ZyXEL Communications USG 2000 User Manual

Chapter 6 Configuration Basics

ZyWALL USG 2000 User’s Guide

Example: Suppose you have a SIP proxy server connected to the DMZ zone for 
VoIP calls. You could configure a firewall rule to allow VoIP sessions from the SIP 
proxy server on DMZ to the LAN so VoIP users on the LAN can receive calls.

Create a VoIP service object for UDP port 5060 traffic (Configuration > Object > 
Service). 

Create an address object for the VoIP server (Configuration > Object > 
Address). 

Click Configuration > Firewall to go to the firewall configuration. 

Select from the DMZ zone to the LAN1 zone, and add a firewall rule using the 
items you have configured.

• You don’t need to specify the schedule or the user. 
• In  the  Source field, select the address object of the VoIP server.
• You don’t need to specify the destination address. 
• Leave the Access field set to Allow and the Log field set to No. 

Note: The ZyWALL checks the firewall rules in order. Make sure each rule is in the 

correct place in the sequence.

Use IPSec VPN to provide secure communication between two sites over the 
Internet or any insecure network that uses TCP/IP for communication. The 
ZyWALL also offers hub-and-spoke VPN. 

Example: See 

Use SSL VPN to give remote users secure network access.  

Configuration > VPN > IPSec VPN; you can also use the Quick 
Setup VPN Setup wizard.

Interfaces, certificates (authentication), authentication methods 
(extended authentication), addresses (local network, remote network, 
NAT), to-ZyWALL firewall, firewall

Policy routes, zones, L2TP VPN

Interfaces, SSL application, users, user groups, addresses (network 
list, IP pool for assigning to clients, DNS and WINS server addresses), 
to-ZyWALL firewall, firewall