Equipment Support > Hardware By Brand > ZyXEL > USG 50 series

USG 50 series

Configuration Selection on Main Menu (Left hand side).
Select NETWORK and sub-selection NAT.

You need to add what is called a VIRTUAL Server on the port mapping type. YOu may need to define some objects first. Word of advice dont use Loopback it has locked some stuff up for me......... might be my issue LOL"

Dont forget you will need to make corresponding firewall changes WAN to LAN

Thanks. Create an object based Host Address. Create a Virtual Server under NAT. Assign to an interface wan1. Create Service Group object for ports 10000-20000udp. Mapped IP, the machine the packets are forwarded to. Orignal Port= service group previously created. Mapped Port=Service group created.

Firewall rule to permit service group created from wan1--->lan

Does this sound correct?

Except for the 'assign an interface' part.

- Create an address / host object representing your server
- Use an existing Service Object or create a new one. If you need to you can group them
- Configuration -> Network -> NAT. Create a virtual Server using those host/service objects
- create a firewall rule foe the service to allow the traffic in.

That should be all there is to it.

- Create an address / host object representing your server

I am not sure I understand this?

In Configuration:

Object -> Address
Add
Name: Some name representing the object in your USG
Address Type: Host
IP: IP Address of your host on your LAN

If you're using a common service (FTP, HTTP, VPN, etc) then you can use one of the pre-defined services under:
Object->Service (still under Configuration here).

You can create an Service Group (I did for VPN since it required several Services - just a neater way to keep them together).

If you're doing some home-grown deal or need a range of ports then create your own service object and give it a name.

You then reference these objects elsewhere (as in the Network->NAT menu and the Firewall menu) so you have one reference for the IP and ports (in case you need to change them later) instead of many (which would be a pain if you decided to change the IP/Ports later). You also don't need to remember the IP/ports with this method as you only need to remember the names such as SomeServer and MyNeededPorts.

Got it. My "Virtual Server" (Object) sets on Port p5 where as the zone is labeled DMZ.

For the firewall rule it would be allow "service group, service, port, etc.) wan1 ---> Zywal or DMZ? The default configuration is allow any from wan1---->DMZ.

This covention is quite a bit different than my ole 35.

I couldn't get this to work. To make things simple, this series ALG doesn't play well with a Vonage PAP2 adapter interface. It periodically does not allow incoming calls. They had recommend forwarding the following ports. 5060-5061 TCP/UDP 69 UDP, 53 UDP, and 10000-20000UDP. I can't find a way to forward all those different ports to a static address. The menu does not allow service groups, so that option did not work.

I created a virtual server called "pap2", I created an object address Host (IP address of the adapter). From this point I am confused. Interface is Wan1, Original IP is pap2, Mapped IP is pap2.

The Zywall 35 had no problem just plug and play, what is so different about this series. It's beginning to be a PITA.

So the router is forwarding packets to the vonage device correct.

Your rule looks okay. Yes the port forwarding is a biotch for groupings, the firewall rule men does not have this limitation and allows it.

I am afraid you will have to create an object for each one and have individual port forwarding (virtual server rules).

Also stupidly one cannot put in both protocols for a port or range of ports you have to create two rules if you want both UDP and TCP.

As for the firewall rule. Wan1 to DMZ sounds right.
Destination is to the same object you used in port forwarding (pap2).

User-any, Source - any unless you had a specific IP that was accessing all the time (known static or range of static web Ips) any should be fine though.

Service,,, here is where you can group all you individual objects into one group object and then assign it in your firewall rule.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment

reply to Infoman1

reply to Infoman1

While not Vonage, I, too, have a VoIP phone working behind the USG with no port forwarding.

I figured out the port forwarding thing. Works!

I did have it configured orginally enabling ALG as I did with the 35.
It works. However after a period of time it will miss incoming calls.
So it's my assumption something is timing out. It also keeps a hearbeat alive on UDP 10000. Is there a timeout command somewhere?