ZyXEL Communications USG40 User Manual

Provides an overview of the ZyWALL/USG series models and discusses key feature differences.

Details application scenarios like Security Router, IPv6 Routing, VPN Connectivity, SSL VPN Network Access, User-Aware Access Control, and Load Balancing.

Details how to use the Web Configurator, including browser requirements and recommended screen resolution.

Provides step-by-step instructions on how to access the Web Configurator, including login details and initial password change.

Describes the Installation Setup Wizard which helps configure Internet connection settings and activate subscription services.

Explains how to configure WAN interfaces, encapsulation type, and IP address assignment.

Details the Ethernet encapsulation screen, including IP address, subnet mask, and gateway configuration.

Explains the PPPoE encapsulation screen, including ISP parameters and WAN IP address assignments.

Details the PPTP encapsulation screen, including ISP parameters and PPTP configuration.

Describes the L2TP encapsulation screen, including ISP parameters and L2TP configuration.

Explains how to mount the device in a rack or on a wall, covering installation requirements and procedures.

Details the steps for rack-mounting the ZyWALL/USG on an EIA standard size rack or in a wiring closet.

Covers installation requirements and procedures for rack-mounting the USG2200-VPN.

Explains how to attach the ZyWALL/USG to a wall, including drilling instructions and screw specifications.

Explains the proper procedure for shutting down the device to prevent firmware corruption.

Describes the Easy Mode wizards and links, including Initial Setup Wizard, VPN Wizard, Port Forwarding Wizard, Wi-Fi and Guest Wizard, and Security Service Wizard.

Explains the Easy Mode settings menu, including Create Recovery Point, Restore Last Recovery Point, Restart, and Shutdown options.

Describes the Easy Mode dashboard, which displays system information, Internet information, VPN tunnel information, and network client status.

Explains the screen for connecting to the Internet, including detecting Internet connectivity and manual entry.

Provides solutions for common Internet access error messages like WAN 1 Down, PPPoE Error, DHCP Error, and Ethernet Fixed IP Error.

Explains how to configure Wi-Fi network name (SSID), password, and enable Guest Wi-Fi Network.

Shows registration status and license status for services like Content Filtering, IDP, and Anti-Virus.

Allows configuration of licensed services like Content Filter, IDP, and Anti-Virus, emphasizing activation at myZyXEL.com.

Explains NAT port forwarding to direct incoming traffic from the Internet to the correct virtual server in the network.

Details how to convert the OPT or P6 port to a guest port, isolating it from LAN/DMZ ports for Internet access only.

Guides through creating a VPN tunnel by selecting the VPN wizard type and launching the respective wizard.

Allows selection between Express and Advanced wizards for VPN rule creation, with Express using default settings and Advanced allowing custom changes.

Guides the user to select the VPN scenario that best describes the intended VPN connection, illustrating options like Site-to-site.

Details the configuration steps for VPN Express Wizard, including Secure Gateway, Pre-Shared Key, Local Policy, and Remote Policy.

Guides the user to select the VPN scenario for the Advanced Wizard, similar to the Express Wizard.

Details Phase 1 settings for IKE negotiation, including Secure Gateway, Negotiation Mode, Encryption Algorithm, and Authentication Algorithm.

Explains Phase 2 settings for IKE, including Active Protocol, Encapsulation, Encryption Algorithm, and Authentication Algorithm.

Explains setting up a VPN rule that can be retrieved with the ZyWALL/USG IPSec VPN Client, including restrictions.

Details the configuration steps for the VPN Express Wizard, including Secure Gateway and Pre-Shared Key.

Guides the user to select the VPN scenario for the Advanced Wizard, similar to the Express Wizard.

Details Phase 1 settings for IKE negotiation, including Secure Gateway, Negotiation Mode, Encryption Algorithm, and Authentication Algorithm.

Explains Phase 2 settings for IKE, including Active Protocol, Encapsulation, Encryption Algorithm, and Authentication Algorithm.

Guides the user to set up an L2TP VPN rule, including selecting VPN settings and the L2TP VPN wizard.

Details the first L2TP VPN settings screen, including Rule Name, My Address (interface), and Authentication Method.

Explains the second L2TP VPN settings screen, including IP Address Pool, Starting IP Address, End IP Address, and DNS Servers.

Explains NAT port forwarding to direct incoming traffic from the Internet to the correct virtual server.

Details how to add a new client to the port forwarding list by entering Name, IP Address, and MAC Address.

Explains how to add a new service to the port forwarding list by entering Service Name and Port Range.

Guides through enabling Wi-Fi Network and Guest Wi-Fi Network, configuring name, password, and duration.

Guides through registering the ZyWALL/USG and activating licenses for required services like Content Filtering, IDP, and Anti-Virus.

Details how to configure Content Filter to block websites by category, such as Chat, Dating & Personals, Gambling, Games, Hacking, etc.

Explains how to create lists of trusted (allowed) and forbidden (blocked) web site addresses.

Details how to configure Intrusion Detection and Prevention (IDP) and Anti-Virus (AV) features.

Guides through configuring an interface to connect to the Internet, covering Ethernet, PPPoE, and PPTP.

Explains how to select the type of encapsulation for the connection: Ethernet, PPPoE, or PPTP.

Guides through configuring ISP and WAN interface settings, including static and dynamic IP assignments.

Guides through creating Virtual Private Network (VPN) rules, including IPSec VPN, SSL VPN, and L2TP VPN.

Allows selection between Express and Advanced wizards for VPN rule creation.

Guides the user to select the VPN scenario that best describes the intended VPN connection.

Details the configuration steps for VPN Express Wizard, including Secure Gateway and Pre-Shared Key.

Guides the user to select the VPN scenario for the Advanced Wizard.

Details Phase 1 settings for IKE negotiation, including Secure Gateway and Negotiation Mode.

Explains Phase 2 settings for IKE, including Active Protocol and Encapsulation.

Explains setting up a VPN rule that can be retrieved with the ZyWALL/USG IPSec VPN Client.

Details the configuration steps for the VPN Express Wizard, including Secure Gateway.

Guides the user to select the VPN scenario for the Advanced Wizard.

Details Phase 1 settings for IKE negotiation, including Secure Gateway and Negotiation Mode.

Explains Phase 2 settings for IKE, including Active Protocol and Encapsulation.

Guides the user to set up an L2TP VPN rule, including selecting VPN settings and the L2TP VPN wizard.

Details the first L2TP VPN settings screen, including Rule Name and My Address (interface).

Explains the second L2TP VPN settings screen, including IP Address Pool, Starting IP Address, and End IP Address.

Guides the user to set up an L2TP VPN rule, including selecting VPN settings and the L2TP VPN wizard.

Explains how to use the main Dashboard screen to view system information, status, resource usage, and interface status.

Displays ZyWALL/USG's system and model name, serial number, MAC address, and firmware version.

Shows system uptime, current date/time, VPN status, DHCP table, login users, system resources, CPU usage, memory usage, and boot status.

Provides information on currently established VPN tunnels and links to the Zyxel VPN Client product page.

Displays CPU Usage, Memory Usage, Flash Usage, USB Storage Usage, and Active Sessions.

Shows Unified Threat Management (UTM) services that are available and enabled, including License Status and Type.

Displays content filter statistics, including Total Web Pages Inspected, Blocked, Warned, and Passed.

Explains how to use the Monitor screens for Port Statistics, Interface Status, Traffic Statistics, Session Monitor, IGMP Statistics, DDNS Status, IP/MAC Binding, Login Users, Dynamic Guest, Cellular Status, UPnP Port Status, USB Storage, and Ethernet Neighbor.

Allows viewing packet statistics for each Gigabit Ethernet port.

Lists all ZyWALL/USG interfaces and gives packet statistics for them.

Provides basic information about traffic, such as most-visited websites, most-used protocols, and LAN IP with heaviest traffic.

Displays all established sessions for debugging or statistical analysis, showing user, protocol, source/destination address, and duration.

Helps ensure that only intended devices use privileged IP addresses by binding IP to MAC addresses.

Shows dynamic guest user accounts, which are created automatically and allowed to access services for a certain period.

Shows the AP Information menu, containing AP List and Radio List screens.

Allows configuring AP settings, including MAC address, model, radio settings, and description.

Allows displaying and managing active IPSec SAs, including Name, Policy, IKE Name, Cookies, My Address, Secure Gateway, and Up Time.

Tracks users currently logged into the VPN SSL client and allows logging out users and deleting session information.

Displays and manages the ZyWALL/USG’s connected L2TP VPN sessions.

Manages the use of various applications on the network, including protocols and instant messenger.

Displays content filter statistics, including Total Web Pages Inspected, Blocked, Warned, and Passed.

Displays IDP (Intrusion Detection and Prevention) statistics.

Displays anti-virus statistics, including Total Viruses Detected and Infected Files Detected.

Manages anti-spam features, including Report and Status screens.

Decrypts SSL traffic, sends it to UTM engines for inspection, then encrypts and forwards it.

Stores log messages for viewing or e-mailing, and sets alerts for events requiring more attention.

Allows viewing all log messages or selecting specific categories, and viewing the Debug Log.

Explains how to register your ZyWALL/USG and manage its service subscriptions.

Guides the user to register their ZyWALL/USG at myZyXEL.com and activate services.

Displays the status of service registrations and licenses, and allows activation or extension of subscriptions.

Shows how to update the ZyWALL/USG’s signature packages for Anti-Virus, IDP, and AppPatrol.

Details how to update anti-virus signatures, including current version, released date, and update options.

Guides on updating IDP and AppPatrol signatures, requiring an account at myZyXEL.com and IDP service subscription.

Explains how to use Controller, AP Management, MON Mode, Auto Healing, and RTLS screens for wireless management.

Provides tools to manage all connected APs, including AP List, AP Policy, AP Group, and Firmware screens.

Displays the Managed AP List and Radio List screens.

Allows configuration of the AP controller’s IP address and actions managed APs take if the controller fails.

Enables configuration of AP groups, defining radio, port, VLAN and load balancing settings for all APs in the group.

Allows checking for and downloading new AP firmware when available on the firmware server.

Explains how to add or edit rogue/friendly AP entries, including MAC address, description, and role.

Guides on how to turn RTLS on or off and specify the IP address and server port of the Ekahau RTLS Controller.

Discusses load balancing techniques for wireless bandwidth, such as station number and traffic level.

Details how to use Port Role, Ethernet, Virtual Interface, PPP, Cellular, Tunnel, VLAN, Bridge, Trunk, and LAG screens.

Allows setting the ZyWALL/USG’s flexible ports as part of LAN, WAN, or DMZ interfaces.

Lets you configure IP address assignment, interface parameters, RIP, OSPF, DHCP, connectivity check, and MAC address settings.

Explains how to use PPPoE/PPTP/L2TP interfaces to connect to your ISP.

Allows configuration of a PPPoE or PPTP or L2TP interface, including ISP account setup.

Allows configuration of mobile broadband settings, including APN, Dial String, and Authentication Type.

Explains the use of tunnel interfaces in GRE, IPv6 in IPv4, and 6to4 tunnels.

Allows configuration of a tunnel interface, including Name, Zone, Tunnel Mode, and IP Address Assignment.

Allows configuration of IP address assignment, interface bandwidth parameters, DHCP settings, and connectivity check for each bridge interface.

Allows configuration of Interface and LAG parameters for each LAG interface.

Explains Virtual Tunnel Interface (VTI) which encrypts or decrypts IPv4 traffic from or to the interface.

Lets you configure IP address assignment and interface parameters for virtual interfaces.

Provides information on adding WAN interfaces to trunks and using policy routes for traffic management.

Guides on creating or editing a WAN trunk entry.

Covers Policy Routing concepts like Source-Based Routing, Bandwidth Shaping, Cost Savings, Load Sharing, and NAT.

Allows viewing configured policy routes and turning policy routing based bandwidth management on or off.

Guides on configuring or editing a policy route, covering IPv4 and IPv6 settings.

Displays configured static routes and explains how to use RIP or OSPF to propagate routing information.

Allows creating or editing a static route, configuring required information like destination, subnet mask, and next-hop.

Guides on configuring ZyWALL/USG to use RIP for receiving and/or sending routing information.

Details OSPF configuration, including general settings, areas, and virtual links.

Allows creating or editing OSPF areas, including Area ID, Type, and Authentication.

Guides on using DDNS screens to view configured DDNS domain names and their details, and add/edit domain names.

Provides a summary of all DDNS domain names and their configuration.

Allows adding a domain name or editing an existing one.

Provides a summary of all NAT rules and their configuration, allowing creation, editing, and deletion of rules.

Allows creating new NAT rules or editing existing ones.

Describes how HTTP redirect forwards client HTTP requests to a web proxy server.

Explains how SMTP redirect forwards authenticated client's SMTP messages to a SMTP server.

Allows configuration of HTTP or SMTP request redirection.

Allows creating or editing a redirect rule for HTTP or SMTP requests.

Discusses Application Layer Gateway (ALG), NAT, and Security Policy, and how ZyWALL/USG supports NAT mapping types.

Allows turning ALGs off or on, configuring port numbers, and configuring SIP ALG time outs.

Describes UPnP hardware identification and NAT Traversal capabilities.

Allows enabling UPnP and NAT-PMP on the ZyWALL/USG.

Guides on using Summary and Edit screens to bind IP addresses to MAC addresses, and Exempt List to configure IP ranges.

Allows configuring an interface’s IP to MAC address binding settings.

Allows configuring ranges of IP addresses to which IP/MAC binding is not applied.

Guides on using General screen to enable layer-2 isolation and White List screen to enable and configure the white list.

Allows enabling Layer-2 isolation on the ZyWALL/USG and specific internal interface(s).

Lists IP addresses not in the white list that are blocked from communicating with other devices, except for broadcast packets.

Allows creating a new rule in the white list or editing an existing one.

Provides a summary of DNS load balancing rules and details, allowing adding, editing, or removing rules.

Allows adding a member interface for the DNS load balancing rule.

Guides on using Web Authentication screens to create and manage policies, and configuring SSO communication.

Displays general web portal settings and authentication policies, enabling web authentication.

Shows how to configure policies and security settings for specific users or groups, authenticated locally or by an external server.

Allows viewing, creating, and managing authentication type profiles for user authentication.

Shows the steps required on the ZyWALL/USG to use SSO.

Guides on configuring Web Authentication > SSO to set up communication with the SSO agent.

Explains how to enable Web Authentication and add a web authentication policy.

Guides on configuring a Security Policy for SSO traffic to prevent blocking.

Details how to configure Active Directory (AD) for authentication with SSO.

Explains how to configure an Active Directory (AD) server in AAA Setup to match the AD configured on the SSO agent.

Guides on using General, Billing Profile, Discount, and Payment Service screens for billing settings.

Allows configuration of general billing settings, accounting method, currency unit, and SSID profiles.

Defines billing profiles for web-based account generator and statement printer buttons.

Allows automatic creation of dynamic guest accounts.

Allows creation or editing of billing profiles, defining Internet access time and charge per time unit.

Allows creating or editing a walled garden web site URL entry.

Allows creating or editing a walled garden domain or IP address entry.

Guides on enabling/disabling Security Policy and asymmetrical routes, setting session limits, and displaying policies.

Allows creating or editing a Security Policy rule.

Allows setting who can retrieve VPN rule settings using the ZyWALL/USG IPSec VPN Client.

Allows creating or editing an SSL access policy.

Allows configuration of ZyWALL/USG’s L2TP VPN settings.

Controls bandwidth allocation for TCP and UDP traffic, allowing enabling/disabling and adding/editing policies.

Allows creation or editing of bandwidth management conditions, including 802.1P Marking.

Guides on configuring profile settings, including Name, Description, and Profile Management.

Allows enabling content filtering, viewing/ordering policies, creating denial messages, and checking external web filtering service registration.

Guides on creating or editing a filter profile, configuring Category Service and Custom Service tabs.

Allows viewing registration and signature information, and binding IDP profiles to traffic.

Guides on creating new IDP profiles or editing existing ones.

Allows searching for signatures by criteria such as Name, ID, Severity, Policy Type, Platform, Service, Actions.

Allows turning anti-virus on or off, setting policies, checking license status, and updating signatures.

Guides on adding or editing an anti-virus profile.

Allows creating or editing black or white list entries for file patterns.

Allows turning anti-spam on or off and managing anti-spam policies.

Guides on configuring anti-spam policies for traffic direction, protocols, scanning options, and actions.

Allows creating or editing black or white list entries based on subject text, sender IP, or header fields.

Allows creating or editing SSL Inspection profiles.

Guides on creating or editing SSL Inspection profiles.

Explains the requirements and benefits of Device HA Pro, including easier deployment and faster failover.

Guides on configuring general active-passive mode Device HA settings, viewing monitored interfaces, and synchronizing backups.

Guides on creating or editing an SSID profile.

Allows creating or editing an IPv4 address object.

Allows creating or editing an IPv6 address object.

Allows creating a new service or editing an existing one.

Allows defining or editing a one-time schedule.

Guides on creating or editing an AD or LDAP server entry.

Guides on creating or editing a RADIUS server entry.

Allows creating and managing authentication method objects.

Allows viewing certificate information, changing name, and setting revocation checking.

Guides on creating web-based applications or file sharing applications.

Allows creating or editing a DHCPv6 request object.

Allows creating or editing a DHCPv6 lease object.

Configures security options for DNS, including Query Recursion and Additional Info from Cache.

Allows adding or editing a service control rule for WWW, SSH, Telnet, FTP, or SNMP.

Allows creating or editing a trusted RADIUS client.

Allows starting or stopping data collection and viewing traffic statistics.

Controls log messages and alerts, supporting viewing, regular e-mailing, and storing on USB.

Allows storing, running, and naming configuration files, and downloading/uploading them.

Allows generating a file with configuration and diagnostic information for customer support.

Allows capturing network traffic for identifying network problems.

Explains how to reset the ZyWALL/USG to factory default settings.

Provides important safety warnings for product usage.

Details the product warranty terms and conditions.