Home » ZyXEL Manuals » Networking » ZyXEL ZYWALL USG 200 » Manual Viewer

ZyXEL ZYWALL USG 200 User Guide - Page 93

Interface Types

Get ZyXEL ZYWALL USG 200 PDF manuals and user guides

View all ZyXEL ZYWALL USG 200 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 93 highlights

Chapter 6 Configuration Basics Table 12 Zones, Interfaces, and Physical Ethernet Ports Zones (WAN, OPT, LAN, DMZ) A zone is a group of interfaces and VPN tunnels. Use zones to apply security settings such as firewall, IDP, remote management, antivirus, and application patrol. You can change the opt interface to be part of a different zone. Interfaces (Ethernet, VLAN,...) Interfaces are logical entities that (layer-3) packets pass through. Use interfaces in configuring VPN, zones, trunks, device HA, DDNS, policy routes, static routes, HTTP redirect, and NAT. Port roles combine physical ports into interfaces. Physical Ethernet Ports (P1, P2, ...) The physical port is where you connect a cable. In configuration, you use physical ports when configuring port groups. You use interfaces and zones in configuring other features. 6.2.1 Interface Types There are many types of interfaces in the ZyWALL. In addition to being used in various features, interfaces also describe the network that is directly connected to the ZyWALL. • Ethernet interfaces are the foundation for defining other interfaces and network policies. You also configure RIP and OSPF in these interfaces. • Port groups create a hardware connection between physical ports at the layer2 (data link, MAC address) level. Port groups are created when you use the Interface > Port Roles screen to set multiple physical ports to be part of the same (lan1, ext-wlan or dmz) interface. • PPP interfaces support Point-to-Point Protocols (PPPoE or PPTP). ISP accounts are required for PPPoE/PPTP interfaces. • VLAN interfaces recognize tagged frames. The ZyWALL automatically adds or removes the tags as needed. Each VLAN can only be associated with one Ethernet interface. • Bridge interfaces create a software connection between Ethernet or VLAN interfaces at the layer-2 (data link, MAC address) level. Then, you can configure the IP address and subnet mask of the bridge. It is also possible to configure zone-level security between the member interfaces in the bridge. • Virtual interfaces increase the amount of routing information in the ZyWALL. There are three types: virtual Ethernet interfaces (also known as IP alias), virtual VLAN interfaces, and virtual bridge interfaces. • The auxiliary interface, along with an external modem, provides an interface the ZyWALL can use to dial out. This interface can be used as a backup WAN interface, for example. The auxiliary interface controls the AUX port. ZyWALL USG 100/200 Series User's Guide 93

Section	Page
ZyWALL USG 100/200 Series	1
About This User's Guide	3
Document Conventions	6
Safety Warnings	8
Contents Overview	9
Table of Contents	11
User’s Guide	31
Introducing the ZyWALL	33
1.1 Overview and Key Default Settings	33
1.2 Rack-mounted Installation	34
1.2.1 Rack-Mounted Installation Procedure	34
1.3 Front Panel	35
1.3.1 Front Panel LEDs	36
1.4 Management Overview	36
1.5 Starting and Stopping the ZyWALL	37
Features and Applications	39
2.1 Features	39
2.2 Applications	41
2.2.1 VPN Connectivity	42
2.2.2 SSL VPN Network Access	42
2.2.3 User-Aware Access Control	44
2.2.4 Multiple WAN Interfaces	44
2.2.5 Device HA	45
Web Configurator	47
3.1 Web Configurator Requirements	47
3.2 Web Configurator Access	47
3.3 Web Configurator Screens Overview	49
3.3.1 Title Bar	50
3.3.2 Navigation Panel	50
3.3.3 Main Window	57
3.3.4 Tables and Lists	59
Installation Setup Wizard	63
4.1 Installation Setup Wizard Screens	63
4.1.1 Internet Access Setup - WAN Interface	64
4.1.2 Internet Access: Ethernet	64
4.1.3 Internet Access: PPPoE	66
4.1.4 Internet Access: PPTP	67
4.1.5 ISP Parameters	68
4.1.6 Internet Access Setup - Second WAN Interface	69
4.1.7 Internet Access - Finish	70
4.2 Device Registration	70
Quick Setup	73
5.1 Quick Setup Overview	73
5.2 WAN Interface Quick Setup	74
5.2.1 Choose an Ethernet Interface	74
5.2.2 Select WAN Type	74
5.2.3 Configure WAN Settings	75
5.2.4 WAN and ISP Connection Settings	76
5.2.5 Quick Setup Interface Wizard: Summary	78
5.3 VPN Quick Setup	79
5.4 VPN Setup Wizard: Wizard Type	80
5.5 VPN Express Wizard - Scenario	81
5.5.1 VPN Express Wizard - Configuration	82
5.5.2 VPN Express Wizard - Summary	83
5.5.3 VPN Express Wizard - Finish	84
5.5.4 VPN Advanced Wizard - Scenario	85
5.5.5 VPN Advanced Wizard - Phase 1 Settings	86
5.5.6 VPN Advanced Wizard - Phase 2	88
5.5.7 VPN Advanced Wizard - Summary	89
5.5.8 VPN Advanced Wizard - Finish	90
Configuration Basics	91
6.1 Object-based Configuration	91
6.2 Zones, Interfaces, and Physical Ports	92
6.2.1 Interface Types	93
6.2.2 Default Interface and Zone Configuration	94
6.3 Terminology in the ZyWALL	95
6.4 Packet Flow	97
6.4.1 ZLD 2.20 Packet Flow Enhancements	97
6.4.2 Routing Table Checking Flow Enhancements	98
6.4.3 NAT Table Checking Flow	99
6.5 Feature Configuration Overview	100
6.5.1 Feature	101
6.5.2 Licensing Registration	101
6.5.3 Licensing Update	101
6.5.4 Interface	102
6.5.5 Trunks	102
6.5.6 Policy Routes	102
6.5.7 Static Routes	104
6.5.8 Zones	104
6.5.9 DDNS	104
6.5.10 NAT	104
6.5.11 HTTP Redirect	105
6.5.12 ALG	106
6.5.13 Auth. Policy	106
6.5.14 Firewall	106
6.5.15 IPSec VPN	107
6.5.16 SSL VPN	107
6.5.17 L2TP VPN	108
6.5.18 Application Patrol	108
6.5.19 Anti-Virus	109
6.5.20 IDP	109
6.5.21 ADP	109
6.5.22 Content Filter	109
6.5.23 Anti-Spam	110
6.5.24 Device HA	110
6.6 Objects	111
6.6.1 User/Group	111
6.7 System	112
6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM	112
6.7.2 Logs and Reports	113
6.7.3 File Manager	113
6.7.4 Diagnostics	113
6.7.5 Shutdown	113
Tutorials	115
7.1 How to Configure Interfaces, Port Roles, and Zones	115
7.1.1 Configure a WAN Ethernet Interface	116
7.1.2 Configure the OPT Interface for a Local Network	117
7.1.3 Configure Zones	118
7.1.4 Configure Port Roles	119
7.2 How to Configure a Cellular Interface	120
7.3 How to Configure Load Balancing	122
7.3.1 Set Up Available Bandwidth on Ethernet Interfaces	122
7.3.2 Configure the WAN Trunk	123
7.4 How to Set Up a Wireless LAN	125
7.4.1 Set Up User Accounts	125
7.4.2 Create the WLAN Interface	126
7.4.3 Set Up the Wireless Clients to Use the WLAN Interface	129
7.5 How to Set Up an IPSec VPN Tunnel	141
7.5.1 Set Up the VPN Gateway	142
7.5.2 Set Up the VPN Connection	142
7.5.3 Configure Security Policies for the VPN Tunnel	144
7.6 How to Configure a Hub-and-spoke IPSec VPN Without a VPN Concentrator	144
7.7 How to Configure User-aware Access Control	146
7.7.1 Set Up User Accounts	147
7.7.2 Set Up User Groups	148
7.7.3 Set Up User Authentication Using the RADIUS Server	148
7.7.4 Web Surfing Policies With Bandwidth Restrictions	150
7.7.5 Set Up MSN Policies	153
7.7.6 Set Up Firewall Rules	154
7.8 How to Use a RADIUS Server to Authenticate User Accounts based on Groups	155
7.9 How to Use Endpoint Security and Authentication Policies	157
7.9.1 Configure the Endpoint Security Objects	157
7.9.2 Configure the Authentication Policy	159
7.10 How to Configure Service Control	160
7.10.1 Allow HTTPS Administrator Access Only From the LAN	161
7.11 How to Allow Incoming H.323 Peer-to-peer Calls	163
7.11.1 Turn On the ALG	164
7.11.2 Set Up a NAT Policy For H.323	164
7.11.3 Set Up a Firewall Rule For H.323	166
7.12 How to Allow Public Access to a Web Server	167
7.12.1 Create the Address Objects	168
7.12.2 Configure NAT	168
7.12.3 Set Up a Firewall Rule	169
7.13 How to Use an IPPBX on the DMZ	170
7.13.1 Turn On the ALG	172
7.13.2 Create the Address Objects	172
7.13.3 Setup a NAT Policy for the IPPBX	173
7.13.4 Set Up a WAN to DMZ Firewall Rule for SIP	174
7.13.5 Set Up a DMZ to LAN Firewall Rule for SIP	175
7.14 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic	176
7.14.1 Create the Public IP Address Range Object	176
7.14.2 Configure the Policy Route	177
7.15 How to Use Active-Passive Device HA	177
7.15.1 Before You Start	178
7.15.2 Configure Device HA on the Master ZyWALL	179
7.15.3 Configure the Backup ZyWALL	181
7.15.4 Deploy the Backup ZyWALL	183
7.15.5 Check Your Device HA Setup	183
L2TP VPN Example	185
8.1 L2TP VPN Example	185
8.2 Configuring the Default L2TP VPN Gateway Example	185
8.3 Configuring the Default L2TP VPN Connection Example	187
8.4 Configuring the L2TP VPN Settings Example	188
8.5 Configuring L2TP VPN in Windows Vista, XP, or 2000	189
8.5.1 Configuring L2TP in Windows Vista	189
8.5.2 Configuring L2TP in Windows XP	199
8.5.3 Configuring L2TP in Windows 2000	205
Technical Reference	221
Dashboard	223
9.1 Overview	223
9.1.1 What You Can Do in this Chapter	223
9.2 The Dashboard Screen	223
9.2.1 The CPU Usage Screen	230
9.2.2 The Memory Usage Screen	231
9.2.3 The Session Usage Screen	232
9.2.4 The VPN Status Screen	233
9.2.5 The DHCP Table Screen	233
9.2.6 The Number of Login Users Screen	234
Monitor	237
10.1 Overview	237
10.1.1 What You Can Do in this Chapter	237
10.2 The Port Statistics Screen	238
10.2.1 The Port Statistics Graph Screen	240
10.3 Interface Status Screen	241
10.4 The Traffic Statistics Screen	244
10.5 The Session Monitor Screen	247
10.6 The DDNS Status Screen	250
10.7 IP/MAC Binding Monitor	250
10.8 The Login Users Screen	252
10.9 WLAN Interface Station Monitor Screen	252
10.10 Cellular Status Screen	254
10.11 Application Patrol Statistics	256
10.11.1 Application Patrol Statistics: General Setup	256
10.11.2 Application Patrol Statistics: Bandwidth Statistics	257
10.11.3 Application Patrol Statistics: Protocol Statistics	258
10.11.4 Application Patrol Statistics: Individual Protocol Statistics by Rule	259
10.12 The IPSec Monitor Screen	260
10.12.1 Regular Expressions in Searching IPSec SAs	262
10.13 The SSL Connection Monitor Screen	263
10.14 L2TP over IPSec Session Monitor Screen	264
10.15 The Anti-Virus Statistics Screen	265
10.16 The IDP Statistics Screen	267
10.17 The Content Filter Statistics Screen	269
10.18 Content Filter Cache Screen	270
10.19 The Anti-Spam Statistics Screen	273
10.20 The Anti-Spam Status Screen	275
10.21 Log Screen	276
Registration	279
11.1 Overview	279
11.1.1 What You Can Do in this Chapter	279
11.1.2 What you Need to Know	279
11.2 The Registration Screen	281
11.3 The Service Screen	283
Signature Update	285
12.1 Overview	285
12.1.1 What You Can Do in this Chapter	285
12.1.2 What you Need to Know	285
12.2 The Antivirus Update Screen	286
12.3 The IDP/AppPatrol Update Screen	287
12.4 The System Protect Update Screen	289
Interfaces	291
13.1 Interface Overview	291
13.1.1 What You Can Do in this Chapter	291
13.1.2 What You Need to Know	292
13.2 Port Role	295
13.3 Ethernet Summary Screen	296
13.3.1 Ethernet Edit	298
13.3.2 Object References	306
13.4 PPP Interfaces	307
13.4.1 PPP Interface Summary	308
13.4.2 PPP Interface Add or Edit	310
13.5 Cellular Configuration Screen (3G)	314
13.5.1 Cellular Add/Edit Screen	316
13.6 WLAN Interface General Screen	323
13.6.1 WLAN Add/Edit Screen	326
13.6.2 WLAN Add/Edit: WEP Security	332
13.6.3 WLAN Add/Edit: WPA-PSK/WPA2-PSK Security	333
13.6.4 WLAN Add/Edit: WPA/WPA2 Security	334
13.7 WLAN Interface MAC Filter	336
13.8 VLAN Interfaces	338
13.8.1 VLAN Summary Screen	340
13.8.2 VLAN Add/Edit	341
13.9 Bridge Interfaces	348
13.9.1 Bridge Summary	350
13.9.2 Bridge Add/Edit	351
13.10 Auxiliary Interface	357
13.10.1 Auxiliary Interface Overview	357
13.10.2 Auxiliary	357
13.11 Virtual Interfaces	359
13.11.1 Virtual Interfaces Add/Edit	360
13.12 Interface Technical Reference	361
Trunks	367
14.1 Overview	367
14.1.1 What You Can Do in this Chapter	367
14.1.2 What You Need to Know	368
14.2 The Trunk Summary Screen	372
14.3 Configuring a Trunk	373
14.4 Trunk Technical Reference	375
Policy and Static Routes	377
15.1 Policy and Static Routes Overview	377
15.1.1 What You Can Do in this Chapter	377
15.1.2 What You Need to Know	378
15.2 Policy Route Screen	380
15.2.1 Policy Route Edit Screen	383
15.3 IP Static Route Screen	387
15.3.1 Static Route Add/Edit Screen	388
15.4 Policy Routing Technical Reference	389
Routing Protocols	393
16.1 Routing Protocols Overview	393
16.1.1 What You Can Do in this Chapter	393
16.1.2 What You Need to Know	393
16.2 The RIP Screen	394
16.3 The OSPF Screen	395
16.3.1 Configuring the OSPF Screen	399
16.3.2 OSPF Area Add/Edit Screen	402
16.3.3 Virtual Link Add/Edit Screen	403
16.4 Routing Protocol Technical Reference	404
Zones	407
17.1 Zones Overview	407
17.1.1 What You Can Do in this Chapter	407
17.1.2 What You Need to Know	408
17.2 The Zone Screen	409
17.3 Zone Edit	410
DDNS	411
18.1 DDNS Overview	411
18.1.1 What You Can Do in this Chapter	411
18.1.2 What You Need to Know	411
18.2 The DDNS Screen	412
18.2.1 The Dynamic DNS Add/Edit Screen	414
NAT	417
19.1 NAT Overview	417
19.1.1 What You Can Do in this Chapter	417
19.1.2 What You Need to Know	418
19.2 The NAT Screen	418
19.2.1 The NAT Add/Edit Screen	420
19.3 NAT Technical Reference	423
HTTP Redirect	427
20.1 Overview	427
20.1.1 What You Can Do in this Chapter	427
20.1.2 What You Need to Know	428
20.2 The HTTP Redirect Screen	429
20.2.1 The HTTP Redirect Edit Screen	430
ALG	431
21.1 ALG Overview	431
21.1.1 What You Can Do in this Chapter	431
21.1.2 What You Need to Know	432
21.1.3 Before You Begin	435
21.2 The ALG Screen	435
21.3 ALG Technical Reference	437
IP/MAC Binding	439
22.1 IP/MAC Binding Overview	439
22.1.1 What You Can Do in this Chapter	439
22.1.2 What You Need to Know	440
22.2 IP/MAC Binding Summary	440
22.2.1 IP/MAC Binding Edit	441
22.2.2 Static DHCP Edit	442
22.3 IP/MAC Binding Exempt List	443
Authentication Policy	445
23.1 Overview	445
23.1.1 What You Can Do in this Chapter	445
23.1.2 What You Need to Know	446
23.2 Authentication Policy Screen	446
23.2.1 Creating/Editing an Authentication Policy	449
Firewall	453
24.1 Overview	453
24.1.1 What You Can Do in this Chapter	453
24.1.2 What You Need to Know	454
24.1.3 Firewall Rule Example Applications	456
24.1.4 Firewall Rule Configuration Example	459
24.2 The Firewall Screen	461
24.2.1 Configuring the Firewall Screen	462
24.2.2 The Firewall Add/Edit Screen	465
24.3 The Session Limit Screen	466
24.3.1 The Session Limit Add/Edit Screen	468
IPSec VPN	471
25.1 IPSec VPN Overview	471
25.1.1 What You Can Do in this Chapter	471
25.1.2 What You Need to Know	472
25.1.3 Before You Begin	474
25.2 The VPN Connection Screen	474
25.2.1 The VPN Connection Add/Edit (IKE) Screen	476
25.2.2 The VPN Connection Add/Edit Manual Key Screen	483
25.3 The VPN Gateway Screen	486
25.3.1 The VPN Gateway Add/Edit Screen	487
25.4 VPN Concentrator	495
25.4.1 IPSec VPN Concentrator Example	495
25.4.2 VPN Concentrator Screen	498
25.4.3 The VPN Concentrator Add/Edit Screen	498
25.5 IPSec VPN Background Information	499
SSL VPN	511
26.1 Overview	511
26.1.1 What You Can Do in this Chapter	511
26.1.2 What You Need to Know	511
26.2 The SSL Access Privilege Screen	514
26.2.1 The SSL Access Policy Add/Edit Screen	516
26.3 The SSL Global Setting Screen	519
26.3.1 How to Upload a Custom Logo	521
26.4 Establishing an SSL VPN Connection	522
SSL User Screens	525
27.1 Overview	525
27.1.1 What You Need to Know	525
27.2 Remote User Login	526
27.3 The SSL VPN User Screens	531
27.4 Bookmarking the ZyWALL	532
27.5 Logging Out of the SSL VPN User Screens	532
SSL User Application Screens	535
28.1 SSL User Application Screens Overview	535
28.2 The Application Screen	535
SSL User File Sharing	537
29.1 Overview	537
29.1.1 What You Need to Know	537
29.2 The Main File Sharing Screen	538
29.3 Opening a File or Folder	538
29.3.1 Downloading a File	540
29.3.2 Saving a File	541
29.4 Creating a New Folder	541
29.5 Renaming a File or Folder	542
29.6 Deleting a File or Folder	542
29.7 Uploading a File	543
ZyWALL SecuExtender	545
30.1 The ZyWALL SecuExtender Icon	545
30.2 Statistics	546
30.3 View Log	547
30.4 Suspend and Resume the Connection	547
30.5 Stop the Connection	548
30.6 Uninstalling the ZyWALL SecuExtender	548
L2TP VPN	549
31.1 Overview	549
31.1.1 What You Can Do in this Chapter	549
31.1.2 What You Need to Know	549
31.2 L2TP VPN Screen	551
Application Patrol	553
32.1 Overview	553
32.1.1 What You Can Do in this Chapter	553
32.1.2 What You Need to Know	554
32.1.3 Application Patrol Bandwidth Management Examples	559
32.2 Application Patrol General Screen	563
32.3 Application Patrol Applications	564
32.3.1 The Application Patrol Edit Screen	565
32.3.2 The Application Patrol Policy Edit Screen	569
32.4 The Other Applications Screen	572
32.4.1 The Other Applications Add/Edit Screen	575
Anti-Virus	579
33.1 Overview	579
33.1.1 What You Can Do in this Chapter	579
33.1.2 What You Need to Know	580
33.1.3 Before You Begin	582
33.2 Anti-Virus Summary Screen	582
33.2.1 Anti-Virus Policy Add or Edit Screen	585
33.3 Anti-Virus Black List	587
33.4 Anti-Virus Black List or White List Add/Edit	588
33.5 Anti-Virus White List	589
33.6 Signature Searching	590
33.7 Anti-Virus Technical Reference	593
IDP	595
34.1 Overview	595
34.1.1 What You Can Do in this Chapter	595
34.1.2 What You Need To Know	595
34.1.3 Before You Begin	596
34.2 The IDP General Screen	597
34.3 Introducing IDP Profiles	599
34.3.1 Base Profiles	600
34.4 The Profile Summary Screen	601
34.5 Creating New Profiles	602
34.5.1 Procedure To Create a New Profile	602
34.6 Profiles: Packet Inspection	603
34.6.1 Profile > Group View Screen	603
34.6.2 Policy Types	606
34.6.3 IDP Service Groups	607
34.6.4 Profile > Query View Screen	608
34.6.5 Query Example	611
34.7 Introducing IDP Custom Signatures	613
34.7.1 IP Packet Header	613
34.8 Configuring Custom Signatures	614
34.8.1 Creating or Editing a Custom Signature	616
34.8.2 Custom Signature Example	622
34.8.3 Applying Custom Signatures	624
34.8.4 Verifying Custom Signatures	625
34.9 IDP Technical Reference	626
ADP	629
35.1 Overview	629
35.1.1 ADP and IDP Comparison	629
35.1.2 What You Can Do in this Chapter	629
35.1.3 What You Need To Know	629
35.1.4 Before You Begin	630
35.2 The ADP General Screen	631
35.3 The Profile Summary Screen	632
35.3.1 Base Profiles	633
35.3.2 Configuring The ADP Profile Summary Screen	633
35.3.3 Creating New ADP Profiles	634
35.3.4 Traffic Anomaly Profiles	634
35.3.5 Protocol Anomaly Profiles	637
35.3.6 Protocol Anomaly Configuration	637
35.4 ADP Technical Reference	641
Content Filtering	649
36.1 Overview	649
36.1.1 What You Can Do in this Chapter	649
36.1.2 What You Need to Know	649
36.1.3 Before You Begin	651
36.2 Content Filter General Screen	651
36.3 Content Filter Policy Add or Edit Screen	654
36.4 Content Filter Profile Screen	656
36.5 Content Filter Categories Screen	656
36.5.1 Content Filter Blocked and Warning Messages	668
36.6 Content Filter Customization Screen	669
36.7 Content Filter Technical Reference	671
Content Filter Reports	673
37.1 Overview	673
37.2 Viewing Content Filter Reports	673
Anti-Spam	681
38.1 Overview	681
38.1.1 What You Can Do in this Chapter	681
38.1.2 What You Need to Know	681
38.2 Before You Begin	683
38.3 The Anti-Spam General Screen	683
38.3.1 The Anti-Spam Policy Add or Edit Screen	685
38.4 The Anti-Spam Black List Screen	687
38.4.1 The Anti-Spam Black or White List Add/Edit Screen	689
38.4.2 Regular Expressions in Black or White List Entries	690
38.5 The Anti-Spam White List Screen	691
38.6 The DNSBL Screen	692
38.7 Anti-Spam Technical Reference	694
Device HA	699
39.1 Overview	699
39.1.1 What You Can Do in this Chapter	699
39.1.2 What You Need to Know	699
39.1.3 Before You Begin	700
39.2 Device HA General	701
39.3 The Active-Passive Mode Screen	702
39.3.1 Configuring Active-Passive Mode Device HA	704
39.4 Configuring an Active-Passive Mode Monitored Interface	707
39.5 The Legacy Mode Screen	709
39.6 Configuring the Legacy Mode Screen	710
39.7 Device HA Technical Reference	714
User/Group	721
40.1 Overview	721
40.1.1 What You Can Do in this Chapter	721
40.1.2 What You Need To Know	721
40.2 User Summary Screen	724
40.2.1 User Add/Edit Screen	724

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1,000
1,001
1,002
1,003
1,004
1,005
1,006
1,007
1,008
1,009
1,010
1,011
1,012
1,013
1,014
1,015
1,016
1,017
1,018
1,019
1,020
1,021
1,022
1,023
1,024
1,025
1,026
1,027
1,028
1,029
1,030
1,031
1,032
1,033
1,034
1,035
1,036
1,037
1,038
1,039
1,040
1,041
1,042
1,043
1,044
1,045
1,046
1,047
1,048
1,049
1,050
1,051
1,052
1,053
1,054
1,055
1,056
1,057
1,058
1,059
1,060
1,061
1,062
1,063
1,064
1,065
1,066
1,067
1,068
1,069
1,070
1,071
1,072
1,073
1,074
1,075
1,076
1,077
1,078
1,079
1,080
1,081
1,082
1,083
1,084
1,085
1,086
1,087
1,088
1,089
1,090
1,091
1,092
1,093
1,094
1,095
1,096
1,097
1,098
1,099
1,100
1,101
1,102
1,103
1,104
1,105
1,106
1,107
1,108
1,109
1,110
1,111
1,112
1,113
1,114
1,115
1,116
1,117
1,118
1,119
1,120
1,121
1,122
1,123
1,124
1,125
1,126
1,127
1,128
1,129
1,130
1,131
1,132
1,133

Match case Limit results 1 per page

Chapter 6 Configuration Basics

ZyWALL USG 100/200 Series User’s Guide

6.2.1

Interface Types

There are many types of interfaces in the ZyWALL. In addition to being used in

various features, interfaces also describe the network that is directly connected to

the ZyWALL.

•

Ethernet interfaces

are the foundation for defining other interfaces and

network policies. You also configure RIP and OSPF in these interfaces.

•

Port groups

create a hardware connection between physical ports at the layer-

2 (data link, MAC address) level. Port groups are created when you use the

Interface > Port Roles

screen to set multiple physical ports to be part of the

same (lan1, ext-wlan or dmz) interface.

•

PPP interfaces

support Point-to-Point Protocols (PPPoE or PPTP). ISP accounts

are required for PPPoE/PPTP interfaces.

•

VLAN interfaces

recognize tagged frames. The ZyWALL automatically adds or

removes the tags as needed. Each VLAN can only be associated with one

Ethernet interface.

•

Bridge interfaces

create a software connection between Ethernet or VLAN

interfaces at the layer-2 (data link, MAC address) level. Then, you can configure

the IP address and subnet mask of the bridge. It is also possible to configure

zone-level security between the member interfaces in the bridge.

•

Virtual interfaces

increase the amount of routing information in the ZyWALL.

There are three types:

virtual Ethernet interfaces

(also known as IP alias),

virtual VLAN interfaces

, and

virtual bridge interfaces

• The

auxiliary interface

, along with an external modem, provides an interface

the ZyWALL can use to dial out. This interface can be used as a backup WAN

interface, for example. The auxiliary interface controls the

AUX

port.

Table 12

Zones, Interfaces, and Physical Ethernet Ports

Zones

(WAN,

OPT,

LAN,

DMZ)

A zone is a group of interfaces and VPN tunnels. Use zones to apply

security settings such as firewall, IDP, remote management, anti-

virus, and application patrol. You can change the

opt

interface to be

part of a different zone.

Interfaces

(Ethernet,

VLAN,...)

Interfaces are logical entities that (layer-3) packets pass through.

Use interfaces in configuring VPN, zones, trunks, device HA, DDNS,

policy routes, static routes, HTTP redirect, and NAT.

Port roles combine physical ports into interfaces.

Physical

Ethernet Ports

(P1, P2, ...)

The physical port is where you connect a cable. In configuration, you

use physical ports when configuring port groups. You use interfaces

and zones in configuring other features.