ZyXEL Communications ZyWALL USG 2000 Uživatelský manuál

ZyWALL USG ZLD 2.21 Support Notes Revision 1.00 August, 2010 Written by CSO

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 10 Step 10. User can check the 3G connection status

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 11 Step 13. Configure the trunk name and add the tw

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 12 Scenario 2 — WAN Load Balancing and Customized U

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 13 LLF — Least Load First When choosing LLF as the

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 14 Spill-over When choosing the Spill-over load bal

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 15 2.3 Application Scenario The company has two WAN

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 16 2.4 Configuration Guide Network Conditions: -

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 17 b. Go to CONFIGURATION > Network > Interf

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 18 b. Add WAN trunk for HTTP traffic — Set WAN2_pp

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 19 Step 3. Go to CONFIGURATION > Network > Ro

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 2 Table of Contents Scenario 1 — Connecting your U

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 20 b. Add a policy route for HTTP traffic: Source:

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 21 c. For all other traffic, use SYSTEM_DEFAULT_WA

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 22 Scenario 3 — How to configure NAT if you have In

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 23 3.2 Configuration Guide Network Conditions: USG

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 24 Step 2. Click the Add button to create a mapping

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 25 Step 4. Click CONFIGURATION > Network > Fi

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 26 Step 7. Configure the rule to: - Allow access f

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 27 Scenario 4 — Secure site-to-site connections usi

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 28 4.2 Configuration Guide Network Conditions: USG

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 29 ZLD configuration ZyNOS configuration Step 1. Cl

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 3 Scenario 8 — Reserving Highest Bandwidth Manageme

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 30

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 31 Step 4. Click CONFIGURATION > VPN > IPSec

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 32

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 33 Step 6. After saving the network policy,

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 34 Step 7. After setting the rule, user can select

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 35 Scenario 5 — Secure client-to-site connections u

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 36 5.2 Configuration Guide Network Conditions: USG

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 37 ZLD configuration ZyNOS configuration Step 1. Cl

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 38

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 39 Step 4. Click CONFIGURATION > VPN > IPSec

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 4 Scenario 1 — Connecting your USG to the Internet

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 40

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 41 Step 6. After setting up the network pol

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 42 Step 7. Start the ZyXEL IPSec VPN Client. Fill i

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 43 Step 8. Configure the phase-2 parameters.

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 44 Step 9. Because it is a dynamic rule, user MUST

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 45 Scenario 6 — Deploying SSL VPN for Tele-workers

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 46 6.2 Configuration Guide Network Conditions: -

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 47 ZLD configuration ZyNOS configuration Step 1. Cr

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 48 Step 2. Go to Configuration > Object > Add

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 49 Step4. Go to Configuration > VPN > SSL VPN

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 5 1.2 Configuration Guide Network Conditions: USG-

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 50 Step5. Go to Configuration > VPN > SSL VPN

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 51 Check the created policies as below: Scenario

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 52 SSL VPN is established. You can see the VNC serv

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 53 b. Log in with user “Chris”: Open the USG login

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 54 You can check the client’s routing table after t

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 55 Scenario 7 — Reserving Highest Bandwidth Managem

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 56 7.2 Configuration Guide Network Conditions: -

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 57 Step 2. Go to Configuration > App Patrol >

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 58 << ZyWALL USG20/20W configuration steps &g

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 59 Step3. Create a bandwidth management rule and co

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 6 Step 2. Fill in the PPPoE user name and passwor

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 60 Step4. Create a bandwidth management rule and co

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 61 Scenario 8 — Reserving Highest Bandwidth Managem

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 62 8.2 Configuration Guide Network Conditions: -

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 63 Step 2. Go to Configuration > Object > Sch

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 64 Step3. Go to Configuration > App Patrol >

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 65 Add a policy to manage the manager’s http traffi

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 66 App Patrol BWM Direction NOTE To use App Patrol

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 67 Limit each user’s session number To prevent any

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 68 << ZyWALL USG20/20W configuration steps &g

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 69 Input Start Time and Stop Time, and choose the w

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 7 Step 4. Enable the interface and select the pre-c

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 70 Destination Port: 80 Schedule: the recurring sch

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 71 Scenario 9 — Using ZyWALL to Control Popular P2P

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 72 9.2 Configuration Guide Network Conditions: -

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 73 Step 2. Go to Configuration > App Patrol &g

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 74 Step3. Switch to Configuration > App Patrol &

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 75 Edit the default policy. Limit its bandwidth to

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 76 Add a policy to block thunder traffic during off

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 77 Scenario 10 — Deploying Content Filtering to Man

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 78 10.1 Introduction to ZSB (ZyXEL Safe Browsing)

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 79 10.3 Configuration Guide Network Conditions: -

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 8 Step 6. To check the PPPoE IP address, click the

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 80 Step 2. Go to Configuration > Object > Sch

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 81 Add a profile which allows users to serf all web

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 82 Add a profile for employees to surf only allowed

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 83 Step 4. Switch to Configuration > Anti-X >

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 84 Add an access policy for the employees during of

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 85 Check the created policies. Make sure their orde

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 86 Scenario 11 — Quick Setup for Allowing WLAN User

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 87 11.2 Configuration Guide Goal to achieve: A qu

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 88 Step 2. You can add a new rule by clicking the A

ZyXEL – ZyWALL USG Support Notes All contents copyright (c) 2010 ZyXEL Communications Corporation. 9 Step 8. Fill in the 3G connection parameters: -