Home » ZyXEL Manuals » Networking » ZyXEL UAG715 » Manual Viewer

ZyXEL UAG715 User Guide - Page 229

Table 91, Label, Description

Add to My Manuals
Save this manual to your list of manuals

Page 229 highlights

Chapter 20 Web Authentication The following table gives an overview of the objects you can configure. Table 91 Configuration > Web Authentication > Add LABEL Create new Object Enable Policy Description User Authentication Policy Source Address Destination Address Schedule Authentication DESCRIPTION Use to configure any new settings objects that you need to use in this screen. Select this check box to activate the authentication policy. This field is available for userconfigured policies. Enter a descriptive name of up to 60 printable ASCII characters for the policy. Spaces are allowed. This field is available for user-configured policies. Use this section of the screen to determine which traffic requires (or does not require) the senders to be authenticated in order to be routed. Select a source address or address group for whom this policy applies. Select any if the policy is effective for every source. This is any and not configurable for the default policy. Select a destination address or address group for whom this policy applies. Select any if the policy is effective for every destination. This is any and not configurable for the default policy. Select a schedule that defines when the policy applies. Otherwise, select none and the rule is always effective. This is none and not configurable for the default policy. Select the authentication requirement for users when their traffic matches this policy. unnecessary - Users do not need to be authenticated. Log Force User Authentication Endpoint Security (EPS) Enable EPS Checking Periodical checking time Available EPS Object / Selected EPS Object required - Users need to be authenticated. If Force User Authentication is selected, all HTTP traffic from unauthenticated users is redirected to a default or user-defined login page. Otherwise, they must manually go to the login screen. The UAG will not redirect them to the login screen. This field is available for the default policy. Select whether to have the UAG generate a log (log), log and alert (log alert) or not (no) for packets that match the default policy. See Chapter 40 on page 467 for more on logs. This field is available for user-configured policies that require authentication. Select this to have the UAG automatically display the login screen when users who have not logged in yet try to send HTTP traffic. These fields display when you set the Authentication field to required. Use these fields to make sure users' computers meet an endpoint security object's Operating System (OS) and security requirements before granting access. These fields are available for userconfigured policies that require authentication. Select this to have the UAG check that users' computers meet the Operating System (OS) and security requirements of one of the policy's selected endpoint security objects before granting access. Select this and specify a number of minutes to have the UAG repeat the endpoint security check at a regular interval. Configured endpoint security objects appear on the left. Select the endpoint security objects to use for this policy and click the right arrow button to add them to the selected list on the right. Use the [Shift] and/or [Ctrl] key to select multiple objects. Select any endpoint security objects that you want to remove from the selected list and click the left arrow button to remove them. The UAG checks authenticated users' computers against the policy's selected endpoint security objects in the order you list them here. When a user's computer matches an endpoint security object the UAG grants access and stops checking. Select an endpoint security object and use the up and down arrows to change it's position in the list. To make the endpoint security check as efficient as possible, arrange the endpoint security objects in order with the one that the most users should match first and the one that the least user's should match last. UAG715 User's Guide 229

Section	Page
UAG715	1
Contents Overview	3
Table of Contents	5
Introduction	19
1.1 Overview	19
1.1.1 Key Applications	19
1.2 Default Zones, Interfaces, and Ports	21
1.3 Management Overview	22
1.4 Web Configurator	22
1.4.1 Web Configurator Access	23
1.4.2 Web Configurator Screens Overview	23
1.4.3 Navigation Panel	26
1.4.4 Tables and Lists	30
1.5 Stopping the UAG	33
Hardware Installation and Connection	34
2.1 Rack-mounting	34
2.2 Front Panel	35
2.2.1 Front Panel LEDs	36
2.3 Rear Panel	36
Installation Setup Wizard	37
3.1 Installation Setup Wizard Screens	37
3.1.1 Internet Access Setup - WAN Interface	37
3.1.2 Internet Access: Ethernet	38
3.1.3 Internet Access: PPPoE	39
3.1.4 Internet Access: PPTP	41
3.1.5 ISP Parameters	41
3.1.6 Internet Access Setup - Second WAN Interface	42
3.1.7 Internet Access - Finish	43
3.2 Device Registration	44
Quick Setup Wizards	47
4.1 Quick Setup Overview	47
4.2 WAN Interface Quick Setup	47
4.2.1 Choose an Ethernet Interface	48
4.2.2 Select WAN Type	48
4.2.3 Configure WAN Settings	49
4.2.4 WAN and ISP Connection Settings	49
4.2.5 Quick Setup Interface Wizard: Summary	51
4.3 VPN Setup Wizard	52
4.3.1 Welcome	53
4.3.2 VPN Setup Wizard: Wizard Type	53
4.3.3 VPN Express Wizard - Scenario	54
4.3.4 VPN Express Wizard - Configuration	55
4.3.5 VPN Express Wizard - Summary	56
4.3.6 VPN Express Wizard - Finish	56
4.3.7 VPN Advanced Wizard - Scenario	57
4.3.8 VPN Advanced Wizard - Phase 1 Settings	58
4.3.9 VPN Advanced Wizard - Phase 2	59
4.3.10 VPN Advanced Wizard - Summary	60
4.3.11 VPN Advanced Wizard - Finish	61
Dashboard	63
5.1 Overview	63
5.1.1 What You Can Do in this Chapter	63
5.2 The Dashboard Screen	63
5.2.1 The CPU Usage Screen	68
5.2.2 The Memory Usage Screen	68
5.2.3 The Active Sessions Screen	69
5.2.4 The VPN Status Screen	70
5.2.5 The DHCP Table Screen	70
5.2.6 The Number of Login Users Screen	71
Monitor	73
6.1 Overview	73
6.1.1 What You Can Do in this Chapter	73
6.2 The Port Statistics Screen	74
6.2.1 The Port Statistics Graph Screen	75
6.3 Interface Status Screen	76
6.4 The Traffic Statistics Screen	78
6.5 The Session Monitor Screen	80
6.6 The DDNS Status Screen	82
6.7 IP/MAC Binding Monitor	83
6.8 The Login Users Screen	83
6.9 USB Storage Screen	84
6.10 VPN 1-1 Mapping Status	85
6.11 VPN 1-1 Mapping Statistics	86
6.12 The IPSec Monitor Screen	87
6.12.1 Regular Expressions in Searching IPSec SAs	88
6.13 The SSL Connection Monitor Screen	88
6.14 The Content Filter Statistics Screen	89
6.15 Content Filter Cache Screen	91
6.16 Log Screen	93
Registration	97
7.1 Overview	97
7.1.1 What You Can Do in this Chapter	97
7.1.2 What you Need to Know	97
7.2 Registration Screen	98
7.3 Service Screen	100
Interfaces	103
8.1 Interface Overview	103
8.1.1 What You Can Do in this Chapter	103
8.1.2 What You Need to Know	103
8.2 Port Role Screen	106
8.3 Ethernet Summary Screen	107
8.3.1 Ethernet Edit	108
8.3.2 Object References	115
8.4 PPP Interfaces	115
8.4.1 PPP Interface Summary	116
8.4.2 PPP Interface Add or Edit	117
8.5 VLAN Interfaces	121
8.5.1 VLAN Summary Screen	122
8.5.2 VLAN Add/Edit	123
8.6 Bridge Interfaces	128
8.6.1 Bridge Summary	130
8.6.2 Bridge Add/Edit	131
8.7 Virtual Interfaces	136
8.7.1 Virtual Interfaces Add/Edit	136
8.8 Interface Technical Reference	137
Trunks	143
9.1 Overview	143
9.1.1 What You Can Do in this Chapter	143
9.1.2 What You Need to Know	143
9.2 The Trunk Summary Screen	146
9.2.1 Configuring a User-Defined Trunk	148
9.2.2 Configuring the System Default Trunk	150
Policy and Static Routes	153
10.1 Policy and Static Routes Overview	153
10.1.1 What You Can Do in this Chapter	153
10.1.2 What You Need to Know	154
10.2 Policy Route Screen	155
10.2.1 Policy Route Edit Screen	157
10.3 IP Static Route Screen	161
10.3.1 Static Route Add/Edit Screen	162
10.4 Policy Routing Technical Reference	163
Routing Protocols	165
11.1 Routing Protocols Overview	165
11.1.1 What You Can Do in this Chapter	165
11.1.2 What You Need to Know	165
11.2 The RIP Screen	165
11.3 The OSPF Screen	167
11.3.1 Configuring the OSPF Screen	170
11.3.2 OSPF Area Add/Edit Screen	172
11.3.3 Virtual Link Add/Edit Screen	174
11.4 Routing Protocol Technical Reference	174
Zones	177
12.1 Zones Overview	177
12.1.1 What You Can Do in this Chapter	177
12.1.2 What You Need to Know	177
12.2 The Zone Screen	178
12.3 Zone Edit	179
DDNS	181
13.1 DDNS Overview	181
13.1.1 What You Can Do in this Chapter	181
13.1.2 What You Need to Know	181
13.2 The DDNS Screen	182
13.2.1 The Dynamic DNS Add/Edit Screen	183
NAT	187
14.1 NAT Overview	187
14.1.1 What You Can Do in this Chapter	187
14.1.2 What You Need to Know	187
14.2 The NAT Screen	188
14.2.1 The NAT Add/Edit Screen	189
14.3 NAT Technical Reference	191
VPN 1-1 Mapping	195
15.1 VPN 1-1 Mapping Overview	195
15.1.1 What You Can Do in this Chapter	195
15.1.2 What You Need to Know	196
15.2 The VPN 1-1 Mapping Screen	196
15.2.1 The VPN 1-1 Mapping Edit Screen	197
15.3 The VPN 1-1 Mapping Profile Screen	198
HTTP Redirect	201
16.1 Overview	201
16.1.1 What You Can Do in this Chapter	201
16.1.2 What You Need to Know	201
16.2 The HTTP Redirect Screen	202
16.2.1 The HTTP Redirect Edit Screen	203
SMTP Redirect	205
17.1 Overview	205
17.1.1 What You Can Do in this Chapter	205
17.1.2 What You Need to Know	205
17.2 The SMTP Redirect Screen	206
17.2.1 The SMTP Redirect Edit Screen	207
ALG	209
18.1 ALG Overview	209
18.1.1 What You Can Do in this Chapter	209
18.1.2 What You Need to Know	209
18.1.3 Before You Begin	212
18.2 The ALG Screen	212
18.3 ALG Technical Reference	214
IP/MAC Binding	217
19.1 IP/MAC Binding Overview	217
19.1.1 What You Can Do in this Chapter	217
19.1.2 What You Need to Know	217
19.2 IP/MAC Binding Summary	218
19.2.1 IP/MAC Binding Edit	219
19.2.2 Static DHCP Edit	220
19.3 IP/MAC Binding Exempt List	220
Web Authentication	223
20.1 Overview	223
20.1.1 What You Can Do in this Chapter	224
20.1.2 What You Need to Know	224
20.2 Web Authentication Screen	225
20.2.1 Creating/Editing an Authentication Policy	228
20.3 User-aware Access Control Example	230
20.3.1 Set Up User Accounts	230
20.3.2 Set Up User Groups	231
20.3.3 Set Up User Authentication Using the RADIUS Server	231
20.3.4 User Group Authentication Using the RADIUS Server	234
20.4 Endpoint Security (EPS) Example	235
20.4.1 Configure the Endpoint Security Objects	235
20.4.2 Configure the Authentication Policy	237
Firewall	239
21.1 Overview	239
21.1.1 What You Can Do in this Chapter	239
21.1.2 What You Need to Know	239
21.2 The Firewall Screen	242
21.2.1 Configuring the Firewall Screen	242
21.2.2 The Firewall Add/Edit Screen	245
21.3 The Session Limit Screen	246
21.3.1 The Session Limit Add/Edit Screen	247
21.4 Firewall Rule Configuration Example	248
21.5 Firewall Rule Example Applications	250
IPSec VPN	253
22.1 Virtual Private Networks (VPN) Overview	253
22.1.1 What You Can Do in this Chapter	254
22.1.2 What You Need to Know	254
22.1.3 Before You Begin	256
22.2 The VPN Connection Screen	256
22.2.1 The VPN Connection Add/Edit (IKE) Screen	257
22.2.2 The VPN Connection Add/Edit Manual Key Screen	263
22.3 The VPN Gateway Screen	265
22.3.1 The VPN Gateway Add/Edit Screen	266
22.4 IPSec VPN Background Information	272
SSL VPN	285
23.1 Overview	285
23.1.1 What You Can Do in this Chapter	285
23.1.2 What You Need to Know	285
23.2 The SSL Access Privilege Screen	286
23.2.1 The SSL Access Policy Add/Edit Screen	287
23.3 The SSL Global Setting Screen	290
23.3.1 How to Upload a Custom Logo	292
23.4 SSL VPN Example	293
SSL User Screens	295
24.1 Overview	295
24.1.1 What You Need to Know	295
24.2 Remote SSL User Login	296
24.3 The SSL VPN User Screens	299
24.4 Bookmarking the UAG	300
24.5 Logging Out of the SSL VPN User Screens	301
24.6 SSL User Application Screen	301
ZyWALL SecuExtender	303
25.1 The ZyWALL SecuExtender Icon	303
25.2 Status	303
25.3 View Log	304
25.4 Suspend and Resume the Connection	305
25.5 Stop the Connection	305
25.6 Uninstalling the ZyWALL SecuExtender	305
Bandwidth Management	307
26.1 Overview	307
26.1.1 What You Can Do in this Chapter	307
26.1.2 What You Need to Know	307
26.2 The Bandwidth Management Screen	311
26.2.1 The Bandwidth Management Add/Edit Screen	313
ADP	317
27.1 Overview	317
27.1.1 What You Can Do in this Chapter	317
27.1.2 What You Need To Know	317
27.1.3 Before You Begin	318
27.2 The ADP General Screen	318
27.3 The Profile Summary Screen	319
27.3.1 Configuring The ADP Profile Summary Screen	319
27.3.2 Base Profiles	320
27.3.3 Creating New ADP Profiles	321
27.3.4 Traffic Anomaly Profiles	321
27.3.5 Protocol Anomaly Profiles	324
27.3.6 Protocol Anomaly Configuration	324
27.4 ADP Technical Reference	327
Content Filtering	333
28.1 Overview	333
28.1.1 What You Can Do in this Chapter	333
28.1.2 What You Need to Know	333
28.1.3 Before You Begin	334
28.2 Content Filter General Screen	335
28.2.1 Content Filter Policy Add or Edit Screen	337
28.3 Content Filter Profile Screen	338
28.4 Content Filter Category Service Screen	339
28.4.1 Content Filter Blocked and Warning Messages	350
28.5 Content Filter Custom Service Screen	350
28.6 Content Filter Technical Reference	353
User/Group	355
29.1 Overview	355
29.1.1 What You Can Do in this Chapter	355
29.1.2 What You Need To Know	355
29.2 User Summary Screen	357
29.2.1 User Add/Edit Screen	358
29.3 User Group Summary Screen	360
29.3.1 Group Add/Edit Screen	361
29.4 The User/Group Setting Screen	362
29.4.1 Default User Settings Edit Screens	364
29.4.2 User Aware Login Example	365
29.5 User /Group Technical Reference	366
Addresses	368
30.1 Overview	368
30.1.1 What You Can Do in this Chapter	368
30.1.2 What You Need To Know	368
30.2 Address Summary Screen	368
30.2.1 Address Add/Edit Screen	369
30.3 Address Group Summary Screen	370
30.3.1 Address Group Add/Edit Screen	371
Services	373
31.1 Overview	373
31.1.1 What You Can Do in this Chapter	373
31.1.2 What You Need to Know	373
31.2 The Service Summary Screen	374
31.2.1 The Service Add/Edit Screen	375
31.3 The Service Group Summary Screen	376
31.3.1 The Service Group Add/Edit Screen	376
Schedules	378
32.1 Overview	378
32.1.1 What You Can Do in this Chapter	378
32.1.2 What You Need to Know	378
32.2 The Schedule Summary Screen	379
32.2.1 The One-Time Schedule Add/Edit Screen	380
32.2.2 The Recurring Schedule Add/Edit Screen	381
AAA Server	382
33.1 Overview	382
33.1.1 Directory Service (AD/LDAP)	382
33.1.2 RADIUS Server	382
33.1.3 What You Can Do in this Chapter	383
33.1.4 What You Need To Know	383
33.2 Active Directory or LDAP Server Summary	384
33.2.1 Adding an Active Directory or LDAP Server	385
33.3 RADIUS Server Summary	387
33.3.1 Adding a RADIUS Server	388
Authentication Method	390
34.1 Overview	390
34.1.1 What You Can Do in this Chapter	390
34.1.2 Before You Begin	390
34.1.3 Example: Selecting a VPN Authentication Method	390
34.2 Authentication Method Objects	391
34.2.1 Creating an Authentication Method Object	391
Certificates	394
35.1 Overview	394
35.1.1 What You Can Do in this Chapter	394
35.1.2 What You Need to Know	394
35.1.3 Verifying a Certificate	396
35.2 The My Certificates Screen	397
35.2.1 The My Certificates Add Screen	398
35.2.2 The My Certificates Edit Screen	401
35.2.3 The My Certificates Import Screen	404
35.3 The Trusted Certificates Screen	405
35.3.1 The Trusted Certificates Edit Screen	406
35.3.2 The Trusted Certificates Import Screen	409
ISP Accounts	411
36.1 Overview	411
36.1.1 What You Can Do in this Chapter	411
36.2 ISP Account Summary	411
36.2.1 ISP Account Edit	412
SSL Application	414
37.1 Overview	414
37.1.1 What You Can Do in this Chapter	414
37.1.2 What You Need to Know	414
37.1.3 Example: Specifying a Web Site for Access	415
37.2 The SSL Application Screen	416
37.2.1 Creating/Editing an SSL Application Object	417
Endpoint Security	419
38.1 Overview	419
38.1.1 What You Can Do in this Chapter	419
38.1.2 What You Need to Know	420
38.2 Endpoint Security Screen	420
38.3 Endpoint Security Add/Edit	421
System	427
39.1 Overview	427
39.1.1 What You Can Do in this Chapter	427
39.2 Host Name	428
39.3 USB Storage	428
39.4 Date and Time	429
39.4.1 Pre-defined NTP Time Servers List	432
39.4.2 Time Server Synchronization	432
39.5 Console Port Speed	433
39.6 DNS Overview	434
39.6.1 DNS Server Address Assignment	434
39.6.2 Configuring the DNS Screen	434
39.6.3 Address Record	436
39.6.4 PTR Record	436
39.6.5 Adding an Address/PTR Record	436
39.6.6 Domain Zone Forwarder	437
39.6.7 Adding a Domain Zone Forwarder	437
39.6.8 MX Record	438
39.6.9 Adding a MX Record	438
39.6.10 Adding a DNS Service Control Rule	439
39.7 WWW Overview	439
39.7.1 Service Access Limitations	440
39.7.2 System Timeout	440
39.7.3 HTTPS	440
39.7.4 Configuring WWW Service Control	441
39.7.5 Service Control Rules	444
39.7.6 Customizing the WWW Login Page	445
39.7.7 HTTPS Example	449
39.8 SSH	456
39.8.1 How SSH Works	457
39.8.2 SSH Implementation on the UAG	458
39.8.3 Requirements for Using SSH	458
39.8.4 Configuring SSH	458
39.8.5 Secure Telnet Using SSH Examples	459
39.9 Telnet	461
39.9.1 Configuring Telnet	461
39.10 FTP	462
39.10.1 Configuring FTP	462
39.11 SNMP	463
39.11.1 Supported MIBs	464
39.11.2 SNMP Traps	465
39.11.3 Configuring SNMP	465
Log and Report	467
40.1 Overview	467
40.1.1 What You Can Do In this Chapter	467
40.2 Email Daily Report	467
40.3 Log Setting Screens	469
40.3.1 Log Setting Summary	469
40.3.2 Edit System Log Settings	471
40.3.3 Edit Log on USB Storage Setting	473
40.3.4 Edit Remote Server Log Settings	475
40.3.5 Active Log Summary Screen	477
File Manager	481
41.1 Overview	481
41.1.1 What You Can Do in this Chapter	481
41.1.2 What you Need to Know	481
41.2 The Configuration File Screen	483
41.3 The Firmware Package Screen	487
41.4 The Shell Script Screen	489
Diagnostics	492
42.1 Overview	492
42.1.1 What You Can Do in this Chapter	492
42.2 The Diagnostics Screen	492
42.2.1 The Diagnostics Files Screen	493
42.3 The Packet Capture Screen	494
42.3.1 The Packet Capture Files Screen	496
42.4 Core Dump Screen	497
42.4.1 Core Dump Files Screen	497
42.5 The System Log Screen	498
Packet Flow Explore	500
43.1 Overview	500
43.1.1 What You Can Do in this Chapter	500
43.2 The Routing Status Screen	500
43.3 The SNAT Status Screen	505
Reboot	509
44.1 Overview	509
44.1.1 What You Need To Know	509
44.2 The Reboot Screen	509
Shutdown	510
45.1 Overview	510
45.1.1 What You Need To Know	510
45.2 The Shutdown Screen	510
Troubleshooting	511
46.1 Resetting the UAG	519
46.2 Getting More Troubleshooting Help	520
Legal Information	521

Match case Limit results 1 per page

Chapter 20 Web Authentication

UAG715 User’s Guide

229

The following table gives an overview of the objects you can configure.

Table 91

Configuration > Web Authentication > Add

LABEL

DESCRIPTION

Create new

Object

Use to configure any new settings objects that you need to use in this screen.

Enable Policy

Select this check box to activate the authentication policy. This field is available for user-

configured policies.

Description

Enter a descriptive name of up to 60 printable ASCII characters for the policy. Spaces are

allowed. This field is available for user-configured policies.

User

Authentication

Policy

Use this section of the screen to determine which traffic requires (or does not require) the

senders to be authenticated in order to be routed.

Source Address

Select a source address or address group for whom this policy applies. Select

any

if the

policy is effective for every source. This is

any

and not configurable for the default policy.

Destination

Address

Select a destination address or address group for whom this policy applies. Select

any

the policy is effective for every destination. This is

any

and not configurable for the default

policy.

Schedule

Select a schedule that defines when the policy applies. Otherwise, select

none

and the rule

is always effective. This is

none

and not configurable for the default policy.

Authentication

Select the authentication requirement for users when their traffic matches this policy.

unnecessary

- Users do not need to be authenticated.

required

- Users need to be authenticated. If

Force User Authentication

is selected, all

HTTP traffic from unauthenticated users is redirected to a default or user-defined login

page. Otherwise, they must manually go to the login screen. The UAG will not redirect

them to the login screen.

Log

This field is available for the default policy. Select whether to have the UAG generate a log

(

log

), log and alert (

log alert

) or not (

) for packets that match the default policy. See

Chapter 40 on page 467

for more on logs.

Force User

Authentication

This field is available for user-configured policies that require authentication. Select this to

have the UAG automatically display the login screen when users who have not logged in yet

try to send HTTP traffic.

Endpoint

Security (EPS)

These fields display when you set the

Authentication

field to

required

. Use these fields

to make sure users’ computers meet an endpoint security object’s Operating System (OS)

and security requirements before granting access. These fields are available for user-

configured policies that require authentication.

Enable EPS

Checking

Select this to have the UAG check that users’ computers meet the Operating System (OS)

and security requirements of one of the policy’s selected endpoint security objects before

granting access.

Periodical

checking time

Select this and specify a number of minutes to have the UAG repeat the endpoint security

check at a regular interval.

Available EPS

Object /

Selected EPS

Object

Configured endpoint security objects appear on the left. Select the endpoint security

objects to use for this policy and click the right arrow button to add them to the selected

list on the right. Use the [Shift] and/or [Ctrl] key to select multiple objects. Select any

endpoint security objects that you want to remove from the selected list and click the left

arrow button to remove them.

The UAG checks authenticated users’ computers against the policy’s selected endpoint

security objects in the order you list them here. When a user’s computer matches an

endpoint security object the UAG grants access and stops checking. Select an endpoint

security object and use the up and down arrows to change it’s position in the list. To make

the endpoint security check as efficient as possible, arrange the endpoint security objects

in order with the one that the most users should match first and the one that the least

user’s should match last.