How to configure Zyxel USG 20 to monitor / report on websites visited

Posted on 2012-08-13
Last Modified: 2012-10-24
A customer needed to get reports on specifically which workstations were visiting which websites and when. In the past I have used client-side software to do this but this is an unsatisfactory and messy solution and is not really practical with workstations on a network.

After a bit of digging it appeared that the Zyxel USG 20 would provide this feature. And I proceeded to configure the following. . I was not interested in any of the port forwarding or more sophisticated VPN functions – I simply want it to sit between the internet and the local network and then provide me with reports on who visits what websites. Amongst all the example configuration scenarios in the documentation I could find nothing that related to what I needed to do. I therefore proceeded to configure it as I have firewalls in the past - I had the main router which provides the internet connection plugged into the WAN port on the back of the Zyxel USG 20. There is then a network cable going from P2 (the first LAN port) on the back of the Zyxel into the main network switch. I could not see how to configure the USG 20 as a DHCP server so I left the internet router as the DHCP server – however the only way I could get the workstation to connect to the internet was to assign the IP details manually (using the USG 20’s static IP address as both the default gateway and primary DNS server).

Next step was to test content filtering. I created a zxyel account and enabled the bluecoat content filtering service. As my main objective was to simply log visited websites (rather than block them) I created the most general filter rule possible which incorporated all categories of website and those which were uncategorised. I configured it to pass all and ticked the option to log. My assumption was that this would then allow the workstation to browse the web normally but would log websites visited. However after browsing the internet for a while I found that when I logged into the bluecoat account no websites were logged under any category. Furthermore on the USG 20’s main dashboard under the summary of statistics (websites passed and blocked etc) it shows zero for everything. As a final test I configured the USG to block everything however the workstation was unaffected and could browse everything as normal.

1) I am not sure at this stage whether or not I have made a mistake opting for the Zyxel USG 20. However now the hardware is paid for and in place I really do need to find a way to make it work. Could anyone please advise how I should configure the router / USG 20 / workstations to enable the bluecoat content filter to function correctly?

2) This is a scenario that I can see popping up increasingly - for future reference could anyone recommend a better solution than the one I am attempting to use here?

Many thanks in advance.
Question by:VogueSoftware
    LVL 1

    Accepted Solution

    First of all go to configuration>Network and edit your LAN 1 interface to turn on DHCP service.
    Next create a filter profile in content filter
    Then add a content filter police that and place your profile set above in it.
    Finally download vantage reports to a PC on your network and program the USG20 to dump content filter reports to the IP address of your PC.
    You did not make a mistake on your purchase.  Everything is there that you need.

    Author Closing Comment

    Sorry meant to report back on this - that is exactly how I have it setup but was waiting to see if there was a better way. One thing to bear in mind is that you need to enable reverse dns under configuration otherwise you will just get IP addresses rather than web addresses reported.

    Many thanks.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
    Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    This video discusses moving either the default database or any database to a new volume.

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now