User’s Guide ZyWALL ATP Series Version 4.35 Edition 4, 11/2019 Default Login Details LAN Port IP Address User Name Password https://192.168.1.
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in product features or web configurator brand style. Every effort has been made to ensure that the information in this manual is accurate.
Document Conventions Warnings and Notes These are how warnings and notes are shown in this guide. Warnings tell you about things that could harm you or your device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • All models in this series may be referred to as the “Zyxel Device” in this guide. • Product labels, screen names, field labels and field choices are all in bold font.
Contents Overview Contents Overview Introduction ........................................................................................................................................... 24 Initial Setup Wizard ............................................................................................................................... 48 Hardware, Interfaces and Zones ........................................................................................................ 67 Quick Setup Wizards ........
Contents Overview File Manager ....................................................................................................................................... 806 Diagnostics ......................................................................................................................................... 821 Packet Flow Explore ........................................................................................................................... 842 Shutdown .............................
Table of Contents Table of Contents Document Conventions ......................................................................................................................3 Contents Overview .............................................................................................................................4 Table of Contents .................................................................................................................................6 Part I: User’s Guide...................
Table of Contents 2.1.15 Remote Management ...................................................................................................... 65 Chapter 3 Hardware, Interfaces and Zones ......................................................................................................67 3.1 Hardware Overview ....................................................................................................................... 67 3.1.1 Front Panels ...................................................
Table of Contents 4.4.9 VPN Settings for Configuration Provisioning Advanced Wizard- Finish ........................ 104 4.5 VPN Settings for L2TP VPN Settings Wizard ................................................................................. 104 4.5.1 L2TP VPN Settings ................................................................................................................ 105 4.5.2 L2TP VPN Settings .............................................................................................
Table of Contents 6.11 The UPnP Port Status Screen ..................................................................................................... 139 6.12 USB Storage Screen .................................................................................................................... 140 6.13 Ethernet Neighbor Screen ........................................................................................................ 141 6.14 FQDN Object Screen ..............................................
Table of Contents 7.2.2 The Signature Screen .......................................................................................................... 190 7.2.3 Auto Update ........................................................................................................................ 190 Chapter 8 Wireless .............................................................................................................................................192 8.1 Overview ..................................
Table of Contents 9.6.1 Cellular Choose Slot ........................................................................................................... 253 9.6.2 Add / Edit Cellular Configuration ...................................................................................... 253 9.7 Tunnel Interfaces .......................................................................................................................... 259 9.7.1 Configuring a Tunnel ...............................................
Table of Contents 10.8.4 Example Scenario ............................................................................................................. 335 Chapter 11 DDNS ................................................................................................................................................337 11.1 DDNS Overview ........................................................................................................................... 337 11.1.1 What You Can Do in this Chapter ....
Table of Contents 15.3 UPnP Screen ................................................................................................................................ 365 15.4 Technical Reference .................................................................................................................. 366 15.4.1 Turning on UPnP in Windows 7 Example ......................................................................... 366 15.4.2 Turn on UPnP in Windows 10 Example ...................................
Table of Contents 20.1.1 What You Can Do in this Chapter ................................................................................... 398 20.1.2 What You Need to Know ................................................................................................. 398 20.1.3 Before You Begin ............................................................................................................... 401 20.2 The VPN Connection Screen ................................................................
Table of Contents 24.1.2 What You Need to Know ................................................................................................. 461 24.2 Web Authentication General Screen ...................................................................................... 461 24.2.1 User-aware Access Control Example ............................................................................. 466 24.2.2 Authentication Type Screen ...........................................................................
Table of Contents Chapter 27 Content Filter ....................................................................................................................................524 27.1 Overview ..................................................................................................................................... 524 27.1.1 What You Can Do in this Chapter ................................................................................... 524 27.1.2 What You Need to Know .......................
Table of Contents 30.2.1 Query Example .................................................................................................................. 571 30.3 IDP Custom Signatures .............................................................................................................. 572 30.3.1 Add / Edit Custom Signatures ......................................................................................... 573 30.3.2 Custom Signature Example .................................................
Table of Contents 34.2 The IP Exception Screen ............................................................................................................ 611 34.2.1 The IP Exception Add/Edit Screen ................................................................................. 612 Chapter 35 Object ...............................................................................................................................................614 35.1 Zones Overview .......................................
Table of Contents 35.9.4 What You Need To Know ................................................................................................. 677 35.9.5 Active Directory or LDAP Server Summary ..................................................................... 678 35.9.6 RADIUS Server Summary ................................................................................................... 682 35.10 Auth. Method Overview ................................................................................
Table of Contents 38.3 USB Storage ................................................................................................................................. 733 38.4 Date and Time ............................................................................................................................ 734 38.4.1 Pre-defined NTP Time Servers List ..................................................................................... 737 38.4.2 Time Server Synchronization ............................
Table of Contents 38.11.2 Supported MIBs ............................................................................................................... 777 38.11.3 SNMP Traps ....................................................................................................................... 777 38.11.4 Configuring SNMP ........................................................................................................... 777 38.11.5 Add SNMPv3 User ..................................................
Table of Contents 41.1.1 What You Can Do in this Chapter ................................................................................... 821 41.2 The Diagnostics Screens ............................................................................................................ 821 41.2.1 The Diagnostics Collect Screen ....................................................................................... 822 41.2.2 The Diagnostics Collect on AP Screen ..................................................
P ART I User’s Guide 23
CHAPTER 1 Introduction 1.1 Overview Zyxel Device refers to these models as outlined below. • ATP100 • ATP100W • ATP200 • ATP500 • ATP700 • ATP800 Most screen shots in this guide come from the ATP200. Note the following differences between the device models: • ATP500 and ATP800 support Device HA Pro. • Some interface names vary by model - see Table 14 on page 73 and Table 15 on page 73 for default port / interface name mapping. See Table 17 on page 73 for default interface / zone mapping.
Chapter 1 Introduction Figure 1 myZyxel Login 1.2.1 Grace Period SecuReporter and service licenses have a 15-day grace period after a license expires. Services will continue to work in this period during which you will receive notifications to renew your license(s). New license(s) are valid for 1 year from the date of purchase. 1.2.2 Applications These are some Zyxel Device application scenarios. Security Router Security includes a Stateful Packet Inspection (SPI) firewall.
Chapter 1 Introduction IPv6 Routing The Zyxel Device supports IPv6 Ethernet, PPP, VLAN, and bridge routing. You may also create IPv6 policy routes and IPv6 objects. The Zyxel Device can also route IPv6 packets through IPv4 networks using different tunneling methods. Figure 3 Applications: IPv6 Routing VPN Connectivity Set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to your network. AS is an Authentication Server in the below figure.
Chapter 1 Introduction Figure 5 SSL VPN With Full Tunnel Mode LAN (192.168.1.X) Web Mail https:// File Share Non-Web Web-based Application Application Server User-Aware Access Control Set up security policies to restrict access to sensitive information and shared resources based on the user who is trying to access it. In the following figure user A can access both the Internet and an internal file server. User B has a lower level of access and can only access the Internet.
Chapter 1 Introduction 1.3 Management Overview You can manage the Zyxel Device in the following ways. Web Configurator The Web Configurator allows easy Zyxel Device setup and management using an Internet browser. This User’s Guide provides information about the Web Configurator. Figure 8 Managing the Zyxel Device: Web Configurator Command-Line Interface (CLI) The CLI allows you to use text-based commands to configure the Zyxel Device.
Chapter 1 Introduction CloudCNM Use the CloudCNM screen (see Section 38.15 on page 786) to enable and configure management of the Zyxel Device by a Central Network Management system. Management Authentication Managers must be authenticated with a username and password, using one of: • Local Zyxel Device authentication • An external RADIUS server • An external LDAP server • Certificates 1.
Chapter 1 Introduction 3 Type the user name (default: “admin”) and password (default: “1234”). 4 Click Login. After you log in for the first time using the default user name and password, you must change the default admin password in the Update Admin Info screen. Enter a new password of from 1 to 64 characters.
Chapter 1 Introduction 6 The Network Risk Warning screen displays any unregistered or disabled security services. If your Zyxel Device is not registered, you will see a prompt to register it. Select how often to display the screen and click OK.
Chapter 1 Introduction If you select Never and you later want to bring this screen back, use these commands (note the space before the underscore). Router> enable Router# Router# configure terminal Router(config)# Router(config)# service-register _setremind after-10-days after-180-days after-30-days every-time never Router(config)# service-register _setremind every-time Router(config)# See the Command Line Interface (CLI) Reference Guide (RG) for details on all supported commands.
Chapter 1 Introduction B A C Title Bar Figure 9 Title Bar The title bar icons in the upper right corner provide the following functions. Table 2 Title Bar: Web Configurator Icons LABEL DESCRIPTION SecuReporter Click this to open the SecuReporter portal page. This icon shows when the Zyxel Device is added to an organization. Web Console Click this to open one or multiple console windows from which you can run command line interface (CLI) commands.
Chapter 1 Introduction Table 2 Title Bar: Web Configurator Icons (continued) LABEL DESCRIPTION About Click this to display basic information about the Zyxel Device. Logout Click this to log out of the Web Configurator. About Click About to display basic information about the Zyxel Device. Figure 10 About Table 3 About LABEL DESCRIPTION Current Version This shows the firmware version of the Zyxel Device.
Chapter 1 Introduction Figure 11 Site Map Web Console Click Web Console to open one or multiple console windows from which you can run CLI commands. You will be prompted to enter your user name and password. See the Command Reference Guide for information about the commands. Logging in to the Zyxel Device with HTTPS, so you can open one or multiple console windows. Figure 12 Web Console Window Reference Click Reference to open the Reference screen.
Chapter 1 Introduction Figure 13 Reference The fields vary with the type of object. This table describes labels that can appear in this screen. Table 4 Reference LABEL DESCRIPTION Type Select an object type to see the services. Name This identifies the object for which the configuration settings that use it are displayed. Click the object’s name to display the object’s configuration screen in the main window. # This field is a sequential value, and it is not associated with any entry.
Chapter 1 Introduction Figure 14 CLI Messages 1.4.3 Navigation Panel Use the navigation panel menu items to open status and configuration screens. Click the arrow in the middle of the right edge of the navigation panel to hide the panel or drag to resize it. The following sections introduce the Zyxel Device’s navigation panel menus and their screens.
Chapter 1 Introduction Monitor Menu The monitor menu screens display status and statistics information. Table 5 Monitor Menu Screens Summary FOLDER OR LINK TAB FUNCTION Port Statistics Port Statistics Displays packet statistics for each physical port. Interface Status Interface Summary Displays general interface information and packet statistics. Traffic Statistics Traffic Statistics Collect and display traffic statistics.
Chapter 1 Introduction Table 5 Monitor Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION SSL SSL Lists users currently logged into the VPN SSL client portal. You can also log out individual users and delete related session information. L2TP over IPSec L2TP over IPSec Displays details about current L2TP sessions. Content Filter Summary Collect and display content filter statistics App Patrol Summary Displays application patrol statistics.
Chapter 1 Introduction Table 6 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION Auto Healing Auto Healing Enable auto healing to extend the wireless service coverage area of the managed APs when one of the APs fails. RTLS Real Time Location System Use the managed APs as part of an Ekahau RTLS to track the location of Ekahau Wi-Fi tags. Port Role Use this screen to set the Zyxel Device’s flexible ports such as LAN, OPT, WLAN, or DMZ.
Chapter 1 Introduction Table 6 Configuration Menu Screens Summary (continued) FOLDER OR LINK SSL VPN L2TP VPN TAB FUNCTION Access Privilege Configure SSL VPN access rights for users and groups. Global Setting Configure the Zyxel Device’s SSL VPN settings that apply to all connections. L2TP VPN Configure L2TP over IPSec tunnels. BWM BWM Enable and configure bandwidth management rules. Web Authentication Web Authentication Define a web portal and exempt services from authentication.
Chapter 1 Introduction Table 6 Configuration Menu Screens Summary (continued) FOLDER OR LINK Email Security SSL Inspection IP Exception TAB FUNCTION Email Security Turn email security on or off and manage email security policies. Create email security template(s) of settings to apply to a traffic flow using a security policy. Black/White List Set up a black list to identify spam and a white list to identify legitimate email. Profile Decrypt HTTPS traffic for Security Service inspection.
Chapter 1 Introduction Table 6 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION Auth. Method Authentication Method Create and manage ways of authenticating users. Certificate My Certificates Create and manage the Zyxel Device’s certificates. Trusted Certificates Import and manage certificates from trusted sources. Request Configure IPv6 DHCP request type and interface information. Lease Configure IPv6 DHCP lease type and interface information.
Chapter 1 Introduction Maintenance Menu Use the maintenance menu screens to manage configuration and firmware files, run diagnostics, and reboot or shut down the Zyxel Device. Table 7 Maintenance Menu Screens Summary FOLDER OR LINK File Manager Diagnostics TAB FUNCTION Configuration File Manage and upload configuration files for the Zyxel Device. Firmware Management View the current firmware version and upload firmware. Reboot with your choice of firmware.
Chapter 1 Introduction Figure 16 Sorting Table Entries by a Column’s Criteria Click the down arrow next to a column heading for more options about how to display the entries. The options available vary depending on the type of fields in the column.
Chapter 1 Introduction Figure 19 Moving Columns Use the icons and fields at the bottom of the table to navigate to different pages of entries and control how many entries display at a time. Figure 20 Navigating Pages of Table Entries The tables have icons for working with table entries. You can often use the [Shift] or [Ctrl] key to select multiple entries to remove, activate, or deactivate. Figure 21 Common Table Icons Here are descriptions for the most common table icons.
Chapter 1 Introduction Working with Lists When a list of available entries displays next to a list of selected entries, you can often just double-click an entry to move it from one list to the other. In some lists you can also use the [Shift] or [Ctrl] key to select multiple entries, and then use the arrow button to move them to the other list.
CHAPTER 2 Initial Setup Wizard 2.1 Initial Setup Wizard Screens When you log into the Web Configurator for the first time or when you reset the Zyxel Device to its default configuration, the Initial Setup Wizard screen displays. This wizard helps you configure Internet connection settings and activate subscription services. Note: For Zyxel Devices that already have firmware version 4.
Chapter 2 Initial Setup Wizard The screens vary depending on the encapsulation type. Refer to information provided by your ISP to know what to enter in each field. Note: Enter the Internet access information exactly as your ISP gave it to you. Leave a field blank if you don’t have that information. • I have two ISPs: Select this option to configure two Internet connections. Leave it cleared to configure just one. This option appears when you are configuring the first WAN interface.
Chapter 2 Initial Setup Wizard • Gateway IP Address: Enter the IP address of the router through which this WAN connection will send traffic (the default gateway). • First / Second DNS Server: These fields display if you selected static IP address assignment. The Domain Name System (DNS) maps a domain name to an IP address and vice versa. Enter a DNS server's IP address(es). The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.
Chapter 2 Initial Setup Wizard • Chap - Your Zyxel Device accepts CHAP only. • PAP - Your Zyxel Device accepts PAP only. • MSCHAP - Your Zyxel Device accepts MSCHAP only. • MSCHAP-V2 - Your Zyxel Device accepts MSCHAP-V2 only. • Type the User Name given to you by your ISP. You can use alphanumeric and -_@$./ characters, and it can be up to 31 characters long. • Type the Password associated with the user name. Use up to 64 ASCII characters except the [] and ?. This field can be blank.
Chapter 2 Initial Setup Wizard Figure 26 Internet Access: PPPoE Encapsulation 2.1.4 Internet Access: PPTP 2.1.4.1 ISP Parameters • Authentication Type - Select an authentication protocol for outgoing calls. Options are: • Chap/PAP - Your Zyxel Device accepts either CHAP or PAP when requested by the remote node. • Chap - Your Zyxel Device accepts CHAP only. • PAP - Your Zyxel Device accepts PAP only. • MSCHAP - Your Zyxel Device accepts MSCHAP only. • MSCHAP-V2 - Your Zyxel Device accepts MSCHAP-V2 only.
Chapter 2 Initial Setup Wizard • Type a Connection ID or connection name. It must follow the “c:id” and “n:name” format. For example, C:12 or N:My ISP. This field is optional and depends on the requirements of your broadband modem or router. You can use alphanumeric and -_: characters, and it can be up to 31 characters long. 2.1.4.3 WAN IP Address Assignments • First WAN Interface: This is the connection type on the interface you are configuring to connect with your ISP.
Chapter 2 Initial Setup Wizard Figure 27 Internet Access: PPTP Encapsulation 2.1.5 Internet Access: L2TP 2.1.5.1 ISP Parameters • Authentication Type - Select an authentication protocol for outgoing connection requests. Options are: • Chap/PAP - Your Zyxel Device accepts either CHAP or PAP when requested by the remote node. • Chap - Your Zyxel Device accepts CHAP only. • PAP - Your Zyxel Device accepts PAP only. • MSCHAP - Your Zyxel Device accepts MSCHAP only.
Chapter 2 Initial Setup Wizard • IP Subnet Mask: Enter the subnet mask for this WAN connection's IP address. • Gateway IP Address: Enter the IP address of the router through which this WAN connection will send traffic (the default gateway). • Server IP: Type the IP address of the L2TP server. 2.1.5.3 WAN IP Address Assignments • WAN Interface: This is the name of the interface that will connect with your ISP. • Zone: This is the security zone to which this interface and Internet connection will belong.
Chapter 2 Initial Setup Wizard Figure 28 Internet Access: L2TP Encapsulation 2.1.6 Internet Access Setup - Second WAN Interface If you selected I have two ISPs, after you configure the First WAN Interface, you can configure the Second WAN Interface. The screens for configuring the second WAN interface are similar to the first (see Section 2.1.1 on page 48).
Chapter 2 Initial Setup Wizard Figure 29 Internet Access: Step 3: Second WAN Interface 2.1.7 Internet Access: Congratulations You have set up your Zyxel Device to access the Internet. A screen displays with your settings. Click Connection Test to check that you can access the Internet. If you cannot, click Back and confirm that you entered the settings correctly. If you have, check that you got the correct settings from your ISP or network administrator.
Chapter 2 Initial Setup Wizard 2.1.8 Date and Time Settings It’s important to have correct date and time values in the logs. The Zyxel Device can automatically update the time and date by detecting your time zone and whether Daylight Savings is in effect in that time zone. If your Zyxel Device cannot get the correct date and time, it may not able to connect to a time server. Check that the Zyxel Device has Internet access, then click Sync. Now. Figure 31 Date and Time Settings 2.1.
Chapter 2 Initial Setup Wizard Figure 32 Register Device You may need the Zyxel Device’s serial number and LAN MAC address to register it at myZyxel if you have not already done so. Refer to the label at the back of the Zyxel Device’s for details. Figure 33 myZyxel Login Click Refresh or use the Configuration > Licensing > Registration screen to update your Zyxel Device registration status.
Chapter 2 Initial Setup Wizard Figure 34 Registered Device 2.1.10 Activate Service After you register your Zyxel Device, you can register for the services supported by your model. See Subscription Services Available on page 186 for more information on the subscription services for the two types of security packs.
Chapter 2 Initial Setup Wizard Figure 35 Activate Service Figure 36 Activated Service 2.1.11 Service Settings You can enable or disable the following features in this screen. This screen varies depending on the security pack that you purchase. See Subscription Services Available on page 186 for more information on the subscription services for the two types of security packs. • Botnet Filter: Use this feature to detect and block connection attempts to or from the C&C server or known botnet IP addresses.
Chapter 2 Initial Setup Wizard • IDP: Use this feature to detect malicious or suspicious packets and respond instantaneously. • IP Reputation: Use this feature to recognize and filter packets coming from IPv4 address with bad reputation. • Sandboxing: Use this feature to provide a safe environment to separate running programs from your network and host devices. • Content Filter: Use this feature to control access to specific web sites or web content.
Chapter 2 Initial Setup Wizard • Create new organization: Type a name of up to 255 characters and description to create a new organization. • Partially Anonymous: Select this and personal data, such as user names, MAC addresses, email addresses, and host names, will be replaced with artificial identifiers in downloaded logs. • Fully Anonymous: Select this and personal data, such as user names, MAC addresses, email addresses, and host names, will be replaced with anonymized information in downloaded logs.
Chapter 2 Initial Setup Wizard 2.1.13 Wireless Settings: AP Controller The Zyxel Device can act as an AP Controller that can manage APs in the same network as the Zyxel Device. Select Yes if you want your Zyxel Device to manage APs in your network; otherwise select No. Figure 40 Wireless Settings: AP Controller 2.1.14 Wireless Settings: SSID & Security Configure SSID and wireless security in this screen. SSID Setting • SSID - Enter a descriptive name of up to 32 printable characters for the wireless LAN.
Chapter 2 Initial Setup Wizard Figure 41 Wireless Settings: SSID & Security 2.1.15 Remote Management Select this to allow access to the Zyxel Device using HTTP or HTTPS from the Internet. Figure 42 Remote Management HTTPS is added to the Default_Allow_WAN_to_ZyWALL rule in Object > Service > Service Group screen when you enable Remote Management.
Chapter 2 Initial Setup Wizard Figure 43 Object > Service > Service Group - HTTPS ZyWALL ATP Series User’s Guide 66
CHAPTER 3 Hardware, Interfaces and Zones 3.1 Hardware Overview This section describes the front and rear panels for each model. The following table summarizes the port features of the Zyxel Device by model. Table 9 ATP Series Comparison Table ATP MODELS ATP100/ATP100W ATP200 ATP500 ATP700/ATP800 USB 3.0 Ports 1 2 2 2 1 Gbps SFP interface 1 1 1 2 10/100/1000 Mbps Ethernet WAN Ports 1 2 - - 10/100/1000 Mbps Ethernet Ports 4 4 7 12 Console Port 1 1 1 1 3.1.
Chapter 3 Hardware, Interfaces and Zones Figure 47 ATP500 Front Panel Figure 48 ATP700 / ATP800 Front Panel The following table describes the front panel LEDs. Table 10 LED Descriptions LED COLOR PWR SYS 2.4G 5G STATUS DESCRIPTION Off The Zyxel Device is turned off. Green On The Zyxel Device is turned on. Red On There is a hardware component failure. Shut down the device, wait for a few minutes and then restart the device. If the LED turns red again, then please contact your vendor.
Chapter 3 Hardware, Interfaces and Zones The following table describes the ports on the front panel. Table 11 Front Panel Ports LABEL DESCRIPTION RESET Press the button in for about 5 seconds (or until the SYS LED starts to blink), then release it to return the Zyxel Device to the factory defaults (password is 1234, LAN IP address 192.168.1.1 etc.) CONSOLE You can use the console port to manage the Zyxel Device using CLI commands. You will be prompted to enter your user name and password.
Chapter 3 Hardware, Interfaces and Zones Figure 52 ATP500 Rear Panel Figure 53 ATP700 / ATP800 Rear Panel Note: Make sure you connect the Zyxel Device's power cord to a socket-outlet with an earthing connection or its equivalent. The following table describes the items on the rear panel. Table 12 Rear Panel Items LABEL DESCRIPTION Console You can use the console port to manage the Zyxel Device using CLI commands. You will be prompted to enter your user name and password.
Chapter 3 Hardware, Interfaces and Zones the rack unstable or top-heavy. Take all necessary precautions to anchor the rack securely before installing the unit. Note: Leave 10 cm of clearance at the sides and 20 cm in the rear. Use a #2 Phillips screwdriver to install the screws. Note: Failure to use the proper screws may damage the unit. 1 Align one bracket with the holes on one side of the Zyxel Device and secure it with the included bracket screws (smaller than the rack-mounting screws).
Chapter 3 Hardware, Interfaces and Zones 1 Drill into a wall two holes 3 mm ~ 4 mm (0.12" ~ 0.16") wide, 20 mm ~ 30 mm (0.79” ~ 1.18”) deep and a distance X (see the preceding table) apart. Place two screw anchors in the holes. Figure 54 Wall mounting screw specifications 2 Screw two screws with 6 mm ~ 8 mm (0.24" ~ 0.31") wide heads into the screw anchors. Do not screw the screws all the way in to the wall; leave a small gap between the head of the screw and the wall.
Chapter 3 Hardware, Interfaces and Zones 3.3 Default Zones, Interfaces, and Ports The default configurations for zones, interfaces, and ports are as follows. References to interfaces may be generic rather than the specific name used in your model. For example, this guide may use “the WAN interface” rather than “wan1” or “wan2”, “ge2” or” ge3”. An OPT (optional) Ethernet port can be configured as an additional WAN port, LAN, WLAN, or DMZ port.
Chapter 3 Hardware, Interfaces and Zones 3.4 Stopping the Zyxel Device Always use Maintenance > Shutdown > Shutdown or the shutdown command before you turn off the Zyxel Device or remove the power. Not doing so can cause the firmware to become corrupt.
CHAPTER 4 Quick Setup Wizards 4.1 Quick Setup Overview The Web Configurator's quick setup wizards help you configure Internet and VPN connection settings. This chapter provides information on configuring the quick setup screens in the Web Configurator. See the feature-specific chapters in this User’s Guide for background information. In the Web Configurator, click Quick Setup to open the first Quick Setup screen.
Chapter 4 Quick Setup Wizards • Wizard Help If the help does not automatically display when you run the wizard, click the arrow to display it. 4.2 WAN Interface Quick Setup Click WAN Interface in the main Quick Setup screen to open the WAN Interface Quick Setup Wizard Welcome screen. Use these screens to configure an interface to connect to the Internet. Click Next. Figure 57 WAN Interface Quick Setup Wizard 4.2.
Chapter 4 Quick Setup Wizards Figure 58 Choose an Ethernet Interface 4.2.2 Select WAN Type WAN Type Selection: Select the type of encapsulation this connection is to use. Choose Ethernet when the WAN port is used as a regular Ethernet. Otherwise, choose PPPoE, PPTP or L2TP for a dial-up connection according to the information from your ISP. Figure 59 WAN Interface Setup: Step 2 The screens vary depending on what encapsulation type you use.
Chapter 4 Quick Setup Wizards Figure 60 WAN Interface Setup: Step 2 Ethernet Dynamic IP Figure 61 WAN Interface Setup: Step 2 Ethernet Static IP • WAN Interface: This is the interface you are configuring for Internet access. • Zone: This is the security zone to which this interface and Internet connection belong. • IP Address Assignment: Select Auto If your ISP did not assign you a fixed IP address.
Chapter 4 Quick Setup Wizards Figure 62 WAN and ISP Connection Settings: (PPTP) Figure 63 WAN and ISP Connection Settings: (PPPoE) ZyWALL ATP Series User’s Guide 79
Chapter 4 Quick Setup Wizards Figure 64 WAN and ISP Connection Settings: (L2TP) • ISP Parameter: This section appears if the interface uses a PPPoE or PPTP Internet connection. • Encapsulation: This displays the type of Internet connection you are configuring. • Service Name: Type the PPPoE service name if you were given one by your ISP. • Authentication Type: Use the drop-down list box to select an authentication protocol for outgoing calls.
Chapter 4 Quick Setup Wizards • IP Subnet Mask: Type the subnet mask assigned to you by your ISP (if given). • Gateway IP Address: For PPTP or L2TP, type the gateway IP address if you were given one by your ISP. • Server IP: Type the IP address of the PPTP server. • Connection ID: Enter the connection ID or connection name in this field. It must follow the "c:id" and "n:name" format. For example, C:12 or N:My ISP. This field is optional and depends on the requirements of your DSL modem.
Chapter 4 Quick Setup Wizards • Service Name: This field only appears for a PPPoE interface. It displays the PPPoE service name specified in the ISP account. • Server IP: This field only appears for a PPTP interface. It displays the IP address of the PPTP server. • User Name: This is the user name given to you by your ISP. • Nailed-Up: If No displays the connection will not time out. Yes means the Zyxel Device uses the idle timeout.
Chapter 4 Quick Setup Wizards • VPN Settings for Configuration Provisioning sets up a VPN rule the Zyxel Device IPSec VPN Client can retrieve. Just enter a user name, password and the IP address of the Zyxel Device in the IPSec VPN Client to get the VPN settings automatically from the Zyxel Device. • VPN Settings for L2TP VPN Settings sets up a L2TP VPN rule that the Zyxel Device IPSec L2TP VPN client can retrieve. Figure 67 VPN Setup Wizard Welcome 4.3.
Chapter 4 Quick Setup Wizards 4.3.3 VPN Express Wizard - Scenario Click the Express radio button as shown in Figure 68 on page 83 to display the following screen. Figure 69 VPN Express Wizard: Scenario IKE (Internet Key Exchange) Version: IKEv1 and IKEv2 IKE (Internet Key Exchange) is a protocol used in security associations to send data securely.
Chapter 4 Quick Setup Wizards • Remote Access (Client Role) - Connect to an IPSec server. This Zyxel Device is the client (dial-in user) and can initiate the VPN tunnel. 4.3.4 VPN Express Wizard - Configuration Figure 70 VPN Express Wizard: Configuration • My Address (interface): Select an interface from the drop-down list box to use on your Zyxel Device. • Secure Gateway: Any displays in this field if it is not configurable for the chosen scenario.
Chapter 4 Quick Setup Wizards Figure 71 VPN Express Wizard: Summary • Rule Name: Identifies the VPN gateway policy. • Secure Gateway: IP address or domain name of the remote IPSec device. If this field displays Any, only the remote IPSec device can initiate the VPN connection. • Pre-Shared Key: VPN tunnel password. It identifies a communicating party during a phase 1 IKE negotiation.
Chapter 4 Quick Setup Wizards Figure 72 VPN Express Wizard: Finish Click Close to exit the wizard. 4.3.7 VPN Advanced Wizard - Scenario Click the Advanced radio button as shown in Figure 68 on page 83 to display the following screen.
Chapter 4 Quick Setup Wizards IKE (Internet Key Exchange) Version: IKEv1 and IKEv2 IKE (Internet Key Exchange) is a protocol used in security associations to send data securely. IKE uses certificates or pre-shared keys for authentication and a Diffie–Hellman key exchange to set up a shared session secret from which encryption keys are derived. IKEv2 supports Extended Authentication Protocol (EAP) authentication, and IKEv1 supports X-Auth.
Chapter 4 Quick Setup Wizards Figure 74 VPN Advanced Wizard: Phase 1 Settings • Secure Gateway: Any displays in this field if it is not configurable for the chosen scenario. Otherwise, enter the WAN IP address or domain name of the remote IPSec device (secure gateway) to identify the remote IPSec device by its IP address or a domain name. Use 0.0.0.0 if the remote IPSec device has a dynamic WAN IP address.
Chapter 4 Quick Setup Wizards Note: The remote IPSec device must also have NAT traversal enabled. See the help in the main IPSec VPN screens for more information. • Dead Peer Detection (DPD) has the Zyxel Device make sure the remote IPSec device is there before transmitting data through the IKE SA. If there has been no traffic for at least 15 seconds, the Zyxel Device sends a message to the remote IPSec device. If it responds, the Zyxel Device transmits the data.
Chapter 4 Quick Setup Wizards • Remote Policy (IP/Mask): Type the IP address of a computer behind the remote IPSec device. You can also specify a subnet. This must match the local IP address configured on the remote IPSec device. • Nailed-Up: This displays for the site-to-site and remote access client role scenarios. Select this to have the Zyxel Device automatically renegotiate the IPSec SA when the SA life time expires. 4.3.
Chapter 4 Quick Setup Wizards Phase 1 • Negotiation Mode: This displays Main or Aggressive: • Main encrypts the ZyWALL/USG’s and remote IPSec router’s identities but takes more time to establish the IKE SA • Aggressive is faster but does not encrypt the identities. The ZyWALL/USG and the remote IPSec router must use the same negotiation mode. Multiple SAs connecting through a secure gateway must have the same negotiation mode. • Encryption Algorithm: This displays the encryption method used.
Chapter 4 Quick Setup Wizards Copy and paste the Configuration for Remote Gateway commands into another ZLD-based Zyxel Device’s command line interface. Click Save to save the VPN rule. 4.3.11 VPN Advanced Wizard - Finish Now the rule is configured on the Zyxel Device. The Phase 1 rule settings appear in the VPN > IPSec VPN > VPN Gateway screen and the Phase 2 rule settings appear in the VPN > IPSec VPN > VPN Connection screen. Figure 77 VPN Wizard: Finish Click Close to exit the wizard.
Chapter 4 Quick Setup Wizards 4.4 VPN Settings for Configuration Provisioning Wizard: Wizard Type Use VPN Settings for Configuration Provisioning to set up a VPN rule that can be retrieved with the Zyxel Device IPSec VPN Client. VPN rules for the Zyxel Device IPSec VPN Client have certain restrictions.
Chapter 4 Quick Setup Wizards Figure 79 VPN for Configuration Provisioning Express Wizard: Settings Scenario • IKE (Internet Key Exchange) is a protocol used in security associations to send data securely. IKE uses certificates or pre-shared keys for authentication and a Diffie–Hellman key exchange to set up a shared session secret from which encryption keys are derived. • IKEv2 supports Extended Authentication Protocol (EAP) authentication, and IKEv1 supports X-Auth.
Chapter 4 Quick Setup Wizards Figure 80 VPN for Configuration Provisioning Express Wizard: Configuration • My Address (interface): Select an interface from the drop-down list box to use on your Zyxel Device. • Secure Gateway: Any displays in this field because it is not configurable in this wizard. It allows incoming connections from the Zyxel Device IPSec VPN Client. • Pre-Shared Key: Type the password. Both ends of the VPN tunnel must use the same password.
Chapter 4 Quick Setup Wizards Figure 81 VPN for Configuration Provisioning Express Wizard: Summary • Rule Name: Identifies the VPN gateway policy. • Secure Gateway: Any displays in this field because it is not configurable in this wizard. It allows incoming connections from the Zyxel Device IPSec VPN Client. • Pre-Shared Key: VPN tunnel password. It identifies a communicating party during a phase 1 IKE negotiation.
Chapter 4 Quick Setup Wizards Figure 82 VPN for Configuration Provisioning Express Wizard: Finish Click Close to exit the wizard. 4.4.5 VPN Settings for Configuration Provisioning Advanced Wizard Scenario Click the Advanced radio button as shown in the screen shown in Figure 78 on page 94 to display the following screen.
Chapter 4 Quick Setup Wizards Figure 83 VPN for Configuration Provisioning Advanced Wizard: Scenario Settings • IKE (Internet Key Exchange) is a protocol used in security associations to send data securely. IKE uses certificates or pre-shared keys for authentication and a Diffie–Hellman key exchange to set up a shared session secret from which encryption keys are derived. • IKEv2 supports Extended Authentication Protocol (EAP) authentication, and IKEv1 supports X-Auth.
Chapter 4 Quick Setup Wizards Figure 84 VPN for Configuration Provisioning Advanced Wizard: Phase 1 Settings • Secure Gateway: Any displays in this field because it is not configurable in this wizard. It allows incoming connections from the Zyxel Device IPSec VPN Client. • My Address (interface): Select an interface from the drop-down list box to use on your Zyxel Device.
Chapter 4 Quick Setup Wizards 4.4.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 2 Phase 2 in an IKE uses the SA that was established in phase 1 to negotiate SAs for IPSec. Figure 85 VPN for Configuration Provisioning Advanced Wizard: Phase 2 Settings • Active Protocol: ESP is compatible with NAT. AH is not available in this wizard. • Encapsulation: Tunnel is compatible with NAT, Transport is not. • Encryption Algorithm: 3DES and AES use encryption.
Chapter 4 Quick Setup Wizards Figure 86 VPN for Configuration Provisioning Advanced Wizard: Summary Summary • Rule Name: Identifies the VPN connection (and the VPN gateway). • Secure Gateway: Any displays in this field because it is not configurable in this wizard. It allows incoming connections from the Zyxel Device IPSec VPN Client. • Pre-Shared Key: VPN tunnel password. • Local Policy: IP address and subnet mask of the computers on the network behind your Zyxel Device that can use the tunnel.
Chapter 4 Quick Setup Wizards • Aggressive is faster but does not encrypt the identities. The ZyWALL/USG and the remote IPSec router must use the same negotiation mode. Multiple SAs connecting through a secure gateway must have the same negotiation mode. • Encryption Algorithm: This displays the encryption method used. The longer the key, the higher the security, the lower the throughput (possibly). • DES uses a 56-bit key. • 3DES uses a 168-bit key.
Chapter 4 Quick Setup Wizards 4.4.9 VPN Settings for Configuration Provisioning Advanced Wizard- Finish Now the rule is configured on the Zyxel Device. The Phase 1 rule settings appear in the VPN > IPSec VPN > VPN Gateway screen and the Phase 2 rule settings appear in the VPN > IPSec VPN > VPN Connection screen. Enter the IP address of the Zyxel Device in the Zyxel Device IPSec VPN Client to get all these VPN settings automatically from the Zyxel Device.
Chapter 4 Quick Setup Wizards Figure 88 VPN Settings for L2TP VPN Settings Wizard: L2TP VPN Settings Click Next to continue the wizard. 4.5.1 L2TP VPN Settings Figure 89 VPN Settings for L2TP VPN Settings Wizard: L2TP VPN Settings • Rule Name: Type the name used to identify this L2TP VPN connection (and L2TP VPN gateway). You may use 1-31 alphanumeric characters, underscores (_), or dashes (-), but the first character cannot be a number. This value is case-sensitive.
Chapter 4 Quick Setup Wizards • Pre-Shared Key: Type the password. Both ends of the VPN tunnel must use the same password. Use 8 to 31 case-sensitive ASCII characters or 8 to 31 pairs of hexadecimal (“0-9”, “A-F”) characters. Proceed a hexadecimal key with “0x”. You will receive a PYLD_MALFORMED (payload malformed) packet if the same pre-shared key is not used on both ends. • Click Next to continue the wizard. 4.5.
Chapter 4 Quick Setup Wizards Figure 91 VPN Settings for L2TP VPN Settings Advanced Settings Wizard: Summary • Rule Name: Identifies the L2TP VPN connection (and the L2TP VPN gateway). • Secure Gateway “Any” displays in this field because it is not configurable in this wizard. It allows incoming connections from the L2TP VPN Client. • Pre-Shared Key: L2TP VPN tunnel password. • My Address (Interface): This displays the interface to use on your Zyxel Device for the L2TP tunnel.
Chapter 4 Quick Setup Wizards 4.5.4 VPN Settings for L2TP VPN Setting Wizard Completed Figure 92 VPN Settings for L2TP VPN Settings Wizard: Finish Now the rule is configured on the Zyxel Device. The L2TP VPN rule settings appear in the Configuration > VPN > L2TP VPN screen and also in the Configuration > VPN > IPSec VPN > VPN Connection and VPN Gateway screen.
CHAPTER 5 Dashboard 5.1 Overview Use the Dashboard screens to check status information about the Zyxel Device. 5.1.1 What You Can Do in this Chapter Use the main Dashboard screen to see the Zyxel Device’s general device information, system status, and system resource usage. You can also display other status screens for more information. Use the Dashboard screens to view the following.
Chapter 5 Dashboard Figure 93 Dashboard The following table describes the labels in this screen. Table 19 Dashboard LABEL DESCRIPTION Refresh Now Click this to update the widget’s information immediately. Virtual Device Rear Panel Click this to view details about the Zyxel Device’s rear panel. Hover your cursor over a connected interface or slot to display status details. Front Panel Click this to view details about the status of the Zyxel Device’s front panel LEDs and connections. See Section 3.1.
Chapter 5 Dashboard Table 19 Dashboard (continued) LABEL DESCRIPTION Zone This field displays the zone to which the interface is currently assigned. IP Address/ Mask This field displays the current IP address and subnet mask assigned to the interface. If the interface is a member of an active virtual router, this field displays the IP address it is currently using. This is either the static IP address of the interface (if it is the master) or the management IP address (if it is a backup). 5.2.
Chapter 5 Dashboard 5.2.2 System Status Screen Figure 95 Dashboard > System Status (Example) This table describes the fields in the above screen. Table 21 Dashboard > System Status LABEL Boot Status DESCRIPTION This field displays details about the Zyxel Device’s startup state. OK - The Zyxel Device started up successfully. Firmware update OK - A firmware update was successful. Problematic configuration after firmware update - The application of the configuration failed after a firmware upgrade.
Chapter 5 Dashboard This table describes the fields in the above screen. Table 22 Dashboard > The Lastest Logs LABEL DESCRIPTION Mbps The y-axis represents the speed of transmission or reception. Time The x-axis shows the time period over which the transmission or reception occurred. 5.2.4 The Latest Logs Screen Figure 97 Dashboard > The Lastest Logs This table describes the fields in the above screen.
Chapter 5 Dashboard This table describes the fields in the above screen. Table 24 Dashboard > System Resources LABEL DESCRIPTION CPU Usage This field displays what percentage of the Zyxel Device’s processing capability is currently being used. Hover your cursor over this field to display the Show CPU Usage icon that takes you to a chart of the Zyxel Device’s recent CPU usage. Memory Usage This field displays what percentage of the Zyxel Device’s RAM is currently being used.
Chapter 5 Dashboard Table 25 Dashboard > DHCP Table (continued) LABEL DESCRIPTION IP Address This field displays the IP address currently assigned to a DHCP client or reserved for a specific MAC address. Click the column’s heading cell to sort the table entries by IP address. Click the heading cell again to reverse the sort order. Host Name This field displays the name used to identify this device on the network (the computer name). The Zyxel Device learns these from the DHCP client requests.
Chapter 5 Dashboard Table 26 Dashboard > Number of Login Users LABEL DESCRIPTION User Info This field displays the types of user accounts the Zyxel Device uses. If the user type is ext-user (external user), this field will show its external-group information when you move your mouse over it. If the external user matches two external-group objects, both external-group object names will be shown. Force Logout Click this icon to end a user’s session. 5.2.
Chapter 5 Dashboard 5.3 The Advanced Threat Protection Screen Use the Advanced Threat Protection screen to check security status information about the Zyxel Device.
P ART II Technical Reference 118
CHAPTER 6 Monitor 6.1 Overview Use the Monitor screens to check status and statistics information. 6.1.1 What You Can Do in this Chapter Use the Monitor screens for the following. • Use the System Status > Port Statistics screen (see Section 6.2 on page 121) to look at packet statistics for each physical port. • Use the System Status > Port Statistics > Graph View screen (see Section 6.2 on page 121) to look at a line graph of packet statistics for each physical port.
Chapter 6 Monitor • Use the Wireless > AP Information > Top N APs screen (Section 6.17 on page 154) to view managed APs with the most wireless traffic usage and most associated wireless stations. • Use the Wireless > AP Information > Single AP screen (Section 6.18 on page 156) to view APs wireless traffic usage and associated wireless stations for a managed AP. • Use the Wireless > ZyMesh screen (Section 6.19 on page 157) to display statistics about the ZyMesh wireless connections between the managed APs.
Chapter 6 Monitor 6.2 The Port Statistics Screen Use this screen to look at packet statistics for each Gigabit Ethernet port. To access this screen, click Monitor > System Status > Port Statistics. Figure 105 Monitor > System Status > Port Statistics The following table describes the labels in this screen. Table 28 Monitor > System Status > Port Statistics LABEL DESCRIPTION Poll Interval Enter how often you want this window to be updated automatically, and click Set Interval.
Chapter 6 Monitor 6.2.1 The Port Statistics Graph Screen Use this screen to look at a line graph of packet statistics for each physical port. To access this screen, click Port Statistics in the Status screen and then the Switch to Graphic View Button. Figure 106 Monitor > System Status > Port Statistics > Switch to Graphic View The following table describes the labels in this screen.
Chapter 6 Monitor 6.3 Interface Status Screen This screen lists all of the Zyxel Device’s interfaces and gives packet statistics for them. Click Monitor > System Status > Interface Summary to access this screen.
Chapter 6 Monitor Each field is described in the following table. Table 30 Monitor > System Status > Interface Summary LABEL DESCRIPTION Interface Status If an Ethernet interface does not have any physical ports associated with it, its entry is displayed in light gray text. Name This field displays the name of each interface. If there is an Expand icon (plus-sign) next to the name, click this to look at the status of virtual interfaces on top of this interface.
Chapter 6 Monitor Table 30 Monitor > System Status > Interface Summary LABEL DESCRIPTION Action Use this field to get or to update the IP address for the interface. Click Renew to send a new DHCP request to a DHCP server. Click Connect to try to connect a PPPoE/PPTP interface. If the interface cannot use one of these ways to get or to update its IP address, this field displays n/a. Tunnel Interface Status This displays the details of the Zyxel Device’s configured tunnel interfaces.
Chapter 6 Monitor Table 30 Monitor > System Status > Interface Summary LABEL DESCRIPTION Status This field displays the current status of each interface. The possible values depend on what type of interface it is. For Ethernet interfaces: • • • Inactive - The Ethernet interface is disabled. Down - The Ethernet interface does not have any physical ports associated with it or the Ethernet interface is enabled but not connected. Speed / Duplex - The Ethernet interface is enabled and connected.
Chapter 6 Monitor Table 30 Monitor > System Status > Interface Summary LABEL DESCRIPTION Status This field displays the current status of the interface. • • Down - The interface is not connected. Speed / Duplex - The interface is connected. This field displays the port speed and duplex setting (Full or Half). This field displays Connected and the accumulated connection time (hh:mm:ss) when the PPP interface is connected.
Chapter 6 Monitor There is a limit on the number of records shown in the report. Please see Table 32 on page 129 for more information. The following table describes the labels in this screen. Table 31 Monitor > System Status > Traffic Statistics LABEL DESCRIPTION Data Collection Collect Statistics Select this to have the Zyxel Device collect data for the report. If the Zyxel Device has already been collecting data, the collection period displays to the right.
Chapter 6 Monitor Table 31 Monitor > System Status > Traffic Statistics (continued) LABEL Amount DESCRIPTION This field displays how much traffic was sent or received from the indicated service / port. If the Direction is Ingress, a red bar is displayed; if the Direction is Egress, a blue bar is displayed. The unit of measure is bytes, Kbytes, Mbytes, Gbytes, or Tbytes, depending on the amount of traffic for the particular protocol or service port.
Chapter 6 Monitor • Source address • Destination address • Number of bytes received (so far) • Number of bytes transmitted (so far) • Duration (so far) You can look at all established sessions that passed through the Zyxel Device by user, service, source IP address, or destination IP address. You can also filter the information by user, protocol / service or service group, source address, and/or destination address and view it by user.
Chapter 6 Monitor Table 33 Monitor > System Status > Session Monitor (continued) LABEL DESCRIPTION Source Address This field displays when View is set to all sessions. Type the source IP address whose sessions you want to view. You cannot include the source port. Source Country This field displays when View is set to all sessions. Select the country where the traffic is coming from. Destination Address This field displays when View is set to all sessions.
Chapter 6 Monitor Figure 110 Monitor > System Status > Login Users The following table describes the labels in this screen. Table 34 Monitor > System Status > Login Users LABEL DESCRIPTION Force Logout Select a user ID and click this icon to end a user’s session. # This field is a sequential value and is not associated with any entry. User ID This field displays the user name of each user who is currently logged in to the Zyxel Device.
Chapter 6 Monitor Table 34 Monitor > System Status > Login Users (continued) LABEL DESCRIPTION RADIUS Profile Name This field displays the name of the RADIUS profile used to authenticate the login through the captive portal. N/A displays for logins that do not use the captive portal and RADIUS server authentication. Refresh Click this button to update the information in the screen. 6.
Chapter 6 Monitor 6.8 The DDNS Status Screen The DDNS Status screen shows the status of the Zyxel Device’s DDNS domain names. Click Monitor > System Status > DDNS Status to open the following screen. Figure 112 Monitor > System Status > DDNS Status The following table describes the labels in this screen. Table 36 Monitor > System Status > DDNS Status LABEL DESCRIPTION Update Click this to have the Zyxel Device update the profile to the DDNS server.
Chapter 6 Monitor Figure 113 Monitor > System Status > IP/MAC Binding The following table describes the labels in this screen. Table 37 Monitor > System Status > IP/MAC Binding LABEL DESCRIPTION Interface Select a Zyxel Device interface that has IP/MAC binding enabled to show to which devices it has assigned an IP address. # This field is a sequential value, and it is not associated with a specific IP/MAC binding entry. IP Address This is the IP address that the Zyxel Device assigned to a device.
Chapter 6 Monitor The following table describes the labels in this screen. Table 38 Monitor > System Status > Cellular Status LABEL DESCRIPTION Refresh Click this button to update the information in the screen. More Information Click this to display more information on your mobile broadband, such as the signal strength, IMEA/ESN and IMSI. This is only available when the mobile broadband device attached and activated on your Zyxel Device. Refer to Section 6.10.1 on page 138.
Chapter 6 Monitor Table 38 Monitor > System Status > Cellular Status (continued) LABEL DESCRIPTION Status • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Service Provider No device - no mobile broadband device is connected to the Zyxel Device. No Service - no mobile broadband network is available in the area; you cannot connect to the Internet.
Chapter 6 Monitor Table 38 Monitor > System Status > Cellular Status (continued) LABEL DESCRIPTION Cellular System This field displays what type of cellular network the mobile broadband connection is using. The network type varies depending on the mobile broadband card you inserted and could be UMTS, UMTS/HSDPA, GPRS or EDGE when you insert a GSM mobile broadband card, or 1xRTT, EVDO Rev.0 or EVDO Rev.A when you insert a CDMA mobile broadband card.
Chapter 6 Monitor Table 39 Monitor > System Status > Cellular Status > More Information (continued) LABEL DESCRIPTION Cellular System This field displays what type of cellular network the mobile broadband connection is using. The network type varies depending on the mobile broadband card you inserted and could be UMTS, UMTS/HSDPA, GPRS or EDGE when you insert a GSM mobile broadband card, or 1xRTT, EVDO Rev.0 or EVDO Rev.A when you insert a CDMA mobile broadband card.
Chapter 6 Monitor Table 40 Monitor > System Status > UPnP Port Status (continued) LABEL DESCRIPTION Remote Host This field displays the source IP address (on the WAN) of inbound IP packets. Since this is often a wild-card, the field may be blank. When the field is blank, the Zyxel Device forwards all traffic sent to the External Port on the WAN interface to the Internal Client on the Internal Port.
Chapter 6 Monitor Table 41 Monitor > System Status > USB Storage (continued) LABEL DESCRIPTION Filesystem This field displays what file system the USB storage device is formatted with. This field displays Unknown if the file system of the USB storage device is not supported by the Zyxel Device, such as NTFS. Speed This field displays the connection speed the USB storage device supports. Status Ready - you can have the Zyxel Device use the USB storage device.
Chapter 6 Monitor Figure 118 Monitor > System Status > Ethernet Neighbor The following table describes the fields in the previous screen. Table 42 Monitor > System Status > Ethernet Neighbor LABEL DESCRIPTION Local Port (Description) This field displays the port of the Zyxel Device, on which the neighboring device is discovered.
Chapter 6 Monitor FQDN can be used in Security Policy, Policy Route, BWM and Web Authentication profiles as source and destination criteria. FQDN with a wildcard (for example, *.zyxel.com) can be used in these profiles as destination criteria only. Suppose you want to block certain users from going to a website with a dynamically updated IP address using DDNS. Create an FQDN object for the website in Object > Address, and then create a Security Policy in Security Policy > Policy Control > Add.
Chapter 6 Monitor Table 43 Monitor > System Status > FQDN Object LABEL DESCRIPTION FQDN Object Select an object from the drop-down list box to display related IPv6 FQDN object caches used in DNS queries. # This is the index number of the IPv6 FQDN entry. Name This field displays the name of the selected IPv6 FQDN object used in DNS queries. FQDN This field displays a host’s fully qualified domain name. IP Address This field displays the mapping of the FQDN to an IPv6 address.
Chapter 6 Monitor Table 44 Monitor > Wireless > AP Information > AP List (continued) LABEL DESCRIPTION Log Select an AP and click this button to go to the Monitor > Log > View AP Log screen to view the selected AP’s current log messages. Suppression On Click this button to turn suppression on. Suppression Off Click this button to turn suppression off. # This field is a sequential value, and it is not associated with a specific AP.
Chapter 6 Monitor Table 44 Monitor > Wireless > AP Information > AP List (continued) LABEL DESCRIPTION LED Status This field displays the AP LED status. N/A displays if the AP does not support LED suppression mode and/or have a locator LED to show the actual location of the AP. A gray LED icon signifies that the AP LED suppression mode is enabled. All the LEDs of the AP will turn off after the AP is ready.
Chapter 6 Monitor information, port status and station statistics for the connected AP. To access this screen, select an entry and click the More Information button in the AP List screen. Figure 121 Monitor > Wireless > AP Information > AP List > More Information The following table describes the labels in this screen.
Chapter 6 Monitor Table 46 Monitor > Wireless > AP Information > AP List > More Information (continued) LABEL Status DESCRIPTION This field displays the current status of each physical port on the AP. Down - The port is not connected. Speed / Duplex - The port is connected. This field displays the port speed and duplex setting (Full or Half). PVID This shows the port’s PVID.
Chapter 6 Monitor 6.15.2 AP List: Config AP Select an AP and click the Config AP button in the Monitor > Wireless > AP Information > AP List table to display this screen.
Chapter 6 Monitor Each field is described in the following table. Table 47 Monitor > Wireless > AP Information > AP List > Config AP LABEL DESCRIPTION Create new Object Use this menu to create a new Radio Profile object to associate with this AP. MAC This displays the MAC address of the selected AP. Model This field displays the AP’s hardware model information. It displays N/A (not applicable) only when the AP disconnects from the Zyxel Device and the information is unavailable as a result.
Chapter 6 Monitor 6.16 AP Information: Radio List Click Monitor > Wireless > AP Information > Radio List to display the Radio List screen. Figure 123 Monitor > Wireless > AP Information > Radio List The following table describes the labels in this screen. Table 48 Monitor > Wireless > AP Information > Radio List LABEL DESCRIPTION More Information Click this icon to see the traffic statistics, station count, SSID, Security Mode and VLAN ID information on the AP.
Chapter 6 Monitor Table 48 Monitor > Wireless > AP Information > Radio List LABEL DESCRIPTION AP / ZyMesh Profile This indicates the AP radio and ZyMesh profile names to which the radio belongs. Antenna This indicates the antenna orientation for the radio (Wall or Ceiling). This shows N/A if the AP does not allow you to adjust coverage depending on the orientation of the antenna for each radio using the web configurator or a physical switch.
Chapter 6 Monitor 6.16.1 Radio List: More Information This screen allows you to view detailed information about a selected radio’s SSID(s), wireless traffic and wireless clients for the preceding 24 hours. To access this window, select an entry and click the More Information button in the Radio List screen.
Chapter 6 Monitor The following table describes the labels in this screen. Table 49 Monitor > Wireless > AP Information > Radio List > More Information LABEL DESCRIPTION MBSSID Detail This list shows information about the SSID(s) that is associated with the radio over the preceding 24 hours. # This is the items sequential number in the list. It has no bearing on the actual data in this list. SSID Name This displays an SSID associated with this radio. There can be up to eight maximum.
Chapter 6 Monitor Figure 125 Monitor > Wireless > AP Information > Top N APs The following table describes the labels in this screen. Table 50 Monitor > Wireless > AP Information > Top N APs LABEL DESCRIPTION View Select this to view the top five or top ten wireless traffic usage and associated wireless stations for the preceding 24 hours. Usage by If you view the data usage by Usage, select the frequency band and the measure unit in GB or MB to display the graph.
Chapter 6 Monitor 6.18 AP Information: Single AP Use this screen to view wireless traffic usage and wireless stations for a managed AP. Click Monitor > Wireless > AP Information > Single AP to display the Single AP screen. Figure 126 Monitor > Wireless > AP Information > Single AP The following table describes the labels in this screen.
Chapter 6 Monitor 6.19 ZyMesh Use this screen to view the ZyMesh traffic statistics between the managed APs. Click Monitor > Wireless > ZyMesh to display this screen. Figure 127 Monitor > Wireless > ZyMesh The following table describes the labels in this screen. Table 52 Monitor > Wireless > ZyMesh LABEL DESCRIPTION # This field displays the index number of the managed AP (in repeater mode) in this list. Description This field displays the descriptive name of the managed AP (in repeater mode).
Chapter 6 Monitor 6.20 SSID Info Use this screen to view the number of wireless clients currently connected to an SSID and the security type used by the SSID. Click Monitor > Wireless > SSID Info to display this screen. Figure 128 Monitor > Wireless > SSID Info The following table describes the labels in this screen. Table 53 Monitor > Wireless > SSID Info LABEL DESCRIPTION # This is the SSID’s index number in this list.
Chapter 6 Monitor Figure 129 Monitor > Wireless > Station Info > Station List The following table describes the labels in this screen. Table 54 Monitor > Wireless > Station Info > Station List LABEL DESCRIPTION # This field is a sequential value, and it is not associated with a specific station. MAC Address This field displays the MAC address of the station. Associated AP This field displays the APs that are associated with the station.
Chapter 6 Monitor Figure 130 Monitor > Wireless > Station Info > Top N Stations The following table describes the labels in this screen. Table 55 Monitor > Wireless > Station Info > Top N Stations LABEL DESCRIPTION View Select this to view the top five or top ten traffic statistics of the wireless stations. Usage by Select the measure unit in GB or MB to display the graph. Traffic Usage This graph displays the overall traffic information about the stations for the preceding 24 hours.
Chapter 6 Monitor Figure 131 Monitor > Wireless > Station Info > Single Station The following table describes the labels in this screen. Table 56 Monitor > Wireless > Station Info > Single Station LABEL DESCRIPTION Station Selection Select this to view the traffic statistics of the wireless station. Usage by Select the measure unit in GB or MB to display the graph. Traffic Usage This graph displays the overall traffic information about the station over the preceding 24 hours.
Chapter 6 Monitor The following table describes the labels in this screen. Table 57 Monitor > Wireless > Detected Device LABEL DESCRIPTION Mark as Rogue AP Click this button to mark the selected AP as a rogue AP. A rogue AP can be contained in the Configuration > Wireless > MON Mode screen. Mark as Friendly AP Click this button to mark the selected AP as a friendly AP. For more on managing friendly APs, see the Configuration > Wireless > MON Mode screen.
Chapter 6 Monitor Each field is described in the following table. Table 58 Monitor > VPN Monitor > IPSec LABEL DESCRIPTION Name Type the name of a IPSec SA here and click Search to find it (if it is associated). You can use a keyword or regular expression. Use up to 30 alphanumeric and _+.()!$*^:?|{}[]<>/ characters. See Section on page 163 for more details. Policy Type the IP address(es) or names of the local and remote policies for an IPSec SA and click Search to find it.
Chapter 6 Monitor 6.26 The SSL Screen The Zyxel Device keeps track of the users who are currently logged into the VPN SSL client. Click Monitor > VPN Monitor > SSL to display the user list. Use this screen to do the following: • View a list of active SSL VPN connections. • Log out individual users and delete related session information. Once a user logs out, the corresponding entry is removed from the screen. Figure 134 Monitor > VPN Monitor > SSL The following table describes the labels in this screen.
Chapter 6 Monitor Figure 135 Monitor > VPN Monitor > L2TP over IPSec The following table describes the fields in this screen. Table 60 Monitor > VPN Monitor > L2TP over IPSec LABEL DESCRIPTION Disconnect Select a connection and click this button to disconnect it. Refresh Click Refresh to update this screen. # This field is a sequential value, and it is not associated with a specific L2TP VPN session. User Name This field displays the remote user’s user name.
Chapter 6 Monitor Figure 136 Monitor > Security Statistics > Content Filter The following table describes the labels in this screen. Table 61 Monitor > Security Statistics > Content Filter LABEL DESCRIPTION General Settings Collect Statistics Select this check box to have the Zyxel Device collect content filtering statistics. The collection starting time displays after you click Apply. All of the statistics in this screen are for the time period starting at the time displayed here.
Chapter 6 Monitor Table 61 Monitor > Security Statistics > Content Filter (continued) LABEL DESCRIPTION Web Pages Warned by Category Service This is the number of web pages that matched an external database content filtering category selected in the Zyxel Device and for which the Zyxel Device displayed a warning before allowing users access.
Chapter 6 Monitor Table 62 Monitor > Security Statistics > App Patrol > Summary LABEL DESCRIPTION Refresh Click this button to update the report display. Flush Data Click this button to discard all of the screen’s statistics and update the report display. App Patrol Statistics # This field is a sequential value, and it is not associated with a specific App Patrol session. Application This is the protocol.
Chapter 6 Monitor The following table describes the labels in this screen. Table 63 Monitor > Security Statistics > Anti-Malware > Summary: Virus Name LABEL DESCRIPTION Collect Statistics Select this check box to have the Zyxel Device collect anti-malware statistics. The collection starting time displays after you click Apply. All of the statistics in this screen are for the time period starting at the time displayed here. The format is year, month, day and hour, minute, second.
Chapter 6 Monitor Figure 139 Monitor > Security Statistics > Anti-Malware > Summary: Source IP The statistics display as follows when you display the top entries by source IPv6. Figure 140 Monitor > Security Statistics > Anti-Malware: Source IPv6 The statistics display as follows when you display the top entries by destination IP. Figure 141 Monitor > Security Statistics > Anti-Malware > Summary: Destination IP The statistics display as follows when you display the top entries by destination IPv6.
Chapter 6 Monitor Figure 143 Monitor > Security Statistics > Reputation Filter > Summary The following table describes the labels in this screen. Table 64 Monitor > Security Statistics > Reputation Filter > Summary LABEL DESCRIPTION Collect Statistics Select this check box to have the Zyxel Device collect anti-malware statistics. The collection starting time displays after you click Apply. All of the statistics in this screen are for the time period starting at the time displayed here.
Chapter 6 Monitor Table 64 Monitor > Security Statistics > Reputation Filter > Summary (continued) LABEL DESCRIPTION Infected/Victim Host This field displays the MAC address of the infected host. Threat Category This field displays the category of the entry. Threat Level This field displays the threat level of the entry. URL Detected Add to white list Select an entry and click this to add it to the botnet filtering white list.
Chapter 6 Monitor The following table describes the labels in this screen. Table 65 Monitor > Security Statistics > IDP > Summary LABEL DESCRIPTION Collect Statistics Select this check box to have the Zyxel Device collect IDP statistics. The collection starting time displays after you click Apply. All of the statistics in this screen are for the time period starting at the time displayed here. The format is year, month, day and hour, minute, second.
Chapter 6 Monitor The statistics display as follows when you display the top entries by source. Figure 145 Monitor > Security Statistics > IDP > Summary: Source IP The statistics display as follows when you display the top entries by destination. Figure 146 Monitor > Security Statistics > IDP > Summary: Destination IP 6.33 The Email Security Screens The Email Security menu contains the Summary and Status screens. 6.33.
Chapter 6 Monitor Figure 147 Monitor > Security Statistics > Email Security > Summary The following table describes the labels in this screen. Table 66 Monitor > Security Statistics > Email Security > Summary LABEL DESCRIPTION Collect Statistics Select this check box to have the Zyxel Device collect email security statistics. The collection starting time displays after you click Apply. All of the statistics in this screen are for the time period starting at the time displayed here.
Chapter 6 Monitor Table 66 Monitor > Security Statistics > Email Security > Summary (continued) LABEL DESCRIPTION Spam Mails Detected by IP Reputation This is the number of emails that the Zyxel Device has determined to be spam by IP Reputation. Spam or Unwanted Bulk Email is determined by the sender’s IP address. Spam Mails Detected by Mail Content This is the number of emails that the Zyxel Device has determined to have malicious contents.
Chapter 6 Monitor Use the Email Security Status screen to see how many email sessions the email security feature is scanning and statistics for the DNSBLs. Figure 148 Monitor > Security Statistics > Email Security > Status The following table describes the labels in this screen.
Chapter 6 Monitor 6.34 The Sandboxing Screen Click Monitor > Security Statistics > Sandboxing to display the following screen. This screen displays sandboxing statistics. Figure 149 Monitor > Security Statistics > Sandboxing The following table describes the labels in this screen. Table 68 Monitor > Security Statistics > Sandboxing LABEL DESCRIPTION Collect Statistics Select this check box to have the Zyxel Device collect sandboxing statistics.
Chapter 6 Monitor 6.35 The SSL Inspection Screens The Zyxel Device uses SSL Inspection to decrypt SSL traffic, sends it to the Security Service engines for inspection, then encrypts traffic that passes inspection and forwards it. You must enable SSL Inspection if you want to use Content Filtering 2.0 Safe Search. Click Monitor > Security Statistics > SSL Inspection > Summary to display the following screen.
Chapter 6 Monitor Table 69 Monitor > Security Statistics > SSL Inspection > Summary (continued) LABEL DESCRIPTION Decrypted (Kbytes) This shows the number of kilobytes (KB) of data that was decrypted for Security Service inspection. Encrypted (Kbytes) This shows the number of kilobytes (KB) of data that was re-encrypted after Security Service inspection and then forwarded. Sessions Blocked This shows the number of SSL sessions blocked. Sessions Passed This shows the number of SSL sessions passed.
Chapter 6 Monitor Table 70 Monitor > Security Statistics > SSL Inspection > Certificate Cache List (continued) LABEL DESCRIPTION Server Name Indication Server Name Indication (SNI) is the domain name entered in the browser, FTP client, etc. to begin the SSL session with the server. It allows multiple SSL sessions to the same IP address and port number with different certificates from different SNI. This field displays the SNI for this SSL session. SSL Version This field shows the SSL version.
Chapter 6 Monitor Figure 152 Monitor > Log > View Log The following table describes the labels in this screen. Table 71 Monitor > Log > View Log LABEL DESCRIPTION Show (Hide) Filter Click this button to show or hide criteria that allow you to filter logs that will be displayed. If the filter settings are hidden, the Category, Email Log Now, Refresh, and Clear fields are available.
Chapter 6 Monitor Table 71 Monitor > Log > View Log (continued) LABEL DESCRIPTION Keyword This displays when you show the filter. Type a keyword to look for in the Message, Source, Destination and Note fields. If a match is found in any field, the log message is displayed. You can use up to 63 alphanumeric characters and the underscore, as well as punctuation marks ()’ ,:;?! +-*/= #$% @ ; the period, double quotes, and brackets are not allowed. Protocol This displays when you show the filter.
Chapter 6 Monitor Figure 153 Monitor > Log > View AP Log The following table describes the labels in this screen. Table 72 Monitor > Log > View AP Log LABEL DESCRIPTION Show Filter Click this button to show or hide the filter settings. If the filter settings are hidden, the Display, Email Log Now, Refresh, and Clear fields are available.
Chapter 6 Monitor Table 72 Monitor > Log > View AP Log (continued) LABEL DESCRIPTION Search Click this to start the search. Email Log Now Click this button to send log message(s) to the Active email address(es) specified in the Send Log To field on the Log Settings page. Refresh Click this button to update the information in the screen. Clear Click this button to clear the whole log, regardless of what is currently displayed on the screen.
CHAPTER 7 Licensing 7.1 Registration Overview Use the Configuration > Licensing > Registration screens to register your Zyxel Device and manage its service subscriptions. • Use the Registration screen (see Section 7.1.2 on page 187) to refresh Zyxel Device registration, go to portal.myZyxel.com to register your Zyxel Device and activate a service, such as content filtering. • Use the Service screen (see Section 7.1.3 on page 187) to display the status of your service registrations and upgrade licenses. 7.
Chapter 7 Licensing You can purchase an iCard and enter its license key at myZyxel to extend a service. Note: The trial gold security pack license is not transferable. 7.1.2 Registration Screen Click the link in this screen to register your Zyxel Device at myZyxel. Then click Refresh in this screen and wait a few moments for the registration information to update. If the page does not refresh, make sure the Internet connection is working and click Refresh again.
Chapter 7 Licensing Figure 155 Configuration > Licensing > Registration > Service The following table describes the labels in this screen. Table 74 Configuration > Licensing > Registration > Service LABEL DESCRIPTION Service Status # This is the entry’s position in the list. Service This lists the name of services or service modules that are available on the Zyxel Device. Web Security This is a license to a database that can block websites by category, such as Gambling.
Chapter 7 Licensing Table 74 Configuration > Licensing > Registration > Service (continued) LABEL DESCRIPTION Status This field displays whether a service license is enabled at myZyxel (Activated) or not (Not Activated) or expired (Expired). It displays the remaining Grace Period if your license has Expired. It displays Not Licensed if there isn’t a license to be activated for this service.
Chapter 7 Licensing 7.2.2 The Signature Screen Click Configuration > Licensing > Signature Update to display the following screen. Figure 156 Configuration > Licensing > Signature Update The following table describes the labels in this screen. Table 75 Configuration > Licensing > Signature Update LABEL DESCRIPTION Service Status The following fields display the status and information on the current signature set that the Zyxel Device is using.
Chapter 7 Licensing The following table describes the labels in this screen. Table 76 Configuration > Licensing > Signature Update: Schedule > Auto Update LABEL DESCRIPTION Auto Update Select this check box to have the Zyxel Device automatically check for new signatures regularly at the time and day specified. You should select a time when your network is not busy for minimal interruption. OK Hourly Select this option to have the Zyxel Device check for new signatures every hour.
CHAPTER 8 Wireless 8.1 Overview Use the Wireless screens to configure how the Zyxel Device manages supported Access Points (APs). Supported APs should be in managed mode. See the product page Licenses tab for a list of supported APs. 8.1.1 What You Can Do in this Chapter • Use the Controller screen (Section 8.2 on page 192) to set how the Zyxel Device allows new APs to connect to the network and set the country code of APs that are connected to the Zyxel Device. • Use the AP Management screens (Section 8.
Chapter 8 Wireless Each field is described in the following table. Table 77 Configuration > Wireless > Controller LABEL DESCRIPTION Country Code Select the country code of APs that are connected to the Zyxel Device to be the same as where the Zyxel Device is located/installed. The available channels vary depending on the country you selected. Registration Type Select Manual to add each AP to the Zyxel Device for management, or Always Accept to automatically add APs to the Zyxel Device for management.
Chapter 8 Wireless Each field is described in the following table. Table 78 Configuration > Wireless > AP Management > Mgnt. AP List LABEL DESCRIPTION Edit Select an AP and click this button to edit its properties. Remove Select an AP and click this button to remove it from the list. Note: If in the Configuration > Wireless > Controller screen you set the Registration Type to Always Accept, then as soon as you remove an AP from this list it reconnects.
Chapter 8 Wireless 8.3.1.1 Edit AP List Select an AP and click the Edit button in the Configuration > Wireless > AP Management table to display this screen. Figure 160 Configuration > Wireless > AP Management > Mgnt.
Chapter 8 Wireless Each field is described in the following table. Table 79 Configuration > Wireless > AP Management > Mgnt. AP List > Edit AP List LABEL DESCRIPTION Create new Object Use this menu to create a new Radio Profile object to associate with this AP. MAC This displays the MAC address of the selected AP. Model This field displays the AP’s hardware model information.
Chapter 8 Wireless Table 79 Configuration > Wireless > AP Management > Mgnt. AP List > Edit AP List (continued) LABEL DESCRIPTION Output Power Set the output power of the AP. Override Group SSID Setting Select this option to overwrite the AP SSID profile setting with the setting you configure here. This section allows you to associate an SSID profile with the radio. Edit Select an SSID and click this button to reassign it. The selected SSID becomes editable immediately upon clicking.
Chapter 8 Wireless Each field is described in the following table. Table 80 Configuration > Wireless > AP Management > AP Policy LABEL DESCRIPTION Force Override AC IP Config on AP Select this to have the Zyxel Device change the AP controller’s IP address on the managed AP(s) to match the configuration in this screen. Override Type Select Auto to have the managed AP(s) automatically send broadcast packets to find any other available AP controllers.
Chapter 8 Wireless Each field is described in the following table. Table 81 Configuration > Wireless > AP Management > AP Group LABEL DESCRIPTION Group Setting Default Group Select a group that is used as the default group. Any AP that is not configured to associate with a specific AP group belongs to the default group automatically. Group Summary Add Click this button to create a new AP group. Edit Select an entry and click this button to edit its properties.
Chapter 8 Wireless 8.3.3.1 Add/Edit AP Group Click Add or select an AP group and click the Edit button in the Configuration > Wireless > AP Management > AP Group table to display this screen.
Chapter 8 Wireless Each field is described in the following table. Table 82 Configuration > Wireless > AP Management > AP Group > Add/Edit LABEL DESCRIPTION General Settings Group Name Enter a name for this group. You can use up to 31 alphanumeric characters. Dashes and underscores are also allowed. The name should start with a letter. Description Enter a description for this group. You can use up to 31 characters, spaces and underscores allowed.
Chapter 8 Wireless Table 82 Configuration > Wireless > AP Management > AP Group > Add/Edit (continued) LABEL DESCRIPTION # This is the index number of the SSID profile. You can associate up to eight SSID profiles with an AP radio. SSID Profile Indicates which SSID profile is associated with this radio profile. VLAN Settings Force Overwrite VLAN Config Select this to have the Zyxel Device change the AP’s management VLAN to match the configuration in this screen.
Chapter 8 Wireless Table 82 Configuration > Wireless > AP Management > AP Group > Add/Edit (continued) LABEL Mode DESCRIPTION Select a mode by which load balancing is carried out. Select By Station Number to balance network traffic based on the number of specified stations connected to an AP. Select By Traffic Level to balance network traffic based on the volume generated by the stations connected to an AP.
Chapter 8 Wireless 8.3.4 Firmware The Zyxel Device stores an AP firmware in order to manage supported APs. This screen allows the Zyxel Device to check for and download new AP firmware when it becomes available on the firmware server. All APs managed by the Zyxel Device must have the same firmware version as the AP firmware on the Zyxel Device.
Chapter 8 Wireless Each field is described in the following table. Table 83 Configuration > Wireless > AP Management > Firmware LABEL DESCRIPTION AP Firmware Runtime Firmware This displays the current AP firmware version on the Zyxel Device. The Zyxel Device must have the latest AP firmware to manage all supported APs. Available Firmware This field displays if there is a later AP firmware version available on the firmware server.
Chapter 8 Wireless Figure 165 Configuration > Wireless > Rogue AP Each field is described in the following table. Table 84 Configuration > Wireless > Rogue AP LABEL DESCRIPTION Suspected Rogue AP Classification Rule Click the check boxes (Weak Security (Open, WEP, WPA-PSK), Un-managed AP, Hidden SSID, SSID Keyword) of the characteristics an AP should have for the Zyxel Device to rule it as a rogue AP. Add Click this to add an SSID Keyword.
Chapter 8 Wireless Table 84 Configuration > Wireless > Rogue AP (continued) LABEL DESCRIPTION Containment Click this button to quarantine the selected AP. A quarantined AP cannot grant access to any network services. Any stations that attempt to connect to a quarantined AP are disconnected automatically. Dis-Containment Click this button to take the selected AP out of quarantine. An unquarantined AP has normal access to the network.
Chapter 8 Wireless Table 85 Configuration > Wireless > Rogue AP > Add/Edit Rogue/Friendly (continued) LABEL DESCRIPTION Role Select either Rogue AP or Friendly AP for the AP’s role. OK Click OK to save your changes back to the Zyxel Device. Cancel Click Cancel to close the window with changes unsaved. 8.5 Auto Healing Use this screen to enable auto healing, which allows you to extend the wireless service coverage area of the managed APs when one of the APs fails.
Chapter 8 Wireless 8.6 RTLS Overview Ekahau RTLS (Real Time Location Service) tracks battery-powered Wi-Fi tags attached to APs managed by the Zyxel Device to create maps, alerts, and reports. The Ekahau RTLS Controller is the centerpiece of the RTLS system. This server software runs on a Windows computer to track and locate Ekahau tags from Wi-Fi signal strength measurements.
Chapter 8 Wireless • Ekahau RTLS Controller in blink mode with TZSP Updater enabled • Security policies to allow RTLS traffic if the Zyxel Device security policy control is enabled or the Ekahau RTLS Controller is behind a firewall. For example, if the Ekahau RTLS Controller is behind a firewall, open ports 8550, 8553, and 8569 to allow traffic the APs send to reach the Ekahau RTLS Controller. The following table lists default port numbers and types of packets RTLS uses.
Chapter 8 Wireless Table 88 Configuration > Wireless > RTLS (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the Zyxel Device. Reset Click Reset to return the screen to its last-saved settings. 8.7 Technical Reference The following section contains additional technical information about wireless features. 8.7.
Chapter 8 Wireless However, some regions require the use of other channels and often use a safety scheme with the following four channels: 1, 4, 7 and 11. While they are situated sufficiently close to both each other and the three so-called “safe” channels (1,6 and 11) that interference becomes inevitable, the severity of it is dependent upon other factors: proximity to the affected AP, signal strength, activity, and so on.
CHAPTER 9 Interfaces 9.1 Interface Overview Use the Interface screens to configure the Zyxel Device’s interfaces. You can also create interfaces on top of other interfaces. • Ports are the physical ports to which you connect cables. • Interfaces are used within the system operationally. You use them in configuring various features. An interface also describes a network that is directly connected to the Zyxel Device. For example, You connect the LAN network to the LAN interface.
Chapter 9 Interfaces • An interface is a logical entity through which (layer-3) packets pass. • An interface is bound to a physical port or another interface. • Many interfaces can share the same physical port. • An interface belongs to at most one zone. • Many interfaces can belong to the same zone. • Layer-3 virtualization (IP alias, for example) is a kind of interface. Types of Interfaces You can create several types of interfaces in the Zyxel Device.
Chapter 9 Interfaces Table 89 Ethernet, PPP, Cellular, VLAN, Bridge, and Virtual Interface Characteristics (continued) CHARACTERISTICS ETHERNET ETHERNET PPP CELLULAR VLAN BRIDGE VIRTUAL Bandwidth restrictions Yes Yes Yes Yes Yes Yes Yes Packet size (MTU) Yes Yes Yes Yes Yes Yes No No Yes No No Yes Yes No DHCP relay No Yes No No Yes Yes No Connectivity Check Yes No Yes Yes Yes Yes No DHCP DHCP server Note: - * The format of interface names other than the Ethern
Chapter 9 Interfaces Table 90 Relationships Between Different Types of Interfaces (continued) INTERFACE REQUIRED PORT / INTERFACE virtual interface (virtual Ethernet interface) Ethernet interface* (virtual VLAN interface) VLAN interface* (virtual bridge interface) bridge interface trunk Ethernet interface Cellular interface VLAN interface bridge interface PPP interface Note: * You cannot set up a PPP interface, virtual Ethernet interface or virtual VLAN interface if the underlying interface is a
Chapter 9 Interfaces Link-local Address A link-local address uniquely identifies a device on the local network (the LAN). It is similar to a “private IP address” in IPv4. You can have the same link-local address on multiple interfaces on a device. A linklocal unicast address has a predefined prefix of fe80::/10. The link-local unicast address format is as follows.
Chapter 9 Interfaces DHCPv6 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6, RFC 3315) is a server-client protocol that allows a DHCP server to assign and pass IPv6 network addresses, prefixes and other configuration information to DHCP clients. DHCPv6 servers and clients exchange DHCP messages using UDP. Each DHCP client and server has a unique DHCP Unique IDentifier (DUID), which is used for identification when they are exchanging DHCPv6 messages.
Chapter 9 Interfaces The physical Ethernet ports are shown at the top and the Ethernet interfaces and zones are shown at the bottom of the screen. Use the radio buttons to select for which interface (network) you want to use each physical port. For example, select a port’s LAN radio button to use the port as part of the LAN interface. The port will use the Zyxel Device’s LAN IP address and MAC address. When you assign more than one physical port to a network, you create a port group.
Chapter 9 Interfaces Each field is described in the following table. Table 92 Configuration > Network > Interface > Port Configuration LABEL DESCRIPTION Edit Select an entry, and click this button to configure the speed and the duplex mode of the Ethernet connection on this port. Name This field displays the name of the port. Interface This field displays the interface for the port. Type This field displays the cable type that is used on the port.
Chapter 9 Interfaces Figure 175 Configuration > Network > Interface > Ethernet Each field is described in the following table. Table 93 Configuration > Network > Interface > Ethernet LABEL DESCRIPTION Configuration / IPv6 Configuration Use the Configuration section for IPv4 network settings. Use the IPv6 Configuration section for IPv6 network settings if you connect your Zyxel Device to an IPv6 network. Both sections have similar fields as described below.
Chapter 9 Interfaces Table 93 Configuration > Network > Interface > Ethernet (continued) LABEL DESCRIPTION IP Address This field displays the current IP address of the interface. If the IP address is 0.0.0.0 (in the IPv4 network) or :: (in the IPv6 network), the interface does not have an IP address yet. In the IPv4 network, this screen also shows whether the IP address is a static IP address (STATIC) or dynamically assigned (DHCP). IP addresses are always static in virtual interfaces.
Chapter 9 Interfaces 9.4.1.1 IGMP Proxy Internet Group Management Protocol (IGMP) proxy is used for multicast routing. IGMP proxy enables the Zyxel Device to issue IGMP host messages on behalf of hosts that the Zyxel Device discovered on its IGMP-enabled interfaces. The Zyxel Device acts as a proxy for its hosts. Refer to the following figure.
Chapter 9 Interfaces Figure 177 Configuration > Network > Interface > Ethernet > Edit (External Type) ZyWALL ATP Series User’s Guide 224
Chapter 9 Interfaces Configuration > Network > Interface > Ethernet > Edit (External Type ZyWALL ATP Series User’s Guide 225
Chapter 9 Interfaces Figure 178 Configuration > Network > Interface > Ethernet > Edit (Internal Type) ZyWALL ATP Series User’s Guide 226
Chapter 9 Interfaces Configuration > Network > Interface > Ethernet > Edit (Internal Type) ZyWALL ATP Series User’s Guide 227
Chapter 9 Interfaces Figure 179 Configuration > Network > Interface > Ethernet > Edit (OPT) ZyWALL ATP Series User’s Guide 228