server Time and Date Setup
Time Zone Setup Time Zone
Enable Daylight Saving
Time and Date Setup Time Server Address
Apply
30.5 Console Port Speed
Configuration > System > Console Speed Console Speed
Figure 519
30.6 DNS Overview
30.6.1 DNS Server Address Assignment
30.6.2 Configuring the DNS Screen
Configuration > System > DNS DNS
Network > Interface
LABEL DESCRIPTION
Console Port Speed
Console Status
Apply
Reset
Security Option Control Configuration > System > DNS Show
Advanced Settings
Figure 520
LABEL DESCRIPTION
Edit
Remove
Add
Edit
Remove
Move
User-Defined
N/A
tunnel
Edit
Remove
Show Advanced Settings
Default Customize
allow deny
Query Recursion Additional Info from Cache
Customize
Default
Customize
Object > Address
Add
Edit
Remove
Move
LABEL DESCRIPTION
30.6.3 (IPv6) Address Record
30.6.4 PTR Record
30.6.5 Adding an (IPv6) Address/PTR Record
Add Address/PTR Record IPv6 Address/PTR Record
Figure 521
Accept Deny
LABEL DESCRIPTION
30.6.6 CNAME Record
30.6.7 Adding a CNAME Record
Figure 522
LABEL DESCRIPTION
OK
Cancel
30.6.8 Domain Zone Forwarder
30.6.9 Adding a Domain Zone Forwarder
Add Domain Zone Forwarder
Figure 523
LABEL DESCRIPTION
OK
Cancel
30.6.10 MX Record
30.6.11 Adding a MX Record
Add MX Record
Figure 524
LABEL DESCRIPTION
DNS Server(s) from ISP
N/A
Public DNS Server
Query via
Private DNS Server
OK
Cancel
30.6.12 Security Option Control
Security Option Control Configuration > System > DNS Show
Advanced Settings
Query Recursion Additional Info from Cache
Query Recursion Additional Info from Cache
30.6.13 Editing a Security Option Control
Edit allow deny Query Recursion
Additional Info from Cache
Figure 525
LABEL DESCRIPTION
OK
Cancel
30.6.14 Adding a DNS Service Control Rule
Add Service Control
Figure 526
LABEL DESCRIPTION
Default
Object > Address
> Member
OK
Cancel
LABEL DESCRIPTION
ALL
ALL
30.7 WWW Overview
Enable
30.7.1 Service Access Limitations
Service Control
Service Control
Deny
30.7.2 System Timeout
User/Group
30.7.3 HTTPS
Accept
Deny
OK
Cancel
LABEL DESCRIPTION
Authenticate Client Certificates WWW Authenticate Client Certificates
Figure 527
HTTP WWW
30.7.4 Configuring WWW Service Control
Configuration > System > WWW WWW
Admin Service Control
User Service Control
Figure 528
LABEL DESCRIPTION
Service Control
8443
Authenticate Client Certificates
My Certificates
Admin Service Control
User Service Control
Add
Edit
Remove
Move
Zone Accept Deny
Service Control
Admin Service Control
User Service Control
Add
Edit
LABEL DESCRIPTION
30.7.5 Service Control Rules
Add Edit Service Control WWW SSH Telnet FTP SNMP
Figure 529
Remove
Move
Zone Accept Deny
Object > Auth. method
Apply
Reset
LABEL DESCRIPTION
LABEL DESCRIPTION
ALL
30.7.6 Customizing the WWW Login Page
Configuration > System > WWW > Login Page Login Page
Figure 530
ALL
Accept
Deny
OK
Cancel
LABEL DESCRIPTION
Figure 531
Figure 532
Figure 533
Color
Apply
LABEL DESCRIPTION
Browse
Upload
Picture
Browse
Color
Picture
Browse
Color
30.7.7 HTTPS Example
30.7.7.1 Internet Explorer Warning Messages
Figure 534
Continue to this website Click
here to close this web page
30.7.7.2 Mozilla Firefox Warning Messages
The Connection is Untrusted
Technical Details
I Understand the Risks Add Exception
Confirm Security Exception
Apply
Reset
LABEL DESCRIPTION
Figure 535
Figure 536
30.7.7.3 Avoiding Browser Warning Messages
30.7.7.4 Login Screen
Figure 537
30.7.7.5 Enrolling and Importing SSL Client Certificates
Authenticate Client Certificates
Authenticate Client
Certificates
Trusted CA
Figure 538
30.7.7.5.1 Installing the CA’s Certificate
Figure 539
Install Certificate
30.7.7.5.2 Installing Your Personal Certificate(s)
Next
Figure 540
File
name Browse
Figure 541
Figure 542
Place all
certificates in the following store
Figure 543
Finish
Figure 544
Figure 545
30.7.7.6 Using a Certificate When Accessing the Zyxel Device Example
Figure 546
Authenticate Client Certificates
Figure 547
Figure 548
30.8 SSH
A
SSH Object > Service >
Service Group > Default_Allow_WAN_To_ZyWALL
WAN_to_Device
Figure 549
30.8.1 SSH Implementation on the Zyxel Device
30.8.2 Requirements for Using SSH
30.8.3 Configuring SSH
Configuration > System > SSH
Figure 550
30.8.4 Service Control Rules
Add Edit Service Control
Figure 551
LABEL DESCRIPTION
Service Control
My
Certificates
Add
Edit
Remove
Move
Zone Accept Deny
Apply
Reset
30.8.5 SSH Example
LABEL DESCRIPTION
ALL
ALL
Accept
Deny
OK
Cancel
30.9 Telnet
30.9.1 Configuring Telnet
Configuration > System > TELNET
Telnet Object > Service >
Service Group > Default_Allow_WAN_To_ZyWALL
WAN_to_Device
Figure 552
LABEL DESCRIPTION
Service Control
Add
Edit
Remove
Move
Zone Accept Deny
Apply
Reset
30.9.2 Service Control Rules
Add Edit Service Control
Figure 553
30.10 FTP
30.10.1 Configuring FTP
Configuration > System > FTP
LABEL DESCRIPTION
ALL
ALL
Accept
Deny
OK
Cancel
Figure 554
LABEL DESCRIPTION
Service Control
My Certificates
Add
Edit
Remove
Move
Zone Accept Deny
30.10.2 Service Control Rules
Add Edit Service Control
Figure 555
30.11 SNMP
Apply
Reset
LABEL DESCRIPTION
LABEL DESCRIPTION
ALL
ALL
Accept
Deny
OK
Cancel
Figure 556
30.11.1 SNMPv3 and Security
30.11.2 Supported MIBs
30.11.3 SNMP Traps
30.11.4 Configuring SNMP
Configuration > System > SNMP
OBJECT LABEL OBJECT ID DESCRIPTION
Figure 557
LABEL DESCRIPTION
Service Control
Get Community
Set community
30.11.5 Add SNMPv3 User
Add Configuration > System > SNMP
Add
Edit
Remove
MD5 SHA
DES
AES
Read-Write
Read-Only
Add
Edit
Remove
Move
Zone Accept Deny
Apply
Reset
LABEL DESCRIPTION
Figure 558
30.11.6 Service Control Rules
Add Edit Service Control
Figure 559
LABEL DESCRIPTION
MD5 SHA
DES
AES
Read-Write
Read-Only
OK
Cancel
30.12 Authentication Server
Configuration > System > Auth. Server
Figure 560
LABEL DESCRIPTION
ALL
ALL
Accept
Deny
OK
Cancel
30.12.1 Add/Edit Trusted RADIUS Client
Configuration > System > Auth. Server Auth. Server Add
Edit
LABEL DESCRIPTION
My Certificates
Configuration > Object > Auth.
Method
Add
Edit
Remove
Activate
Inactivate
Apply
Reset
Figure 561
30.13 Notification > Mail Server
Maintenance > Diagnostics > Network Tool Test Email Server Configuration > Log &
Report > Email Daily Report
Configuration > System > Notification Mail Server
LABEL DESCRIPTION
OK
Cancel
Figure 562
LABEL DESCRIPTION
Configuration > Log & Report > Email Daily Report
Append system name
Append date time
SMTP Authentication
SMTP Authentication
Apply
Reset
30.14 Notification > SMS
Configuration > System > Notification > SMS
Figure 563
LABEL DESCRIPTION
Email-to-SMS Provider
Configuration System Notification Mail Server
auto append to "Mail to"
Mail To
Mail
Server Configuration System Notification Mail Server
30.15 Notification > Response Message
Configuration > System > Notification > Response Message
Figure 564
Configuration Object User/Group User
LABEL DESCRIPTION
LABEL DESCRIPTION
Edit
30.16 Language Screen
Configuration > System > Language
Browse
Color
#0000FF
Color
#0000FF
Color
#0000FF
Color
#0000FF
LABEL DESCRIPTION
Figure 565
30.17 IPv6 Screen
Configuration > System > IPv6
LABEL DESCRIPTION
Apply
Reset
Figure 566
30.18 Zyxel One Network (ZON) Utility
30.18.1 Requirements
Operating System
LABEL DESCRIPTION
Configuration Network Interface
Ethernet VLAN Bridge
Apply
Reset
My Computer >
Properties General
Hardware
30.18.2 Run the ZON Utility
OK
Figure 567
Show
information about ZON Supported
model and firmware version
Figure 568
Figure 569
Go
Figure 570
Figure 571
1
2
3
4
5 6
7
8
9
10 11 12 13
ICON DESCRIPTION
30.18.3 Zyxel One Network (ZON) System Screen
ZDP Smart Connect System > ZON
Monitor > System Status > Ethernet Neighbor Smart Connect
System > ZON
Figure 572
LABEL DESCRIPTION
IP Configuration Renew IP address
Flash Locator LED
30.19 Advanced Screen
30.19.1 Fast Forwarding Technical Reference
LABEL DESCRIPTION
Smart Connect
Monitor > System Status >
Ethernet Discovery.
Apply
Reset
System > Advanced
Figure 573
Enable Title Bar
Figure 574
LABEL DESCRIPTION
Apply
Reset
C
HAPTER
31
Log and Report
31.1 Overview
31.1.1 What You Can Do In this Chapter
Email Daily Report
Log Setting
31.2 Email Daily Report
Email Daily Report
Mail Server Note
Notification
Configuration > Log & Report > Email Daily Report
Figure 575
LABEL DESCRIPTION
31.3 Log Setting Screens
Log Setting
MONITOR > Log
Log Setting
Log Setting Edit
Log Category Settings
31.3.1 Log Setting Summary
Configuration > Log & Report > Log Settings
System Resource
Usage Wireless Report Security Service, Interface Traffic Statistics DHCP Table
Reset counters after sending report successfully
Apply
Reset
LABEL DESCRIPTION
Figure 576
LABEL DESCRIPTION
Edit
Activate
Inactivate
Internal
VRPT
CEF/Syslog
31.3.2 Edit System Log Settings
Log Settings Edit
Log Settings Summary
Edit
Figure 577
Log Category Settings Edit
LABEL DESCRIPTION
Figure 578
Figure 579
LABEL DESCRIPTION
Active Log and Alert
When Full Hourly and When Full
Daily and When Full Weekly and When Full
SMTP Authentication
SMTP Authentication
System Log
disable all logs
enable normal logs
enable normal logs and debug logs
E-Mail Server 1
System Log
enable normal logs
enable alert logs
E-Mail Server 2
System Log
enable normal logs
enable alert logs
Display
Category View Log Default
Log Category
disable all logs
enable normal logs
enable normal logs and debug logs
E-Mail Server 1
System log
E-Mail Server 2
System log
LABEL DESCRIPTION
31.3.3 Edit Log on USB Storage Setting
Edit Log on USB Storage Setting
Log Setting Summary
Edit
Figure 580
Log Consolidation Interval View Log
x x
Message
x
x Message
LABEL DESCRIPTION
31.3.4 Edit Remote Server Log Settings
Log Settings Edit
Log Settings Summary Edit
LABEL DESCRIPTION
Active Log
Keep Duration
Selection
disable all logs
enable normal logs
enable normal logs and debug logs
Default
Log Category All Logs
disable all logs
enable normal logs
enable normal logs and debug logs
Figure 581
LABEL DESCRIPTION
Active Log
VRPT/Syslog
CEF/Syslog
31.3.5 Log Category Settings Screen
Log Category Settings
Log Settings Summary
Log Category Settings
Figure 582
Selection
disable all logs
enable normal logs
enable normal logs and debug logs
Display
Category View Log Default
Log Category All Logs
disable all logs
enable normal logs
enable normal logs and debug logs
LABEL DESCRIPTION
Figure 583
Default
LABEL DESCRIPTION
System Log
disable all logs
enable normal logs
enable normal logs and debug logs
USB Storage
disable all logs
enable normal logs
enable normal logs and debug logs
E-Mail Server 1
System Log
enable normal logs
enable alert logs
E-Mail Server 2
System Log
enable normal logs
enable alert logs
Selection
disable all logs
enable normal logs
enable normal logs and debug logs
Display
Category View Log Default
Log Category
disable all logs
enable normal logs
enable normal logs and debug logs
disable all logs
enable normal logs
enable normal logs and debug logs
E-Mail Server 1
System log
E-
Mail Server 2
System log
Log Category
All Logs
disable all logs
enable normal logs
enable normal logs and debug logs
LABEL DESCRIPTION
C
HAPTER
32
File Manager
32.1 Overview
32.1.1 What You Can Do in this Chapter
Configuration File
Firmware Package
Shell Script
32.1.2 What you Need to Know
Configuration Files and Shell Scripts
Privilege
Configuration
Comments in Configuration Files or Shell Scripts
Figure 584
Configuration
Privilege
Errors in Configuration Files or Shell Scripts
32.2 The Configuration Screen
Maintenance > File Manager > Configuration File > Configuration Configuration
Configuration
Apply
Configuration File Flow at Restart
startup-config.conf
system-default.conf
startup-config.conf
lastgood.conf
startup-config.conf
startup-config-bad.conf lastgood.conf
lastgood.conf
system-default.conf
startup-config.conf
startup-config.conf
Do not turn off the Zyxel Device while configuration file upload is in
progress.
LABEL DESCRIPTION
lastgood.conf system-
default.conf startup-config.conf
Rename Rename File
Figure 585
OK Cancel
Remove
system-
default.conf startup-config.conf lastgood.conf
OK
Cancel
Download
Copy Copy File
Figure 586
OK Cancel
Apply
Figure 587
Immediately stop applying the configuration file
Immediately stop applying the configuration file and roll back to the previous configuration
Ignore errors and finish applying the configuration file
Ignore errors and finish applying the configuration file and then roll back to the previous
configuration
OK Cancel
LABEL DESCRIPTION
32.2.1 The Configuration Schedule Backup Screen
Schedule Backup
system-default.conf
Apply
startup-config.conf
Apply OK
lastgood.conf
system-default.conf lastgood.conf
startup-config.conf
Browse ...
Browse...
Upload
LABEL DESCRIPTION
Figure 588
LABEL DESCRIPTION
32.3 Firmware Management
Firmware Management
Running Standby
The firmware update can take up to five minutes. Do not turn off or reset
the Zyxel Device while the firmware update is in progress!
32.3.1 Cloud Helper
Apply
Reset
LABEL DESCRIPTION
Upgrade
What’s New
Upgrade Now
Upgrade Now
Upgrade Now
32.3.2 The Firmware Management Screen
Maintenance > File Manager > Firmware Management Firmware Management
Figure 589
LABEL DESCRIPTION
Reboot
Standby Running Standby
Reboot
Standby Running
Running
Standby N/A
Yes
Yes
No
Check Now
Auto Update File Manager > Firmware Management
Schedule Reboot Maintenance > Shutdown-Reboot
Activated
Not Activated
LABEL DESCRIPTION
No
Maintenance File Manager Firmware Management Standby
Reboot
Standby Running
Maintenance File Manager
Configuration File Configuration Upload Configuration File
Firmware Upload in Process
Figure 590
Figure 591
Dashboard
Figure 592
32.3.3 Firmware Upgrade via USB Stick
SYS
startup-config.conf
startup-config.conf
lastgood.conf
lastgood.conf
system-default.conf
32.4 The Shell Script Screen
Maintenance > File Manager > Shell Script Shell Script Shell Script
Figure 593
LABEL DESCRIPTION
Rename Rename File
Figure 594
OK Cancel
Remove
OK
Cancel
Download
Copy Copy File
Figure 595
OK Cancel
Apply
Browse ...
Browse...
Upload
LABEL DESCRIPTION
C
HAPTER
33
Diagnostics
33.1 Overview
33.1.1 What You Can Do in this Chapter
Diagnostics
Packet Capture
CPU / Memory Status
System Logs
Network Tool
Routing Traces
Wireless Frame Capture
33.2 The Diagnostics Screens
Diagnostics
33.2.1 Scripts
Script Name
Script Uploads to the Zyxel Device
File Manager > Shell Script
Diagnostics > Controller
Diagnostics > AP
Diagnostics > AP.
Script Output
Diagnostics > Files
33.2.2 The Diagnostics Controller Screen
Maintenance > Diagnostics > Controller Collect Now
Figure 596
LABEL DESCRIPTION
Standby
Busy on Ap
Diagnostics > AP
Busy on ZyWall:
33.2.3 The Diagnostics Files Screen
Maintenance > Diagnostics > Files
Figure 597
Browse
Upload
LABEL DESCRIPTION
LABEL DESCRIPTION
33.3 The Packet Capture Screen
Maintenance > Diagnostics > Packet
Capture
File Suffix
Remove
Download
LABEL DESCRIPTION
Figure 598
LABEL DESCRIPTION
Available Interfaces
Capture Interfaces
any
any
any
User Defined
IP Type any tcp udp
Continuously capture and overwrite old ones
Duration
File Size
Unused
Remove Now
none
service deactivated Configuration > System > USB
Storag
available
LABEL DESCRIPTION
33.3.1 The Packet Capture Files Screen
Maintenance > Diagnostics > Packet Capture > Files
Figure 599
LABEL DESCRIPTION
LABEL DESCRIPTION
Remove
Download
33.4 The CPU / Memory Status Screen
Maintenance > Diagnostics > CPU / Memory Status CPU/Memory Status
Figure 600
LABEL DESCRIPTION
LABEL DESCRIPTION
33.5 The System Log Screen
Maintenance > Diagnostics > System Log System Log
Figure 601
LABEL DESCRIPTION
LABEL DESCRIPTION
Remove
Download
33.6 The Network Tool Screen
Maintenance > Diagnostics > Network Tool
Figure 602
LABEL DESCRIPTION
Figure 603
LABEL DESCRIPTION
NSLOOKUP IPv4 NSLOOKUP IPv6
PING IPv4 PING IPv6
TRACEROUTE IPv4 TRACEROUTE IPv6
Test Email Server
Test Email Server Network Tool
33.7 The Routing Traces Screen
Maintenance > Diagnostics > Routing Traces
Figure 604
Append system name
Append date time
SMTP Authentication
SMTP Authentication
LABEL DESCRIPTION
33.8 The Wireless Frame Capture Screen
Maintenance > Diagnostics > Wireless Frame Capture
File Prefix
LABEL DESCRIPTION
any
Figure 605
LABEL DESCRIPTION
Configuration > Wireless > AP Management
Captured MON Mode APs
33.8.1 The Wireless Frame Capture Files Screen
Maintenance > Diagnostics > Wireless Frame Capture > Files
Figure 606
LABEL DESCRIPTION
LABEL DESCRIPTION
Remove
Download
C
HAPTER
34
Packet Flow Explore
34.1 Overview
34.1.1 What You Can Do in this Chapter
Routing Status
SNAT Status
34.2 Routing Status
Routing Status
Routing Flow
Routing Table Maintenance Packet Flow Explore Routing Status
use policy route to override direct route CONFIGURATION > Network > Routing > Policy
Route
use policy routes to control dynamic IPSec rules CONFIGURATION > VPN > IPSec VPN >
VPN Connection
Figure 607
Figure 608
Figure 609
Figure 610
Figure 611
Figure 612
Figure 613
Figure 614
LABEL DESCRIPTION
Routing Table
Routing Flow
Direct Route Static-Dynamic Route Main Route Routing Flow
A
S
C
O
R
B
G
!
B
L
Policy Route Routing Flow
any
Auto
Interface /GW
VPN Tunnel
Trunk
1-1 SNAT Routing Flow
34.3 The SNAT Status Screen
SNAT Status
SNAT Flow SNAT Table
Maintenance Packet Flow Explore SNAT Status
use default SNAT CONFIGURATION > Network > Interface > Trunk
Figure 615
Dynamic VPN or SiteToSite VPN Routing Flow
Default WAN Trunk Routing Flow
any
any
LABEL DESCRIPTION
Figure 616
Figure 617
Figure 618
LABEL DESCRIPTION
SNAT Table
SNAT Flow
Policy Route SNAT SNAT Flow
1-1 SNAT SNAT Flow
Loopback SNAT SNAT Flow
any
any
Outgoing
Interface IP
Default SNAT SNAT Flow
Outgoing
Interface IP
LABEL DESCRIPTION
Chapter 35
Shutdown
35.1 Overview
Always use the Maintenance > Shutdown > Shutdown screen or the
“shutdown” command before you turn off the Zyxel Device or remove
the power. Not doing so can cause the firmware to become corrupt.
35.1.1 What You Need To Know
35.2 The Shutdown / Reboot Screen
Maintenance Shutdown/Reboot
Figure 619
LABEL DESCRIPTION
Shutdown
Reboot
Auto Update File Manager > Firmware Management
Schedule Reboot Maintenance > Shutdown-Reboot
Apply
Reset
P
ART
III
Appendices and
Troubleshooting
C
HAPTER
36
Troubleshooting
Network Test Tool
Organization-wide Configuration Inventory
Waiting ZTP
ZTP Setup
OK
Organization-wide Configuration Inventory
Add
OK
Add
Add to site
Waiting ZTP ZTP Setup
OK
Start (All) Programs Accessories Command Prompt
Command Prompt
RESET
SYS
CONSOLE
CONSOLE
Dashboard
Enable Content Filter Category Service
Configuration > Security Service > Content Filter > Profile > Add or Edit
Containment Period
Configuration Security Service Collaborative Detection& Response
Interface Type General
Interface Type
Internal External
Auto
Trusted Certificates
Configuration > VPN > IPSec VPN > VPN Connection Use Policy Route to control
dynamic IPSec rules option
AP Role Capability Mgnt. AP List
Secure WiFi
Remote AP Configuration Wireless AP Management
Secure Tunnel SSID
admin
ext-user
admin
Configuration Object Auth. Method Two-factor Authentication VPN Access.
System Notification SMS
System Notification Mail Server
My Certificates
File Size
File Size Duration
File Suffix
Monitor Network Status Device Insight
Feedback
Monitor Device Insight
Security Policy
deny
Security Check for
Web Interface
Security Check
for Web Interface
Security
Check for Web Interface
Mgmt. & Analytics Nebula
36.1 Resetting the Zyxel Device
SYS
RESET SYS
RESET
36.2 Getting More Troubleshooting Help
A
PPENDIX
A
Customer Support
http://www.zyxel.com/homepage.shtml
http://www.zyxel.com/about_zyxel/zyxel_worldwide.shtml
Required Information
Corporate Headquarters (Worldwide)
Taiwan
Asia
China
India
Kazakhstan
Korea
Malaysia
Pakistan
Philippines
Singapore
Taiwan
Thailand
Vietnam
Europe
Austria
Belarus
Belgium
Bulgaria
Czech Republic
Denmark
Estonia
Finland
France
Germany
Hungary
Italy
Latvia
Lithuania
Netherlands
Norway
Poland
Romania
Russia
Slovakia
Spain
Sweden
Switzerland
Turkey
UK
Ukraine
Latin America
Argentina
Brazil
Ecuador
Middle East
Israel
Middle East
North America
USA
Oceania
Australia
Africa
South Africa
A
PPENDIX
B
Product Features
Model Name USG FLEX 50
(USG20-VPN)
USG FLEX 50W
(USG20W-VPN)
Interface
Routing
Sessions
NAT
Firewall (Secure Policy)
ADP
Application Patrol
User Profile
HTTPd
Objects
Trunk
VPN
Certificate
Built-In Service
USB Storage
Centralized Log
IDP
SSL Inspection
Content Filtering
Anti-Spam
Anti-Virus
SSL VPN
AP Controller
BWM
SIP
Custom Web Portal Page
Hotspot Management
A
PPENDIX
C
Legal Information
Copyright
Disclaimer
Regulatory Notice and Statement (Class B)
UNITED STATES of AMERICA
FCC EMC Statement
FCC Radiation Exposure Statement (For USG FLEX 50W and USG20W-VPN only)
CANADA
Innovation, Science and Economic Development ICES statement
Innovation, Science and Economic Development RSS-GEN & RSS-247 statement (For USG FLEX 50W and
USG20W-VPN only)
Antenna Information
informations antenne
Industry Canada radiation exposure statement (For USG FLEX 50W and USG20W-VPN only)
Déclaration d’exposition aux radiations (For USG FLEX 50W and USG20W-VPN only):
Type Manufacturer Gain Connector Impedance
Type fabricant Gain Connecteur impédance
EUROPEAN UNION and UNITED KINGDOM
Declaration of Conformity with Regard to EU Directive 2014/53/EU (Radio Equipment Directive, RED) and
UK regulation (For USG FLEX 50W and USG20W-VPN only)
National Restrictions
National Restrictions
National Restrictions
National Restrictions
List of national codes
Safety Warnings
Environment Statement
ErP (Energy-related Products)
Disposal and Recycling Information
About the Symbols
Explanation of the Symbols
Viewing Certifications
Zyxel Limited Warranty
Note
Registration
Open Source Licenses
https://www.zyxel.com/form/gpl_oss_software_notice.shtml
