Home » ZyXEL Manuals » Network Security & Firewall Devices » ZyXEL USG110/210/310 » Manual Viewer

ZyXEL USG110/210/310 User Guide - Page 773

Exclude List Screen

View all ZyXEL USG110/210/310 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 773 highlights

Chapter 41 SSL Inspection Table 283 Configuration > UTM Profile > SSL Inspection > Profile > Add / Edit (continued) LABEL DESCRIPTION Action To edit what action the Zyxel Device takes when a packet matches a signature, select the signature and use the Action icon. none: Select this action on an individual signature or a complete service group to have the Zyxel Device take no action when a packet matches the signature(s). drop: Select this action on an individual signature or a complete service group to have the Zyxel Device silently drop a packet that matches the signature(s). Neither sender nor receiver are notified. reject-sender: Select this action on an individual signature or a complete service group to have the Zyxel Device send a reset to the sender when a packet matches the signature. If it is a TCP attack packet, the Zyxel Device will send a packet with a 'RST' flag. If it is an ICMP or UDP attack packet, the Zyxel Device will send an ICMP unreachable packet. reject-receiver: Select this action on an individual signature or a complete service group to have the Zyxel Device send a reset to the receiver when a packet matches the signature. If it is a TCP attack packet, the Zyxel Device will send a packet with an a 'RST' flag. If it is an ICMP or UDP attack packet, the Zyxel Device will do nothing. # Status SID Log Action OK Cancel reject-both: Select this action on an individual signature or a complete service group to have the Zyxel Device send a reset to both the sender and receiver when a packet matches the signature. If it is a TCP attack packet, the Zyxel Device will send a packet with a 'RST' flag to the receiver and sender. If it is an ICMP or UDP attack packet, the Zyxel Device will send an ICMP unreachable packet. This is the entry's index number in the list. The activate (light bulb) icon is lit when the entry is active and dimmed when the entry is inactive. Type the exact signature ID (identification) number that uniquely identifies a Zyxel Device IDP signature. These are the log options. To edit this, select an item and use the Log icon. This is the action the Zyxel Device should take when a packet matches a signature here. To edit this, select an item and use the Action icon. Click OK to save your settings to the Zyxel Device, and return to the profile summary page. Click Cancel to return to the profile summary page without saving any changes. 41.3 Exclude List Screen There may be privacy and legality issues regarding inspecting a user's encrypted session. The legal issues may vary by locale, so it's important to check with your legal department to make sure that it's OK to intercept SSL traffic from your Zyxel Device users. To ensure individual privacy and meet legal requirements, you can configure an exclusion list to exclude matching sessions to destination servers. This traffic is not intercepted and is passed through uninspected. Click Configuration > UTM Profile > SSL Inspection > Exclude List to display the following screen. Use Add to put a new item in the list or Edit to change an existing one or Remove to delete an existing entry. ZyWALL USG Series User's Guide 773

Section	Page
ZyWALL USG Series	1
Document Conventions	3
Contents Overview	4
Table of Contents	6
User’s Guide	27
Introduction	28
1.1 Overview	28
1.2 Registration at myZyxel	29
1.2.1 Grace Period	30
1.3 Applications	30
1.4 Management Overview	33
1.5 Web Configurator	35
1.5.1 Web Configurator Access	35
1.5.2 Web Configurator Screens Overview	38
1.5.3 Navigation Panel	41
1.5.4 Tables and Lists	50
Initial Setup Wizard	53
2.1 Initial Setup Wizard Screens	53
2.1.1 Internet Access Setup - WAN Interface	54
2.1.2 Internet Access: Ethernet	54
2.1.3 Internet Access: PPPoE	56
2.1.4 Internet Access: PPTP	57
2.1.5 Internet Access: L2TP	59
2.1.6 Internet Access Setup - Second WAN Interface	60
2.1.7 Internet Access: Congratulations	61
2.1.8 Date and Time Settings	61
2.1.9 Register Device	62
2.1.10 Activate Service	63
2.1.11 Wireless Settings: AP Controller	64
2.1.12 Wireless Settings: SSID & Security	65
2.1.13 Remote Management	66
Hardware, Interfaces and Zones	68
3.1 Hardware Overview	68
3.1.1 Front Panels	68
3.1.2 Rear Panels	72
3.2 Mounting	74
3.2.1 Rack-mounting	74
3.2.2 USG2200-VPN/USG2200 Rack Mounting	75
3.2.3 Wall-mounting	78
3.3 Default Zones, Interfaces, and Ports	79
3.4 Stopping the Zyxel Device	81
Easy Mode	82
4.1 Overview	82
4.1.1 Objects and Rules	82
4.1.2 Wizards and Links	83
4.1.3 Easy Mode Settings	84
4.1.4 Easy Mode Dashboard	85
4.2 Initial Setup Wizard - Language and Overview	87
4.2.1 Initial Setup Wizard - Internet	89
4.2.2 Initial Setup Wizard - Internet Access Errors	90
4.2.3 Initial Setup Wizard - Date and Time	91
4.2.4 Initial Setup Wizard - Register Device	92
4.2.5 Initial Setup Wizard - Activate Services	94
4.2.6 Initial Setup Wizard - Wi-Fi	96
4.2.7 Initial Setup Wizard - Remote Management	96
4.2.8 Initial Setup Wizard - Congratulations	98
4.3 Initial Setup Wizard - Security Service	99
4.4 Initial Setup Wizard - Port Forwarding	101
4.5 Initial Setup Wizard - Guest LAN	102
4.5.1 Connecting AP Scenarios	104
4.6 Initial Setup Wizard - VPN	106
4.6.1 VPN Setup Wizard: Wizard Type	107
4.6.2 VPN Express Wizard - Scenario	107
4.6.3 VPN Express Wizard - Configuration	110
4.6.4 VPN Express Wizard - Summary	110
4.6.5 VPN Express Wizard - Finish	111
4.6.6 VPN Advanced Wizard - Scenario	112
4.6.7 VPN Advanced Wizard - Phase 1 Settings	113
4.6.8 VPN Advanced Wizard - Phase 2	114
4.6.9 VPN Advanced Wizard - Summary	115
4.6.10 VPN Advanced Wizard - Finish	116
4.7 VPN Settings for Configuration Provisioning Wizard: Wizard Type	117
4.7.1 Configuration Provisioning Express Wizard - VPN Settings	118
4.7.2 Configuration Provisioning VPN Express Wizard - Configuration	119
4.7.3 VPN Settings for Configuration Provisioning Express Wizard - Summary	120
4.7.4 VPN Settings for Configuration Provisioning Express Wizard - Finish	121
4.7.5 VPN Settings for Configuration Provisioning Advanced Wizard - Scenario	122
4.7.6 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 1 Settings	123
4.7.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 2	124
4.7.8 VPN Settings for Configuration Provisioning Advanced Wizard - Summary	125
4.7.9 VPN Settings for Configuration Provisioning Advanced Wizard- Finish	128
4.8 VPN Settings for L2TP VPN Settings Wizard	129
4.8.1 L2TP VPN Settings 1	129
4.8.2 L2TP VPN Settings 2	130
4.8.3 VPN Settings for L2TP VPN Setting Wizard - Summary	131
4.8.4 VPN Settings for L2TP VPN Setting Wizard Completed	132
4.9 Port Forwarding	133
4.9.1 Port Forwarding > Add Client	134
4.9.2 Port Forwarding > Add Service	134
4.9.3 Port Forwarding > UPnP	134
4.10 Wi-Fi and Guest Network Wizard	135
4.10.1 Guest LAN (Wired Network)	136
4.10.2 Connecting AP Scenarios	138
4.11 Security Service Wizard	139
4.11.1 Security Service Wizard 2 - Content Filter Categories	141
4.11.2 Security Service Wizard 3 - Websites	143
4.11.3 Security Service Wizard 4 - Exemptions	144
4.11.4 Security Service Wizard 5 - IDP/AV	145
4.12 MyZyxel Portal	146
4.13 One Security Portal	147
Quick Setup Wizards	149
5.1 Quick Setup Overview	149
5.2 WAN Interface Quick Setup	150
5.2.1 Choose an Ethernet Interface	150
5.2.2 Select WAN Type	151
5.2.3 Configure WAN IP Settings	152
5.2.4 ISP and WAN and ISP Connection Settings	153
5.2.5 Quick Setup Interface Wizard: Summary	155
5.3 VPN Setup Wizard	156
5.3.1 Welcome	157
5.3.2 VPN Setup Wizard: Wizard Type	157
5.3.3 VPN Express Wizard - Scenario	158
5.3.4 VPN Express Wizard - Configuration	159
5.3.5 VPN Express Wizard - Summary	160
5.3.6 VPN Express Wizard - Finish	161
5.3.7 VPN Advanced Wizard - Scenario	161
5.3.8 VPN Advanced Wizard - Phase 1 Settings	163
5.3.9 VPN Advanced Wizard - Phase 2	164
5.3.10 VPN Advanced Wizard - Summary	165
5.3.11 VPN Advanced Wizard - Finish	166
5.4 VPN Settings for Configuration Provisioning Wizard: Wizard Type	167
5.4.1 Configuration Provisioning Express Wizard - VPN Settings	167
5.4.2 Configuration Provisioning VPN Express Wizard - Configuration	168
5.4.3 VPN Settings for Configuration Provisioning Express Wizard - Summary	169
5.4.4 VPN Settings for Configuration Provisioning Express Wizard - Finish	170
5.4.5 VPN Settings for Configuration Provisioning Advanced Wizard - Scenario	171
5.4.6 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 1 Settings	172
5.4.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 2	173
5.4.8 VPN Settings for Configuration Provisioning Advanced Wizard - Summary	174
5.4.9 VPN Settings for Configuration Provisioning Advanced Wizard- Finish	176
5.5 VPN Settings for L2TP VPN Settings Wizard	177
5.5.1 L2TP VPN Settings	178
5.5.2 L2TP VPN Settings	179
5.5.3 VPN Settings for L2TP VPN Setting Wizard - Summary	180
5.5.4 VPN Settings for L2TP VPN Setting Wizard Completed	181
Dashboard	182
6.1 Overview	182
6.1.1 What You Can Do in this Chapter	182
6.2 Main Dashboard Screen	182
6.2.1 Device Information Screen	184
6.2.2 System Status Screen	185
6.2.3 DHCP Table Screen	186
6.2.4 Number of Login Users Screen	187
6.2.5 System Resources Screen	188
6.2.6 Extension Slot Screen	189
6.2.7 Interface Status Summary Screen	190
6.2.8 Secured Service Status Screen	191
6.2.9 Content Filter Statistics Screen	192
6.2.10 Top 5 Viruses Screen	192
6.2.11 Top 5 Intrusions Screen	193
6.2.12 Top 5 IPv4/IPv6 Security Policy Rules that Blocked Traffic Screen	193
6.2.13 The Latest Alert Logs Screen	194
Technical Reference	195
Monitor	196
7.1 Overview	196
7.1.1 What You Can Do in this Chapter	196
7.2 The Port Statistics Screen	198
7.2.1 The Port Statistics Graph Screen	199
7.3 Interface Status Screen	200
7.4 The Traffic Statistics Screen	204
7.5 The Session Monitor Screen	207
7.6 IGMP Statistics	209
7.7 The DDNS Status Screen	210
7.8 IP/MAC Binding	210
7.9 The Login Users Screen	211
7.10 The Dynamic Guest Screen	212
7.11 Cellular Status Screen	214
7.11.1 More Information	216
7.12 The UPnP Port Status Screen	217
7.13 USB Storage Screen	218
7.14 Ethernet Neighbor Screen	219
7.15 FQDN Object Screen	220
7.16 AP Information: AP List	222
7.16.1 AP List: More Information	224
7.16.2 AP List: Config AP	227
7.17 AP Information: Radio List	228
7.17.1 Radio List: More Information	230
7.18 AP Information: Top N APs	231
7.19 AP Information: Single AP	233
7.20 ZyMesh	234
7.21 SSID Info	234
7.22 Station Info: Station List	235
7.23 Station Info: Top N Stations	236
7.24 Station Info: Single Station	237
7.25 Detected Device	238
7.26 The Printer Status Screen	239
7.27 The SecuDeployer Monitor Screen	239
7.27.1 Device Information (for Zyxel Device Server)	240
7.27.2 Device Information (for Zyxel Device Client)	242
7.28 The IPSec Screen	244
7.29 The SSL Screen	245
7.30 The L2TP over IPSec Screen	246
7.31 The App Patrol Screen	247
7.32 The Content Filter Screen	248
7.33 The IDP Screen	250
7.34 The Anti-Virus Screen	252
7.35 The Anti-Spam Screens	254
7.35.1 Anti-Spam Summary	254
7.35.2 The Anti-Spam Status Screen	256
7.36 The SSL Inspection Screens	258
7.36.1 Certificate Cache List	259
7.37 Log Screens	260
7.37.1 View Log	260
7.37.2 View AP Log	262
7.37.3 Dynamic Users Log	264
Licensing	266
8.1 Registration Overview	266
8.1.1 What you Need to Know	266
8.1.2 Registration Screen	266
8.1.3 Service Screen	267
8.2 Signature Update	269
8.2.1 What you Need to Know	269
8.2.2 The Anti-Virus Update Screen	269
8.2.3 The IDP/AppPatrol Update Screen	270
Wireless	273
9.1 Overview	273
9.1.1 What You Can Do in this Chapter	273
9.2 Controller Screen	273
9.3 AP Management Screens	274
9.3.1 Mgnt. AP List	274
9.3.2 AP Policy	278
9.3.3 AP Group	279
9.3.4 Firmware	286
9.4 Rogue AP	288
9.4.1 Add/Edit Rogue/Friendly List	290
9.5 Auto Healing	291
9.6 RTLS Overview	292
9.6.1 What You Can Do in this Chapter	292
9.6.2 Before You Begin	292
9.6.3 Configuring RTLS	293
9.7 Technical Reference	294
9.7.1 Dynamic Channel Selection	294
9.7.2 Load Balancing	295
Interfaces	296
10.1 Interface Overview	296
10.1.1 What You Can Do in this Chapter	296
10.1.2 What You Need to Know	297
10.1.3 What You Need to Do First	301
10.2 Port Role	301
10.3 Port Configuration	302
10.4 Port Group	303
10.5 Ethernet Summary Screen	304
10.5.1 Ethernet Edit	306
10.5.2 Proxy ARP	325
10.5.3 Virtual Interfaces	327
10.5.4 References	328
10.5.5 Add/Edit DHCPv6 Request/Release Options	329
10.5.6 Add/Edit DHCP Extended Options	329
10.6 PPP Interfaces	331
10.6.1 PPP Interface Summary	331
10.6.2 PPP Interface Add or Edit	333
10.7 Cellular Configuration Screen	338
10.7.1 Cellular Choose Slot	341
10.7.2 Add / Edit Cellular Configuration	341
10.8 Tunnel Interfaces	347
10.8.1 Configuring a Tunnel	349
10.8.2 Tunnel Add or Edit Screen	350
10.9 VLAN Interfaces	353
10.9.1 VLAN Summary Screen	355
10.9.2 VLAN Add/Edit	356
10.10 Bridge Interfaces	368
10.10.1 Bridge Summary	370
10.10.2 Bridge Add/Edit	371
10.11 LAG	382
10.11.1 LAG Summary Screen	382
10.11.2 LAG Add/Edit	384
10.12 VTI	389
10.12.1 Restrictions for IPSec Virtual Tunnel Interface	389
10.12.2 VTI Screen	389
10.12.3 VTI Add/Edit	390
10.13 Trunk Overview	394
10.13.1 What You Need to Know	394
10.14 The Trunk Summary Screen	397
10.14.1 Configuring a User-Defined Trunk	398
10.14.2 Configuring the System Default Trunk	400
10.15 Interface Technical Reference	401
Routing	406
11.1 Policy and Static Routes Overview	406
11.1.1 What You Can Do in this Chapter	406
11.1.2 What You Need to Know	407
11.2 Policy Route Screen	408
11.2.1 Policy Route Edit Screen	411
11.3 IP Static Route Screen	415
11.3.1 Static Route Add/Edit Screen	415
11.4 Policy Routing Technical Reference	417
11.5 Routing Protocols Overview	417
11.5.1 What You Need to Know	418
11.6 The RIP Screen	418
11.7 The OSPF Screen	420
11.7.1 Configuring the OSPF Screen	423
11.7.2 OSPF Area Add/Edit Screen	424
11.7.3 Virtual Link Add/Edit Screen	426
11.8 BGP (Border Gateway Protocol)	427
11.8.1 Allow BGP Packets to Enter the Zyxel Device	428
11.8.2 Configuring the BGP Screen	428
11.8.3 The BGP Neighbors Screen	430
11.8.4 Example Scenario	431
DDNS	433
12.1 DDNS Overview	433
12.1.1 What You Can Do in this Chapter	433
12.1.2 What You Need to Know	433
12.2 The DDNS Screen	434
12.2.1 The Dynamic DNS Add/Edit Screen	435
NAT	439
13.1 NAT Overview	439
13.1.1 What You Can Do in this Chapter	439
13.1.2 What You Need to Know	439
13.2 The NAT Screen	440
13.2.1 The NAT Add/Edit Screen	442
13.3 NAT Technical Reference	445
Redirect Service	447
14.1 Overview	447
14.1.1 HTTP Redirect	447
14.1.2 SMTP Redirect	447
14.1.3 What You Can Do in this Chapter	448
14.1.4 What You Need to Know	448
14.2 The Redirect Service Screen	450
14.2.1 The Redirect Service Edit Screen	451
ALG	453
15.1 ALG Overview	453
15.1.1 What You Need to Know	453
15.1.2 Before You Begin	456
15.2 The ALG Screen	456
15.3 ALG Technical Reference	458
UPnP	460
16.1 UPnP and NAT-PMP Overview	460
16.2 What You Need to Know	460
16.2.1 NAT Traversal	460
16.2.2 Cautions with UPnP and NAT-PMP	461
16.3 UPnP Screen	461
16.4 Technical Reference	462
16.4.1 Turning on UPnP in Windows 7 Example	462
16.4.2 Turn on UPnP in Windows 10 Example	466
16.4.3 Auto-discover Your UPnP-enabled Network Device	468
16.4.4 Web Configurator Easy Access in Windows 7	471
16.4.5 Web Configurator Easy Access in Windows 10	473
IP/MAC Binding	475
17.1 IP/MAC Binding Overview	475
17.1.1 What You Can Do in this Chapter	475
17.1.2 What You Need to Know	475
17.2 IP/MAC Binding Summary	476
17.2.1 IP/MAC Binding Edit	476
17.2.2 Static DHCP Edit	477
17.3 IP/MAC Binding Exempt List	478
Layer 2 Isolation	480
18.1 Overview	480
18.1.1 What You Can Do in this Chapter	480
18.2 Layer-2 Isolation General Screen	480
18.3 White List Screen	481
18.3.1 Add/Edit White List Rule	482
DNS Inbound LB	484
19.1 DNS Inbound Load Balancing Overview	484
19.1.1 What You Can Do in this Chapter	484
19.2 The DNS Inbound LB Screen	485
19.2.1 The DNS Inbound LB Add/Edit Screen	486
19.2.2 The DNS Inbound LB Add/Edit Member Screen	488
Web Authentication	490
20.1 Web Auth Overview	490
20.1.1 What You Can Do in this Chapter	490
20.1.2 What You Need to Know	491
20.2 Web Authentication General Screen	491
20.2.1 User-aware Access Control Example	496
20.2.2 Authentication Type Screen	502
20.2.3 Custom Web Portal / User Agreement File Screen	506
20.2.4 Facebook Wi-Fi Screen	507
20.3 SSO Overview	511
20.4 SSO - Zyxel Device Configuration	512
20.4.1 Configuration Overview	513
20.4.2 Configure the Zyxel Device to Communicate with SSO	513
20.4.3 Enable Web Authentication	514
20.4.4 Create a Security Policy	515
20.4.5 Configure User Information	516
20.4.6 Configure an Authentication Method	517
20.4.7 Configure Active Directory	517
20.5 SSO Agent Configuration	518
Hotspot	522
21.1 Overview	522
21.2 Billing Overview	522
21.2.1 What You Need to Know	522
21.3 The Billing > General Screen	523
21.4 The Billing > Billing Profile Screen	525
21.4.1 The Account Generator Screen	526
21.4.2 The Account Redeem Screen	529
21.4.3 The Billing Profile Add/Edit Screen	531
21.5 The Billing > Discount Screen	532
21.5.1 The Discount Add/Edit Screen	534
21.6 The Billing > Payment Service Screen	534
21.6.1 The Payment Service > Desktop / Mobile View Screen	536
Printer Manager	540
22.1 Printer Manager Overview	540
22.1.1 What You Can Do in this Chapter	540
22.2 The Printer Manager > General Screen	540
22.2.1 Add Printer Rule	543
22.2.2 Edit Printer Rule	543
22.2.3 Discover Printer	544
22.2.4 Edit Printer Manager (Discover Printer)	546
22.3 The Printout Configuration Screen	547
22.4 Printer Reports Overview	548
22.4.1 Key Combinations	548
22.4.2 Daily Account Summary	548
22.4.3 Monthly Account Summary	549
22.4.4 Account Report Notes	549
22.4.5 System Status	550
Free Time	552
23.1 Free Time Overview	552
23.1.1 What You Can Do in this Chapter	552
23.2 The Free Time Screen	552
IPnP	557
24.1 IPnP Overview	557
24.1.1 What You Can Do in this Chapter	558
24.1.2 IPnP Screen	558
Walled Garden	560
25.1 Walled Garden Overview	560
25.2 Walled Garden > General Screen	560
25.3 Walled Garden > URL Base Screen	561
25.3.1 Adding/Editing a Walled Garden URL	562
25.4 Walled Garden > Domain/IP Base Screen	563
25.4.1 Adding/Editing a Walled Garden Domain or IP	564
25.4.2 Walled Garden Login Example	564
Advertisement Screen	566
26.1 Advertisement Overview	566
26.1.1 Adding/Editing an Advertisement URL	567
Security Policy	569
27.1 Overview	569
27.2 One Security	570
27.3 What You Can Do in this Chapter	573
27.3.1 What You Need to Know	574
27.4 The Security Policy Screen	575
27.4.1 Configuring the Security Policy Control Screen	576
27.4.2 The Security Policy Control Add/Edit Screen	579
27.5 Anomaly Detection and Prevention Overview	581
27.5.1 The Anomaly Detection and Prevention General Screen	582
27.5.2 Creating New ADP Profiles	583
27.5.3 Traffic Anomaly Profiles	584
27.5.4 Protocol Anomaly Profiles	587
27.6 The Session Control Screen	590
27.6.1 The Session Control Add/Edit Screen	591
27.7 Security Policy Example Applications	592
Cloud CNM	595
28.1 Cloud CNM Overview	595
28.1.1 What You Can Do in this Chapter	595
28.2 Cloud CNM SecuManager	595
28.3 Cloud CNM SecuReporter	598
Amazon VPC	603
29.1 Overview	603
29.2 Amazon VPC Configuration Process	603
IPSec VPN	605
30.1 Virtual Private Networks (VPN) Overview	605
30.1.1 What You Can Do in this Chapter	607
30.1.2 What You Need to Know	607
30.1.3 Before You Begin	610
30.2 The VPN Connection Screen	610
30.2.1 The VPN Connection Add/Edit Screen	612
30.3 The VPN Gateway Screen	619
30.3.1 The VPN Gateway Add/Edit Screen	620
30.4 VPN Concentrator	627
30.4.1 VPN Concentrator Requirements and Suggestions	627
30.4.2 VPN Concentrator Screen	628
30.4.3 The VPN Concentrator Add/Edit Screen	628
30.5 Zyxel Device IPSec VPN Client Configuration Provisioning	629
30.6 IPSec VPN Background Information	631
SSL VPN	641
31.1 Overview	641
31.1.1 What You Can Do in this Chapter	641
31.1.2 What You Need to Know	641
31.2 The SSL Access Privilege Screen	642
31.2.1 The SSL Access Privilege Policy Add/Edit Screen	643
31.3 The SSL Global Setting Screen	646
31.3.1 How to Upload a Custom Logo	647
31.4 Zyxel Device SecuExtender	648
31.4.1 Example: Configure Zyxel Device for SecuExtender	649
SSL User Screens	652
32.1 Overview	652
32.1.1 What You Need to Know	652
32.2 Remote SSL User Login	653
32.3 The SSL VPN User Screens	655
32.4 Bookmarking the Zyxel Device	655
32.5 Logging Out of the SSL VPN User Screens	656
32.6 SSL User Application Screen	656
32.7 SSL User File Sharing	657
32.7.1 The Main File Sharing Screen	657
32.7.2 Opening a File or Folder	658
32.7.3 Downloading a File	659
32.7.4 Saving a File	659
32.7.5 Creating a New Folder	660
32.7.6 Renaming a File or Folder	660
32.7.7 Deleting a File or Folder	661
32.7.8 Uploading a File	661
32.8 SecuExtender Screen	662
32.8.1 Installing the SecuExtender Client	662
Zyxel Device SecuExtender (Windows)	665
33.1 The Zyxel Device SecuExtender Icon	665
33.2 Status	665
33.3 View Log	666
33.4 Suspend and Resume the Connection	667
33.5 Stop the Connection	667
33.6 Uninstalling the Zyxel Device SecuExtender	667
L2TP VPN	669
34.1 Overview	669
34.1.1 What You Can Do in this Chapter	669

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1,000
1,001
1,002
1,003
1,004
1,005
1,006
1,007
1,008
1,009
1,010
1,011
1,012
1,013
1,014
1,015
1,016
1,017
1,018
1,019
1,020
1,021
1,022
1,023
1,024
1,025
1,026
1,027
1,028
1,029
1,030
1,031
1,032
1,033
1,034
1,035
1,036
1,037
1,038
1,039
1,040
1,041
1,042
1,043
1,044
1,045
1,046
1,047
1,048
1,049
1,050
1,051
1,052
1,053
1,054
1,055
1,056
1,057
1,058
1,059
1,060
1,061
1,062
1,063
1,064
1,065
1,066
1,067
1,068
1,069
1,070
1,071
1,072
1,073
1,074
1,075
1,076
1,077
1,078
1,079
1,080
1,081
1,082
1,083
1,084
1,085
1,086
1,087
1,088
1,089
1,090

Match case Limit results 1 per page

Chapter 41 SSL Inspection

ZyWALL USG Series User’s Guide

773

41.3

Exclude List Screen

There may be privacy and legality issues regarding inspecting a user's encrypted session. The legal issues

may vary by locale, so it's important to check with your legal department to make sure that it’s OK to

intercept SSL traffic from your Zyxel Device users.

To ensure individual privacy and meet legal requirements, you can configure an exclusion list to exclude

matching sessions to destination servers. This traffic is not intercepted and is passed through

uninspected.

Click

Configuration > UTM Profile > SSL Inspection > Exclude List

to display the following screen. Use

Add

to put a new item in the list or

Edit

to change an existing one or

Remove

to delete an existing entry.

Action

To edit what action the Zyxel Device takes when a packet matches a signature, select the

signature and use the

Action

icon.

none

: Select this action on an individual signature or a complete service group to have the

Zyxel Device take no action when a packet matches the signature(s).

drop

: Select this action on an individual signature or a complete service group to have the

Zyxel Device silently drop a packet that matches the signature(s). Neither sender nor receiver

are notified.

reject-sender

: Select this action on an individual signature or a complete service group to have

the Zyxel Device send a reset to the sender when a packet matches the signature. If it is a TCP

attack packet, the Zyxel Device will send a packet with a ‘RST’ flag. If it is an ICMP or UDP

attack packet, the Zyxel Device will send an ICMP unreachable packet.

reject-receiver

: Select this action on an individual signature or a complete service group to

have the Zyxel Device send a reset to the receiver when a packet matches the signature. If it is

a TCP attack packet, the Zyxel Device will send a packet with an a ‘RST’ flag. If it is an ICMP or

UDP attack packet, the Zyxel Device will do nothing.

reject-both

: Select this action on an individual signature or a complete service group to have

the Zyxel Device send a reset to both the sender and receiver when a packet matches the

signature. If it is a TCP attack packet, the Zyxel Device will send a packet with a ‘RST’ flag to the

receiver and sender. If it is an ICMP or UDP attack packet, the Zyxel Device will send an ICMP

unreachable packet.

This is the entry’s index number in the list.

Status

The activate (light bulb) icon is lit when the entry is active and dimmed when the entry is

inactive.

SID

Type the exact signature ID (identification) number that uniquely identifies a Zyxel Device IDP

signature.

Log

These are the log options. To edit this, select an item and use the

Log

icon.

Action

This is the action the Zyxel Device should take when a packet matches a signature here. To edit

this, select an item and use the

Action

icon.

Click

to save your settings to the Zyxel Device, and return to the profile summary page.

Cancel

Click

Cancel

to return to the profile summary page without saving any changes.

Table 283

Configuration > UTM Profile > SSL Inspection > Profile > Add / Edit (continued)

LABEL

DESCRIPTION