Home » ZyXEL Manuals » Network Security & Firewall Devices » ZyXEL USG 200/100-PLUS/100/50 » Manual Viewer

ZyXEL USG 200/100-PLUS/100/50 User Guide - Page 138

The Device Service Screen

View all ZyXEL USG 200/100-PLUS/100/50 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 138 highlights

Chapter 9 Firewall Table 51 Firewall Rules: Add/Edit LABEL DESCRIPTION Source IP Select Destination Device Destination IP Select Service Protocol Enter the source IP address, or select Any to apply firewall rule to any source IP addresses. Select the destination device to which the firewall rule applies. If you select Specific Address IP, enter the source IP address in the field below. If you do not select Any, enter the destiniation IP address in this field. Select the transport layer protocol that defines your customized port from the dropdown list box. The specific protocol rule sets you add in the Configuration > Firewall / Security > Service > Add screen display in this list. This field is displayed only when you select Any in Select Service. Policy Enable Rate Limit Choose the IP port (ALL, TCP, UDP, ICMP, or ICMP6) that defines your customized port from the drop-down list box. Use the drop-down list box to select whether to discard (DROP), deny and send an ICMP destination-unreachable message to the sender of (REJECT) or allow the passage of (ACCEPT) packets that match this rule. Select this check box to set a limit on the upstream/downstream transmission rate for the specified protocol. Scheduler Rules OK Cancel Specify how many packet(s) per Minute or Second the transmission rate is. Select a scheduler rule for this firewall rule form the drop-down list box. The scheduler rules available are the ones you create in the Configuration > Firewall / Security > Scheduler Rule screen. Click OK to save your changes. Click Cancel to restore your previously saved settings. 9.5 The Device Service Screen Use this screen to configure through which interfaces, which services can access the VPN2S. You can also specify the port numbers the services must use to connect to the VPN2S. Use the Trust Domain section in this screen to view a list of public IP addresses which are allowed to access the VPN2S through the services configured above. Click Configuration > Firewall / Security > Device Service to open the following screen. VPN2S User's Guide 138

Section	Page
VPN2S	1
Document Conventions	3
Contents Overview	4
Table of Contents	5
User’s Guide	13
Introducing the VPN2S	14
1.1 Overview	14
1.2 Registration at myZyxel	14
1.3 Ways to Manage the VPN2S	15
1.4 Good Habits for Managing the VPN2S	16
1.5 Applications for the VPN2S	16
1.5.1 Internet Access	16
1.5.2 VPN2S’s USB Support	17
1.5.3 IPv6 Routing	18
1.5.4 VPN Connectivity	18
1.5.5 Load Balancing	19
1.6 LEDs (Lights)	19
1.7 The RESET Button	21
The Web Configurator	22
2.1 Overview	22
2.1.1 Accessing the Web Configurator	22
2.2 Web Configurator Layout	24
2.2.1 Title Bar	25
2.2.2 Navigation Panel	25
2.2.3 Main Window	28
Wizard	29
3.1 Overview	29
3.2 Wizard Basic Setup	30
3.3 Wizard IPsec VPN Setup	35
3.3.1 VPN Express Settings	36
3.3.2 VPN Advanced Settings	38
3.4 Wizard IPv6 Setup	43
Technical Reference	47
Dashboard	48
4.1 Overview	48
4.2 The Dashboard Screen	48
WAN/Internet	51
5.1 Overview	51
5.1.1 What You Can Do in this Chapter	52
5.1.2 What You Need to Know	52
5.1.3 Before You Begin	54
5.2 The WAN Status Screen	55
5.3 The WAN Setup Screen	55
5.3.1 Internet Connection: Add/Edit	56
5.4 The Mobile Screen	64
5.5 The Port Setting Screen	68
5.6 The Multi-WAN Screen	69
5.6.1 Multi-WAN: Edit	70
5.6.2 How to Configure Multi-WAN for Load Balancing and Failover	71
5.7 The Dynamic DNS screen	72
5.7.1 Dynamic DNS: Add/Edit	73
5.8 Technical Reference	75
LAN	78
6.1 Overview	78
6.1.1 What You Can Do in this Chapter	78
6.1.2 What You Need To Know	79
6.1.3 Before You Begin	80
6.2 The LAN Status Screen	80
6.3 The LAN Setup Screen	81
6.3.1 LAN Setup: Edit	82
6.3.2 LAN Setup IPv6: Edit	84
6.4 The Static DHCP Screen	87
6.4.1 Static DHCP: Add/Edit	87
6.5 The Additional Subnet Screen	89
6.6 The Wake on LAN Screen	89
6.6.1 Wake On LAN: Add/Edit	90
6.7 The VLAN / Interface Group Screen	91
6.7.1 VLAN / Interface Group: Add/Edit	92
6.8 The DNS Entry Screen	97
6.9 The DNS Forwarder Screen	97
6.9.1 DNS Forwarder: Add/Edit	98
6.10 Technical Reference	99
6.10.1 LANs, WANs and the VPN2S	99
6.10.2 DHCP Setup	99
6.10.3 DNS Server Addresses	100
6.10.4 LAN TCP/IP	100
Routing	102
7.1 Overview	102
7.1.1 What You Can Do in this Chapter	102
7.2 The Routing Status Screen	103
7.3 The Policy Route Screen	109
7.3.1 Policy Route: Add/Edit	110
7.4 The Static Route Screen	112
7.4.1 Static Route: Add/Edit	113
7.5 The RIP Screen	114
Network Address Translation (NAT)	116
8.1 Overview	116
8.1.1 What You Can Do in this Chapter	116
8.1.2 What You Need To Know	116
8.2 The Port Forwarding Screen	117
8.2.1 Port Forwarding: Add/Edit	119
8.3 The Port Triggering Screen	120
8.3.1 Port Triggering Rule: Add/Edit	122
8.4 The Address Mapping Screen	123
8.4.1 Address Mapping Rule: Add/Edit	124
8.5 The Default Server Screen	125
8.5.1 Default Server: Edit	126
8.6 The ALG Screen	127
8.7 Technical Reference	128
8.7.1 NAT Definitions	128
8.7.2 What NAT Does	128
8.7.3 How NAT Works	129
8.7.4 NAT Application	129
Firewall	132
9.1 Overview	132
9.1.1 What You Can Do in this Chapter	132
9.1.2 What You Need to Know	133
9.2 The Firewall Overview Screen	134
9.3 The DoS Screen	134
9.4 The Firewall Rules Screen	135
9.4.1 Firewall Rule: Add/Edit	136
9.5 The Device Service Screen	138
9.5.1 Device Service: Edit	140
9.5.2 Trust Domain: Add/Edit	140
9.6 The Zone Control Screen	141
9.7 The Service Screen	142
9.7.1 Service: Add/Edit	143
9.8 The MAC Filter Screen	144
9.8.1 MAC Filter: Add/Edit	145
9.9 The Certificate Screen	146
9.10 The AAA Server	147
9.10.1 LDAP Server: Add/Edit	148
9.10.2 RADIUS Server: Add/Edit	150
Security Service	152
10.1 Overview	152
10.1.1 What You Can Do in This Chapter	152
10.1.2 What You Need to Know	152
10.2 The Content Filter Screen	153
10.2.1 Content Filter: Add/Edit	156
VPN	160
11.1 Overview	160
11.2 What You Can Do in this Chapter	160
11.3 What You Need to Know	160
11.4 The VPN Status Screen	163
11.5 The IPsec VPN Screen	164
11.5.1 VPN Gateway: Add/Edit	166
11.5.2 VPN Connection: Add/Edit	172
11.5.3 The Default_L2TP_VPN_GW IPsec VPN Rule	175
11.5.4 PPTP VPN Troubleshooting Tips	176
11.6 The PPTP VPN Screen	177
11.6.1 PPTP VPN Troubleshooting Tips	179
11.7 The L2TP VPN Screen	180
11.7.1 L2TP Setup - Server	180
11.7.2 L2TP Setup - Client	182
11.7.3 L2TP VPN Troubleshooting Tips	183
11.8 The L2TP Client Status Screen	186
11.9 The GRE VPN Screen	187
11.9.1 GRE VPN: Add/Edit	188
11.10 Technical Reference	189
11.10.1 IPsec Architecture	189
11.10.2 Encapsulation	190
11.10.3 IKE Phases	191
11.10.4 Negotiation Mode	192
11.10.5 IPsec and NAT	192
11.10.6 VPN, NAT, and NAT Traversal	193
11.10.7 ID Type and Content	194
11.10.8 Pre-Shared Key	195
11.10.9 Diffie-Hellman (DH) Key Groups	195
Bandwidth Management	196
12.1 Overview	196
12.1.1 What You Can Do in this Chapter	196
12.1.2 What You Need to Know	196
12.2 The General Screen	198
12.3 The Queue Setup Screen	199
12.3.1 QoS Queue: Add/Edit	201
12.4 The Classification Setup Screen	202
12.4.1 QoS Class: Add/Edit	203
12.5 The Policer Setup Screen	206
12.5.1 QoS Policer: Add/Edit	207
12.6 The Shaper Setup Screen	208
12.6.1 QoS Shaper: Add/Edit	209
12.7 Technical Reference	210
Network Management	214
13.1 Overview	214
13.1.1 What You Can Do in This Chapter	214
13.2 The SNMP Screen	214
System	217
14.1 Overview	217
14.1.1 What You Can Do in This Chapter	217
14.2 The Scheduler Rule Screen	217
14.2.1 Scheduler Rule: Add/Edit	218
Log / Report	219
15.1 Overview	219
15.1.1 What You Can Do in this Chapter	219
15.1.2 What You Need To Know	219
15.2 The Log Viewer Screen	220
15.3 Log Settings	221
15.3.1 Log on USB Settings: Edit	222
15.3.2 System and Email: Edit	224
15.3.3 Remote Server Log Settings: Edit	226
Service / License	229
16.1 Overview	229
16.2 The License Screen	229
Device Name	231
17.1 Overview	231
17.2 The Device Name Screen	231
Host Name List	233
18.1 Overview	233
18.2 The Host Name List Screen	233
18.2.1 Add Host Name	233
Date / Time	235
19.1 Overview	235
19.2 The Date / Time Screen	235
User Account	238
20.1 Overview	238
20.2 What You Can Do in this Chapter	238
20.3 The User Account Screen	238
20.3.1 Users Account: Add/Edit	239
USB Storage	241
21.1 Overview	241
21.1.1 What You Need To Know	241
21.1.2 Before You Begin	242
21.2 The USB Storage Screen	242
21.2.1 Add a USB Share	244
Diagnostic	245
22.1 Overview	245
22.1.1 What You Can Do in this Chapter	245
22.2 The Network Tools Screen	245
22.3 The Packet Capture Screen	246
Firmware Upgrade	249
23.1 Overview	249
23.2 The Firmware Screen	249
23.3 The Mobile Profile Screen	251
Backup / Restore	253
24.1 Overview	253
24.2 The Backup / Restore Screen	253
Language	255
25.1 Overview	255
25.2 The Language Screen	255
Restart / Shutdown	256
26.1 Overview	256
26.2 The Restart / Shutdown Screen	256
Troubleshooting	257
27.1 Power, Hardware Connections, and LEDs	257
27.2 VPN2S Access and Login	258
27.3 Internet Access	260
27.4 VPN2S Configuration	261
Customer Support	265
Legal Information	271

Match case Limit results 1 per page

Chapter 9 Firewall

VPN2S User’s Guide

138

9.5

The Device Service Screen

Use this screen to configure through which interfaces, which services can access the VPN2S. You can

also specify the port numbers the services must use to connect to the VPN2S.

Use the

Trust Domain

section in this screen to view a list of public IP addresses which are allowed to

access the VPN2S through the services configured above.

Click

Configuration > Firewall / Security > Device Service

to open the following screen.

Source IP

Enter the source IP address, or select

Any

to apply firewall rule to any source IP

addresses.

Select Destination Device

Select the destination device to which the firewall rule applies. If you select

Specific

Address IP,

enter the source IP address in the field below.

Destination IP

If you do not select

Any

, enter the destiniation IP address in this field.

Select Service

Select the transport layer protocol that defines your customized port from the drop-

down list box. The specific protocol rule sets you add in the

Configuration > Firewall /

Security > Service > Add

screen display in this list.

Protocol

This field is displayed only when you select

Any

Select Service

Choose the IP port (

ALL, TCP, UDP, ICMP, or ICMP6

) that defines your customized port

from the drop-down list box.

Policy

Use the drop-down list box to select whether to discard (

DROP

), deny and send an

ICMP destination-unreachable message to the sender of (

REJECT

) or allow the

passage of (

) packets that match this rule.

Enable Rate Limit

Select this check box to set a limit on the upstream/downstream transmission rate for

the specified protocol.

Specify how many

packet(s) per

Minute

Second

the transmission rate is.

Scheduler Rules

Select a scheduler rule for this firewall rule form the drop-down list box. The scheduler

rules available are the ones you create in the

Configuration > Firewall / Security >

Scheduler Rule

screen.

Click

to save your changes.

Cancel

Click

Cancel

to restore your previously saved settings.

Table 51

Firewall Rules: Add/Edit

LABEL

DESCRIPTION