Introduction
Overview
Zyxel Device refers to these models as outlined below.
• USG FLEX 50 (USG20-VPN)
• USG FLEX 50W (USG20W-VPN)
Model Feature Differences
Note the following differences between these models:
FEATURE/model | usg flex 50 (USG20-VPN) | usg flex 50w (USG20W-VPN) |
|---|---|---|
Microsoft Azure | YES | YES |
Amazon VPC | CLI only | CLI only |
Anomaly Detection & Prevention | YES | YES |
Anti-Spam | YES | YES |
IPS (IDP) | NO | NO |
Anti-Malware | NO | NO |
App Patrol | NO | NO |
Web Security (Content Filtering) | YES | YES |
SecuReporter | YES | YES |
Reputation Filter (IP & DNS) | NO | NO |
URL Threat Filter | NO | NO |
Sandboxing | NO | NO |
IP Exception | NO | NO |
AP Controller | NO | NO |
Device HA Pro | NO | NO |
Easy Mode | YES | YES |
Hotspot Management | NO | NO |
Concurrent Device Upgrade | NO | NO |
LAG | NO | NO |
Port Group | NO | NO |
Port Role | YES | YES |
SD-WAN Mode | NO | NO |
SSL Application | YES | YES |
SSL encrypted traffic inspection | YES | YES |
Bundled UTM Feature License Validity | 1 year | 1 year |
WiFi functionality (built-in) | NO | YES |
Virtual Server Load Balancing | NO | NO |
Built-in AP | NO | YES |
Management by Nebula Control Center (NCC) | YES | YES |
• Not all models support all features. See USG FLEX 50 Series Model Feature Comparison for the specific features that your model supports.
• Application Security (Application Patrol) | • Intrusion Prevention System (IPS) |
• Anomaly Detection & Prevention (ADP) | • Web Filtering (Content Filtering) |
• Malware Blocker (Anti-Virus) | • Email Security (Anti-Spam) |
• Secure Socket Layer (SSL) encrypted traffic Inspection |
The following security features work without a security license:
• Configuration > Content Filter > Trusted Web Sites
• Configuration > Anti-Spam/Email Security > Block/Allow List
For information on interface names by model, default port or interface name mapping, and default interface or zone mapping please see Default Zones, Interfaces, and Ports.
See the product’s datasheet for detailed information on a specific model.
On Premises Mode
When you log into the Web Configurator for the first time or when you reset the Zyxel Device to its default configuration, the Initial Setup Wizard screen displays. Choose On Premises Mode to manage your Zyxel Device directly using either the browser-based Web Configurator or the Command Line Interface (CLI).
Follow the wizard to configure the Zyxel Device network settings to manage your Zyxel Device directly. Note that once you complete the device registration step and register your Zyxel Device at portal.myzyxel.com, you cannot change to Nebula Mode unless you reset the Zyxel Device.
Nebula Mode
When you log into the Web Configurator for the first time or when you reset the Zyxel Device to its default configuration, the Initial Setup Wizard screen displays. Choose Nebula Mode to manage your Zyxel Device remotely using Nebula Control Center (NCC). Select this mode if you want to configure and monitor one or more Zyxel Devices through the cloud.
Follow the wizard to configure the Zyxel Device network settings to connect to NCC. Note that once you complete th WAN configuration step, you cannot change to On Premises Mode unless you reset the Zyxel Device.
Nebula Control Center (NCC) is an Internet portal that allows you to configure and monitor groups of Zyxel Devices in organizations. You cannot manage a Zyxel Device directly through the Web Configurator or Command Line Interface (CLI) when NCC is managing the Zyxel Device. See USG FLEX 50 Series Model Feature Comparison to see which Zyxel Devices can be managed by NCC.
Follow this procedure to have NCC manage your Zyxel Device.
NCC Portal
You should already have created an account at myZyxel.com. Follow these steps at the NCC portal.
1 Log into Nebula (https://nebula.zyxel.com) with your myZyxel account. If you do not have a myZyxel account, you will be redirected to another screen to create one.
2 After you log in, click Go under Nebula Control Center and then Let’s Start to run the Nebula setup wizard. Create an organization and a site or select an existing site.
3 Add the Zyxel Device to this site by entering its MAC address and serial number. You’ll find the MAC address and serial number of the Zyxel Device on its label or scan the QR code using the Nebula app.
4 Configure the WAN interface that the Zyxel Device will use to connect to Nebula through the Internet.
5 If you’re given a choice, select Native Mode. If you cannot select Native Mode, configure the email address of the person who will configure the Zyxel Device for management by Nebula. An email will be sent to this person containing an activation link that allows automatic management of the Zyxel Device by Nebula (Zero Touch Provisioning (ZTP)).
Your Zyxel Device
The person who will configure the Zyxel Device for management by Nebula should follow this procedure.
1 Use an Ethernet cable to connect the WAN port of the Zyxel Device (P1 or P2) to the Ethernet port of a device that will provide Internet access.
2 Use another Ethernet cable to connect the LAN port of the Zyxel Device (P3 or P4) to your computer. Make sure your computer can receive an IP address automatically. This is the default for all computers, so the computer should be fine unless you changed it.
3 Connect the power port to an appropriate power source and turn on the Zyxel Device. Wait for the SYS LED to turn solid green.
4 Back up your current configuration before passing management to Nebula. Log into the web configurator, and go to Maintenance > File Manager > Configuration File. Select startup-config.conf, then click Download.
5 If you cannot select Native Mode, reset the Zyxel Device to the factory defaults. Push the Reset button until the port connection LEDs turn off (after about 5 seconds). Your Zyxel Device will reboot to the factory defaults and all previous configurations will be erased.
Skip this step if you did not configure your Zyxel Device before (including just logging in and changing the default password.). You must reset the Zyxel Device if it does not have the factory default configuration.
Your Email Account for ZTP
If you cannot select Native Mode in the Nebula setup wizard, do the following after the Zyxel Device is on:
1 Check your mailbox for an email from Nebula. You may need to check your spam folder
2 Follow the instructions in the email if you did not complete the instructions above. Look for an activation link in the email. Click the activation link or copy the link to your web browser. You will see a screen saying that Nebula registration is in process. Please wait.
3 When you see a screen saying Nebula registration has succeeded, management of your Zyxel Device has passed to Nebula Control Center. The Nebula administrator can now configure and manage your device.
Change the Mode
Follow the steps below to change your Zyxel Device from On Premises Mode to Nebula Mode or from Nebula Mode to On Premises Mode.
From Nebula Mode to On Premises Mode
Follow this procedure if you want to manage the Zyxel Device directly.
1 Log into Nebula (https://nebula.zyxel.com) with your myZyxel account.
2 Go to Organization-wide > Configuration > Inventory.
3 Select the Zyxel Device you want to remove from Nebula.
4 Click Remove.
5 Nebula will automatically reset your Zyxel Device. The Zyxel Device will reboot to the factory defaults. All Nebula configurations for the Zyxel Device will be erased.
6 Log into the Zyxel Device. Run the wizard and choose On Premises Mode.
7 To restore your previous configuration, log into the web configurator, and go to Maintenance > File Manager > Configuration File.
8 Under Upload Configuration File, click Browse, select the startup-config.conf on your computer that you backed up previously and click Upload. The Zyxel Device will then return to the previous settings.
From On Premises Mode to Nebula Mode
1 Back up your current configuration in Maintenance > File Manager > Configuration File.
2 Reset the Zyxel Device to the factory default by pushing the Reset button until the port connection LEDs turn off (after about 5 seconds). Your Zyxel Device will reboot to the factory defaults.
3 Log into the Zyxel Device. Run the wizard and choose Nebula Mode.
4 If you have a choice of Native Mode or ZTP, select Native Mode.
Registration at myZyxel
myZyxel is Zyxel’s online services center where you can register your Zyxel Device and manage subscription services available for your Zyxel Device (see Configuration > Licensing > Registration > Service for services available for your Zyxel Device).
• For Zyxel Devices that already have firmware version 4.25 or later, you have to register your Zyxel Device and activate the corresponding service at myZyxel (through your Zyxel Device).
• For Zyxel Devices upgrading to firmware version 4.25 or later, you may skip registering your Zyxel Device and activating the corresponding service at myZyxel (through your Zyxel Device). However, it is highly recommended to at least register your Zyxel Device. At the time of writing, the Firmware Upgrade license providing Cloud Helper new firmware notifications, is free when you register your Zyxel Device.
You need to create a myZyxel account at http://portal.myZyxel.com before you can register your device and activate the services at myZyxel.You may need your Zyxel Device’s serial number and LAN MAC address to register it at myZyxel. See the label at the back of the Zyxel Device’s for details.
Applications
These are some Zyxel Device application scenarios.
Security Router
Security includes a Stateful Packet Inspection (SPI) firewall.
IPv6 Routing
The Zyxel Device supports IPv6 Ethernet, PPP, VLAN, and bridge routing. You may also create IPv6 policy routes and IPv6 objects. The Zyxel Device can also route IPv6 packets through IPv4 networks using different tunneling methods.
VPN Connectivity
Set up VPN tunnels with other companies, branch offices, telecommuters, and business travelers to provide secure access to your network. AS is an Authentication Server in the below figure.
SSL VPN Network Access
SSL VPN lets remote users use their web browsers for a very easy-to-use VPN solution. A user just browses to the Zyxel Device’s web address and enters his user name and password to securely connect to the Zyxel Device’s network. Here full tunnel mode creates a virtual connection for a remote user and gives him a private IP address in the same subnet as the local network so he can access network resources in the same way as if he were part of the internal network.
User-Aware Access Control
Set up security policies to restrict access to sensitive information and shared resources based on the user who is trying to access it.
Load Balancing
Set up multiple connections to the Internet on the same port, or different ports, including cellular interfaces. In either case, you can balance the traffic loads between them.
Management Overview
Web Configurator
The Web Configurator allows easy Zyxel Device setup and management using an Internet browser.
Command-Line Interface (CLI)
The CLI allows you to use text-based commands to configure the Zyxel Device. Access it using remote management (for example, SSH or Telnet) or via the physical or Web Configurator console port. See the Command Reference Guide for CLI details. The default settings for the console port are:
Setting | Value |
|---|---|
Speed | 115200 bps |
Data Bits | 8 |
Parity | None |
Stop Bit | 1 |
Flow Control | Off |
Web Configurator
The Web Configurator is an HTML-based management interface that allows easy system setup and management through Internet browser. Use a browser that supports HTML5, such as Microsoft Edge, Internet Explorer 11, Mozilla Firefox, or Google Chrome.
In order to use the Web Configurator you need to allow:
• Web browser pop-up windows from your device.
• JavaScript (enabled by default).
• Java permissions (enabled by default).
The recommended minimum screen resolution is 1024 x 768 pixels.
Screenshots and graphics in this book may differ slightly from your product due to differences in product features or Web Configurator brand style.Web Configurator Access
1 Make sure your Zyxel Device hardware is properly connected. See the Quick Start Guide.
2 In your browser go to https://192.168.1.1 or https://myrouter.local. By default, the Zyxel Device automatically routes this request to its HTTPS server, and it is recommended to keep this setting. The Login screen appears.
If you want to change the display language for the Zyxel Device’s Web Configurator screens, select from the drop-down list box. You can also change the display language in Configuration> System> Language
3 Type the user name (default: “admin”) and password (default: “1234”).
4 Click Login. After you log in for the first time using the default user name and password, you must change the default admin password in the Update Admin Info screen. Enter a new password of from 1 to 64 characters.
In Configuration > Object > User/Group > Setting, you can enable Password Complexity to require a new password to consist of at least 8 characters and at most 64, where at least 1 character must be a number, at least 1 a lower case letter, at least 1 an upper case letter and at least 1 a special character from the keyboard, such as !@#$%^&*()_+. You can also require periodic changing of the password in that screen by configuring Password must changed every (days).
Make a note of your new password, enter it in the following screen, then click Apply.
5 A Terms of Use screen displays. Read the statement, then click Acknowledge to proceed.
If you are using an Internet Explorer browser, the Terms of Use will be downloaded automatically.6 The Password Change Notification screen displays. Use this screen to view all the admin accounts expiry information. We recommend you to change your password regularly in Configuration> Object> User/Group> User. Select how often to display the screen and click OK.
7 The Network Risk Warning screen displays any unregistered or disabled security services. If your Zyxel Device is not registered, you will see a prompt to register it. Select how often to display the screen and click OK.
8 Follow the directions in the Update Admin Info screen. If you change the default password, the Login screen appears after you click Apply. If you click Ignore, the Installation Setup Wizard opens if the ZyWALL is using its default configuration; otherwise the dashboard appears.
Security Check for Web Interface Overview
Use this screen to configure settings to secure your Zyxel Device. You can configure:
• Secure SSL access from the Internet to the Zyxel Device.
• Secure SSL access from the Internet to the network behind the Zyxel Device.
• The default port that IPSec VPN clients use to retrieve VPN rule settings from the Zyxel Device.
• The default port for two-factor authentication for VPN clients to access the network behind the Zyxel Device.
Secure SSL Access from the Internet to the Zyxel Device
You can configure up to 3 trusted computers to access the Zyxel Device using secure SSL. The default HTTPS SSL port is 443. If you change this, remote connections from the Internet must use this port. For example, if you change this to port 8800 and the Zyxel Device is using IP address 1.1.1.1, then remote users must use htttps://1.1.1.1:8800.
Configure a new port between 1024 to 65535 that is not in use by other services.
Secure SSL VPN Access from the Internet to the Network Behind the Zyxel Device
The default SSL VPN port is 443. If you change the default SSL VPN port on the Zyxel Device, make sure to make the same change to SecuExtender, the SSL VPN client software. Configure a new port between 1024 to 65535 that is not in use by other services.
You can also restrict SSL VPN access to up to 3 locations on the Internet.
Change the Default IPSec VPN Provisioning Port
Change the default port that IPSec VPN clients use to retrieve VPN rule settings from the Zyxel Device. The default is 443 which is already in use for remote management by default. If you change the default IPSec VPN port on the Zyxel Device, make sure to make the same change to the Zyxel IPSec VPN client.
Configure a new port between 1024 to 65535 that is not in use by other services.
The remote management port, the SSL VPN port and the IPSec VPN port all use 443 by default. If you do not change the default ports, then only 3 connections of the remote management and SSL VPN will be allowed at one time.Change the Default Port for Two-Factor VPN Access Authentication
Change the default port for two-factor authentication for VPN clients to access the network behind the Zyxel Device. VPN clients do not need to change the port number on their devices, because the link to access the network behind the Zyxel Devices will contain the new port number. For example, if you change this to port 8008 and the link is using a.b.c.d, then VPN clients will see this link in their email or SMS to retrieve settings: htttps://a.b.c.d:8008.
You can also change this port in Object > Auth. Method > Two-factor Authentication > VPN Access. See Two-Factor Authentication for more information on two-factor authentication.
Configure a new port between 1024 to 65535 that is not in use by other services.
Overall Port Configuration Example
Below is an example of configuring these ports to avoid port conflict.
remote management | ssl vpn | ipsec vpn provisioning | two-factor vpn access authentication |
|---|---|---|---|
8800 | 8080 | 443 (default) | 8008 |
Other Security Measures
New firmware contains patches to enhance security. Make sure to check for new firmware regularly and update firmware in Maintenance > Firmware Management.
Change admin passwords regularly. Select Enable Password Complexity in Object > User/Group > Setting to require the user to use a password that's not easy to guess. The password must include:
• at least 8 characters
• at least one upper case alphabetic character and at least one lower case alphabetic character
• one numeric character
• one special character such as @#$%^
Security Check for Web Interface
The following screen appears when the Zyxel Device detects a rule that allows traffic such as HTTP, HTTPS, SSL and so on to access to your Zyxel Device from any IPv4 source on the WAN. This may expose your Zyxel Device to a security risk. Configure settings in this screen to allow access only from specified IP addresses, FQDNs or regions to secure your Zyxel Device.
The following table describes the labels in this screen.
Label | Description |
|---|---|
Allow secure remote management from WAN | Select this to allow access to the Zyxel Device remotely only from specified IP addresses or Fully Qualified Domain Names (FQDNs), such as 1.1.1.1 or www.zyxel.com. See Secure SSL Access from the Internet to the Zyxel Device for more information. |
Port | Configure a new port between 1024 to 65535 to use it to access the web configurator. Do not use a port number that has been used. For example, use https://1.1.1.1:8800 if you changed the default HTTPS port to 8800. |
Trusted Host 1-3 | Configure the IP addresses or FQDNs that are allowed to access the Zyxel Device. |
Allow SSL VPN access from WAN | Select this to allow SSL VPN clients to access the Zyxel Device only from specified regions. See Secure SSL VPN Access from the Internet to the Network Behind the Zyxel Device for more information. |
Port | Configure a new port between 1024 to 65535 to use it to access the web configurator using SSL VPN. Do not use a port number that has been used. The port you configure here must be the same as the port you use in SecuExtender. See Secure SSL VPN Access from the Internet to the Network Behind the Zyxel Device for more information on SecuExtender. |
Trusted Geolocation 1-3 | Select the regions that are allowed to access the Zyxel Device from the drop-down list box. |
Change Two-Factor Authentication Port | Select this to change the port VPN clients use to access the Zyxel Device LAN with two-factor authentication. See Change the Default Port for Two-Factor VPN Access Authentication for more information. Configure a new port between 1024 to 65535. Do not use a port number that has been used. |
Change Zyxel IPSec VPN Client Provisioning Port | Select this to change the port IPSec VPN clients use to retrieve VPN rule settings from the Zyxel Device. See Change the Default IPSec VPN Provisioning Port for more information. Configure a new port between 1024 to 65535. Do not use a port number that has been used. The port you configure here must be the same as the port you use when logging in as a Zyxel IPSec VPN client. |
Please remind me | Select how often to display the screen from the drop-down list box. |
OK | Click OK to save your changes back to the Zyxel Device. |
Cancel | Click Cancel to exit this screen without saving your changes. |
Remote Access to the Zyxel Device Networks
Your Zyxel Device keeps your networks safe while allowing external access by applying the security measures below:
• Two-Factor Authentication: Use two-factor authentication to have double-layer security to access a secured network behind the Zyxel Device. The first layer is the VPN client/Zyxel Device’s login user name / password. The second layer is an authorized SMS (via mobile phone number) or email address. See Two-Factor Authentication for more information on two-factor authentication.
• Device Insight: The Zyxel Device can identify and display the basic information and status of clients that are connected to the Zyxel Device networks in Monitor > Network Status > Device Insight. See Device Insight for more information on viewing the device insight.
Create device insight profiles in Configuration > Object > Device Insight to block specified clients from accessing the Internet or the Zyxel Device. See Device Insight for more information on creating and using the device insight profiles.
• IPSec VPN: You can create highly secure connections with IKEv2 or EAP authentication to access networks behind the Zyxel Device. For example, home workers can securely access company resources if they have proper authentication. See IPSec VPN for more information on IPSec VPN.
• Upload Bandwidth Limit: Zyxel subscription-based SecuExtender IPSec VPN clients with Windows version 5.6.80.007 or later or macOS version 1.2.0.7 or later support upload bandwidth limit. Use this to set the maximum bandwidth for uploading traffic from IPSec VPN clients over IPSec VPN tunnels. See Zyxel Device IPSec VPN Client Configuration Provisioning for more information on upload bandwidth limit.
Web Configurator Screens Overview
The Web Configurator screen is divided into these parts:
Title Bar
The title bar icons in the upper right corner provide the following functions.
Label | Description |
|---|---|
SecuReporter | This icon shows when SecuReporter is enabled and the Zyxel Device is added to an organization. Click this to open the SecuReporter portal page. |
Web Console | Click this to open one or multiple console windows from which you can run command line interface (CLI) commands. You will be prompted to enter your user name and password. See the Command Reference Guide for information about the commands. Logging in to the Zyxel Device with HTTPS, so you can open one or multiple console windows. |
CLI | Click this to open a popup window that displays the CLI commands sent by the Web Configurator to the Zyxel Device. |
Reference | Click this to check which configuration items reference an object. |
Site Map | Click this to see an overview of links to the Web Configurator screens. |
Forum | Go to https://businessforum.zyxel.com for product discussions. |
Help | Click this to open the help page for the current screen. |
Notification | Only Admin or Limited Admin can see notifications. Notifications display what’s new in the Zyxel Device firmware (ZLD), information on security services about to expire. Slide the switch to Off if you don’t want notifications. Click an item to see more details on it. Click the Refresh icon or refresh the browser page to update notifications. The latest notification appears at the top. An item is removed once it has been read. Up to five notifications can be shown here. If there are more than five notifications, then click All Notifications to see them. |
About | Click this to display basic information about the Zyxel Device. |
Easy Mode | Click this to go to the Initial Setup Wizard in Easy Mode, and enter Easy Mode every time you log in. |
Logout | Click this to log out of the Web Configurator. |
About
Click About to display basic information about the Zyxel Device.
This table describes the fields in this screen.
Label | Description |
|---|---|
Current Version | This shows the firmware version of the Zyxel Device. |
Released Date | This shows the date (yyyy-mm-dd) and time (hh:mm:ss) when the firmware is released. |
System Protection Signature | This shows the system protection signature version of the Zyxel Device. These signatures do not require a license. The Zyxel Device will synch with the Cloud Helper Server every day to update these signatures automatically. System protection signatures protect your Zyxel Device and local networks from web attacks, such as command injection, cross-site scripting and path traversal. Command injection: This is an attack in which an attacker uses the Zyxel Device vulnerabilities to execute commands to control your Zyxel Device. Cross-site scripting: This is an attack in which an attacker implants malicious scripts in a website. When you visit this website, the malicious scripts are sent and executed on your web browser. Path traversal: This is an attack that allows an attacker to access files you store in the web root folder. |
OK | Click this to close the screen. |
Site Map
Click Site MAP to see an overview of links to the Web Configurator screens.
Web Console
Click Web Console to open one or multiple console windows from which you can run CLI commands. You will be prompted to enter your user name and password. See the Command Reference Guide for information about the commands. Logging in to the Zyxel Device with HTTPS, so you can open one or multiple console windows.
Reference
Select the type of object and the individual object and click Refresh to show which configuration settings reference the object.
The fields vary with the type of object. This table describes labels that can appear in this screen.
Label | Description |
|---|---|
Type | Select an object type to see the services. |
Name | This identifies the object for which the configuration settings that use it are displayed. Click the object’s name to display the object’s configuration screen in the main window. |
# | This field is a sequential value, and it is not associated with any entry. |
Service | This is the type of setting that references the selected object. Click a service’s name to display the service’s configuration screen in the main window. |
Priority | If it is applicable, this field lists the referencing configuration item’s position in its list, otherwise N/A displays. |
Name | This field identifies the configuration item that references the object. |
Description | If the referencing configuration item has a description configured, it displays here. |
Refresh | Click this to update the information in this screen. |
Cancel | Click Cancel to close the screen. |
CLI Messages
Click CLI to look at the CLI commands sent by the Web Configurator. Open the pop-up window and then click some menus in the Web Configurator to display the corresponding commands.
Navigation Panel
Use the navigation panel menu items to open status and configuration screens. Click the arrow in the middle of the right edge of the navigation panel to hide the panel or drag to resize it. The following sections introduce the Zyxel Device’s navigation panel menus and their screens.
Dashboard
The dashboard displays general device information, system status, system resource usage, licensed service status, and interface status in widgets that you can re-arrange to suit your needs.
Monitor Menu
The monitor menu screens display status and statistics information.
Folder or Link | Tab | Function |
|---|---|---|
Traffic Statistics | ||
Port Statistics | Port Statistics | Displays packet statistics for each physical port. |
Interface Status | Interface Summary | Displays general interface information and packet statistics. |
Traffic Statistics | Traffic Statistics | Collect and display traffic statistics. |
Session Monitor | Session Monitor | Displays the status of all current sessions. |
Network Status | ||
DHCP Table | DHCP Table | Displays a list of interfaces and their DHCP-assigned IP addresses. |
Device Insight | Device Insight | Displays a list of WiFi and wireless clients connected to the Zyxel Device networks. |
Login Users | Login Users | Lists the users currently logged into the Zyxel Device. |
IGMP Statistics | IGMP Statistics | Collect and display IGMP statistics. |
DDNS Status | DDNS Status | Displays the status of the Zyxel Device’s DDNS domain names. |
IP/MAC Binding | IP/MAC Binding | Lists the devices that have received an IP address from Zyxel Device interfaces using IP/MAC binding. |
Cellular Status | Cellular Status | Displays details about the Zyxel Device’s mobile broadband connection status. |
UPnP Port Status | Port Statistics | Displays details about UPnP connections going through the Zyxel Device. |
USB Storage | Storage Information | Displays details about USB device connected to the Zyxel Device. |
Ethernet Neighbor | Ethernet Neighbor | View and manage the Zyxel Device’s neighboring devices via Smart Connect (Layer Link Discovery Protocol (LLDP)). Use the Zyxel One Network (ZON) utility to view and manage the Zyxel Device’s neighboring devices via the Zyxel Discovery Protocol (ZDP). |
FQDN Object | FQDN Object | Displays FQDN (Fully Qualified Domain Name) object cache lists used in DNS queries. |
Wireless | ||
AP Information | Radio List | Lists wireless details of APs managed by the Zyxel Device. |
SSID Info | SSID Info | Display information about the AP’s wireless clients. |
Station Info | Station List | Lists wireless clients associated with the APs managed by the Zyxel Device. |
Top N Stations | Lists wireless stations with the most wireless traffic usage. | |
Single Station | Lists wireless traffic usage for an associated wireless station. | |
VPN Monitor | ||
IPSec | IPSec | Displays and manages the active IPSec SAs. |
SSL | SSL | Lists users currently logged into the VPN SSL client portal. You can also log out individual users and delete related session information. |
L2TP over IPSec | L2TP over IPSec | Displays details about current L2TP sessions. |
Security Statistics | ||
Content Filter | Web Content Filter | Collect and display web content filter statistics. |
DNS Content Filter | Collect and display DNS content filter statistics. | |
Anti-Sapm | Summary | Collect and display spam statistics. |
Status | Displays how many mail sessions the ZyWALL is currently checking and DNSBL (Domain Name Service-based spam Black List) statistics. | |
Configuration Menu
Use the configuration menu screens to configure the Zyxel Device’s features.
Folder or Link | Tab | Function |
|---|---|---|
Quick Setup | Quickly configure WAN interfaces or VPN connections. | |
Licensing | ||
Registration | Registration | Register the device and activate trial services. |
Service | View the licensed service status and upgrade licensed services. | |
Wireless | ||
Built-in AP | General | Allow WiFi clients to access your Zyxel Device wirelessly to connect to the network. |
Network | ||
Interface | Port Port Role/Port Configuration | Use this screen to set the Zyxel Device’s flexible ports such as LAN, OPT, WLAN, or DMZ. |
Ethernet | Manage Ethernet interfaces and virtual Ethernet interfaces. | |
PPP | Create and manage PPPoE and PPTP interfaces. | |
Cellular | Configure a cellular Internet connection for an installed mobile broadband card. | |
Tunnel | Configure tunneling between IPv4 and IPv6 networks. | |
VLAN | Create and manage VLAN interfaces and virtual VLAN interfaces. | |
Bridge | Create and manage bridges and virtual bridge interfaces. | |
VTI | Configure IP address assignment and interface parameters for VTI (Virtual Tunnel Interface). | |
Trunk | Create and manage trunks (groups of interfaces) for load balancing. | |
Routing | Policy Route | Create and manage routing policies. |
Static Route | Create and manage IP static routing information. | |
RIP | Configure device-level RIP settings. | |
OSPF | Configure device-level OSPF settings, including areas and virtual links. | |
BGP | Configure exchange of Border Gateway Protocol (BGP) information over an IPSec tunnel. | |
DDNS | DDNS | Define and manage the Zyxel Device’s DDNS domain names. |
NAT | NAT | Set up and manage port forwarding rules. |
Redirect Service | Redirect Service | Set up and manage HTTP and SMTP redirection rules. |
ALG | ALG | Configure SIP, H.323, and FTP pass-through settings. |
UPnP | UPnP | Configure interfaces that allow UPnP and NAT-PMP connections. |
IP/MAC Binding | Summary | Configure IP to MAC address bindings for devices connected to each supported interface. |
Exempt List | Configure ranges of IP addresses to which the Zyxel Device does not apply IP/MAC binding. | |
Layer 2 Isolation | General | Enable layer-2 isolation on the Zyxel Device and the internal interfaces. |
Allow List | Enable and configure the allow list. | |
DNS Inbound LB | DNS Load Balancing | Configure DNS Load Balancing. |
VPN | ||
IPSec VPN | VPN Connection | Configure IPSec tunnels. |
VPN Gateway | Configure IKE tunnels. | |
Concentrator | Combine IPSec VPN connections into a single secure network | |
Configuration Provisioning | Set who can retrieve VPN rule settings from the Zyxel Device using the Zyxel Device IPSec VPN Client. | |
SSL VPN | Access Privilege | Configure SSL VPN access rights for users and groups. |
Global Setting | Configure the Zyxel Device’s SSL VPN settings that apply to all connections. | |
L2TP VPN | L2TP VPN | Configure L2TP over IPSec tunnels. |
BWM | BWM | Enable and configure bandwidth management rules. |
Web Authentication | Web Authentication General/Authentication Type/Custom Web Portal File/Custom User Agreement File | Define a web portal and exempt services from authentication. |
SSO | Configure the Zyxel Device to work with a Single Sign On agent. | |
Security Policy | ||
Policy Control | Policy | Create and manage level-3 traffic rules and apply Security Service profiles. |
ADP | General | Display and manage ADP bindings. |
Profile | Create and manage ADP profiles. | |
Allow List | Create an allow list for certain IP or services to let them pass the ADP flood detection. | |
Session Control | Session Control | Limit the number of concurrent client NAT/security policy sessions. |
Security Service | ||
Content Filter | Web Content Filter: General | Create and manage the detailed filtering rules for content filtering profiles and then apply to a traffic flow using a security policy. |
Web Content Filter: Trusted Web Sites | Create a list of allowed web sites that bypass content filtering policies. | |
Web Content Filter: Forbidden Web Sites | Create a list of web sites to block regardless of content filtering policies. | |
DNS Content Filter: General | Create and manage the detailed filtering rules for DNS content filtering profiles and then apply to a traffic flow using a security policy. | |
DNS Content Filter: Allow List | Create a list of allowed web sites that bypass DNS content filtering policies. | |
DNS Content Filter: Block List | Create a list of web sites to block regardless of content filtering policies. | |
Anti-Spam | Profile | Turn anti-spam on or off and manage anti-spam policies. Create anti-spam template(s) of settings to apply to a traffic flow using a security policy. |
Mail Scan | Configure e-mail scanning details. | |
Block/Allow List | Set up a block list to identify spam and an allow list to identify legitimate e-mail. | |
DNSBL | Have the Zyxel Device check e-mail against DNS Block Lists. | |
Object | ||
Device Insight | Device Insight | Configure profiles to block specified clients from accessing the Internet or the Zyxel Device. |
Zone | Zone | Configure zone templates used to define various policies. |
User/Group | User | Create and manage users. |
Group | Create and manage groups of users. | |
Setting | Manage default settings for all users, general settings for user sessions, and rules to force user authentication. | |
MAC Address | Configure the MAC addresses of wireless clients for MAC authentication using the local user database. | |
Address/Geo IP | Address | Create and manage host, range, and network (subnet) addresses. |
Address Group | Create and manage groups of addresses to apply to policies as a single objects. | |
Geo IP | Update the database of country-to-IP address mappings and manually configure country-to-IP address mappings for geographic address objects that can be used in security policies. | |
Service | Service | Create and manage TCP and UDP services. |
Service Group | Create and manage groups of services to apply to policies as a single object. | |
Schedule | Schedule | Create one-time and recurring schedules. |
Schedule Group | Create and manage groups of schedules to apply to policies as a single object. | |
AAA Server | Active Directory | Configure the Active Directory settings. |
LDAP | Configure the LDAP settings. | |
RADIUS | Configure the RADIUS settings. | |
Auth. Method | Authentication Method | Create and manage ways of authenticating users. |
Two-factor Authentication | Configure SMS or email authentication to access a secured network behind the Zyxel Device via a VPN tunnel. | |
Certificate | My Certificates | Create and manage the Zyxel Device’s certificates. |
Trusted Certificates | Import and manage certificates from trusted sources. | |
ISP Account | ISP Account | Create and manage ISP account information for PPPoE/PPTP interfaces. |
Mgmt. & Analytics | SecuManager | Enable and configure management of the Zyxel Device by a Central Network Management system. |
SecuReporter | Enable SecuReporter logging and access the SecuReporter security analytics portal that collects and analyzes logs from your Zyxel Device in order to identify anomalies, alert on potential internal or external threats, and report on network usage. | |
Nebula | Use this screen to let Nebula manage your Zyxel Device. | |
System | ||
Host Name | Host Name | Configure the system and domain name for the Zyxel Device. |
USB Storage | Settings | Configure the settings for the connected USB devices. |
Date/Time | Date/Time | Configure the current date, time, and time zone in the Zyxel Device. |
Console Speed | Console Speed | Set the console speed. |
DNS | DNS | Configure the DNS server and address records for the Zyxel Device. |
WWW | Service Control | Configure HTTP, HTTPS, and general authentication. |
Login Page | Configure how the login and access user screens look. | |
SSH | SSH | Configure SSH server and SSH service settings. |
TELNET | TELNET | Configure telnet server settings for the Zyxel Device. |
FTP | FTP | Configure FTP server settings. |
SNMP | SNMP | Configure SNMP communities and services. |
Auth. Server | Auth. Server | Configure the Zyxel Device to act as a RADIUS server. |
Notification | Mail Server | Configure a mail server with authentication to send reports and password expiration notification emails. |
SMS | Enable the SMS service to send dynamic guest account information in text messages and authorization for VPN tunnel access to a secured network. | |
Response Message | Create a web page when access to a website is restricted due to a security service. | |
Language | Language | Select the Web Configurator language. |
IPv6 | IPv6 | Enable IPv6 globally on the Zyxel Device here. |
ZON | ZON | Use the Zyxel One Network (ZON) utility to view and manage the Zyxel Device’s neighboring devices via the Zyxel Discovery Protocol (ZDP). |
Advanced | Fast Forwarding | Enable fast forwarding to maximizes the network performance of the Zyxel Device. |
Log & Report | ||
Email Daily Report | Email Daily Report | Configure where and how to send daily reports and what reports to send. |
Log Settings | Log Settings | Configure the system log, email logs, and remote syslog servers. |
Maintenance Menu
Use the maintenance menu screens to manage configuration and firmware files, run diagnostics, and reboot or shut down the Zyxel Device.
Folder or Link | Tab | Function |
|---|---|---|
File Manager | Configuration File | Manage and upload configuration files for the Zyxel Device. |
Firmware Management | View the current firmware version and upload firmware. Reboot with your choice of firmware. | |
Shell Script | Manage and run shell script files for the Zyxel Device. | |
Diagnostics | Diagnostics | Collect diagnostic information. This screen includes the sub-tabs below: • Controller • Filer |
Packet Capture | Capture packets for analysis. This screen includes the sub-tabs below: • Capture • Files • | |
CPU/Memory Status | View CPU and memory usage statistics. | |
System Log | Connect a USB device to the Zyxel Device and archive the Zyxel Device system logs to it here. | |
Network Tool | Identify problems with the connections. You can use Ping or Traceroute to help you identify problems. | |
Routing Traces | Configure traceroute to identify where packets are dropped for troubleshooting. | |
Wireless Frame Capture | Capture wireless frames from APs for analysis. | |
Packet Flow Explore | Routing Status | Check how the Zyxel Device determines where to route a packet. |
SNAT Status | View a clear picture on how the Zyxel Device converts a packet’s source IP address and check the related settings. | |
Shutdown/ Reboot | Shutdown/ Reboot | Turn off or restart the Zyxel Device. |
Tables and Lists
Web Configurator tables and lists are flexible with several options for how to display their entries.
Click a column heading to sort the table’s entries according to that column’s criteria.
Click the down arrow next to a column heading for more options about how to display the entries. The options available vary depending on the type of fields in the column. Here are some examples of what you can do:
• Sort in ascending or descending (reverse) alphabetical order
• Select which columns to display
• Group entries by field
• Show entries in groups
• Filter by mathematical operators (<, >, or =) or searching for text
Select a column heading cell’s right border and drag to re-size the column.
Select a column heading and drag and drop it to change the column order. A green check mark displays next to the column’s title when you drag the column to a valid new location.
Use the icons and fields at the bottom of the table to navigate to different pages of entries and control how many entries display at a time.
The tables have icons for working with table entries. You can often use the [Shift] or [Ctrl] key to select multiple entries to remove, activate, or deactivate.
Here are descriptions for the most common table icons.
Label | Description |
|---|---|
Add | Click this to create a new entry. For features where the entry’s position in the numbered list is important (features where the Zyxel Device applies the table’s entries in order like the security policy for example), you can select an entry and click Add to create a new entry after the selected entry. |
Edit | Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings. In some tables you can just click a table entry and edit it directly in the table. For those types of tables small red triangles display for table entries with changes that you have not yet applied. |
Remove | To remove an entry, select it and click Remove. The Zyxel Device confirms you want to remove it before doing so. |
Activate | To turn on an entry, select it and click Activate. |
Inactivate | To turn off an entry, select it and click Inactivate. |
Connect | To connect an entry, select it and click Connect. |
Disconnect | To disconnect an entry, select it and click Disconnect. |
References | Select an entry and click References to check which settings use the entry. |
Move | To change an entry’s position in a numbered list, select it and click Move to display a field to type a number for where you want to put that entry and press [ENTER] to move the entry to the number that you typed. For example, if you type 6, the entry you are moving becomes number 6 and the previous entry 6 (if there is one) gets pushed up (or down) one. |
Working with Lists
When a list of available entries displays next to a list of selected entries, you can often just double-click an entry to move it from one list to the other. In some lists you can also use the [Shift] or [Ctrl] key to select multiple entries, and then use the arrow button to move them to the other list.