manualshive.com logo in svg

Yamaha FWX120, Operation Manual

The Yamaha FWX120 Operation Manual is your go-to resource for understanding and maximizing the features of this impressive product. Offering a free download, this comprehensive manual provides step-by-step instructions and valuable insights to help you make the most of your Yamaha FWX120. Get your manual now at manualshive.com.

Share
Download
background image

80  

  FWX120 Operation Manual

4

Enhancing security

Passing only necessary packets 

through a dynamic filter (policy filter)

A combination of conditions and actions expressed in a manner similar to the way humans think is 
called a policy. An example of the policy could be “discarding TELNET traffic that goes from LAN2 
to LAN1”. A policy filter enables you to easily achieve stateful inspection filtering.

Preliminary policy set

Condition: TELNET communi-
cation from LAN2 to LAN1
Action: discard

Condition: TELNET communi-
cation from LAN2 to LAN1
Action: discard

Condition: TELNET communi-
cation from LAN2 to LAN1
Action: discard

Condition: TELNET communi-
cation from LAN2 to LAN1
Action: discard

Minimum policy set

Condition: TELNET communi-
cation from LAN2 to LAN1
Action: discard

Condition: TELNET communi-
cation from LAN2 to LAN1
Action: discard

Condition: TELNET communi-
cation from LAN2 to LAN1
Action: discard

Condition: TELNET communi-
cation from LAN2 to LAN1
Action: discard

UP LINK

1

3

4

2

LAN

Provider

Policy set for emergency

Condition: TELNET communi-
cation from LAN2 to LAN1
Action: discard

Condition: TELNET communi-
cation from LAN2 to LAN1
Action: discard

Condition: TELNET communi-
cation from LAN2 to LAN1
Action: discard

Condition: TELNET communi-
cation from LAN2 to LAN1
Action: discard

Policy set for normal operation

Condition: TELNET communi-
cation from LAN2 to LAN1
Action: discard

Condition: TELNET communi-
cation from LAN2 to LAN1
Action: discard

Condition: TELNET communi-
cation from LAN2 to LAN1
Action: discard

Condition: TELNET communi-
cation from LAN2 to LAN1
Action: discard

Internet

DOWNLOAD

POWER

STATUS

LAN 1

LAN 2

microSD

USB

LAN2

4

3

2

1

ON

STANDB

Y

CONSO

LE

LAN1

•  Specify a receiving or transmission interface, a source or destination IP address, and a service to 

allow traffic to pass through or to be discarded on a connection basis, not a packet basis.

•  The filter is applied as necessary while the communication status is being monitored. You can set 

a filter considering the state of a session. For example, “All the data from the Internet to the LAN 

is usually discarded, and return packets can pass through only when an ftp connection is initiated 

from the LAN”.

•  Up to three sets of policy lists (policy sets) can be created. You can first create one policy set for 

use in normal operation and another for emergency situations that can allow only minimum required 

connections. These policy sets are useful in cases when you want to change policies quickly enough 
to suit your situati

o

n.

Tip

• 

You can also create a group of interfaces, addresses, and services to which you want to apply the same 
policy  (page  85).  For  example,  you  can  create  a  “WAN”  group  and  add  “LAN2,  PP1,  and  TUNNEL1” 
interfaces to that group. Specifying this “WAN” group as an interface on creation of a policy filter can save 
time and effort to create the policy filter for each of LAN2, PP1, and TUNNEL1 interfaces.

•  Basically, a service conceptually refers to an application, which includes TELNET, SMTP, POP, FTP, and 

WWW. In addition, you can specify a protocol and port to define a given service (user definition service). 
This service is available in policy filters that you create (page 87).

•  Another applicable access management example can be: You apply a policy filter to a group of IP addresses 

for  registered  terminals  (page  91).  You  can  then  allow  only  part  of  the  registered  terminals  to  access 
specific networks (such as an internal network with a higher security level).

Summary of Contents for FWX120

Page 1: ... you very much for purchasing Yamaha FWX120 Please carefully read this manual before use to ensure appropriate installation and configuration Please be sure to follow all the warnings and precautions provided in this manual to ensure appropriate and safe use Please retain this manual in a safe place for future reference EN ...

Page 2: ...se also ensure to refer to all the other instruction manuals This manual only contains information on using basic functions Please refer to the following manuals Help content according to the necessity Command reference included in the attached CD ROM Provides information on detailed configurations available through console commands Help on the Basic configuration page Provides detailed explanatio...

Page 3: ...history of unauthorized access detection 89 Allowing communication from registered terminals only DHCP authentication 91 Configuring the DHCP server 92 Registering all terminals to which IP addresses are assigned by the DHCP server function 92 Registering terminals one by one 93 Specifying how unregistered terminals are handled 93 Please read this first 2 Particular usage in this manual 6 Importan...

Page 4: ...hin the LAN 129 Using the netvolante DNS service 131 Publishing a server 133 Using mail notification 135 Using in the IPv6 environment 137 Changing the operation settings of UPnP function 139 Controlling Yamaha switches 141 Chapter 7 Operating and managing the product Changing the product settings 142 Types of configuration methods available 142 Configuring setting with console commands 143 Using ...

Page 5: ... be established 173 Q5 The DOWNLOAD button does not function 177 Q6 Unable to use USB device 178 Q7 Other problems 180 Communication charges of the USB data communication terminal are abnormal 181 Initializing the product settings 185 If you have forgotten the password 187 Chapter 9 Annex Changing the IP addresses of PCs 188 Instructions on transferring disposing of the product 190 License terms a...

Page 6: ...led knowledge of the Internet and networks may be required to fully utilize this product The attached manual does not describe any such information and hence you will need to refer to a commercially available guidebook or other appropriate materials for more details No part of this manual may be copied or used in any form without prior permission from Yamaha The description in this manual is the l...

Page 7: ...re to check the communication record and verify whether any unintended communications havetakenplace Inaddition westronglyrecommend that you periodically visit the Yamaha Network Devices website http www yamaha com products en network to obtain the latest information on the configurations and revisions of the product Unexpected communication charges may occur when you Start using the product Chang...

Page 8: ...o use the SOFTWARE only for purposes of running it on the PRODUCT This AGREEMENT applies to the SOFTWARE which YAMAHA provides you and the installed copy thereof subject to the provision of 1 1 herein into the PRODUCT or personal computer owned by you 1 GRANT OF LICENSE 1 1 YAMAHA grants you a personal non exclusive license to install the SOFTWARE and use the SOFTWARE on the PRODUCT or other devic...

Page 9: ...r until terminated in accordance with the provision of 6 2 or 6 3 herein 6 2 You may terminate this AGREEMENT by deleting the SOFTWARE installed into the PRODUCT 6 3 This AGREEMENT will also terminate if you fail to comply with any of the terms and conditions of this AGREEMENT 6 4 In case this AGREEMENT is terminated in accordance with the provision 6 3 you shall promptly delete the SOFTWARE 6 5 N...

Page 10: ...onnection by pressing and holding down the USB button for two seconds NOTE Do not connect a USB device other than a USB memory stick and a USB data communication terminal Failure to observe this could damage the product Ventilator This is a hole to release the internal heat Front panel Top panel DOWNLOAD POWER STATUS LAN 1 LAN 2 microSD USB a DOWNLOAD button If the product was set to permit firmwa...

Page 11: ...abled Data is flowing through the LAN1 LAN1 is disabled LAN2 lamp LAN2 is enabled Data is flowing through the LAN2 LAN2 is disabled microSD lamp A microSD card is inserted into the microSD slot but the product is not accessing it The product is accessing the microSD card No microSD card has been inserted into the microSD slot or the microSD card inserted into the slot can be taken out USB lamp A U...

Page 12: ... 1000BASE T according to the speed of the connection e LAN2 port If the product is connected to the existing network as a firewall connect it to a router or hub with a LAN cable If the product is connected to a WAN line connect it to a cable modem ADSL modem or ONU with a LAN cable You can find the LINK DATA lamp left and the SPEED lamp right below the LAN2 port The lamp works just like the lamps ...

Page 13: ...tting the password of the product Page 19 Preparation 4 Setting the date and time Page 24 Preparation 5 Configuring the transparent mode firewall Page 26 Connecting to an existing network as a transparent mode firewall Flow of preparation steps You must make preparations in the following order to use the product as a transparent mode firewall Chapter 2 Connecting to an existing network as a transp...

Page 14: ...SE T Information regarding the network to which the product is connected Predetermine the IP address to be assigned to the LAN side of the product NOTE To connect the product to a network that uses a DHCP server you need to disable the DHCP server function of the product To do this refer to page 28 Cautions when installing the product Please carefully read and observe the Safety precautions of the...

Page 15: ...LE LAN 1 1 2 3 LAN 2 CONSOLE STANDBY ON SPEED LINK DATA 4 LAN 1 UP LINK 1 3 4 2 1 Connect the LAN port of your PC to one of the LAN1 ports of the product with a LAN cable 2 Connect the LAN port of the router or hub to the LAN2 port of the product with a LAN cable FWX120 Operation Manual 15 2 Connecting to an existing network as a transparent mode firewall ...

Page 16: ...2 lamps on the front panel light up or flash the product is correctly connected to your PC or hub If the LAN1 lamp does not light up or flash Check that the LAN cable is correctly connected and your PC or hub is powered on The LAN1 lamp does not light up or flash unless all the PCs and hubs that are connected to the product are powered on If the LAN2 lamp does not light up or flash Check that the ...

Page 17: ...ens as examples For other environments you have slightly different screen displays though operations stay the same Tip If you enter commands in a console window using Telnet software you can configure settings in more detail compared to doing them in the Basic configuration page console commands For details on connecting to the product using Telnet software please refer to page 144 For information...

Page 18: ...guration page appears NOTE Enter the user name and password if you have set them If the top page of the Basic configuration page does not appear Refer to Setting failed with the Basic configuration page page 169 Understanding the Basic configuration page Indicates the current screen name Shows Help screen Configure the settings as needed Accept your entries and save them in the product Return to t...

Page 19: ...s Once a password is set anyone trying to access the product must enter it which makes it difficult for third parties to modify the configurations of the product It is recommended that you follow the steps on page 20 to set or change the password to prevent security issues FWX120 Operation Manual 19 2 Connecting to an existing network as a transparent mode firewall ...

Page 20: ...5 Click 3 Fill in 4 Fill in 1 Click 2 Click 20 FWX120 Operation Manual Connecting to an existing network as a transparent mode firewall 2 ...

Page 21: ...tered is represented by a black dot 4 Retype the password you entered in Step 3 5 Click Submit A confirmation screen appears 6 Click Submit The password you have set takes effect 7 Click Return to top The screen to enter a User name and Password appears 8 Type the password you entered in Step 3 in Password and then click OK The top page of the Basic configuration page reappears Set the login passw...

Page 22: ...9 Click 13 Fill in 14 Click 11 Click 10 Click 12 Fill in 22 FWX120 Operation Manual Connecting to an existing network as a transparent mode firewall 2 ...

Page 23: ...ameless user The Configure nameless user screen appears 12 Type the login password in login password Each password character entered is represented by a black dot 13 Retype the login password you entered in Step 12 14 Click Submit A confirmation screen appears 15 Click Submit The password you have set takes effect 16 Click Return to top The top page of the Basic configuration page reappears FWX120...

Page 24: ... date and time In the Configure machine screen configure the date and time for the product 1 Click 2 Click 3 Select 4 Fill in 5 Click 24 FWX120 Operation Manual Connecting to an existing network as a transparent mode firewall 2 ...

Page 25: ...ously with a time signal 5 Click Submit A confirmation screen appears 6 Click Return to top The top page of the Basic configuration page reappears To automatically set the time of the product Using a NTP network time protocol server on the Internet allows you to automatically set the time of the product NOTE Depending on the security settings of the product PCs in the LAN as well as this product m...

Page 26: ...different screen displays though operations stay the same When the transparent mode firewall is configured some settings can no longer be configured For more details click Help on the setup screen and refer to the description displayed To connect to an existing network you are required to have the following information some connection modes may not need all of the information IP address Netmask Na...

Page 27: ...ned enter that identification name in the DHCP client identification name there is no need to enter it if it is not assigned To use a fixed IP address Click Static IP address to select it and then configure the following settings IP address Enter the IP address in numeric characters netmask Select the netmask Default gateway Enter the default gateway address in numeric characters 3 Click Next The ...

Page 28: ...n to select it If the product is used as a DHCP server Click Use DHCP server function to select it and then configure the following settings Assigned IP address range Enter the range of IP addresses that do not overlap with the IP address of the product in numeric characters netmask Select the same value as the netmask of the product 2 Click Next The Configure firewall 4 6 screen appears 28 FWX120...

Page 29: ... or auto retrieve from DHCP server to select it If the DNS server address is specified Click Specify DNS server to select it and then configure the following settings Primary DNS server address Type the DNS server address in numeric characters Secondary DNS server address Fill out the field if you have two DNS server addresses leave this field blank if you have only one address specified 2 Click N...

Page 30: ...ick Help on the setup screen and refer to the description displayed 2 Enable network sharing If you do not use Windows network sharing clear the Use Windows network sharing check box 3 Click Next The Configure firewall 6 6 screen appears 30 FWX120 Operation Manual Connecting to an existing network as a transparent mode firewall 2 ...

Page 31: ...y After the restart enter the specified IP address or new IP address in the address bar of Internet Explorer to re open the Basic configuration page 3 Check whether the product is connected to the existing network Check that the product is connected to the existing network by viewing the status of connection on the lower part of the screen If you cannot connect to the Internet Check 1 Check the co...

Page 32: ...5 Configuring the IP address on the LAN1 side of the product Page 45 Preparation 6 Changing the IP addresses of PCs in the LAN Page 47 Preparation 7 Configuring provider information Page 48 Connecting to the Internet as a router Flow of preparation steps You must make preparations in the following order to use the product as a router Make the necessary preparations for configuring network connecti...

Page 33: ... TX or 1000BASE T Information regarding the network to which the product is connected Predetermine the IP address to be assigned to the LAN side of the product NOTE To connect the product to a network that uses a DHCP server you need to disable the DHCP server function of the product To do this refer to page 92 Cautions when installing the product Please carefully read and observe the Safety preca...

Page 34: ...port of your cable modem ADSL modem or ONU to the LAN2 port of the product with a LAN cable Please also refer to the document provided by your provider and instruction manuals for ADSL modem and ONU NOTE If you switch an environment in which a cable modem an ADSL modem or an ONU is directly connected to a PC to a connection with the product or an installed router is replaced with the product prope...

Page 35: ... If the LAN1 lamp does not light up or flash Check that the LAN cable is correctly connected and your PC or hub is powered on The LAN1 lamp does not light up or flash unless all the PCs and hubs that are connected to the product are powered on If the LAN2 lamp does not light up or flash Check that the ADSL modem or cable modem or ONU is correctly connected to the product and the ADSL modem or cabl...

Page 36: ...Internet Explorer 11 screens as examples For other environments you have slightly different screen displays though operations stay the same Tip If you enter commands in a console window using Telnet software you can configure settings in more detail compared to doing them in the Basic configuration page console commands For details on connecting to the product using Telnet software please refer to...

Page 37: ...e Basic configuration page appears NOTE Enter the user name and password if you have set them If the top page of the Basic configuration page does not appear Refer to Setting failed with the Basic configuration page page 169 Understanding the Basic configuration page Configure the settings as needed Accept your entries and save them in the product Return to the previous page without saving your en...

Page 38: ... provide security measures Once a password is set anyone trying to access the product must enter it which makes it difficult for third parties to modify the configurations of the product It is recommended that you follow the steps on page 39 to set or change the password to prevent security issues 38 3 Connecting to the Internet as a router ...

Page 39: ...5 Click 1 Click 2 Click 4 Fill in 3 Fill in FWX120 Operation Manual 39 3 Connecting to the Internet as a router ...

Page 40: ...ach password character entered is represented by a black dot 4 Retype the password you entered in Step 3 5 Click Submit A confirmation screen appears 6 Click Submit The password you have set takes effect 7 Click Return to top The screen to enter a User name and Password appears 8 Type the password you entered in Step 3 in Password and then click OK The top page of the Basic configuration page reap...

Page 41: ...9 Click 13 Fill in 14 Click 11 Click 10 Click 12 Fill in FWX120 Operation Manual 41 3 Connecting to the Internet as a router ...

Page 42: ...nfigure to the right of Nameless user The Configure nameless user screen appears 12 Type the login password in login password Each password character entered is represented by a black dot 13 Retype the login password you entered in Step 12 14 Click Submit A confirmation screen appears 15 Click Submit The password you have set takes effect 16 Click Return to top The top page of the Basic configurat...

Page 43: ...4 Setting the date and time In the Configure machine screen configure the date and time for the product 1 Click 2 Click 3 Select 4 Fill in 5 Click FWX120 Operation Manual 43 3 Connecting to the Internet as a router ...

Page 44: ...nd click Submit simultaneously with a time signal 5 Click Submit A confirmation screen appears 6 Click Return to top The top page of the Basic configuration page reappears To automatically set the time of the product Using a NTP network time protocol server on the Internet allows you to automatically set the time of the product NOTE Depending on the security settings of the product PCs in the LAN ...

Page 45: ...t network address has already been configured give the product the IP address and netmask according to that network address Make sure the product has an IP address that does not overlap with the one assigned to other devices installed within the LAN 1 Click 2 Click 1 Click Advanced settings on the top page of Basic configuration page The Advanced settings screen appears 2 Click Configure to the ri...

Page 46: ... you determined and select the netmask For more details on the settings click Help on the setup screen and refer to the description displayed 4 Click Submit A confirmation screen appears 5 Click Execute before changing the IP addresses of PCs For information on changing the IP addresses of PCs refer to the description on page 47 onward 46 3 Connecting to the Internet as a router ...

Page 47: ...masks For information on setting these devices please refer to their instruction manuals NOTE If you do not change the network address of the LAN to which the product is attached you do not need to change IP addresses of PCs in the LAN The way to change the IP address of a PC depends on the version of the operating system Refer to Changing the IP addresses of PCs page 188 for more details FWX120 O...

Page 48: ...as a router NOTE After canceling changing your provider contract please be sure to delete or reconfigure the connection configuration of the product Failure to observe this could result in unexpected charges from your telephone carrier or provider Before using the product as a router or before signing a new contract with your provider be sure to determine whether simultaneous connections of multip...

Page 49: ... via the Internet Be sure to use the product with extra attention to your network security Refer to Enhancing security page 73 for more details The descriptions in this manual use Internet Explorer 11 screens as examples For other environments you have slightly different screen displays though operations stay the same You need the setup document supplied by the provider To configure destinations a...

Page 50: ...ne auto distinction function works to show the screen for the connection mode selected for the connected line NOTE Note that the broadband line auto distinction process takes place only once Be sure to check that the broadband line is connected to the LAN2 port of the product before performing this function 50 FWX120 Operation Manual 3 Connecting to the Internet as a router ...

Page 51: ...owing configurations vary depending on the connected line For details refer to the description for the connection line you selected If no line was chosen Failed to automatically determine broadband line Select Terminal broadband connection over PPPoE or Terminal broadband connection over DHCP or static IP address to your connection type and then click Next If you are not sure which connection type...

Page 52: ... to be modified Enter the user ID Enter the connection user ID specified by the provider Be sure to check the relevant document when entering it Enter your connect password Enter the password specified by the provider or the password you changed The password is case sensitive and should be in alphanumeric characters Each password character entered is represented by a black dot Click Next The Confi...

Page 53: ...erver address is assigned by your provider Click The contract with the provider stipulates a DNS server address designation to select it and then set the following addresses Primary DNS server address Enter the DNS server address assigned by your provider in numeric characters Secondary DNS server address Enter the secondary DNS server address if your provider provides you with two DNS server addr...

Page 54: ...hat the entries displayed on the screen agree with the information provided by your provider If an incorrect setting has been made click Back to bring up the necessary setting screen to set it correctly Click Submit The Register provider screen appears 54 FWX120 Operation Manual 3 Connecting to the Internet as a router ...

Page 55: ...guration settings for your Internet connection are now complete A Terminal broadband connection over PPPoE from page 51 Click Connect TheproductconnectstotheInternetandshowsthe Connect disconnectprovider screen Click Return to top to return to the top page of the Basic configuration page Check whether the product is connected to the Internet Check that the product is connected to the Internet by v...

Page 56: ...dentification name is assigned by your provider enter that identification name in the DHCP client identification name there is no need to enter it if it is not assigned by your provider If the IP address is assigned by your provider Click Static IP address and then configure the following settings WAN IP address Enter the IP address assigned by your provider in numeric characters netmask Select th...

Page 57: ...he DNS server address is assigned by your provider Click The contract with the provider stipulates a DNS server address designation to select it and then set the following addresses Primary DNS server address Enter the DNS server address assigned by your provider in numeric characters Secondary DNS server address Enter the secondary DNS server address if your provider provides you with two DNS ser...

Page 58: ...P or static IP address from page 51 Ensure that the entries displayed on the screen agree with the information provided by your provider If an incorrect setting has been made click Back to bring up the necessary setting screen to set it correctly Click Submit If you click Return to top in the confirmation screen that appears the product automatically connects to the Internet and returns to the top...

Page 59: ... connection increases the risk of illegal access or attack via the Internet Be sure to use the product with extra attention to your network security Refer to Enhancing security page 73 for more details The descriptions in this manual use Internet Explorer 11 screens as examples For other environments you have slightly different screen displays though operations stay the same To configure destinati...

Page 60: ...1 2 Click Advanced settings The Advanced settings screen appears Click Configure to the right of Detailed basic connection setting The Detailed basic connection setting screen appears 60 FWX120 Operation Manual 3 Connecting to the Internet as a router ...

Page 61: ...ick 3 4 5 Click Add The Register provider screen appears Click the Network broadband connection over PPPoE Click Next The Register provider screen appears FWX120 Operation Manual 61 3 Connecting to the Internet as a router ...

Page 62: ... modified Enter the user ID Enter the connection user ID specified by the provider Be sure to check the relevant document when entering it Enter your connect password Enter the password specified by the provider or the password you changed The password is case sensitive and should be in alphanumeric characters Each password character entered is represented by a black dot 62 FWX120 Operation Manual...

Page 63: ...gned to the line side Internal NAT address range Enter the range of private IP addresses to be address translated Specify the DNS server address If the DNS server address is not assigned by your provider Select Automatically retrieve upon connecting If the DNS server address is assigned by your provider Select Specify IP address and then configure the following settings Primary DNS server address ...

Page 64: ...t is connected to the Internet by viewing the status of Internet connection on the lower part of the screen 64 FWX120 Operation Manual 3 Connecting to the Internet as a router If you cannot connect to the Internet Check 1 Check the connection between the product and your PC ADSL modem or ONU Check 2 Check the entries again on pages 62 and 63 Check 3 If you still have difficulties refer to Troubles...

Page 65: ...ime and communications traffic for each connection or on a cumulative basis Please use it as necessary A constant Internet connection increases the risk of illegal access or attack via the Internet Be sure to use the product with extra attention to your network security Refer to Enhancing security page 73 for more details Be sure to use a communication terminal as instructed in its instruction man...

Page 66: ...hes Tip A buzzer beeps when the USB data communication terminal is connected For details on the buzzer sound refer to Changing the buzzer settings page 150 For a list of the latest USB data communication terminals that are known to work visit http www yamaha com products en network and go to the product information page of this product DOWNLOAD POWER STATUS LAN 1 LAN 2 microSD USB LAN2 4 3 2 1 ON ...

Page 67: ...uter 2 Specifying the connection mode 1 Click 2 Click 3 Click 1 2 3 Click Configure provider on the top page of Basic configuration page The Configure provider 1 4 screen appears Click Mobile Internet connection Click Next The Configure provider 2 4 screen appears ...

Page 68: ...t the interface is determined automatically If not connect a USB data communication terminal and then try again Enter the configuration name Enter a descriptive destination name It is a good idea to name the configuration so that you can easily identify it when it needs to be modified Enter the access point name Enter the access point name provided by your carrier or provider Entries may vary depe...

Page 69: ...ntered is represented by a black dot Select outgoing restrictions Configure the outgoing restrictions based on the cumulative send received data and the cumulative connection period Depending on your contract plan unusual billing can occur due to long connection times Be sure to check your contract plan before configuring it Click Next The Configure provider 3 4 screen appears FWX120 Operation Man...

Page 70: ...tipulates a DNS server address designation to select it and then set the following addresses Primary DNS server address Enter the DNS server address assigned by your provider in numeric characters Secondary DNS server address Enter the secondary DNS server address if your provider provides you with two DNS server addresses if your provider provides you with only one DNS server address leave this f...

Page 71: ... the screen agree with the information provided by your provider If an incorrect setting has been made click Back to bring up the necessary setting screen to set it correctly Click Submit The Register provider screen appears FWX120 Operation Manual 71 3 Connecting to the Internet as a router ...

Page 72: ...ng the status of Internet connection on the lower part of the screen 72 FWX120 Operation Manual 3 Connecting to the Internet as a router If you cannot connect to the Internet Check 1 Check the connection between the product and your PC and between the product and the USB data communication terminal Check 2 Check the entries again on pages between 68 and 70 Check 3 If you still have difficulties re...

Page 73: ... the settings of the product be modified or the PC system or data be destroyed a massive amount of data and monetary damages would be resulted You must configure filter settings of the product or take other security measures to protect your system Enhancing security Outlineofunauthorizedaccessesandsecuritymeasures A particular attention is required if a router has a global IP address Malicious ind...

Page 74: ...to be taken in the product Enable the auto disconnect function so that an assigned dynamic IP address can be changed each time the product is disconnected connected However this measure is difficult to implement when you use the product for the purpose of having a public server in place In that case take appropriate measures in the server You may be able to block a certain type of attack by config...

Page 75: ...Intrusion Detection System NAT receiving side Routing Policy filter NAT transmitting side Internet Filter function The product has the following two filters Inbound filter page 77 Used to discard needless packets early Policy filter page 80 Performs stateful inspection filtering dynamic filter It can control access on a connection basis Intrusion Detection System page 88 When incoming packets are ...

Page 76: ...ile sharing software Intrusion Detection System page 88 When Intrusion Detection System is enabled the product can detect packets used by Winny and Share discard those packets and break their communication In addition if Winny or Share packets are detected they are logged to the history records for Intrusion Detection System Thus the product can identify terminals that have used Winny or Share Oth...

Page 77: ... filter can dispose of needless packets at an earlier stage without putting much load on the product Note that the inbound filter can be set for each interface UP LINK 1 3 4 2 LAN Provider Pass Block Pass Internet DOWN LOAD POWE R STATU S LAN 1 LAN 2 microS D USB LAN2 4 3 2 1 ON ST ANDBY CONSO LE LAN1 Source xxx xxx xxx xxx Destination 192 168 100 10 Port 80 Source xxx xxx xxx xxx Destination 192 ...

Page 78: ...e inbound filter Execute of the interface for which you want to set an inbound filter Click Execute of IPv4 inbound filter if IPv4 addresses are used for connection or Execute of IPv6 inbound filter if IPv6 addresses are used Add in the List of IPv4 inbound filter screen Editing the inbound filter list The List of inbound filter screen enables you to view the list of created filters or change the ...

Page 79: ...nd filters are working The View the log of inbound filter screen enables you to view how many times the inbound filters have worked To open the View the log of inbound filter screen From Basic configuration page click the buttons on the setup screen in the following order Advanced settings in the top page Execute in Information of inbound filter Execute of the interface for which you want to view ...

Page 80: ...1 LAN 2 microS D USB LAN2 4 3 2 1 ON ST ANDBY CONSO LE LAN1 Specify a receiving or transmission interface a source or destination IP address and a service to allow traffic to pass through or to be discarded on a connection basis not a packet basis The filter is applied as necessary while the communication status is being monitored You can set a filter considering the state of a session For example...

Page 81: ...y filter if IPv6 addresses are used Viewing or editing a policy set The Configure and view the status of policy filter screen enables you to view the list of created policies or change the processing order or hierarchical structure of the policies To edit the list of policies click the icon in the policy list Click to show a pop up menu where you can edit the policy To modify an existing policy se...

Page 82: ...interfaces addresses and services as a group For more details refer to Managing interfaces addresses and services in a group page 85 For more details on the settings click Help on the setup screen and refer to the description displayed To open the Configure policy filter screen From Basic configuration page click the buttons on the setup screen in the following order Advanced settings in the top p...

Page 83: ...cy filter if IPv6 addresses are used Add in List of policy set To specify a level in the hierarchy to add a policy In the Configure and view the status of policy filter screen you can create a filter so that a policy in a child level narrows down the criteria in the parent policy up to the depth of four levels This usage is useful if you want to add an exceptional policy that narrows down the crit...

Page 84: ...IPv6 policy filter if IPv6 addresses are used Set criteria for changing the policy set automatically In the Configure policy set switching screen you can set criteria for changing the policy set automatically NOTE The Configure policy set switching screen is visible only if multiple policy sets are created For more details on the settings click Help on the setup screen and refer to the description...

Page 85: ...ices in a group You can group given interfaces addresses and services together to manage them All you need to do is specify the created group when you apply the same policy to multiple interfaces addresses and services You no longer need to apply policies one by one which can save time and effort to manage policies Tip Basically a service conceptually refers to an application which includes TELNET...

Page 86: ...olicy filter if IPv6 addresses are used Configure in List of group and user definition service Add in Configure address group Create a service group Create it in the Configure service group screen For more details on the settings click Help on the setup screen and refer to the description displayed To open the Configure service group screen From Basic configuration page click the buttons on the se...

Page 87: ...he setup screen and refer to the description displayed To open the Configure user definition service screen From Basic configuration page click the buttons on the setup screen in the following order Advanced settings in the top page Configure in Configure policy filter Execute of the interface for which you want to view the policy filter Click Execute of Configure and view status of IPv4 policy fi...

Page 88: ...tantly being discovered and thus no completely infallible prevention method exists We would like you to understand that not all unauthorized accesses can be detected by this function As this function detects accesses that are similar to intrusions attack patterns some unauthorized accesses may not be detected due to timing or a range of other reasons On the other hand a detected pattern does not a...

Page 89: ...e for which you want to configure Intrusion Detection System Checking the history of unauthorized access detection In the Status of Intrusion Detection System screen you can view the number of detected unauthorized access attempts and the history of detection NOTE Note that new unauthorized access methods and intrusion attack patterns are constantly being discovered and thus no completely infallib...

Page 90: ...ction System screen From Basic configuration page click the buttons on the setup screen in the following order Advanced settings in the top page Execute in Status of Intrusion Detection System Execute of the interface for which you want to view the status of Intrusion Detection System ...

Page 91: ...y DHCP Assigned by DHCP Registered Internet DOWN LOAD POWE R STATUS LAN 1 LAN 2 microS D USB LAN2 4 3 2 1 ON ST ANDBY CONSO LE LAN1 NOTE The DHCP authentication function uses MAC address filtering together which blocks communication that is not allowed even if unregistered terminals have fixed IP addresses configured Tip You can configure two logical networks primary and secondary networks in one ...

Page 92: ... settings in the top page Configure in Configure DHCP Registering all terminals to which IP addresses are assigned by the DHCP server function This is useful because you do not have to register terminals one by one and you can use the current state of assignment for the registration of terminals with the DHCP authentication function 1In the Configure DHCP authentication section of the Configure DH...

Page 93: ...nt section Specifying how unregistered terminals are handled In the Configure handling policy of unregistered terminal section of the Configure DHCP authentication screen specify the policy to assign IP addresses to unregistered terminals NOTE Register terminals on LAN1 including the PC for configuring this function before specifying how unregistered terminals are handled A change in the handling ...

Page 94: ... current status of terminals For more details on the status of terminals click Help on the setup screen and refer to the description displayed To open the Configure DHCP authentication screen From Basic configuration page click the buttons on the setup screen in the following order Advanced settings in the top page Configure in Configure DHCP Configure in Configure DHCP authentication ...

Page 95: ...of a given URL specified by your administrator as a keyword to limit access to URLs containing the string that matches the keyword It can also block Web access over HTTPS when the product runs as a proxy server Provider UP LINK 1 3 4 2 LAN Internal database Internet DOWN LOAD POWE R STATU S LAN 1 LAN 2 microS D USB LAN2 4 3 2 1 ON ST ANDBY CONSO LE LAN1 Block Pass A URL that includes the keyword a...

Page 96: ...er Advanced settings in the top page Configure in Configure URL filter Configure in Configure URL filter proxy Configuring a URL filter To use URL filters change the setting in the Common URL filter setting screen You can also specify a port number used in HTTP communication that a URL filter monitors For more details on the settings click Help on the setup screen and refer to the description disp...

Page 97: ... filter screen From Basic configuration page click the buttons on the setup screen in the following order Advanced settings in the top page Configure in Configure URL filter Configure of the interface for which you want to add a URL filter in the Interface for setting URL filter section Add of the URL filter to be used Viewing the operating status of URL filters The URL filter status screen enable...

Page 98: ...ory records for diagnosis results For more details on the settings click Help on the setup screen and refer to the description displayed To open the Base configuration of security diagnosis screen From Basic configuration page click the buttons on the setup screen in the following order Advanced settings in the top page Execute in Security diagnosis Configure in Base configuration of security diag...

Page 99: ...her a specific problem occurs when for example a new service is installed in the network or the network configuration has been changed For more details on the settings click Help on the setup screen and refer to the description displayed To open the Custom diagnosis screen From Basic configuration page click the buttons on the setup screen in the following order Advanced settings in the top page E...

Page 100: ...ings Permit a specific user to change settings via TELNET or SSH only from a host with a specific IP address Setting the restriction for each individual service In the Configure users and access limits screen you can restrict hosts that can change a product setting using the Web browser HTTP TELNET SSH or SFTP software In addition to restricting the IP addresses of hosts that can access the produc...

Page 101: ...e click the buttons on the setup screen in the following order Advanced settings in the top page Configure of Configure users and access limits HTTP TELNET SSH SFTP Configure of the Number of registered users field Restrict access from anonymous users In the Configure nameless user screen you can set access restrictions on anonymous users For more details on the settings click Help on the setup sc...

Page 102: ...LAN to LAN connection You can create a Virtual Private Network VPN to connect LANs if the product is connected to a broadband Internet connection LAN to LAN connection using IPsec ensures secure connection via the Internet A VPN can be created using conventional broadband connections such as ADSL Thus VPNs are cheaper than real private networks using dedicated lines The LAN to LAN connection of th...

Page 103: ... address of the router on the other side When using the Aggressive Mode the settings depend on whether or not the routers have fixed global IP addresses For information on the IPsec specifications and configuration commands of the product please refer to Command reference included in the attached CD ROM NOTE Because IPsec tunnels are to be configured with the product connected to a broadband conne...

Page 104: ...e number Transport mode This is a special communications mode that ensures the security of communications in which the router itself is the start or end point This mode can be used in a special case where a router accesses a remote router using telnet Before configuring the settings To connect LANs it will be necessary to configure a different network address for each LAN to avoid overlapping Chan...

Page 105: ...onnecting with IPsec If authentication succeeds on both sites the IPsec communication is automatically established no manual operations are required Once the IPsec connections are complete the top page of the Basic configuration page shows a message Connected NOTE For the IPsec connection both sites must have the same pre shared key A pre shared key is a password that provides important informatio...

Page 106: ...ng users in remote locations like on the road to access to a PC on the LAN IPsec VPN connections are more secure than PPTP For remote access register remote users user IDs and passwords with the product and configure VPN connections on a remote PC Gain remote access using L2TP IPsec Internet DOWNLOA D POWER STATUS LAN 1 LAN 2 microSD USB LAN2 4 3 2 1 ON ST ANDBY CONSOLE LAN1 NOTE This function can...

Page 107: ...dequate security settings may cause PCs in the LAN to be hacked sniffed intercepted or destroyed or their data to be lost The remote access function of the product does not support Windows NetBEUI protocol or Apple s Mac OS AppleTalk protocol To share files in Windows you need to use NetBIOS over TCP IP protocol or have a Windows Internet Name Service WINS server TosharefilesinMacintosh openSystem...

Page 108: ...click Advanced settings then click Configure to the right of Configure VPN connection 2 Click Add to the right of the destination you want to register 3 Select your desired authentication method and then click Next The Register Modify VPN connection setting screen appears PP Only the specified host name or IP address is allowed as the destination and the user ID and password are used for authentic...

Page 109: ... protocol or Apple s Mac OS AppleTalk protocol To share files in Windows you need to use NetBIOS over TCP IP protocol or have a Windows Internet Name Service WINS server TosharefilesinMacintosh openSystemPreferences select Sharing and select Personal File Sharing check box Configuring the IP addresses of the server and PCs Assign a fixed private IP address to each PC that allows the servers or PCs...

Page 110: ...anging the settings for a device such as a smartphone that remotely accesses a PC 1 Tap on Settings 2 Tap on General 3 Tap on VPN 4 Tap on Add VPN Configuration Gaining remote access using L2TP IPsec Continued from the previous page 110 FWX120 Operation Manual 5 Implementing site to site VPN connections ...

Page 111: ...count Enter the connection user ID you set in Step 4 on page 109 RSA SecurID Set it to Off Password Enter the connect password you set in Step 4 on page 109 Secret Enter the pre shared key that is configured on the product Send All Traffic Set it to On Proxy Set it to Off 6 Tap on Done Now the setting up of a remote access connection is complete FWX120 Operation Manual 111 5 Implementing site to s...

Page 112: ...droid NOTE Some of the screens on your terminal may differ from the screens used to describe the operations on Android Changing the settings for a device such as a smartphone that remotely accesses a PC 1 Press the Home icon press Menu and tap on Settings 2 Tap on Wireless networks Gaining remote access using L2TP IPsec Continued from the previous page 112 FWX120 Operation Manual 5 Implementing si...

Page 113: ...y setup information Name Type Yamaha vpn as the L2TP client name Server address Enter the host address obtained with the netvolante DNS service or the WAN IP address of the product IPSec pre shared key Enter the pre shared key that is configured on the product FWX120 Operation Manual 113 5 Implementing site to site VPN connections ...

Page 114: ... ID If you do not select it you need to enter the connection user ID each time you connect to the VPN 7 Tap on Save Now the setting up of a remote access connection is complete Accessing the product 1 Connect the product to the broadband network 2 Press the Home icon press Menu and tap on Settings 3 Tap on Wireless networks 4 Tap on VPN 5 Tap on Yamaha vpn Gaining remote access using L2TP IPsec Co...

Page 115: ...access to a PC on the LAN from a remote location For remote access register remote users user IDs and passwords with the product and configure VPN connections on a remote PC DOWNLOA D POWER STATUS LAN 1 LAN 2 microSD USB LAN2 4 3 2 1 ON ST ANDBY CONSOLE LAN1 Gain remote access using PPTP Internet DOWNLOA D POWER STATUS LAN 1 LAN 2 microSD USB LAN2 4 3 2 1 ON ST ANDBY CONSOLE LAN1 NOTE This functio...

Page 116: ...ation and a PPTP session is disconnected if data does not pass through a PPTP tunnel for a certain amount of time The product does not support PPP forwarding NOTE Because PPTP tunnels are to be configured with the product connected to a broadband connection it will be necessary to configure the broadband connections before setting up remote access using PPTP Remote access via PPTP is available onl...

Page 117: ...ess Change the settings of the file server software Settings required for a PC for remote accessing Changing the configurations of a PC that is remotely accessed pages 119 and 122 Registering connection destinations Register connection destinations NOTE Up to 50 users can be registered for PP connection There are up to 50 PPTP tunnel connections at a time including the ones used in anonymous conne...

Page 118: ... you with access to the server or PCs in the LAN via TCP IP protocol NOTE The remote access function of the product does not support Windows NetBEUI protocol or Apple s Mac OS AppleTalk protocol To share files in Windows you need to use NetBIOS over TCP IP protocol or have a Windows Internet Name Service WINS server TosharefilesinMacintosh openSystemPreferences select Sharing and select Personal F...

Page 119: ...xt 4 Click Use my Internet connection VPN 5 In Internet address enter the host address obtained with the netvolante DNS service or the WAN IP address of the product 6 Type VPN_PPTP in Destination name 7 Select Don t connect now just set it up so I can connect later and then click Next 8 Click Create button 9 Click Close button Now the setting up of a remote access connection is complete FWX120 Ope...

Page 120: ...if server declines If Non encrypted access allowed is selected with the product Select your desired encryption level If you selected Anonymous as an encryption mode you want to use in Step 3 on page 118 select your desired encryption level Accessing the product 1 Connect the product to the broadband network 2 Click View network status and tasks in Control Panel 3 Click Connect to a network 4 Selec...

Page 121: ... any Unchecked NOTE Windows 7 does not support Microsoft CHAP Version 1 MS CHAP Check the settings you configured in Step 4 on page 118 12Click OK inthe VPN_PPTPProperties window and close the window 13Enter the user ID in User name and connect password in Password you set in Step 4 on page 118 and click Connect VPN connection to the product now begins NOTE If you select the Save this user name an...

Page 122: ...onnect to a workplace and then click Next 4 Click Use my Internet connection VPN 5 In Internet address enter the host address obtained with the netvolante DNS service or the WAN IP address of the product 6 Type VPN_PPTP in Destination name 7 Select Don t connect now just set it up so I can connect later and then click Next 8 Click Create button 9 Click Close button Now the setting up of a remote a...

Page 123: ... then click OK Enable LCP extensions Unchecked Enable software compression Unchecked Negotiate multi link for single link connections Checked 9 Click Security tab select Advanced custom settings under Security options and then click Settings 10Select the encryption mode If you selected PP as an encryption mode you want to use in Step 3 on page 118 select the encryption mode according to the settin...

Page 124: ...12Click Networking tab and then select Automatic for Type of VPN 13Click OK inthe VPN_PPTPProperties window and close the window 14Enter the user ID in User name and connect password in Password you set in Step 4 on page 118 and click Connect VPN connection to the product now begins NOTE If you select the Save this user name and password for the following users check box you no longer need to ente...

Page 125: ...irtual Private Network VPN using PPTP PPTP LAN to LAN connection You can create a Virtual Private Network VPN through PPTP to connect LANs if the product is connected to a broadband Internet connection A VPN can be created using conventional broadband connections such as ADSL Thus VPNs are cheaper than real private networks using dedicated lines The LAN to LAN connection of the product supports TC...

Page 126: ...ns before setting up the LAN to LAN connection using PPTP PPTP based LAN to LAN connection can be used only in an environment where a global IP address is assigned by your provider Note that the following IP addresses are not global IP addresses 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 When using the LAN to LAN connection be sure to configure adequate security ...

Page 127: ...nced settings then click Configure to the right of Configure VPN connection 2 Click Add to the right of the destination you want to register 3 Select LAN to LAN network VPN over PPTP and then click Next The Register Modify VPN connection setting screen appears 4 Configure the required settings and then click Submit The connection destination is registered For more details on the settings click Hel...

Page 128: ...tings you want connect to under LAN to LAN connection Connect to the registered PPTP server to create a PPTP LAN to LAN connection To disconnect a PPTP LAN to LAN connection Click Disconnect under LAN to LAN connection on the top page of Basic configuration page NOTE Clicking Disconnect only ends a PPTP session and the connection with your provider is not terminated 128 FWX120 Operation Manual 5 I...

Page 129: ...querade screen to confirm the port number to be used and other setting examples 1 Using the static IP masquerade setting to solve the problem When you attempt to use an application program that requires a global IP address from your LAN via the product the program may not operate correctly You can solve the problem using either of the following methods 1 Registering the conversion table of protoco...

Page 130: ... the NAT IP masquerade table the packet will be transferred to a host with a specific IP address This setting is possible owing to the DMZ host function NOTE DMZ is the acronym of DeMilitarized Zone While using the DMZ host function packets can pass through the product because of the DeMilitarized Zone and you may be affected by an unintended intrusion or external attack The DMZ host function cann...

Page 131: ...volante DNS service can be used for accessing the server Accordingly the contract of fixed IP address service is not required to operate various servers using a proprietary domain or construct a VPN using IPsec or PPTP to exchange data with external systems As the server IP address tends to change users who want to access the server must check the new address If the server IP address has changed t...

Page 132: ...that the following IP addresses are not global IP addresses 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 Depending on the provider you are currently using the registered updated host name settings may not be reflected on the netvolante DNS service immediately Obtaining a host address from the netvolante DNS service Use the Configure NetVolante DNS host address serv...

Page 133: ... server software programs according to the services to be published NOTE When publishing the server to the outside of your LAN be sure to configure adequate security settings to maintain data integrity Inadequate security settings may cause PCs in the LAN to be hacked sniffed intercepted or destroyed or their data to be lost Tip You can use the netvolante DNS service to publish and operate a serve...

Page 134: ...n to confirm the port number to be used and other setting examples For more details on the settings click Help on the setup screen and refer to the description displayed To open the Register static IP masquerade screen From Basic configuration page click the buttons on the setup screen in the following order Advanced settings in the top page Configure of Detailed basic connection setting Configure...

Page 135: ...ter Mail server Relatively safe password flow Risky password flow Risk of information leakage FWX120 FWX120 Operation Manual 135 Maximizing use of the product 6 Using mail notification NOTE If you do not use SMTP authentication the password and other data are released to the Internet without being encrypted Please exercise care not to do so For the authentication methods that the provider supports...

Page 136: ...horized access detection by e mail The record of unauthorized accesses detected by Intrusion Detection System page 88 of the product can be sent to the specified e mail address periodically This is convenient when you check while away from your desk any unauthorized access or unintended automatic connection In the Configure content of notifications screen specify the transmission destination and d...

Page 137: ...required for transition from IPv4 to IPv6 and an appropriate transition technology is required for each step As transition technologies the product supports IPv6 over IPv4 tunneling for connecting an IPv6 network via an IPv4 network and IPv4 over IPv6 tunneling for connecting an IPv4 network via an IPv6 network Check configuration information from the provider When you contract an IPv6 connection ...

Page 138: ...rectly configured NOTE The descriptions in this manual use Windows 7 as examples Tip The product and a PC can be communicated with each other once they are connected with a LAN cable No particular settings are required in the PC 1 Check the connection of LAN From a PC connected to a LAN1 port execute ping to the LAN1 address of the product If a response is returned IPv6 has been configured correct...

Page 139: ...have not registered the provider before starting software such as Windows Live Messenger that requires the UPnP environment it may take some time to communicate with the product In this case register the connection provider or stop the UPnP function If Windows Live Messenger is exited and started repeatedly or the UPnP function information becomes different between the PC and the product after the...

Page 140: ...ork status and tasks 3 Click Change advanced sharing settings and confirm whether Turn on network discovery is selected under Network discovery If this option is selected the UPnP function is available in the PC If this option is not selected select it and then click Save changes For Windows Vista 1 Click the Start button then click Control Panel 2 From Network and Internet click View network stat...

Page 141: ...Basic configuration screen of switch control From Basic configuration page click the buttons on the setup screen in the following order Switch control in the top page Configure of Basic configuration 2 Click Submit then click Return to top 3 In the Switch control screen click Execute of the LAN interface to which Yamaha switches are connected Yamaha switches connected to the selected LAN interface...

Page 142: ...nter commands from a PC connected to the console port of the product using a serial cable Using console commands enables you to configure more detailed settings than using other methods Using an external memory device page 147 You can load a configuration file stored in a commercially available external memory device USB memory stick or microSD card to the product to change settings The following ...

Page 143: ...a console command an unintended operation may be resulted Be sure to check whether the command behaves as you intended after changing the setting Tip The product can be configured with console commands from a PC that is connected to the console port of the product using a serial cable page 146 Register TELNET SSH or SFTP users In the Add user screen register users to be permitted to log in using T...

Page 144: ... to be used Connect with TELNET The following explains an example of connection from a PC using TELNET included as standard in Windows 7 Tip In Windows 7 TELNET must be enabled by the following procedure 1 From Control Panel select Programs Programs and Features Turn Windows features on or off 2 In the Windows Features window select the Telnet Client check box and click OK 1 From the Start menu se...

Page 145: ... enter the administration password When is displayed you can enter various types of console commands 6 Enter console commands to configure settings 7 After the configuration is completed type in save and press the Enter key The settings configured using the console commands will be saved to the memory included in the product 8 To exit the settings type in quit and press the Enter key 9 To exit the...

Page 146: ...serial devices For more details on how to use the terminal software please refer to the instruction manual attached to each software program Connect the console port to your PC Connect the console port of the product to the serial port of your PC with a cross type serial cable ON ST ANDBY LAN 2 4 3 2 1 CONSOLE LAN 1 1 2 3 LAN 2 CONSOLE STANDBY ON SPEED LINK DATA 4 LAN 1 Console port Tip One of the...

Page 147: ... top page Configure of Configure external device FWX120 Operation Manual 147 7 Operating and managing the product Press the button on the product front panel to load a configuration file 1 Prepare an external memory device storing a configuration file Specify the same file name as that specified in the Configuration file name field on the Configure external device screen 2 Insert the external devi...

Page 148: ...ou specify another external memory device instead of Internal non volatile memory you can copy the configuration file to the external device using the product 5 Click Execute A confirmation screen appears 6 Click Execute The configuration file prepared in Step 1 is loaded to the product After the configuration file has been loaded the product restarts automatically After the restart the product op...

Page 149: ...f Configure external device Start the product using a configuration file in an external device 1 Prepare an external memory device storing a configuration file Specify the same file name as that specified in the Configuration file name field on the Configure external device screen 2 Insert the external device into the USB port or microSD slot of the product The USB lamp or microSD lamp of the prod...

Page 150: ... attached CD ROM You can change the buzzer settings on the Configure machine screen For more details on the settings click Help on the setup screen and refer to the description displayed To open the Configure machine screen From Basic configuration page click the buttons on the setup screen in the following order Advanced settings in the top page Configure of Configure machine Date Time buzzer 150...

Page 151: ...up screen and refer to the description displayed To open the Configure resource statistics screen From Basic configuration page click the buttons on the setup screen in the following order Advanced settings in the top page Configure of Configure statistics Configure of the Resource statistics field Configure of Configure resource statistics View resource statistics In the View resource statistics ...

Page 152: ...llowing order Advanced settings in the top page Configure of Configure statistics Configure of the Traffic statistics field Configure of Configure traffic statistics View traffic statistics In the View traffic statistics screen you can view traffic statistics For more details on the settings click Help on the setup screen and refer to the description displayed To open the View traffic statistics s...

Page 153: ...ption displayed To open the Configure QoS statistics screen From Basic configuration page click the buttons on the setup screen in the following order Advanced settings in the top page Configure of Configure statistics Configure of the QoS statistics field Configure of Configure QoS statistics View QoS statistics In the View QoS statistics screen you can view QoS statistics For more details on the...

Page 154: ...n is set to enable on the initial setup screen To check whether the keep alive function is enabled view the setup screen of each connection Example of setup screen for the Terminal broadband connection over PPPoE connection When the STATUS lamp lights up In a connection setting where the keep alive function is enabled communication with any connected equipment is inactive NOTE The keep alive funct...

Page 155: ...ersion for which Yamaha does not formally assure normal operation Tip If you change the Allow for revision down setting to allow on the Execute revision up screen of Basic configuration page you can downgrade the firmware to an older version Revision down Please refer to the Help on the Execute revision up screen for more information Upgrading the firmware using the DOWNLOAD button If Revision up ...

Page 156: ...s been upgraded The product restarts Upgrading the firmware in Basic configuration page Use the Execute revision up screen You can click Execute to find a new revision of firmware If a new revision of firmware is found the revision number is displayed on the screen together with the revision number of the existing firmware In this state click Execute again to download the new firmware and automati...

Page 157: ...etup screen in the following order Advanced settings in the top page Configure of Configure external device Upgrade the firmware by pressing the button on the product front panel 1 Prepare an external memory device containing firmware Specify the same file name as that specified in the Firmware file name field on the Configure external device screen 2 Insert the external device into the USB port o...

Page 158: ...order Advanced settings in the top page Execute of Copy configuration and firmware files 4 Click Execute A confirmation screen appears 5 Click Execute The firmware prepared in Step 1 is loaded to the product After the firmware has been loaded the upgrade begins After the upgrade process has been completed the product restarts automatically NOTE If allow is selected in the Startup via external memo...

Page 159: ...en the Configure external device screen From Basic configuration page click the buttons on the setup screen in the following order Advanced settings in the top page Configure of Configure external device Start the product using a firmware in an external memory device 1 Prepare an external memory device containing firmware Specify the same file name as that specified in the Firmware file name field...

Page 160: ... Copy the displayed configuration information and paste it to notepad or other software to save it Tip If you want to transfer the configuration file edited in your PC to the product copy the content of the configuration file in text format to the clip board in advance and then paste it to the Execute command screen page 145 Checking the configuration information and log of the product Checking th...

Page 161: ...he product is lit up or flashing Doing so may damage data in the external device Before removing the external device hold down the USB button or microSD button for two seconds and make sure that the USB lamp or microSD lamp has gone off Save the configuration information of the product to an external memory device 1 Insert the external device into the USB port or microSD slot of the product The US...

Page 162: ... The USB lamp or microSD lamp of the product lights up or flashes 2 In the Save Syslog field on the Configure external device screen select start and enter the log file name To open the Configure external device screen From Basic configuration page click the buttons on the setup screen in the following order Advanced settings in the top page Configure of Configure external device Tip You can encry...

Page 163: ...refer to Unable to use USB device page 178 Notes on the log to be saved When you start saving the log the following log files are generated in the USB memory stick or microSD card A file to which the log is currently written The file name is the same as that specified in the Save administration information field on the Configure external device screen A backup file generated for each certain size ...

Page 164: ...en network Language specifications Please refer to the following URL for information about specifications of Lua language implemented by Yamaha Grammar of Lua language Library functions Lua tutorial for programming beginners http www yamaha com products en network NOTE External memory devices and the internal non volatile memory must be used only for the purpose of saving script files to be execut...

Page 165: ...e used for transferring settings from the host via HTTP you can create GUIs using JavaScript Embedding multiple custom GUIs enables you to switch screens according to the logged in user for example This is convenient because you can control the rights to access to the product and also use the restriction of access to functions by changing GUIs Please refer to the following URL for more details on ...

Page 166: ...page 167 Q2 Setting failed with the Basic configuration page page 169 Q3 Internet connection cannot be established page 171 Q4 VPN communication cannot be established page 173 Q5 The DOWNLOAD button does not function page 177 Q6 Unable to use USB device page 178 Q7 Other problems page 180 Chapter 8 Troubleshooting 166 FWX120 Operation Manual 8 ...

Page 167: ... of the product The LAN1 lamp does not light up The hub or PC is not powered on Although the device is connected to the LAN1 port correctly the LAN1 lamp of the product will not light up if the device power is off Power on the device connected to the product The device is not connected correctly Disconnect the connectors from the product PC and hub and reconnect them until the connector clicks A L...

Page 168: ...ot correctly connected to the ADSL modem cable modem or ONU Disconnect the plug from the LAN2 port of the product and from the ADSL cable modem or ONU and then reconnect the plugs until they clicks The correct cable is not used Use the same cable type that is used for connection of the ADSL modem cable modem or ONU with the PC Lamps are off Continued from the previous page Q1 ...

Page 169: ...uct and the LAN If the PCs cannot be restarted or powered off connect only one PC to the product disconnect all other LAN cables and then power on the product and the PC Check that the IP address of the PC matches with the network address of the product and also it does not conflict with the IP address of another device If anything is wrong change the IP address to an appropriate one The URL of th...

Page 170: ...s in the Web browser such information will be sent and an error may result Delete the user name before entering the password or close the Web browser and reopen the Basic configuration page The login password was entered The administration password should be used here If password has been set enter the administration password The setting is returned to the original state You did not click Submit a...

Page 171: ...rovider is not correct Check whether the DNS server address is specified in the provider connection setting Enter the IP address of the product in the DNS server address setting of each PC and restart the PC The Web server or DNS server may be overloaded or suspended Re attempt access after a while The filtering function of the product is enabled Check whether complicated policy filters are applie...

Page 172: ... reconnect The IP address given by the provider conflicts with the IP address specified for the product In the Basic configuration page Configure LAN screen change the IP address of the product so as not to conflict with the IP address given by the provider page 45 In this case various filters of the product must be applied again The network setting of the PC is inappropriate Try again to set the ...

Page 173: ...ection IPsec connection is not established Check whether the same pre shared key as the IPsec connection destination is specified Check whether the correct IP address and correct name are specified in the method used to identify the destination Check whether the same authentication algorithm and encryption algorithm as the IPsec connection destination are specified Incorrect routing information ha...

Page 174: ... type of tunnel interface tunnel encapsulation l2tp The PPP setting is not correct Check if the ID and password for the PPP authentication are correct Check that the tunnel interface is bound in the PP interface pp bind tunnel1 The terminal setting is not correct Check if the destination address and the host name are correct Check if the pre shared key of IPsec is correct Check if the user ID and ...

Page 175: ...P address refer to the manual of the terminal Incorrect routing information has been configured Configure the correct destination LAN network address for the routing information Proxy ARP setting is absent Run the proxy ARP in the VPN destination LAN ip lan1 proxyarp on In the top page of the Basic configuration page the message Connected is not displayed for the PPTP tunnel connection A private I...

Page 176: ...the correct destination LAN network address for the routing information The setting is not correct in the PC connected to the destination LAN Check the setting of the application software used for communication If the Firewall function is enabled in the PC change the Firewall setting so as not to block packets used for communication In Windows 7 on the window that appears by clicking Start Help an...

Page 177: ...age 171 The download link URL of the firmware is not correct In the Basic configuration page click Advanced settings Execute revision up and specify URL to download correctly Use of the DOWNLOAD button is not permitted In the Basic configuration page click Advanced settings Configure DOWNLOAD button and change the setting to permit upgrading The latest version of the firmware is used Use as it is ...

Page 178: ... low consumption current To restore the function press and hold the USB button for one second or more Data is not copied even after pressing the USB button and DOWNLOAD button File copy through button operation is not allowed Change the setting to permit file copying through button operation No configuration file or firmware file that allows copy through button operation exists in the USB memory s...

Page 179: ...eflected in the actual operation Manually copy the firmware and then restart the product Although the configuration file has been copied manually by entering a command the setting is not reflected O n l y c o py i n g t h e configuration file manually by entering a command the setting is not reflected in the actual operation Manually copy the firmware and then restart the product Unable to use USB...

Page 180: ...S service Depending on the provider name resolution is not possible immediately after registration update Retry after a while The product is connected via a network provider connection If the product is connected via a network provider connection the netvolante DNS service is not available Directly specify the IP address for connection A private IP address is assigned by the provider You cannot us...

Page 181: ...nal contract is the measured rate system you may be charged substantial fees To prevent this check the communication history frequently Be especially careful when you Start using the product Change any provider connection settings of the product Change the dial up network setting of the PC Install new software on your PC Connect to the network with a new PC network equipment or peripheral equipmen...

Page 182: ...ng from the bottom in the syslog Use the IP address of the PC or IP address of the access destination host access time or interval in the IP Commencing row as a clue locate the software or device that issued the access request and identify the cause Access example 1 PP 01 IP Commencing UDP 192 168 100 1 53 xxx xxx xxx xxx 53 DNS Query windowsmedia com from 192 168 100 2 PP 01 Provider No 192 168 1...

Page 183: ...ar intervals If outgoing calls are generated many times a day Windows Update may be used or the automatic e mail transmission reception may be enabled Check the relevant software setting of the PC connected to the LAN of this product If outgoing calls are generated several times a day Check the settings of the maintenance program of the hardware or NTP server Internet automatic time server Homepag...

Page 184: ...y update while Internet connection is established If outgoing calls are generated every time the software is started Check the environment setting default setting of the software you have installed and if auto update or other functions are enabled change the setting Software setting If the automatic updating function of the software is enabled access to the Internet is made every time the software...

Page 185: ...roubleshooting You can restore the product settings to their factory defaults NOTE When restoring the settings to their factory defaults be sure to note the following All communications are disconnected immediately after the restoration is performed Any setting that has default value is changed to the default value Filter definitions and registered addresses are deleted Non volatile memory content...

Page 186: ...pears type in cold start and then press the Enter key 12 When Password is displayed type in doremi and then press the Enter key Tip If an administration password has been set enter the administration password The product settings are initialized Initialize through button operation of the product You can also restore the setting to their factory defaults by turning the power on while pressing the t...

Page 187: ...u will log in with the administrator mode Then set again the login password and administration password that you have forgotten You can also use this emergency password for the old password that is requested when setting a password NOTE You can disable this function by setting the security class command You cannot log in using this procedure if the second parameter is not set to on in the security...

Page 188: ...the Network tab 5 In the This connection uses the following items field click to select Internet Protocol Version 4 TCP IPv4 and then click Properties 6 Select Obtain an IP address automatically and Obtain DNS server address automatically and then click OK 7 In the Local Area Connection Properties window click Close 8 Click the Start button then click All Programs Accessories Command Prompt 9 Type...

Page 189: ... TCP IPv4 and then click Properties 8 Select Obtain an IP address automatically and Obtain DNS server address automatically and then click OK 9 In the Local Area Connection Properties window click Close 10Click the Start button then click All Programs Accessories Right click Command Prompt and select Run as Administrator 11Type in ipconfig release and press the Enter key The IP address assigned to...

Page 190: ...leting the netvolante DNS registration For effective operation of the netvolante DNS service your cooperation would be appreciated to delete the unnecessary netvolante DNS before transferring disposing of the product In the Configure NetVolante DNS host address service screen click Delete To open the Configure NetVolante DNS host address service screen From Basic configuration page click the butto...

Page 191: ...WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE MT19937 License A C program for MT19937 with initialization improved 2002 1 26 Coded by Takuji Nishimura and Makoto Matsumoto Before using initialize the state by using init_genrand seed or init_by_array init_key key_len...

Page 192: ... For written permission please contact openssl core openssl org 5 Products derived from this software may not be called OpenSSL nor may OpenSSL appear in their names without prior written permission of the OpenSSL Project 6 Redistributions of any form whatsoever must retain the following acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit h...

Page 193: ...tive thereof from the apps directory application code you must include an acknowledgement This product includes software written by Tim Hudson tjh cryptsoft com THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR OR ...

Page 194: ...Manual Development Department 2016 Yamaha Corporation Published 03 2016 AB A0 Contact page http www yamaha com products en network support ...

Reviews:

No comments

Related manuals for FWX120

Draytek Vigor 2820Vn Declaration Of Conformity preview
Vigor 2820Vn
Brand: Draytek Pages: 1
ZyXEL Communications USG110 User Manual preview
USG110
Brand: ZyXEL Communications Pages: 1090
Fortinet FortiGate 60M Installation Manual preview
FortiGate 60M
Brand: Fortinet Pages: 64
Fortinet FortiGate 50R Installation And Configuration Manual preview
FortiGate 50R
Brand: Fortinet Pages: 240
8e6 Technologies Enterprise Filter Authentication R3000 User Manual preview
Enterprise Filter Authentication R3000
Brand: 8e6 Technologies Pages: 594
Trend Micro Deep Edge Quick Start Manual preview
Deep Edge
Brand: Trend Micro Pages: 2
SMC Networks ELITECONNECT SMC2504W User Manual preview
ELITECONNECT SMC2504W
Brand: SMC Networks Pages: 242

Brands by name

Popular brands

Load more brands