Home » ZyXEL Manuals » Networking » ZyXEL ZyWALL USG 300 » Manual Viewer

ZyXEL ZyWALL USG 300 User Guide - Page 593

Anti-Virus Black List

Get ZyXEL ZyWALL USG 300 PDF manuals and user guides

View all ZyXEL ZyWALL USG 300 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 593 highlights

Chapter 33 Anti-Virus Table 154 Configuration > Anti-X > Anti-Virus > General > Add (continued) LABEL DESCRIPTION Destroy compressed files that could not be decompressed Note: When you select this option, the ZyWALL deletes ZIP files that use password encryption. Select this check box to have the ZyWALL delete any ZIP files that it is not able to unzip. The ZyWALL cannot unzip password protected ZIP files or a ZIP file within another ZIP file. There are also limits to the number of ZIP files that the ZyWALL can concurrently unzip. Note: The ZyWALL's firmware package cannot go through the ZyWALL with this option enabled. The ZyWALL classifies the firmware package as not being able to be decompressed and deletes it. OK Cancel You can upload the firmware package to the ZyWALL with the option enabled, so you only need to clear this option while you download the firmware package. Click OK to save your changes. Click Cancel to exit this screen without saving your changes. 33.3 Anti-Virus Black List Click Configuration > Anti-X > Anti-Virus > Black/White List to display the screen shown next. Use the Black List screen to set up the Anti-Virus black (blocked) list of virus file patterns. Click a column's heading cell to sort the table entries by that column's criteria. Click the heading cell again to reverse the sort order. Figure 425 Configuration > Anti-X > Anti-Virus > Black/White List > Black List ZyWALL USG 300 User's Guide 593

Section	Page
ZyWALL USG 300	1
About This User's Guide	3
Document Conventions	6
Safety Warnings	8
Contents Overview	9
Table of Contents	11
User’s Guide	31
Introducing the ZyWALL	33
1.1 Overview and Key Default Settings	33
1.2 Rack-mounted Installation	33
1.2.1 Rack-Mounted Installation Procedure	34
1.3 Front Panel	35
1.3.1 Front Panel LEDs	35
1.4 Management Overview	35
1.5 Starting and Stopping the ZyWALL	37
Features and Applications	39
2.1 Features	39
2.2 Applications	41
2.2.1 VPN Connectivity	42
2.2.2 SSL VPN Network Access	42
2.2.3 User-Aware Access Control	44
2.2.4 Multiple WAN Interfaces	44
2.2.5 Device HA	45
Web Configurator	47
3.1 Web Configurator Requirements	47
3.2 Web Configurator Access	47
3.3 Web Configurator Screens Overview	49
3.3.1 Title Bar	50
3.3.2 Navigation Panel	51
3.3.3 Main Window	57
3.3.4 Tables and Lists	59
Installation Setup Wizard	65
4.1 Installation Setup Wizard Screens	65
4.1.1 Internet Access Setup - WAN Interface	66
4.1.2 Internet Access: Ethernet	66
4.1.3 Internet Access: PPPoE	68
4.1.4 Internet Access: PPTP	69
4.1.5 ISP Parameters	69
4.1.6 Internet Access Setup - Second WAN Interface	71
4.1.7 Internet Access - Finish	71
4.2 Device Registration	72
Quick Setup	75
5.1 Quick Setup Overview	75
5.2 WAN Interface Quick Setup	76
5.2.1 Choose an Ethernet Interface	76
5.2.2 Select WAN Type	76
5.2.3 Configure WAN Settings	77
5.2.4 WAN and ISP Connection Settings	78
5.2.5 Quick Setup Interface Wizard: Summary	80
5.3 VPN Quick Setup	81
5.4 VPN Setup Wizard: Wizard Type	82
5.5 VPN Express Wizard - Scenario	83
5.5.1 VPN Express Wizard - Configuration	84
5.5.2 VPN Express Wizard - Summary	85
5.5.3 VPN Express Wizard - Finish	86
5.5.4 VPN Advanced Wizard - Scenario	87
5.5.5 VPN Advanced Wizard - Phase 1 Settings	88
5.5.6 VPN Advanced Wizard - Phase 2	90
5.5.7 VPN Advanced Wizard - Summary	91
5.5.8 VPN Advanced Wizard - Finish	92
Configuration Basics	93
6.1 Object-based Configuration	93
6.2 Zones, Interfaces, and Physical Ports	94
6.2.1 Interface Types	95
6.2.2 Default Interface and Zone Configuration	96
6.3 Terminology in the ZyWALL	97
6.4 Packet Flow	98
6.4.1 ZLD 2.20 Packet Flow Enhancements	98
6.4.2 Routing Table Checking Flow Enhancements	99
6.4.3 NAT Table Checking Flow	100
6.5 Feature Configuration Overview	101
6.5.1 Feature	102
6.5.2 Licensing Registration	102
6.5.3 Licensing Update	102
6.5.4 Interface	103
6.5.5 Trunks	103
6.5.6 Policy Routes	103
6.5.7 Static Routes	105
6.5.8 Zones	105
6.5.9 DDNS	105
6.5.10 NAT	105
6.5.11 HTTP Redirect	106
6.5.12 ALG	107
6.5.13 Auth. Policy	107
6.5.14 Firewall	107
6.5.15 IPSec VPN	108
6.5.16 SSL VPN	108
6.5.17 L2TP VPN	109
6.5.18 Application Patrol	109
6.5.19 Anti-Virus	110
6.5.20 IDP	110
6.5.21 ADP	110
6.5.22 Content Filter	110
6.5.23 Anti-Spam	111
6.5.24 Device HA	111
6.6 Objects	112
6.6.1 User/Group	112
6.7 System	113
6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Dial-in Mgmt, Vantage CNM	113
6.7.2 Logs and Reports	114
6.7.3 File Manager	114
6.7.4 Diagnostics	114
6.7.5 Shutdown	114
Tutorials	117
7.1 How to Configure Interfaces, Port Grouping, and Zones	117
7.1.1 Configure a WAN Ethernet Interface	118
7.1.2 Configure Zones	118
7.1.3 Configure Port Grouping	119
7.2 How to Configure a Cellular Interface	120
7.3 How to Configure Load Balancing	122
7.3.1 Set Up Available Bandwidth on Ethernet Interfaces	123
7.3.2 Configure the WAN Trunk	124
7.4 How to Set Up a Wireless LAN	125
7.4.1 Set Up User Accounts	125
7.4.2 Create the WLAN Interface	126
7.4.3 Set Up the Wireless Clients to Use the WLAN Interface	129
7.5 How to Set Up an IPSec VPN Tunnel	141
7.5.1 Set Up the VPN Gateway	142
7.5.2 Set Up the VPN Connection	142
7.5.3 Configure Security Policies for the VPN Tunnel	144
7.6 How to Configure a Hub-and-spoke IPSec VPN Without a VPN Concentrator	144
7.7 How to Configure User-aware Access Control	146
7.7.1 Set Up User Accounts	147
7.7.2 Set Up User Groups	148
7.7.3 Set Up User Authentication Using the RADIUS Server	148
7.7.4 Web Surfing Policies With Bandwidth Restrictions	150
7.7.5 Set Up MSN Policies	153
7.7.6 Set Up Firewall Rules	154
7.8 How to Use a RADIUS Server to Authenticate User Accounts based on Groups	155
7.9 How to Use Endpoint Security and Authentication Policies	157
7.9.1 Configure the Endpoint Security Objects	157
7.9.2 Configure the Authentication Policy	159
7.10 How to Configure Service Control	160
7.10.1 Allow HTTPS Administrator Access Only From the LAN	161
7.11 How to Allow Incoming H.323 Peer-to-peer Calls	163
7.11.1 Turn On the ALG	164
7.11.2 Set Up a NAT Policy For H.323	164
7.11.3 Set Up a Firewall Rule For H.323	166
7.12 How to Allow Public Access to a Web Server	167
7.12.1 Create the Address Objects	168
7.12.2 Configure NAT	168
7.12.3 Set Up a Firewall Rule	169
7.13 How to Use an IPPBX on the DMZ	170
7.13.1 Turn On the ALG	172
7.13.2 Create the Address Objects	172
7.13.3 Setup a NAT Policy for the IPPBX	173
7.13.4 Set Up a WAN to DMZ Firewall Rule for SIP	174
7.13.5 Set Up a DMZ to LAN Firewall Rule for SIP	175
7.14 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic	176
7.14.1 Create the Public IP Address Range Object	176
7.14.2 Configure the Policy Route	177
7.15 How to Use Active-Passive Device HA	177
7.15.1 Before You Start	178
7.15.2 Configure Device HA on the Master ZyWALL	179
7.15.3 Configure the Backup ZyWALL	181
7.15.4 Deploy the Backup ZyWALL	183
7.15.5 Check Your Device HA Setup	183
L2TP VPN Example	185
8.1 L2TP VPN Example	185
8.2 Configuring the Default L2TP VPN Gateway Example	185
8.3 Configuring the Default L2TP VPN Connection Example	187
8.4 Configuring the L2TP VPN Settings Example	188
8.5 Configuring L2TP VPN in Windows Vista, XP, or 2000	189
8.5.1 Configuring L2TP in Windows Vista	189
8.5.2 Configuring L2TP in Windows XP	199
8.5.3 Configuring L2TP in Windows 2000	205
Technical Reference	223
Dashboard	225
9.1 Overview	225
9.1.1 What You Can Do in this Chapter	225
9.2 The Dashboard Screen	225
9.2.1 The CPU Usage Screen	232
9.2.2 The Memory Usage Screen	233
9.2.3 The Session Usage Screen	234
9.2.4 The VPN Status Screen	235
9.2.5 The DHCP Table Screen	235
9.2.6 The Number of Login Users Screen	236
Monitor	239
10.1 Overview	239
10.1.1 What You Can Do in this Chapter	239
10.2 The Port Statistics Screen	240
10.2.1 The Port Statistics Graph Screen	242
10.3 Interface Status Screen	243
10.4 The Traffic Statistics Screen	247
10.5 The Session Monitor Screen	250
10.6 The DDNS Status Screen	252
10.7 IP/MAC Binding Monitor	253
10.8 The Login Users Screen	254
10.9 WLAN Interface Station Monitor Screen	255
10.10 Cellular Status Screen	256
10.11 USB Storage Screen	258
10.12 Application Patrol Statistics	259
10.12.1 Application Patrol Statistics: General Setup	259
10.12.2 Application Patrol Statistics: Bandwidth Statistics	260
10.12.3 Application Patrol Statistics: Protocol Statistics	261
10.12.4 Application Patrol Statistics: Individual Protocol Statistics by Rule	262
10.13 The IPSec Monitor Screen	263
10.13.1 Regular Expressions in Searching IPSec SAs	265
10.14 The SSL Connection Monitor Screen	266
10.15 L2TP over IPSec Session Monitor Screen	267
10.16 The Anti-Virus Statistics Screen	268
10.17 The IDP Statistics Screen	270
10.18 The Content Filter Statistics Screen	272
10.19 Content Filter Cache Screen	273
10.20 The Anti-Spam Statistics Screen	276
10.21 The Anti-Spam Status Screen	278
10.22 Log Screen	279
Registration	283
11.1 Overview	283
11.1.1 What You Can Do in this Chapter	283
11.1.2 What you Need to Know	283
11.2 The Registration Screen	285
11.3 The Service Screen	287
Signature Update	289
12.1 Overview	289
12.1.1 What You Can Do in this Chapter	289
12.1.2 What you Need to Know	289
12.2 The Antivirus Update Screen	290
12.3 The IDP/AppPatrol Update Screen	291
12.4 The System Protect Update Screen	293
Interfaces	295
13.1 Interface Overview	295
13.1.1 What You Can Do in this Chapter	295
13.1.2 What You Need to Know	296
13.2 Port Grouping	299
13.2.1 Port Grouping Overview	299
13.2.2 Port Grouping Screen	299
13.3 Ethernet Summary Screen	300
13.3.1 Ethernet Edit	302
13.3.2 Object References	309
13.4 PPP Interfaces	310
13.4.1 PPP Interface Summary	311
13.4.2 PPP Interface Add or Edit	313
13.5 Cellular Configuration Screen (3G)	317
13.5.1 Cellular Add/Edit Screen	319
13.6 WLAN Interface General Screen	326
13.6.1 WLAN Add/Edit Screen	329
13.6.2 WLAN Add/Edit: WEP Security	335
13.6.3 WLAN Add/Edit: WPA-PSK/WPA2-PSK Security	336
13.6.4 WLAN Add/Edit: WPA/WPA2 Security	337
13.7 WLAN Interface MAC Filter	339
13.8 VLAN Interfaces	341
13.8.1 VLAN Summary Screen	343
13.8.2 VLAN Add/Edit	344
13.9 Bridge Interfaces	351
13.9.1 Bridge Summary	353
13.9.2 Bridge Add/Edit	354
13.10 Auxiliary Interface	360
13.10.1 Auxiliary Interface Overview	360
13.10.2 Auxiliary	360
13.11 Virtual Interfaces	362
13.11.1 Virtual Interfaces Add/Edit	363
13.12 Interface Technical Reference	364
Trunks	369
14.1 Overview	369
14.1.1 What You Can Do in this Chapter	369
14.1.2 What You Need to Know	370
14.2 The Trunk Summary Screen	374
14.3 Configuring a Trunk	375
14.4 Trunk Technical Reference	377
Policy and Static Routes	379
15.1 Policy and Static Routes Overview	379
15.1.1 What You Can Do in this Chapter	379
15.1.2 What You Need to Know	380
15.2 Policy Route Screen	382
15.2.1 Policy Route Edit Screen	385
15.3 IP Static Route Screen	389
15.3.1 Static Route Add/Edit Screen	390
15.4 Policy Routing Technical Reference	391
Routing Protocols	395
16.1 Routing Protocols Overview	395
16.1.1 What You Can Do in this Chapter	395
16.1.2 What You Need to Know	395
16.2 The RIP Screen	396
16.3 The OSPF Screen	397
16.3.1 Configuring the OSPF Screen	401
16.3.2 OSPF Area Add/Edit Screen	404
16.3.3 Virtual Link Add/Edit Screen	405
16.4 Routing Protocol Technical Reference	406
Zones	409
17.1 Zones Overview	409
17.1.1 What You Can Do in this Chapter	409
17.1.2 What You Need to Know	410
17.2 The Zone Screen	411
17.3 Zone Edit	412
DDNS	413
18.1 DDNS Overview	413
18.1.1 What You Can Do in this Chapter	413
18.1.2 What You Need to Know	413
18.2 The DDNS Screen	414
18.2.1 The Dynamic DNS Add/Edit Screen	416
NAT	419
19.1 NAT Overview	419
19.1.1 What You Can Do in this Chapter	419
19.1.2 What You Need to Know	420
19.2 The NAT Screen	420
19.2.1 The NAT Add/Edit Screen	422
19.3 NAT Technical Reference	425
HTTP Redirect	429
20.1 Overview	429
20.1.1 What You Can Do in this Chapter	429
20.1.2 What You Need to Know	430
20.2 The HTTP Redirect Screen	431
20.2.1 The HTTP Redirect Edit Screen	432
ALG	435
21.1 ALG Overview	435
21.1.1 What You Can Do in this Chapter	435
21.1.2 What You Need to Know	436
21.1.3 Before You Begin	439
21.2 The ALG Screen	439
21.3 ALG Technical Reference	441
IP/MAC Binding	443
22.1 IP/MAC Binding Overview	443
22.1.1 What You Can Do in this Chapter	443
22.1.2 What You Need to Know	444
22.2 IP/MAC Binding Summary	444
22.2.1 IP/MAC Binding Edit	445
22.2.2 Static DHCP Edit	446
22.3 IP/MAC Binding Exempt List	447
Authentication Policy	449
23.1 Overview	449
23.1.1 What You Can Do in this Chapter	449
23.1.2 What You Need to Know	450
23.2 Authentication Policy Screen	450
23.2.1 Adding Exceptional Services	452
23.2.2 Creating/Editing an Authentication Policy	453
Firewall	457
24.1 Overview	457
24.1.1 What You Can Do in this Chapter	457
24.1.2 What You Need to Know	458
24.1.3 Firewall Rule Example Applications	460
24.1.4 Firewall Rule Configuration Example	463
24.2 The Firewall Screen	465
24.2.1 Configuring the Firewall Screen	466
24.2.2 The Firewall Add/Edit Screen	469
24.3 The Session Limit Screen	470
24.3.1 The Session Limit Add/Edit Screen	472
IPSec VPN	475
25.1 IPSec VPN Overview	475
25.1.1 What You Can Do in this Chapter	475
25.1.2 What You Need to Know	476
25.1.3 Before You Begin	478
25.2 The VPN Connection Screen	478
25.2.1 The VPN Connection Add/Edit (IKE) Screen	480
25.2.2 The VPN Connection Add/Edit Manual Key Screen	487
25.3 The VPN Gateway Screen	490
25.3.1 The VPN Gateway Add/Edit Screen	491
25.4 VPN Concentrator	499
25.4.1 IPSec VPN Concentrator Example	499
25.4.2 VPN Concentrator Screen	502
25.4.3 The VPN Concentrator Add/Edit Screen	502
25.5 IPSec VPN Background Information	503
SSL VPN	517
26.1 Overview	517
26.1.1 What You Can Do in this Chapter	517
26.1.2 What You Need to Know	517
26.2 The SSL Access Privilege Screen	520
26.2.1 The SSL Access Policy Add/Edit Screen	522
26.3 The SSL Global Setting Screen	524
26.3.1 How to Upload a Custom Logo	526
26.4 Establishing an SSL VPN Connection	527
SSL User Screens	531
27.1 Overview	531
27.1.1 What You Need to Know	531
27.2 Remote User Login	532
27.3 The SSL VPN User Screens	537
27.4 Bookmarking the ZyWALL	538
27.5 Logging Out of the SSL VPN User Screens	538
SSL User Application Screens	541
28.1 SSL User Application Screens Overview	541
28.2 The Application Screen	541
SSL User File Sharing	543
29.1 Overview	543
29.1.1 What You Need to Know	543
29.2 The Main File Sharing Screen	544
29.3 Opening a File or Folder	544
29.3.1 Downloading a File	546
29.3.2 Saving a File	547
29.4 Creating a New Folder	547
29.5 Renaming a File or Folder	548
29.6 Deleting a File or Folder	548
29.7 Uploading a File	549
ZyWALL SecuExtender	551
30.1 The ZyWALL SecuExtender Icon	551
30.2 Statistics	552
30.3 View Log	553
30.4 Suspend and Resume the Connection	553
30.5 Stop the Connection	554
30.6 Uninstalling the ZyWALL SecuExtender	554
L2TP VPN	555
31.1 Overview	555
31.1.1 What You Can Do in this Chapter	555
31.1.2 What You Need to Know	555
31.2 L2TP VPN Screen	557
Application Patrol	559
32.1 Overview	559
32.1.1 What You Can Do in this Chapter	559
32.1.2 What You Need to Know	560
32.1.3 Application Patrol Bandwidth Management Examples	565
32.2 Application Patrol General Screen	569
32.3 Application Patrol Applications	570
32.3.1 The Application Patrol Edit Screen	571
32.3.2 The Application Patrol Policy Edit Screen	575
32.4 The Other Applications Screen	578
32.4.1 The Other Applications Add/Edit Screen	581
Anti-Virus	585
33.1 Overview	585
33.1.1 What You Can Do in this Chapter	585
33.1.2 What You Need to Know	586
33.1.3 Before You Begin	588
33.2 Anti-Virus Summary Screen	588
33.2.1 Anti-Virus Policy Add or Edit Screen	591
33.3 Anti-Virus Black List	593
33.4 Anti-Virus Black List or White List Add/Edit	594
33.5 Anti-Virus White List	595
33.6 Signature Searching	596
33.7 Anti-Virus Technical Reference	599
IDP	601
34.1 Overview	601
34.1.1 What You Can Do in this Chapter	601
34.1.2 What You Need To Know	601
34.1.3 Before You Begin	602
34.2 The IDP General Screen	603
34.3 Introducing IDP Profiles	605
34.3.1 Base Profiles	606
34.4 The Profile Summary Screen	607
34.5 Creating New Profiles	608
34.5.1 Procedure To Create a New Profile	608
34.6 Profiles: Packet Inspection	609
34.6.1 Profile > Group View Screen	609
34.6.2 Policy Types	612
34.6.3 IDP Service Groups	613
34.6.4 Profile > Query View Screen	614
34.6.5 Query Example	617
34.7 Introducing IDP Custom Signatures	619
34.7.1 IP Packet Header	619
34.8 Configuring Custom Signatures	620
34.8.1 Creating or Editing a Custom Signature	622
34.8.2 Custom Signature Example	628
34.8.3 Applying Custom Signatures	630
34.8.4 Verifying Custom Signatures	631
34.9 IDP Technical Reference	632
ADP	637
35.1 Overview	637
35.1.1 ADP and IDP Comparison	637
35.1.2 What You Can Do in this Chapter	637
35.1.3 What You Need To Know	637
35.1.4 Before You Begin	638
35.2 The ADP General Screen	639
35.3 The Profile Summary Screen	640
35.3.1 Base Profiles	641
35.3.2 Configuring The ADP Profile Summary Screen	641
35.3.3 Creating New ADP Profiles	642
35.3.4 Traffic Anomaly Profiles	642
35.3.5 Protocol Anomaly Profiles	645
35.3.6 Protocol Anomaly Configuration	645
35.4 ADP Technical Reference	649
Content Filtering	659
36.1 Overview	659
36.1.1 What You Can Do in this Chapter	659
36.1.2 What You Need to Know	659
36.1.3 Before You Begin	661
36.2 Content Filter General Screen	661
36.3 Content Filter Policy Add or Edit Screen	664
36.4 Content Filter Profile Screen	666
36.5 Content Filter Categories Screen	666
36.5.1 Content Filter Blocked and Warning Messages	678
36.6 Content Filter Customization Screen	679
36.7 Content Filter Technical Reference	681
Content Filter Reports	683
37.1 Overview	683
37.2 Viewing Content Filter Reports	683
Anti-Spam	691
38.1 Overview	691
38.1.1 What You Can Do in this Chapter	691
38.1.2 What You Need to Know	691
38.2 Before You Begin	693
38.3 The Anti-Spam General Screen	693
38.3.1 The Anti-Spam Policy Add or Edit Screen	695
38.4 The Anti-Spam Black List Screen	697
38.4.1 The Anti-Spam Black or White List Add/Edit Screen	699
38.4.2 Regular Expressions in Black or White List Entries	700
38.5 The Anti-Spam White List Screen	701
38.6 The DNSBL Screen	702
38.7 Anti-Spam Technical Reference	704
Device HA	709
39.1 Overview	709
39.1.1 What You Can Do in this Chapter	709
39.1.2 What You Need to Know	709
39.1.3 Before You Begin	710
39.2 Device HA General	711
39.3 The Active-Passive Mode Screen	712
39.3.1 Configuring Active-Passive Mode Device HA	714
39.4 Configuring an Active-Passive Mode Monitored Interface	717
39.5 The Legacy Mode Screen	719
39.6 Configuring the Legacy Mode Screen	720
39.7 Device HA Technical Reference	724
User/Group	731
40.1 Overview	731
40.1.1 What You Can Do in this Chapter	731