Zyxel ZyWALL-USG50 Router Manual PDF (Setup & Configuration Guide)

Page 96 / 944 Scroll up to view Page 91 - 95

Chapter 6 Configuration Basics

ZyWALL USG 50 User’s Guide

96

6.5.2

Licensing Registration

Use these screens to register your ZyWALL and subscribe to services like anti-

virus, IDP and application patrol, more SSL VPN tunnels, and content filtering. You

must have Internet access to myZyXEL.com.

6.5.3

Licensing Update

Use these screens to update the ZyWALL’s signature packages for the anti-virus,

IDP and application patrol, and system protect features. You must have a valid

subscription to update the anti-virus and IDP/application patrol signatures. You

must have Internet access to myZyXEL.com.

6.5.4

Interface

See

Section 6.2 on page 88

for background information.

Note: When you create an interface, there is no security applied on it until you assign

it to a zone.

Most of the features that use interfaces support Ethernet, PPPoE/PPTP, cellular,

VLAN, and bridge interfaces.

Example:

The

dmz

interface is in the DMZ zone and uses a private IP address. To

configure

dmz

’s settings, click

Network > Interface > Ethernet

and then the

dmz

’s

Edit

icon.

MENU ITEM(S)

Configuration > Licensing > Registration

PREREQUISITES

Internet access to myZyXEL.com

MENU ITEM(S)

Configuration > Licensing > Update

PREREQUISITES

Registration (for anti-virus and IDP/application patrol), Internet

access to myZyXEL.com

MENU ITEM(S)

Configuration > Network > Interface

(except

Network >

Interface > Trunk

)

PREREQUISITES

Port groups (configured in the

Interface > Port Grouping

screen)

WHERE USED

Zones, trunks, IPSec VPN, DDNS, policy routes, static routes, HTTP

redirect, NAT, application patrol

Page 97 / 944

Chapter 6 Configuration Basics

ZyWALL USG 50 User’s Guide

97

6.5.5

Trunks

Use trunks to set up load balancing using two or more interfaces.

Example:

See

Chapter 7 on page 109

.

6.5.6

Policy Routes

Use policy routes to override the ZyWALL’s default routing behavior in order to

send packets through the appropriate interface or VPN tunnel. You can also use

policy routes for bandwidth management (out of the ZyWALL), port triggering,

and general NAT on the source address. You have to set up the criteria, next-hops,

and NAT settings first.

Example:

You have an FTP server connected to

P6

(in the DMZ zone). You want

to limit the amount of FTP traffic that goes out from the FTP server through your

WAN connection.

1

Create an address object for the FTP server (

Object > Address

).

2

Click

Configuration > Network > Routing > Policy Route

to go to the policy

route configuration screen. Add a policy route.

3

Name the policy route.

4

Select the interface that the traffic comes in through (

P3

in this example).

5

Select the FTP server’s address as the source address.

6

You don’t need to specify the destination address or the schedule.

7

For the service, select

FTP

.

MENU ITEM(S)

Configuration > Network > Interface > Trunk

PREREQUISITES

Interfaces

WHERE USED

Policy routes

MENU ITEM(S)

Configuration > Network > Routing > Policy Route

PREREQUISITES

Criteria: users, user groups, interfaces (incoming), IPSec VPN

(incoming), addresses (source, destination), address groups (source,

destination), schedules, services, service groups

Next-hop: addresses (HOST gateway), IPSec VPN, SSL VPN, trunks,

interfaces

NAT: addresses (translated address), services and service groups

(port triggering)

Page 98 / 944

Chapter 6 Configuration Basics

ZyWALL USG 50 User’s Guide

98

8

For the

Next Hop

fields, select

Interface

as the

Type

if you have a single WAN

connection or

Trunk

if you have multiple WAN connections.

9

Select the interface that you are using for your WAN connection (

wan1

and

wan2

are the default WAN interfaces). If you have multiple WAN connections, select the

trunk.

10

Specify the amount of bandwidth FTP traffic can use. You may also want to set a

low priority for FTP traffic.

Note: The ZyWALL checks the policy routes in the order that they are listed. So make

sure that your custom policy route comes before any other routes that would

also match the FTP traffic.

6.5.7

Static Routes

Use static routes to tell the ZyWALL about networks not directly connected to the

ZyWALL.

6.5.8

Zones

See

Section 6.2 on page 88

for background information. A zone is a group of

interfaces and VPN tunnels. The ZyWALL uses zones, not interfaces, in many

security settings, such as firewall rules and remote management.

Zones cannot overlap. Each interface and VPN tunnel can be assigned to at most

one zone. Virtual interfaces are automatically assigned to the same zone as the

interface on which they run. When you create a zone, the ZyWALL does not create

any firewall rules, assign an IDP profile, or configure remote management for the

new zone.

Example:

For example, to create the DMZ-2 zone, click

Network > Zone

and

then the

Add

icon.

MENU ITEM(S)

Configuration > Network > Routing > Static Route

PREREQUISITES

Interfaces

MENU ITEM(S)

Configuration > Network > Zone

PREREQUISITES

Interfaces, IPSec VPN, SSL VPN

WHERE USED

Firewall, IDP, remote management, anti-virus, ADP, application patrol

Page 99 / 944

Chapter 6 Configuration Basics

ZyWALL USG 50 User’s Guide

99

6.5.9

DDNS

Dynamic DNS maps a domain name to a dynamic IP address. The ZyWALL helps

maintain this mapping.

6.5.10

NAT

Use Network Address Translation (NAT) to make computers on a private network

behind the ZyWALL available outside the private network.

The ZyWALL only checks regular (through-ZyWALL) firewall rules for packets that

are redirected by NAT, it does not check the to-ZyWALL firewall rules.

Example:

Suppose you have an FTP server with a private IP address connected to

a DMZ port. You could configure a NAT rule to forwards FTP sessions from the

WAN to the DMZ.

1

Click

Configuration > Network > NAT

to configure the NAT entry. Add an entry.

2

Name the entry.

3

Select the WAN interface that the FTP traffic is to come in through.

4

Specify the public WAN IP address where the ZyWALL will receive the FTP packets.

5

In the

Mapped IP field

, list the IP address of the FTP server. The ZyWALL will

forward the packets received for the original IP address.

6

In

Mapping Type

, select

Port

.

7

Enter 21 in both the

Original

and the

Mapped Port

fields.

6.5.11

HTTP Redirect

Configure this feature to have the ZyWALL transparently forward HTTP (web)

traffic to a proxy server. This can speed up web browsing because the proxy server

keeps copies of the web pages that have been accessed so they are readily

available the next time one of your users needs to access that page.

MENU ITEM(S)

Configuration > Network > DDNS

PREREQUISITES

Interface

MENU ITEM(S)

Configuration > Network > NAT

PREREQUISITES

Interfaces, addresses (HOST)

Page 100 / 944

Chapter 6 Configuration Basics

ZyWALL USG 50 User’s Guide

100

The ZyWALL does not check to-ZyWALL firewall rules for packets that are

redirected by HTTP redirect. It does check regular (through-ZyWALL) firewall

rules.

Example:

Suppose you want HTTP requests from your LAN to go to a HTTP proxy

server at IP address 192.168.3.80.

1

Click

Configuration > Network > HTTP Redirect

.

2

Add an entry.

3

Name the entry.

4

Select the interface from which you want to redirect incoming HTTP requests

(

lan1

).

5

Specify the IP address of the HTTP proxy server.

6

Specify the port number to use for the HTTP traffic that you forward to the proxy

server.

6.5.12

ALG

The ZyWALL’s Application Layer Gateway (ALG) allows VoIP and FTP applications

to go through NAT on the ZyWALL. You can also specify additional signaling port

numbers.

6.5.13

Auth. Policy

Use authentication policies to control who can access the network. You can

authenticate users (require them to log in) and even perform Endpoint Security

(EPS) checking to make sure users’ computers comply with defined corporate

policies before they can access the network.

MENU ITEM(S)

Configuration > Network > HTTP Redirect

PREREQUISITES

Interfaces

MENU ITEM(S)

Configuration > Network > ALG

MENU ITEM(S)

Configuration > Auth. Policy

PREREQUISITES

Addresses, services, endpoint security objects, users, authentication

methods

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share