IMPORTANT!
READ CAREFULLY BEFORE USE.
KEEP THIS GUIDE FOR FUTURE REFERENCE.
Related Documentation
support.zyxel.com
Document Conventions
Warnings and Notes
Warnings tell you about things that could harm you or your device.
Syntax Conventions
bold
Configuration >
Network > Interface > Ethernet Configuration
Network Interface Ethernet
Icons Used in Figures
Contents Overview
Table of Contents
Document Conventions ......................................................................................................................3
Contents Overview .............................................................................................................................4
Table of Contents .................................................................................................................................6
Part I: User’s Guide.......................................................................................... 28
Chapter 1
Introduction ........................................................................................................................................29
Chapter 2
Initial Setup Wizard.............................................................................................................................66
Chapter 3
Hardware, Interfaces and Zones ......................................................................................................93
Chapter 4
Quick Setup Wizards........................................................................................................................102
Chapter 5
Dashboard........................................................................................................................................149
Part II: Technical Reference......................................................................... 159
Chapter 6
Monitor..............................................................................................................................................160
Chapter 7
Licensing...........................................................................................................................................247
Chapter 8
Wireless .............................................................................................................................................252
Chapter 9
Interfaces..........................................................................................................................................300
Chapter 10
Routing ..............................................................................................................................................410
Chapter 11
DDNS ................................................................................................................................................437
Chapter 12
NAT ....................................................................................................................................................443
Chapter 13
Redirect Service...............................................................................................................................461
Chapter 14
ALG....................................................................................................................................................467
Chapter 15
UPnP...................................................................................................................................................474
Chapter 16
IP/MAC Binding................................................................................................................................489
Chapter 17
Layer 2 Isolation ...............................................................................................................................494
Chapter 18
DNS Inbound LB................................................................................................................................498
Chapter 19
IPSec VPN .........................................................................................................................................504
Chapter 20
SSL VPN..............................................................................................................................................542
Chapter 21
L2TP VPN............................................................................................................................................548
Chapter 22
Remote AP VPN................................................................................................................................553
Chapter 23
BWM (Bandwidth Management) .................................................................................................559
Chapter 24
Web Authentication ........................................................................................................................576
Chapter 25
Hotspot..............................................................................................................................................609
Chapter 26
Printer Manager ...............................................................................................................................627
Chapter 27
Free Time...........................................................................................................................................639
Chapter 28
IPnP....................................................................................................................................................644
Chapter 29
Walled Garden.................................................................................................................................647
Chapter 30
Advertisement Screen.....................................................................................................................653
Chapter 31
Security Policy..................................................................................................................................656
Chapter 32
Application Patrol ............................................................................................................................687
Chapter 33
Content Filter ....................................................................................................................................696
Chapter 34
Anti-Malware....................................................................................................................................738
Chapter 35
Reputation Filter ...............................................................................................................................759
Chapter 36
IPS ......................................................................................................................................................772
Chapter 37
Email Security...................................................................................................................................799
Chapter 38
Collaborative Detection & Response.............................................................................................818
Chapter 39
SSL Inspection...................................................................................................................................832
Chapter 40
IP Exception......................................................................................................................................857
Chapter 41
Astra Cloud Security ........................................................................................................................860
Chapter 42
Object ...............................................................................................................................................863
Chapter 43
Device HA.........................................................................................................................................988
Chapter 44
Mgmt. & Analytics...........................................................................................................................995
Chapter 45
System.............................................................................................................................................1007
Chapter 46
Log and Report...............................................................................................................................1069
Chapter 47
File Manager ..................................................................................................................................1083
Chapter 48
Diagnostics ....................................................................................................................................1100
Chapter 49
Packet Flow Explore ......................................................................................................................1121
Chapter 50
Shutdown ........................................................................................................................................1128
Part III: Appendices and Troubleshooting................................................ 1130
Chapter 51
Troubleshooting..............................................................................................................................1131
P
ART
I
User’s Guide
C
HAPTER
1
Introduction
1.1 Overview
1.1.1 Model Feature Differences
FEATURE/MODEL
USG FLEX
100
USG FLEX
100W
USG FLEX
200
USG FLEX
500
USG FLEX
700
1.2 On Premises Mode
Initial Setup Wizard On Premises Mode
FEATURE/MODEL
USG FLEX
100
USG FLEX
100W
USG FLEX
200
USG FLEX
500
USG FLEX
700
Figure 1
Nebula Mode
1.3 Nebula Mode
Initial Setup Wizard Nebula Mode
Figure 2
On Premises Mode
1.3.1 NCC Portal
https://nebula.zyxel.com
Go Let’s Start
Native Mode Native Mode
1.3.2 Your Zyxel Device
WAN
LAN
SYS
Maintenance > File Manager > Configuration File startup-config.conf
Download
Native Mode Reset
1.3.3 Your Email Account for ZTP
Native Mode
1.4 Change the Mode
On Premises Mode Nebula Mode
Nebula Mode On Premises Mode
1.4.1 From Nebula Mode to On Premises Mode
https://nebula.zyxel.com
Organization-wide > Configuration > Inventory
Remove
On Premises Mode
Maintenance > File
Manager > Configuration File
Upload Configuration File Browse startup-config.conf
Upload
1.4.2 From On Premises Mode to Nebula Mode
Maintenance File Manager Configuration File
Reset
Nebula Mode
Native Mode ZTP Native Mode
1.5 Registration at myZyxel
Configuration Licensing Registration
Service
http://portal.myZyxel.com
Figure 3
1.5.1 Grace Period
1.5.2 Applications
Security Router
Figure 4
IPv6 Routing
Figure 5
VPN Connectivity
Figure 6
SSL VPN Network Access
Figure 7
User-Aware Access Control
A
B C
Figure 8
Load Balancing
Figure 9
1.6 Management Overview
Web Configurator
Figure 10
Figure 11
Command-Line Interface (CLI)
SETTING VALUE
FTP
SNMP
CloudCNM
CloudCNM
Management Authentication
1.7 Web Configurator
1.7.1 Web Configurator Access
Login
Configuration System
Language
Login
Update Admin Info
Configuration Object User/Group Setting Password Complexity
Password must changed every (days)
Apply
Terms of Use Acknowledge
Terms of Use
Password Change Notification
Configuration Object User/
Group User OK
Network Risk Warning
OK
Never
Update Admin Info Login
Apply Ignore Installation Setup Wizard
1.7.2 Security Check for Web Interface Overview
Router> enable
Router#
Router# configure terminal
Router(config)#
Router(config)# service-register _setremind
after-10-days
after-180-days
after-30-days
every-time
never
Router(config)# service-register _setremind every-time
Router(config)#
1.7.2.1 Secure SSL Access from the Internet to the Zyxel Device
A B C
Figure 12
1.7.2.2 Secure SSL VPN Access from the Internet to the Network Behind the Zyxel Device
Figure 13
1.7.2.3 Change the Default IPSec VPN Provisioning Port
Figure 14
1.7.2.4 Change the Default Port for Two-Factor VPN Access Authentication
Object Auth. Method Two-factor Authentication VPN Access
ABBREVIATION COUNTRY
Figure 15
Overall Port Configuration Example
1.7.2.5 Other Security Measures
Maintenance Firmware Management
Enable Password Complexity Object User/Grou
Setting
1.7.3 The Security Check for Web Interface Screen
REMOTE
MANAGEMENT
SSL VPN
IPSEC VPN
PROVISIONING
TWO-FACTOR VPN
ACCESS
AUTHENTICATION
Figure 16
LABEL DESCRIPTION
1.7.4 Remote Access to the Zyxel Device Networks
Monitor Network Status Device Insight
Configuration Object Device Insight
1.7.5 Web Configurator Screens Overview
A
B
C
OK
Cancel
LABEL DESCRIPTION
Figure 17
Figure 18
Title Bar
Figure 19
LABEL DESCRIPTION
A
C
B
About
About
Figure 20
Figure 21
Site Map
Site MAP
Off
Refresh
All Notifications
LABEL DESCRIPTION
LABEL DESCRIPTION
Figure 22
Web Console
Web Console
Figure 23
Reference
Reference Reference
Refresh
Figure 24
CLI Messages
CLI
LABEL DESCRIPTION
N/A
Cancel
Figure 25
1.7.6 Navigation Panel
Figure 26
Dashboard
Monitor Menu
FOLDER OR LINK TAB FUNCTION
FOLDER OR LINK TAB FUNCTION
Configuration Menu
FOLDER OR LINK TAB FUNCTION
FOLDER OR LINK TAB FUNCTION
FOLDER OR LINK TAB FUNCTION
FOLDER OR LINK TAB FUNCTION
FOLDER OR LINK TAB FUNCTION
Maintenance Menu
FOLDER
OR LINK
TAB FUNCTION
FOLDER OR LINK TAB FUNCTION
1.7.7 Tables and Lists
Figure 27
FOLDER
OR LINK
TAB FUNCTION
Figure 28
Figure 29
Figure 30
Figure 31
Figure 32
Working with Lists
LABEL DESCRIPTION
Add
Edit
Remove
Activate
Inactivate
Connect
Disconnect
References
Move
Figure 33
C
HAPTER
2
Initial Setup Wizard
2.1 Initial Setup Wizard: Select Management Mode
Initial Setup Wizard
Initial Setup Wizard
Logout Initial Setup Wizard Next Finish
On Premises Mode
Nebula Mode
Figure 34
2.1.1 Welcome Screen
On Premises Mode Welcome
Figure 35
2.1.2 Internet Access Setup - WAN Interface
I have two ISPs
VLAN Tagged
Encapsulation Ethernet
PPPoE PPTP L2TP
MTU
WAN Interface
Zone
IP Address Assignment Auto
Static
DHCP Option 60 Auto IP Address Assignment
Figure 36
2.1.3 Internet Access: Ethernet
IP Address Assignment Auto
IP Address Assignment Static,
• VLAN ID
Encapsulation
MTU
First WAN Interface
Zone:
IP Address Auto Auto IP Address
Assignment
DHCP Option 60 Auto IP Address Assignment
IP Subnet Mask
Gateway IP Address
First / Second DNS Server
2.1.3.1 Possible Errors
Figure 37
2.1.4 Internet Access: PPPoE
2.1.4.1 Internet Access - First WAN Interface
• VLAN ID
2.1.4.2 ISP Parameters
• VLAN ID
Encapsulation
MTU
Service Name
Authentication Type
Chap/PAP
Chap
PAP
MSCHAP
MSCHAP-V2
User Name
Password
Nailed-Up Idle Timeout
2.1.4.3 WAN IP Address Assignments
WAN Interface
Zone:
IP Address Auto Auto IP Address
Assignment
First / Second DNS Server
2.1.4.4 Possible Errors
Service Name Authentication Type
Figure 38
2.1.5 Internet Access: PPTP
2.1.5.1 ISP Parameters
MTU
Authentication Type
Chap/PAP
Chap
PAP
MSCHAP
MSCHAP-V2
User Name
Password
Nailed-Up Idle Timeout
2.1.5.2 PPTP Configuration
Base Interface
Base IP Address
IP Subnet Mask
Gateway IP Address
Server IP
Connection ID
:
2.1.5.3 WAN IP Address Assignments
First WAN Interface
Zone
IP Address Auto IP Address
Assignment
First / Second DNS Server
2.1.5.4 Possible Errors
Service IP Base IP Address, IP Subnet Mask, Gateway IP
Address, Connection ID Authentication Type
Figure 39
2.1.6 Internet Access: L2TP
2.1.6.1 ISP Parameters
Authentication Type
Chap/PAP
Chap
PAP
MSCHAP
MSCHAP-V2
User Name
Password
Nailed-Up Idle Timeout
2.1.6.2 L2TP Configuration
Base Interface
Base IP Address
IP Subnet Mask
Gateway IP Address
Server IP
2.1.6.3 WAN IP Address Assignments
WAN Interface
Zone:
IP Address Auto Auto IP Address
Assignment
First / Second DNS Server
2.1.6.4 Possible Errors
Server IP Subnet Mask Gateway IP Address, IP Subnet Mask
Authentication Type
Figure 40
2.1.7 Internet Access Setup - Second WAN Interface
I have two ISPs First WAN Interface
Second WAN Interface
Figure 41
2.1.8 Internet Access: Congratulations
Connection Test Back
Figure 42
2.1.9 Date and Time Settings
Sync. Now
Figure 43
2.1.10 Register Device
Register
Figure 44
Figure 45
Refresh Configuration > Licensing > Registration
Nebula Mode Next
Figure 46
2.1.11 Activate Service
Figure 47
Refresh
Refresh
2.1.12 Service Settings
I have read SecuReporter GDPR and agree policy
Anti-Malware
IDP
Content Filter
App Patrol
Email Security
SecuReporter
Figure 48
2.1.13 Service Settings: SecuReporter
Server Status
Connected
Timeout
Fail
Device Name
Organization
Select from existing organization
Create new organization
Partially Anonymous
Fully Anonymous
Non-Anonymous
Figure 49
Figure 50
2.1.14 Wireless Settings: Management Mode
Management Mode Built-in AP
AP Controller
Next
Figure 51
2.1.15 Wireless Settings: AP Controller
Yes No
Figure 52
2.1.16 Wireless Settings: SSID & Security
SSID Setting
SSID
Security Mode Pre-Shared Key None
Pre-Shared Key
Hidden SSID
Enable Intra-BSS Traffic Blocking
For Zyxel Devices with Built - in AP Only
Bridged to
Figure 53
2.1.17 Remote Management
Policy Control
Figure 54
Allow secure remote management from WAN Policy Control
Restrict access only to trusted host
Allow SSL VPN access from WAN
Restrict access by GeoIP
Figure 55
2.2 Nebula Mode Initial Setup Wizard
Nebula Mode
Figure 56
2.2.1 Connect to Internet (WAN)
I have two ISPs
VLAN Tagged
Encapsulation Ethernet
PPPoE
MTU
WAN Interface
IP Address Assignment Auto
Static
DHCP Option 60 Auto IP Address Assignment
Figure 57
2.2.2 Internet Access: Ethernet
IP Address Assignment Auto
IP Address Assignment Static,
• VLAN ID
Encapsulation
MTU
First WAN Interface
IP Address Auto Auto IP Address
Assignment
DHCP Option 60 Auto IP Address Assignment
IP Subnet Mask
Gateway IP Address
First / Second DNS Server
2.2.2.1 Possible Errors
Figure 58
2.2.3 Internet Access: PPPoE
Internet Access - First WAN Interface
• VLAN ID
ISP Parameters
Encapsulation
MTU
Service Name
Authentication Type
Chap/PAP
Chap
PAP
MSCHAP
MSCHAP-V2
User Name
Password
IP Address Assignments
WAN Interface
IP Address Auto IP Address Assignment Auto
IP Subnet Mask
Gateway IP Address
First / Second DNS Server
2.2.3.1 Possible Errors
Figure 59
2.2.4 Internet Access: Congratulations
Connection Test Back
Next
On Premises Mode Next
Figure 60
2.2.5 QR Code
Native Mode Finish
Figure 61
Nebula Mode Go to Nebula
Back
Figure 62
C
HAPTER
3
Hardware, Interfaces and
Zones
3.1 Hardware Overview
HW:Rev 2.0
3.1.1 Front Panels
Figure 63
Figure 64
USG FLEX MODELS USG FLEX 100 USG FLEX 100W USG FLEX 200 USG FLEX 500 USG FLEX 700
Figure 65
Figure 66
Figure 67
LED COLOR STATUS DESCRIPTION
3.1.2 Rear Panels
Figure 68
LABEL DESCRIPTION
SYS
Maintenance Diagnostics System Log
Configuration System USB Storage
LED COLOR STATUS DESCRIPTION
Figure 69
Figure 70
Figure 71
Figure 72
LABEL DESCRIPTION
3.2 Installation Scenarios
WARNING! Do NOT block the ventilation holes on the Zyxel Device.
Allow 100 mm clearance for the ventilation holes to prevent your Zyxel
Device from overheating. Do not store things on the Zyxel Device. Do
not place a Zyxel Device on another high temperature device.
Overheating could affect the performance of your Zyxel Device, or
even damage it.
3.2.1 Desktop Installation Procedure
USG FLEX MODELS USG FLEX 100 USG FLEX 100W USG FLEX 200 USG FLEX 500 USG FLEX 700
Figure 73
3.2.2 Rack-mounting
Figure 74
Figure 75
3.2.3 Wall-mounting
MODEL NAME DISTANCE “X”
Figure 76
Figure 77
3.3 Default Zones, Interfaces, and Ports
3.4 Stopping the Zyxel Device
Maintenance Shutdown Shutdown shutdown
ZONE / INTERFACE SFP WAN LAN1 LAN2 DMZ OPT
ZONE / INTERFACE WAN LAN1 LAN2 DMZ OPT
NO DEFAULT
ZONE
ZONE / INTERFACE WAN LAN DMZ OPT NO DEFAULT ZONE
C
HAPTER
4
Quick Setup Wizards
4.1 Quick Setup Overview
Quick Setup Quick Setup
Figure 78
• WAN Interface
• Remote Access VPN Setup
Zyxel VPN Client
L2TP over IPSec Client
• VPN Setup
VPN Setup
Use VPN Settings for Configuration Provisioning
VPN Settings for L2TP VPN Settings
• Wireless Setup
• Wizard Help
4.2 WAN Interface Quick Setup
WAN Interface Quick Setup WAN Interface Quick Setup Wizard
Welcome Next
Figure 79
4.2.1 Choose an Ethernet Interface
Next
Figure 80
4.2.2 Select WAN Type
WAN Type Selection Ethernet
PPPoE PPTP L2TP
Figure 81
4.2.3 Configure WAN IP Settings
Figure 82
Figure 83
WAN Interface
Zone
IP Address Assignment Auto
Static
4.2.4 ISP and WAN and ISP Connection Settings
Ethernet IP Address Assignment Auto IP Address Assignment Static
PPTP PPPoE
Figure 84
Figure 85
Figure 86
ISP Parameter
Encapsulation
Service Name
Authentication Type:
CHAP/PAP
CHAP
PAP
MSCHAP
MSCHAP-V2
User Name
@$./
Password:
Retype to Confirm
Nailed-Up Nailed-Up
Idle Timeout
PPTP Configuration
Base Interface
Base IP Address
IP Subnet Mask
Gateway IP Address
Server IP
Connection ID:
:
IP Address Assignment
WAN Interface
Zone
IP Address
IP Subnet Mask
Gateway IP Address
First DNS Server / Second DNS Server
0.0.0.0
4.2.5 Quick Setup Interface Wizard: Summary
Figure 87
Encapsulation
Service Name
Server IP
User Name
Nailed-Up No Yes
Idle Timeout:
Connection ID
WAN Interface
Zone
IP Address Assignment Auto
IP Address
IP Subnet Mask
Gateway IP Address:
First DNS Server /Second DNS Server IP Address Assignment Static
4.3 Remote Access VPN Setup-Scenario
IKEv2 IPSec Client
L2TP over IPSec Client
Figure 88
4.3.1 IKEv2 IPSec Client- VPN Configuration
Full Tunnel Split
Tunnel
Full Tunnel
Figure 89
Interface
Domain Name/ IPv4
Auto
Manual
Host IP Address Host Domain Name
IP Address Domain Name
IP Address Domain Name
Configuration Object Certificate My Certificate
IP Address Domain Name
Full Tunnel Allow Client VPN Traffic Through WAN
Allow Client VPN Traffic Through WAN
Split Tunnel
LAN DMZ guest
Figure 90
IP Address Pool
Customer Defined
Second DNS Server
Upload Bandwidth Limit
Upload Bandwidth Limit
Configuration VPN
IPSec VPN Configuration Provisioning
4.3.2 IKEv2 IPSec Client- User Authentication
Figure 91
Member
Configuration Object
User/Group User Add A User
4.3.3 IKEv2 IPSec Client- Summary
Figure 92
RemoteAccess_Wiz
Save RemoteAccess_Wiz VPN PSec VPN VPN Connection
VPN IPSec VPN VPN Gateway
4.3.4 IKEv2 IPSec Client-Config Provision
Non SecuExtender VPN Client
Figure 93
4.3.5 L2TP over IPSec Client-VPN Configuration
L2TP over IPSec Client
Full Tunnel
Figure 94
Pre-Shared Key
Interface
Domain Name/ IPv4
Full Tunnel Allow Client VPN Traffic Through WAN
Allow Client VPN Traffic Through
WAN
Figure 95
IP Address Pool
Customer
Defined
Second DNS Server
4.3.6 L2TP over IPSec Client- User Authentication
Figure 96
Member
Configuration Object
User/Group User Add A User
4.3.7 L2TP over IPSec Client- Summary
Figure 97
RemoteAccess_L2TP_Wiz
Save RemoteAccess_L2TP_Wiz VPN L2TP VPN
4.3.8 L2TP over IPSec Client-Config Provision
Figure 98
4.4 VPN Setup Wizard
VPN Setup Quick Setup Welcome
4.4.1 Welcome
Configuration > VPN > IPSec VPN > VPN Gateway
Configuration > VPN > IPSec VPN > VPN Connection
VPN Settings
VPN Settings for Configuration Provisioning
VPN Settings for L2TP VPN Settings
Figure 99
4.4.2 VPN Setup Wizard: Wizard Type
Express
Advanced
Figure 100
4.4.3 VPN Express Wizard - Scenario
Express
Figure 101
IKE (Internet Key Exchange) Version: IKEv1 and IKEv2
Scenario
Rule Name
_
Site-to-site
Site-to-site with Dynamic Peer
Remote Access (Server Role)
Remote Access (Client Role)
4.4.4 VPN Express Wizard - Configuration
Figure 102
My Address (interface)
Secure Gateway Any
Pre-Shared Key
Local Policy (IP/Mask)
Remote Policy (IP/Mask) Any
4.4.5 VPN Express Wizard - Summary
Figure 103
Rule Name
Secure Gateway Any
Pre-Shared Key
Local Policy
Remote Policy
Any
Configuration for Secure Gateway
4.4.6 VPN Express Wizard - Finish
VPN > IPSec VPN
> VPN Gateway VPN > IPSec VPN > VPN Connection
Figure 104
Close
4.4.7 VPN Advanced Wizard - Scenario
Advanced
Figure 105
IKE (Internet Key Exchange) Version: IKEv1 and IKEv2
Scenario
Rule Name
_
Site-to-site
Site-to-site with Dynamic Peer
Remote Access (Server Role)
Remote Access (Client Role)
4.4.8 VPN Advanced Wizard - Phase 1 Settings
Figure 106
Secure Gateway Any
My Address (interface)
Negotiation Mode Main Aggressive
Main
Aggressive
Encryption Algorithm 3DES AES
3DES
AES128
Authentication Algorithm MD5 SHA512
Key Group DH5 DH1 DH2
SA Life Time
NAT Traversal
Dead Peer Detection (DPD)
Authentication Method Pre-Shared Key Certificate
4.4.9 VPN Advanced Wizard - Phase 2
Figure 107
Active Protocol ESP AH
Encapsulation Tunnel Transport
Encryption Algorithm 3DES AES AES
Null
Authentication Algorithm MD5 SHA512
SA Life Time
Perfect Forward Secrecy (PFS)
DH5 DH1 DH2
Local Policy (IP/Mask)
Remote Policy (IP/Mask)
Nailed-Up
4.4.10 VPN Advanced Wizard - Summary
Figure 108
Rule Name
Secure Gateway
Pre-Shared Key
Certificate
Local Policy
Remote Policy
Negotiation Mode Main Aggressive
Main
Aggressive
Encryption Algorithm
DES
3DES
AES128
AES192
AES256
Authentication Algorithm
MD5
SHA1
SHA256
Key Group DH5 DH1 DH2
DH1
DH2
DH5
Active Protocol ESP AH
Encapsulation Tunnel Transport
Encryption Algorithm
DES
3DES
AES128
AES192
AES256
Null
Authentication Algorithm
MD5
SHA1
SHA256
Configuration for Remote Gateway
Save
4.4.11 VPN Advanced Wizard - Finish
VPN > IPSec VPN
> VPN VPN > IPSec VPN > VPN Connection
Figure 109
Close
4.5 VPN Settings for Configuration Provisioning Wizard:
Wizard Type
Use VPN Settings for Configuration Provisioning
not
AH
NULL
SHA512
Express
Advanced
Figure 110
4.5.1 Configuration Provisioning Express Wizard - VPN Settings
Express
Figure 111
IKE
IKEv2
Rule Name
_
Application Scenario Remote Access (Server Role)
4.5.2 Configuration Provisioning VPN Express Wizard - Configuration
Next
Figure 112
My Address (interface)
Secure Gateway Any
Pre-Shared Key
Local Policy (IP/Mask)
Remote Policy (IP/Mask) Any
4.5.3 VPN Settings for Configuration Provisioning Express Wizard - Summary
Figure 113
Rule Name
Secure Gateway Any
Pre-Shared Key
Local Policy
Remote Policy Any
Configuration for Secure Gateway
Save
4.5.4 VPN Settings for Configuration Provisioning Express Wizard - Finish
Configuration >
VPN > IPSec VPN > VPN Gateway Configuration > VPN
> IPSec VPN > VPN Connection
Figure 114
Close
4.5.5 VPN Settings for Configuration Provisioning Advanced Wizard -
Scenario
Advanced
Figure 115
IKE
IKEv2
Rule Name
_
Application Scenario Remote Access (Server Role)
Next
4.5.6 VPN Settings for Configuration Provisioning Advanced Wizard - Phase
1 Settings
Figure 116
Secure Gateway Any
My Address (interface)
Negotiation Mode Main Aggressive
Main
Aggressive
Encryption Algorithm 3DES AES
Authentication Algorithm
MD5 SHA1
SHA256
Key Group DH5 DH1 DH2
DH5
SA Life Time
Authentication Method Pre-Shared Key Certificate
4.5.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase
2
Figure 117
Active Protocol ESP AH
Encapsulation Tunnel Transport
Encryption Algorithm 3DES AES AES
Null
Authentication Algorithm
MD5 SHA1
SHA256
SA Life Time
Perfect Forward Secrecy (PFS):
DH5 DH1 DH2
Local Policy (IP/Mask)
Remote Policy (IP/Mask) Any
Nailed-Up
4.5.8 VPN Settings for Configuration Provisioning Advanced Wizard -
Summary
Figure 118
Rule Name
Secure Gateway ny
Pre-Shared Key
Local Policy
Remote Policy Any
Negotiation Mode Main Aggressive
Main
Aggressive
Encryption Algorithm
DES
3DES
AES128
AES192
AES256
Authentication Algorithm
MD5
SHA1
SHA256
Key Group DH5 DH1 DH2
DH1
DH2
DH5
Active Protocol ESP AH
Encapsulation Tunnel Transport
Encryption Algorithm
DES
3DES
AES128
AES192
AES256
Null
Authentication Algorithm
MD5
SHA1
SHA256
Configuration for Secure Gateway
Save
4.5.9 VPN Settings for Configuration Provisioning Advanced Wizard - Finish
VPN > IPSec VPN
> VPN VPN > IPSec VPN > VPN Connection
Figure 119
Close
4.6 VPN Settings for L2TP VPN Settings Wizard
VPN Settings for L2TP VPN Settings Configuration > Quick Setup >
VPN Setup VPN Settings for L2TP VPN Settings
Figure 120
Next
4.6.1 L2TP VPN Settings
Figure 121
Rule Name
_
My Address (interface)
Pre-Shared Key
Next
4.6.2 L2TP VPN Settings
Figure 122
IP Address Pool RANGE SUBNET
Starting IP Address
End IP Address
Network SUBNET
Netmask
First DNS Server (Optional)
Second DNS Server (Optional)
Allow L2TP traffic Through WAN
Next
4.6.3 VPN Settings for L2TP VPN Setting Wizard - Summary
Figure 123
Rule Name
Secure Gateway: Any
Pre-Shared Key
My Address (Interface)
IP Address Pool
Save
4.6.4 VPN Settings for L2TP VPN Setting Wizard - Completed
Figure 124
Configuration >
VPN > L2TP VPN Configuration > VPN > IPSec VPN > VPN Connection VPN
Gateway
4.7 Wireless Setup Wizard
Wireless Setup Quick Setup
Summary
Figure 125
4.7.1 Management Mode
Management Mode
Figure 126
Built-in AP AP Controller
Next
4.7.2 SSID
SSID
Figure 127
SSID AP Controller
Edit
Figure 128
SSID Built-in AP
Edit
Figure 129
Figure 130
Activate
Wireless Name SSID)
VLAN ID
Band Mode Dual Band
Security Mode
WPA2 WEP WPA
Configuration > Wireless
WPA2, Pre-Shared Key 802.1x
None
OK Cancel
Next
4.7.3 Radio
Radio
Figure 131
DCS
Manual
Output Power
20 MHz
20/40MHz 20/40/80MHz
4.7.4 Summary
Summary
Figure 132
Summary Save
Back
4.7.5 Wizard Completed
Wizard Completed
Figure 133
Close
C
HAPTER
5
Dashboard
5.1 Overview
Dashboard
5.1.1 What You Can Do in this Chapter
Dashboard
Dashboard
5.2 The General Screen
Dashboard Dashboard
Figure 134
LABEL DESCRIPTION
5.2.1 Device Information Screen
Device Information
Figure 135
Figure 136
Inactive
Down
Speed / Duplex
Full Half
none
Inactive
Connected
Disconnected
LABEL DESCRIPTION
LABEL DESCRIPTION
Host Name
5.2.2 System Status Screen
Figure 137
5.2.3 Tx/Rx Statistics
Firmware Package
LABEL DESCRIPTION
LABEL DESCRIPTION
OK
Firmware update OK
Problematic configuration after firmware update
System default configuration
Fallback to lastgood configuration
Fallback to system default configuration
Booting in progress
Date/Time
Figure 138
5.2.4 The Latest Logs Screen
Figure 139
5.2.5 System Resources Screen
LABEL DESCRIPTION
LABEL DESCRIPTION
Figure 140
5.2.6 DHCP Table Screen
LABEL DESCRIPTION
Show CPU Usage
Show Memory Usage
Detail Session Monitor
Show Active Sessions
Figure 141
5.2.7 Number of Login Users Screen
LABEL DESCRIPTION
Apply
Apply
Figure 142
5.2.8 Current Login User
Figure 143
5.2.9 VPN Status
Figure 144
LABEL DESCRIPTION
ext-user
5.2.10 SSL VPN Status
Figure 145
5.3 The Advanced Threat Protection Screen
Advanced Threat Protection
Figure 146
LABEL DESCRIPTION
Refresh
P
ART
II
Technical Reference
C
HAPTER
6
Monitor
6.1 Overview
Monitor
6.1.1 What You Can Do in this Chapter
Monitor
Traffic Statistics > Port Statistics
Traffic Statistics > Port Statistics > Graph View
Traffic Statistics > Interface Status
Traffic Statistics > Traffic Statistics
Traffic Statistics > Session Monitor
Network Status > DHCP Table
Network Status Device Insight
Network Status > Login Users
Network Status > Dynamic Guest
Network Status > IGMP Statistics
Network Status > DDNS Status
Network Status > IP/MAC Binding
Network Status > Cellular Status
Network Status > UPnP Port Status
Network Status > USB Storage
• Network Status > Ethernet Neighbor
Network Status > FQDN Object
Network Status > Virtual Server LB
Wireless > AP Information AP List
Wireless > AP Information Radio List
Wireless > AP Information > Built-in AP
Wireless > AP Information Top N APs
Wireless > AP Information Single AP
Wireless > ZyMesh
Wireless > SSID Info
Wireless > Station Info Station List
Wireless > Station Info Top N Stations
Wireless > Station Info Single Station
Wireless > Detected Device
Wireless > Wireless Health
Printer Status
VPN Monitor IPSec
VPN Monitor > SSL
VPN Monitor > L2TP over IPSec
VPN Monitor Remote AP VPN
Security Statistics > App Patrol
Security Statistics > Content Filter
Security Statistics > Anti-Malware
Security Statistics > Reputation Filter
Security Statistics > IPS
Security Statistics > Email Security Summary
Security Statistics > Email Security Status
Security Statistics > CDR
Security Statistics > SSL Inspection
Log > View Log
Log > View AP Log
Log > Dynamic Users Log
6.2 The Port Statistics Screen
Monitor > Traffic Statistics Port Statistics
Figure 147
LABEL DESCRIPTION
Set Interval
Poll Interval
Poll Interval Set Interval
6.2.1 The Port Statistics Graph Screen
Port Statistics Status Switch to Graphic View Button
Figure 148
Down
Speed / Duplex
Full Half
LABEL DESCRIPTION
6.3 Interface Status Screen
Monitor >
Traffic Statistics > Interface Summary
LABEL DESCRIPTION
Figure 149
LABEL DESCRIPTION
Expand
Inactive
Down
Speed / Duplex
Full Half
Inactive
Connected
Disconnected
Up
Up
Connected
Disconnected
Up
Down
Static
DHCP Client
DHCP
relay DHCP server DDNS RIP OSPF n/a
Renew
Connect
n/a
LABEL DESCRIPTION
Remote Gateway Address
Expand
Inactive
Down
Speed / Duplex
Full Half
Inactive
Connected
Disconnected
Up
Up
Connected
Disconnected
Up
Down
LABEL DESCRIPTION
6.4 The Traffic Statistics Screen
Monitor > Traffic Statistics > Traffic Statistics Traffic Statistics
Traffic Statistics
Traffic Statistics
DHCP
relay DHCP server DDNS RIP OSPF n/a
Renew
Connect
n/a
Expand
Down
Speed / Duplex
Full Half
Connected
LABEL DESCRIPTION
Figure 150
LABEL DESCRIPTION
Refresh
Apply
Reset
Host IP Address/User
Service/Port
Web Site Hits
Country
Traffic Type Host IP Address/User
Ingress
Egress
Direction Ingress Direction Egress
Traffic Type Service/Port
Ingress
Egress
Direction Ingress Direction Egress
Traffic Type Web Site Hits
Traffic Type Country
Ingress
Egress
Direction Ingress Direction Egress
Ingress
Egress
LABEL DESCRIPTION
LABEL DESCRIPTION
6.5 The Session Monitor Screen
Session Monitor
Monitor > Traffic Statistics > Session Monitor
Figure 151
LABEL DESCRIPTION
sessions by users
sessions by services
sessions by source IP
session by source region
sessions by destination IP
sessions by destination region
all sessions User Service Source Address Destination
Address
User Service Source Address Destination Address, Source Country Destination
Country
View all sessions
View all sessions
View all sessions
View all sessions
View all sessions
View all sessions
Clear Clear All
Log > View Log
sessions by users all sessions + -
sessions by services + -
sessions by source IP + -
sessions by destination IP + -
LABEL DESCRIPTION
6.6 The DHCP Table Screen
Monitor > Network Status > DHCP Table
Figure 152
LABEL DESCRIPTION
Export Save
Configuration Network Interface Ethernet VLAN DCHP Setting.
6.7 The Device Insight Screen
Device Insight
Device Insight
IP address
Yes
LABEL DESCRIPTION
Device Insight
Device Insight
A B
C
Figure 153
Monitor Device Inventory
Figure 154
LABLE DESCRIPTION
Edit
Description
Remove
Device Insight
Remove
Add to block list
Remove from block list
Feedback
Category Operating System Type
6.7.1 The Device Insight Edit Screen
Monitor Network Status Device
Insight Edit
Figure 155
LABLE DESCRIPTION
LABLE DESCRIPTION
6.7.2 The Device Insight Feedback Screen
Monitor Network Status Device
Insight Feedback
Figure 156
LABEL DESCRIPTION
6.8 The Login Users Screen
Monitor > Network Status > Login Users
Figure 157
LABEL DESCRIPTION
unlimited
Private IPv4
-
6.9 Dynamic Guest
Monitor > Network Status > Dynamic Guest
Figure 158
ext-
user
-
Accounting-on
Accounting-off
N/A
LABEL DESCRIPTION
LABEL DESCRIPTION
6.10 IGMP Statistics
T U
D
U D
LABEL DESCRIPTION
LABEL DESCRIPTION
Monitor Network Status IGMP Statistics
Figure 159
6.11 The DDNS Status Screen
DDNS Status Monitor >
Network Status > DDNS Status
Figure 160
LABEL DESCRIPTION
6.12 IP/MAC Binding
Monitor > Network Status > IP/MAC Binding IP/MAC Binding
Figure 161
LABEL DESCRIPTION
Updating
LABEL DESCRIPTION
6.13 Cellular Status Screen
Monitor > Network Status > Cellular
Status
Figure 162
LABEL DESCRIPTION
LABEL DESCRIPTION
No device
No Service
Limited Service
Device detected
Device error
Probe device fail
Probe device ok
Init device fail
Init device ok
Check lock fail
Device locked
SIM error
SIM locked-PUK
SIM locked-PIN
Unlock PUK fail
Unlock PIN fail
Unlock device fail
Device unlocked
Get dev-info fail
Get dev-info ok
Searching network
Get signal fail
Network found
Apply config
Inactive
Active
Incorrect device
Correct device
Set band fail
Set band ok
Set profile fail
Set profile ok
PPP fail
Need auth-password
Device ready
Limited Service
LABEL DESCRIPTION
6.13.1 More Information
Monitor > Network Status
> Cellular Status > More Information
Figure 163
UMTS UMTS/HSDPA GPRS EDGE
1xRTT EVDO Rev.0 EVDO Rev.A
LABEL DESCRIPTION
LABEL DESCRIPTION
Limited Service
6.14 The UPnP Port Status Screen
Monitor > Network Status > UPnP Port Status
Figure 164
UMTS UMTS/HSDPA GPRS EDGE
1xRTT EVDO Rev.0 EVDO Rev.A
Signal Quality
LABEL DESCRIPTION
LABEL DESCRIPTION
6.15 USB Storage Screen
Monitor > Network Status
> USB Storage
Figure 165
External Port
Internal Client Internal Port
Internal Client
Internal Port Internal Client
Internal Client
Internal Port Internal
Port
Internal Client
Internal Client
LABEL DESCRIPTION
LABEL DESCRIPTION
6.16 Ethernet Neighbor Screen
System > ZON
System > ZON
Monitor > Network Status > Ethernet Neighbor
Unknown
Ready
Remove Now
Unused
Remove Now
Use It
none
Deactivated
OutofSpace
Mounting
Removing
none
LABEL DESCRIPTION
Figure 166
6.17 FQDN Object Screen
Monitor > Network Status > FQDN Object FQDN Object
Configuration > Object > Address/Geo IP > Address Configuration
> Object > Address/Geo IP > Address Group
LABEL DESCRIPTION
Port Role
Network > Interface > Ethernet > Edit
Port Role
Object > Address
Security Policy > Policy Control > Add
Figure 167
LABEL DESCRIPTION
Configuration > Object > Address/Geo IP IPv4 Address
Configuration
Configuration > Object > Address/Geo IP IPv6 Address
Configuration
6.18 Virtual Server Load Balancing
Monitor > Network Status > Virtual Server LB
Figure 168
LABEL DESCRIPTION
6.19 AP Information: AP List
AP Information AP List, Radio List, Top N APs Single AP Monitor >
Wireless > AP Information AP List
LABEL DESCRIPTION
Traffic/Connections By Packets
Traffic/Connections By Rates
Off-line
On-line
Traffic/Connections By Packets
Traffic/Connections By Rates
Figure 169
LABEL DESCRIPTION
Show Advanced Settings Filter
All
NebulaFlexPRO
Online All
Online
Conflict More Details
Non Support More Details
Updating
Offline All
Offline
Offline for Firmware Update
Un-Mgmt
Configuration > Wireless > Controller
Registration Type Always Accept
Monitor > Wireless > AP Information >
Radio List
Monitor > Log > View Log
OK
Online All
Online
Conflict More Details
Non Support More Details
Updating
Offline All
Offline
Offline for Firmware Update
Un-Mgmt
Edit
LABEL DESCRIPTION
N/A
Full
Limited
Mgmt Un-Mgm
Limite
N/A
AP MON rootap repeater
AP MON rootap repeater
VLAN Conflict
Mgmnt. VLAN ID(AC) n/a
N/A
Full Half
LABEL DESCRIPTION
6.19.1 AP List: More Information
More Information AP List
N/A
Unavailable
Available
Advertising
Apply
Refresh
LABEL DESCRIPTION
LABEL DESCRIPTION
More Information AP List
Figure 170
LABEL DESCRIPTION
n/a
n/a
Down
Speed / Duplex
Full Half
Port Role
Network > Interface > Ethernet > Edit
Port Role
OK
Cancel
LABEL DESCRIPTION
6.19.2 AP List: Edit AP
Edit Selected Rule Monitor > Wireless > AP Information > AP List
Figure 171
LABEL DESCRIPTION
Radio Profile
N/A
AP Mode
MON Mode
Create new Object
Broadcast Storm Contro
Multicast Storm Control
Wall Ceiling
Wall Ceiling
Suppression On
LABEL DESCRIPTION
6.20 AP Information: Radio List
Monitor > Wireless > AP Information > Radio List Radio List
Figure 172
Turn On
Turn Off
Apply Factory Default
OK
Cancel
LABEL DESCRIPTION
Figure 173
LABEL DESCRIPTION
UnderLoad OverLoad
N/A
n/a
AP Mode
6.20.1 Radio List: More Information
More
Information Radio List
Figure 174
6.21 AP Information: Built-in AP
Monitor > Wireless > AP Information > Built-in AP
LABEL DESCRIPTION
Local Bridge Tunnel
Figure 175
6.22 AP Information: Top N APs
Monitor > Wireless > AP Information > Top N APs Top N APs
LABEL DESCRIPTION
Refresh
Figure 176
6.23 AP Information: Single AP
Monitor >
Wireless > AP Information > Single AP Single AP
LABEL DESCRIPTION
Usage
Station Number
Refresh
Figure 177
6.24 ZyMesh
Monitor > Wireless >
ZyMesh
LABEL DESCRIPTION
Refresh
Figure 178
6.25 SSID Info
Monitor > Wireless > SSID Info
LABEL DESCRIPTION
Refresh
Figure 179
6.26 Station Info: Station List
Station Info Station List Top N Stations Single Station
Monitor > Wireless > Station Info > Station List
LABEL DESCRIPTION
Station Info >
Station List
Station Info > Station
List
Refresh
Figure 180
LABEL DESCRIPTION
6.27 Station Info: Top N Stations
Monitor >
Wireless > Station Info > Top N Stations
Refresh
LABEL DESCRIPTION
Figure 181
6.28 Station Info: Single Station
Monitor > Wireless >
Station Info > Single Station
LABEL DESCRIPTION
Refresh
Figure 182
6.29 Detected Device
Monitor > Wireless >
Detected Device
Configuration > Wireless > AP Management
LABEL DESCRIPTION
Refresh
Figure 183
LABEL DESCRIPTION
Configuration > Wireless > MON Mode
Configuration > Wireless > MON Mode
Rogue AP Detection
Configuration > Wireless > MON Mode
6.30 Wireless Health
Monitor Wireless Wireless Health
Figure 184
LABEL DESCRIPTION
2.4G 5G
6.31 The Printer Status Screen
Monitor > Printer Status
Figure 185
6.32 The IPSec Screen
IPSec Monitor
Monitor > VPN Monitor IPSec
LABEL DESCRIPTION
LABEL DESCRIPTION
n/a sync fail
Edit
n/a sync fail
Figure 186
LABEL DESCRIPTION
Search
Search
N/A
6.32.1 Regular Expressions in Searching IPSec SAs
6.33 The SSL Screen
Monitor
> VPN Monitor > SSL
Figure 187
N/A
LABEL DESCRIPTION
6.34 The L2TP over IPSec Screen
Monitor > VPN Monitor > L2TP over IPSec
Figure 188
LABEL DESCRIPTION
Refresh
LABEL DESCRIPTION
Refresh
6.35 The Remote AP VPN Screen
Remote AP VPN Monitor
Monitor > VPN Monitor
Remote AP VPN
Figure 189
LABEL DESCRIPTION
Search
Search
Configuration Wireless AP Management
Configuration VPN Remote AP VPN
6.36 The App Patrol Screen
Monitor > Security Statistics > App Patrol > Summary
Application Patrol App Patrol Security Policy
Figure 190
LABEL DESCRIPTION
LABEL DESCRIPTION
Apply
Flush Data
Apply
Reset
6.37 The Content Filter Screen
Monitor > Security Statistics > Content Filter
6.37.1 Web Content Filter
Figure 191
LABEL DESCRIPTION
6.37.2 DNS Content Filter
LABEL DESCRIPTION
Apply
Flush Data
Apply
Reset
Figure 192
LABEL DESCRIPTION
Apply
Flush Data
Apply
Reset
6.38 The Anti-Malware Screen
Monitor > Security Statistics > Anti-Malware > Summary
Figure 193
LABEL DESCRIPTION
Apply
Flush Data
Apply
Reset
Figure 194
Virus Name Source IP Destination IP, Source IPv6 Destination IPv6
Virus Name
Source IP
Destination IP
Source IPv6
Destination IPv6
Virus Name
Source IP.
Source IPv6.
Destination IP.
Destination IPv6.
LABEL DESCRIPTION
Figure 195
Figure 196
Figure 197
6.39 The Reputation Filter Screen
Monitor > Security Statistics > Reputation Filter > Summary
Figure 198
6.40 The IPS Screen
Monitor > Security Statistics > IPS > Summary
LABEL DESCRIPTION
Apply
Flush Data
Apply
Reset
Figure 199
LABEL DESCRIPTION
Apply
Flush Data
Apply
Reset
Signature Name Source IP Destination IP
Signature Name
Source IP
Destination IP
Figure 200
Signature Name
Signature Name
Signature Name
Signature Name
Source.
Destination.
Signature Name
Signature Name
LABEL DESCRIPTION
Figure 201
6.41 The Email Security Screens
Email Security Summary Status
6.41.1 Email Security Summary
Monitor > Security Statistics > Email Security Summary
Figure 202
LABEL DESCRIPTION
Apply
Flush Data
Apply
Reset
Email
Security > Status
Email Security > Summary
Email
Security > Status
Email Security > Summary
6.41.2 The Email Security Status Screen
Monitor > Security Statistics > Email Security Status Email Security Status
Email Security Status
Figure 203
Sender IP
Sender Email Address
Sender IP
Sender Email Address
LABEL DESCRIPTION
LABEL DESCRIPTION
6.42 Collaborative Detection & Response (CDR)
Monitor > Security Statistics > CDR> Containment List
Figure 204
LABEL DESCRIPTION
Figure 205
6.42.1 CDR History
Monitor > Security Statistics > CDR> History
LABEL DESCRIPTION
Time
cdr blocked-by mac
History
History
Figure 206
Figure 207
6.43 The SSL Inspection Screens
Monitor > Security Statistics > SSL Inspection > Summary
LABEL DESCRIPTION
Figure 208
LABEL DESCRIPTION
Apply
Flush Data
Apply
Reset
Collect Statistics
Collect Statistics
6.43.1 Certificate Cache List
Exclude List SSL Inspection
Monitor > Security Statistics > SSL Inspection > Certificate Cache List
Exclude List
Figure 209
LABEL DESCRIPTION
Exclude List
Exclude List
Exclude List
Exclude List
Exclude List
.
6.44 Log Screens
All Logs
Debug Log
6.44.1 View Log
Monitor > Log
View Log
Figure 210
LABEL DESCRIPTION
Category Email Log Now Refresh Clear
Category Priority Source Address Destination
Address Source Interface Destination Interface Service Keyword Protocol Search
All Logs
Debug Log
any emerg alert
crit error warn notice info
Category Debug Log
Message
Source Destination Note
Reset
Active
Send Log To Log Settings
Priority
Category
6.44.2 View AP Log
Monitor > Log > View AP Log
Figure 211
x
x Message
LABEL DESCRIPTION
LABEL DESCRIPTION
Display Email Log Now Refresh Clear
Display Priority Source Address Destination Address
Source Interface Destination Interface Service Keyword Protocol Search
All Logs
Debug Log
any emerg alert
crit error warn notice info
Category Debug Log
Active
Send Log To Log Settings
any emerg alert
crit error warn notice info
Category Debug Log
Display Category
LABEL DESCRIPTION
6.44.3 Dynamic Users Log
Monitor > Log >
Dynamic Users Log
Figure 212
LABEL DESCRIPTION
Search
Search
T U
D
T
U D
U D
LABEL DESCRIPTION
C
HAPTER
7
Licensing
7.1 Registration Overview
Configuration > Licensing > Registration
Registration
Service
Signature Update
7.1.1 What you Need to Know
Subscription Services Available
Configuration > Licensing > Registration > Service
7.1.2 Registration Screen
Refresh
Refresh
Configuration > Licensing > Registration
Figure 213
7.1.3 Service Screen
Activate
Configuration > Licensing > Registration Service
Figure 214
LABEL DESCRIPTION
Activated
Not Activated Expired
Expired Not Licensed
Default
Status Default
Trial
Standard
N/A
LABEL DESCRIPTION
7.2 Signature Update
Configuration > Licensing > Signature Update
7.2.1 What you Need to Know
7.2.2 The Signature Screen
Configuration > Licensing > Signature Update
Figure 215
Buy
Standard Renew
Activate
LABEL DESCRIPTION
7.2.3 Auto Update
Schedule
Figure 216
LABEL DESCRIPTION
Update
Schedule
LABEL DESCRIPTION
C
HAPTER
8
Wireless
8.1 Overview
Wireless
Licenses
8.1.1 What You Can Do in this Chapter
Built-in AP
Controller
AP Management
Rogue AP
Wireless Health
Auto Healing
RTLS
8.1.2 What You Need to Know
MODEL/FEATURE AIRTIME FAIRNESS
ETHERNET STORM
CONTROL
WIRELESS STORM
CONTROL
WIRELESS HEALTH
8.2 Built-in AP
AP Controller Mode
Configuration > Wireless > Built-in AP_ General Switch to Built-in AP Mode
Figure 217
AP Controller Mode Built-in AP Mode Configuration > Controller Switch to
AP Controller Mode
Figure 218
Configuration > Wireless > Built-in AP Built-in AP Mode
MODEL/FEATURE AIRTIME FAIRNESS
ETHERNET STORM
CONTROL
WIRELESS STORM
CONTROL
WIRELESS HEALTH
Figure 219
8.2.1 Wireless > Built-in AP > General >Add/Edit SSID
Add Configuration > Wireless > Built-in AP then
Edit
LABEL DESCRIPTION
Edit
Activate
Inactivate
Apply
Reset
Figure 220
LABEL DESCRIPTION
Activate Inactivate
disable
WMM
WMM_VOICE
WMM_VIDEO
WMM_BEST_EFFORT
WMM_BACKGROUND
open wep wpa2 wpa2-mix
RADIUS Server Type Internal
Configuration > Object >
Auth. Method
auto
aes
LABEL DESCRIPTION
Security Mode wpa2 wpa2-mix
Enable Disable
wpa2 Security Mode Cipher Type
aes
Optional
Required
Internal External
LABEL DESCRIPTION
8.2.2 Wireless > Built-in AP > Radio
Configuration >
Wireless > Built-in AP > Radio
allow
deny
OK
Cancel
LABEL DESCRIPTION
Figure 221
LABEL DESCRIPTION
Advanced Settings
11b/g
11b/g/n
20/40MHz
20MHz
DCS
Channel Selection Manual
Manual
Channel Selection DCS
Channel Selection DCS
auto
2.4 GHz Channel
Deployment
manual
Channel Selection DCS 2.4 GHz Channel
Selection Method manual
Channel Selection DCS 2.4 GHz Channel
Selection Method auto
Three-Channel Deployment
Four-Channel Deployment
Channel Selection DCS
20/40MHz 20/40/80MHz
Short Long
LABEL DESCRIPTION
Multicast to Unicast
Fixed Multicast Rate
LABEL DESCRIPTION
11a
11a/n
11ac
20 MHz
20/40 MHz
20/40/80 MHz
11ac
11ax 802.11 Mode
DCS
Channel Selection Manual
Manual
OK
Cancel
LABEL DESCRIPTION
8.3 Controller Screen
Configuration > Wireless > Controller
Figure 222
8.3.1 Connecting an AP to the Zyxel Device
AP List MONITOR
> Wireless > AP Information
LABEL DESCRIPTION
Manual Always Accept
Manual Monitor > Wireless > AP Information > AP List
Add to Mgnt AP List Configuration > Wireless
> Controller > Mgnt. AP List
Manual
Apply
Reset
8.3.2 Connecting an AP to the Zyxel Device Manually
CONFIGURATION > Network > AC Discovery.
Discovery Setting Manual
Primary static AC IP
Apply
8.3.3 Connecting an AP to the Zyxel Device Using DHCP Option 138
AP Management
8.4 AP Management Screens
Configuration >
Wireless > AP Management
8.4.1 Mgnt. AP List
Figure 223
LABEL DESCRIPTION
Show Advanced Settings Filter
All
NebulaFlexPRO
Configuration > Wireless > Controller
Registration Type Always Accept
Monitor > Wireless > AP Information >
Radio List
Monitor > Log > View Log
OK
Edit
LABEL DESCRIPTION
8.4.1.1 Edit AP List
Edit Configuration > Wireless > AP Management
Remote AP
Storm Control
Airtime Fairness
N/A
N/A
N/A
Apply
Refresh
LABEL DESCRIPTION
A B
A
B
Airtime Fairness Disabled
A B
A B
A B
Figure 224
PACKETS RECEIVED A B
Airtime Fairness Enabled
A
B B A
A B
Figure 225
PACKETS RECEIVED A B
Figure 226
LABEL DESCRIPTION
Radio Profile
N/A
AP Mode
MON Mode
Root AP
Repeater AP
Repeater AP
Create new Object
Create new Object
Root AP Repeater AP
Repeater AP
LABEL DESCRIPTION
LABEL DESCRIPTION
Wall Ceiling
Wall Ceiling
Force override the power mode to full power
Enabled Airtime Fairness Mode
Turn On
Turn Off
OK
Cancel
LABEL DESCRIPTION
8.4.1.2 Edit AP List (Remote AP Mode)
Edit Configuration > Wireless > AP Management
Remote AP
Remote AP
Secure Tunnel SSID
Local Bridge SSID
Figure 227
AP Management Firmware
Figure 228
LABEL DESCRIPTION
Radio Profile
N/A
AP Mode
Create new Object
Wall Ceiling
Wall Ceiling
LABEL DESCRIPTION
Force override the power mode to full power
Turn On
Turn Off
OK
Cancel
LABEL DESCRIPTION
8.4.2 AP Policy
Configuration > Wireless > AP
Management > AP Policy
Figure 229
LABEL DESCRIPTION
Auto
Manual
Override Type Manual
Override Type Manual
Apply
Reset
8.4.3 AP Group
Configuration > Wireless > AP Management > AP Group
Figure 230
LABEL DESCRIPTION
Apply
Reset
8.4.3.1 Add/Edit AP Group
Add Edit Configuration > Wireless > AP
Management > AP Group
Figure 231
LABEL DESCRIPTION
AP Mode
MON Mode
Root AP
Repeater AP
Repeater AP
Create new Object
Create new Object
Root AP Repeater AP
Repeater AP
Edit
Activate
Inactivate
Add
Edit Remove Activate Inactivate
LABEL DESCRIPTION
By Station Number
By Traffic Level
By Smart Classroom
By Station Number By Traffic Level
Signal Strength
Mode By Station Number
Idle Timeout
Signal Strength
Signal Strength
Low Medium High
Low
Medium
High
LABEL DESCRIPTION
8.4.4 Firmware
Check Apply
More Details
OK
Cancel
Override Group AP Management > Mgnt. AP List
> Edit AP List
LABEL DESCRIPTION
Configuration > Wireless > AP Management > Firmware
Figure 232
LABEL DESCRIPTION
N/A
N/A Check
More Details
checking success fail
8.5 Rogue AP
Configuration > Wireless > Rogue AP
Available Firmware
Runtime Firmware
To be downloaded
LABEL DESCRIPTION
Figure 233
LABEL DESCRIPTION
Weak Security (Open, WEP, WPA-PSK) Un-managed AP
Hidden SSID SSID Keyword
8.5.1 Add/Edit Rogue/Friendly List
Edit Configuration > Wireless > Rogue AP
Figure 234
rogue-ap friendly-ap
Edit
Edit
Browse
File Path Importing
Apply
Reset
LABEL DESCRIPTION
LABEL DESCRIPTION
8.6 Wireless Health
Configuration Wireless Wireless Health
Figure 235
Rogue AP Friendly AP
OK
Cancel
LABEL DESCRIPTION
8.7 Auto Healing
Configuration > Wireless > Auto Healing
Figure 236
LABEL DESCRIPTION
High Standard Low
High
Standard
Low
Apply
Reset
8.8 RTLS Overview
LABEL DESCRIPTION
Apply
Reset
Figure 237
8.8.1 What You Can Do in this Chapter
RTLS
8.8.2 Before You Begin
PORT NUMBER TYPE DESCRIPTION
8.8.3 Configuring RTLS
Configuration > Wireless > RTLS
Figure 238
8.9 Technical Reference
8.9.1 Dynamic Channel Selection
PORT NUMBER TYPE DESCRIPTION
LABEL DESCRIPTION
Apply
Reset
Figure 239
Figure 240
Figure 241
8.9.2 Load Balancing
Load balancing by station number
Load balancing by traffic level
C
HAPTER
9
Interfaces
9.1 Interface Overview
Interface
Ports
Interfaces
Zones
9.1.1 What You Can Do in this Chapter
Port Role
Port Configuration
Ethernet
PPP
Cellular
Tunnel
VLAN
Bridge
LAG
VTI
Trunk
9.1.2 What You Need to Know
Interface Characteristics
Types of Interfaces
Interface > Port Roles Interface > Port Groups
Ethernet interfaces
Tunnel interfaces
VLAN interfaces
Bridge interfaces
PPP interfaces
Cellular interfaces
Virtual interfaces
virtual Ethernet interfaces virtual VLAN interfaces virtual bridge interfaces
Trunk interfaces
CHARACTERISTICS ETHERNET ETHERNET PPP CELLULAR VLAN BRIDGE VIRTUAL
x x x
x
Relationships Between Interfaces
INTERFACE REQUIRED PORT / INTERFACE
CHARACTERISTICS ETHERNET ETHERNET PPP CELLULAR VLAN BRIDGE VIRTUAL
IPv6 Overview
IPv6 Addressing
2001:0db8:1a2b:0015:0000:0000:1a2f:0000
2001:0db8:1a2b:0015:0000:0000:1a2f:0000
2001:db8:1a2b:15:0:0:1a2f:0
2001:0db8:0000:0000:1a2f:0000:0000:0015
2001:0db8::1a2f:0000:0000:0015 2001:0db8:0000:0000:1a2f::0015
2001:db8::1a2f:0:0:15 2001:db8:0:0:1a2f::15
Prefix and Prefix Length
2001:db8:1a2b:15::1a2f:0/32
2001:db8
INTERFACE REQUIRED PORT / INTERFACE
Link-local Address
Subnet Masking
Stateless Autoconfiguration
Prefix Delegation
IPv6 Router Advertisement
DHCPv6
9.1.3 What You Need to Do First
Configuration System IPv6
9.2 Port Role
Configuration > Network > Interface > Port Role Port Role
lan1 lan2 ext-wlan, ext-lan
dmz
Figure 242
Apply
Reset
9.3 Port Configuration
Configuration Network Interface Port Configuration
Figure 243
9.4 Ethernet Summary Screen
Configuration System IPv6
Configuration > Network
Interface > Ethernet
LABEL DESCRIPTION
Auto Negotiate 1000Mbps-Full Duplex 100Mbps-Full Duplex 100Mbps-Half Duplex
10Mbps-Full Duplex 10Mbps-Half Duplex
Auto Negotiate
Apply
Reset
Figure 244
9.4.1 Ethernet Edit
Ethernet Edit
Edit Ethernet Summary
Edit Configuration
LABEL DESCRIPTION
Configuration IPv6 Configuration
Edit
Remove
Activate
Inactivate
Create Virtual Interface
References
STATIC DHCP
STATIC LINK LOCAL DHCP
SLAAC
Apply
Reset
9.4.1.1 IGMP Proxy
Figure 245
Figure 246
Figure 247
Figure 248
LABEL DESCRIPTION
OPT
internal external
internal
external
general
()+/:=?!*#@$_%-
Interface Type external general
Interface Type external general
Interface Type external general
Interface Type external general
IGMP Upstream
IGMP Downstream
LABEL DESCRIPTION
References
OK
N/A
Client
Server
Relay
LABEL DESCRIPTION
Client
References
Server
Client
Relay
Relay
Low Medium High
LABEL DESCRIPTION
Interface Type internal
OK
LABEL DESCRIPTION
Interface Properties External General
icmp
tcp
Check Method tcp
any one
all
Interface Type internal general
None
DHCP Relay
DHCP Server
DHCP Relay
DHCP Server
LABEL DESCRIPTION
Static DHCP Table
Pool Size
Subnet Mask Subnet Mask IP Pool
Start Address
IP Pool Start Address
Custom Defined
From ISP
Zyxel Device
DHCP Server
Custom Defined
infinite
days, hours, and minutes
DHCP server
LABEL DESCRIPTION
DHCP Server
IP Pool Start Address Pool Size
Monitor System Status DHCP Table
Export
Monitor System Status DHCP Table
Browse Upload
()+/:=?!*#@$_%-
LABEL DESCRIPTION
BiDir
In-Only
Out-Only
1 2 1 and 2
1 2 1 and 2
None
Same-as-Area
None
Text
MD5
Authentication Text
Authentication MD5
Authentication MD5
Interface Properties External General
Clone by host
LABEL DESCRIPTION
9.4.2 Proxy ARP
Proxy ARP
Add IPv4 Address IPv4 CIDR IPv4
Range
IPv4 Address
Remove
PPPoE/PPTP
VLAN
WAN TRUNK
Policy Route
Interface Type general
Interface Type
internal external
OK
Cancel
LABEL DESCRIPTION
Figure 249
Add Edit Add Proxy ARP
Figure 250
9.4.3 Virtual Interfaces
LABEL DESCRIPTION
IPv4 Address IPv4 CIDR IPv4 Range
IPv4 Address
OK
Cancel
Create Virtual Interface
Figure 251
LABEL DESCRIPTION
()+/:=?!*#@$_%-
9.4.4 References
References
References References
Figure 252
9.4.5 Add/Edit DHCPv6 Request/Release Options
Configuration > Network > Interface > Ethernet > Edit DHCPv6 Server
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
N/A
Cancel
DHCPv6 Client DHCPv6 Setting Add DHCPv6 Request Options
DHCPv6 Lease Options
Figure 253
Select one object OK
Cancel
9.4.6 Add/Edit DHCP Extended Options
Configuration >
Network > Interface > Ethernet > Edit DHCP Server DHCP Setting Add
Edit Extended Options
Figure 254
LABEL DESCRIPTION
User Defined
Option
User Defined
Option
User Defined Option
User Defined
TFTP Server Name
(66) TEXT
Time Server (4) NTP Server (41) SIP Server (120) CAPWAP AC (138) TFTP
Server (150)
VIVC (124) VIVS (125)
VIVC (124)
VIVS (125)
Cancel
OPTION NAME CODE DESCRIPTION
LABEL DESCRIPTION
9.5 PPP Interfaces
Figure 255
9.5.1 PPP Interface Summary
Configuration > Network
Interface PPP
Figure 256
LABEL DESCRIPTION
System Default
User Configuration System Default
Edit
Remove
Activate
Inactivate
Connect
Dial-on-Demand
Disconnect
References
9.5.2 PPP Interface Add or Edit
Configuration
System IPv6
Add Edit
Apply
Reset
LABEL DESCRIPTION
Figure 257
LABEL DESCRIPTION
()+/:=?!*#@$_%-
Create new Object
Show Advanced Settings Hide Advanced Settings
Use Fixed IP Address
Use Fixed IP Address
References
OK
Client
N/A
LABEL DESCRIPTION
References
icmp
tcp
LABEL DESCRIPTION
9.6 Cellular Configuration Screen
3G
4G
Check Method tcp
WAN TRUNK
Policy Route
OK
Cancel
LABEL DESCRIPTION
Configuration > Network > Interface Cellular
NAME TYPE
MOBILE PHONE AND DATA STANDARDS
DATA
SPEED
GSM-BASED CDMA-BASED
Figure 258
LABEL DESCRIPTION
Edit
Remove
Activate
Inactivate
Connect
Disconnect
References
9.6.1 Cellular Choose Slot
Configuration > Network > Interface Cellular > Add
Edit
Add Cellular configuration
9.6.2 Add / Edit Cellular Configuration
Apply
Reset
LABEL DESCRIPTION
Figure 259
LABEL DESCRIPTION
none
()+/:=?!*#@$_%-
Device
Profile 1
Custom
Device Custom
None:
CHAP
PAP
None
Device
#:%-_@$./
-_@$./
None
Device
`~!@#$%^&*()_-+={}|;:'<,>./
None
Device
LABEL DESCRIPTION
icmp
tcp
Check Method tcp
WAN TRUNK
Policy Route
Use Fixed IP Address
LABEL DESCRIPTION
auto
GPRS / EDGE (GSM) only
UMTS / HSDPA (WCDMA) only
LTE only
Home
Auto
Download
Upload
Download/Upload
LABEL DESCRIPTION
9.7 Tunnel Interfaces
GRE Tunneling
Figure 260
None Log Log-alert
Log Log-alert recurring every
Allow Disallow
Keep Drop
New connection Allow Current connection Drop
New connection Disallow Current connection Keep
None Log
Log-alert Log Log-alert
recurring every
OK
Cancel
LABEL DESCRIPTION
IPv6 Over IPv4 Tunnels
Figure 261
IPv6-in-IPv4 Tunneling
Figure 262
6to4 Tunneling
Figure 263
9.7.1 Configuring a Tunnel
Network
Interface Tunnel
Figure 264
Internet
IPv6
IPv4
IPv6
IPv6
LABEL DESCRIPTION
Edit
9.7.2 Tunnel Add or Edit Screen
Configuration > Network > Interface > Tunnel >
Add Edit
Remove
Activate
Inactivate
References
Remote Gateway Address
GRE IPv6-in-IPv4 6to4
Apply
Reset
LABEL DESCRIPTION
Figure 265
LABEL DESCRIPTION
x x
GRE IPv6-in-IPv4 6to4
Relay Router
6to4 Prefix
6to4 Prefix
LABEL DESCRIPTION
Automatic 6to4
icmp
tcp
Check Method tcp
OK
Cancel
LABEL DESCRIPTION
9.8 VLAN Interfaces
Figure 266
A B C
Figure 267
A B
VLAN Interfaces Overview
9.8.1 VLAN Summary Screen
Configuration System IPv6
Configuration > Network > Interface
VLAN
Figure 268
9.8.2 VLAN Add/Edit
Edit Add
LABEL DESCRIPTION
Configuration IPv6 Configuration
Edit
Remove
Activate
Inactivate
Create
Virtual Interface
References
STATIC
DHCP
Apply
Reset
Figure 269
LABEL DESCRIPTION
internal
external
general
Configuration > BWM
()+/:=?!*#@$_%-
Use Fixed IP Address
Use Fixed IP Address
Use Fixed IP Address
IGMP Upstream
IGMP Downstream
LABEL DESCRIPTION
References
OK
N/A
Client
Server
Relay
LABEL DESCRIPTION
Client
References
Server
Client
Relay
Relay
Low Medium High
LABEL DESCRIPTION
References
OK
LABEL DESCRIPTION
icmp
tcp
Check Method tcp
any one
all
None
DHCP Relay
DHCP Server
DHCP Relay
DHCP Server
Add Static DHCP
Pool Size
LABEL DESCRIPTION
Subnet Mask Subnet Mask
IP Pool Start Address
IP Pool Start Address
Custom Defined
From ISP
Zyxel Device
DHCP Server
Custom Defined
infinite
days, hours, and minutes
DHCP server
IP Pool Start Address Pool Size
LABEL DESCRIPTION
Monitor System Status DHCP Table
Export
Monitor System Status DHCP Table
Browse Upload
()+/:=?!*#@$_%-
BiDir
In-Only
Out-Only
1 2 1 and 2
1 2 1 and 2
None
LABEL DESCRIPTION
Same-as-Area
None
Text
MD5
Authentication Text
Authentication MD5
Authentication MD5
Interface Properties External General
Add IPv4 Address IPv4 CIDR IPv4
Range
IPv4 Address
Remove
WAN TRUNK
Policy Route
LABEL DESCRIPTION
9.9 Bridge Interfaces
Bridge Overview
OK
Cancel
LABEL DESCRIPTION
MAC ADDRESS PORT
Bridge Interface Overview
9.9.1 Bridge Summary
Configuration System IPv6
Configuration Network Interface
Bridge
MAC ADDRESS PORT
0A:0A:0A:0A:0A:0A
0B:0B:0B:0B:0B:0B
IP ADDRESS(ES) DESTINATION IP ADDRESS(ES) DESTINATION
Figure 270
LABEL DESCRIPTION
Configuration IPv6 Configuration
Edit
Remove
Activate
Inactivate
Create Virtual Interface
References
STATIC
DHCP
Apply
Reset
9.9.2 Bridge Add/Edit
Add Edit
Bridge Summary
Figure 271
LABEL DESCRIPTION
internal
external
general
x x
()+/:=?!*#@$_%-
>>
<<
Use Fixed IP Address
Use Fixed IP Address
Use Fixed IP Address
IGMP Upstream
IGMP Downstream
LABEL DESCRIPTION
References
OK
N/A
Client
Server
Relay
Client
LABEL DESCRIPTION
References
Server
Client
Relay
Relay
Low Medium High
LABEL DESCRIPTION
References
OK
None
DHCP Relay
DHCP Server
DHCP Relay
LABEL DESCRIPTION
DHCP Server
Add Static DHCP
Pool Size
Subnet Mask Subnet Mask
IP Pool Start Address
IP Pool Start Address
Custom Defined
From ISP
Zyxel Device
DHCP Server
Custom Defined
infinite
days, hours, and minutes
DHCP server
LABEL DESCRIPTION
DHCP Server
IP Pool Start Address Pool Size
()+/:=?!*#@$_%-
icmp
tcp
LABEL DESCRIPTION
9.10 LAG
Check Method tcp
any one
all
Add IPv4 Address IPv4 CIDR IPv4
Range
IPv4 Address
Remove
WAN TRUNK
Policy Route
OK
Cancel
LABEL DESCRIPTION
9.10.1 Available Interfaces for LAG
9.10.2 LAG Summary Screen
Configuration
Network Interface LAG
Figure 272
LABEL DESCRIPTION
Edit
Remove
9.10.3 LAG Add/Edit
Add Edit LAG
Activate
Inactivate
Create Virtual Interface
References
active-backup
802.3ad
balance-alb
STATIC
DHCP
Apply
Reset
LABEL DESCRIPTION
Figure 273
LABEL DESCRIPTION
internal
external
general
x x
()+/:=?!*#@$_%-
active-backup
802.3ad
balance-alb
none mii arp none
mii
arp
mii
mii
mii
802.3ad
802.3ad
slow fast
arp
arp
>>
<<
Use Fixed IP Address
Use Fixed IP Address
Use Fixed IP Address
IGMP Upstream
IGMP Downstream
LABEL DESCRIPTION
References
OK
N/A
Client
Server
Relay
LABEL DESCRIPTION
Client
References
Server
Client
Relay
Relay
Low Medium High
LABEL DESCRIPTION
References
OK
LABEL DESCRIPTION
None
DHCP Relay
DHCP Server
DHCP Relay
DHCP Server
Add Static DHCP
Pool Size
Subnet Mask Subnet Mask
IP Pool Start Address
IP Pool Start Address
Custom Defined
From ISP
Zyxel Device
DHCP Server
Custom Defined
infinite
days, hours, and minutes
DHCP server
LABEL DESCRIPTION
IP Pool Start Address Pool Size
()+/:=?!*#@$_%-
icmp
tcp
Check Method tcp
LABEL DESCRIPTION
9.11 VTI
Figure 274
9.11.1 Restrictions for IPSec Virtual Tunnel Interface
WAN TRUNK
Policy Route
OK
Cancel
LABEL DESCRIPTION
9.11.2 VTI Screen
Configuration > Network > Interface > VTI
Figure 275
9.11.3 VTI Add/Edit
VPN Tunnel Interface
Add Edit Network > Interface > VTI
LABEL DESCRIPTION
Edit
Remove
Activate
Inactivate
References
VPN Tunnel Interface
Apply
Reset
Figure 276
LABEL DESCRIPTION
VPN Tunnel Interface
VPN Tunnel Interface
IGMP Upstream
IGMP Downstream
vpn-rule
icmp
tcp
Check Method tcp
LABEL DESCRIPTION
BiDir
In-Only
Out-Only
1 2 1 and 2
1 2 1 and 2
None
Same-as-Area
None
Text
MD5
Authentication Text
Authentication MD5
Authentication MD5
WAN TRUNK
Policy Route
OK
Cancel
LABEL DESCRIPTION
9.12 Trunk Overview
Trunk
Add Trunk
Add System Default
9.12.1 What You Need to Know
A B B
A
A
A
Load Balancing Algorithms
Least Load First
Figure 277
Weighted Round Robin
INTERFACE
OUTBOUND
LOAD BALANCING INDEX
(M/A)
AVAILABLE (A) MEASURED (M)
Figure 278
Spillover
Figure 279
9.13 The Trunk Summary Screen
Configuration > Network > Interface > Trunk Trunk
Figure 280
LABEL DESCRIPTION
9.13.1 Configuring a User-Defined Trunk
Configuration > Network > Interface > Trunk User Configuration Add Edit
following
Figure 281
SYSTEM_DEFAULT_WAN_TRUNK
User Configuration
Edit
Remove
References
LABEL DESCRIPTION
LABEL DESCRIPTION
_
Weighted Round Robin
Least Load First
Spillover
Least Load First Spillover
Outbound Inbound Outbound + Inbound
Add
Edit
Remove
Move
Active
Passive
9.13.2 Configuring the System Default Trunk
Configuration > Network > Interface > Trunk System Default
Edit following
Figure 282
OK
Cancel
LABEL DESCRIPTION
9.14 Interface Technical Reference
LABEL DESCRIPTION
Weighted Round Robin
Least Load First
Spillover
Active
Passive
OK
Cancel
IP Address Assignment
Figure 283
IP ADDRESS(ES) DESTINATION
IP ADDRESS(ES) DESTINATION
Interface Parameters
DHCP Settings
WINS
PPPoE/PPTP/L2TP Overview
START IP ADDRESS POOL SIZE RANGE OF ASSIGNED IP ADDRESS
C
HAPTER
10
Routing
10.1 Policy and Static Routes Overview
A
A R1
R2
R3
Figure 284
10.1.1 What You Can Do in this Chapter
Policy Route
Static Route
10.1.2 What You Need to Know
Policy Routing
How You Can Use Policy Routing
WAN
Static Routes
Policy Routes Versus Static Routes
DiffServ
DSCP Marking and Per-Hop Behavior
10.2 Policy Route Screen
Configuration > Network > Routing Policy Route
Configuration System IPv6
Figure 285
LABEL DESCRIPTION
IPv4 Configuration IPv6 Configuration
Add
Edit
Remove
Activate
Inactivate
Move
10.2.1 Policy Route Edit Screen
Configuration > Network > Routing Policy Route Add Edit
IPv4 Configuration IPv6 Configuration Add Policy Route Policy Route Edit
Address Translation
any
none
any
any
any
default
af af
any
any
preserve
default
af af
none
Apply
Reset
LABEL DESCRIPTION
Figure 286
Figure 287
LABEL DESCRIPTION
Auto Destination Address
User Define
any
default
af af
User Define
none
Auto
Gateway
Gateway
VPN Tunnel
Trunk
Interface
Gateway Type
VPN Tunnel Type
VPN Tunnel Type
Trunk Type
Interface Type
LABEL DESCRIPTION
User Define
af af
preserve
default
none
outgoing-interface
Create new Object
Interface Trunk Type
Interface Gateway
Type
OK
Cancel
LABEL DESCRIPTION
10.3 IP Static Route Screen
Configuration > Network > Routing > Static Route Static Route
Configuration System IPv6
Figure 288
10.3.1 Static Route Add/Edit Screen
Add Edit
LABEL DESCRIPTION
IPv4 Configuration IPv6 Configuration
Edit
Remove
Figure 289
Figure 290
LABEL DESCRIPTION
Subnet Mask
Prefix Length
Gateway IP
Interface Prefix Length
Destination IP
Gateway IP Interface
OK
Cancel
10.4 Policy Routing Technical Reference
NAT and SNAT
Assured Forwarding (AF) PHB for DiffServ
Maximize Bandwidth Usage
10.5 Routing Protocols Overview
CLASS 1 CLASS 2 CLASS 3 CLASS 4
RIP
OSPF
OSPF Area Add/Edit
BGP
10.5.1 What You Need to Know
10.6 The RIP Screen
Authentication
redistribute
Metric
RIP
Configuration > Network Routing > RIP
RIP OSPF
Figure 291
LABEL DESCRIPTION
None
Text
MD5
Authentication Text
Authentication MD5
Authentication MD5
10.7 The OSPF Screen
OSPF Areas
Figure 292
OSPF Routers
SOURCE \ TYPE OF AREA NORMAL NSSA STUB
Figure 293
Virtual Links
Figure 294
OSPF Configuration
10.7.1 Configuring the OSPF Screen
OSPF Add/Edit
Configuration > Network Routing > OSPF
Figure 295
LABEL DESCRIPTION
Default
User Defined
User Define.
Normal NSSA Stub
Type 1 Type 2
Type 1 Metric
Type 2 Metric
10.7.2 OSPF Area Add/Edit Screen
OSPF Area Add/Edit
OSPF Add
Edit
Figure 296
Type
Edit
Remove
References
Refresh
Type
LABEL DESCRIPTION
LABEL DESCRIPTION
Normal
Stub
NSSA
None
Text
MD5
Authentication Text
Authentication MD5
Authentication MD5
Type Normal
Edit
Remove
10.7.3 Virtual Link Add/Edit Screen
Virtual Link Add/Edit
Add Edit
Figure 297
Same as Area
None
Text
MD5
Same as Area Authentication
OK
Cancel
LABEL DESCRIPTION
10.8 BGP (Border Gateway Protocol)
Figure 298
LABEL DESCRIPTION
Same as Area
None
Text
MD5
Same as Area Authentication
Authentication Text
Authentication MD5
Authentication MD5
OK
Cancel
10.8.1 Allow BGP Packets to Enter the Zyxel Device
Configuration > Object > Service > Service Group
Default_Allow_WAN_To_ZyWALL Edit
Available Member
OK
Figure 299
10.8.2 Configuring the BGP Screen
Configuration > Network Routing > BGP
Figure 300
LABEL DESCRIPTION
Connected
Edit
Remove
Edit
10.8.3 The BGP Neighbors Screen
Configuration > Network Routing > BGP > Add Neighbors
Figure 301
Remove
LABEL DESCRIPTION
LABEL DESCRIPTION
10.8.4 Example Scenario
10.8.4.1 Scenario: CE - PE (MLPS)
CE PE
MPLS
CE
PE
MPLS:
Gateway
Interface
None
Keepalive Time
Keepalive
Time Hold Time
Hold Time
Keepalive Time
OK
Cancel
LABEL DESCRIPTION
Figure 302
10.8.4.2 CE - PE Configuration Process
Configuration > Network Routing > BGP
Configuration > Network Routing > BGP > Add Neighbors
C
HAPTER
11
DDNS
11.1 DDNS Overview
11.1.1 What You Can Do in this Chapter
DDNS
DDNS Add/Edit
11.1.2 What You Need to Know
PROVIDER SERVICE TYPES SUPPORTED WEBSITE
11.2 The DDNS Screen
DDNS
Configuration > Network > DDNS
Figure 303
LABEL DESCRIPTION
Edit
Remove
Activate
Inactivate
from interface
auto detected
custom
from interface
auto detected
custom
11.2.1 The Dynamic DNS Add/Edit Screen
DDNS Add/Edit
Configuration > Network > DDNS Add
Edit
Figure 304
LABEL DESCRIPTION
Figure 305
LABEL DESCRIPTION
_
User custom DYNDNS Server
URL Additional DDNS Options
Backup Binding Address
Any
Interface
Primary Binding Address Interface
Auto
Custom
IP Address Custom
Primary Binding Interface
Any None
Interface
Backup Binding Address Interface
Auto
Custom
IP Address Custom
LABEL DESCRIPTION
User custom DDNS Type
User custom DDNS Type
User custom DDNS Type
OK
Cancel
LABEL DESCRIPTION
C
HAPTER
12
NAT
12.1 Overview
Network > NAT
Network > NAT > Virtual Server Load Balancing
12.2 NAT Overview
A
B C
Figure 306
12.2.1 What You Can Do in this Chapter
NAT
12.2.2 What You Need to Know
Well-known Ports
PORT TCP/UDP DESCRIPTION
12.3 The NAT Screen
NAT
Configuration > Network > NAT
Figure 307
PORT TCP/UDP DESCRIPTION
LABEL DESCRIPTION
SiteToSite VPN 1-1 SNAT
(SiteToSite VPN Static-Dynamic Route 1-1 SNAT)
Edit
Remove
Activate
Inactivate
Move
12.3.1 The NAT Add/Edit Screen
NAT Add/Edit
NAT Add Edit
Virtual Server 1:1 NAT Many 1:1
NAT
any
any
any
LABEL DESCRIPTION
Figure 308
LABEL DESCRIPTION
_
Virtual Server
1:1 NAT
Many 1:1 NAT -
any
User Defined User Defined
Internal IP
any
User Defined User Defined
External IP User Defined
Many 1:1 NAT
User Defined User Defined
Internal IP User Defined
Many 1:1 NAT
Original IP
Any
Port
Ports
Service Object > Service > Service
Service-Group
Object > Service > Service Group
Mapping Type Port Ports TCP UDP Any
Mapping Type Port
Mapping Type Port
LABEL DESCRIPTION
User-Defined External IP
External Port
OK No
12.4 NAT Technical Reference
Mapping Type Ports
Mapping Type Ports
Mapping Type Ports
Mapping Type Ports
Incoming Interface External IP
Internal IP Internal IP
Internal IP
Security Policy
OK
Cancel NAT
LABEL DESCRIPTION
NAT Loopback
Figure 309
Figure 310
Figure 311
12.5 Virtual Server Load Balancing
12.5.1 Load Balancing Example 1
Figure 312
12.5.2 Load Balancing Example 2
Figure 313
12.5.3 Virtual Server Load Balancing Process
Figure 314
12.5.4 Load Balancing Rules
PARAMETER MODEL LIMIT
12.5.5 Virtual Server Load Balancing Algorithms
ALGORITHM DESCRIPTION
12.6 The Virtual Server Load Balancer Screen
Configuration
Network NAT Virtual Server Load Balancer
Figure 315
12.6.1 Adding/Editing a Virtual Server Load Balancing Rule
Healthy Check Method PING
Configuration Network NAT Virtual Server Load Balancer Add/Edit
LABEL DESCRIPTION
Edit
Remove
Activate
Inactivate
Figure 316
LABEL DESCRIPTION
_
Host Interface IP nterface Gateway
Object> Address/Geo IP> Address> IPv4 Address User Defined
External IP User Defined
External IP
Service Object >
Service > Service External Service.
External Service
Port
Protocol Type
External Port
Healthy Check Method
HTTP Request:
HTTPS Request:
SMTP Helo
DNS Query
Default TCP PING
Healthy Check Method
HTTP
HTTPS
TCP
SMTP
DNS
PING
Check Period
Connect Timeout
Retry
LABEL DESCRIPTION
Path
Host
Enable Hash Check
Status Code
200-299.
Check Period
Connect Timeout
Retry
Path
Host
Enable Hash Check
Status Code
200-299.
Enable SNI
Check Period
Connect Timeout
Retry
Helo Name
Check Period
Connect Timeout
Retry
LABEL DESCRIPTION
Query
Check Period
Connect Timeout
Retry
Check Period
Connect Timeout
Retry
Edit
Remove
External Port External Service
OK
Cancel Virtual Server Load Balancer
LABEL DESCRIPTION
C
HAPTER
13
Redirect Service
13.1 Overview
13.1.1 HTTP Redirect
A DMZ
LAN1
A A
A
Figure 317
13.1.2 SMTP Redirect
A lan2
LAN2 lan1 LAN1
A A
Figure 318
13.1.3 What You Can Do in this Chapter
Redirect Service
13.1.4 What You Need to Know
Web Proxy Server
HTTP Redirect, Security Policy and Policy Route
lan1 dmz
lan1 dmz
lan1 dmz
lan1 A
dmz wan1
dmz wan1
dmz wan1
A
SMTP
SMTP Redirect, Firewall and Policy Route
lan1 lan2
lan1 lan2
lan1 A
lan2 wan1
lan2 wan1
A
13.2 The Redirect Service Screen
Configuration > Network > HTTP Redirect
Figure 319
LABEL DESCRIPTION
Edit
Remove
Activate
Inactivate
Move
13.2.1 The Redirect Service Edit Screen
Network > Redirect Service Redirect Service Add Edit
Redirect Service Edit
Figure 320
any
Apply
Reset
LABEL DESCRIPTION
LABEL DESCRIPTION
HTTP Redirect SMTP redirect.
_
any
OK
Cancel
C
HAPTER
14
ALG
14.1 ALG Overview
1 2 A B
Figure 321
14.1.1 What You Need to Know
Application Layer Gateway (ALG), NAT and Security Policy
FTP ALG
H.323 ALG
Figure 322
SIP ALG
Configuration > BWM
Peer-to-Peer Calls and the Zyxel Device
VoIP Calls from the WAN with Multiple Outgoing Calls
A
1 A
1
B C 2 A
B C
Figure 323
VoIP with Multiple WAN IP Addresses
A
1
B 2
A
B 2
Figure 324
14.1.2 Before You Begin
14.2 The ALG Screen
Configuration > Network > ALG ALG
Figure 325
LABEL DESCRIPTION
14.3 ALG Technical Reference
Add
Apply
Reset
LABEL DESCRIPTION
ALG
ALG and Trunks
FTP
H.323
SIP
RTP
C
HAPTER
15
UPnP
15.1 UPnP and NAT-PMP Overview
15.2 What You Need to Know
15.2.1 NAT Traversal
15.2.2 Cautions with UPnP and NAT-PMP
15.3 UPnP Screen
Configuration > Network > UPnP
Figure 326
15.4 Technical Reference
15.4.1 Turning on UPnP in Windows 7 Example
Control Panel Network and Sharing Center.
LABEL DESCRIPTION
Available
Member Member
Apply
Reset
Change Advanced Sharing Settings
Turn on network discovery Save Changes
15.4.1.1 Auto-discover Your UPnP-enabled Network Device
Windows Explorer Network
Properties
Figure 327
Internet Connection Properties Settings
Figure 328
Add
Figure 329
Figure 330
OK
Figure 331
Open Network and Sharing Center Local Area Network
Figure 332
15.4.2 Turn on UPnP in Windows 10 Example
Network Setting > Home Networking > UPnP
Settings Network & Internet
Network and Sharing Center
Change advanced sharing settings
Domain Turn on network discovery Save Changes
15.4.3 Auto-discover Your UPnP-enabled Network Device
File Explorer Network
Properties
Figure 333
Internet Connection Properties Settings
Figure 334
Add
Figure 335
Figure 336
OK
Figure 337
Open Network & Internet settings Network and Sharing Center
Connections
Figure 338
15.4.4 Web Configurator Easy Access in Windows 7
Windows Explorer
Network
Figure 339
Network Infrastructure
View device webpage
Figure 340
Properties Network Device
Figure 341
15.4.5 Web Configurator Easy Access in Windows 10
File Explorer
Network
Figure 342
Network Infrastructure
View device webpage
Figure 343
Properties Network Device
Figure 344
C
HAPTER
16
IP/MAC Binding
16.1 IP/MAC Binding Overview
Figure 345
16.1.1 What You Can Do in this Chapter
Summary Edit
Exempt List
16.1.2 What You Need to Know
DHCP
Interfaces Used With IP/MAC Binding
16.2 IP/MAC Binding Summary
Configuration > Network > IP/MAC Binding IP/MAC Binding Summary
Figure 346
LABEL DESCRIPTION
Edit
Activate
Inactivate
16.2.1 IP/MAC Binding Edit
Configuration > Network > IP/MAC Binding > Edit IP/MAC Binding Edit
Figure 347
Apply
Reset
LABEL DESCRIPTION
LABEL DESCRIPTION
Edit
16.2.2 Static DHCP Edit
Configuration > Network > IP/MAC Binding > Edit IP/MAC Binding Edit
Add Edit
Figure 348
Remove
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
OK
Cancel
16.3 IP/MAC Binding Exempt List
Configuration > Network > IP/MAC Binding > Exempt List IP/MAC Binding Exempt List
Figure 349
LABEL DESCRIPTION
Edit
Remove
Add
Remove
Apply
C
HAPTER
17
Layer 2 Isolation
17.1 Overview
C
D C
B A
Figure 350
17.1.1 What You Can Do in this Chapter
General
Allow List
17.2 Layer-2 Isolation General Screen
Configuration > Network > Layer 2 Isolation
Figure 351
17.3 Allow List Screen
Configuration > Network > Layer 2 Isolation > Allow List
LABEL DESCRIPTION
Available
Member Member
Apply
Reset
Figure 352
17.3.1 Add/Edit Allow List Rule
Add Edit
LABEL DESCRIPTION
Activate
Inactivate
Apply
Reset
Figure 353
LABEL DESCRIPTION
OK
Cancel
C
HAPTER
18
DNS Inbound LB
18.1 DNS Inbound Load Balancing Overview
A D
D Z
B
Figure 354
18.1.1 What You Can Do in this Chapter
Inbound LB
Inbound LB Add/Edit
1
2
3
1
2
3
18.2 The DNS Inbound LB Screen
Inbound LB
Configuration > Network > Inbound LB
Figure 355
LABEL DESCRIPTION
Edit
Remove
Activate
Inactivate
Move
18.2.1 The DNS Inbound LB Add/Edit Screen
Add DNS Load Balancing
Query From
Configuration > Network > Inbound LB Add Edit
Weighted Round Robin
Least Connection
Least Load - Outbound
Least Load - Inbound
Least Load - Total
LABEL DESCRIPTION
Figure 356
LABEL DESCRIPTION
18.2.2 The DNS Inbound LB Add/Edit Member Screen
Add Load Balancing Member
Configuration > Network > DNS Inbound LB > Add or Edit Add Edit
Weighted Round Robin
Least Connection
Least Load - Outbound
Least Load - Inbound
Least Load - Total
Edit
Remove
Weighted Round Robin
OK
Cancel
LABEL DESCRIPTION
Figure 357
LABEL DESCRIPTION
Static Dynamic
DHCP Client
Weighted Round Robin
Monitor Interface
OK
Cancel
C
HAPTER
19
IPSec VPN
19.1 Virtual Private Networks (VPN) Overview
IPSec VPN
X
Y A B
Figure 358
Internet Key Exchange (IKE): IKEv1 and IKEv2
Main Mode
Aggressive Mode Main Mode Aggressive Mode
VPN Connection VPN Gateway
SSL VPN
Figure 359
L2TP VPN
Figure 360
19.1.1 What You Can Do in this Chapter
VPN Connection
VPN Gateway
VPN Concentrator
Configuration Provisioning
19.1.2 What You Need to Know
Figure 361
A B
A B
X Y
X Y
Application Scenarios
Finding Out More
SITE-TO-SITE
SITE-TO-SITE WITH
DYNAMIC PEER
REMOTE ACCESS
(SERVER ROLE)
REMOTE ACCESS
(CLIENT ROLE)
VPN TUNNEL
INTERFACE
19.1.3 Before You Begin
19.2 The VPN Connection Screen
Configuration > VPN > IPSec VPN VPN Connection VPN Connection
Figure 362
LABEL DESCRIPTION
Edit
Remove
Activate
Inactivate
Connect
Disconnect
19.2.1 The VPN Connection Add/Edit Screen
VPN Connection Add/Edit Gateway
Configuration > VPN Connection
Add Edit
References
Apply
Reset
LABEL DESCRIPTION
Figure 363
LABEL DESCRIPTION
_
Custom Size
Auto
VPN Gateway VPN
Tunnel Interface
Narrowed
Site-to-site
Site-to-site with Dynamic Peer
Remote Access (Server Role)
Remote Access (Client Role)
VPN Tunnel Interface
Configuration > Network > Interface > VTI
Create Object
Create new Object
Create new Object
Remote Access (Server Role) VPN Gateway
Remote
Access (Server Role)
LABEL DESCRIPTION
AH
AH
Authentication
ESP AH
ESP Encryption
Authentication
AH ESP
Tunnel
Transport
LABEL DESCRIPTION
Active Protocol ESP
NULL
DES
3DES
AES128
AES192
AES256
SHA1 SHA256 SHA512 MD5 MD5
none
DH1
DH2
DH5
DH14
icmp
tcp
LABEL DESCRIPTION
Check Method tcp
any one
all
Create
Object
Create Object
Create
Object
Source
SNAT
Create
Object
Source
SNAT
Create Object
Create
Object
Source
SNAT
LABEL DESCRIPTION
19.3 The VPN Gateway Screen
VPN Gateway
Configuration > VPN Network IPSec VPN VPN Gateway
Add
Move
TCP UDP All
TCP UDP
TCP UDP
OK
Cancel
LABEL DESCRIPTION
Figure 364
LABEL DESCRIPTION
Edit
Remove
Activate
Inactivate
References
IKEv1 IKEv2 IKEv1
IKEv2
Apply
Reset
19.3.1 The VPN Gateway Add/Edit Screen
VPN Gateway Add/Edit
VPN Gateway summary
Add Edit
Figure 365
LABEL DESCRIPTION
_
IKEv1 IKEv2 IKEv1
Interface
Domain Name / IP
Static Address
Fall back to Primary Peer Gateway when possible
Fallback Check Interval
Dynamic Address
unmasked
My Certificates
Trusted Certificates
User-Based PSK
IPv4 IPv6
DNS
E-mail
LABEL DESCRIPTION
Local ID Type
IP
My Address
Local ID Type
DNS
E-mail
IP
DNS
E-mail
Any
Subject Name
LABEL DESCRIPTION
Peer ID Type Any
Peer ID Type
IP
DNS
E-mail
IP
DNS
E-mail
Subject Name
Peer ID Type IP
Secure Gateway
Address
Peer ID Type
Main
Aggressive
LABEL DESCRIPTION
DES
3DES
AES128
AES192
AES256
SHA1 SHA256 SHA512 MD5 MD5
x
DH1
DH2
DH5
DH14
LABEL DESCRIPTION
X-Auth IKEv1 Extended Authentication
Protocol IKEv2
User Name
Password
Client Mode
Client Mode
IKEv2
Allowed User
LABEL DESCRIPTION
19.4 VPN Concentrator
Figure 366
1
2
User Name
Password
Client Mode
Client Mode
Object Auth. Method Two-factor Authentication
VPN Access
Show Advanced Settings IKEv1 IKE Version X-Auth IPSec
VPN Add VPN Gateway Mode Config IPSec VPN Add VPN Connection
Show Advanced Settings IKEv2 IKE Version Extended
Authentication Protocol IPSec VPN Add VPN Gateway Configuration
Payload IPSec VPN Add VPN Connection
Configuration VPN L2TP VPN
OK
Cancel
LABEL DESCRIPTION
B C D E A
19.4.1 VPN Concentrator Requirements and Suggestions
19.4.2 VPN Concentrator Screen
VPN Concentrator
Configuration > VPN IPSec VPN Concentrator
Figure 367
19.4.3 The VPN Concentrator Add/Edit Screen
VPN Concentrator Add/Edit
VPN Concentrator summary Add
Edit
Figure 368
LABEL DESCRIPTION
LABEL DESCRIPTION
_
Available
Member
19.5 Zyxel Device IPSec VPN Client Configuration
Provisioning
Configuration > VPN > IPSec VPN > Configuration Provisioning
not
AH
NULL
SHA512
Quick Setup VPN Settings for Configuration Provisioning
OK
Cancel
LABEL DESCRIPTION
Figure 369
LABEL DESCRIPTION
default Object > Auth Method.
Object > User/Group
VPN
Connection Allowed User
VPN Connection Allowed
User
19.6 IPSec VPN Background Information
IKE SA Overview
Add
Add
Add
Move
Edit
Remove
Activate Enable Configuration Provisioning
Inactivate
Move Move
Apply
Enable Configuration Provisioning
Upload Bandwidth Limit
Upload Bandwidth Limit
admin limited-admin
6in4
4in6
4in4
Apply
Reset
LABEL DESCRIPTION
IP Addresses of the Zyxel Device and Remote IPSec Router
IKE SA Proposal
Figure 370
Diffie-Hellman (DH) Key Exchange
Figure 371
Authentication
Figure 372
ZYXEL DEVICE REMOTE IPSEC ROUTER
Any
Additional Topics for IKE SA
Negotiation Mode
VPN, NAT, and NAT Traversal
A X Y
ZYXEL DEVICE REMOTE IPSEC ROUTER
Figure 373
A X Y
A A
A X Y
X Y
A X Y
X-Auth / Extended Authentication
Certificates
IPSec SA Overview
Local Network and Remote Network
Active Protocol
Encapsulation
Figure 374
Original Packet
IPSec SA Proposal and Perfect Forward Secrecy
Additional Topics for IPSec SA
Authentication and the Security Parameter Index (SPI)
Transport Mode Packet
Tunnel Mode Packet
Figure 374
NAT for Inbound and Outbound Traffic
Figure 375
Source Address in Outbound Packets (Outbound Traffic, Source NAT)
M
B
M M
M
B
A
Source Address in Inbound Packets (Inbound Traffic, Source NAT)
B
A
Destination Address in Inbound Packets (Inbound Traffic, Destination NAT)
A
B
A
IPSec VPN Example Scenario
Figure 376
C
HAPTER
20
SSL VPN
20.1 Overview
20.1.1 What You Can Do in this Chapter
VPN > SSL VPN > Access Privilege
VPN > SSL VPN Global Setting
20.1.2 What You Need to Know
Full Tunnel Mode
Figure 377
SSL Access Policy
SSL Access Policy Objects
20.2 The SSL Access Privilege Screen
VPN > SSL VPN Access Privilege
Figure 378
OBJECT TYPE
OBJECT
SCREEN
DESCRIPTION
20.2.1 The SSL Access Privilege Policy Add/Edit Screen
Add Edit Access Privilege
LABEL DESCRIPTION
Add
Edit
Remove
Activate
Inactivate
Move
References
Apply
Reset
Figure 379
LABEL DESCRIPTION
20.3 The SSL Global Setting Screen
VPN > SSL VPN Global Setting
Selectable User/Group Objects
Selected User/Group Objects
Selected User/Group Objects
Network List
Selectable Address
Objects Selected Address Objects
Selected Address Objects
OK Access Privilege
Cancel Access Privilege
LABEL DESCRIPTION
Figure 380
LABEL DESCRIPTION
Apply
Reset
C
HAPTER
21
L2TP VPN
21.1 Overview
Figure 381
21.1.1 What You Can Do in this Chapter
L2TP VPN
VPN Setup Wizard Quick Setup
21.1.2 What You Need to Know
IPSec Configuration Required for L2TP VPN
Pre-Shared Key
Secure Gateway 0.0.0.0
Using the Quick Setup VPN Setup Wizard
VPN Setup Wizard
Configuration Quick Setup VPN Setup VPN Settings for L2TP VPN Settings
Policy Route
Quick Setup VPN
Setup Allow L2TP traffic through WAN
Figure 382
21.2 L2TP VPN Screen
Configuration > VPN > L2TP VPN
Figure 383
LABEL DESCRIPTION
Create new Object
My Certificates
21.2.1 Example: L2TP and Zyxel Device Behind a NAT Router
Figure 384
Configuration > Object > Address/GEO IP > Address
Create new Object
any
Custom Defined
From ISP
Apply
Reset
LABEL DESCRIPTION
Configuration > VPN > IPSec VPN > VPN Connection Add IPv4 Configuration
Remote Access (Server Role)
Local Policy
Configuration > VPN > L2TP VPN VPN Connection
C
HAPTER
22
Remote AP VPN
22.1 Overview
Secure Tunnel SSID
Local Bridge SSID
Figure 385
22.2 Configuring a Remote AP
Configuration Wireless AP Management Mgnt. AP List Show Advanced
Settings
Remote AP AP Role Capability
Edit AP List
SSID Profile Secure Tunnel SSID
SSID Profile
OK
22.3 Remote AP VPN Screen
Configuration VPN Remote AP VPN
Figure 386
LABEL DESCRIPTION
Apply
Reset
C
HAPTER
23
BWM (Bandwidth
Management)
23.1 Overview
23.1.1 What You Can Do in this Chapter
BWM
23.1.2 What You Need to Know
BWM Type
Shared Per user Per-Source-IP
Shared
Per user
Per-Source-IP
Per user
A B C
Figure 387
DiffServ and DSCP Marking
Connection and Packet Directions
Figure 388
Outbound and Inbound Bandwidth Limits
Figure 389
Bandwidth Management Priority
Maximize Bandwidth Usage
Bandwidth Management Behavior
A B
A
B
Figure 390
Configured Rate Effect
POLICY CONFIGURED RATE MAX. B. U. PRIORITY ACTUAL RATE
Priority Effect
A
B
Maximize Bandwidth Usage Effect
A
B
A B
Priority and Over Allotment of Bandwidth Effect
A
B
23.2 The Bandwidth Management Configuration
Configuration > BWM
POLICY CONFIGURED RATE MAX. B. U. PRIORITY ACTUAL RATE
POLICY CONFIGURED RATE MAX. B. U. PRIORITY ACTUAL RATE
POLICY CONFIGURED RATE MAX. B. U. PRIORITY ACTUAL RATE
Figure 391
LABEL DESCRIPTION
Add
Activate
Inactivate
Move
default
any
none
any
any
any
default
af af
App Application Object
Application Object
Obj Service Object
Service Object
In
no
Out
no
Pri Pri Pri
LABEL DESCRIPTION
23.2.1 The Bandwidth Management Add/Edit Screen
Configuration > Bandwidth Management Add/Edit
802.1P Marking
Priority Code
In
Out
preserve
default
af af
Apply
Reset
LABEL DESCRIPTION
TPID Priority VID
Configuration > Bandwidth Management
Add Edit
Figure 392
Figure 393
LABEL DESCRIPTION
Create new Object
any
Create Object
none
Create new Object
any
Create new Object
any
User Defined
any
default
af af
Service Object Application Object
Service Object
any
Application Object
BitTorrent
LABEL DESCRIPTION
User Defined
af
af
preserve
default
0
0
BWM Type Shared
Maximize Bandwidth Usage
LABEL DESCRIPTION
23.2.1.1 Adding Objects for the BWM Policy
User Schedule Address Configuration BWM
Add Create New Object Add User
log log alert
no
OK
Cancel
LABEL DESCRIPTION
Figure 394
LABEL DESCRIPTION
Figure 395
Use Default
Lease Time
Reauthentication Time
LABEL DESCRIPTION
Figure 396
LABEL DESCRIPTION
One Time
or Recurring.
LABEL DESCRIPTION
C
HAPTER
24
Web Authentication
24.1 Web Auth Overview
Figure 397
24.1.1 What You Can Do in this Chapter
Configuration > Web Authentication
Configuration > Web Authentication > SSO
24.1.2 What You Need to Know
Single Sign-On
Forced User Authentication
Login Login
Login
Google Authentication
Summary of User Authentication Methods
CLIENT
SINGLE SIGN-
ON
GOOGLE
AUTHENTICATOR
USER AUTHENTICATION STEPS
24.2 Web Authentication General Screen
Web Authentication General
Figure 398
LABEL DESCRIPTION
User Agreement
Add
Figure 399
Remove
Add
Edit
Remove
Activate
Inactivate
Move
LABEL DESCRIPTION
Creating Exceptional Services
Add Exceptional Services
->
<-
OK Web Authentication
Cancel Web Authentication
Default
none
unnecessary
required
force
n/a Authentication unnecessary
n/a
LABEL DESCRIPTION
Figure 400
Creating/Editing an Authentication Policy
Configuration > Web Authentication > General Add
Edit Web Authentication Policy Summary Auth. Policy
Add/Edit
Figure 401
LABEL DESCRIPTION
any
any
any
any
none
none
unnecessary
required Force User Authentication
default-web-portal
default-user-agreement
OK
Cancel
24.2.1 User-aware Access Control Example
24.2.1.1 Set Up User Accounts
Configuration > Object > User/Group > User Add
User Type ext-user
OK
Figure 402
24.2.1.2 Set Up User Groups
Configuration > Object > User/Group > Group Add
Object Leo
Member OK
Figure 403
24.2.1.3 Set Up User Authentication Using the RADIUS Server
Configuration > Object > AAA Server > RADIUS radius
OK
Figure 404
Configuration > Object > Auth. Method default Add
group radius
OK
Figure 405
Configuration > Web Authentication Web Authentication > General Enable
Web Authentication Apply
Figure 406
Web Authentication Policy Summary Add
Enable Policy Authentication
required Force User Authentication
OK
Figure 407
24.2.1.4 User Group Authentication Using the RADIUS Server
Configuration > Object > AAA Server > RADIUS radius
Group Membership Attribute
Class
Figure 408
Configuration > Object > User/
Group > User Add
User Type ext-group-user Group Identifier
Associated AAA Server Object radius
Figure 409
24.2.2 Authentication Type Screen
Configuration > Web Authentication Authentication Type
Figure 410
LABEL DESCRIPTION
Add
Edit
Remove
Add/Edit an Authentication Type Profile
Add Web Authentication > Authentication Type
Edit Type
Figure 411
System > WWW > Login Page
System Default Page
External Page
Reset
LABEL DESCRIPTION
Figure 412
LABEL DESCRIPTION
User Agreement
Type Web Portal
Configuration > Web Authentication > Web Portal Customize File
Type User Agreement
Idle timeout
Enable Idle Detection
Configuration > Web Authentication > User Agreement Customize File
LABEL DESCRIPTION
24.2.3 Custom Web Portal / User Agreement File Screen
Configuration > Web Authentication Custom Web Portal File Custom User
Agreement File
Figure 413
OK
Cancel
LABEL DESCRIPTION
Figure 414
24.2.4 Facebook Wi-Fi Screen
Configuration > Web Authentication: General
LABEL DESCRIPTION
Remove
Download
Browse... Upload
Configuration > Web Authentication Facebook Wi-Fi
Figure 415
24.2.4.1 How to Configure Facebook for Facebook Wi-Fi
LABEL DESCRIPTION
Apply
Configure
User idle timeout
Apply
Reset
Configure
Create Page
Get Started
Save Settings
24.2.4.2 How to use the Zyxel Device’s Facebook Wi-Fi
Bypass Mode Require
Wi-Fi code
Continue Browsing
24.3 SSO Overview
U DC
Configuration > Web Authentication
Figure 416
24.4 SSO - Zyxel Device
Configuration
24.4.1 Configuration Overview
ZYXEL DEVICE SSO
SCREEN FIELD SCREEN FIELD
24.4.2 Configure the Zyxel Device to Communicate with SSO
Configuration > Web Authentication > SSO
SSO
Figure 417
LABEL DESCRIPTION
Gateway Port
Agent Listening Port
Agent Listening Port
24.4.3 Enable Web Authentication
Web Authentication
Enable Policy, Single Sign-On required Authentication
any source address
LABEL DESCRIPTION
24.4.4 Create a Security Policy
Configuration > Security Policy > Policy Control
24.4.5 Configure User Information
User ext-group-user
Group Identifier Group Membership
24.4.6 Configure an Authentication Method
group ad
24.4.7 Configure Active Directory
AAA Setup
Base DN Bind DN
24.5 SSO Agent Configuration
Configure Zyxel SSO Agent
Agent Listening Port AD server
Gateway
Server Address Port Base DN Bind DN Login Name Attribute Group Membership
Group Membership Group
Identifier
Gateway IP Gateway Port PreShareKey
Configuration > Web Authentication > SSO Generate Key
Check PreShareKey
Enable
Zyxel SSO Agent
C
HAPTER
25
Hotspot
25.1 Overview
25.2 Billing Overview
General
Billing Profile
Discount
Payment Service
25.2.1 What You Need to Know
Accumulation Accounting Method
Time-to-finish Accounting Method
25.3 The Billing > General Screen
Configuration > Hotspot > Billing > General
Figure 418
LABEL DESCRIPTION
Time to Finish
Accumulation
Accumulation
Block Maximum number per billing account
Remove previous user and login
Maximum number per billing account
Apply
Time
to Finish
Currency code User-Define
Selectable SSID Profiles
Selected SSID Profiles Selected SSID
Profiles
25.4 The Billing > Billing Profile Screen
Configuration > Hotspot > Billing > Billing Profile
Figure 419
Activated Not
Activated Expired
Expired Not Licensed
Buy Standard
Renew
Activate
Trial, Standard, None
LABEL DESCRIPTION
LABEL DESCRIPTION
25.4.1 The Account Generator Screen
Account Generator
Configuration > Hotspot > Billing > Billing Profile Preview
Account Generator
Edit
Remove
Activate
Inactivate
Accounting Method Time to Finish Billing
General
T U
D
U D
LABEL DESCRIPTION
Figure 420
LABEL DESCRIPTION
Button x Unit
Billing > Discount
SMS
Configuration > System > Notification > SMS
Send SMS
Cancel
n/a
Generate
Billing Profile
Cancel
Logout
LABEL DESCRIPTION
Printer Printer
Cancel
25.4.2 The Account Redeem Screen
Account Redeem Account
Redeem Account Generator
Figure 421
LABEL DESCRIPTION
Query
25.4.3 The Billing Profile Add/Edit Screen
Billing Profile Add/Edit
Configuration > Hotspot > Billing > Billing Profile Add Edit
Figure 422
Cancel
Logout
LABEL DESCRIPTION
LABEL DESCRIPTION
minute hour day
25.5 The Billing > Discount Screen
Configuration >
Hotspot > Billing > Discount
Accounting Method Time to Finish
Billing > General
Total
Upload/Download
Total MB
GB
0
Upload/Download MB GB
0
Upload/Download MB GB
0
OK
Cancel
LABEL DESCRIPTION
Figure 423
LABEL DESCRIPTION
Edit
Remove
25.5.1 The Discount Add/Edit Screen
Discount Add/Edit
Configuration > Hotspot > Billing > Discount Add Edit
Figure 424
25.6 The Billing > Payment Service Screen
Configuration > Hotspot > Billing >
Payment Service
LABEL DESCRIPTION
OK
Cancel
Figure 425
LABEL DESCRIPTION
25.6.1 The Payment Service > Desktop / Mobile View Screen
Configuration > Hotspot > Billing > Payment Service > Desktop View Mobile View
On-Screen
SMS
On-Screen and SMS
Configuration > System > Notification >
SMS
LABEL DESCRIPTION
Figure 426
Figure 427
LABEL DESCRIPTION
C
HAPTER
26
Printer Manager
26.1 Printer Manager Overview
26.1.1 What You Can Do in this Chapter
Printer Manager > General
Printer Manager > Printout Configuration
26.2 The Printer Manager > General Screen
Configuration > Hotspot > Printer Manager > General
Figure 428
LABEL DESCRIPTION
Edit
Remove
Activate
Inactivate
Printer Manager > General > Add
Connection
n/a sync fail
sync progressing
n/a
n/a sync fail
Activated Not
Activated Expired
Expired Not Licensed
Buy Standard
Renew
Activate
Trial, Standard, None
LABEL DESCRIPTION
26.2.1 Add Printer Rule
Add
Figure 429
26.2.2 Edit Printer Rule
Printer Manager > General Edit
Edit
sync fail sync progressing
Figure 430
LABEL DESCRIPTION
()+,/:=?!*#@$_%-”
OK
Cancel
26.2.3 Discover Printer
Discover Printer Printer Manager > General
Printer Manager
>General > Add
LABEL DESCRIPTION
()+,/:=?!*#@$_%-”
Use Fixed IP Address
Use Fixed IP Address
Use Fixed IP Address
OK
Cancel
Figure 431
LABEL DESCRIPTION
Un-Mgnt
Printer List Mgnt Printer List
Edit
sync fail sync
progressing
Mgnt Printer
Un-Mgnt Printer
n/a sync fail
sync progressing
n/a
n/a sync fail
26.2.4 Edit Printer Manager (Discover Printer)
Printer Manager > General > Discover Printer Edit
Figure 432
LABEL DESCRIPTION
Use Fixed IP Address
Use Fixed IP Address
Use Fixed IP Address
OK
Cancel
26.3 The Printout Configuration Screen
Configuration > Hotspot > Printer Manager >
Printout Configuration
Figure 433
LABEL DESCRIPTION
Download
Upload
Restore
26.4 Printer Reports Overview
26.4.1 Key Combinations
26.4.2 Daily Account Summary
REPORT TYPE KEY COMBINATION
Figure 434
26.4.3 Monthly Account Summary
Figure 435
26.4.4 Account Report Notes
Daily Account
----------------------------
2013/05/10
Username Price
----------------------------
p2m6pf52 1.00
s4pcms28 2.00
----------------------------
TOTAL ACCOUNTS: 2
TOTAL PRICE: $ 3.00
----------------------------
2013/05/10 20:00:00
---End---
Monthly Account
----------------------------
2013/05
Username Price
----------------------------
p2m6pf52 1.00
s4pcms28 2.00
7ufm7z22 2.00
qm5fxn95 6.00
----------------------------
TOTAL ACCOUNTS: 4
TOTAL PRICE: $ 11.00
----------------------------
2013/05/17 20:00:11
---End---
Monitor > System Status > Dynamic Guest
26.4.5 System Status
Figure 436
System Status
--------------------------------------
Item Description
--------------------------------------
SYST 02:02:35
WAST Link up
WLST Activate
FWVR 2.50(AACG.0)
BTVR 1.22
WAMA 00-90-0E-00-4A-29
LAMA 00-90-0E-00-4A-30
WAIP 10.21.2.267
LAIP 172.16.0.1
WLIP 10.59.1.1
DHSP 10.59.1.33
DHEP 10.59.1.254
--------------------------------------
CPUS 5%
MEMS 40%
DKST 5%
--------------------------------------
2012/04/12 17:10:22
---End---
LABEL DESCRIPTION
LABEL DESCRIPTION
C
HAPTER
27
Free Time
27.1 Free Time Overview
27.1.1 What You Can Do in this Chapter
Free Time
27.2 The Free Time Screen
Configuration > Hotspot > Free Time
Figure 437
LABEL DESCRIPTION
Daily
Weekly
Monthly
Reset Time
Daily
Weekly
Monthly
Reset Time
Maximum Registration Number Before Reset Time Reset
Time Daily Reset Time
On-Screen
SMS
On-Screen and SMS
Configuration > System > Notification >
SMS
Activated Not
Activated Expired
Expired Not Licensed
Buy Standard
Renew
Activate
Trial, Standard, None
LABEL DESCRIPTION
OK
C
HAPTER
28
IPnP
28.1 IPnP Overview
Figure 438
28.1.1 What You Can Do in this Chapter
IP
28.1.2 IPnP Screen
Configuration > Hotspot > IPnP
Figure 439
LABEL DESCRIPTION
Available
Member
Member
Activated Not
Activated Expired
Expired Not Licensed
Buy Standard
Renew
Activate
Trial, Standard, None
Apply
Reset
LABEL DESCRIPTION
C
HAPTER
29
Walled Garden
29.1 Walled Garden Overview
29.2 Walled Garden > General Screen
Walled Garden
Configuration > Hotspot > Walled Garden
Figure 440
LABEL DESCRIPTION
29.3 Walled Garden > URL Base Screen
Configuration > Hotspot > Walled Garden URL Base
Figure 441
Activated Not
Activated Expired
Expired Not Licensed
Buy Standard
Renew
Activate
Trial, Standard, None
LABEL DESCRIPTION
LABEL DESCRIPTION
Add
Edit
29.3.1 Adding/Editing a Walled Garden URL
Configuration > Web Authentication > Walled Garden > URL Base Add
Edit Add/Edit Walled Garden URL
Figure 442
Remove
Activate
Inactivate
Move
LABEL DESCRIPTION
LABEL DESCRIPTION
29.4 Walled Garden > Domain/IP Base Screen
Configuration > Hotspot > Walled Garden Domain/IP Base
Figure 443
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
Add
Edit
Remove
Activate
Inactivate
29.4.1 Adding/Editing a Walled Garden Domain or IP
Configuration > Hotspot > Walled Garden > Domain/IP Base Add
Edit Add/Edit Walled Garden Domain/IP
Figure 444
29.4.2 Walled Garden Login Example
WalledGardenLink1 2
LABEL DESCRIPTION
LABEL DESCRIPTION
Domain
IP
OK
Cancel
Figure 445
C
HAPTER
30
Advertisement Screen
30.1 Advertisement Overview
Configuration > Hotspot > Advertisement
Figure 446
LABEL DESCRIPTION
Add
Edit
Remove
30.1.1 Adding/Editing an Advertisement URL
Configuration > Hotspot > Advertisement Add Edit Advertisement
Summary Add/Edit Advertisement URL
Figure 447
Activated Not
Activated Expired
Expired Not Licensed
Buy Standard
Renew
Activate
Trial, Standard, None
LABEL DESCRIPTION
LABEL DESCRIPTION
OK
Cancel
C
HAPTER
31
Security Policy
31.1 Overview
Figure 448
31.2 One Security
Figure 449
1
2
3
4
Figure 450
1
2
2
3
Figure 451
ONESECURITY ICON SCREEN
3
31.3 What You Can Do in this Chapter
Security Policy Control
Anomaly Detection and Prevention
Session Control
31.3.1 What You Need to Know
Stateful Inspection
Zones
ONESECURITY ICON SCREEN
Default Directional Security Policy Behavior
To-Device Policies
Device To Zone
From Any To Device
Global Security Policies
from any to any
from any to any
Security Policy Rule Criteria
FROM ZONE TO ZONE BEHAVIOR
User Specific Security Policies
Session Limits
31.4 The Security Policy Screen
Asymmetrical Routes
A
A Subnet 2
Subnet 1
Figure 452
31.4.1 Configuring the Security Policy Control Screen
Configuration > Security Policy > Policy Control Security Policy
Figure 453
LABEL DESCRIPTION
Show Filter
any
Add
Edit
Remove
Activate
Inactivate
Move
Clone
Clone
LABEL DESCRIPTION
31.4.2 The Security Check for Web Interface Screen
Secure It
Default
LAN LAN
any To Zone
any From Zone
any any
ZyWALL
none
deny allow reject
log log alert
no
Apply
Reset
LABEL DESCRIPTION
Figure 454
LABEL DESCRIPTION
31.4.3 The Security Policy Control Add/Edit Screen
Security Policy Control Edit Add Security Policy Edit or Add
Figure 455
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
any
Device
any
any
Configuration Object Device Insight
any
any
any
none
deny
reject
allow
log log alert no
31.5 Anomaly Detection and Prevention Overview
Traffic Anomalies
Protocol Anomalies
Configuration > Security Policy > ADP Profile
Configuration > Security Policy > ADP General
31.5.1 The Anomaly Detection and Prevention General Screen
Configuration > Security Policy > ADP > General
Configuration > Security Service
none
Log log log alert no
none
Configuration > Security Service > App Patrol
none
Configuration > Security Service > Content Filter
none
Configuration > Security Service > SSL Inspection
OK
Cancel
LABEL DESCRIPTION
Figure 456
LABEL DESCRIPTION
Add
Priority
Activate
Inactivate
Move
31.5.2 Creating New ADP Profiles
Configuration > Security Policy > ADP > Profile
OK
Configuration > Security Policy > ADP > Profile
Figure 457
From ZyWALL
From LAN
From WAN
LABEL DESCRIPTION
LABEL DESCRIPTION
Configuration > Security Policy
> ADP > Profile
Add none all Base Profile
none Log no Action
none
all Log log Action block
References
Refresh
Clone
Clone
31.5.3 Traffic Anomaly Profiles
LABEL DESCRIPTION
_
Activate
Inactivate
Log
log log alert no
Action
none
block
Configuration > Security Policy > ADP > Profile Edit Add
Traffic Anomaly
Name
Log
Action
OK
Cancel
Save
OK
LABEL DESCRIPTION
Figure 458
31.5.4 Protocol Anomaly Profiles
Teardrop
IP Spoofing
LABEL DESCIRPTION
_
Activate
Inactivate
Log
log log alert no
Action
original setting
none
drop
reject-sender
reject-receiver
reject-both
Name
Log
Action
OK
Cancel
Save
OK
LABEL DESCIRPTION
Figure 459
31.5.5 The ADP Allow List Screen
Configuration Security Policy ADP Allow List
Figure 460
LABEL DESCRIPTION
Add
Edit
Remove
Activate
Inactivate
Apply
Reset
31.5.6 Creating New ADP Allow List Rule
Configuration > Security Policy > ADP > Allow List
Figure 461
31.6 The Session Control Screen
Configuration > Security Policy > Session Control Security Policy Session Control
LABEL DESCRIPTION
any
any
any
OK
Cancel
Figure 462
LABEL DESCRIPTION
Add
Edit
Remove
Activate
31.6.1 The Session Control Add/Edit Screen
Configuration > Security Policy > Session Control Add Edit Add or Edit
Figure 463
Inactivate
Move
Apply
Reset
LABEL DESCRIPTION
LABEL DESCRIPTION
31.7 Security Policy Example Applications
Figure 464
any
any
any
any
Default Session per Host
Security Policy Session Control
OK
Cancel
LABEL DESCRIPTION
# USER SOURCE DESTINATION SCHEDULE SERVICE ACTION
Figure 465
# USER SOURCE DESTINATION SCHEDULE SERVICE ACTION
Figure 466
Figure 467
# USER SOURCE DESTINATION SCHEDULE SERVICE ACTION
C
HAPTER
32
Application Patrol
32.1 Overview
32.1.1 What You Can Do in this Chapter
App Patrol
App Patrol Add/Edit
32.1.2 What You Need to Know
Application Profiles & Policies
Classification of Applications
Custom Ports for SIP and the SIP ALG
32.2 Application Patrol Profile
Configuration > Security Service > App Patrol
Application Patrol
Figure 468
32.2.1 Profile Action: Apply to a Security Policy
Action
Configuration > Security Policy > Policy Control
LABEL DESCRIPTION
Add
Edit
Remove
References
Configuration > Security Policy > Policy Control
Figure 469
LABEL DESCRIPTION
Show Filter
any
Default
LAN LAN
any To Zone
any From Zone
any any
ZyWALL
none
deny allow reject
log log alert
no
OK
Cancel
LABEL DESCRIPTION
32.2.2 Application Patrol Profile > Add/Edit - My Application
Configuration > Security Service > App Patrol > Add/
Edit My Application
Figure 470
LABEL DESCRIPTION
_
_
Query Result
32.2.3 Application Patrol Profile > Add/Edit - Query Result
Configuration > Security Service > App Patrol > Add Query Result
My Application
Edit Query Result
Query Result
Remove
log log alert
no
forward
drop
reject
forward
drop
reject
log log alert
no
OK
Cancel
Save
LABEL DESCRIPTION
Figure 471
LABEL DESCRIPTION
_
_
forward
drop
reject
log log alert
no
My Application
Cancel
LABEL DESCRIPTION
C
HAPTER
33
Content Filter
33.1 Overview
33.1.1 What You Can Do in this Chapter
Web Content Filter General
Web Content Filter Trusted Web Sites
Web Content Filter Forbidden Web Sites
DNS Content Filter General
DNS Content Filter Allow List
DNS Content Filter Block List
33.1.2 What You Need to Know
Web Content Filter
Web Content Filtering Process
Web Content Filtering Policies
Web Content Filtering Profiles
Web Content Filtering Configuration Guidelines
External Web Filtering Service
HTTPS Domain Filter
Keyword Blocking URL Checking
DNS Content Filter
DNS Content Filter Process
Finding Out More
33.1.3 Before You Begin
Licensing Registration
33.2 Web Content Filter General Screen
Configuration > Security Service> Content Filter > Web Content Filter> General Web
Content Filter General
Content Filter
Figure 472
LABEL DESCRIPTION
33.2.1 Apply to a Security Policy
Action
Configuration > Security Policy > Policy Control
Redirect URL
References
Configuration > Security Policy > Policy Control
Apply
Reset
LABEL DESCRIPTION
Figure 473
LABEL DESCRIPTION
Show Filter
any
Default
LAN LAN
any To Zone
any From Zone
any any
ZyWALL
none
deny allow
reject
log log alert
no
LABEL DESCRIPTION
33.2.2 Web Content Filter Add Category Service
Configuration > Security Service > Content Filter > Web Content Filter > General > Add or Edit
Add
Figure 474
OK
LABEL DESCRIPTION
LABEL DESCRIPTION
_
_
https://www.google.com.tw/?gws_rd=ssl#q=porn&safe=active
Pass
Block
Content Filter General
Log
Pass
Block
Content Filter General
Warn
Log
Pass
Block
Warn
Content Filter Server Unavailable Timeout
Log
Block Warn Log Action for Managed Web
Pages Action for Unrated Web Pages Action When Category Server is
Unavailable
Monitor Log View Log Priority
URL to test
OK
Cancel
LABEL DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
33.2.3 Content Filter Add Filter Profile Custom Service
Configuration > Security Service > Content Filter > Web Content Filter> General > Add or Edit >
Custom Service Custom Service
CATEGORY DESCRIPTION
Figure 475
LABEL DESCRIPTION
_
_
Trusted Web Sites
Trusted Web Sites
LABEL DESCRIPTION
33.3 Web Content Filter Trusted Web Sites Screen
Configuration > Security Service > Content Filter > Web Content Filter > Trusted/Forbidden Web
Sites> Trusted Web Sites Trusted Web Sites
Web Content Filter Profiles
Common Trusted Web Sites
OK
Cancel
LABEL DESCRIPTION
Figure 476
33.4 Web Content Filter Forbidden Web Sites Screen
Configuration > Security Service > Content Filter > Web Content Filter > Trusted/Forbidden Web
Sites> Forbidden Web Sites Forbidden Web Sites
Filter Profiles
Common Forbidden Web Sites
LABEL DESCRIPTION
Apply
Reset
Figure 477
33.5 DNS Content Filter General Screen
Configuration > Security Service> Content Filter > DNS Content Filter> General DNS
Content Filter General
LABEL DESCRIPTION
Apply
Reset
Content Filter
Figure 478
LABEL DESCRIPTION
default
custom defined
References
Configuration > Security Policy > Policy Control
Apply
Reset
33.5.1 DNS Content Filter Add Profile
Configuration > Security Service > Content Filter > DNS Content Filter > General > Add or Edit
Add
Figure 479
LABEL DESCRIPTION
_
_
pass
redirect
log
alert
none
OK
Cancel
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
33.6 DNS Content Filter Allow List Screen
Configuration > Security Service > Content Filter > DNS Content Filter > Allow List Allow
List DNS
Content Filter Profiles
Figure 480
CATEGORY DESCRIPTION
LABEL DESCRIPTION
Activate
Inactivate
33.7 DNS Content Filter Block List Screen
Configuration > Security Service > Content Filter > DNS Content Filter > Block List Block
List DNS Content
Filter Profiles
Figure 481
33.8 Content Filter Technical Reference
External Content Filter Server Lookup Procedure
LABEL DESCRIPTION
Activate
Inactivate
Figure 482
Content Filter Cache
C
HAPTER
34
Anti-Malware
34.1 Overview
Figure 483
Virus, Worm, and Spyware
Hash Value
Local Signature Databases
Cloud Query
Cloud Query Defend Center
A B DC
Figure 484
Registration > Service
Anti-Malware Scan Process
Anti-Malware Scanning Procedure:
Destroy infected file
Cloud Query
Destroy infected file
Figure 485
File Scanning Cloud Query Supported File Types
Notes About the Zyxel Device Anti-Malware
Cloud Query
Enable file decompression (ZIP and RAR)
Finding Out More
34.1.1 What You Can Do in this Chapter
Anti-Malware
White List
Black List
Signature
34.2 Anti-Malware Screen
Configuration > Security Service Anti-Malware
Anti-Malware
Destroy infected file log no
If Destroy infected file is disabled, any malicious file found can still be
executed by the end user after it is forwarded. The administrator would
have to inform the user if there is an infected file.
Figure 486
LABEL DESCRIPTION
File Type For Scan
no
log
log alert
Activate
Inactivate
Activate
LABEL DESCRIPTION
34.3 The Allow List Screen
Configuration Security Service Anti-Malware Block/Allow List Allow List
Add Edit Remove
Inactivate
Apply
Reset
LABEL DESCRIPTION
Figure 487
LABEL DESCRIPTION
MD5 Hash
Activate
MD5 Hash File Pattern
MD5 Hash File Pattern
_
34.4 The Block List Screen
Configuration Security Service Anti-Malware Block/Allow List Block List
Add Edit Remove
Figure 488
Apply
Reset
LABEL DESCRIPTION
LABEL DESCRIPTION
MD5 Hash
Activate
34.5 Anti-Malware Signature Searching
Configuration > Security Service > Anti-Malware > Signature
No
Figure 489
MD5 Hash File Pattern
MD5 Hash File Pattern
_
Apply
Reset
LABEL DESCRIPTION
34.6 Anti-Malware Profile
Figure 490
Figure 491
LABEL DESCRIPTION
Search
Name
Router# configure terminal
Router(config)# secure-policy-style advance
Router(config)# show secure-policy-style status
secure-policy-style: advance
34.6.1 Add or Edit an Anti-Malware Profile
Add Edit
Figure 492
LABEL DESCRIPTION
Add
Edit
Remove
LABEL DESCRIPTION
_
_
no
log
log alert
34.6.2 Link a Profile
Configuration > Security Policy > Policy Control
Edit Edit Policy Profile
OK
Cancel
LABEL DESCRIPTION
Figure 493
34.6.3 Anti-Malware Advance Screen
Security Service > Anti-Malware > Anti-Malware
Figure 494
LABEL DESCRIPTION
default_profile
default_profile
Profile
Security
Policy > Policy Control.
34.6.4 Remove Profiles
Inspect by policy Inspect all traffic
Security Policy > Policy Control
Figure 495
File Type For Scan
Apply
Reset
LABEL DESCRIPTION
Router# configure terminal
Router(config)# secure-policy-style general
Router(config)# show secure-policy-style status
secure-policy-style: general
34.7 Anti-Malware Technical Reference
Types of Malware
Malware Infection and Prevention
Types of Anti-Malware Scanner
TYPE DESCRIPTION
C
HAPTER
35
Reputation Filter
35.1 Overview
Reputation Filter
35.1.1 What You Need to Know
URL Threat Filter
35.1.2 What You Can Do in this Chapter
URL Threat Filter
35.2 URL Threat Filter Screen
URL Threat Filter
Configuration > Security Service > Reputation Filter > URL Threat Filter
Figure 496
LABEL DESCRIPTION
block
warn
pass
no
log
log alert:
Redirect URL
Query
Apply
Reset
LABEL DESCRIPTION
35.2.1 URL Threat Filter Allow List Screen
Figure 497
35.2.2 URL Threat Filter Block List Screen
LABEL DESCRIPTION
Apply
Reset
Figure 498
35.2.3 URL Threat Filter External Block List Screen
LABEL DESCRIPTION
Apply
Reset
Figure 499
LABEL DESCRIPTION
Enable URL Blocking Configuration Security Service
Reputation Filter URL Threat Filter General
()+/
:=?!*#@$_%-
()+/
:=?!*#@$_%-
35.3 URL Threat Filter Profile
Figure 500
Registration
Apply
Reset
LABEL DESCRIPTION
Router# configure terminal
Router(config)# secure-policy-style advance
Router(config)# show secure-policy-style status
secure-policy-style: advance
Figure 501
35.3.1 Add or Edit a URL Threat Filter Profile
Add Edit
Figure 502
LABEL DESCRIPTION
Add
Edit
Remove
LABEL DESCRIPTION
_
_
block
warn
pass
no
log
log alert:
35.3.2 Link a Profile
Configuration > Security Policy > Policy Control
Edit Edit Policy Profile
OK
Cancel
LABEL DESCRIPTION
Figure 503
35.3.3 URL Threat Filter Advance Screen
Configuration > Security Service > Reputation Filter > URL Threat Filter
Figure 504
LABEL DESCRIPTION
default_profile
default_profile
Profile
Security
Policy > Policy Control.
Redirect URL
Query
35.3.4 Remove Profiles
Inspect by policy Inspect all traffic
Security Policy > Policy Control
Figure 505
Apply
Reset
LABEL DESCRIPTION
Router# configure terminal
Router(config)# secure-policy-style general
Router(config)# show secure-policy-style status
secure-policy-style: general
C
HAPTER
36
IPS
36.1 Overview
36.1.1 What You Can Do in this Chapter
Security Service > IPS
Security Service > IPS > Custom Signature > Add
Security Service > IPS > Allow List
36.1.2 What You Need To Know
Packet Inspection Signatures
Rate Based Signatures
Rate Based Signature
Figure 506
Figure 507
Applying Your IPS Configuration
36.1.3 Before You Begin
Registration
36.2 The IPS Screen
Configuration > Security Service > IPS
Registration
IPS
Figure 508
LABEL DESCRIPTION
Custom
Signatures
Severe
High
Medium
Low
Very-Low
SID, Name, Severity, Classification Type,
Platform, Service, Log Action SID
Export
Save
Add
Browse Import
IPS > Custom Signatures
Activate
Inactivate
Log
log log alert no
LABEL DESCRIPTION
Action
none
drop
reject-sender
reject-receiver
reject-both
Severe
High
Medium
Low
Very-Low
LABEL DESCRIPTION
Count
Action
Count Period
Action
Period
Action
log
log an alert
no
none
drop
reject-sender
reject-receiver
reject-both
Apply
Reset
LABEL DESCRIPTION
Policy Types
Policy Types
POLICY TYPE DESCRIPTION
IPS Service Groups
36.2.1 Query Example
POLICY TYPE DESCRIPTION
Figure 509
36.3 IPS Custom Signatures
IP Packet Header
Figure 510
Configuration > Security Service Custom Signature Rules
SID Name Add
Edit
reject-both, reject-receiver or reject-sender,
drop, none reject-receiver
reject-sender reject-both
36.3.1 Add / Edit Custom Signatures
Add Edit
HEADER DESCRIPTION
Security
Option, IP Stream Identifier Record
Route Loose Source Routing
Strict Source Routing
Timestamp
End of IP List No IP Options
Figure 511
LABEL DESCRIPTION
_
Add
Threshold
Type Of Service Equal
Not-Equal
Identification
Fragment Offset Equal
Smaller Greater
Equal Smaller Greater
Security
Option, IP Stream Identifier Record
Route Loose Source Routing
Strict Source Routing
Timestamp
End of IP List No IP Options IP Options
TCP UDP ICMP
Established
Stateless
To Client
To Server
From Client
From Servers
No Stream
Only Stream
LABEL DESCRIPTION
36.3.2 Custom Signature Example
Equal Smaller Greater
Yes
Yes
LABEL DESCRIPTION
36.3.2.1 Understand the Vulnerability
36.3.2.2 Analyze Packets
Figure 512
Figure 513
36.3.3 Applying Custom Signatures
Configuration > Security
Service > IPS > Profile > Edit
36.3.4 Verifying Custom Signatures
Monitor > Log
Priority warn critical
IPS
Note ACCESS FORWARD
ACCESS DENIED
Figure 514
36.4 The Allow List Screen
Configuration > Security Service > IPS > Allow List Add
Edit Remove
Figure 515
36.5 IPS Profile
Figure 516
Figure 517
LABEL DESCRIPTION
Apply
Reset
Router# configure terminal
Router(config)# secure-policy-style advance
Router(config)# show secure-policy-style status
secure-policy-style: advance
36.5.1 Add or Edit an IPS Profile
Add Edit
Figure 518
LABEL DESCRIPTION
Add
Edit
Remove
LABEL DESCRIPTION
_
_
Custom
Signatures
Severe
High
Medium
Low
Very-Low
36.5.2 Link a Profile
Configuration > Security Policy > Policy Control
Edit Edit Policy Profile
Figure 519
SID, Name, Severity, Classification Type,
Platform, Service, Log Action SID
OK
Cancel
LABEL DESCRIPTION
36.5.3 The IPS Advance Screen
Configuration > Security Service > IPS
Figure 520
LABEL DESCRIPTION
default_profile default_detect_only
default_profile
default_detect_only
default_profile default_detect_only
Profile
Security
Policy > Policy Control.
36.5.4 Remove Profiles
Inspect by policy Inspect all traffic
Security Policy > Policy Control
Export
Save
Add
Browse Import
IPS > Custom Signatures
Apply
Reset
LABEL DESCRIPTION
Figure 521
36.6 IPS Technical Reference
Host Intrusions
Network Intrusions
Snort Signatures
Router# configure terminal
Router(config)# secure-policy-style general
Router(config)# show secure-policy-style status
secure-policy-style: general
alert tcp any any -> 192.168.1.0/24 111 (content:”|00 01 a5|”; msg:”mountd access”;)
ZYXEL DEVICE TERM SNORT EQUIVALENT TERM
ZYXEL DEVICE TERM SNORT EQUIVALENT TERM
C
HAPTER
37
Email Security
37.1 Overview
37.1.1 What You Can Do in this Chapter
Email Security
Block/Allow List
37.1.2 What You Need to Know
Allow List
Block List
SMTP and POP3
Email Headers
File > Properties > Details Message Source
Email Header Buffer Size
DNSBL
Finding Out More
37.2 Before You Begin
37.3 The Email Security Screen
Configuration > Security Service Email Security Email Security
Email Security
Figure 522
LABEL DESCRIPTION
Activate
Inactivate
drop
forward
forward with tag
forward
forward with tag
log log alert
no
Forward Session
Drop Session
LABEL DESCRIPTION
37.4 The Allow List Screen
Configuration > Security Service Email Security > Block
Allow List> Allow List Allow List
drop
forward
forward with tag
forward
forward with tag
Actions when Query Timeout
first N IPs
last N IPs
Apply
Reset
LABEL DESCRIPTION
Figure 523
37.5 The Block List Screen
Configuration > Security Service Email Security > Block Allow List> Black List Block
List
LABEL DESCRIPTION
Activate
Inactivate
Apply
Reset
Figure 524
37.5.1 The Block or Allow List Add/Edit Screen
Block List Allow List Add Edit
LABEL DESCRIPTION
Activate
Inactivate
Apply
Reset
Figure 525
LABEL DESCRIPTION
Subject
IP Address
IPv6 Address
E-Mail Address
Mail Header
Subject
IP Address
IPv6 Address
IP
E-Mail
37.5.2 Regular Expressions in Block or Allow List Entries
37.6 Email Security Profile
Mail Header
Mail Header
OK
Cancel
LABEL DESCRIPTION
Router# configure terminal
Router(config)# secure-policy-style advance
Router(config)# show secure-policy-style status
secure-policy-style: advance
Figure 526
Figure 527
37.6.1 Add or Edit Email Security Profile
Add Edit
LABEL DESCRIPTION
Add
Edit
Remove
WL BL
Malicious Mail, DNSBL
Figure 528
LABEL DESCRIPTION
_
_
log log alert
no
37.6.2 Link a Profile
Configuration > Security Policy > Policy Control
Edit Edit Policy Profile
drop
forward
forward with tag
forward
forward with tag
OK
Cancel
Add
LABEL DESCRIPTION
Figure 529
37.6.3 The Email Security Advance Screen
Configuration > Security Service Email Security
Figure 530
LABEL DESCRIPTION
default_profile
default_profile
Profile
Security
Policy > Policy Control.
Activate
Inactivate
Forward Session
Drop Session
drop
forward
forward with tag
forward
forward with tag
Actions when Query Timeout
LABEL DESCRIPTION
37.6.4 Remove Profiles
Inspect by policy Inspect all traffic
Security Policy > Policy Control
Figure 531
37.7 Email Security Technical Reference
DNSBL
first N IPs
last N IPs
Apply
Reset
LABEL DESCRIPTION
Router# configure terminal
Router(config)# secure-policy-style general
Router(config)# show secure-policy-style status
secure-policy-style: general
Figure 532
Figure 533
Figure 534
C
HAPTER
38
Collaborative Detection &
Response
38.1 Overview
KEY CDR SETTING RESULT
Block wireless client
Configuration > Security Service > CDR >
Collaborative Detection & Response
Block wireless client
Configuration > Security Service > CDR >
Collaborative Detection & Response.
Block wireless client
Configuration > Security Service > CDR >
Collaborative Detection & Response.
Quarantine VLAN ID
Configuration > Security Service > CDR >
Collaborative Detection & Response.
Figure 535
38.1.1 What You Can Do in this Chapter
Collaborative Detection & Response
Exempt List
38.2 Before You Begin
LABEL DEFINITION
Block wireless client Configuration > Security Service > CDR >
Collaborative Detection & Response
SECURITY SIGNATURES SIGNATURES APPLIED TO CDR
MANAGED AP MODELS
Monitor > CDR > Containment List
Containment Period
cdr blocked-by mac
38.3 The Collaborative Detection & Response Screen
Configuration > Security Service Collaborative Detection & Response
Figure 536
LABEL DESCRIPTION
Occurrence Duration
Containment
Web Threat
Malware IDP
Duration
Containment
Occurrence
Containment
Occurrence Duration
CDR
Containmen
Alert
Block
Quarantine
Block & Alert Block Alert
Quarantine & Alert Quarantine Alert
38.3.1 Add VLAN
Add VLAN
Block Quarantine
Denied access message
Block Quarantine
Redirect external URL
Block Quarantine
Monitor > CDR > Containment List.
Apply
Reset
LABEL DESCRIPTION
Figure 537
LABEL DESCRIPTION
internal
external
general
Configuration > BWM
()+/:=?!*#@$_%-
Use Fixed IP Address
Use Fixed IP Address
Use Fixed IP Address
IGMP Upstream
IGMP Downstream
icmp
tcp
Check Method tcp
LABEL DESCRIPTION
any one
all
None
DHCP Relay
DHCP Server
DHCP Relay
DHCP Server
Add Static DHCP
Pool Size
Subnet Mask Subnet Mask
IP Pool Start Address
IP Pool Start Address
Custom Defined
From ISP
Zyxel Device
DHCP Server
Custom Defined
LABEL DESCRIPTION
infinite
days, hours, and minutes
DHCP server
DHCP Server
IP Pool Start Address Pool Size
()+/:=?!*#@$_%-
LABEL DESCRIPTION
BiDir
In-Only
Out-Only
1 2 1 and 2
1 2 1 and 2
None
Same-as-Area
None
Text
MD5
Authentication Text
Authentication MD5
Authentication MD5
Interface Properties External General
LABEL DESCRIPTION
38.4 The Exempt List Screen
Configuration > Security Service CDR > Exempt List
Figure 538
Add IPv4 Address IPv4 CIDR IPv4
Range
IPv4 Address
Remove
WAN TRUNK
Policy Route
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
Add Edit
Apply
Reset
C
HAPTER
39
SSL Inspection
39.1 Overview
U
D Z
D
Figure 539
39.1.1 What You Can Do in this Chapter
Security Service > SSL Inspection > Profile
Add Edit
Security Service > SSL Inspection > Exclude List
Security Service > SSL Inspection > Certificate Update
39.1.2 What You Need To Know
39.1.3 What You Can Do in this Chapter
Configuration Object > Certificate > My Certificates
Monitor > Security Statistics > SSL Inspection
Configuration Security Policy > Policy Control > Policy
39.1.4 Before You Begin
Object >
Certificate > My Certificates
39.2 The SSL Inspection Profile Screen
Configuration > Security Service > SSL Inspection > Profile
Figure 540
LABEL DESCRIPTION
RSA 1024 RSA 2048
ECDSA-RSA-1024 ECDSA-RSA-2048
ECDSA-RSA-1024
ECDSA-RSA-2048
RSA-1024
RSA-2048 RSA-1024
RSA-2048
ECDSA-RSA-1024
RSA-1024
RSA-1024
ECDSA-256
ECDSA-RSA-2048
pass
RSA-2048
ECDSA-256
Add
39.2.1 Apply to a Security Policy
Action
Configuration > Security Policy > Policy Control
References
Configuration > Security Policy > Policy Control
LABEL DESCRIPTION
Figure 541
LABEL DESCRIPTION
Show Filter
any
Default
LAN LAN
any To Zone
any From Zone
any any
ZyWALL
none
deny allow reject
log log alert
no
OK
Cancel
LABEL DESCRIPTION
39.2.2 Add / Edit SSL Inspection Profiles
Configuration > Security Service > SSL Inspection > Profile > Add
Edit
Figure 542
LABEL DESCRIPTION
_
Object > Certificate > My
Certificates
no
log
log alert
Monitor > Log
39.3 Exclude List Screen
Configuration > Security Service > SSL Inspection > Exclude List
Add Edit Remove
pass block
no
log
log alert
Monitor > Log
pass inspect block
no
log
log alert
Monitor > Log
OK
Cancel
LABEL DESCRIPTION
Figure 543
LABEL DESCRIPTION
Object > Certificate > My Certificates
Monitor > Security Statistics > SSL Inspection > Certificate Cache List
Add to Exclude List
Exclude List Address
Settings
Alcohol
Apply
Reset
CATEGORY DESCRIPTION
LABEL DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
CATEGORY DESCRIPTION
39.4 Certificate Update Screen
U D 1 Z 2 Z
D Z
D 3 U 4 M
Figure 544
Configuration > Security Service > SSL Inspection > Certificate Update
CATEGORY DESCRIPTION
Figure 545
39.5 Install a CA Certificate in a Browser
Trusted Root Certification Authorities > Certificates
LABEL DESCRIPTION
Apply
Reset
Action > All Tasks > Import Certificate Import Wizard
39.5.0.1 Firefox Browser
Tools > Options > Advanced > Encryption > View Certificates Import
C
HAPTER
40
IP Exception
40.1 Overview
40.2 The IP Exception Screen
Configuration > Security Service > IP Exception Add
Edit Remove
Figure 546
40.2.1 The IP Exception Add/Edit Screen
Configuration > Security Service > IP Exception > Add/Edit
Figure 547
LABEL DESCRIPTION
any
any
LABEL DESCRIPTION
any any
any any
Yes
No
OK
Cancel
LABEL DESCRIPTION
C
HAPTER
41
Astra Cloud Security
41.1 Overview
http://www.zyxel.com/web-help-compact/AstraPortal/
index.html
http://www.zyxel.com/web-help-app/Astra/index.html
Figure 548
41.2 Astra Cloud Security Screen
Security Service Astra Cloud Security
Learn More
https://console.astra.cloud.zyxel.com
Figure 549
C
HAPTER
42
Object
42.1 The Device Insight Screen
Configuration Security Policy Policy Control.
Device Insight
Device Insight
Policy Control
Configuration Object Device Insight
Figure 550
42.1.1 Device Insight Add/Edit Screen
Device Insight Add/Edit
Configuration Object Device Insight Add/Edit
LABEL DESCRIPTION
Edit
Remove
References
Figure 551
42.1.2 Example: Block a Profile
LAN2_To_LAN1
LABEL DESCRIPTION
Object Device Insight Add
OK
Configuration Security Policy Policy Control Add
LAN2_To_LAN1
PROFILE NAME DESCRIPTION CATEGORY
OPERATING
SYSTEM
APPLIED POLICY
TO FROM ACTION DEVICE INSIGHT PROFILE
Add Policy From To
Action deny OK
Device
42.2 Zones Overview
Figure 552
Zone
42.2.1 What You Need to Know
Intra-zone Traffic
Inter-zone Traffic
Extra-zone Traffic
C
Any All
42.2.2 The Zone Screen
Zone
Configuration > Object > Zone
Figure 553
42.2.2.1 Zone Edit
Zone Edit Zone
Add Edit
LABEL DESCRIPTION
System Default
User Configuration
Edit
Remove
References
Figure 554
42.3 User/Group Overview
User
Group
Setting
LABEL DESCRIPTION
_
Available
Member
OK
Cancel
MAC Address
42.3.1 What You Need To Know
User Account
User Types
admin
Ext-User Accounts
ext-user
ext-user
ext-user
ext-user
ext-user
TYPE ABILITIES LOGIN METHOD(S)
ext-user
User
ad-users ldap-users radius-users
Ext-Group-User Accounts
Ext-Group-User
Dynamic-Guest Accounts
billing-users ua-users trial-users
billing-users
ua-users
trial-users
User Groups
admin
User Awareness
Finding Out More
42.3.2 User/Group User Summary Screen
User
Configuration > Object > User/Group
Figure 555
LABEL DESCRIPTION
Edit
Remove
References
42.3.3 User Add/Edit General Screen
User Add/Edit General
42.3.3.1 Rules for User Names
-
limited-admin
dynamic-guest
user
guest
ext-user
ext-group-user
guest-manager
Account Generator
LABEL DESCRIPTION
User Add
Edit
Figure 556
Figure 557
LABEL DESCRIPTION
_
Local Administrator
limited-admin
user
guest
ext-user
ext-group-user
ext-user ext-group-user
Enable
Password Complexity Configuration > Object > User/Group > Setting
ext-user ext-group-user
ext-group-user
Group Membership Attribute
ext-group-user
admin limited-admin
Figure 558
Figure 559
Use Default Settings
Use Manual Settings
LABEL DESCRIPTION
42.3.4 User Add/Edit Two-factor Authentication Screen
User Add/Edit Two-factor Authentication
Use Default Settings Authentication Timeout Settings
Use Manual Settings
Renew
Use Default Settings Authentication Timeout Settings
Use Manual Settings
Lease Time
ext-group-user
ext-group-user
User Name Test
OK
Cancel
Save
Two-factor Authentication
LABEL DESCRIPTION
ACCESS TYPE TWO-FACTOR AUTHENTICATION METHODS FACTOR 2 PASSWORD
Object > Auth. Method > Two-
factor Authentication > VPN Access Object > Auth. Method > Two-factor Authentication > Admin
Access.
Object > User/Group > User Add Edit
Figure 560
ACCESS TYPE TWO-FACTOR AUTHENTICATION METHODS FACTOR 2 PASSWORD
Figure 561
LABEL DESCRIPTION
Object Auth. Method Two-factor Authentication VPN Access
Object Auth. Method Two-factor
Authentication Admin Access
Default User Defined PIN code by SMS/Email Google
Authenticator
Google Authenticator
Scan Barcode
Verify your device
Download
42.3.5 User/Group Group Summary Screen
Group
Configuration >
Object > User/Group > Group
Figure 562
42.3.5.1 Group Add/Edit Screen
Group Add/Edit
Group Add
Edit
Regenerate backup codes
Admin
Access
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
Edit
Remove
References
Figure 563
42.3.6 User/Group Setting Screen
Setting
Configuration > Object > User/Group >
Setting
LABEL DESCRIPTION
_
Member
Available
Member
Available
OK
Cancel
Figure 564
LABEL DESCRIPTION
Edit
admin
limited-admin
user
guest
ext-user
ext-group-user
Renew
Lease Time
Updating lease time automatically
User idle
timeout
Enable user idle detection
Default
Custom
LABEL DESCRIPTION
42.3.6.1 Default User Authentication Timeout Settings Edit Screens
Default Authentication Timeout Settings Edit
Configuration > Object > User/Group > Setting
Default Authentication Timeout Settings Edit
Figure 565
Limit ... for administration account
Limit ... for access account
Enable logon retry limit
lockout period
Enable logon retry limit
logon retry limit
maximum retry count
Apply
Reset
LABEL DESCRIPTION
42.3.6.2 User Aware Login Example
LABEL DESCRIPTION
admin
limited-admin
dynamic-guest
user
guest
ext-user
ext-group-user
guest-manager
Account Generator
Renew
Lease Time
OK
Cancel
Figure 566
42.3.7 User/Group MAC Address Summary Screen
Configuration > Object > User/Group > MAC
Address
LABEL DESCRIPTION
User-defined lease time
Lease time User Add/Edit
Lease time Setting
Allow renewing lease time automatically
Setting
Renew
Figure 567
42.3.7.1 MAC Address Add/Edit Screen
MAC Address Add Edit
Figure 568
LABEL DESCRIPTION
Edit
Remove
LABEL DESCRIPTION
OK
Cancel
42.3.8 User /Group Technical Reference
Setting up User Attributes in an External Server
Creating a Large Number of Ext-User Accounts
Ext-User
KEYWORD CORRESPONDING ATTRIBUTE IN WEB CONFIGURATOR
User Type
Lease Time
Reauthentication Time
Figure 569
type: admin
leaseTime: 99
reauthTime: 199
Figure 570
type=user;leaseTime=222;reauthTime=222
Built-in System Accounts
42.4 AP Profile Overview
Radio
SSID
42.4.0.1 What You Need To Know
Configuration > Device
HA> Device HA Pro >
Password
device-ha2 sync
password <password>
Wireless Profiles
Radio
SSID
Security
MAC Filtering
SSID
WEP
WPA and WPA2
IEEE 802.1x
WiFi6 / IEEE 802.11ax
42.4.1 Radio Screen
Configuration > Object > AP Profile
Figure 571
WIFI STANDARD MAXIMUM LINK RATE BAND SIMULTANEOUS CONNECTIONS
LABEL DESCRIPTION
Activate
Inactivate
42.4.1.1 Add/Edit Radio Profile
Add
Edit
Figure 572
Apply
Reset
LABEL DESCRIPTION
LABEL DESCRIPTION
Advanced Settings
802.11 Band
11b/g
11n
802.11 Band
11a
11a/n
11ac
11ax
11ac
11a/n
20/40MHz 20/
40/80MHz
20MHz
DCS
Manual
802.11 Band 5G Channel Selection DCS
Channel Selection DCS
Channel Selection DCS
auto
2.4 GHz Channel
Deployment
manual
Channel Selection DCS 2.4 GHz Channel
Selection Method manual
Channel Selection DCS 2.4 GHz Channel
Selection Method auto
Three-Channel Deployment
Four-Channel Deployment
Channel Selection DCS
LABEL DESCRIPTION
Channel Selection DCS 2.4 GHz Channel
Selection Method manual
11a 11a/n 11ac 802.11 Band
auto
802.11 Band 5G 802.11 Mode 11n
11ac
Short Long
LABEL DESCRIPTION
802.11 Band 5G Channel Selection DCS
LABEL DESCRIPTION
42.4.2 SSID Screen
42.4.2.1 SSID List
Configuration > Object > AP Profile > SSID
Multicast to Unicast
Fixed Multicast Rate
OK
Cancel
LABEL DESCRIPTION
Figure 573
LABEL DESCRIPTION
42.4.2.2 Add/Edit SSID Profile
Add Edit
Figure 574
LABEL DESCRIPTION
Create new Object
Create new Object
disable
disable
WMM
WMM_VOICE
WMM_VIDEO
WMM_BEST_EFFORT
WMM_BACKGROUND
standard
disable
Band Select
Band Select
Tunnel Local bridge
Network > Interface > VLAN > Add
lan1 lan2
Network > Interface > Bridge
Local Bridge
LABEL DESCRIPTION
42.4.2.3 Security List
Configuration > Object > AP Profile > SSID > Security List
Figure 575
Tunnel
OK
Cancel
LABEL DESCRIPTION
42.4.2.4 Add/Edit Security Profile
Add Edit
Security Mode
Figure 576
LABEL DESCRIPTION
LABEL DESCRIPTION
open enhanced open wep wpa2 wpa2-mix, wpa3
upper lower
Figure 577
upper lower
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
open enhanced open wep wpa2 wpa2-mix, wpa3
Security Mode
wpa3 enhanced-open wpa3
enhanced-open wpa2 none
Security Mode wpa3 Management Frame Protection
Optional Security Mode enhanced-open Management Frame
Protection Required
Figure 578
upper lower
upper lower
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
open enhanced open wep wpa2 wpa2-mix, wpa3
Open Share
WEP-64
Key
Key
WEP-128
Key
Key
Key Length
upper lower
upper lower
OK
Cancel
LABEL DESCRIPTION
Figure 579
LABEL DESCRIPTION
open enhanced open wep wpa2 wpa2-mix, wpa3
wpa2 wpa2-mix wpa3
auto
aes
wpa2 Security Mode Cipher
Type aes
Optional
Required
upper lower
upper lower
OK
Cancel
LABEL DESCRIPTION
Figure 580
LABEL DESCRIPTION
open enhanced open wep wpa2 wpa2-mix, wpa3
wpa2 wpa2-mix wpa3
Security Mode
wpa3 enhanced-open wpa3
enhanced-open wpa2 none
Security Mode wpa3 Management Frame Protection
Optional Security Mode enhanced-open Management Frame
Protection Required
wpa2 Security Mode Cipher
Type aes
Optional
Required
LABEL DESCRIPTION
42.4.2.5 MAC Filter List
Configuration > Object > AP Profile > SSID > MAC Filter List
Figure 581
upper lower
upper lower
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
42.4.2.6 Add/Edit MAC Filter Profile
Add Edit
Figure 582
42.5 MON Profile
42.5.1 Overview
Rogue AP
LABEL DESCRIPTION
allow
deny
OK
Cancel
MON Profile
42.5.1.1 What You Need To Know
Active Scan
Passive Scan
42.5.2 Configuring MON Profile
Configuration > Object > MON Profile
Figure 583
LABEL DESCRIPTION
Activate
Inactivate
42.5.3 Add/Edit MON Profile
Add Edit
Figure 584
Apply
Reset
LABEL DESCRIPTION
LABEL DESCRIPTION
42.5.4 Technical Reference
Rogue APs
auto Channel dwell
time
manual
Channel dwell time Scan Channel List
Available channels Channels selected
Scan Channel Mode
Available channels Channels selected
Scan Channel Mode
OK
Cancel
LABEL DESCRIPTION
Figure 585
RG
A
B
X
C
Friendly APs
42.6 ZyMesh Overview
Configuration > Wireless >
AP Management
1 2 A B C
42.6.1 ZyMesh Profile
Configuration > Object > ZyMesh Profile
Figure 586
LABEL DESCRIPTION
ZyMesh Provision Group ZyMesh
Provision Group
42.6.2 Add/Edit ZyMesh Profile
Add Edit
Figure 587
42.7 Address/Geo IP Overview
Address
Address Add/Edit
Address Group Address Group Add/
Edit
Geo IP
LABEL DESCRIPTION
LABEL DESCRIPTION
OK
Cancel
42.7.1 What You Need To Know
42.7.2 Address Summary Screen
HOST IP Address to define a
RANGE Starting IP Address Ending IP Address
SUBNET Network Netmask
INTERFACE IP
INTERFACE SUBNET
INTERFACE GATEWAY
GEOGRAPHY
FQDN
Address
Configuration > Object Address > Address
HTTP:// WWW. ZYXEL. COM
FQDN
Figure 588
LABEL DESCRIPTION
Edit
Remove
References
INTERFACE
42.7.2.1 IPv4 Address Add/Edit Screen
Configuration > Object > Address/GeoIP > Address > Add/Edit (IPv4)
Address
Add Edit IPv4 Address Configuration
Figure 589
Edit
Remove
References
INTERFACE
LABEL DESCRIPTION
LABEL DESCRIPTION
_
Address Type HOST
Address Type RANGE
42.7.2.2 IPv6 Address Add/Edit Screen
Configuration > Object > Address/GeoIP > Address > Add/Edit (IPv6)
Address
Add Edit IPv6 Address Configuration
Figure 590
Address Type RANGE
Address Type SUBNET
Address Type SUBNET
INTERFACE IP INTERFACE SUBNET INTERFACE GATEWAY Address Type
GEOGRAPHY Address Type
GEOGRAPHY
Configuration Object Address/Geo IP Geo IP
GEOGRAPHY
Geography Address Type
FQDN Address Type
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
_
Address Type HOST
42.7.3 Address Group Summary Screen
Address Group
Configuration > Object Address/Geo IP > Address Group
Figure 591
Address Type RANGE
Address Type RANGE
Address Type SUBNET
INTERFACE IP INTERFACE SUBNET INTERFACE GATEWAY Address Type
LINK LOCAL
STATIC SLAAC
DHCPv6
Geography Address Type
FQDN Address Type
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
Edit
Remove
References
42.7.3.1 Address Group Add/Edit Screen
Address Group Add/Edit
Address Group
Add Edit IPv4 Address Group Configuration IPv6 Address Group
Configuration
Figure 592
Edit
Remove
References
LABEL DESCRIPTION
LABEL DESCRIPTION
_
42.7.4 Geo IP Summary Screen
Member
Available
Member
Available
OK
Cancel
LABEL DESCRIPTION
Figure 593
42.7.4.1 Add Custom IPv4/IPv6 Address to Geography Screen
Geo IP Add Custom IPv4 to
Geography Rules Custom IPv6 to Geography Rules
LABEL DESCRIPTION
Apply
Remove
HOST RANGE SUBNET.
Region to Continent
Region List
Apply
Reset
Figure 594
42.8 Service Overview
Service
Service Group
42.8.1 What You Need to Know
IP Protocols
LABEL DESCRIPTION
HOST RANGE SUBNET
Address Type HOST
Address Type RANGE
Address Type RANGE
Address Type SUBNET
Address Type SUBNET
OK
Cancel
Service Objects and Service Groups
42.8.2 The Service Summary Screen
Service
Configuration > Object > Service >
Service
Figure 595
42.8.2.1 The Service Add/Edit Screen
Service Add/Edit
Service Add
Edit
Figure 596
LABEL DESCRIPTION
Edit
Remove
References
42.8.3 The Service Group Summary Screen
Service Group
HTTP HTTPS, SSH, TELNET
Object > Service > Service Group > Default_Allow_WAN_To_ZyWALL
WAN_to_Device
Configuration > Object Service
Service Group
Figure 597
LABEL DESCRIPTION
_
TCP UDP ICMP ICMPv6 User Defined
IP Protocol TCP UDP
IP Protocol ICMP ICMPv6
IP Protocol User Defined
OK
Cancel
42.8.3.1 The Service Group Add/Edit Screen
Service Group Add/Edit
Service Group
Add Edit
Figure 598
LABEL DESCRIPTION
Edit
Remove
References
Service Group Add/Edit
42.9 Schedule Overview
Schedule
One-Time Schedule Add/Edit
Recurring Schedule Add/Edit
42.9.1 What You Need to Know
One-time Schedules
LABEL DESCRIPTION
_
Member
Available
Member
Available
OK
Cancel
Recurring Schedules
42.9.2 The Schedule Screen
Schedule
Configuration > Object Schedule
Figure 599
LABEL DESCRIPTION
Edit
Remove
References
Edit
Remove
References
42.9.2.1 The One-Time Schedule Add/Edit Screen
One-Time Schedule Add/Edit
Schedule
Add Edit One Time
Figure 600
LABEL DESCRIPTION
LABEL DESCRIPTION
_
Year
Month
Day
Hour
Minute
Year
Month
Day
42.9.2.2 The Recurring Schedule Add/Edit Screen
Recurring Schedule Add/Edit
Schedule
Add Edit Recurring
Figure 601
Year Month Day
Hour
Minute
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
_
Hour
Minute
Hour
Minute
42.9.3 The Schedule Group Screen
Schedule Group
Configuration > Object Schedule >Group
Figure 602
42.9.3.1 The Schedule Group Add/Edit Screen
Schedule Group Add/Edit
Schedule Add Edit
Schedule Group
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
Edit
Remove
References
Figure 603
42.10 AAA Server Overview
AAA Server
LABEL DESCRIPTION
_
Member
Available
Member
Available
OK
Cancel
42.10.1 Directory Service (AD/LDAP)
Figure 604
42.10.2 RADIUS Server
Figure 605
42.10.3 ASAS
Configuration > Object > AAA Server
Configuration > Object > AAA Server > Active Directory LDAP
Configuration > Object > AAA Server > RADIUS
42.10.4 What You Need To Know
AAA Servers Supported by the Zyxel Device
Directory Structure
Figure 606
Distinguished Name (DN)
cn=domain1.com ou=Sales, o=MyCompany
cn=domain1.com, ou = Sales, o=MyCompany, c=US
cn=domain1.com, ou = Sales, o=MyCompany, c=JP
Base DN
o=MyCompany c=UK o
c
Bind DN
cn=zywallAdmin
zywallAdmin
42.10.5 Active Directory or LDAP Server Summary
Active Directory LDAP
Configuration > Object > AAA Server > Active Directory LDAP Active Directory
LDAP
Figure 607
42.10.5.1 Adding an Active Directory or LDAP Server
Object > AAA Server > Active Directory LDAP Active Directory LDAP
Add Edit
LABEL DESCRIPTION
Edit
Remove
References
o=Zyxel, c=US
Figure 608
LABEL DESCRIPTION
o=Zyxel,
c=US
LDAP
Use SSL
cn=zywallAdmin zywallAdmin
ext-group-user
ext-group-user
Enable
Active Directory
Active Directory
Active Directory
Active Directory
Active Directory
LABEL DESCRIPTION
42.10.6 RADIUS Server Summary
RADIUS
Configuration > Object > AAA Server > RADIUS RADIUS
Figure 609
42.10.6.1 Adding a RADIUS Server
Configuration > Object > AAA Server > RADIUS RADIUS Add
Edit
Username Test
OK
Cancel
LABEL DESCRIPTION
LABEL DESCRIPTION
Edit
Remove
References
Figure 610
LABEL DESCRIPTION
LABEL DESCRIPTION
42.11 Auth. Method Overview
Configuration > Object > Auth. Method
Configuration > Object > Auth. Method > Two-Factor Authentication
42.11.1 Before You Begin
42.11.2 Example: Selecting a VPN Authentication Method
Auth. Method VPN
Gateway
Configuration > VPN > IPSec VPN > VPN Gateway Edit
Show Advance Setting Enable Extended Authentication
Server Mode
OK
ext-group-user
ext-group-user
OK
Cancel
LABEL DESCRIPTION
Figure 611
42.11.3 Authentication Method Objects
Configuration > Object > Auth. Method
Figure 612
42.11.3.1 Creating an Authentication Method Object
LABEL DESCRIPTION
Edit
Remove
References
Configuration > Object > Auth. Method
Add
Name
Add
Method List
Method List
OK Cancel
Figure 613
LABEL DESCRIPTION
Add
Edit
Remove
42.11.4 Two-Factor Authentication
42.11.4.1 Overview
Move
AAA
Server
OK
Cancel
LABEL DESCRIPTION
Figure 614
VPN Access Via a VPN tunnel
Valid Time
Admin Access Via the Web Configurator, SSH, or Telnet
Valid Time
42.11.4.2 Pre-configuration
Object > User/Group > User > Edit > Two-factor Authentication
Object > Auth. Method > Two-factor Authentication
HTTP HTTPS System > WWW > Service Control
SSH Telnet System > SSH System > TELNET
HTTP HTTPS, SSH, TELNET Object > Service > Service Group >
Default_Allow_WAN_To_ZyWALL
WAN_to_Device
Email Authentication
Mail Server System > Notification > Mail Server.
SMS Authentication
Mail Server System > Notification > Mail Server.
SMS System > Notification > SMS.
Google Authentication
System > Notification > SMS
System > Notification > Mail Server
Valid Time Configuration > Object > Auth. Method > Two-factor
Authentication > VPN Access
Google Authenticator Settings
42.11.5 Two-Factor Authentication VPN Access
Configuration > Object > Auth. Method > Two-factor Authentication > VPN Access
Figure 615
LABEL DESCRIPTION
42.11.6 Two-Factor Authentication Admin Access
Web SSH TELNET
Selectable User/Group Objects
Selected User/Group Objects
Selectable User/Group Objects
Object > User/Group > User
Object > User/Group > User
Configuration Object User/Group User Add Two-factor Authentication
http https HTTP HTTPS System > WWW > Service Control
From Interface User-Defined: wan1 2
User-Defined
Use
Multilingual file
Download the default 2FA-msg.txt example
Restore Customized File to Default
Select a File Path
Upload
Apply
Reset
LABEL DESCRIPTION
Configuration > Object > Auth. Method > Two-factor Authentication > Admin Access
Figure 616
42.12 Certificate Overview
LABEL DESCRIPTION
All
SMS Object > User/Group > User
Email Object > User/Group > User
Apply
Reset
My Certificates
Trusted Certificates
42.12.1 What You Need to Know
Advantages of Certificates
Self-signed Certificates
Factory Default Certificate
Certificate File Formats
42.12.2 Verifying a Certificate
Figure 617
Certificate Details
Thumbprint Algorithm Thumbprint
Figure 618
Thumbprint
Algorithm Thumbprint
42.12.3 The My Certificates Screen
Configuration > Object > Certificate > My Certificates My Certificates
Figure 619
LABEL DESCRIPTION
Edit
Remove
References
Figure 620
Mail Subject
Mail To
Send Certificate with Private Key
Password
E-mail Content
Compress as a ZIP File
Send Email
Cancel
Figure 621
LABEL DESCRIPTION
42.12.3.1 The My Certificates Add Screen
Configuration > Object > Certificate > My Certificates Add My
Certificates Add
REQ
My Certificate
Import
SELF
CERT
Subject
Import
Refresh
LABEL DESCRIPTION
Figure 622
LABEL DESCRIPTION
Host IP Address Host IPv6
Address Host Domain Name E-Mail
My Certificate Create
Return
My Certificate Create Return My Certificate Create
42.12.3.2 The My Certificates Edit Screen
Configuration > Object > Certificate > My Certificates Edit My
Certificate Edit
My Certificate Details
My Certificate Details
OK
Cancel My Certificates
LABEL DESCRIPTION
Figure 623
LABEL DESCRIPTION
Refresh
Refresh
Subject Name
LABEL DESCRIPTION
42.12.3.3 The My Certificates Import Screen
Configuration > Object > Certificate > My Certificates > Import My Certificate Import
My Certificates
Figure 624
Save File Download Save As
Save
Save File Download Save As
Save
OK
Cancel My Certificates
LABEL DESCRIPTION
42.12.4 The Trusted Certificates Screen
Configuration > Object > Certificate > Trusted Certificates Trusted Certificates
Figure 625
LABEL DESCRIPTION
Browse
Browse
OK
Cancel My Certificates
LABEL DESCRIPTION
Edit
Remove
References
42.12.4.1 The Trusted Certificates Edit Screen
Configuration > Object > Certificate > Trusted Certificates Edit
Trusted Certificates Edit
Subject
Import
LABEL DESCRIPTION
Figure 626
LABEL DESCRIPTION
Refresh
Refresh
LDAP Server
OCSP Server
Subject Name
42.12.4.2 The Trusted Certificates Import Screen
Configuration > Object > Certificate > Trusted Certificates > Import Trusted Certificates
Import
Save File Download Save As
Save
OK
Cancel Trusted Certificates
LABEL DESCRIPTION
Figure 627
42.12.5 Certificates Technical Reference
OCSP
42.13 ISP Account Overview
Object ISP Account
42.13.1 ISP Account Summary
Configuration > Object ISP Account
LABEL DESCRIPTION
Browse
Browse
OK
Cancel
Figure 628
42.13.1.1 ISP Account Add/Edit
ISP Account Add/Edit
ISP Account
Add Edit ISP Account Edit
LABEL DESCRIPTION
Edit
Remove
References
Figure 629
LABEL DESCRIPTION
_
pppoe
pptp
l2tp
CHAP/PAP
Chap
PAP
MSCHAP
MSCHAP-V2
PPTP
nomppe
mppe-40
mppe-128
42.14 DHCPv6 Overview
Request
Lease
42.14.1 The DHCPv6 Request Screen
Request
Configuration > Object > DHCPv6 > Request
Figure 630
PPTP
On Off
OK
ISP Account
ISP Account Edit
Cancel ISP Account
LABEL DESCRIPTION
42.14.1.1 DHCPv6 Request Add/Edit Screen
Request Add/Edit
Request
Add Edit
Figure 631
LABEL DESCRIPTION
Edit
Remove
References
LABEL DESCRIPTION
_
Prefix Delegation DNS
Server NTP Server SIP Server
OK
Cancel
42.14.2 The DHCPv6 Lease Screen
Lease
Configuration > Object > DHCPv6 > Lease
Figure 632
42.14.2.1 DHCPv6 Lease Add/Edit Screen
Lease Add/Edit
Lease
Add Edit
Figure 633
LABEL DESCRIPTION
Edit
Remove
References
LABEL DESCRIPTION
_
Prefix Delegation DNS
Server Address Address Pool NTP Server SIP Server
Prefix Delegation Address Lease Type field
Address Lease Type
Prefix Delegation Address Lease Type field
DNS Server Lease Type field User Defined
DNS Server User Defined Address
Address Pool Lease Type field
Address Pool Lease Type field
NTP Server Lease Type field User Defined
NTP Server User Defined Address
SIP Server Lease Type field User Defined
SIP User Defined Address
DNS Server NTP Server SIP Server
OK
Cancel
C
HAPTER
43
Device HA
43.1 Device HA Overview
B
A
Figure 634
43.1.1 What You Can Do in These Screens
Device HA Status
Device HA Pro
View Log
43.2 Device HA Status
Configuration > Device HA > Device HA Status
Figure 635
LABEL DESCRIPTION
Off On
n/a
No Progress, Fail Abort Success In Progress.
Off On
n/a
No Progress, Fail Abort Success In Progress.
43.3 Device HA Pro
Active and Passive Devices
A
B
B
Figure 636
Activated
Not Activated Expired
Expired Not Licensed
Buy
Standard Renew
Activate
Apply
Reset
LABEL DESCRIPTION
43.3.1 Deploying Device HA Pro
Licensing > Registration > Service
Device HA > General
System > FTP
43.3.2 Configuring Device HA Pro
Configuration > Device HA > Device HA Pro
Figure 637
LABEL DESCRIPTION
43.4 View Log
Configuration > Device HA > View Log
Available Interfaces
Monitor Interface
Monitor Interface
Available Interfaces
Apply
Reset
LABEL DESCRIPTION
Figure 638
LABEL DESCRIPTION
Refresh
C
HAPTER
44
Mgmt. & Analytics
44.1 Mgmt. & Analytics Overview
CNM ID
Nebula
44.1.1 What You Can Do in this Chapter
Mgmt. & Analytics > SecuManager
Mgmt. & Analytics > SecuReporter
Mgmt. & Analytics > Nebula
44.2 Cloud CNM SecuManager
Figure 639
Configuration > Cloud CNM > SecuManager
Figure 640
LABEL DESCRIPTION
CNM ID
CNM ID CNM URL
Auto
CNM ID
CNM URL
CNM ID 1.1.1.1:7547/
V6ABQNTPYG 1.1.1.1:7549/V6ABQNTPYG CNM URL
HTTP HTTPS CNM URL
HTTPS Transfer Protocol
CNM URL HTTP
Transfer Protocol
44.3 Cloud CNM SecuReporter
Apply
Reset
LABEL DESCRIPTION
Figure 641
How to activate and enable SecuReporter
Service Status Activated Configuration Cloud CNM SecuReporter
Configuration > Licensing > Registration > Service
Figure 642
Configuration Cloud CNM SecuReporter
Enable SecuReporter
Apply
How to add this Zyxel Device to SecuReporter
Settings Organization & Devices Add
Organization Unclaimed Device
SecuReporter Banner
Figure 643
Continue
Server Status
Connected
Timeout
Fail
Device Name
Organization
Select from existing organization
Create new organization
Partially Anonymous
Fully Anonymous
Non-Anonymous
Figure 644
Configuration Cloud CNM SecuReporter
Figure 645
LABEL DESCRIPTION
Standard
Trial
Activated Not
Activated Expired
Expired Not Licensed
Trial
Standard
Apply
Reset
44.4 Nebula
44.4.1 Scenario A-Native Mode
Nebula Internet
Access
Test
Apply & Go To Nebula
Apply & Go to Nebula
Configuration Mgmt. & Analytics Nebula
Figure 646
LABEL DESCRIPTION
P2 P3 Port 2 Port 3
44.4.2 Scenario B-Zero Touch Provisioning (ZTP)
Inactive
Down
Speed/Duplex
Full Halt
Up
Down
Connected
Disconnected
Static
Dynamic
DHCP Client
Test
LABEL DESCRIPTION
Figure 647
C
HAPTER
45
System
45.1 Overview
45.1.1 What You Can Do in this Chapter
System > Host Name
System > USB Storage
System > Date/Time
System > Console Speed
System > DNS
System > WWW
System > SSH
System > TELNET
System > FTP
System > SNMP
Auth. Server
Notification > Mail Server
Notification > SMS
Notification > Response Message
System > Language
System > IPv6
System > ZON
45.2 Host Name
Configuration > System
> Host Name Host Name
Figure 648
45.3 USB Storage
LABEL DESCRIPTION
Apply
Reset
Configuration > System > USB Storage
Figure 649
45.4 Date and Time
Configuration >
System > Date/Time
LABEL DESCRIPTION
MB %
Apply
Reset
Figure 650
LABEL DESCRIPTION
Apply
Time and Date Setup Manual
Apply
Time and Date Setup Manual
Apply
Apply Synchronize Now
Time Server Address
Enable Daylight
Saving at
Second Sunday March at
Last Sunday March
at
Enable Daylight
Saving at
First Sunday November at
Last Sunday October
at
LABEL DESCRIPTION
45.4.1 Pre-defined NTP Time Servers List
45.4.2 Time Server Synchronization
Synchronize Now
Time Server Address
Loading
Figure 651
Current Time Current Date
View Log
Date/Time
System > Date/Time
Manual Time and Date Setup
Apply
Reset
LABEL DESCRIPTION
New Time
New Date
Time Zone Setup Time Zone
Enable Daylight Saving
Apply
System > Date/Time
Get from Time Server Time and Date Setup
Time Zone Setup Time Zone
Enable Daylight Saving
Time and Date Setup Time Server Address
Apply
45.5 Console Port Speed
Configuration > System > Console Speed Console Speed
Figure 652
45.6 DNS Overview
45.6.1 DNS Server Address Assignment
45.6.2 Configuring the DNS Screen
Configuration > System > DNS DNS
Network > Interface
LABEL DESCRIPTION
Console Port Speed
Console Status
Apply
Reset
Security Option Control Configuration > System > DNS Show
Advanced Settings
Figure 653
LABEL DESCRIPTION
Edit
Remove
Add
Edit
Remove
Move
User-Defined
N/A
tunnel
Edit
Remove
Show Advanced Settings
Default Customize
allow deny
Query Recursion Additional Info from Cache
Customize
Default
Customize
Object > Address
Add
Edit
Remove
Move
LABEL DESCRIPTION
45.6.3 (IPv6) Address Record
45.6.4 PTR Record
45.6.5 Adding an (IPv6) Address/PTR Record
Add Address/PTR Record IPv6 Address/PTR Record
Figure 654
Accept Deny
LABEL DESCRIPTION
45.6.6 CNAME Record
45.6.7 Adding a CNAME Record
Figure 655
LABEL DESCRIPTION
OK
Cancel
45.6.8 Domain Zone Forwarder
45.6.9 Adding a Domain Zone Forwarder
Add Domain Zone Forwarder
Figure 656
LABEL DESCRIPTION
OK
Cancel
45.6.10 MX Record
45.6.11 Adding a MX Record
Add MX Record
Figure 657
LABEL DESCRIPTION
DNS Server(s) from ISP
N/A
Public DNS Server
Query via
Private DNS Server
OK
Cancel
45.6.12 Security Option Control
Security Option Control Configuration > System > DNS Show
Advanced Settings
Query Recursion Additional Info from Cache
Query Recursion Additional Info from Cache
45.6.13 Editing a Security Option Control
Edit allow deny Query Recursion
Additional Info from Cache
Figure 658
LABEL DESCRIPTION
OK
Cancel
45.6.14 Adding a DNS Service Control Rule
Add Service Control
Figure 659
LABEL DESCRIPTION
Default
Object > Address
> Member
OK
Cancel
LABEL DESCRIPTION
ALL
ALL
45.7 WWW Overview
Enable
45.7.1 Service Access Limitations
Service Control
Service Control
Deny
45.7.2 System Timeout
User/Group
45.7.3 HTTPS
Accept
Deny
OK
Cancel
LABEL DESCRIPTION
Authenticate Client Certificates WWW Authenticate Client Certificates
Figure 660
HTTP WWW
45.7.4 Configuring WWW Service Control
Configuration > System > WWW WWW
Admin Service Control User Service Control
System WWW Service Control HTTPS User Service
VPN SSL VPN Global Setting
HTTPS User Service Control
Figure 661
LABEL DESCRIPTION
Admin Service Control User Service Control
8443
Authenticate Client Certificates
My Certificates
Admin Service Control
User Service Control
Add
Edit
Remove
Move
Zone Accept Deny
Admin Service Control User Service Control
Admin Service Control
User Service Control
LABEL DESCRIPTION
45.7.5 Service Control Rules
Add Edit Service Control WWW SSH Telnet FTP SNMP
Figure 662
Add
Edit
Remove
Move
Zone Accept Deny
Object > Auth. method
Apply
Reset
LABEL DESCRIPTION
45.7.6 Customizing the WWW Login Page
Configuration > System > WWW > Login Page Login Page
LABEL DESCRIPTION
ALL
ALL
Accept
Deny
OK
Cancel
Figure 663
Figure 664
Figure 665
Figure 666
Color
Apply
LABEL DESCRIPTION
Browse
Upload
Picture
Browse
Color
Picture
Browse
Color
45.7.7 HTTPS Example
45.7.7.1 Internet Explorer Warning Messages
Figure 667
Continue to this website Click
here to close this web page
45.7.7.2 Mozilla Firefox Warning Messages
The Connection is Untrusted
Technical Details
I Understand the Risks Add Exception
Confirm Security Exception
Apply
Reset
LABEL DESCRIPTION
Figure 668
Figure 669
45.7.7.3 Avoiding Browser Warning Messages
45.7.7.4 Login Screen
Figure 670
45.7.7.5 Enrolling and Importing SSL Client Certificates
Authenticate Client Certificates
Authenticate Client
Certificates
Trusted CA
Figure 671
45.7.7.5.1 Installing the CA’s Certificate
Figure 672
Install Certificate
45.7.7.5.2 Installing Your Personal Certificate(s)
Next
Figure 673
File
name Browse
Figure 674
Figure 675
Place all
certificates in the following store
Figure 676
Finish
Figure 677
Figure 678
45.7.7.6 Using a Certificate When Accessing the Zyxel Device Example
Figure 679
Authenticate Client Certificates
Figure 680
Figure 681
45.8 SSH
A
SSH Object > Service >
Service Group > Default_Allow_WAN_To_ZyWALL
WAN_to_Device
Figure 682
45.8.1 SSH Implementation on the Zyxel Device
45.8.2 Requirements for Using SSH
45.8.3 Configuring SSH
Configuration > System > SSH
Figure 683
45.8.4 Service Control Rules
Add Edit Service Control
Figure 684
LABEL DESCRIPTION
Service Control
My
Certificates
Add
Edit
Remove
Move
Zone Accept Deny
Apply
Reset
45.8.5 SSH Example
LABEL DESCRIPTION
ALL
ALL
Accept
Deny
OK
Cancel
45.9 Telnet
45.9.1 Configuring Telnet
Configuration > System > TELNET
Telnet Object > Service >
Service Group > Default_Allow_WAN_To_ZyWALL
WAN_to_Device
login as: admin
Using keyboard-interactive authentication.
Password:
% session is not found
Bad terminal type: "xterm". Will assume vt100.
Router> enable
Router#
Figure 685
LABEL DESCRIPTION
Service Control
Add
Edit
Remove
Move
Zone Accept Deny
Apply
Reset
45.9.2 Service Control Rules
Add Edit Service Control
Figure 686
45.10 FTP
45.10.1 Configuring FTP
Configuration > System > FTP
LABEL DESCRIPTION
ALL
ALL
Accept
Deny
OK
Cancel
Figure 687
LABEL DESCRIPTION
Service Control
My Certificates
Add
Edit
Remove
Move
Zone Accept Deny
45.10.2 Service Control Rules
Add Edit Service Control
Figure 688
45.11 SNMP
Apply
Reset
LABEL DESCRIPTION
LABEL DESCRIPTION
ALL
ALL
Accept
Deny
OK
Cancel
Figure 689
45.11.1 SNMPv3 and Security
45.11.2 Supported MIBs
45.11.3 SNMP Traps
45.11.4 Configuring SNMP
Configuration > System > SNMP
OBJECT LABEL OBJECT ID DESCRIPTION
Figure 690
LABEL DESCRIPTION
Service Control
Get Community
Set community
45.11.5 Add SNMPv3 User
Add Configuration > System > SNMP
Add
Edit
Remove
MD5 SHA
DES
AES
Read-Write
Read-Only
Add
Edit
Remove
Move
Zone Accept Deny
Apply
Reset
LABEL DESCRIPTION
Figure 691
45.11.6 Service Control Rules
Add Edit Service Control
Figure 692
LABEL DESCRIPTION
MD5 SHA
DES
AES
Read-Write
Read-Only
OK
Cancel
45.12 Authentication Server
Configuration > System > Auth. Server
Figure 693
LABEL DESCRIPTION
ALL
ALL
Accept
Deny
OK
Cancel
45.12.1 Add/Edit Trusted RADIUS Client
Configuration > System > Auth. Server Auth. Server Add
Edit
LABEL DESCRIPTION
My Certificates
Configuration > Object > Auth.
Method
Add
Edit
Remove
Activate
Inactivate
Apply
Reset
Figure 694
45.13 Notification > Mail Server
Maintenance > Diagnostics > Network Tool Test Email Server Configuration > Log &
Report > Email Daily Report
Configuration > System > Notification Mail Server
LABEL DESCRIPTION
OK
Cancel
Figure 695
LABEL DESCRIPTION
Configuration > Log & Report > Email Daily Report
Append system name
Append date time
SMTP Authentication
SMTP Authentication
Apply
Reset
45.14 Notification > SMS
Configuration > System > Notification > SMS
Figure 696
LABEL DESCRIPTION
Email-to-SMS Provider
Configuration System Notification Mail Server
auto append to "Mail to"
Mail To
Mail
Server Configuration System Notification Mail Server
45.15 Notification > Response Message
Configuration > System > Notification > Response Message
Figure 697
Configuration Object User/Group User
LABEL DESCRIPTION
LABEL DESCRIPTION
Edit
45.16 Language Screen
Configuration > System > Language
Browse
Color
#0000FF
Color
#0000FF
Color
#0000FF
Color
#0000FF
LABEL DESCRIPTION
Figure 698
45.17 IPv6 Screen
Configuration > System > IPv6
LABEL DESCRIPTION
Apply
Reset
Figure 699
45.18 Zyxel One Network (ZON) Utility
45.18.1 Requirements
Operating System
LABEL DESCRIPTION
Configuration Network Interface
Ethernet VLAN Bridge
Apply
Reset
My Computer >
Properties General
Hardware
45.18.2 Run the ZON Utility
OK
Figure 700
Show
information about ZON Supported
model and firmware version
Figure 701
Figure 702
Go
Figure 703
Figure 704
1
2
3
4
5 6
7
8
9
10 11 12 13
ICON DESCRIPTION
45.18.3 Zyxel One Network (ZON) System Screen
ZDP Smart Connect System > ZON
Monitor > System Status > Ethernet Neighbor Smart Connect
System > ZON
Figure 705
LABEL DESCRIPTION
IP Configuration Renew IP address
Flash Locator LED
Figure 706
LABEL DESCRIPTION
Smart Connect
Monitor > System Status >
Ethernet Discovery.
Apply
Reset
C
HAPTER
46
Log and Report
46.1 Overview
46.1.1 What You Can Do In this Chapter
Email Daily Report
Log Setting
46.2 Email Daily Report
Email Daily Report
Mail Server Note
Notification
Configuration > Log & Report > Email Daily Report
Figure 707
LABEL DESCRIPTION
46.3 Log Setting Screens
Log Setting
MONITOR > Log
Log Setting
Log Setting Edit
Log Category Settings
46.3.1 Log Setting Summary
Configuration > Log & Report > Log Settings
System Resource
Usage Wireless Report Security Service, Interface Traffic Statistics DHCP Table
Reset counters after sending report successfully
Apply
Reset
LABEL DESCRIPTION
Figure 708
LABEL DESCRIPTION
Edit
Activate
Inactivate
46.3.2 Edit System Log Settings
Log Settings Edit
Log Settings Summary
Edit
Internal
VRPT
CEF/Syslog
Log Category Settings Edit
LABEL DESCRIPTION
Figure 709
Figure 710
Figure 711
LABEL DESCRIPTION
Active Log and Alert
When Full Hourly and When Full
Daily and When Full Weekly and When Full
SMTP Authentication
SMTP Authentication
System Log
disable all logs
enable normal logs
enable normal logs and debug logs
E-Mail Server 1
System Log
enable normal logs
enable alert logs
E-Mail Server 2
System Log
enable normal logs
enable alert logs
Display
Category View Log Default
Log Category
disable all logs
enable normal logs
enable normal logs and debug logs
E-Mail Server 1
System log
E-Mail Server 2
System log
Log Consolidation Interval View Log
x x
Message
x
x Message
LABEL DESCRIPTION
46.3.3 Edit Log on USB Storage Setting
Edit Log on USB Storage Setting
Log Setting Summary
Edit
Figure 712
LABEL DESCRIPTION
Active Log
Keep Duration
Selection
disable all logs
enable normal logs
enable normal logs and debug logs
46.3.4 Edit Remote Server Log Settings
Log Settings Edit
Log Settings Summary Edit
Figure 713
Default
Log Category All Logs
disable all logs
enable normal logs
enable normal logs and debug logs
LABEL DESCRIPTION
LABEL DESCRIPTION
Active Log
VRPT/Syslog
CEF/Syslog
Selection
disable all logs
enable normal logs
enable normal logs and debug logs
Display
Category View Log Default
Log Category All Logs
disable all logs
enable normal logs
enable normal logs and debug logs
46.3.5 Log Category Settings Screen
Log Category Settings
Log Settings Summary
Log Category Settings
Figure 714
Figure 715
Default
LABEL DESCRIPTION
System Log
disable all logs
enable normal logs
enable normal logs and debug logs
USB Storage
disable all logs
enable normal logs
enable normal logs and debug logs
E-Mail Server 1
System Log
enable normal logs
enable alert logs
E-Mail Server 2
System Log
enable normal logs
enable alert logs
Selection
disable all logs
enable normal logs
enable normal logs and debug logs
Display
Category View Log Default
Log Category
disable all logs
enable normal logs
enable normal logs and debug logs
disable all logs
enable normal logs
enable normal logs and debug logs
E-Mail Server 1
System log
E-
Mail Server 2
System log
Log Category
All Logs
disable all logs
enable normal logs
enable normal logs and debug logs
LABEL DESCRIPTION
C
HAPTER
47
File Manager
47.1 Overview
47.1.1 What You Can Do in this Chapter
Configuration File
Firmware Package
Shell Script
47.1.2 What you Need to Know
Configuration Files and Shell Scripts
Privilege
Configuration
Comments in Configuration Files or Shell Scripts
Figure 716
# enter configuration mode
configure terminal
# change administrator password
username admin password 4321 user-type admin
# configure ge3
interface ge3
ip address 172.23.37.240 255.255.255.0
ip gateway 172.23.37.254 metric 1
exit
# create address objects for remote management / to-ZyWALL firewall rules
# use the address group in case we want to open up remote management later
address-object TW_SUBNET 172.23.37.0/24
object-group address TW_TEAM
address-object TW_SUBNET
exit
# enable Telnet access (not enabled by default, unlike other services)
ip telnet server
# open WAN-to-ZyWALL firewall for TW_TEAM for remote management
firewall WAN ZyWALL insert 4
sourceip TW_TEAM
service TELNET
action allow
exit
write
Configuration
Privilege
Errors in Configuration Files or Shell Scripts
setenv stop-on-error
off
47.2 The Configuration Screen
Maintenance > File Manager > Configuration File > Configuration Configuration
Configuration
Apply
interface ge1
ip address dhcp
!
!
interface ge1
# this interface is a DHCP client
!
! this is from Joe
# on 2008/04/05
interface ge1
ip address dhcp
!
Configuration File Flow at Restart
startup-config.conf
system-default.conf
startup-config.conf
lastgood.conf
startup-config.conf
startup-config-bad.conf lastgood.conf
lastgood.conf
system-default.conf
startup-config.conf setenv-startup stop-
on-error off startup-config.conf
Figure 717
Do not turn off the Zyxel Device while configuration file upload is in
progress.
LABEL DESCRIPTION
lastgood.conf system-
default.conf startup-config.conf
Rename Rename File
Figure 718
OK Cancel
Remove
system-
default.conf startup-config.conf lastgood.conf
OK
Cancel
Download
Copy Copy File
Figure 719
OK Cancel
Apply
Immediately stop applying the configuration file
Immediately stop applying the configuration file and roll back to the previous configuration
Ignore errors and finish applying the configuration file
Ignore errors and finish applying the configuration file and then roll back to the previous
configuration
OK Cancel
system-default.conf
Apply
startup-config.conf
Apply OK
write
lastgood.conf
system-default.conf lastgood.conf
startup-config.conf
Browse ...
LABEL DESCRIPTION
47.2.1 The Configuration Schedule Backup Screen
Schedule Backup
Figure 720
Browse...
Upload
LABEL DESCRIPTION
LABEL DESCRIPTION
47.3 Firmware Management
Firmware Management
Running Standby
Destroy compressed files that could not be decompressed
Destroy
compressed files that could not be decompressed
Destroy compressed files that could not be
decompressed
The firmware update can take up to five minutes. Do not turn off or reset
the Zyxel Device while the firmware update is in progress!
Apply
Reset
LABEL DESCRIPTION
47.3.1 Cloud Helper
Upgrade
What’s New
Upgrade Now
Upgrade Now
Upgrade Now
47.3.2 The Firmware Management Screen
Maintenance > File Manager > Firmware Management Firmware Management
Figure 721
LABEL DESCRIPTION
Reboot
write
Standby Running Standby
Reboot
reboot
Standby Running
Running
Standby N/A
Yes
Yes
No
Check Now
Auto Update File Manager > Firmware Management
Schedule Reboot Maintenance > Shutdown-Reboot
Activated
Not Activated
LABEL DESCRIPTION
No
Maintenance File Manager Firmware Management Standby
Reboot
Standby Running
Maintenance File Manager
Configuration File Configuration Upload Configuration File
Firmware Upload in Process
Figure 722
Figure 723
Dashboard
Figure 724
47.3.3 Firmware Upgrade via USB Stick
SYS
startup-config.conf
startup-config.conf
lastgood.conf
lastgood.conf
system-default.conf
47.4 The Shell Script Screen
Maintenance > File Manager > Shell Script Shell Script Shell Script
write write
write
Figure 725
LABEL DESCRIPTION
Rename Rename File
Figure 726
OK Cancel
Remove
OK
Cancel
Download
Copy Copy File
Figure 727
OK Cancel
Apply
Browse ...
Browse...
Upload
LABEL DESCRIPTION
C
HAPTER
48
Diagnostics
48.1 Overview
48.1.1 What You Can Do in this Chapter
Diagnostics
Packet Capture
CPU / Memory Status
System Logs
Network Tool
Routing Traces
Wireless Frame Capture
48.2 The Diagnostics Screens
Diagnostics
48.2.1 Scripts
Script Name
Script Uploads to the Zyxel Device
File Manager > Shell Script
Diagnostics > Controller
Diagnostics > AP
Diagnostics > AP.
Script Output
Diagnostics > Files
48.2.2 The Diagnostics Controller Screen
Maintenance > Diagnostics > Controller Collect Now
show service-register status all
show myzyxel-service get-cloud-timezone
show cloud-helper firmware
show cloud-helper remind
debug interface ifconfig
debug interface show event_sink
debug interface show interface_obj
debug switch table
debug switch port_groupping
show ping-check status
debug system netstat interface
show interface all
show port status
Figure 728
LABEL DESCRIPTION
Standby
Busy on Ap
Diagnostics > AP
Busy on ZyWall:
48.2.3 The Diagnostics AP Screen
Maintenance > Diagnostics > Collect on AP Collect on
AP
Browse
Upload
LABEL DESCRIPTION
Figure 729
LABEL DESCRIPTION
Standby
Busy on Ap
Diagnostics > AP
Busy on ZyWall:
48.2.4 The Diagnostics Files Screen
Maintenance > Diagnostics > Files
Figure 730
Browse
Upload
LABEL DESCRIPTION
LABEL DESCRIPTION
Remove
Download
48.3 The Packet Capture Screen
Maintenance > Diagnostics > Packet
Capture
File Suffix
Figure 731
LABEL DESCRIPTION
LABEL DESCRIPTION
Available Interfaces
Capture Interfaces
any
any
any
User Defined
IP Type any tcp udp
Continuously capture and overwrite old ones
Duration
File Size
48.3.1 The Packet Capture on AP Screen
Maintenance > Diagnostics > Packet
Capture > Capture on AP
File Suffix
Unused
Remove Now
none
service deactivated Configuration > System > USB
Storag
available
LABEL DESCRIPTION
Figure 732
LABEL DESCRIPTION
Query
Standby
Preparing
Capturing
File Receiving
Available Interfaces
Capture Interfaces
any
any
any
User Defined
IP Type any tcp udp
Continuously capture and overwrite old ones
Duration
File Size
LABEL DESCRIPTION
48.3.2 The Packet Capture Files Screen
Maintenance > Diagnostics > Packet Capture > Files
Unused
Remove Now
none
service deactivated Configuration > System > USB
Storag
available
LABEL DESCRIPTION
Figure 733
48.3.3 The Packet Capture Remote Capture Screen
Maintenance > Diagnostics > Packet Capture > Remote Capture
LABEL DESCRIPTION
Remove
Download
Figure 734
48.4 The CPU / Memory Status Screen
Maintenance > Diagnostics > CPU / Memory Status CPU/Memory Status
LABEL DESCRIPTION
Query
Start
Stop
Figure 735
LABEL DESCRIPTION
48.5 The System Log Screen
Maintenance > Diagnostics > System Log System Log
Figure 736
48.6 The Network Tool Screen
Maintenance > Diagnostics > Network Tool
LABEL DESCRIPTION
LABEL DESCRIPTION
Remove
Download
Figure 737
Figure 738
LABEL DESCRIPTION
NSLOOKUP IPv4 NSLOOKUP IPv6
PING IPv4 PING IPv6
TRACEROUTE IPv4 TRACEROUTE IPv6
Test Email Server
-c count count
-w waittime waittime
Test Email Server Network Tool
Append system name
Append date time
SMTP Authentication
SMTP Authentication
48.7 The Routing Traces Screen
Maintenance > Diagnostics > Routing Traces
Figure 739
LABEL DESCRIPTION
any
Remove
48.8 The Wireless Frame Capture Screen
Maintenance > Diagnostics > Wireless Frame Capture
File Prefix
Figure 740
LABEL DESCRIPTION
Configuration > Wireless > AP Management
Captured MON Mode APs
48.8.1 The Wireless Frame Capture Files Screen
Maintenance > Diagnostics > Wireless Frame Capture > Files
Figure 741
LABEL DESCRIPTION
LABEL DESCRIPTION
Remove
Download
C
HAPTER
49
Packet Flow Explore
49.1 Overview
49.1.1 What You Can Do in this Chapter
Routing Status
SNAT Status
49.2 Routing Status
Routing Status
Routing Flow
Routing Table Maintenance Packet Flow Explore Routing Status
use policy route to override direct route CONFIGURATION > Network > Routing > Policy
Route
policy control-virtual-server-rules
activate
use policy routes to control dynamic IPSec rules CONFIGURATION > VPN > IPSec VPN >
VPN Connection
Figure 742
Figure 743
Figure 744
Figure 745
Figure 746
Figure 747
Figure 748
Figure 749
LABEL DESCRIPTION
Routing Table
Routing Flow
Direct Route Static-Dynamic Route Main Route Routing Flow
A
S
C
O
R
B
G
!
B
L
Policy Route Routing Flow
any
Auto
Interface /GW
VPN Tunnel
Trunk
1-1 SNAT Routing Flow
49.3 The SNAT Status Screen
SNAT Status
SNAT Flow SNAT Table
Maintenance Packet Flow Explore SNAT Status
use default SNAT CONFIGURATION > Network > Interface > Trunk
policy control-virtual-server-rules
activate
Figure 750
Dynamic VPN or SiteToSite VPN Routing Flow
Default WAN Trunk Routing Flow
any
any
LABEL DESCRIPTION
Figure 751
Figure 752
Figure 753
LABEL DESCRIPTION
SNAT Table
SNAT Flow
Policy Route SNAT SNAT Flow
1-1 SNAT SNAT Flow
Loopback SNAT SNAT Flow
any
any
Outgoing
Interface IP
Default SNAT SNAT Flow
Outgoing
Interface IP
LABEL DESCRIPTION
Chapter 50
Shutdown
50.1 Overview
Always use the Maintenance > Shutdown > Shutdown screen or the
“shutdown” command before you turn off the Zyxel Device or remove
the power. Not doing so can cause the firmware to become corrupt.
50.1.1 What You Need To Know
50.2 The Shutdown / Reboot Screen
Maintenance Shutdown/Reboot
Figure 754
shutdown
LABEL DESCRIPTION
Shutdown
Reboot
Auto Update File Manager > Firmware
Management Schedule Reboot Maintenance > Shutdown-
Reboot
Apply
Reset
P
ART
III
Appendices and
Troubleshooting
C
HAPTER
51
Troubleshooting
Network Test Tool
Organization-wide Configuration Inventory
Waiting ZTP
ZTP Setup
OK
Organization-wide Configuration Inventory
Add
OK
Add
Add to site
Waiting ZTP ZTP Setup
OK
Start (All) Programs Accessories Command Prompt
Command Prompt
RESET
SYS
CONSOLE
CONSOLE
Dashboard
Security Service IPS
Prevention
Detection
Enable Content Filter Category Service
Configuration > Security Service > Content Filter > Profile > Add or Edit
Destroy Infected File Configuration > Security Service > Anti-Malware
Check White List
Enable Configuration Security Service Anti-
Malware
reject-both reject-receiver reject-sender drop none
reject-receiver reject-sender
• Configuration > Security Service > IPS (IDP)
• Configuration > Security Service > Anti-Malware
Configuration > Security Service Email Security
Containment Period
Configuration Security Service Collaborative Detection& Response
Interface Type General
Interface Type
Internal External
Auto
Trusted Certificates
Configuration > VPN > IPSec VPN > VPN Connection Use Policy Route to control
dynamic IPSec rules option
AP Role Capability Mgnt. AP List
Secure WiFi
Remote AP Configuration Wireless AP Management
Secure Tunnel SSID
Destroy compressed files that could not be decompressed
Destroy compressed files that could not be decompressed
Destroy compressed
files that could not be decompressed
admin
ext-user
admin
Configuration Object Auth. Method Two-factor Authentication VPN Access.
System Notification SMS
System Notification Mail Server
My Certificates
write
write
File Size
File Size Duration
File Suffix
Monitor Network Status Device Insight
Feedback
Monitor Device Insight
Security Policy
deny
Security Check for
Web Interface
Security Check
for Web Interface
Security
Check for Web Interface
Optimization Aggressiveness High Wireless Wireless Health
Optimization Aggressiveness Low Wireless Wireless Health
Mgmt. & Analytics Nebula
51.1 Resetting the Zyxel Device
SYS
RESET SYS
RESET
51.2 Getting More Troubleshooting Help
A
PPENDIX
A
Customer Support
http://www.zyxel.com/homepage.shtml
http://www.zyxel.com/about_zyxel/zyxel_worldwide.shtml
Required Information
Corporate Headquarters (Worldwide)
Taiwan
Asia
China
India
Kazakhstan
Korea
Malaysia
Pakistan
Philippines
Singapore
Taiwan
Thailand
Vietnam
Europe
Austria
Belarus
Belgium
Bulgaria
Czech Republic
Denmark
Estonia
Finland
France
Germany
Hungary
Italy
Latvia
Lithuania
Netherlands
Norway
Poland
Romania
Russia
Slovakia
Spain
Sweden
Switzerland
Turkey
UK
Ukraine
Latin America
Argentina
Brazil
Ecuador
Middle East
Israel
Middle East
North America
USA
Oceania
Australia
Africa
South Africa
A
PPENDIX
B
Product Features
A
PPENDIX
C
Legal Information
Copyright
Disclaimer
Regulatory Notice and Statement (Class B)
UNITED STATES of AMERICA
FCC EMC Statement
FCC Radiation Exposure Statement (For USG FLEX 100W only)
CANADA
Innovation, Science and Economic Development Canada ICES Statement
Innovation, Science and Economic Development Canada RSS-GEN & RSS-247 Statement (For USG FLEX
100W only)
Antenna Information
informations antenne
Industry Canada radiation exposure statement (For USG FLEX 100W only)
Déclaration d’exposition aux radiations (For USG FLEX 100W only):
Type Manufacturer Gain Connector Impedance
Type fabricant Gain Connecteur impédance
EUROPEAN UNION and UNITED KINGDOM
Declaration of Conformity with Regard to EU Directive 2014/53/EU (Radio Equipment Directive, RED) and
UK regulation
National Restrictions
National Restrictions
Notes:
National Restrictions
National Restrictions
List of national codes
Safety Warnings
Environment Statement
ErP (Energy-related Products)
Disposal and Recycling Information
About the Symbols
Explanation of the Symbols
Viewing Certifications
Zyxel Limited Warranty
Note
Registration
Trademarks
Open Source Licenses
https://www.zyxel.com/form/gpl_oss_software_notice.shtml
Regulatory Notice and Statement (Class A)
FCC EMC Statement
Innovation, Science and Economic Development Canada Industry ICES Statement
EMC statement
List of National Codes
Safety Warnings
Environment Statement
Disposal and Recycling Information
About the Symbols
Explanation of the Symbols
Viewing Certifications
Zyxel Limited Warranty
Note
Registration
Open Source Licenses
https://www.zyxel.com/form/gpl_oss_software_notice.shtml
