Zyxel ZyWALL-USG50 Router Manual PDF (Setup & Configuration Guide)

Page 86 / 944 Scroll up to view Page 81 - 85

Chapter 5 Quick Setup

ZyWALL USG 50 User’s Guide

86

5.5.8

VPN Advanced Wizard - Finish

Now you can use the VPN tunnel.

Figure 51

VPN Wizard: Step 6: Advanced

Note: If you have not already done so, you can register your ZyWALL with

myZyXEL.com and activate trials of services like Content Filter.

Click

Close

to exit the wizard.

Page 87 / 944

ZyWALL USG 50 User’s Guide

87

C

HAPTER

6

Configuration Basics

This information is provided to help you configure the ZyWALL effectively. Some of

it is helpful when you are just getting started. Some of it is provided for your

reference when you configure various features in the ZyWALL.

•

Section 6.1 on page 87

introduces the ZyWALL’s object-based configuration.

•

Section 6.2 on page 88

introduces zones, interfaces, and port groups.

•

Section 6.3 on page 91

introduces some terminology and organization for the

ZyWALL.

•

Section 6.4 on page 91

covers the ZyWALL’s packet flow.

•

Section 6.5 on page 95

identifies the features you should configure before and

after you configure the main screens for each feature. For example, if you want

to configure a trunk for load-balancing, you should configure the member

interfaces before you configure the trunk. After you configure the trunk, you

should configure a policy route for it as well. (You might also have to configure

criteria for the policy route.)

•

Section 6.6 on page 105

identifies the objects that store information used by

other features.

•

Section 6.7 on page 106

introduces some of the tools available for system

management.

6.1

Object-based Configuration

The ZyWALL stores information or settings as objects. You use these objects to

configure many of the ZyWALL’s features and settings. Once you configure an

object, you can reuse it in configuring other features.

When you change an object’s settings, the ZyWALL automatically updates all the

settings or rules that use the object. For example, if you create a schedule object,

you can have firewall, application patrol, content filter, and other settings use it. If

you modify the schedule, all the firewall, application patrol, content filter, and

other settings that use the schedule automatically apply the updated schedule.

You can create address objects based on an interface’s IP address, subnet, or

gateway. The ZyWALL automatically updates every rule or setting that uses these

objects whenever the interface’s IP address settings change. For example, if you

Page 88 / 944

Chapter 6 Configuration Basics

ZyWALL USG 50 User’s Guide

88

change an Ethernet interface’s IP address, the ZyWALL automatically updates the

rules or settings that use the interface-based, LAN subnet address object.

You can use the

Configuration > Objects

screens to create objects before you

configure features that use them. If you are in a screen that uses objects, you can

also usually select

Create new Object

to be able to configure a new object. For a

list of common objects, see

Section 6.6 on page 105

.

Use the

Object Reference

screen (

Section 3.3.3.3 on page 53

) to see what

objects are configured and which configuration settings reference specific objects.

6.2

Zones, Interfaces, and Physical Ports

Zones (groups of interfaces and VPN tunnels) simplify security settings. Here is an

overview of zones, interfaces, and physical ports in the ZyWALL.

Figure 52

Zones, Interfaces, and Physical Ethernet Ports

Table 13

Zones, Interfaces, and Physical Ethernet Ports

Zones

(WAN,LAN, DMZ)

A zone is a group of interfaces and VPN tunnels. Use zones to apply

security settings such as firewall, IDP, remote management, anti-

virus, and application patrol.

Interfaces

(Ethernet,

VLAN,...)

Interfaces are logical entities that (layer-3) packets pass through.

Use interfaces in configuring VPN, zones, trunks, DDNS, policy

routes, static routes, HTTP redirect, and NAT.

Port roles combine physical ports into interfaces.

Physical

Ethernet Ports

(P1, P2, ...)

The physical port is where you connect a cable. In configuration, you

use physical ports when configuring port groups. You use interfaces

and zones in configuring other features.

Physical Ports

Interfaces

Zones

LAN1

DMZ

lan1

dmz

LAN2

lan2

WAN

wan1

wan2

Page 89 / 944

Chapter 6 Configuration Basics

ZyWALL USG 50 User’s Guide

89

6.2.1

Interface Types

There are many types of interfaces in the ZyWALL. In addition to being used in

various features, interfaces also describe the network that is directly connected to

the ZyWALL.

•

Ethernet interfaces

are the foundation for defining other interfaces and

network policies. You also configure RIP and OSPF in these interfaces.

•

Port groups

create a hardware connection between physical ports at the layer-

2 (data link, MAC address) level. Port groups are created when you use the

Interface > Port Roles

screen to set multiple physical ports to be part of the

same (lan1, lan2 or dmz) interface.

•

PPP interfaces

support Point-to-Point Protocols (PPPoE or PPTP). ISP accounts

are required for PPPoE/PPTP interfaces.

•

VLAN interfaces

recognize tagged frames. The ZyWALL automatically adds or

removes the tags as needed. Each VLAN can only be associated with one

Ethernet interface.

•

Bridge interfaces

create a software connection between Ethernet or VLAN

interfaces at the layer-2 (data link, MAC address) level. Then, you can configure

the IP address and subnet mask of the bridge. It is also possible to configure

zone-level security between the member interfaces in the bridge.

•

Virtual interfaces

increase the amount of routing information in the ZyWALL.

There are three types:

virtual Ethernet interfaces

(also known as IP alias),

virtual VLAN interfaces

, and

virtual bridge interfaces

.

6.2.2

Default Interface and Zone Configuration

This section introduces the ZyWALL’s default zone member physical interfaces and

the default configuration of those interfaces. The following figure uses letters to

denote public IP addresses or part of a private IP address.

Page 90 / 944

Chapter 6 Configuration Basics

ZyWALL USG 50 User’s Guide

90

Table 14

Default Network Topology

ZyWALL USG 50 Default Port, Interface, and

Zone Configuration

•

The WAN zone contains the

wan1

and

wan2

interfaces (physical ports

P1

and

P2

). They use public IP addresses to connect to the Internet.

•

The LAN1 zone contains the

lan1

interface

(a port group made up of physical

ports

P3

and

P4

on the ZyWALL). The LAN1 zone is a protected zone. The

lan1

interface uses 192.168.1.1 and the connected devices use IP addresses in the

192.168.1.2 to 192.168.1.254 range.

•

The LAN2 zone contains the

lan2

interface

.

The LAN2 zone is a protected zone.

The

lan2

interface uses 192.168.2.1 and the connected devices use IP

addresses in the 192.168.2.2 to 192.168.2.254 range.

•

The DMZ zone contains the

dmz

interface (physical port

P5

). The DMZ zone has

servers that are available to the public. The

dmz

interface uses private IP

address 192.168.3.1 and the connected devices use private IP addresses in the

192.168.3.2 to 192.168.3.254 range.

PORT

INTERFACE

ZONE

IP ADDRESS AND DHCP

SETTINGS

SUGGESTED USE WITH

DEFAULT SETTINGS

P1, P2

wan1, wan2

WAN

DHCP clients

Connections to the Internet

P3, P4

lan1

LAN1

192.168.1.1, DHCP

server enabled

Protected LAN

P5

lan2

LAN2

192.168.2.1, DHCP

server enabled

Protected LAN

P6

dmz

DMZ

192.168.3.1, DHCP

server disabled

Public servers (such as

web, e-mail and FTP)

CONSOLE

n/a

None

Local management

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share