Introduction
Overview
Model Feature Differences
On Premises Mode
Monitor Mode
Nebula Mode
NCC Portal
Your Zyxel Device
Activation Email
Changing the Mode
From Nebula Mode to On Premises Mode
From On Premises Mode to Nebula Mode
From Nebula Mode to Cloud Monitoring Mode
Registration at Zyxel
Applications
Management Overview
Remote Access to the Zyxel Device Networks
Web Configurator
Overview
Web Configurator Access
Security Best Practices
Two-Factor Authentication
Password Change
Security Policy Control
Security Check for Web Interface
Security Risk Warning
Web Configurator Screens Overview
Navigation Panel
Tables and Lists
Hardware, Interfaces and Zones
Hardware Overview
Front Panels
Rear Panels
Console Port Pin Connection
Wall-mounting
Default Zones, Interfaces, and Ports
Stopping the Zyxel Device
Dashboard
The General Screen
Device Information Screen
System Status Screen
Tx/Rx Statistics
The Latest Logs Screen
System Resources Screen
DHCP Table Screen
Number of Login Users Screen
Current Login User
VPN Status
SSL VPN Status
The VPN Screen
Monitor
The Port Statistics Screen
Port Statistics Graph
Interface Status
Traffic Statistics
The Session Monitor Screen
DHCP Table
Device Insight
The Device Insight Edit Screen
The Device Insight Feedback Screen
Login Users
IGMP Statistics
DDNS Status
IP/MAC Binding
Cellular Status
More Information
UPnP Port Status
USB Storage Screen
Ethernet Neighbor Screen
FQDN Object
AP Information: Radio List
Radio List: More Information
SSID Info
Station Info: Station List
Station Info: Top N Stations
Station Info: Single Station
IPSec
Regular Expressions in Searching IPSec SAs
SSL
L2TP over IPSec
Content Filter
Web Content Filter
DNS Content Filter
Anti-Spam
Anti-Spam Summary
The Anti-Spam Status Screen
Log
Licensing
Registration
Registration Screen
Service Screen
Wireless
Overview
Built-in AP
Wireless > Built-in AP > General > Add/Edit SSID
Wireless > Built-in AP > Radio
Interfaces
Interface Overview
What You Need to Know
What You Need to Do First
Port Role
Port Group
Port Configuration
Ethernet Summary
Ethernet Edit
Proxy ARP
Virtual Interfaces
References
Add/Edit DHCPv6 Request/Release Options
Add/Edit DHCP Extended Options
PPP Interfaces
PPP Interface Summary
PPP Interface Add or Edit
Cellular Configuration
Cellular Choose Slot
Add / Edit Cellular Configuration
Tunnel Interfaces
Configuring a Tunnel
Tunnel Add or Edit
VLAN Interfaces
VLAN Summary
VLAN Add/Edit
Bridge Interfaces
Bridge Summary
Bridge Add/Edit
VTI
Restrictions for IPSec Virtual Tunnel Interface
VTI Screen
VTI Add/Edit
Trunk Overview
Configuring a User-Defined Trunk
Configuring the System Default Trunk
Example: WAN Trunk Failover
Example: Trunk Tagged VLAN Traffic to a Switch
Routing
Policy and Static Routes Overview
What You Need to Know
Policy Route
Policy Route Edit
IP Static Route
Static Route Add/Edit
Policy Routing Technical Reference
Routing Protocols Overview
What You Need to Know
RIP
OSPF
Configuring OSPF
OSPF Area Add/Edit
Virtual Link Add/Edit
BGP (Border Gateway Protocol)
Allow BGP Packets to Enter the Zyxel Device
Configuring BGP
BGP Neighbors
Example Scenario
DDNS
DDNS Overview
DDNS
Dynamic DNS Add/Edit
NAT
Overview
NAT Overview
What You Need to Know
NAT
NAT Add/Edit
Redirect Service
Overview
HTTP Redirect
SMTP Redirect
Redirect Service
Redirect Service Edit
ALG
ALG Overview
What You Need to Know
Before You Begin
ALG
UPnP
What You Need to Know
NAT Traversal
Cautions with UPnP and NAT-PMP
UPnP Screen
IP/MAC Binding
IP/MAC Binding Overview
What You Need to Know
IP/MAC Binding Summary
IP/MAC Binding Edit
Static DHCP Edit
IP/MAC Binding Exempt List
Layer 2 Isolation
Layer-2 Isolation General Screen
Allow List Screen
Add/Edit Allow List Rule
DNS Inbound LB
DNS Inbound LB Add/Edit
DNS Inbound LB Add/Edit Member
IPSec VPN
Virtual Private Networks (VPN) Overview
What You Need to Know
Before You Begin
The VPN Connection Screen
VPN Connection Add/Edit
The VPN Gateway Screen
The VPN Gateway Add/Edit Screen
VPN Concentrator
VPN Concentrator Requirements and Suggestions
VPN Concentrator Screen
The VPN Concentrator Add/Edit Screen
Zyxel Device IPSec VPN Client Configuration Provisioning
Example: IPSec VPN with IKEv2 on a Mobile Phone
Configuration on Android
Configuration on iOS
IPSec VPN Background Information
SSL VPN
The SSL Access Privilege Screen
The SSL Access Privilege Policy Add/Edit Screen
The SSL Global Setting Screen
L2TP VPN
L2TP VPN Screen
L2TP and Zyxel Device Behind a NAT Router
BWM (Bandwidth Management)
Overview
What You Need to Know
Bandwidth Management Configuration
The Bandwidth Management Add/Edit Screen
Example: Prioritize a Specific Application
Web Authentication
Web Authentication General Screen
User-Authentication Access Control Example
Authentication Type Screen
Custom Web Portal / User Agreement File Screen
SSO Overview
SSO - Zyxel Device Configuration
Configure the Zyxel Device to Communicate with SSO
Security Policy
Overview
What You Can Do in this Chapter
What You Need to Know
Security Policy
Configuring the Security Policy Control
The Security Check for Web Interface Screen
Security Policy Control Add/Edit
Example: Allow a Server to Ping the Zyxel Device Without Creating Logs
Example: Create a Guest Network with Internet Access Only
Anomaly Detection and Prevention Overview
The Anomaly Detection and Prevention General Screen
Creating New ADP Profiles
Traffic Anomaly Profiles
Protocol Anomaly Profiles
The ADP Allow List Screen
Creating New ADP Allow List Rule
Session Control
Session Control Add/Edit
Content Filter
Overview
What You Need to Know
Before You Begin
Web Content Filter General
Apply to a Security Policy
Web Content Filter Add Category Service
Content Filter Add Filter Profile Custom Service
Web Content Filter Trusted Web Sites
Web Content Filter Forbidden Web Sites
DNS Content Filter General Screen
DNS Content Filter Add Profile
DNS Content Filter Allow List Screen
DNS Content Filter Block List Screen
Example: Block LAN Users From Using a Remote WAN Application
Anti-Spam
Before You Begin
Anti-Spam Profile
The Anti-Spam Profile Add or Edit Screen
The Mail Scan Screen
The Anti-Spam Block List Screen
The Anti-Spam Block or Allow List Add/Edit Screen
Regular Expressions in Block or Allow List Entries
The Anti-Spam Allow List Screen
The DNSBL Screen
Anti-Spam Technical Reference
Astra Cloud Security
Overview
Astra Cloud Security Screen
Object
Device Insight
Device Insight Add/Edit
Example: Block a Profile
Zones Overview
What You Need to Know
Zone
User/Group
What You Need To Know
User/Group User Summary
User Add/Edit General
User Add/Edit Two-factor Authentication
User/Group Group Summary
User/Group Setting
User/Group MAC Address Summary
User /Group Technical Reference
Address/Geo IP Overview
What You Need To Know
Address Summary
Address Group Summary
Geo IP Summary
Service
What You Need to Know
Service Summary
Service Group Summary
Schedule Overview
What You Need to Know
Schedule
Schedule Group
AAA Server Overview
Directory Service (AD/LDAP)
RADIUS Server
ASAS
RADIUS Server Summary
Auth. Method
Authentication Method Objects
Two-Factor Authentication
Two-Factor Authentication VPN Access
Two-Factor Authentication Admin Access
Example: Admin Login with Two-factor Authentication by SMS
Certificate Overview
Verifying a Certificate
The My Certificates Screen
Trusted Certificates
ISP Account Overview
ISP Account Summary
Mgmt. & Analytics
Mgmt. & Analytics Overview
Cloud CNM SecuManager
Cloud CNM SecuReporter
Nebula
Cloud Monitoring Mode
Cloud Management Scenario A - Native Mode
System
Host Name
USB Storage
Date and Time
Pre-defined NTP Time Servers List
Time Server Synchronization
Console Port Speed
DNS Overview
DNS Server Address Assignment
Configuring DNS
(IPv6) Address Record
PTR Record
Adding an (IPv6) Address/PTR Record
CNAME Record
Domain Zone Forwarder
Adding a Domain Zone Forwarder
MX Record
Security Option Control
Editing a Security Option Control
Adding a DNS Service Control Rule
WWW Overview
Service Access Limitations
System Timeout
HTTPS
Configuring WWW Service Control
Service Control Rules
Customizing the WWW Login Page
SSH
SSH Implementation on the Zyxel Device
Requirements for Using SSH
Configuring SSH
Service Control Rules
SSH Example
Telnet
Configuring Telnet
Service Control Rules
FTP
Service Control Rules
SNMP
SNMPv3 and Security
Supported MIBs
SNMP Traps
Configuring SNMP
Add SNMPv3 User
Service Control Rules
Authentication Server
Add/Edit Trusted RADIUS Client
Notification > Mail Server
Notification > SMS
Notification > Response Message
Language
IPv6
Zyxel One Network (ZON) Utility
Requirements
Zyxel One Network (ZON) System Screen
Advanced Screen
Fast Forwarding Technical Reference
Log and Report
Email Daily Report
Log Setting Screens
Log Setting Summary
Edit System Log Settings
Edit Log on USB Storage Setting
Edit Remote Server Log Settings
Log Category Settings Screen
File Manager
What you Need to Know
What you Need to Know
Configuration
Configuration Schedule Backup
Firmware Management
Cloud Helper
The Firmware Management Screen
Firmware Upgrade through USB Stick
Firmware Integrity Check
Shell Script
Diagnostics
Overview
Diagnostics
Scripts
Diagnostics Controller
Diagnostics Files
Packet Capture
Packet Capture Files
CPU / Memory Status
System Log
Network Tool
Routing Traces
Wireless Frame Capture
Wireless Frame Capture Files
Packet Flow Explore
Routing Status
SNAT Status
Shutdown
Overview
Troubleshooting
Resetting the Zyxel Device
Getting More Troubleshooting Help
Introduction
Web Configurator
Hardware, Interfaces and Zones
Dashboard
Monitor
Licensing
Wireless
Interfaces
Routing
DDNS
NAT
Redirect Service
ALG
UPnP
IP/MAC Binding
Layer 2 Isolation
DNS Inbound LB
IPSec VPN
SSL VPN
L2TP VPN
BWM (Bandwidth Management)
Web Authentication
Security Policy
Content Filter
Anti-Spam
Astra Cloud Security
Object
Mgmt. & Analytics
System
Log and Report
File Manager
Diagnostics
Packet Flow Explore
Shutdown
Troubleshooting
Model Feature Differences
About
SiteMap
ObjectReference
Dashboard_General
Dashboard_DeviceInfo
Dashboard_SystemStatus
Dashboard_TxRxStatistics
Dashboard_LatestAlertLogs
Dashboard_SystemResources
Dashboard_DHCPTable
Dashboard_NumberLoginUsers
Dashboard_CurrentLoginUser
Dashboard_VPNStatus
Dashboard_SSLVPNStatus
Monitor_PortStatistics
Monitor_PortStatistics_Graph
Monitor_Interfaces
Monitor_TrafficStats
Monitor_Sessions
Monitor_DeviceInsight_Edit
Monitor_DeviceInsight_Feedback
Monitor_LoginUsers
Monitor_IGMPStatistics
Monitor_DDNSstatus
Monitor_IPMACBinding
Monitor_Cellular
Monitor_Cellular_MoreInfo
Monitor_UPnPPortStatus
Monitor_USBstorage
Monitor_EthernetNeighbor
Monitor_FQDNObject
Monitor_Wireless_APInfo_RadioList
Monitor_Wireless_APInfo_RadioList_More
Monitor_Wireless_SSIDInfo
Monitor_Wireless_StationInfo_StationList
Monitor_Wireless_StationInfo_TopNStations
Monitor_Wireless_StationInfo_SingleStation
Monitor_VPNMonitor_IPSec
Monitor_VPNMonitor_SSL
Monitor_VPNMonitor_L2TPVPN
Monitor_SecurityStatistics_ContentFilter_WebContentFilter
Monitor_SecurityStatistics_ContentFilter_DNSContentFilter
Monitor_SecurityStatistics_EmailSecurity_Summary
Monitor_SecurityStatistics_EmailSecurity_Status
Monitor_Log
Licensing_Registration_Registration
Licensing_Registration_Service
Wireless_BuiltInAP_General
Wireless_BuiltInAP_General_AddSSID
Wireless_BuiltInAP_Radio
Iface_PortRole
Iface_PortGroup
Iface_PortConfig
Iface_Ethernet
Iface_Ethernet_Edit
IFace_Ethernet_ProxyARP
IFace_Ethernet_Virtual
Object_References
DHCPv6Opt
DHCPOpt
Iface_PPP
Iface_PPP_Edit
Iface_Cellular
Iface_Cellular_Edit_Slot
Iface_Cellular_Edit
Iface_Tunnel
Iface_Tunnel_Edit
Iface_VLAN
Iface_VLAN_Edit
Iface_Bridge
Iface_Bridge_Edit
IFace_VTI
Iface_VTI_edit
IFace_Trunk
IFace_Trunk_Edit
IFace_Trunk_EditSysDefault
Routing_PolicyRoute
Routing_PolicyRoute_Edit
Routing_StaticRoute
Routing_StaticRoute_Edit
Routing_RIP
Routing_OSPF
Routing_OSPF_Edit
Routing_OSPF_EditVirtualLink
Routing_BGP
Routing_BGP_Neighbors
DDNS
DDNS_Edit
NAT
NAT_Edit
Redirect
Redirect_Edit
ALG
UPnP
IPmacBind
IPmacBind_Edit
IPmacBind_StaticDHCPedit
IPmacBind_ExemptList
L2Isolation
L2Isolation_General
L2Isolation_WhiteList
L2Isolation_WhiteList_Edit
InboundLB
InboundLB_Edit
InboundLB_Edit_Member
IPSec_VPNconn
IPSec_VPNconn_Edit
IPSec_VPNgateway
IPSec_VPNgateway_Edit
IPSec_Concentrator
IPSec_Concentrator_Edit
IPSec_ConfigProvision
SSL_AccessPrivilege
SSL_AccessPrivilege_Edit
SSL_GlobalSetting
L2TP_VPN
BWM
BWM_Edit
WebAuth
WebAuth_General
WebAuth_General_ExceptionalServices
WebAuth_General_EditPolicy
WebAuth_AuthType
WebAuth_AuthType_EditProfile
WebAuth_CustomFile
WebAuth_SSO
SecurityPolicy_PolicyControl
SecurityPolicy_PolicyControl_Edit
SecurityPolicy_ADP_General
SecurityPolicy_ADP_Profile
SecurityPolicy_ADP_Profile_EditTA
SecurityPolicy_ADP_Profile_EditPA
SecurityPolicy_ADP_Profile_WhiteList
SecurityPolicy_ADP_Profile_WhiteList_Add
SecurityPolicy_SessionControl
SecurityPolicy_SessionControl_Edit
SecurityService_CF_Profile
SecurityService_CF_Profile_EditCategoryService
SecurityService_CF_Profile_EditCustomService
SecurityService_CF_Trusted
SecurityService_CF_Forbidden
SecurityService_CF_DNSContentFilter_General
SecurityService_CF_DNSContentFilter_General_Add
SecurityService_CF_DNSContentFilter_WhiteList
SecurityService_CF_DNSContentFilter_BlackList
AS_Profile
SecurityService_AntiSpam_Profile_Add
SecurityService_AntiSpam_MailScan
SecurityService_AntiSpam_BlockAllowList_BlockList
SecurityService_AntiSpam_BlockAllowList_BlockList_Add
SecurityService_AntiSpam_BlockAllowList_AllowList_Add
SecurityService_AntiSpam_BlockAllowList_AllowList
SecurityService_AntiSpam_DNSBL
AstraCloudSecurity
Object_Zone
Object_Zone_Edit
Object_UserGroup_User
Object_UserGroup_User_Edit_General
Object_UserGroup_User_Edit_2FA
Object_UserGroup_Group
Object_UserGroup_Group_Edit
Object_UserGroup_Setting
Object_UserGroup_Default Edit
Object_UserGroup_MACaddress
Object_UserGroup_MACaddress_Edit
Object_Address_Address
Object_Address_Address_IPv4Edit
Object_Address_Address_IPv6Edit
Object_Address_Group
Object_Address_Group_IPv4v6Edit
Object_Address_GeoIP
Object_Address_GeoIP_Custom
Object_Service
Object_Service_Edit
Object_Service_Group
Object_Service_Group_Edit
Object_Schedule
Object_Schedule_Edit1Time
Object_Schedule_EditRecurring
Object_Schedule_Group
Object_Schedule_Group_Edit
Object_AAAServer_ADnLDAP
Object_AAAServer_ADnLDAP_Add
Object_AAAServer_RADIUS
Object_AAAServer_RADIUS_Add
Object_AuthMethod
Object_AuthMethod_Edit
Object_AuthMethod_2FactorAuthentication
Two-Factor Authentication
Object_AuthMethod_2FactorAuthentication_adminaccess
Object_Certificate_My
Object_Certificate_My_Add
Object_Certificate_My_Edit
Object_Certificate_My_Import
Object_Certificate_Trusted
Object_Certificate_Trusted_Edit
Object_Certificate_Trusted_Import
Object_ISPAccount
Object_ISPAccount_Edit
Object_DHCPv6_Lease_Edit
CloudCNM_SecuManager
CloudCNM_SecuReporter
MgmtAnalytics_Nebula_CloudMonitoringMode
MgmtAnalytics_Nebula
System_HostName
System_USB
System_DateTime
System_ConsoleSpeed
System_DNS
System_DNSptrRecord
System_CNAMERecord
System_DNSforwarder
System_DNSmxRecord
System_DNSsecurityOptionControl
System_DNSsecurityOptionControl_Edit
System_DNSServiceControl_Add
System_WWW_ServiceControl
System_WWW_LoginPage
System_SSH
System_SSHserviceCntrlEdit
System_Telnet
System_TelnetserviceCntrlEdit
System_FTP
System_FTPserviceCntrlEdit
System_SNMP
System_SNMP_AddSNMPv3
System_SNMPserviceCntrlEdit
System_AuthServer
System_AuthServer_Edit
System_Notification_MailServer
System_Notification_SMS
System_Notification_ResponseMessage
System_Language
System_IPv6
System_ZON
System_Advanced
LogReport_EmailDailyreport
LogReport_LogSetting
LogReport_SystemLog
LogReport_USB
LogReport_RemoteServer
LogReport_ActiveLog
FileManager_ConfigFile
FileManager_ConfigFile_ScheduleBackup
FileManager_FirmwareManagement
FileManager_ShellScript
Diagnostics_Diagnostics
Diagnostics_Controller
Diagnostics_Files
Diagnostics_PacketCapture_Capture
Diagnostics_PacketCapture_Files
Diagnostics_CPUMemory
Diagnostics_SystemLog
Diagnostics_NetworkTool
Diagnostics_RoutingTraces
Diagnostics_WirelessFrameCapture
Diagnostics_WirelessFrameCapture_Files
PacketFlowExplore_RoutingStatus
PacketFlowExplore_SNAT
Shutdown