Introduction
Overview
Zyxel Device refers to these models as outlined below.
USG FLEX 100
USG FLEX 100W
USG FLEX 200
USG FLEX 500
USG FLEX 700
Model Feature Differences
Note the following differences between the USG FLEX models:
USG FLEX Model Feature Comparison 
FEATURE/model
USG FLEX 100
USG FLEX 100W
USG FLEX 200
USG FLEX 500
USG FLEX 700
Microsoft Azure
YES
YES
YES
YES
YES
Amazon VPC
CLI only
CLI only
CLI only
CLI only
CLI only
Anomaly Detection & Prevention
YES
YES
YES
YES
YES
Email Security (Anti-Spam)
YES
YES
YES
YES
YES
IDP
YES
YES
YES
YES
YES
Anti-Malware
YES
YES
YES
YES
YES
App Patrol
YES
YES
YES
YES
YES
Web Filtering (Content Filtering)
YES
YES
YES
YES
YES
SecuReporter
YES
YES
YES
YES
YES
Reputation Filter (IP and DNS)
NO
NO
NO
NO
NO
URL Threat Filter
YES
YES
YES
YES
YES
Sandboxing
NO
NO
NO
NO
NO
IP Exception
YES
YES
YES
YES
YES
AP Controller
YES
YES
YES
YES
YES
Device HA Pro
NO
NO
NO
YES
YES
Hotspot Management
NO
NO
YES
YES
YES
LAG
NO
NO
NO
YES
YES
Port Group
YES
YES
YES
YES
YES
Port Role
YES
YES
YES
YES
YES
SD-WAN Mode
NO
NO
NO
NO
NO
SSL Application
YES
YES
YES
YES
YES
SSL encrypted traffic inspection
YES
YES
YES
YES
YES
Bundled UTM Feature License Validity
1 year
1 year
1 year
1 year
1 year
Virtual Server Load Balancing
YES
YES
YES
YES
YES
Built-in WiFi
NO
YES
NO
NO
NO
Management by Nebula Control Center (NCC)
YES
YES
YES
YES
YES
Not all models support all features. See USG FLEX Model Feature Comparison for the specific features that your model supports.
Security Feature List
Application Patrol (AP)
Intrusion Detection & Prevention (IDP)
Anomaly Detection & Prevention (ADP)
Content Filtering (CF)
Anti-Virus (AV)
Anti-Spam (AS)
Secure Socket Layer (SSL) encrypted traffic Inspection
 
The following security features work without a security license:
Configuration > Content Filter > Trusted Web Sites
Configuration > IDP > Custom Signatures
Configuration > Anti-Virus > Black/White List
Configuration > Anti-Spam > Black/White List
For information on interface names by model, default port or interface name mapping, and default interface or zone mapping please see Default Zones, Interfaces, and Ports.
See the product’s datasheet for detailed information on a specific model.
Management by Nebula Control Center
Nebula Control Center (NCC) is an Internet portal that allows you to configure and monitor groups of Zyxel Devices in organizations. You cannot manage a Zyxel Device directly through the Web Configurator or Command Line Interface (CLI) when NCC is managing the Zyxel Device. See USG FLEX Model Feature Comparison to see which Zyxel Devices can be managed by NCC.
Follow this procedure to have NCC manage your Zyxel Device.
NCC Portal
You should already have created an account at myZyxel.com. Follow these steps at the NCC portal.
1 Log into Nebula (https://nebula.zyxel.com) with your myZyxel account. If you do not have a myZyxel account, you will be redirected to another screen to create one.
2 After you log in, click Go under Nebula Control Center and then Let’s Start to run the Nebula setup wizard. Create an organization and a site or select an existing site.
3 Add the Zyxel Device to this site by entering its MAC address and serial number. You’ll find the MAC address and serial number of the Zyxel Device on its label or scan the QR code using the Nebula app.
4 Configure the WAN interface that the Zyxel Device will use to connect to Nebula through the Internet.
5 Configure the email address of the person who will configure the Zyxel Device for management by Nebula. An email will be sent to this person containing an activation link that allows automatic management of the Zyxel Device by Nebula (Zero Touch Provisioning (ZTP)).
Your Zyxel Device
The person who will configure the Zyxel Device for management by Nebula should follow this procedure.
1 Use an Ethernet cable to connect the WAN port of the Zyxel Device (P2) to the Ethernet port of a device that will provide Internet access.
2 Use another Ethernet cable to connect the LAN port of the Zyxel Device (P4) to your computer. Make sure your computer can receive an IP address automatically (this is the default for all computers so the computer should be fine unless you changed it).
3 Connect the power port to an appropriate power source and turn on the Zyxel Device. Wait for the SYS LED to turn solid green.
Note: Skip the next two steps if you did not configure your Zyxel Device before (including just logging in and changing the default password). You must reset the Zyxel Device if it does not have the factory default configuration.
4 Back up your current configuration before passing management to Nebula. Log into the web configurator, and go to Maintenance > File Manager > Configuration File. Select startup-config.conf, then click Download.
5 Reset the Zyxel Device to the factory defaults by pushing the Reset button until the port connection LEDs turn off (after about 5 seconds). Your Zyxel Device will reboot to the factory defaults and all previous configurations will be erased.
Your Email Account
After the Zyxel Device is on, do the following:
1 Check your mailbox for an email from Nebula. You may need to check your spam folder.
2 Follow the instructions in the email if you did not complete the instructions above. Look for an activation link in the email. Click the activation link or copy the link to your web browser. You will see a screen saying that Nebula registration is in process. Please wait.
3 When you see a screen saying Nebula registration has succeeded, management of your Zyxel Device has passed to Nebula Control Center. The Nebula administrator can now configure and manage your device.
Alternative Procedure Using USB
Use this method if did not connect a computer to the LAN port of the Zyxel Device.
1 Connect a USB disk drive in FAT32 format to a USB port on your computer.
2 Go to your mailbox and find the email from Nebula. Save the JSON file in the email attachment to the root folder of the USB drive.
3 Connect the USB drive to the Zyxel Device. The SYS LED will blink. Please wait until the SYS LED is solid green again. The Nebula administrator should now check if the Zyxel Device is online indicating Nebula registration has succeeded.
Registration Errors
If ZTP fails, the problem may be with the configuration on the Zyxel Device or registration on Nebula.
If the problem is with the configuration on the Zyxel Device, click Network Test Tool to go directly to the web configurator of the Zyxel Device. Log in with the user name 'support' and the password is the Zyxel Device’s serial number.
If the problem is with registration on Nebula, see the following registration errors.
Registration with Nebula Error Messages
Registration Error Message
The Nebula Zero Touch Provisioning (ZTP) activation link failed. Log into Nebula and resend the activation link.
The Zero Touch Provisioning (ZTP) activation link timed out. Check your Internet connection on the Zyxel Device and then click the Retry button.
The Nebula Zero Touch Provisioning (ZTP) activation link failed. Log into Nebula and resend the activation link.
The Internet connection on the Zyxel Device is down. Check the Internet connection and then click the Retry button.
The Nebula Zero Touch Provisioning (ZTP) activation link failed due to a Nebula URL error. Log into Nebula and resend the activation link.
The serial number or MAC address for this Zyxel Device is incorrectly configured on Nebula. Add the Zyxel Device in Nebula again with the correct setting and resend the activation link.
The Zyxel Device model is incorrectly configured on Nebula. Add the Zyxel Device in Nebula again with the correct setting and resend the activation link.
If you already added the Zyxel Device to Nebula before using the wizard, but there was a registration error, use this method to resend the activation link.
1 In Nebula, go to Organization-wide > Configuration > Inventory.
2 In the summary table that then displays, select the model you registered, click Waiting ZTP to display a ZTP Setup screen.
3 Check that the WAN settings and email address are correct and then click OK to resend the activation link.
If resending the activation link does not work, use this method to add the Zyxel Device again.
1 In Nebula, go to Organization-wide > Configuration > Inventory.
2 Click Add.
3 Make sure to enter the correct MAC address and serial number, and then click OK.
4 In the summary table that then displays, select the model you registered, click Add to, select a site, and then click Add to site.
5 Click Waiting ZTP to display a ZTP Setup screen.
6 Configure the WAN type, port number for access to the Zyxel Device, and email address of where to send the ZTP activation email and then click OK to send the activation link.
Returning to Direct Management from Nebula
Follow this procedure if you decide you no longer want Zyxel Device management through Nebula.
1 Log into Nebula (https://nebula.zyxel.com) with your myZyxel account.
2 Go to Organization-wide > Configuration > Inventory.
3 Select the Zyxel Device you want to remove from Nebula.
4 Click Remove.
5 Go to your Zyxel Device. Reset the Zyxel Device to the factory defaults by pushing the Reset button until the port connection LEDs turn off (after about 5 seconds). Your Zyxel Device will reboot to the factory defaults and all Nebula configurations will be erased.
6 To restore your previous configuration, log into the web configurator, and go to Maintenance > File Manager > Configuration File.
7 Under Upload Configuration File, click Browse, select the startup-config.conf on your computer that you backed up previously and click Upload. The Zyxel Device will then return to the previous settings.
Registration at myZyxel
myZyxel is Zyxel’s online services center where you can register your Zyxel Device and manage subscription services available for your Zyxel Device (see Configuration > Licensing > Registration > Service for services available for your Zyxel Device).
For Zyxel Devices that already have firmware version 4.25 or later, you have to register your Zyxel Device and activate the corresponding service at myZyxel (through your Zyxel Device).
For Zyxel Devices upgrading to firmware version 4.25 or later, you may skip registering your Zyxel Device and activating the corresponding service at myZyxel (through your Zyxel Device). However, it is highly recommended to at least register your Zyxel Device. At the time of writing, the Firmware Upgrade license providing Cloud Helper new firmware notifications, is free when you register your Zyxel Device.
Note: You need to create a myZyxel account at http://portal.myZyxel.com before you can register your device and activate the services at myZyxel.
You may need your Zyxel Device’s serial number and LAN MAC address to register it at myZyxel. See the label at the back of the Zyxel Device’s for details.
Grace Period
SecuReporter and service licenses have a 15-day grace period after a license expires. Services will continue to work in this period during which you will receive notifications to renew your licenses. New licenses are valid for 1 year from the date of purchase.
Applications
These are some Zyxel Device application scenarios.
Security Router
Security includes a Stateful Packet Inspection (SPI) firewall.
IPv6 Routing
The Zyxel Device supports IPv6 Ethernet, PPP, VLAN, and bridge routing. You may also create IPv6 policy routes and IPv6 objects. The Zyxel Device can also route IPv6 packets through IPv4 networks using different tunneling methods.
VPN Connectivity
Set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to your network. AS is an Authentication Server in the below figure.
SSL VPN Network Access
SSL VPN lets remote users use their web browsers for a very easy-to-use VPN solution. A user just browses to the Zyxel Device’s web address and enters his user name and password to securely connect to the Zyxel Device’s network. Here full tunnel mode creates a virtual connection for a remote user and gives him a private IP address in the same subnet as the local network so he can access network resources in the same way as if he were part of the internal network.
User-Aware Access Control
Set up security policies to restrict access to sensitive information and shared resources based on the user who is trying to access it.
Load Balancing
Set up multiple connections to the Internet on the same port, or different ports, including cellular interfaces. In either case, you can balance the traffic loads between them.
Management Overview
Web Configurator
The Web Configurator allows easy Zyxel Device setup and management using an Internet browser.
Command-Line Interface (CLI)
The CLI allows you to use text-based commands to configure the Zyxel Device. Access it using remote management (for example, SSH or Telnet) or via the physical or Web Configurator console port. See the Command Reference Guide for CLI details. The default settings for the console port are:
Console Port Default Settings 
Setting
Value
Speed
115200 bps
Data Bits
8
Parity
None
Stop Bit
1
Flow Control
Off
Web Configurator
The Web Configurator is an HTML-based management interface that allows easy system setup and management through Internet browser. Use a browser that supports HTML5, such as Microsoft Edge, Internet Explorer 11, Mozilla Firefox, or Google Chrome.
In order to use the Web Configurator you need to allow:
Web browser pop-up windows from your device.
JavaScript (enabled by default).
Java permissions (enabled by default).
The recommended minimum screen resolution is 1024 x 768 pixels.
Note: Screenshots and graphics in this book may differ slightly from your product due to differences in product features or Web Configurator brand style.
Web Configurator Access
1 Make sure your Zyxel Device hardware is properly connected. See the Quick Start Guide.
2 In your browser go to http://192.168.1.1. By default, the Zyxel Device automatically routes this request to its HTTPS server, and it is recommended to keep this setting. The Login screen appears.
3 Type the user name (default: “admin”) and password (default: “1234”).
4 Click Login. After you log in for the first time using the default user name and password, you must change the default admin password in the Update Admin Info screen. Enter a new password of from 1 to 64 characters.
In Configuration > Object > User/Group > Setting, you can enable Password Complexity to require a new password to consist of at least 8 characters and at most 64, where at least 1 character must be a number, at least 1 a lower case letter, at least 1 an upper case letter and at least 1 a special character from the keyboard, such as !@#$%^&*()_+. You can also require periodic changing of the password in that screen by configuring Password must changed every (days).
Make a note of your new password, enter it in the following screen, then click Apply.
5 A Terms of Use screen displays. Read the statement, then click Acknowledge to proceed.
Note: If you are using an Internet Explorer browser, the Terms of Use will be downloaded automatically.
6 The Network Risk Warning screen displays any unregistered or disabled security services. If your Zyxel DeviceSelect how often to display the screen and click OK.
7 Follow the directions in the Update Admin Info screen. If you change the default password, the Login screen appears after you click Apply. If you click Ignore, the Installation Setup Wizard opens if the ZyWALL is using its default configuration; otherwise the dashboard appears.
Web Configurator Screens Overview
The Web Configurator screen is divided into these parts:
Title Bar
The title bar icons in the upper right corner provide the following functions.
Title Bar: Web Configurator Icons 
Label
Description
SecuReporter
This icon shows when SecuReporter is enabled and the Zyxel Device is added to an organization.
Click this to open the SecuReporter portal page.
Web Console
Click this to open one or multiple console windows from which you can run command line interface (CLI) commands. You will be prompted to enter your user name and password. See the Command Reference Guide for information about the commands.
Logging in to the Zyxel Device with HTTPS, so you can open one or multiple console windows.
CLI
Click this to open a popup window that displays the CLI commands sent by the Web Configurator to the Zyxel Device.
Reference
Click this to check which configuration items reference an object.
Site Map
Click this to see an overview of links to the Web Configurator screens.
Forum
Go to https://businessforum.zyxel.com for product discussions.
Help
Click this to open the help page for the current screen.
Notification
Only Admin or Limited Admin can see notifications. Notifications display what’s new in the Zyxel Device firmware (ZLD), information on security services about to expire.
Slide the switch to Off if you don’t want notifications. Click an item to see more details on it. Click the Refresh icon or refresh the browser page to update notifications. The latest notification appears at the top. An item is removed once it has been read.
Up to five notifications can be shown here. If there are more than five notifications, then click All Notifications to see them.
About
Click this to display basic information about the Zyxel Device.
Logout
Click this to log out of the Web Configurator.
About
Click About to display basic information about the Zyxel Device.
This table describes the fields in this screen.
About 
Label
Description
Current Version
This shows the firmware version of the Zyxel Device.
Released Date
This shows the date (yyyy-mm-dd) and time (hh:mm:ss) when the firmware is released.
OK
Click this to close the screen.
Site Map
Click Site MAP to see an overview of links to the Web Configurator screens.
Web Console
Click Web Console to open one or multiple console windows from which you can run CLI commands. You will be prompted to enter your user name and password. See the Command Reference Guide for information about the commands. Logging in to the Zyxel Device with HTTPS, so you can open one or multiple console windows.
Reference
Select the type of object and the individual object and click Refresh to show which configuration settings reference the object.
The fields vary with the type of object. This table describes labels that can appear in this screen.
Reference 
Label
Description
Type
Select an object type to see the services.
Name
This identifies the object for which the configuration settings that use it are displayed. Click the object’s name to display the object’s configuration screen in the main window.
#
This field is a sequential value, and it is not associated with any entry.
Service
This is the type of setting that references the selected object. Click a service’s name to display the service’s configuration screen in the main window.
Priority
If it is applicable, this field lists the referencing configuration item’s position in its list, otherwise N/A displays.
Name
This field identifies the configuration item that references the object.
Description
If the referencing configuration item has a description configured, it displays here.
Refresh
Click this to update the information in this screen.
Cancel
Click Cancel to close the screen.
CLI Messages
Click CLI to look at the CLI commands sent by the Web Configurator. Open the pop-up window and then click some menus in the Web Configurator to display the corresponding commands.
Navigation Panel
Use the navigation panel menu items to open status and configuration screens. Click the arrow in the middle of the right edge of the navigation panel to hide the panel or drag to resize it. The following sections introduce the Zyxel Device’s navigation panel menus and their screens.
Dashboard
The dashboard displays general device information, system status, system resource usage, licensed service status, and interface status in widgets that you can re-arrange to suit your needs.
Monitor Menu
The monitor menu screens display status and statistics information.
Monitor Menu Screens Summary 
Folder or Link
Tab
Function
System Status
Port Statistics
Port Statistics
Displays packet statistics for each physical port.
Interface Status
Interface Summary
Displays general interface information and packet statistics.
Traffic Statistics
Traffic Statistics
Collect and display traffic statistics.
Session Monitor
Session Monitor
Displays the status of all current sessions.
Login Users
Login Users
Lists the users currently logged into the Zyxel Device.
Dynamic Guest
Dynamic Guest
List the dynamic guest accounts in the Zyxel Device’s local database. These are accounts that are created automatically and allowed to access the Zyxel Device’s services for a certain period of time.
IGMP Statistics
IGMP Statistics
Collect and display IGMP statistics.
DDNS Status
DDNS Status
Displays the status of the Zyxel Device’s DDNS domain names.
IP/MAC Binding
IP/MAC Binding
Lists the devices that have received an IP address from Zyxel Device interfaces using IP/MAC binding.
Cellular Status
Cellular Status
Displays details about the Zyxel Device’s mobile broadband connection status.
UPnP Port Status
Port Statistics
Displays details about UPnP connections going through the Zyxel Device.
USB Storage
Storage Information
Displays details about USB device connected to the Zyxel Device.
Ethernet Neighbor
Ethernet Neighbor
View and manage the Zyxel Device’s neighboring devices via Smart Connect (Layer Link Discovery Protocol (LLDP)). Use the Zyxel One Network (ZON) utility to view and manage the Zyxel Device’s neighboring devices via the Zyxel Discovery Protocol (ZDP).
FQDN Object
FQDN Object
Displays FQDN (Fully Qualified Domain Name) object cache lists used in DNS queries.
Virtual Server LB
Virtual Server Load Balancer Status
Displays traffic statistics between a client and a real server.
Wireless
AP Information
AP List
Lists APs managed by the Zyxel Device.
Radio List
Lists wireless details of APs managed by the Zyxel Device.
Built-in AP
Displays associated wireless client usage and number. (For Zyxel Device model names containing ‘W’.)
Top N APs
Lists managed APs with the most wireless traffic usage and most associated wireless stations.
Single AP
Lists APs wireless traffic usage and associated wireless stations for a managed AP.
ZyMesh
ZyMesh Link Info
Display statistics about ZyMesh wireless connections between managed APs.
SSID Info
SSID Info
Display information about the AP’s wireless clients.
Station Info
Station List
Lists wireless clients associated with the APs managed by the Zyxel Device.
Top N Stations
Lists wireless stations with the most wireless traffic usage.
Single Station
Lists wireless traffic usage for an associated wireless station.
Detected Device
Detected Device
Display information about suspected rogue APs.
Printer Status
Printer Status
Display information about the connected statement printers.
VPN Monitor
IPSec
IPSec
Displays and manages the active IPSec SAs.
SSL
SSL
Lists users currently logged into the VPN SSL client portal. You can also log out individual users and delete related session information.
L2TP over IPSec
L2TP over IPSec
Displays details about current L2TP sessions.
Remote AP VPN
Remote AP VPN
Displays and manages the active remote APs.
Security Statistics
App Patrol
Summary
Displays application patrol statistics.
Content Filter
Summary
Collect and display content filter statistics
Anti-Malware
Summary
Collect and display statistics on the malware that the Zyxel Device has detected.
Reputation Filter
Summary
Displays counts and URLs that are blocked by the Zyxel Device.
IDP
Summary
Collect and display statistics on the intrusions that the Zyxel Device has detected.
Email Security
Summary
Collect and display spam statistics.
Status
Displays how many mail sessions the ZyWALL is currently checking and DNSBL (Domain Name Service-based spam Black List) statistics.
CDR
Containment List
Displays what clients are currently contained by Collaborative Detection & Response (CDR).
History
Displays what clients were and are contained by Collaborative Detection & Response (CDR).
SSL Inspection
Report
Collect and display SSL Inspection statistics.
Certificate Cache List
Displays traffic to destination servers using certificates.
Log
View Log
Lists log entries.
View AP Log
Lists AP log entries.
Dynamic Users Log
Lists the Zyxel Device’s dynamic guest account log messages.
Configuration Menu
Use the configuration menu screens to configure the Zyxel Device’s features.
Configuration Menu Screens Summary 
Folder or Link
Tab
Function
Quick Setup
 
Quickly configure WAN interfaces or VPN connections.
Licensing
Registration
Registration
Register the device and activate trial services.
Service
View the licensed service status and upgrade licensed services.
Signature Update
Signature
Update signatures immediately or by a schedule.
Wireless
Built-in AP
General
Allow WiFi clients to access your Zyxel Device wirelessly to connect to the network.
Controller
Configuration
Configure manual or automatic controller registration.
AP Management
Mgnt AP List
Edit or remove entries in the lists of APs managed by the Zyxel Device.
AP Policy
Configure the AP controller’s IP address on the managed APs and determine the action the managed APs take if the current AP controller fails.
AP Group
Create groups of APs, define their radio, VLAN, port and load balancing settings.
Firmware
Update the firmware on APs connected to your Zyxel Device.
Rogue AP
Rogue/Friendly AP List
Configure how the Zyxel Device monitors rogue APs.
Auto Healing
Auto Healing
Enable auto healing to extend the wireless service coverage area of the managed APs when one of the APs fails.
RTLS
Real Time Location System
Use the managed APs as part of an Ekahau RTLS to track the location of Ekahau WiFi tags.
Network
Interface
Port
Port Role/Port Configuration
Use this screen to set the Zyxel Device’s flexible ports such as LAN, OPT, WLAN, or DMZ.
Ethernet
Manage Ethernet interfaces and virtual Ethernet interfaces.
PPP
Create and manage PPPoE and PPTP interfaces.
Cellular
Configure a cellular Internet connection for an installed mobile broadband card.
Tunnel
Configure tunneling between IPv4 and IPv6 networks.
VLAN
Create and manage VLAN interfaces and virtual VLAN interfaces.
Bridge
Create and manage bridges and virtual bridge interfaces.
LAG
Configure interface and LAG parameters for each LAG interface.
VTI
Configure IP address assignment and interface parameters for VTI (Virtual Tunnel Interface).
Trunk
Create and manage trunks (groups of interfaces) for load balancing.
Routing
Policy Route
Create and manage routing policies.
Static Route
Create and manage IP static routing information.
RIP
Configure device-level RIP settings.
OSPF
Configure device-level OSPF settings, including areas and virtual links.
BGP
Configure exchange of Border Gateway Protocol (BGP) information over an IPSec tunnel.
DDNS
DDNS
Define and manage the Zyxel Device’s DDNS domain names.
NAT
NAT
Set up and manage port forwarding rules.
NAT
Virtual Server Load Balancer
Configure virtual server load balancer rules that distribute incoming connection requests to a virtual server between multiple real (physical) servers
Redirect Service
Redirect Service
Set up and manage HTTP and SMTP redirection rules.
ALG
ALG
Configure SIP, H.323, and FTP pass-through settings.
UPnP
UPnP
Configure interfaces that allow UPnP and NAT-PMP connections.
IP/MAC Binding
Summary
Configure IP to MAC address bindings for devices connected to each supported interface.
Exempt List
Configure ranges of IP addresses to which the Zyxel Device does not apply IP/MAC binding.
Layer 2 Isolation
General
Enable layer-2 isolation on the Zyxel Device and the internal interfaces.
White List
Enable and configure the white list.
DNS Inbound LB
DNS Load Balancing
Configure DNS Load Balancing.
VPN
IPSec VPN
VPN Connection
Configure IPSec tunnels.
VPN Gateway
Configure IKE tunnels.
Concentrator
Combine IPSec VPN connections into a single secure network
Configuration Provisioning
Set who can retrieve VPN rule settings from the Zyxel Device using the Zyxel Device IPSec VPN Client.
SSL VPN
Access Privilege
Configure SSL VPN access rights for users and groups.
Global Setting
Configure the Zyxel Device’s SSL VPN settings that apply to all connections.
L2TP VPN
L2TP VPN
Configure L2TP over IPSec tunnels.
Remote AP VPN
Remote AP VPN
Configure the IP address pool for the Zyxel Device to assign an IP address to the outgoing interface of each RAP IPSec tunnel.
BWM
BWM
Enable and configure bandwidth management rules.
Web Authentication
Web Authentication
General/Authentication Type/Custom Web Portal File/Custom User Agreement File/Facebook WiFi
Define a web portal and exempt services from authentication.
SSO
Configure the Zyxel Device to work with a Single Sign On agent.
Hotspot
Billing
General
Configure the general billing settings, such as the accounting method.
Billing Profile
Configure the billing profiles for the web-based account generator and each button on the connected statement printer.
Discount
Configure discount price plans.
Payment Service
Enable online payment service and configure the service pages.
Printer Manager
General
Configure the printer list, enable printer management and customize the account printout.
Printout Configuration
Detect the connected statement printers, change their IP addresses and/or add them to the managed printer list.
Free Time
Free Time
Allow users to get a free account for Internet surfing during the specified time period.
IPnP
IPnP
Enable IPnP on the Zyxel Device and the internal interfaces.
Walled Garden
Walled Garden
General/URL Base/Domain/IP Base
Create walled garden links that display in the login screen.
Advertisement
Advertisement
Enable and set advertisement links.
Security Policy
Policy Control
Policy
Create and manage level-3 traffic rules and apply Security Service profiles.
ADP
General
Display and manage ADP bindings.
Profile
Create and manage ADP profiles.
White List
Create a white list for certain IP or services to let them pass the ADP flood detection.
Session Control
Session Control
Limit the number of concurrent client NAT/security policy sessions.
Security Service
AppPatrol
Profile
Manage different types of traffic in this screen. Create App Patrol template(s) of settings to apply to a traffic flow using a security policy.
Content Filter
Web Content Filter: General
Create and manage the detailed filtering rules for content filtering profiles and then apply to a traffic flow using a security policy.
Web Content Filter: Trusted Web Sites
Create a list of allowed web sites that bypass content filtering policies.
Web Content Filter: Forbidden Web Sites
Create a list of web sites to block regardless of content filtering policies.
DNS Content Filter: General
Create and manage the detailed filtering rules for DNS content filtering profiles and then apply to a traffic flow using a security policy.
DNS Content Filter: White List
Create a list of allowed web sites that bypass DNS content filtering policies.
DNS Content Filter: Black List
Create a list of web sites to block regardless of content filtering policies.
Anti-Malware
Anti-Malware
Enable, specify actions to take when encountering malware or compressed files, and set up a black list to identify files with malware file patterns and a white list to identify files that should not be checked for malware.
Black/White List
Set up a black list to identify spam and a white list to identify legitimate email.
Signature
Search for particular signatures to get more information about them.
Reputation Filter
URL Threat Filter General/Profile/White List/Black List/External Black List
Enable URL filtering and specify what action the Zyxel Device takes when a access attempt to a blocked website is detected.
You can also set up a white list to identify which IPv4 addresses and/or URLs should be allowed, and a black list to identify which IPv4 addresses and/or URLs should be blocked.
Set up an external black list which uses black list entries stored in a file on a web server that supports HTTP or HTTPS and is reachable from the Zyxel Device. The Zyxel Device will block incoming and outgoing packets from the black list entries in this file.
IDP
IDP
Enable and configure IDP settings. Create, import, or export custom signatures.
White List
Configure signatures that will be exempted from IDP inspection.
Email Security
Email Security
Turn email security on or off and manage email security policies. Create email security templates of settings to apply to a traffic flow using a security policy.
Black/White List
Set up a black list to identify spam and a white list to identify legitimate email.
CDR
Collaborative Detection & Response
Turn CDR on or off and manage CDR policies. Create CDR templates of settings to apply to a traffic flow using a security policy.
Exempt List
Configure IPv4 and/or MAC addresses of devices that are exempt from CDR checking.
SSL Inspection
Profile
Decrypt HTTPS traffic for Security Service inspection. Create SSL Inspection templates of settings to apply to a traffic flow using a security policy.
Exclude List
Configure services to be excluded from SSL Inspection.
Certificate Update
Use this screen to update the latest certificates of servers using SSL connections to the Zyxel Device network.
IP Exception
IP Exception
Use this screen to view the IP exception list for the anti-malware and IDP (Intrusion, Detection, and Prevention) features.
The Zyxel Device will not intercept nor inspect the incoming packets that match the rules in the IP exception list for the anti-malware and/or IDP (Intrusion, Detection, and Prevention) features.
Object
Zone
Zone
Configure zone templates used to define various policies.
User/Group
User
Create and manage users.
Group
Create and manage groups of users.
Setting
Manage default settings for all users, general settings for user sessions, and rules to force user authentication.
MAC Address
Configure the MAC addresses of wireless clients for MAC authentication using the local user database.
AP Profile
Radio
Create templates of radio settings to apply to policies as an object.
SSID
Create templates of wireless settings to apply to radio profiles or policies as an object.
MON Profile
MON Profile
Create and manage rogue AP monitoring files that can be associated with different APs.
ZyMesh Profile
ZyMesh Profile
Create and manage ZyMesh files that can be associated with different APs.
Address/Geo IP
Address
Create and manage host, range, and network (subnet) addresses.
Address Group
Create and manage groups of addresses to apply to policies as a single objects.
Geo IP
Update the database of country-to-IP address mappings and manually configure country-to-IP address mappings for geographic address objects that can be used in security policies.
Service
Service
Create and manage TCP and UDP services.
Service Group
Create and manage groups of services to apply to policies as a single object.
Schedule
Schedule
Create one-time and recurring schedules.
Schedule Group
Create and manage groups of schedules to apply to policies as a single object.
AAA Server
Active Directory
Configure the Active Directory settings.
LDAP
Configure the LDAP settings.
RADIUS
Configure the RADIUS settings.
Auth. Method
Authentication Method
Create and manage ways of authenticating users.
Two-factor Authentication
Configure SMS or email authentication to access a secured network behind the Zyxel Device via a VPN tunnel.
Certificate
My Certificates
Create and manage the Zyxel Device’s certificates.
Trusted Certificates
Import and manage certificates from trusted sources.
ISP Account
ISP Account
Create and manage ISP account information for PPPoE/PPTP interfaces.
DHCPv6
Request
Configure IPv6 DHCP request type and interface information.
Lease
Configure IPv6 DHCP lease type and interface information.
Device HA
Device HA Status
See the license status for Device HA Pro, and see the status of the active and passive devices.
Device HA Pro
Configure Device HA Pro global settings, monitored interfaces and synchronization settings.
View Log
See logs of the active and passive devices
Cloud CNM
SecuManager
Enable and configure management of the Zyxel Device by a Central Network Management system.
SecuReporter
Enable SecuReporter logging and access the SecuReporter security analytics portal that collects and analyzes logs from your Zyxel Device in order to identify anomalies, alert on potential internal or external threats, and report on network usage.
System
Host Name
Host Name
Configure the system and domain name for the Zyxel Device.
USB Storage
Settings
Configure the settings for the connected USB devices.
Date/Time
Date/Time
Configure the current date, time, and time zone in the Zyxel Device.
Console Speed
Console Speed
Set the console speed.
DNS
DNS
Configure the DNS server and address records for the Zyxel Device.
WWW
Service Control
Configure HTTP, HTTPS, and general authentication.
Login Page
Configure how the login and access user screens look.
SSH
SSH
Configure SSH server and SSH service settings.
TELNET
TELNET
Configure telnet server settings for the Zyxel Device.
FTP
FTP
Configure FTP server settings.
SNMP
SNMP
Configure SNMP communities and services.
Auth. Server
Auth. Server
Configure the Zyxel Device to act as a RADIUS server.
Notification
Mail Server
Configure a mail server with authentication to send reports and password expiration notification emails.
SMS
Enable the SMS service to send dynamic guest account information in text messages and authorization for VPN tunnel access to a secured network.
Response Message
Create a web page when access to a website is restricted due to a security service.
Language
Language
Select the Web Configurator language.
IPv6
IPv6
Enable IPv6 globally on the Zyxel Device here.
ZON
ZON
Use the Zyxel One Network (ZON) utility to view and manage the Zyxel Device’s neighboring devices via the Zyxel Discovery Protocol (ZDP).
Log & Report
Email Daily Report
Email Daily Report
Configure where and how to send daily reports and what reports to send.
Log Settings
Log Settings
Configure the system log, email logs, and remote syslog servers.
Maintenance Menu
Use the maintenance menu screens to manage configuration and firmware files, run diagnostics, and reboot or shut down the Zyxel Device.
Maintenance Menu Screens Summary 
Folder or Link
Tab
Function
File Manager
Configuration File
Manage and upload configuration files for the Zyxel Device.
Firmware Management
View the current firmware version and upload firmware. Reboot with your choice of firmware.
Shell Script
Manage and run shell script files for the Zyxel Device.
Diagnostics
Diagnostics
Collect diagnostic information.
This screen includes the sub-tabs below:
Controller
AP
Filer
Packet Capture
Capture packets for analysis.
This screen includes the sub-tabs below:
Capture
Capture on AP
Files
Remote Capture
CPU/Memory Status
View CPU and memory usage statistics.
System Log
Connect a USB device to the Zyxel Device and archive the Zyxel Device system logs to it here.
Network Tool
Identify problems with the connections. You can use Ping or Traceroute to help you identify problems.
Routing Traces
Configure traceroute to identify where packets are dropped for troubleshooting.
Wireless Frame Capture
Capture wireless frames from APs for analysis.
Packet Flow Explore
Routing Status
Check how the Zyxel Device determines where to route a packet.
SNAT Status
View a clear picture on how the Zyxel Device converts a packet’s source IP address and check the related settings.
Shutdown/ Reboot
Shutdown/ Reboot
Turn off or restart the Zyxel Device.
Tables and Lists
Web Configurator tables and lists are flexible with several options for how to display their entries.
Click a column heading to sort the table’s entries according to that column’s criteria.
Click the down arrow next to a column heading for more options about how to display the entries. The options available vary depending on the type of fields in the column. Here are some examples of what you can do:
Sort in ascending or descending (reverse) alphabetical order
Select which columns to display
Group entries by field
Show entries in groups
Filter by mathematical operators (<, >, or =) or searching for text
Select a column heading cell’s right border and drag to re-size the column.
Select a column heading and drag and drop it to change the column order. A green check mark displays next to the column’s title when you drag the column to a valid new location.
Use the icons and fields at the bottom of the table to navigate to different pages of entries and control how many entries display at a time.
The tables have icons for working with table entries. You can often use the [Shift] or [Ctrl] key to select multiple entries to remove, activate, or deactivate.
Here are descriptions for the most common table icons.
Common Table Icons 
Label
Description
Add
Click this to create a new entry. For features where the entry’s position in the numbered list is important (features where the Zyxel Device applies the table’s entries in order like the security policy for example), you can select an entry and click Add to create a new entry after the selected entry.
Edit
Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings. In some tables you can just click a table entry and edit it directly in the table. For those types of tables small red triangles display for table entries with changes that you have not yet applied.
Remove
To remove an entry, select it and click Remove. The Zyxel Device confirms you want to remove it before doing so.
Activate
To turn on an entry, select it and click Activate.
Inactivate
To turn off an entry, select it and click Inactivate.
Connect
To connect an entry, select it and click Connect.
Disconnect
To disconnect an entry, select it and click Disconnect.
References
Select an entry and click References to check which settings use the entry.
Move
To change an entry’s position in a numbered list, select it and click Move to display a field to type a number for where you want to put that entry and press [ENTER] to move the entry to the number that you typed. For example, if you type 6, the entry you are moving becomes number 6 and the previous entry 6 (if there is one) gets pushed up (or down) one.
Working with Lists
When a list of available entries displays next to a list of selected entries, you can often just double-click an entry to move it from one list to the other. In some lists you can also use the [Shift] or [Ctrl] key to select multiple entries, and then use the arrow button to move them to the other list.