ZyXEL Communications ZyWALL 1000 User Manual

 Chapter 5 Configuration Basics

ZyWALL USG 1000 User’s Guide

Zones cannot overlap. Each interface and VPN tunnel can be assigned to at most one zone. 
Virtual interfaces are automatically assigned to the same zone as the interface on which they 
run. 
When you create a zone, the ZyWALL does not create any firewall rules, assign an IDP 
profile, or configure remote management for the new zone. 

Example: For example, to create the DMZ-2 zone and add ge5 as in the network topology 
example, click Network > Zone and then the Add icon. 

Use device HA to create redundant backup gateways. The ZyWALL runs VRRP v2. You can 
only set up device HA with other ZyWALLs of the same model running the same firmware 
version. 

Example: See 

.

Dynamic DNS maps a domain name to a dynamic IP address. The ZyWALL helps maintain 
this mapping. 

Use policy routes to control the routing of packets through the ZyWALL’s interfaces, trunks, 
and VPN connections. You also use policy routes for bandwidth management (out of the 
ZyWALL), port triggering, and general NAT on the source address. You have to set up the 
criteria, next-hops, and NAT settings in other screens first.

Example: You have an FTP server connected to ge 4 (in the DMZ zone). You want to limit 
the amount of FTP traffic that goes out from the FTP server through your WAN connection. 

1 Create an address object for the FTP server (Object > Address). 

Interfaces, IPSec VPN, SSL VPN

Firewall, IDP, remote management, anti-virus, ADP, application patrol

Interfaces (with a static IP address), to-ZyWALL firewall

Interfaces

Criteria: users, user groups, interfaces (incoming), IPSec VPN (incoming), 

addresses (source, destination), address groups (source, destination), 

schedules, services, service groups
Next-hop: addresses (HOST gateway), IPSec VPN, SSL VPN, trunks, interfaces
NAT: addresses (translated address), services and service groups (port 

triggering)