ZYXEL USG FLEX 700 ZyWALL USG FLEX Series Gateway User Guide
- June 13, 2024
- ZYXEL
Table of Contents
ZYXEL USG FLEX 700 ZyWALL USG FLEX Series Gateway
Product Information
The ZyWALL USG FLEX Series is a line of network security appliances designed
to provide advanced firewall and routing capabilities. The series offers
different models with varying features and configurations to meet the specific
needs of different users.
The default login details for accessing the device’s web configurator are as
follows:
| Login IP Address | User Name | Password |
|---|---|---|
| https://(IP assigned by NCC) or LAN https://192.168.1.1 | admin | 1234 |
The user manual version is 5.10 Edition 1, dated October 2021. Please note that not all products in the series may support all firmware features, and the screenshots and graphics in the manual may differ slightly from your specific product due to variations in product features or web configurator brand style.
Product Usage Instructions
Introduction
Chapter 1 provides an overview of the product and its features. It also
explains the differences in features between different models in the series.
Familiarize yourself with this chapter to understand the capabilities of your
specific device.
Overview
Section 1.1 provides a general overview of the product and its key
features. It is recommended to read this section to get a high-level
understanding of what the device can do.
On Premises Mode
Section 1.2 explains the On Premises mode, which is a deployment option for
the device. It describes how the device can be used in a local network
environment. If you plan to use the device in an on-premises setup, refer to
this section for configuration guidance.
Nebula Mode
Section 1.3 introduces the Nebula mode, which is another deployment option
for the device. It explains how the device can be managed and monitored
through the Nebula cloud management platform. If you intend to use the device
in Nebula mode, refer to this section for instructions on setting it up.
Initial Setup Wizard
Chapter 2 guides you through the initial setup process using the setup wizard. This chapter provides step-by-step instructions for configuring essential settings to get your device up and running.
Initial Setup Wizard: Select Management Mode
Section 2.1 covers the initial setup wizard and specifically focuses on
selecting the management mode for your device. It explains the available
options and helps you choose the appropriate mode based on your requirements.
Follow the instructions in this section to proceed with the initial
configuration.
Welcome Screen
Section 2.1.1 describes the welcome screen of the setup wizard. It provides
an overview of the setup process and prompts you to begin configuring the
device. Follow the instructions on this screen to proceed with the initial
setup.
Internet Access Setup – WAN Interface
Section 2.1.2 focuses on setting up internet access through the WAN
interface of your device. It guides you through the necessary steps to
configure the WAN settings and establish a connection to the internet. Refer
to this section for detailed instructions on configuring your internet access.
User’s Guide
ZyWALL USG FLEX
Series
Default Login Details
Login IP Address
User Name Password
https://(IP assigned by NCC) or
LAN https://192.168.1.1
admin
1234
Version 5.10 Edition 1, 10/2021
Copyright © 2021 Zyxel and/ or its affiliates. All rights reserved.
IMPO RTANT! READ C AREFULLY BEFO RE USE. KEEP THIS G UIDE FO R FUTURE REFERENC
E.
This is a User’s Guide for a series of products. Not all products support all
firmware features. Screenshots and graphics in this book may differ slightly
from your product due to differences in product features or web configurator
brand style. Every effort has been made to ensure that the information in this
manual is accurate. Note: The version number on the cover page refers to the
Zyxel Device’s latest firmware
version to which this User’s Guide applies. Re la te d Do c um e nta tio n ·
Quick Start Guide
The Quick Start Guide shows how to connect the Zyxel Device and access the Web
Configurator wizards. (See the wizard real time help for information on
configuring each screen.) It also contains a connection diagram and package
contents list. · CLI Reference Guide The CLI Reference Guide explains how to
use the Command-Line Interface (CLI) to configure the Zyxel Device. Note: It
is recommended you use the Web Configurator to configure the Zyxel Device. ·
Web Configurator Online Help Click the help icon in any screen for help in
configuring that screen and supplementary information. · More Information Go
to suppo rt.zyxe l.c o m to find other information on Zyxel Device.
USG FLEX Series User’s Guide
2
Do c um e nt C o nve ntio ns
Wa rning s a nd No te s
These are how warnings and notes are shown in this guide.
Wa rning s te ll yo u a b o ut thing s tha t c o uld ha rm yo u o r yo ur de
vic e .
Note: Notes tell you other important information (for example, other things
you may need to configure or helpful tips) or recommendations.
Synta x C o nve ntio ns
· All models in this series may be referred to as the “Zyxel Device” in this
guide.
· Product labels, screen names, field labels and field choices are all in bo
ld font.
· A right angle bracket ( > ) within a screen name denotes a mouse click. For
example, C o nfig ura tio n > Ne two rk > Inte rfa c e > Ethe rne t means you
first click C o nfig ura tio n in the navigation panel, then Ne two rk, then
the Inte rfa c e sub menu and finally the Ethe rne t tab to get to that
screen.
Ic o ns Use d in Fig ure s
Figures in this user guide may use the following generic icons. The Zyxel
Device icon is not an exact representation of your device.
Zyxel Device
Generic Router
Wireless Router / Access Point
Switch Internet
Firewall
Server
Network Cloud
Smartphone
USB Dongle
USG FLEX Series User’s Guide
PA RT I
Use r’s G uide
27
C HA PTER 1 Intro duc tio n
1.1 O ve rvie w
Zyxel Device refers to these models as outlined below.
· USG FLEX 100 · USG FLEX 100W · USG FLEX 200 · USG FLEX 500 · USG FLEX 700
1.1.1 Mo de l Fe a ture Diffe re nc e s
Note the following differences between the USG FLEX models:
Table 1 USG FLEX Model Feature Comparison
FEATURE/ MO DEL
USG FLEX 100
USG FLEX 100W
Microsoft Azure
YES
YES
Amazon VPC
CLI only
CLI only
Anomaly Detection & Prevention YES
YES
Email Security (Anti-Spam)
YES
YES
IPS (IDP)
YES
YES
Anti-Malware
YES
YES
App Patrol
YES
YES
Web Filtering (Content Filtering) YES
YES
SecuReporter
YES
YES
Reputation Filter (IP and DNS)
NO
NO
YES
YES
Sandboxing
NO
NO
IP Exception
YES
YES
AP Controller
YES
YES
Device HA Pro
NO
NO
Hotspot Management
NO
NO
LAG
NO
NO
Port Group
YES
YES
Port Role
YES
YES
SD-WAN Mode
NO
NO
USG FLEX 200 YES CLI only YES YES YES YES YES YES YES NO YES NO YES YES NO YES NO YES YES NO
USG FLEX 500 YES CLI only YES YES YES YES YES YES YES NO YES NO YES YES YES YES YES YES YES NO
USG FLEX 700 YES CLI only YES YES YES YES YES YES YES NO YES NO YES YES YES YES YES YES YES NO
USG FLEX Series User’s Guide
28
Chapter 1 Introduction
Table 1 USG FLEX Model Feature Comparison (continued)
FEATURE/ MO DEL
USG FLEX 100
USG FLEX 100W
SSL Application
YES
YES
SSL encrypted traffic inspection YES
YES
Bundled UTM Feature License Validity Virtual Server Load Balancing
1 year YES
1 year YES
USG FLEX 200 YES YES 1 year
YES
USG FLEX 500 YES YES 1 year
YES
USG FLEX 700 YES YES 1 year
YES
Built-in WiFi
NO
YES
NO
NO
NO
Management by Nebula Control YES
YES
Center (NCC)
YES
YES
YES
· Not all models support all features. See Table 1 on page 28 for the specific features that your model supports.
Table 2 Security Feature List
· Application Security (Application Patrol)
· Intrusion Prevention System (IPS)
· Anomaly Detection & Prevention (ADP)
· Web Filtering (Content Filtering)
· Malware Blocker (Anti-Virus)
· Email Security (Anti-Spam)
· Secure Socket Layer (SSL) encrypted traffic Inspection
The following security features work without a security license:
· Configuration > Content Filter > Trusted Web Sites · Configuration > IPS >
Custom Signatures · Configuration > Anti-Virus > Black/White List ·
Configuration > Anti-Spam/Email Security > Block/Allow List
For information on interface names by model, default port or interface name
mapping, and default interface or zone mapping please see Section 3.3 on page
99.
See the product’s datasheet for detailed information on a specific model.
1.2 O n Pre m ise s Mo de
When you log into the Web Configurator for the first time or when you reset
the Zyxel Device to its default configuration, the Initia l Se tup Wiza rd
screen displays. Choose O n Pre m ise s Mo de to manage your Zyxel Device
directly using either the browser-based Web Configurator or the Command Line
Interface (CLI).
USG FLEX Series User’s Guide
29
Chapter 1 Introduction Fig ure 1 On Premises Mode
Follow the wizard to configure the Zyxel Device network settings to manage
your Zyxel Device directly. Note that once you complete the device
registration step and register your Zyxel Device at portal.myzyxel.com, you
cannot change to Ne bula Mo de unless you reset the Zyxel Device.
1.3 Ne b ula Mo de
When you log into the Web Configurator for the first time or when you reset
the Zyxel Device to its default configuration, the Initia l Se tup Wiza rd
screen displays. Choose Ne b ula Mo de to manage your Zyxel Device remotely
using Nebula Control Center (NCC). Select this mode if you want to configure
and monitor one or more Zyxel Devices through the cloud. Fig ure 2 Nebula Mode
USG FLEX Series User’s Guide
30
Chapter 1 Introduction
Follow the wizard to configure the Zyxel Device network settings to connect to
NCC. Note that once you complete th WAN configuration step, you cannot change
to O n Pre m ise s Mo de unless you reset the Zyxel Device.
Nebula Control Center (NCC) is an Internet portal that allows you to configure
and monitor groups of Zyxel Devices in organizations. You cannot manage a
Zyxel Device directly through the Web Configurator or Command Line Interface
(CLI) when NCC is managing the Zyxel Device. See Table 1 on page 28 to see
which Zyxel Devices can be managed by NCC.
Follow this procedure to have NCC manage your Zyxel Device.
1.3.1 NC C Po rta l
You should already have created an account at myZyxel.com. Follow these steps
at the NCC portal.
1 Log into Nebula (http s://ne b ula .zyxe l.c o m) with your myZyxel account.
If you do not have a myZyxel account, you will be redirected to another screen
to create one.
2 After you log in, click G o under Nebula Control Center and then Le t’s Sta
rt to run the Nebula setup wizard. Create an organization and a site or select
an existing site.
3 Add the Zyxel Device to this site by entering its MAC address and serial
number. You’ll find the MAC address and serial number of the Zyxel Device on
its label or scan the QR code using the Nebula app.
4 Configure the WAN interface that the Zyxel Device will use to connect to
Nebula through the Internet. 5 If you’re given a choice, select Na tive Mo de
. If you cannot select Na tive Mo de , configure the email
address of the person who will configure the Zyxel Device for management by
Nebula. An email will be sent to this person containing an activation link
that allows automatic management of the Zyxel Device by Nebula (Zero Touch
Provisioning (ZTP)).
1.3.2 Yo ur Zyxe l De vic e
The person who will configure the Zyxel Device for management by Nebula should
follow this procedure.
1 Use an Ethernet cable to connect the WAN port of the Zyxel Device (P1 or P2)
to the Ethernet port of a device that will provide Internet access.
2 Use another Ethernet cable to connect the LAN port of the Zyxel Device (P3
or P4) to your computer. Make sure your computer can receive an IP address
automatically. This is the default for all computers, so the computer should
be fine unless you changed it.
3 Connect the power port to an appropriate power source and turn on the Zyxel
Device. Wait for the SYS LED to turn solid green.
4 Back up your current configuration before passing management to Nebula. Log
into the web configurator, and go to Ma inte na nc e > File Ma na g e r > C o
nfig ura tio n File . Select sta rtup- c o nfig .c o nf, then click Do wnlo a
d.
USG FLEX Series User’s Guide
31
Chapter 1 Introduction
5 If you cannot select Na tive Mo de , reset the Zyxel Device to the factory
defaults. Push the Re se t button until the port connection LEDs turn off
(after about 5 seconds). Your Zyxel Device will reboot to the factory defaults
and all previous configurations will be erased. Skip this step if you did not
configure your Zyxel Device before (including just logging in and changing the
default password.). You must reset the Zyxel Device if it does not have the
factory default configuration.
1.3.3 Yo ur Em a il Ac c o unt fo r ZTP
If you cannot select Na tive Mo de in the Nebula setup wizard, do the
following after the Zyxel Device is on: 1 Check your mailbox for an email from
Nebula. You may need to check your spam folder 2 Follow the instructions in
the email if you did not complete the instructions above. Look for an
activation link in the email. Click the activation link or copy the link to
your web browser. You will see a screen saying that Nebula registration is in
process. Please wait. 3 When you see a screen saying Nebula registration has
succeeded, management of your Zyxel Device has passed to Nebula Control
Center. The Nebula administrator can now configure and manage your device.
1.4 C ha ng e the Mo de
Follow the steps below to change your Zyxel Device from O n Pre m ise s Mo de
to Ne b ula Mo de or from Ne b ula Mo de to O n Pre m ise s Mo de .
1.4.1 Fro m Ne b ula Mo de to O n Pre m ise s Mo de
Follow this procedure if you want to manage the Zyxel Device directly. 1 Log
into Nebula (http s://ne b ula .zyxe l.c o m) with your myZyxel account. 2 Go
to O rg a niza tio n- wide > C o nfig ura tio n > Inve nto ry.
USG FLEX Series User’s Guide
32
Chapter 1 Introduction 3 Select the Zyxel Device you want to remove from
Nebula. 4 Click Re m o ve . 5 Nebula will automatically reset your Zyxel
Device. The Zyxel Device will reboot to the factory defaults. All
Nebula configurations for the Zyxel Device will be erased. 6 Log into the
Zyxel Device. Run the wizard and choose O n Pre m ise s Mo de .
7 To restore your previous configuration, log into the web configurator, and
go to Ma inte na nc e > File Ma na g e r > C o nfig ura tio n File .
8 Under Uplo a d C o nfig ura tio n File , click Bro wse , select the sta
rtup- c o nfig .c o nf on your computer that you backed up previously and
click Uplo a d. The Zyxel Device will then return to the previous settings.
1.4.2 Fro m O n Pre m ise s Mo de to Ne b ula Mo de
1 Back up your current configuration in Ma inte na nc e > File Ma na g e r > C
o nfig ura tio n File . 2 Reset the Zyxel Device to the factory default by
pushing the Re se t button until the port connection LEDs
turn off (after about 5 seconds). Your Zyxel Device will reboot to the factory
defaults. 3 Log into the Zyxel Device. Run the wizard and choose Ne b ula Mo
de .
USG FLEX Series User’s Guide
33
Chapter 1 Introduction
4 If you have a choice of Na tive Mo de or ZTP, select Na tive Mo de .
1.5 Re g istra tio n a t m yZyxe l
myZyxel is Zyxel’s online services center where you can register your Zyxel
Device and manage subscription services available for your Zyxel Device (see C
o nfig ura tio n > Lic e nsing > Re g istra tio n > Se rvic e for services
available for your Zyxel Device). · For Zyxel Devices that already have
firmware version 4.25 or later, you have to register your Zyxel
Device and activate the corresponding service at myZyxel (through your Zyxel
Device). · For Zyxel Devices upgrading to firmware version 4.25 or later, you
may skip registering your Zyxel
Device and activating the corresponding service at myZyxel (through your Zyxel
Device). However, it is highly recommended to at least register your Zyxel
Device. At the time of writing, the Firmware Upgrade license providing Cloud
Helper new firmware notifications, is free when you register your Zyxel
Device. Note: You need to create a myZyxel account at http ://p o rta l.myZyxe
l.c o m before you can
register your device and activate the services at myZyxel. You may need your
Zyxel Device’s serial number and LAN MAC address to register it at myZyxel.
See the label at the back of the Zyxel Device’s for details.
USG FLEX Series User’s Guide
34
Fig ure 3 myZyxel Login
Chapter 1 Introduction
1.5.1 G ra c e Pe rio d
SecuReporter and service licenses have a 15-day grace period after a license
expires. Services will continue to work in this period during which you will
receive notifications to renew your licenses. New licenses are valid for 1
year from the date of purchase.
1.5.2 Applic a tio ns
These are some Zyxel Device application scenarios.
Se c urity Ro ute r
Security includes a Stateful Packet Inspection (SPI) firewall. Fig ure 4
Applications: Security Router Applications: Security Router
USG FLEX Series User’s Guide
35
Chapter 1 Introduction
IPv6 Ro uting
The Zyxel Device supports IPv6 Ethernet, PPP, VLAN, and bridge routing. You ma