ZyXEL Communications ZyWALL 310 - What Could Go Wrong

To Next Page

To Previous Page

543/749

www.zyxel.com

What Could Go Wrong?

You may find that certain rules are triggering too many false positives or false

negatives. A false positive is when valid traffic is flagged as an attack. A false

negative is when invalid traffic is wrongly allowed to pass through the ZyWALL/USG.

As each network is different, false positives and false negatives are common on

initial ADP deployment. You could create a new ‘monitor profile’ that creates

logs but all actions are disabled. Observe the logs over time and try to eliminate

the causes of the false alarms. When you’re satisfied that they have been reduced

to an acceptable level, you could then create an ‘inline profile’ whereby you

configure appropriate actions to be taken when a packet matches a detection.

Main Page

Default Chapter2
- Table of Contents2
How to Configure Site-To-Site Ipsec VPN with Amazon VPC17
- Set up the Ipsec VPN Tunnel on the Amazon VPC18
- Set up the Ipsec VPN Tunnel on the Zywall/Usg22
- Test the Ipsec VPN Tunnel26
- What Could Go Wrong27
How to Configure Site-To-Site Ipsec VPN with Microsoft (MS) Azure29
- Set up the Ipsec VPN Tunnel on the Zywall/Usg30
- Set up the Ipsec VPN Tunnel on the MS Azure36
- Test the Ipsec VPN Tunnel45
- What Could Go Wrong47
How to Configure GRE over Ipsec VPN Tunnel50
- Set up the Zywall/Usg GRE over Ipsec VPN Tunnel of Corporate Network (HQ)51
- Set up the Zywall/Usg GRE over Ipsec VPN Tunnel of Corporate Network (Branch)55
- Test the GRE over Ipsec VPN Tunnel60
- What Could Go Wrong60
How to Configure Site-To-Site Ipsec VPN Where the Peer Has a Static IP Address62
- Set up the Zywall/Usg Ipsec VPN Tunnel of Corporate Network (HQ)62
- Set up the Zywall/Usg Ipsec VPN Tunnel of Corporate Network (Branch)66
- Test the Ipsec VPN Tunnel70
- What Could Go Wrong71
How to Configure Site-To-Site Ipsec VPN Where the Peer Has a Dynamic IP Address73
- Set up the Zywall/Usg Ipsec VPN Tunnel of Corporate Network (HQ)73
- (Branch Has a Dynamic IP Address)77
- Test the Ipsec VPN Tunnel81
- What Could Go Wrong82
How to Configure Ipsec Site to Site VPN While One Site Is Behind a NAT Router84
- Set up the Zywall/Usg Ipsec VPN Tunnel of Corporate Network (HQ)84
- Set up the Zywall/Usg Ipsec VPN Tunnel of Corporate Network (Branch)88
- Set up the NAT Router (Using Zywall USG Device in this Example)91
- Test the Ipsec VPN Tunnel93
- What Could Go Wrong94
How to Configure Hub-And-Spoke Ipsec VPN96
- Set up the Ipsec VPN Tunnel on the Zywall/Usg by Using VPN Concentrator Hub_Hq-To-Branch_A97
- Hub_Hq-To-Branch_B101
- Hub_Hq Concentrator104
- Spoke_Branch_A106
- Spoke_Branch_B111
- Test the Ipsec VPN Tunnel115
- What Could Go Wrong118
- Set up the Ipsec VPN Tunnel of Zywall/Usg Without Using VPN Concentrator Hub_Hq-To-Branch_A119
- Hub_Hq-To-Branch_B122
- Spoke_Branch_A125
- Spoke_Branch_B128
- Test the Ipsec VPN Tunnel131
- What Could Go Wrong133
How to Use Dual-WAN to Perform Fail-Over on VPN Using the VPN Concentrator135
- Set up the Ipsec VPN Tunnel on the Zywall/Usg Hub_Hq-To-Branch_A136
- Hub_Hq-To-Branch_B139
- Hub_Hq Concentrator142
- Spoke_Branch_A143
- Spoke_Branch_B147
- Test the Ipsec VPN Tunnel151
- What Could Go Wrong153
How to Configure Ipsec VPN with Zywall Ipsec VPN Client156
- Set up the Zywall/Usg Ipsec VPN Tunnel157
- Set up the Zywall Ipsec VPN Client161
- Test the Ipsec VPN Tunnel165
- What Can Go Wrong166
How to Configure Site-To-Site Ipsec VPN with Fortigate169
- Set up the Ipsec VPN Tunnel on the Zywall/Usg169
- Set up the Ipsec VPN Tunnel on the Fortigate173
- Test the Ipsec VPN Tunnel178
- What Could Go Wrong179
How to Configure Site-To-Site Ipsec VPN with Watchguard181
- Set up the Ipsec VPN Tunnel on the Zywall/Usg182
- Set up the Ipsec VPN Tunnel on the Watchguard185
- Test the Ipsec VPN Tunnel192
- What Could Go Wrong194
How to Configure Site-To-Site Ipsec VPN with Cisco196
- Set up the Ipsec VPN Tunnel on the Zywall/Usg197
- Set up the Ipsec VPN Tunnel on the Cisco203
- Test the Ipsec VPN Tunnel208
- What Could Go Wrong210
How to Configure Site-To-Site Ipsec VPN with a Sonicwall Router212
- Set up the Ipsec VPN Tunnel on the Zywall/Usg213
- Set up the Ipsec VPN Tunnel on the Sonicwall220
- Test the Ipsec VPN Tunnel224
- What Could Go Wrong226
How to Configure Ipsec VPN Failover229
- Set up the Zywall/Usg Ipsec VPN Tunnel of Corporate Network (HQ)230
- (Branch)233
- Set up the WAN Trunk (Zywall/Usg_Hq)237
- Set up the Failover Command Line (Zywall/Usg HQ)238
- Test the Ipsec VPN Tunnel240
- What Could Go Wrong241
How to Configure L2TP over Ipsec VPN While the Zywall/Usg Is Behind a NAT Router243
- Set up the L2TP VPN Tunnel on the Zywall/Usg_Hq244
- Set up the NAT Router (Using Zywall USG Device in this Example)248
- Test the L2TP over Ipsec VPN Tunnel251
- What Could Go Wrong254
How to Configure L2TP VPN with Android 5.0 Mobile Devices256
- Set up the L2TP VPN Tunnel on the Zywall/Usg257
- Set up the L2TP VPN Tunnel on the Android Device261
- Test the L2TP over Ipsec VPN Tunnel265
- What Could Go Wrong267
How to Configure L2TP VPN with Ios 8.4 Mobile Devices269
- Set up the L2TP VPN Tunnel on the Zywall/Usg269
- Set up the L2TP VPN Tunnel on the Ios Device275
- Test the L2TP over Ipsec VPN Tunnel276
- What Could Go Wrong279
How to Import Zywall/Usg Certificate for L2TP over Ipsec in Windows 10281
- Set up the L2TP VPN Tunnel on the Zywall/Usg281
- 10 Operating System286
- Export a Certificate from Zywall/Usg and Import It to Windows286
- Set up the L2TP VPN Tunnel on the Windows 10292
- Test the L2TP over Ipsec VPN Tunnel296
- What Could Go Wrong298
How to Import Zywall/Usg Certificate for L2TP over Ipsec in IOS Mobile Phone300
- Set up the L2TP VPN Tunnel on the Zywall/Usg300
- Export a Certificate from Zywall/Usg and Import It to Ios Mobile Phone304
- Set up the L2TP VPN Tunnel on the Ios Mobile Device305
- Test the L2TP over Ipsec VPN Tunnel308
- What Could Go Wrong309
How to Import Zywall/Usg Certificate for L2TP over Ipsec in Android Mobile Phone311
- Set up the L2TP VPN Tunnel on the Zywall/Usg311
- Export a Certificate from Zywall/Usg and Import It to Android Mobile Phone316
- Set up the L2TP VPN Tunnel on the Android Mobile Device317
- Test the L2TP over Ipsec VPN Tunnel320
- What Could Go Wrong322
How to Configure the L2TP VPN with Apple MAC os X 10.11 Operating System324
- Set up the L2TP VPN Tunnel on the Zywall/Usg324
- Operating System330
- Test the L2TP over Ipsec VPN Tunnel332
- What Could Go Wrong334
How to Configure if I Want User Can Only See SSL VPN Login Button in Web Portal Login Page336
- Set up the DNS Service337
- Set up the Zywall/Usg SSL VPN Setting337
- Set up the Zywall/Usg System Setting338
- Test the SSL VPN339
How to Deploy SSL VPN with Windows 10 Operating System343
- Set up the SSL VPN Tunnel on the Zywall/Usg344
- Set up the SSL VPN Tunnel on the Windows 10 Operating System348
- Test the SSL VPN Tunnel352
- What Could Go Wrong353
How to Deploy SSL VPN with Apple Mac os X 10.10 Operating System354
- Set up the SSL VPN Tunnel on the Zywall/Usg355
- Set up the SSL VPN Tunnel on the Apple MAC os X 10.10 Operating System360
- Test the SSL VPN Tunnel364
- What Could Go Wrong367
How to Configure SSL VPN for Remote Access Mobile Devices369
- Set up the SSL VPN Tunnel on the Zywall/Usg369
- Test the SSL VPN Tunnel372
- What Could Go Wrong375
How to Configure an SSL VPN Tunnel (with Secuextender Version 4.0.0.1) on the Windows 10 Operating System376
- Set up the SSL VPN Tunnel with Windows 10376
- What Can Go Wrong380
How to Redirect Multiple LAN Interface Traffic to the VPN Tunnel382
- Set up the Zywall/Usg Ipsec VPN Tunnel of Corporate Network (HQ)383
- Set up the Zywall/Usg Ipsec VPN Tunnel of Corporate Network (Branch)386
- Set up the Policy Route (Zywall/Usg_Hq)389
- Set up the Policy Route (Zywall/Usg_Branch)390
- Test the Ipsec VPN Tunnel391
- What Could Go Wrong393
How to Create VTI and Configure VPN Failover with VTI395
- VTI Deployment Flow395
- Set up the Zywall/Usg VTI of Corporate Network (HQ)396
- Set up the Zywall/Usg VTI of Corporate Network (Branch)401
- Test the Ipsec VPN Tunnel407
- What Can Go Wrong409
How to Configure the USG When Using a Cloud Based SIP System411
- Set up the SIP ALG412
- Test Result413
- What Could Go Wrong413
How to Block HTTPS Websites by Domain Filter Without Applying SSL Inspection414
- Set up the Content Filter on the Zywall/Usg415
- Set up the Security Policy on the Zywall/Usg417
- Set up the System Policy on the Zywall/Usg417
- Test the Result418
How to Configure Content Filter 2.0 with Geo IP Blocking420
- Set up the Address Objet with Geo IP on the Zywall/Usg421
- Set up the Security Policy on the Zywall/Usg422
- Test the Result423
- What Could Go Wrong424
How to Configure Content Filter 2.0 with Https Domain Filter425
- Application Scenario425
- Set up the Content Filter on the Zywall/Usg425
- Set up the Security Policy on the Zywall/Usg427
- Set up the System Policy on the Zywall/Usg428
- Test the Result429
- What Could Wrong430
How to Block the Client Accessing to Certain Country Using Geo IP and Content Filter431
- Check Geo IP License Status on the Zywall/Usg432
- Set up the Address Objet with Geo IP on the Zywall/Usg432
- Set up the Security Policy on the Zywall/Usg433
- Test the Result434
How to Set up Link Aggregation Group (LAG)437
- Set up the Active-Backup, 802.3Ad, Balance-Alb437
- Set up the Active-Backup Mode441
- Test the Result443
- What Can Go Wrong443
How to Restrict Web Portal Access from the Internet444
- Set up the Zywall/Usg System Setting445
- Test the Web Access446
How to Setup and Configure Daily Report448
- Set up the Zywall/Usg Email Daily Report Setting449
- Test the Daily Log Report450
- What Could Go Wrong451
How to Setup and Configure Email Logs452
- Set up the Zywall/Usg Email Logs Setting452
- Test the Email Log454
- What Could Go Wrong455
How to Setup and Send Logs to a Syslog Server456
- Set up the Syslog Server (Use Papertrail Syslog in this Example)456
- Set up the Zywall/Usg Remote Server Setting459
- Test the Remote Server460
- What Could Go Wrong461
How to Setup and Send Logs to a Vantage Reports Server462
- Set up the VRPT Server463
- Set up the Zywall/Usg Remote Server Setting466
- Test the Remote Server466
- What Could Go Wrong467
How to Setup and Send Logs to the USB Storage468
- Set up the USB System Settings469
- Set up the USB Log Storage469
- Check the USG Log Files470
How to Activate a Free Access Hotspot471
- Set up the Free Access Hotspot472
- Test the User Agreement and Advertisement Webpage474
- What Could Go Wrong475
- Set up Enable the Free Time Feature476
- Test Free Time Feature481
- What Can Go Wrong484
How to Setup Ipv6 Interfaces for Pure Ipv6 Routing486
- Setting up the Ipv6 Interface487
- Set up the Prefix Delegation and Router Advertisement489
- Test493
- What Can Go Wrong493
- Test495
How to Perform and Use the Packet Capture Feature on the Zywall/Usg496
- Set up the Packet Capture Feature497
- Check the Capture Files499
How to Automatically Reboot the Zywall/Usg by Schedule501
- Set up the Shell Script502
- Set up the Schedule Run503
- Check the Reboot Status504
How to Schedule Youtube Access506
- Set up the Schedule on the Zywall/Usg506
- Create the Application Objects on the Zywall/Usg507
- Set up the Application Patrol Profile on the Zywall/Usg508
- Set up SSL Inspection on the Zywall/Usg509
- Set up the Security Policy on the Zywall/Usg509
- Export Certificate from Zywall/Usg and Import It to Windows 7 Operation System510
- Test the Result516
- What Could Go Wrong516
How to Continuously Run a Zysh Script518
- Set up the Shell Script519
- Set up the Schedule Run520
- Check the Result521
How to Register Your Device and Services at Myzyxel.com523
- Account Creation524
- Device Registration526
- Service Registration (in the Case of Standard License)527
- Device Management (in the Case of Registering Bundled Licenses)528
- Refresh Service529
- What Could Go Wrong529
How to Exempt Specific Users from Security Control531
- Set up the Security Policy on the Zywall/Usg for Employees532
- Set up the Security Policy on the Zywall/Usg for Executives533
- Test the Result536
- What Could Go Wrong537
How to Detect and Prevent TCP Port Scanning with ADP538
- Set up the ADP Profile on the Zywall/Usg539
- Test the Result542
- What Could Go Wrong543
How to Block Facebook544
- Set up the Content Filter on the Zywall/Usg545
- Set up the SSL Inspection on the Zywall/Usg545
- Set up the Security Policy on the Zywall/Usg546
- Export Certificate from Zywall/Usg and Import It to Windows 7 Operation System548
- Test the Result553
- What Could Go Wrong554
How to Exempt Specific Users from a Blocked Website555
- Set up the Security Policy on the Zywall/Usg for Employees556
- Set up the Security Policy on the Zywall/Usg for Executives557
- Test the Result560
- What Could Go Wrong560
How to Control Access to Google Drive561
- Set up the Application Patrol on the Zywall/Usg562
- Set up the SSL Inspection on the Zywall/Usg564
- Set up the Security Policy on the Zywall/Usg565
- Export Certificate from Zywall/Usg and Import It to Windows 7 Operation System566
- Test the Result570
- What Could Go Wrong571
How to Block HTTPS Websites Using Content Filtering and SSL Inspection572
- Set up the Content Filter on the Zywall/Usg573
- Set up SSL Inspection on the Zywall/Usg574
- Set up the Security Policy on the Zywall/Usg575
- Export Certificate from Zywall/Usg and Import It to Windows 7 Operation System576
- Test the Result581
- What Could Go Wrong582
How to Block the Spotify Music Streaming Service583
- Set up IDP Profile on the Zywall/Usg584
- Test the Result585
- What Could Go Wrong586
How to Test the EICAR Anti-Virus Test File587
- Set up the Anti-Virus Profile on the Zywall/Usg588
- Set up the Security Policy on the Zywall/Usg589
- Test the Result590
- What Could Go Wrong591
How to Block Downloading of DOC, PDF, XLS and ZIP Files592
- Set up the Anti-Virus Profile on the Zywall/Usg593
- Set up the Security Policy on the Zywall/Usg595
- Test the Result596
- What Could Go Wrong597
How to Configure an Anti-Spam Policy with Mail Scan and DNSBL599
- Set up the Anti-Spam Profile on the Zywall/Usg600
- Set up the Security Policy on the Zywall/Usg603
- Test the Result604
- What Could Go Wrong605
How to Configure Bandwidth Management for FTP and HTTP Traffic606
- Set up the Bandwidth Management for FTP on the Zywall/Usg607
- Set up the Bandwidth Management for HTTP on the Zywall/Usg608
- Set up the Bandwidth Management Global Setting on the610
- Zywall/Usg610
- Test the Result610
- What Could Go Wrong611
How to Limit Bittorrent or Other Peer-To-Peer Traffic612
- Set up the Application Patrol Profile on the Zywall/Usg613
- Set up the Bandwidth Management for Bittorrent on the Zywall/Usg614
- Set up the Bandwidth Management Global Setting on the Zywall/Usg616
- Test the Result616
- What Could Go Wrong617
How to Configure a Trunk for WAN Load Balancing with a Static or Dynamic IP Address618
- Set up the Available Bandwidth on WAN1 Interfaces on the Zywall/Usg619
- Set up the Available Bandwidth on WAN2 Interfaces on the Zywall/Usg620
- Set up the WAN Trunk on the Zywall/Usg620
- Test the Result621
- What Could Go Wrong622
How to Configure DNS Inbound Load Balancing to Balance DNS Queries Among Interfaces623
- Set up the DNS Inbound Load Balancing on the Zywall/Usg624
- Set up the NAT Rule on the Zywall/Usg625
- Test the Result626
- What Could Go Wrong627
How to Manage Voice Traffic628
- Set up the SIP ALG on the Zywall/Usg629
- Set up the Bandwidth Management for SIP on the Zywall/Usg629
- Set up the Bandwidth Management for P2P on the Zywall/Usg630
- Set up the Bandwidth Management for FTP on the Zywall/Usg631
- Test the Result633
- What Could Go Wrong634
How to Manage Zywall/Usg Configuration Files635
- Rename the Configuration Files from the Zywall/Usg636
- Download the Configuration Files on the Zywall/Usg637
- Copy the Configuration Files on the Zywall/Usg637
- Apply the Configuration Files on the Zywall/Usg638
- Upload the Configuration Files from the Zywall/Usg639
- What Could Go Wrong640
How to Manage Zywall/Usg Firmware641
- Download the Current Firmware Version from Zyxel.com642
- Upload the Firmware on the Zywall/Usg643
- What Could Go Wrong646
How to Get Started Using the Wizards647
- Set up the Internet Access (Ethernet) Wizard on the Zywall/Usg647
- Set up the Internet Access (Pppoe) Wizard on the Zywall/Usg651
- Set up the Internet Access (PPTP) Wizard on the Zywall/Usg653
- Set up the Wireless Settings Wizard on the Zywall/Usg656
- Set up the Device Registration on the Zywall/Usg658
How to Configure the 3G/LTE Interface on the Zywall/Usg as a WAN Backup660
- Set up the 3G/LTE Interface on the Zywall/Usg661
- Set up the Trunk on the Zywall/Usg662
- Test the Result663
- What Could Go Wrong664
How to Configure Two Different WAN Interfaces with Different IP Addresses in the same VLAN665
- Set up the Port Grouping on the Zywall/Usg666
- Set up the VLAN on the Zywall/Usg666
- Set up the Routing on the Zywall/Usg668
- Test the Result668
- What Could Go Wrong669
How to Let a Server Use the same Public IP Address as the WAN Interface Using the Bridge Interface670
- Set up the Bridge Interface on the Zywall/Usg671
- Test the Result672
- What Could Go Wrong673
How to Allow Public Access to a Server Behind Zywall/Usg674
- Set up the NAT on the Zywall/Usg675
- Set up the Security Policy on the Zywall/Usg675
- Test the Result676
- What Could Go Wrong677
How to Set up a Wifi Network with Zyxel Aps678
- Set up the AP Management on the Zywall/Usg679
- Test the Result681
- What Could Go Wrong681
How to Set up Guest Wifi Network Accounts683
- Set up the Wifi Guest Account, Address Range and Service Rule on the Zywall/Usg684
- Set up the Web Authentication on the Zywall/Usg686
- Set up the Security Policy on the Zywall/Usg687
- Test the Result688
- What Could Go Wrong690
How to Create a Wi-Fi VLAN Interfaces to Separate Staff Network and Guest Network692
- Set up Wi-Fi VLAN Interfaces693
- Test Result700
- What Could Go Wrong701
How to Set up Wifi Networks with Microsoft Active Directory Authentication703
- Set up the Wi-Fi Guest Account and Authentication Method on the Zywall/Usg704
- Set up the Active Directory Server Account on the Zywall/Usg705
- Set up the Security Policy on the Zywall/Usg706
- Test the Result707
- What Could Go Wrong709
How to Set up Ipv6 Interfaces for Pure Ipv6 Routing710
- Enable the Ipv6 on the Zywall/Usg711
- Set up the WAN Ipv6 Interface on the Zywall/Usg711
- Set up the LAN Ipv6 Interface on the Zywall/Usg712
- Test the Result714
- What Could Go Wrong715
How to Set up an Ipv6 6To4 Tunnel716
- Set up the LAN Ipv6 Interface on the Zywall/Usg717
- Set up the 6To4 Tunnel on the Zywall/Usg718
- Test the Result719
- What Could Go Wrong720
How to Set up an Ipv6-In-Ipv4 Tunnel721
- Set up the LAN Ipv6 Interface on the Zywall/Usg722
- Set up the 6To4 Tunnel on the Zywall/Usg723
- Set up the Policy Route on the Zywall/Usg724
- Test the Result725
- What Could Go Wrong726
How to Update Firmware Automatically from a USB Storage727
- Automatic USB Firmware Upgrade Flow727
- Enable the USB Firmware Upgrade Function by CLI Command728
- Save the Firmware on the USB728
- Plug the USB into the Device729
- Firmware Version729
- Check Firmware Status730
- What Can Go Wrong731
How to Configure DHCP Option 60 - Vendor Class Identifier734
- DHCP Option 60 Deployment Flow734
- Setting up DHCP Option 60 on the Web GUI734
- Setting up DHCP Option 60 on the CLI736
- Test DHCP Option 60736
- What Can Go Wrong737
How to Configure Device HA Pro738
- Device HA Pro License739
- Behavior of the Device HA Pro740
- Device-HA Pro Setting Screen740
- Suggestions742
- How Do I Configure Device HA Pro in My Current Environment743
- What Can Go Wrong749

ZyXEL Communications ZyWALL 310 - What Could Go Wrong

Table of Contents

Other manuals for ZyXEL Communications ZyWALL 310

Related product manuals