manualshive.com logo in svg

ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H, User Manual

The ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H is a powerful device that ensures secure and reliable internet connectivity. To set up and make the most of its features, download the free User Manual from our website, manualshive.com, to easily access step-by-step instructions and troubleshooting guidance.

Share
Download
background image

 www.zyxel.com

P-793H

G.SHDSL.bis 4-port Security Gateway

User’s Guide

Version 3.40
1/2007
Edition 2

Summary of Contents for G.SHDSL.bis 4-port Security Gateway P-793H

Page 1: ...www zyxel com P 793H G SHDSL bis 4 port Security Gateway User s Guide Version 3 40 1 2007 Edition 2 ...

Page 2: ......

Page 3: ...nfigurator Online Help Embedded web help for descriptions of individual screens and supplementary information It is recommended you use the web configurator to configure the ZyXEL Device Supporting Disk Refer to the included CD for support documents ZyXEL Web Site Please refer to www zyxel com for additional support documentation and product certifications User Guide Feedback Help us help you Send...

Page 4: ...ield choices are all in bold font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket within a screen name denotes a mouse click For example Maintenance Lo...

Page 5: ...5 Icons Used in Figures Figures in this User s Guide may use the following generic icons The ZyXEL Device icon is not an exact representation of your device ZyXEL Device Computer Notebook computer Server DSLAM Firewall Telephone Switch Router ...

Page 6: ...embling Use ONLY an appropriate power adaptor or cord for your device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution ...

Page 7: ...Safety Warnings P 793H User s Guide 7 This product is recyclable Dispose of it properly ...

Page 8: ...Safety Warnings P 793H User s Guide 8 ...

Page 9: ...eens 103 Security and Advanced Setup 115 Firewalls 117 Firewall Configuration 129 Content Filtering 149 IPSec VPN 153 Static Route 177 Bandwidth Management 181 Dynamic DNS Setup 191 Remote Management Configuration 195 Universal Plug and Play UPnP 205 Maintenance 217 System 219 Logs 225 Tools 229 Diagnostic 235 SMT and Troubleshooting 237 Introducing the SMT 239 General Setup 245 WAN Setup 249 LAN ...

Page 10: ...ilter Configuration 295 SNMP Configuration 309 System Password 311 System Information Diagnosis 313 Firmware and Configuration File Maintenance 323 Menus 24 8 to 24 11 337 IP Routing Policy Setup 343 Schedule Setup 349 Troubleshooting 353 Appendices and Index 359 ...

Page 11: ...1 2 High speed Point to point Connections 40 1 1 3 High speed Point to 2points Connections 40 1 2 Ways to Manage the ZyXEL Device 41 1 3 Good Habits for Managing the ZyXEL Device 41 1 4 LEDs 41 Chapter 2 Introducing the Web Configurator 43 2 1 Web Configurator Overview 43 2 2 Accessing the Web Configurator 43 2 3 Navigating the Web Configurator 45 2 4 Status Screen 48 2 4 1 Status Bandwidth Status...

Page 12: ...4 3 Point to 2points Connection Overview 65 4 4 Point to 2point Connection Procedure 66 4 4 1 Set up the Server 66 4 4 2 Set up the Clients 67 4 4 3 Connect the ZyXEL Devices 67 Part II Network Setup 69 Chapter 5 WAN Setup 71 5 1 WAN Overview 71 5 1 1 Encapsulation 71 5 1 2 Multiplexing 72 5 1 3 VPI and VCI 72 5 1 4 IP Address Assignment 72 5 1 5 Nailed Up Connection PPP 73 5 1 6 NAT 73 5 2 Metric...

Page 13: ...lticast 97 6 3 Configuring LAN IP 97 6 3 1 Configuring Advanced LAN Setup 98 6 4 DHCP Setup 99 6 5 LAN Client List 100 6 6 LAN IP Alias 101 Chapter 7 Network Address Translation NAT Screens 103 7 1 NAT Overview 103 7 1 1 NAT Definitions 103 7 1 2 What NAT Does 104 7 1 3 How NAT Works 104 7 1 4 NAT Application 104 7 1 5 NAT Mapping Types 105 7 2 SUA Single User Account Versus NAT 106 7 3 NAT Genera...

Page 14: ...CP Security 124 8 5 4 UDP ICMP Security 125 8 5 5 Upper Layer Protocols 125 8 6 Guidelines for Enhancing Security with Your Firewall 126 8 6 1 Security In General 126 8 7 Packet Filtering vs Firewall 127 8 7 1 Packet Filtering 127 8 7 2 Firewall 127 Chapter 9 Firewall Configuration 129 9 1 Access Methods 129 9 2 Firewall Policies Overview 129 9 3 Rule Logic Overview 130 9 3 1 Rule Checklist 130 9 ...

Page 15: ...view 153 11 1 1 IKE SA Overview 154 11 1 2 Additional Topics for IKE SA 157 11 1 3 IPSec SA Overview 158 11 1 4 Additional Topics for IPSec SA 160 11 2 VPN Setup Screen 161 11 3 Editing VPN Policies 163 11 4 Configuring Advanced IKE Settings 167 11 5 Configuring Manual Key 169 11 6 Viewing SA Monitor 172 11 7 Configuring Global Setting 173 11 8 Telecommuter VPN IPSec Examples 174 11 8 1 Telecommut...

Page 16: ...13 8 Bandwidth Management Rule Setup 187 13 8 1 Rule Configuration 188 13 9 Bandwidth Monitor 189 Chapter 14 Dynamic DNS Setup 191 14 1 Dynamic DNS Overview 191 14 1 1 DYNDNS Wildcard 191 14 2 Configuring Dynamic DNS 191 Chapter 15 Remote Management Configuration 195 15 1 Remote Management Overview 195 15 1 1 Remote Management Limitations 196 15 1 2 Remote Management and NAT 196 15 1 3 System Time...

Page 17: ...stem 219 17 1 General Setup 219 17 1 1 General Setup and System Name 219 17 1 2 General Setup 219 17 2 Time Setting 221 Chapter 18 Logs 225 18 1 Logs Overview 225 18 1 1 Alerts and Logs 225 18 2 Viewing the Logs 225 18 3 Configuring Log Settings 226 Chapter 19 Tools 229 19 1 Firmware Upgrade 229 19 2 Configuration 231 19 3 Restart 233 Chapter 20 Diagnostic 235 20 1 General Diagnostic 235 20 2 DSL ...

Page 18: ...p 254 Chapter 24 LAN Setup 257 24 1 Accessing the LAN Menus 257 24 2 LAN Port Filter Setup 257 24 3 TCP IP and DHCP Setup Menu 258 24 4 LAN IP Alias 259 24 4 1 Port based VLAN Setup 260 Chapter 25 Internet Access Setup 263 25 1 Internet Access Setup 263 Chapter 26 Remote Node Setup 265 26 1 Introduction to Remote Node Setup 265 26 2 Remote Node Setup 265 26 3 Remote Node Profile 265 26 4 Remote No...

Page 19: ...er 29 Firewall Setup 293 29 1 Using ZyXEL Device SMT Menus 293 29 1 1 Activating the Firewall 293 Chapter 30 Filter Configuration 295 30 1 Introduction to Filters 295 30 1 1 The Filter Structure of the ZyXEL Device 296 30 2 Configuring a Filter Set 297 30 2 1 Configuring a Filter Rule 299 30 2 2 Configuring a TCP IP Filter Rule 300 30 2 3 Configuring a Generic Filter Rule 302 30 3 Example Filter 3...

Page 20: ...figuration Using TFTP 326 34 3 7 TFTP Command Example 327 34 3 8 GUI based TFTP Clients 327 34 3 9 Backup Via Console Port 327 34 4 Restore Configuration 328 34 4 1 Restore Using FTP 329 34 4 2 Restore Using FTP Session Example 330 34 4 3 Restore Via Console Port 330 34 5 Uploading Firmware and Configuration Files 331 34 5 1 Firmware File Upload 331 34 5 2 Configuration File Upload 331 34 5 3 FTP ...

Page 21: ...icy Setup 344 36 6 IP Routing Policy 346 36 7 IP Policy Routing Example 347 Chapter 37 Schedule Setup 349 37 1 Schedule Set Overview 349 37 2 Schedule Setup 349 37 3 Schedule Set Setup 350 Chapter 38 Troubleshooting 353 38 1 Power Hardware Connections and LEDs 353 38 2 ZyXEL Device Access and Login 354 38 3 Internet Access 356 38 4 Advanced Features 357 38 5 Reset the ZyXEL Device to Its Factory D...

Page 22: ...ubnetting 389 Appendix F IP Address Assignment Conflicts 397 Appendix G Common Services 401 Appendix H Command Interpreter 405 Appendix I Log Descriptions 411 Appendix J NetBIOS Filter Commands 427 Appendix K Legal Information 429 Appendix L Customer Support 433 Index 437 ...

Page 23: ...re 17 Internet Setup Wizard Summary Screen 58 Figure 18 Bandwidth Management Wizard General Information 60 Figure 19 Bandwidth Management Wizard Configuration 61 Figure 20 Bandwidth Management Wizard Complete 62 Figure 21 Example Point to point Connection 63 Figure 22 WAN Internet Connection Service Type 64 Figure 23 Example Point to 2points Connection 65 Figure 24 WAN Internet Connection Service ...

Page 24: ...neral 134 Figure 61 Firewall Rules 135 Figure 62 Firewall Rules Add Edit 137 Figure 63 Firewall Rules Add Edit Edit Customized Services 139 Figure 64 Firewall Rules Add Edit Edit Customized Services Edit 140 Figure 65 Firewall Example Rules 141 Figure 66 Edit Custom Port Example 141 Figure 67 Firewall Example Edit Rule Destination Address 142 Figure 68 Firewall Example Edit Rule Select Customized ...

Page 25: ... 101 Remote MGMT Telnet 197 Figure 102 Remote MGMT FTP 198 Figure 103 SNMP Management Model 199 Figure 104 Remote MGMT SNMP 201 Figure 105 Remote MGMT DNS 202 Figure 106 Remote MGMT ICMP 203 Figure 107 Enabling TR 069 204 Figure 108 UPnP General 206 Figure 109 Add Remove Programs Windows Setup Communication 207 Figure 110 Add Remove Programs Windows Setup Communication Components 208 Figure 111 Ne...

Page 26: ...u 2 2 1 Advanced Dial Backup Setup 254 Figure 147 Menu 3 LAN Setup 257 Figure 148 Menu 3 1 LAN Port Filter Setup 257 Figure 149 Menu 3 2 TCP IP and DHCP Ethernet Setup 258 Figure 150 Menu 3 2 1 IP Alias Setup 260 Figure 151 Menu 3 6 Port Based VLAN Setup 261 Figure 152 Menu 4 Internet Access Setup 263 Figure 153 Menu 11 Remote Node Setup 265 Figure 154 Menu 11 1 Remote Node Profile nodes 1 7 266 F...

Page 27: ...irewall Setup 298 Figure 189 Menu 21 1 Filter Set Configuration 298 Figure 190 Menu 21 1 1 Filter Rules Summary 298 Figure 191 Menu 21 1 1 1 TCP IP Filter Rule 300 Figure 192 Executing an IP Filter 302 Figure 193 Menu 21 1 1 1 Generic Filter Rule 303 Figure 194 Telnet Filter Example 304 Figure 195 Example Filter Menu 21 1 3 1 305 Figure 196 Example Filter Rules Summary Menu 21 1 3 305 Figure 197 P...

Page 28: ...e Console Port 335 Figure 229 Example Xmodem Upload 336 Figure 230 Command Mode in Menu 24 337 Figure 231 Valid Commands 338 Figure 232 Menu 24 9 System Maintenance Call Control 338 Figure 233 Menu 24 9 1 Budget Management 339 Figure 234 Menu 24 System Maintenance 340 Figure 235 Menu 24 10 System Maintenance Time and Date Setting 340 Figure 236 Menu 24 11 Remote Management Control 342 Figure 237 M...

Page 29: ...268 Red Hat 9 0 Restart Ethernet Card 381 Figure 269 Red Hat 9 0 Checking TCP IP Properties 382 Figure 270 Pop up Blocker 383 Figure 271 Internet Options Privacy 384 Figure 272 Internet Options Privacy 385 Figure 273 Pop up Blocker Settings 385 Figure 274 Internet Options Security 386 Figure 275 Security Settings Java Scripting 387 Figure 276 Security Settings Java 387 Figure 277 Java Sun 388 Figu...

Page 30: ...List of Figures P 793H User s Guide 30 ...

Page 31: ...ation 61 Table 15 WAN Internet Connection 76 Table 16 2wire 2line Service Mode 79 Table 17 WAN Internet Connection Advanced Setup 80 Table 18 WAN More Connections 81 Table 19 WAN More Connections Edit 82 Table 20 WAN More Connections Advanced Setup 84 Table 21 WAN WAN Backup Setup 87 Table 22 WAN WAN Backup Setup Advanced Setup 89 Table 23 WAN WAN Backup Setup Advanced Setup Edit 91 Table 24 LAN I...

Page 32: ...5 Table 58 Telecommuters Using Unique VPN Rules Example 176 Table 59 Static Route Static Route 178 Table 60 Static Route Static Route Edit 179 Table 61 Application and Subnet based Bandwidth Management Example 182 Table 62 Maximize Bandwidth Usage Example 183 Table 63 Priority based Allotment of Unused and Unbudgeted Bandwidth Example 184 Table 64 Fairness based Allotment of Unused and Unbudgeted ...

Page 33: ...11 1 Remote Node Profile node 8 268 Table 104 Menu 11 3 Remote Node Network Layer Options 270 Table 105 Menu 11 5 Remote Node Filter 272 Table 106 Menu 11 6 Remote Node ATM Layer Options 273 Table 107 Menu 11 8 Advance Setup Options 274 Table 108 Menu 12 1 1 Edit IP Static Route 276 Table 109 Menu 12 3 1 Edit Bridge Static Route 277 Table 110 Applying NAT in Menus 4 11 3 281 Table 111 Menu 15 1 1 ...

Page 34: ...et Masks 391 Table 140 Maximum Host Numbers 391 Table 141 Alternative Subnet Mask Notation 391 Table 142 Subnet 1 393 Table 143 Subnet 2 394 Table 144 Subnet 3 394 Table 145 Subnet 4 394 Table 146 Eight Subnets 394 Table 147 24 bit Network Number Subnet Planning 395 Table 148 16 bit Network Number Subnet Planning 395 Table 149 Commonly Used Services 401 Table 150 System Maintenance Logs 411 Table ...

Page 35: ...List of Tables P 793H User s Guide 35 Table 168 Syslog Logs 423 Table 169 RFC 2408 ISAKMP Payload Types 423 Table 170 NetBIOS Filter Default Settings 428 ...

Page 36: ...List of Tables P 793H User s Guide 36 ...

Page 37: ...37 PART I Introduction Wizards and Tutorials Getting To Know Your ZyXEL Device 39 Introducing the Web Configurator 43 Wizards 53 Point to 2 point Configuration 63 ...

Page 38: ...38 ...

Page 39: ...net Access The ZyXEL Device is the ideal high speed Internet access solution In addition unlike ADSL or VDSL G SHDSL bis supports the same high speed for transmission and receiving Figure 1 High speed Internet Access with Your ZyXEL Device For Internet access connect the DSL port to the phone port Then connect your computers or servers to the LAN ports for shared Internet access See the Quick Star...

Page 40: ...provide a simple fast point to point connection between two geographically dispersed networks 1 1 3 High speed Point to 2points Connections Use three ZyXEL Devices to connect two remote networks to a central location For example connect the headquarters to two branch offices In this scenario the central ZyXEL Device acts in a similar way as an Internet service provider Figure 3 Point to 2points Co...

Page 41: ...R 069 This is a standard that defines how your ZyXEL Device can be managed by a management server See Chapter 15 on page 195 1 3 Good Habits for Managing the ZyXEL Device Do the following things regularly to make the ZyXEL Device more secure and to manage the ZyXEL Device more effectively Change the password Use a password that s not easy to guess and that consists of different types of characters...

Page 42: ...SL line is up Blinking The ZyXEL Device is initializing the DSL line Off The DSL line is down Note For Internet access setup or point to point connections the DSL1 and DSL2 LEDs indicate the status of a single connection act as one LED For point to 2point connections the DSL1 and DSL2 LEDs indicate the status of connection 1 and connection 2 respectively INTERNET Green On The Internet connection i...

Page 43: ...s XP SP Service Pack 2 JavaScripts enabled by default Java permissions enabled by default See the chapter on troubleshooting if you need to make sure these functions are allowed in Internet Explorer 2 2 Accessing the Web Configurator 1 Make sure your ZyXEL Device hardware is properly connected refer to the Quick Start Guide 2 Prepare your computer computer network to connect to the ZyXEL Device re...

Page 44: ...sword at Login It is highly recommended you change the default admin password Enter a new password between 1 and 30 characters retype it to confirm and click Apply alternatively click Ignore to proceed to the main menu if you do not want to change the password now If you do not change the password at least once this screen appears every time you log in with the admin password You can also change t...

Page 45: ...kip this screen from now on and always go to the Status screen See Section 2 4 on page 48 Figure 7 Select a Mode The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires default five minutes Simply log back into the ZyXEL Device if this happens to you 2 3 Navigating the Web Configurator After you enter the admin password use the su...

Page 46: ...AN IP DNS Server MAC address assignment BANDWIDTH MANAGEMENT SETUP Use these screens to limit bandwidth usage by application or packet size Logout Click this icon to exit the web configurator Status Use this screen to look at the ZyXEL Device s general device system and interface status information You can also access the summary statistics tables Network WAN Internet Connection Use this screen to...

Page 47: ... Use this screen to change your anti probing settings Threshold Use this screen to configure the threshold for DoS attacks Content Filter Keyword Use this screen to block sites containing certain keywords in the URL Schedule Use this screen to set the days and times for the ZyXEL Device to perform content filtering Trusted Use this screen to exclude a range of users on the LAN from content filteri...

Page 48: ...ess es users can send DNS queries to the ZyXEL Device ICMP Use this screen to change your anti probing settings UPnP General Use this screen to enable UPnP on the ZyXEL Device Maintenance System General This screen contains administrative and system related information and also allows you to change your password Time Setting Use this screen to change your ZyXEL Device s time and date Logs View Log...

Page 49: ...e model name of the ZyXEL Device MAC Address This is the MAC Media Access Control or Ethernet address unique to your ZyXEL Device ZyNOS Firmware Version This is the ZyNOS Firmware version and the date created ZyNOS is ZyXEL s proprietary Network Operating System design DSL Firmware Version This is the DSL firmware version code associated with the ZyXEL Device This is sometimes needed by technician...

Page 50: ...ber shows the ZyXEL Device s total heap memory in kilobytes The bar displays what percent of the ZyXEL Device s heap memory is in use The bar turns from green to red when the maximum is being approached Interface Status Interface This displays the ZyXEL Device interfaces Status This field displays Down line is down Up line is up or connected if you re using Ethernet encapsulation and Down line is ...

Page 51: ...ion WAN Port Statistics Link Status This is the status of your WAN link WAN IP Address This is the IP address assigned to your ZyXEL Device on the WAN Transfer Rate This is the rate at which information is flowing to from the ZyXEL Device Node Link This field displays the remote node index number and link type Link types are PPPoA ENET RFC 1483 and PPPoE Status This field displays Down line is dow...

Page 52: ...ceived in the last second Up Time This field displays the elapsed time this port has been up LAN Port Statistics Interface This field displays the type of port Status This field displays Down line is down Up line is up or connected if you re using Ethernet encapsulation and Down line is down Up line is up or connected Idle line ppp idle Dial starting to trigger a call and Drop dropping a call if y...

Page 53: ...ght corner of the web configurator The wizard main screen appears Figure 11 Wizard Main Screen The following table describes the fields in this screen Table 5 Wizard Main Screen LABEL DESCRIPTION INTERNET SETUP Click this if you want to configure Internet access settings See Section 3 1 on page 54 BANDWIDTH MANAGEMEN T SETUP Click this if you want to configure basic bandwidth management See Sectio...

Page 54: ... vary depending on what you select in the Mode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field select PPPoA RFC 1483 ENET ENCAP or PPPoE Multiplexing Select the multiplexing method used by your ISP from the Multiplex drop down list box either VC based or LLC based Virtual Circuit ID VPI Virtual Path Identifier and VCI Virtual Cha...

Page 55: ...ically Select this if you have a dynamic IP address Static IP Address Select this if you have a static fixed IP address and enter the information below These fields appear if you select Static IP Address IP Address Enter the static IP address provided by your ISP Subnet Mask Enter the subnet mask provided by your ISP Gateway IP Address Enter the IP address of the gateway provided by your ISP If yo...

Page 56: ... name exactly as your ISP assigned If assigned a name in the form user domain where domain identifies a service name then enter both components exactly as given Password Enter the password associated with the user name above Service Name Type the name of your PPPoE service here Leave this field blank if your ISP did not provide you a PPPoE service Back Click Back to go back to the previous screen ...

Page 57: ... connection uses PPPoA encapsulation Figure 16 Internet Setup Wizard ISP Parameters PPPoA Table 9 Internet Setup Wizard ISP Parameters RFC1483 LABEL DESCRIPTION IP Address Enter the static IP address provided by your ISP Back Click Back to go back to the previous screen Apply Click Apply to finish manual configuration Exit Click Exit to close the wizard screen without saving your changes ...

Page 58: ...ly as your ISP assigned If assigned a name in the form user domain where domain identifies a service name then enter both components exactly as given Password Enter the password associated with the user name above Back Click Back to go back to the previous screen Apply Click Apply to finish manual configuration Exit Click Exit to close the wizard screen without saving your changes Table 11 Interne...

Page 59: ...s a whiteboard and file transfers and application sharing NetMeeting uses H 323 H 323 is a standard teleconferencing protocol suite that provides audio data and videoconferencing It allows for real time point to point and multipoint communication between client computers over a packet based network that does not provide a guaranteed quality of service H 323 is transported primarily over TCP using ...

Page 60: ...Text Transfer Protocol HTTP a client server protocol for the World Wide Web The Web is not synonymous with the Internet rather it is just one service on the Internet Other services on the Internet include Internet Relay Chat and Newsgroups The Web is accessed through use of a browser Table 12 Bandwidth Management Setup Services continued SERVICE DESCRIPTION Table 13 Bandwidth Management Wizard Gen...

Page 61: ...th High priority is given as much bandwidth as it needs If you select services as having the same priority then bandwidth is divided equally amongst those services Services not specified in bandwidth management are allocated bandwidth after all specified services receive their bandwidth requirements If the rules set up in this wizard are changed in Advanced Bandwidth MGMT Rule Setup then the servi...

Page 62: ...ter 3 Wizards P 793H User s Guide 62 3 2 3 Screen 3 Follow the on screen instructions and click Finish to complete the wizard setup and save your configuration Figure 20 Bandwidth Management Wizard Complete ...

Page 63: ...onnection for high bandwidth applications such as videoconferencing and distance learning An example is shown below Figure 21 Example Point to point Connection In a point to point connection the DSL ports on the ZyXEL Devices are directly connected to each other not to an ISP or the Internet A point to point connection can use RFC 1483 in bridge mode or ENET ENCAP in router mode In a point to poin...

Page 64: ...evices 4 2 1 Set up the Server 1 Log in to the ZyXEL Device that will be the server See Chapter 2 on page 43 2 Click Network WAN Internet Connection 3 Configure the VPI VCI Multiplexing and Encapsulation fields for the point to point connection In the Encapsulation field select either RFC 1483 or ENET ENCAP 4 Scroll down to the Service Type section The following screen appears Figure 22 WAN Intern...

Page 65: ... a minute to establish the connection If the ZyXEL Devices do not establish the connection verify that the settings except the Service Type match 4 3 Point to 2points Connection Overview You can set up a point to 2points connection between a server ZyXEL Device and two client ZyXEL Devices This configuration offers a secure and cost effective way to create a private IP network An example is shown ...

Page 66: ...rnet Connection 3 Configure the VPI VCI Multiplexing and Encapsulation fields for the point to 2point connection In the Encapsulation field select either RFC 1483 or ENET ENCAP Select which line is the default remote node 1 or 2 4 Scroll down to the Service Type section The following screen appears Figure 24 WAN Internet Connection Service Type 5 In the Service Mode field select 2wire 2line mode 6...

Page 67: ...tiated with the server 7 Click Apply 8 Repeat steps 1 to 7 for the second client device 4 4 3 Connect the ZyXEL Devices Connect the DSL ports on the ZyXEL Devices together and wait while the ZyXEL Devices automatically establish the connection Make sure that the Y cable is connected to the proper DSL outlets The Y cable connector marked DSL1 must be connected to the outgoing DSL 1 telephone jack a...

Page 68: ...Chapter 4 Point to 2 point Configuration P 793H User s Guide 68 ...

Page 69: ...69 PART II Network Setup WAN Setup 71 LAN Setup 93 Network Address Translation NAT Screens 103 ...

Page 70: ...70 ...

Page 71: ... to Point Protocol over Ethernet provides access control and billing functionality in a manner similar to dial up services using PPP PPPoE is an IETF standard RFC 2516 specifying how a personal computer PC interacts with a broadband modem DSL cable wireless etc connection For the service provider PPPoE offers an access and authentication method that works with existing access control systems for e...

Page 72: ...is case by prior mutual agreement each protocol is assigned to a specific virtual circuit for example VC1 carries IP etc VC based multiplexing may be dominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical 5 1 2 2 LLC based Multiplexing In this case one VC carries multiple protocols with protocol identifying information being contained in each packet head...

Page 73: ... timeout is disabled The second is that the ZyXEL Device will try to bring up the connection when turned on and whenever the connection is down A nailed up connection can be very expensive for obvious reasons Do not specify a nailed up connection unless your telephone company offers flat rate service or you need a constant connection and the cost is of no concern 5 1 6 NAT NAT Network Address Tran...

Page 74: ...M network This agreement helps eliminate congestion which is important for transmission of real time data such as audio and video connections Peak Cell Rate PCR is the maximum rate at which the sender can send cells This parameter may be lower but not higher than the maximum line speed 1 ATM cell is 53 bytes 424 bits so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells sec This rate is ...

Page 75: ...connections that need CBR would be high resolution video and voice 5 3 1 2 Variable Bit Rate VBR The Variable Bit Rate VBR ATM traffic class is used with bursty connections Connections that use the Variable Bit Rate VBR traffic class is used with bursty connections 5 3 1 3 Unspecified Bit Rate UBR The Unspecified Bit Rate UBR ATM traffic class is for bursty data transfers However UBR doesn t guara...

Page 76: ...therwise select Bridge Encapsulation Select the method of encapsulation used by your ISP from the drop down list box Choices vary depending on the mode you select in the Mode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field select PPPoA RFC 1483 ENET ENCAP or PPPoE If you set up a point to point or a point to 2points connection se...

Page 77: ...ess Enter the gateway IP address provided by your ISP You must enter a valid IP address for Internet access If you enter 0 0 0 0 the Internet connection does not work Connection This section only appears if the Encapsulation is PPPoE and PPPoA Nailed Up Connection Select Nailed Up Connection when you want your connection up all the time The ZyXEL Device will try to bring up the connection automati...

Page 78: ...ield then the transfer rate you set here is doubled For example select 5696 Kbps to configure a maximum transfer rate of 11392 Kbps Transfer Min Rate Kbps This field is enabled if Service Type is Server Set the minimum rate at which the ZyXEL Device sends and receives information The actual transfer rate will be between this value and the maximum transfer rate you configure Note When you select 4 ...

Page 79: ...e Adaption Indicate whether or not the ZyXEL Device can adjust the speed of its connection to that of the other device Transfer Max Rate Kbps This field is enabled if Service Type is Server Set the maximum rate at which the ZyXEL Device sends and receives information The actual transfer rate will be between this value and the minimum transfer rate you configure Transfer Min Rate Kbps This field is...

Page 80: ... IGMP version 1 IGMP v1 and IGMP v2 Select None to disable it ATM QoS ATM QoS Type Select CBR Constant Bit Rate to specify fixed always on bandwidth for voice or data traffic Select UBR Unspecified Bit Rate for applications that are non time sensitive such as e mail Select VBR Variable Bit Rate for bursty traffic and bandwidth sharing with other applications Peak Cell Rate Divide the DSL line rate...

Page 81: ...on in the More Connections screen Table 18 WAN More Connections LABEL DESCRIPTION This is the index number of a connection Active This display whether this connection is activated Clear the check box to disable the connection Select the check box to enable it Name This is the descriptive name for this connection VPI VCI This is the VPI and VCI values used for this connection Encapsulation This is ...

Page 82: ...yXEL Device will forward any packet that it does not route to this remote node otherwise the packets are discarded Encapsulation Select the method of encapsulation used by your ISP from the drop down list box Choices are PPPoA RFC 1483 ENET ENCAP or PPPoE If you set up a point to point connection select either ENET ENCAP or RFC 1483 User Name PPPoA and PPPoE encapsulation only Enter the user name ...

Page 83: ...NET ENCAP only Select this if you do not have a dynamic IP address IP Address Enter the static IP address provided by your ISP Subnet Mask Enter the subnet mask provided by your ISP Gateway IP Address Enter the gateway IP address provided by your ISP Connection This section only appears if the Encapsulation is PPPoE and PPPoA Nailed Up Connection Select Nailed Up Connection when you want your conn...

Page 84: ...he RIP Version field controls the format and the broadcasting method of the RIP packets that the ZyXEL Device sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M sends the routing data in RIP 2 format the difference being that...

Page 85: ...e rate bps by 424 the size of an ATM cell to find the Peak Cell Rate PCR This is the maximum rate at which the sender can send cells Type the PCR here Sustain Cell Rate The Sustain Cell Rate SCR sets the average cell rate long term that can be transmitted Type the SCR which must be less than the PCR Note that system default is 0 cells sec Maximum Burst Size Maximum Burst Size MBS refers to the max...

Page 86: ... in the event that the regular WAN connection is dropped first make sure you have set up the switch and port connection See the Quick Start Guide for more information 5 8 Configuring WAN Backup Setup Use this screen to forward traffic to a backup gateway or to use the dial backup port when the ZyXEL Device cannot connect to the Internet To open this screen click WAN WAN Backup Setup The screen app...

Page 87: ...te either traffic redirect or dial backup you must configure at least one IP address here When using a WAN backup connection the ZyXEL Device periodically pings the addresses configured here and uses the other WAN backup connection if configured if there is no response Fail Tolerance Type the number of times 2 recommended that your ZyXEL Device pings the IP addresses configured in the Check WAN IP...

Page 88: ... IP address if the ZyXEL Device s Internet connection terminates Dial Backup Active Dial Backup Select this to have the ZyXEL Device use a dial backup connection if the normal WAN connection goes down Note If you activate dial backup you must configure at least one Check WAN IP Address Metric This field sets this route s priority among the routes the ZyXEL Device uses The metric represents the cos...

Page 89: ...is remote node CHAP Your ZyXEL Device accepts CHAP only PAP Your ZyXEL Device accepts PAP only Secondary Phone Number Type the backup phone number from the ISP If the Primary Phone number is busy or does not answer your ZyWALL dials the Secondary Phone number if available Some areas require dialing the pound sign before the phone number for local calls Include a symbol at the beginning of the phon...

Page 90: ...outer uses multicasting then all routers on your network must use multicasting also RIP Direction The RIP Direction field controls the sending and receiving of RIP packets Select the RIP direction from Both In Only Out Only When set to Both or Out Only the ZyXEL Device will broadcast its routing table periodically When set to Both or In Only it will incorporate the RIP information that it receives...

Page 91: ...s field to 1 Back Click Back to return to the previous screen Apply Click Apply to save the changes Cancel Click Cancel to begin configuring this screen afresh Table 22 WAN WAN Backup Setup Advanced Setup continued LABEL DESCRIPTION Table 23 WAN WAN Backup Setup Advanced Setup Edit LABEL DESCRIPTION AT Command Strings Dial Enter the AT Command string to make a call Drop Enter the AT Command string...

Page 92: ...Retry Count Enter a number of times for the ZyXEL Device to retry a busy or no answer phone number before blacklisting the number Retry Interval Enter a number of seconds for the ZyXEL Device to wait before trying another call after a call has failed This applies before a phone number is blacklisted Drop Timeout Enter a number of seconds for the ZyXEL Device to wait before dropping the DTR signal ...

Page 93: ... usually the same building or floor of a building The LAN screens can help you configure a LAN DHCP server and manage IP addresses See Section 6 3 on page 97 to configure the LAN screens 6 1 1 LANs WANs and the ZyXEL Device The actual physical connection determines whether the ZyXEL Device ports are LAN or WAN ports There are two separate IP networks one inside the LAN network and the other outsid...

Page 94: ...sses enter them in the DNS Server fields in DHCP Setup otherwise leave them blank Some ISP s choose to pass the DNS servers using the DNS server extensions of PPP IPCP IP Control Protocol after the connection is up If your ISP did not give you explicit DNS servers chances are the DNS servers are conveyed through IPCP negotiation The ZyXEL Device supports the IPCP DNS server extensions through the ...

Page 95: ...s you a block of registered IP addresses follow their instructions in selecting the IP addresses and the subnet mask If the ISP did not explicitly give you an IP network number then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established If this is the case it is recommended that you select a network number from 192 168 0 0 to ...

Page 96: ...re information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space 6 2 2 RIP Setup RIP Routing Information Protocol allows a router to exchange routing information with other routers The RIP Direction field controls the sending and receiving of RIP packets When set to Both the ZyXEL Device will broadcast...

Page 97: ...24 0 0 1 group in order to participate in IGMP The address 224 0 0 2 is assigned to the multicast routers group The ZyXEL Device supports both IGMP version 1 IGMP v1 and IGMP version 2 IGMP v2 At start up the ZyXEL Device queries all directly connected networks to gather group membership After that the ZyXEL Device periodically updates this information IP multicasting can be enabled disabled on th...

Page 98: ...work topology Both RIP 2B and RIP 2M sends the routing data in RIP 2 format the difference being that RIP 2B uses subnet broadcasting while RIP 2M uses multicasting Multicasting can reduce the load on non router machines since they generally do not listen to the RIP multicast address and so will not receive the RIP packets However if one router uses multicasting then all routers on your network mu...

Page 99: ...network Relay the ZyXEL Device routes DHCP requests to the DHCP server There may be a DHCP server on another network Server the ZyXEL Device assigns IP addresses and provides subnet mask gateway and DNS server information to the network The ZyXEL Device is the DHCP server for the network IP Pool Starting Address This field is enabled if the ZyXEL Device is a Server Enter the first of the contiguou...

Page 100: ...he fields are left as 0 0 0 0 the ZyXEL Device acts as a DNS proxy and forwards the DHCP client s DNS query to the real DNS server learned through IPCP and relays the response back to the computer Apply Click Apply to save your changes back to the ZyXEL Device Cancel Click Cancel to begin configuring this screen afresh Table 26 LAN DHCP Setup continued LABEL DESCRIPTION Table 27 LAN Client List LA...

Page 101: ...IP Alias The screen appears as shown MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your computer six pairs of hexadecimal notation A network interface card such as an Ethernet adapter has a hardwired address that is assigned at the factory This address follows an industry standard that ensures no other adapter has a similar address Reserve Se...

Page 102: ...ill broadcast its routing table periodically When set to Both or In Only it will incorporate the RIP information that it receives when set to None it will not send any RIP packets and will ignore any RIP packets received RIP Version This field is enabled if RIP Direction is not None The RIP Version field controls the format and the broadcasting method of the RIP packets that the ZyXEL Device sends...

Page 103: ...host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that inside outside refers to the location of a host while global local refers to the IP address of a host used in a packet Thus an inside local address ILA is the IP address of an inside host in a packet when the packet is still in the l...

Page 104: ...enting intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 7 1 3 How NAT Works Each packet has two addresses a source address and a destination address For outgoing packets the ILA Inside Local Address is the source address on the LAN and the IGA Inside Global Address is the source address on the WAN For incomin...

Page 105: ...nce PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported the SUA Only option in today s routers Many to Many Overload In Many to Many Overload mode the ZyXEL Device maps the multiple local IP addresses to shared global IP addresses Many to Many No Overload In Many to Many No Overload mode the ZyXEL Device maps each local IP address to a unique glob...

Page 106: ...UA Only if you have just one public WAN IP address for your ZyXEL Device Choose Full Feature if you have multiple public WAN IP addresses for your ZyXEL Device 7 3 NAT General Setup You must create a firewall rule in addition to setting up SUA NAT to allow traffic from the WAN to be forwarded through the ZyXEL Device Click Network NAT to open the following screen Figure 46 NAT General Table 30 NAT...

Page 107: ...ess A default server receives packets from ports that are not specified in this screen Table 31 NAT General LABEL DESCRIPTION Active Network Address Translation NAT Select this check box to enable NAT SUA Only Select this radio button if you have just one public WAN IP address for your ZyXEL Device Full Feature Select this radio button if you have multiple public WAN IP addresses for your ZyXEL De...

Page 108: ...to RFC 1700 for further information about port numbers 7 4 3 Configuring Servers Behind Port Forwarding Example Let s say you want to assign ports 21 25 to one FTP Telnet and SMTP server A in the example port 80 to another B in the example and assign a default server IP address of 192 168 1 35 to a third C in the example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NA...

Page 109: ...receives packets from ports that are not specified in this screen If you do not assign a Default Server IP address the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup Port Forwarding Service Name Select a service from the drop down list box or select User define to go to the Rule Setup screen and define your own service and its for...

Page 110: ...CRIPTION Table 33 NAT Port Forwarding Edit LABEL DESCRIPTION Active Click this check box to enable the rule Service Name Enter a name to identify this port forwarding rule Start Port Enter a port number in this field To forward only one port enter the port number again in the End Port field To forward a series of ports enter the start port number here and the end port number in the End Port field ...

Page 111: ...ew rules 4 5 and 6 Use this screen to change your ZyXEL Device s address mapping settings Click Network NAT Address Mapping to open the following screen Figure 50 NAT Address Mapping The following table describes the fields in this screen Table 34 NAT Address Mapping LABEL DESCRIPTION This is the rule index number Local Start IP This is the starting Inside Local IP Address ILA Local IP addresses a...

Page 112: ...de world Modify Click the edit icon to go to the screen where you can edit the address mapping rule Click the delete icon to delete an existing address mapping rule Note that subsequent rules move up by one when you take this action Table 34 NAT Address Mapping continued LABEL DESCRIPTION Table 35 NAT Address Mapping Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the followin...

Page 113: ...d IP This is the ending global IP address IGA This field is N A for One to One Many to One and Server mapping types Server Mapping Set Only available when Type is set to Server Select a number from the drop down menu to choose a server mapping set Edit Details Click this link to go to the Port Forwarding screen Section 7 5 on page 108 to edit the server mapping set that you have selected in the Se...

Page 114: ...Chapter 7 Network Address Translation NAT Screens P 793H User s Guide 114 ...

Page 115: ...d Advanced Setup Firewalls 117 Firewall Configuration 129 Content Filtering 149 IPSec VPN 153 Static Route 177 Bandwidth Management 181 Dynamic DNS Setup 191 Remote Management Configuration 195 Universal Plug and Play UPnP 205 ...

Page 116: ...116 ...

Page 117: ...e only mechanism or method employed For a firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In addition specific policies must be implemented within the firewall itself Refer to Section 9 6 on page 133 to configure default firewall settings Refer to Section 9 7 on page 135 to view firewall rules...

Page 118: ...sure the integrity of the connection and to adapt to dynamic protocols These firewalls generally provide the best speed and transparency however they may lack the granular application level access control or caching that some proxies support See Section 8 5 on page 122 for more information on stateful inspection Firewalls of one type or another have become an integral part of standard security sol...

Page 119: ...such as HTTP Web FTP File Transfer Protocol POP3 E mail etc For example Web traffic by default uses TCP port 80 When computers communicate on the Internet they are using the client server model where the server listens on a specific TCP UDP port for information requests from remote client computers on the network For example a Web server typically listens on port 80 Please note that while a comput...

Page 120: ...s will crash hang or reboot 6 Weaknesses in the TCP IP specification leave it open to SYN Flood and LAND attacks These attacks are executed during the handshake that initiates a communication session between two applications Figure 53 Three Way Handshake Under normal circumstances the application that initiates a session sends a SYN synchronize packet to the receiving server The receiver sends bac...

Page 121: ...floods a router with Internet Control Message Protocol ICMP echo request packets pings Since the destination IP address of each packet is the broadcast address of the network the router will broadcast the ICMP echo request packet to all hosts on the network If there are numerous hosts this will create a large amount of ICMP echo request and response traffic If a hacker chooses to spoof the source ...

Page 122: ...g a router or firewall into thinking that the communications are coming from within the trusted network To engage in IP spoofing a hacker must modify the packet headers so that it appears that the packets originate from a trusted host and should be allowed through the router or firewall The ZyXEL Device blocks all IP Spoofing attempts 8 5 Stateful Inspection With stateful inspection fields of the ...

Page 123: ...acket leaves the LAN network through the firewall s WAN interface The TCP packet is the first in a session and the packet s application layer protocol is configured for a firewall rule inspection 1 The packet travels from the firewall s LAN to the WAN 2 The packet is evaluated against the interface s existing outbound access list and the packet is permitted a denied packet would simply be dropped ...

Page 124: ...certain types of traffic from the Internet to specific hosts on the LAN Allow access to a Web server to everyone but competitors Restrict use of certain protocols such as Telnet to authorized users on the LAN These custom rules work by evaluating the network traffic s Source IP address Destination IP address IP protocol type and comparing these to rules set by the administrator The ability to defi...

Page 125: ... Specifically only outgoing echoes will allow incoming echo replies outgoing address mask requests will allow incoming address mask replies and outgoing timestamp requests will allow incoming timestamp replies No other ICMP packets are allowed in through the firewall simply because they are too dangerous and contain too little tracking information For instance ICMP redirect packets are never allow...

Page 126: ...hey provide more opportunities for hackers to crack your system Turn your computer off when not in use Never give out a password or any sensitive information to an unsolicited telephone call or e mail Never e mail sensitive information such as passwords credit card information etc without encrypting the information first Never submit sensitive information via a web page unless the web site uses se...

Page 127: ...an not distinguish traffic originating from an inside host or an outside host by IP address To block allow IP trace route 8 7 2 Firewall The firewall inspects packet contents as well as their source and destination addresses Firewalls of this type employ an inspection module applicable to all protocols that understands data in the packet is intended for other layers from the network layer IP heade...

Page 128: ...h traffic originating from an inside host or an outside host by IP address The firewall performs better than filtering if you need to check many rules Use the firewall if you need routine e mail reports about your system or need to be alerted when attacks occur The firewall can block specific URL traffic that might occur in the future The URL can be saved in an Access Control List ACL database ...

Page 129: ...l of packets to which they apply By default the ZyXEL Device s stateful packet inspection allows packets traveling in the following directions LAN to LAN Router This allows computers on the LAN to manage the ZyXEL Device and communicate between networks or subnets connected to the LAN interface LAN to WAN By default the ZyXEL Device s stateful packet inspection drops packets traveling in the follo...

Page 130: ...ecedence and override the ZyXEL Device s default rules 9 3 Rule Logic Overview Study these points carefully before configuring rules 9 3 1 Rule Checklist State the intent of the rule For example This restricts all IRC access from the LAN to the Internet Or This allows a remote Lotus Notes server to synchronize over the Internet to an inside Notes server 1 Is the intent of the rule to forward or bl...

Page 131: ...s an ICMP destination unreachable message to the sender 9 3 3 2 Service Select the service from the Service scrolling list box If the service is not listed it is necessary to first define it See Appendix G on page 401 for more information on predefined services 9 3 3 3 Source Address What is the connection s source address is it on the LAN or WAN Is it a single IP a range of IPs or a subnet 9 3 3 ...

Page 132: ...reen Refer to the chapter on logs for details 9 5 Triangle Route When the firewall is on your ZyXEL Device acts as a secure gateway between your LAN and the Internet In an ideal network topology all incoming and outgoing network traffic passes through the ZyXEL Device to protect your LAN against attacks Figure 57 Ideal Firewall Setup 9 5 1 The Triangle Route Problem You may have more than one conn...

Page 133: ...L Device being the gateway for each logical network By putting your LAN and Gateway A in different subnets all returning network traffic must pass through the ZyXEL Device to your LAN The following steps describe such a scenario 1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN 2 The ZyXEL Device reroutes the packet to Gateway A which is in Sub...

Page 134: ...ction of travel of packets to which they apply For example LAN to LAN Router means packets traveling from a computer subnet on the LAN to either another computer subnet on the LAN interface of the ZyXEL Device or the ZyXEL Device itself Default Action Use the drop down list boxes to select the default action that the firewall is take on packets that are traveling in the selected direction and do n...

Page 135: ...how much of the ZyXEL Device s memory for recording firewall rules it is currently using When you are using 80 or less of the storage space the bar is green When the amount of space used is over 80 the bar is red Packet Direction Use the drop down list box to select a direction of travel of packets for which you want to configure firewall rules Create a new rule after rule number Select an index n...

Page 136: ...l rule applies See Appendix G on page 401 for more information Action This field displays whether the firewall silently discards packets Drop discards packets and sends a TCP reset packet or an ICMP destination unreachable message to the sender Reject or allows the passage of packets Permit Schedule This field tells you whether a schedule is specified Yes or not No Log This field shows you whether...

Page 137: ... Action for Matched Packet Use the drop down list box to select what the firewall is to do with packets that match this rule Select Drop to silently discard the packets without sending a TCP reset packet or an ICMP destination unreachable message to the sender Select Reject to deny the packets and send a TCP reset packet for a TCP packet or an ICMP destination unreachable message for a UDP packet ...

Page 138: ...o remove it Services Available Selected Services Please see Appendix G on page 401 for more information on services available Highlight a service from the Available Services box on the left then click Add to add it to the Selected Services box on the right To remove a service highlight it in the Selected Services box on the right then click Remove Edit Customized Services Click the Edit Customized...

Page 139: ...his screen 9 7 3 Configuring A Customized Service Use this screen to create a new custom port or edit an existing one Click a rule number in the Firewall Customized Services screen This action displays the following screen Refer to Section 8 1 on page 117 for more information Table 42 Firewall Rules Add Edit Edit Customized Services LABEL DESCRIPTION No This is the number of your customized port C...

Page 140: ...ces Edit LABEL DESCRIPTION Config Service Name Type a unique name for your custom port Service Type Choose the IP port TCP UDP or TCP UDP that defines your customized port from the drop down list box Port Configuration Type Click Single to specify one port only or Port Range to specify a span of ports that define your customized service Port Number Type a single port number or the range of port nu...

Page 141: ...ecomes rule 8 4 Click Add to display the firewall rule configuration screen 5 In the Edit Rule screen click the Edit Customized Services link to open the Customized Service screen 6 Click an index number to display the Customized Services Config screen and configure the screen as follows and click Apply Figure 66 Edit Custom Port Example 7 Select Any in the Destination Address box and then click D...

Page 142: ...ple Edit Rule Destination Address 9 Use the Add and Remove buttons between Available Services and Selected Services list boxes to configure it as follows Click Apply when you are done Custom services show up with an before their names in the Services list box and the Rules list box ...

Page 143: ...ll Example Edit Rule Select Customized Services On completing the configuration procedure for this Internet firewall rule the Rules screen should look like the following Rule 1 allows a MyService connection from the WAN to IP addresses 10 0 0 10 through 10 0 0 15 on the LAN ...

Page 144: ...e ICMP response packet from being sent This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed Internet Control Message Protocol ICMP is a message control and error reporting protocol between a host server and a gateway to the Internet ICMP uses Internet Protocol IP datagrams but the messages are processed by the TCP IP software and directly apparent to the applic...

Page 145: ...s Table 44 Firewall Anti Probing LABEL DESCRIPTION Respond to PING on The ZyXEL Device does not respond to any incoming Ping requests when Disable is selected Select LAN to reply to incoming LAN Ping requests Select WAN to reply to incoming WAN Ping requests Otherwise select LAN WAN to reply to both incoming LAN and WAN Ping requests Do Not Respond to Requests for Unauthorized Services Select this...

Page 146: ...e ZyXEL Device continues to delete half open sessions as necessary until the rate of new connection attempts drops below another threshold one minute low The rate is the number of new attempts detected in the last one minute sample period 9 10 2 1 TCP Maximum Incomplete and Blocking Time An unusually high number of half open sessions with the same destination host address could indicate that a Den...

Page 147: ...pe the number of existing half open sessions that causes the firewall to stop deleting half open sessions The ZyXEL Device continues to delete half open requests as necessary until the number of existing half open sessions drops below this number See Maximum Incomplete High for an example Maximum Incomplete High Type the number of existing half open sessions that causes the firewall to start delet...

Page 148: ...hen a new connection request comes Deny New Connection Request for Select this and specify for how long the ZyXEL Device should block new connection requests when TCP Maximum Incomplete is reached Enter the length of blocking time in minutes between 1 and 256 Apply Click Apply to save your changes back to the ZyXEL Device Cancel Click Cancel to begin configuring this screen afresh Table 45 Firewal...

Page 149: ... performs content filtering You can also specify trusted IP addresses on the LAN for which the ZyXEL Device will not perform content filtering 10 2 Configuring Keyword Blocking Use this screen to block sites containing certain keywords in the URL For example if you enable the keyword bad the ZyXEL Device blocks all sites containing this keyword including the URL http www website com bad html even ...

Page 150: ...e list of all the keywords that you have configured the ZyXEL Device to block Delete Highlight a keyword in the box and click Delete to remove it Clear All Click Clear All to remove all of the keywords from the list Keyword Type a keyword in this field You may use any character up to 127 characters Wildcards are not allowed Add Keyword Click Add Keyword after you have typed a keyword Repeat this p...

Page 151: ...k box to have the content filtering to be active on the selected day Start Time Enter the start time when you want the content filtering to take effect in hour minute format End Time Enter the end time when you want the content filtering to stop in hour minute format Apply Click Apply to save your changes Cancel Click Cancel to return to the previously saved settings Table 48 Content Filter Truste...

Page 152: ...Chapter 10 Content Filtering P 793H User s Guide 152 ...

Page 153: ...standardized cryptographic techniques to provide confidentiality data integrity and authentication at the IP layer The following figure is one example of a VPN tunnel Figure 75 VPN Example The VPN tunnel connects the ZyXEL Device X and the remote IPSec router Y These routers then connect the local network A and remote network B A VPN tunnel is usually established in two phases Each phase establish...

Page 154: ...e two negotiation modes main mode and aggressive mode Main mode provides better security while aggressive mode is faster Both routers must use the same negotiation mode These modes are discussed in more detail in Section 11 1 2 1 on page 157 The examples in this section use main mode 11 1 1 1 IP Addresses of the ZyXEL Device and Remote IPSec Router In the ZyXEL Device you have to specify the IP ad...

Page 155: ...y the ZyXEL Device and remote IPSec router cannot establish an IKE SA Both routers must use the same encryption algorithm authentication algorithm and DH key group See the field descriptions for information about specific encryption algorithms authentication algorithms and DH key groups You can also see Section 11 1 1 3 on page 155 for more information about the role of DH key groups 11 1 1 3 Diff...

Page 156: ...address domain name or e mail address and the ID content is a specific IP address domain name or e mail address The ID content is only used for identification the IP address domain name or e mail address that you enter does not have to actually exist The ZyXEL Device and the remote IPSec router each has its own identity so each one must store two sets of information one for itself and one for the ...

Page 157: ...an encryption key from the shared secret encrypt their identities and exchange their encrypted identity information for authentication In contrast aggressive mode only takes three steps to establish an IKE SA Step 1 The ZyXEL Device sends its proposals to the remote IPSec router It also starts the Diffie Hellman key exchange and sends its unencrypted identity to the remote IPSec router for authent...

Page 158: ...er X and router Y can establish a VPN tunnel as long as the active protocol is ESP See Section 11 1 3 2 on page 159 for more information about active protocols If router A does not have an IPSec pass through or if the active protocol is AH you can solve this problem by enabling NAT traversal In NAT traversal router X and router Y add an extra header to the IKE SA and IPSec SA packets If you config...

Page 159: ...rity Payload RFC 2406 The ZyXEL Device and remote IPSec router must use the same active protocol ESP is recommended ESP is recommended because AH does not support encryption and ESP is more suitable with NAT Use AH only if the remote IPSec router does not support ESP 11 1 3 3 Encapsulation There are two ways to encapsulate packets These modes are illustrated below In tunnel mode the ZyXEL Device e...

Page 160: ...he ZyXEL Device and remote IPSec router perform a new DH key exchange every time an IPSec SA is established This is called Perfect Forward Secrecy PFS If you enable PFS the ZyXEL Device and remote IPSec router perform a DH key exchange every time an IPSec SA is established changing the shared secret from which encryption keys are generated As a result if one encryption key is compromised other enc...

Page 161: ... you have to provide the encryption key and the authentication key the ZyXEL Device and remote IPSec router use The ZyXEL Device and remote IPSec router must use the same encryption key and authentication key 11 1 4 1 2 Authentication and the Security Parameter Index SPI In IPSec SAs using manual keys the ZyXEL Device and remote IPSec router use the SPI instead of pre shared keys ID type and ID co...

Page 162: ... screen is configured to Subnet Remote Address This is the IP address es of computer s on the remote network behind the remote IPSec router This field displays N A when the Secure Gateway Address field displays 0 0 0 0 In this case only the remote IPSec router can initiate the VPN The same static IP address is displayed twice when the Remote Address Type field in the VPN IKE or VPN Manual Key scre...

Page 163: ... icon in the VPN Setup Screen Figure 83 VPN Setup Edit Modify Click the Edit icon to go to the screen where you can edit the VPN configuration Click the Remove icon to remove an existing VPN configuration Apply Click Apply to save your changes back to the ZyXEL Device Cancel Click Cancel to return to the previously saved settings Table 51 VPN Setup continued LABEL DESCRIPTION ...

Page 164: ...there is a private DNS server that services the VPN type its IP address here The ZyXEL Device assigns this additional DNS server to the ZyXEL Device s DHCP clients that have IP addresses in this IPSec rule s range of local addresses A DNS server allows clients on the VPN to find other computers and servers on the VPN by their private domain names Local Local IP addresses must be static and corresp...

Page 165: ...ed to Subnet enter a static IP address on the network behind the remote IPSec router End Subnet Mask When the Remote Address Type field is configured to Single this field is N A When the Remote Address Type field is configured to Range enter the end static IP address in a range of computers on the network behind the remote IPSec router When the Remote Address Type field is configured to Subnet ent...

Page 166: ...me in from remote IPSec routers with dynamic WAN IP addresses Secure Gateway Address Type the WAN IP address or the URL up to 31 characters of the IPSec router with which you re making the VPN connection Set this field to 0 0 0 0 if the remote IPSec router has a dynamic WAN IP address the Key Management field must be set to IKE In order to have more than one active rule with the Secure Gateway Add...

Page 167: ...on on DES that uses a 168 bit key As a result 3DES is more secure than DES It also requires more processing power resulting in increased latency and decreased throughput This implementation of AES uses a 128 bit key AES is faster than 3DES Select NULL to set up a tunnel without encryption When you select NULL you do not enter an encryption key Authentication Algorithm Select SHA1 or MD5 from the d...

Page 168: ...he keys are different the ZyXEL Device receives a PYLD_MALFORMED payload malformed packet You can use 8 31 ASCII characters or 16 62 hexadecimal 0 9 A F characters You must precede a hexadecimal key with a 0x zero x which is not counted as part of the 16 62 characters For example in 0x0123456789ABCDEF 0x denotes that the key is hexadecimal and 0123456789ABCDEF is the key itself Encryption Algorith...

Page 169: ...tication algorithms for the IPSec SA The algorithms are listed in order from weakest to strongest Message Digest 5 MD5 produces a 128 bit digest to authenticate packets Secure Hash Algorithm SHA1 produces a 160 bit digest to authenticate packets SA Life Time Seconds Enter the length of time before the ZyXEL Device automatically renegotiates the IPSec SA It may range from 60 to 3 000 000 seconds al...

Page 170: ...p down list box Manual is a useful option for troubleshooting if you have problems using IKE key management SPI Type a number base 10 from 1 to 999999 for the Security Parameter Index Encapsulation Mode Select Tunnel mode or Transport mode from the drop down list box DNS Server for IPSec VPN If there is a private DNS server that services the VPN type its IP address here The ZyXEL Device assigns th...

Page 171: ...ure multiple SAs between the same local and remote IP addresses as long as only one is active at any time Remote Address Type Use the drop down menu to choose Single Range or Subnet Select Single with a single IP address Select Range for a specific range of IP addresses Select Subnet to specify IP addresses on a network by their subnet mask IP Address Start When the Remote Address Type field is co...

Page 172: ...ode The DES encryption algorithm uses a 56 bit key Triple DES 3DES is a variation on DES that uses a 168 bit key As a result 3DES is more secure than DES It also requires more processing power resulting in increased latency and decreased throughput Select NULL to set up a tunnel without encryption When you select NULL you do not enter an encryption key Encryption Key With DES type a unique key 8 c...

Page 173: ... 55 VPN Monitor LABEL DESCRIPTION No This is the security association index number Name This field displays the identification name for this VPN policy Encapsulation This field displays Tunnel or Transport mode IPSec Algorithm This field displays the security protocol encryption algorithm and authentication algorithm used in each VPN tunnel Disconnect Select one of the security associations and th...

Page 174: ...do not have domain names mapped to the WAN IP addresses of their IPSec routers The telecommuters must all use the same IPSec parameters but the local IP addresses or ranges of addresses should not overlap Figure 88 Telecommuters Sharing One VPN Rule Example Table 56 VPN VPN Global Setting LABEL DESCRIPTION Windows Networking NetBIOS over TCP IP NetBIOS Network Basic Input Output System are TCP or ...

Page 175: ...ng table and figure for an example where three telecommuters each use a different VPN rule for a VPN connection with a ZyXEL Device located at headquarters The ZyXEL Device at headquarters HQ in the figure identifies each incoming SA by its ID type and content and uses the appropriate VPN rule to establish the VPN connection The ZyXEL Device at headquarters can also initiate VPN connections to the...

Page 176: ...ommuter A telecommutera dydns org Headquarters ZyXEL Device Rule 1 Local ID Type IP Peer ID Type IP Local ID Content 192 168 2 12 Peer ID Content 192 168 2 12 Local IP Address 192 168 2 12 Secure Gateway Address telecommuter1 com Remote Address 192 168 2 12 Telecommuter B telecommuterb dydns org Headquarters ZyXEL Device Rule 2 Local ID Type DNS Peer ID Type DNS Local ID Content telecommuterb com ...

Page 177: ...t network N2 in the following figure through remote node Router 1 However the ZyXEL Device is unable to route a packet to network N3 because it doesn t know that there is a route through the same remote node Router 1 via gateway Router 2 The static routes are for you to tell the ZyXEL Device about the networks beyond the remote nodes Figure 90 Example of Static Routing Topology 12 2 Configuring St...

Page 178: ...oute Destination This parameter specifies the IP network address of the final destination Routing is always based on network number Gateway This is the IP address of the gateway The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gateway helps forward packets to their destinations Subnet Mask This is the subnet mask of the static route Modify Click the...

Page 179: ...estination Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID IP Subnet Mask Enter the IP subnet mask here Gateway IP Address Enter the IP address of the gateway The gateway is a router or switch on the same network segment as the device s ...

Page 180: ...Chapter 12 Static Route P 793H User s Guide 180 ...

Page 181: ...affic that comes into an interface Bandwidth management applies to all traffic flowing out of the router regardless of the traffic s source Traffic redirect or IP alias may cause LAN to LAN traffic to pass through the ZyXEL Device and be managed by bandwidth management The sum of the bandwidth allotments that apply to any interface must be less than or equal to the speed allocated to that interfac...

Page 182: ...ZyXEL Device has two types of scheduler fairness based and priority based 13 5 1 Priority based Scheduler With the priority based scheduler the ZyXEL Device forwards traffic from bandwidth classes according to the priorities that you assign to the bandwidth classes The larger a bandwidth class s priority number is the higher the priority Assign real time applications like those using audio or vide...

Page 183: ... available bandwidth first as much as they require if there is enough available bandwidth and then to lower priority classes if there is still bandwidth available The ZyXEL Device distributes the available bandwidth equally among classes with the same priority level 13 6 1 Reserving Bandwidth for Non Bandwidth Class Traffic Do the following three steps to configure the ZyXEL Device to allow bandwi...

Page 184: ...nd marketing departments 1536 kbps extra to each for a total of 3584 kbps for each because they both have the highest priority level Research requires more bandwidth but only gets its budgeted 2048 kbps because all of the unbudgeted and unused bandwidth goes to the higher priority sales and marketing classes 13 6 2 2 Fairness based Allotment of Unused and Unbudgeted Bandwidth The following table s...

Page 185: ...priorities that you can apply to traffic that the ZyXEL Device forwards out through an interface 13 7 Configuring Summary Click Advanced Bandwidth MGMT to open the screen as shown next Enable bandwidth management on an interface and set the maximum allowed bandwidth for that interface Table 65 Over Allotment of Bandwidth Example BANDWIDTH CLASSES ALLOTMENTS PRIORITIES Actual outgoing bandwidth ava...

Page 186: ...smission speed of 1 Mbps If this number is higher than the interface s actual transmission speed and you configure bandwidth rules for all of the bandwidth higher priority traffic could use all of the bandwidth so lower priority traffic does not get through Note Unless you enable Max Bandwidth Usage the ZyXEL Device only uses up to the amount of bandwidth that you configure here The ZyXEL Device d...

Page 187: ...n is a setting between 20 kbps and 20000 kbps for an individual rule Add Click this button to add a rule to the following table To Interface This is the number of an individual bandwidth management rule Active This displays whether the rule is enabled Select this check box to have the ZyXEL Device apply this bandwidth management rule Enable a bandwidth management rule to give traffic that matches ...

Page 188: ...hat does not match the rule Enabling a bandwidth management rule also allows you to control the maximum amounts of bandwidth that can be used by traffic that matches the rule Rule Name Use the auto generated name or enter a descriptive name of up to 20 alphanumeric characters including spaces BW Budget Specify the maximum bandwidth allowed for the rule in kbps The recommendation is a setting betwe...

Page 189: ...gure this bandwidth filter for traffic that uses H 323 Select User defined from the drop down list box if you do not want to use a predefined application for the bandwidth class When you select User defined you need to configure at least one of the following fields other than the Subnet Mask fields which you only enter if you also enter a corresponding destination or source IP address Destination ...

Page 190: ...Chapter 13 Bandwidth Management P 793H User s Guide 190 Select an interface from the drop down list box to view the bandwidth usage of its bandwidth rules Figure 97 Bandwidth MGMT Monitor ...

Page 191: ...ress First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynamic DNS service provider will give you a password or key 14 1 1 DYNDNS Wildcard Enabling the wildcard feature for your host causes yourhost dyndns org to be aliased to the same IP address as yo...

Page 192: ...ssword assigned to you Enable Wildcard Option Select the check box to enable DynDNS Wildcard Enable off line option This option is available when Custom DNS is selected in the DDNS Type field Check with your Dynamic DNS service provider to have traffic redirected to a URL that you can specify while you are off line IP Address Update Policy Use WAN IP Address Select this option to update the IP add...

Page 193: ...Address Type the IP address of the host name s Use this if you have a static IP address Apply Click Apply to save your changes back to the ZyXEL Device Cancel Click Cancel to begin configuring this screen afresh Table 70 Dynamic DNS Dynamic DNS continued LABEL DESCRIPTION ...

Page 194: ...Chapter 14 Dynamic DNS Setup P 793H User s Guide 194 ...

Page 195: ...You may manage your ZyXEL Device from a remote location via Internet WAN only ALL LAN and WAN LAN only Neither Disable When you choose WAN only or LAN WAN you still need to configure a firewall rule to allow access To disable remote management of a service select Disable in the corresponding Access Status field You may only have one remote management session running at a time The ZyXEL Device auto...

Page 196: ... s LAN IP address when configuring from the LAN 15 1 3 System Timeout There is a system management idle timeout The ZyXEL Device automatically logs you out if the management session remains idle for longer than this timeout period The management session does not time out when a statistics screen is polling The default value is five minutes and you can change or disable this in Section 17 1 2 on pa...

Page 197: ...the ZyXEL Device Click Advanced Remote MGMT Telnet tab to display the screen as shown Figure 101 Remote MGMT Telnet Secured Client IP A secured client is a trusted computer that is allowed to communicate with the ZyXEL Device using this service Select All to allow any computer to access the ZyXEL Device using this service Choose Selected to just allow the computer with the IP address that you spec...

Page 198: ...cess the ZyXEL Device using this service Secured Client IP A secured client is a trusted computer that is allowed to communicate with the ZyXEL Device using this service Select All to allow any computer to access the ZyXEL Device using this service Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service Apply Click Apply to save...

Page 199: ...SNMP is only available if TCP IP is configured Figure 103 SNMP Management Model An SNMP managed network consists of two main types of component agents and a manager An agent is a management software module that resides in a managed device the ZyXEL Device An agent translates the local management information from the managed device into a form compatible with SNMP The manager is the console through...

Page 200: ...rted MIBs The ZyXEL Device supports MIB II that is defined in RFC 1213 and RFC 1215 The focus of the MIBs is to let administrators collect statistical data and monitor status and performance 15 6 2 SNMP Traps The ZyXEL Device will send traps to the SNMP manager when any one of the following events occurs Table 74 SNMPv1 Traps TRAP TRAP NAME DESCRIPTION 0 coldStart defined in RFC 1215 A trap is sen...

Page 201: ...with the ZyXEL Device using this service Select All to allow any computer to access the ZyXEL Device using this service Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service SNMP Configuration Get Community Enter the Get Community which is the password for the incoming Get and GetNext requests from the management station The d...

Page 202: ...an ICMP response packet is automatically returned This allows the outside user to know the ZyXEL Device exists Your ZyXEL Device supports anti probing which prevents the ICMP response packet from being sent This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed Table 77 Remote MGMT DNS LABEL DESCRIPTION Port You may change the server port number for a service if ...

Page 203: ...processed by the TCP IP software and directly apparent to the application user Respond to Ping on The ZyXEL Device will not respond to any incoming Ping requests when Disable is selected Select LAN to reply to incoming LAN Ping requests Select WAN to reply to incoming WAN Ping requests Otherwise select LAN WAN to reply to both incoming LAN and WAN Ping requests Do not respond to requests for unaut...

Page 204: ... active 0 no 1 yes Enable disable TR 069 operation acsUrl URL Set the IP address or domain name of CNM Access username maxlength 15 Username used to authenticate the device when making a connection to CNM Access This username is set up on the server and must be provided by the CNM Access administrator password maxlength 15 Password used to authenticate the device when making a connection to CNM Ac...

Page 205: ...rk will appear as a separate icon Selecting the icon of a UPnP device will allow you to access the information and properties of that device 16 1 2 NAT Traversal UPnP NAT traversal automates the process of allowing an application to operate through NAT UPnP network devices can automatically configure network addressing announce their presence in the network to other UPnP devices and enable exchang...

Page 206: ...es the fields in this screen Table 80 UPnP General LABEL DESCRIPTION Active the Universal Plug and Play UPnP Feature Select this check box to activate UPnP Be aware that anyone could use a UPnP application to open the web configurator s login screen without entering the ZyXEL Device s IP address although you must still enter the password to access the web configurator Allow users to make configura...

Page 207: ...ol Panel Double click Add Remove Programs 2 Click on the Windows Setup tab and select Communication in the Components selection box Click Details Figure 109 Add Remove Programs Windows Setup Communication 3 In the Communications window select the Universal Plug and Play check box in the Components selection box Apply Click Apply to save the setting to the ZyXEL Device Cancel Click Cancel to return...

Page 208: ...rompted Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click Start and Control Panel 2 Double click Network Connections 3 In the Network Connections window click Advanced in the main menu and select Optional Networking Components Figure 111 Network Connections 4 The Windows Optional Networking Components Wizard window displays Select Networking Service in ...

Page 209: ... Figure 112 Windows Optional Networking Components Wizard 5 In the Networking Services window select the Universal Plug and Play check box Figure 113 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next ...

Page 210: ...ake sure the computer is connected to a LAN port of the ZyXEL Device Turn on your computer and the ZyXEL Device Auto discover Your UPnP enabled Network Device 1 Click Start and Control Panel Double click Network Connections An icon displays under Internet Gateway 2 Right click the icon and select Properties Figure 114 Network Connections 3 In the Internet Connection Properties window click Setting...

Page 211: ... and Play UPnP P 793H User s Guide 211 Figure 115 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings Figure 116 Internet Connection Properties Advanced Settings ...

Page 212: ...5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 6 Select Show icon in notification area when connected option and click OK An icon displays in the system tray Figure 118 System Tray Icon 7 Double click on the icon to display your current Internet connection status ...

Page 213: ...ss the web based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first This comes helpful if you do not know the IP address of the ZyXEL Device Follow the steps below to access the web configurator 1 Click Start and then Control Panel 2 Double click Network Connections 3 Select My Network Places under Other Places ...

Page 214: ...H User s Guide 214 Figure 120 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your ZyXEL Device and select Invoke The web configurator login screen displays ...

Page 215: ...5 Figure 121 Network Connections My Network Places 6 Right click on the icon for your ZyXEL Device and select Properties A properties window displays with basic information about the ZyXEL Device Figure 122 Network Connections My Network Places Properties Example ...

Page 216: ...Chapter 16 Universal Plug and Play UPnP P 793H User s Guide 216 ...

Page 217: ...217 PART IV Maintenance System 219 Logs 225 Tools 229 Diagnostic 235 ...

Page 218: ...218 ...

Page 219: ...ngs Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it as the System Name In Windows XP click start My Computer View system information and then click the Computer Name tab Note the entry in the Full computer name field and enter it as the ZyXEL Device System Name 17 1 2 General Setu...

Page 220: ...the session times out The default is 5 minutes After it times out you have to log in with your password again Very long idle timeouts may have security risks A value of 0 means a management session never times out no matter how long it has been left idle not recommended Password User Password If you log in with the user password you can only view the ZyXEL Device status The default user password i...

Page 221: ...er you change the password use the new password to access the ZyXEL Device Retype to Confirm Type the new password again for confirmation Apply Click Apply to save your changes back to the ZyXEL Device Cancel Click Cancel to begin configuring this screen afresh Table 81 System General continued LABEL DESCRIPTION Table 82 System Time Setting LABEL DESCRIPTION Current Time and Date Current Time This...

Page 222: ...e default NTP RFC 1305 is similar to Time RFC 868 Time Server Address Enter the IP address or URL up to 20 extended ASCII characters in length of your time server Check with your ISP network administrator if you are unsure of this information Time Zone Setup Time Zone Choose the time zone of your location This will set the time difference between your time zone and Greenwich Mean Time GMT Enable D...

Page 223: ...tober and type 2 in the o clock field Daylight Saving Time ends in the European Union on the last Sunday of October All of the time zones in the European Union stop using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would select Last Sunday October The time you type in the o clock field depends on your time zone In Germany for instance you would type 2 beca...

Page 224: ...Chapter 17 System P 793H User s Guide 224 ...

Page 225: ...arrants more serious attention They include system errors attacks access control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts display in red and logs display in black 18 2 Viewing the Logs Click Maintenance Logs to open the View Log screen Use the View Log scre...

Page 226: ... Table 83 Logs View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop down list box Select a category of logs to view select All Logs to view logs from all of the log categories that you selected in the Log Settings page Email Log Now Click Email Log Now to send the log screen to the e mail address specified in the Log Settings page make su...

Page 227: ...bject line of the log e mail message that the ZyXEL Device sends Not all ZyXEL Device models have this field Send Log To The ZyXEL Device sends logs to the e mail address specified in this field If this field is left blank the ZyXEL Device does not send logs via e mail Send Alerts To Alerts are real time notifications that are sent as soon as an event such as a DoS attack system error or forbidden...

Page 228: ...Select the check box to delete all the logs after the ZyXEL Device sends an E mail of the logs Syslog Logging The ZyXEL Device sends a log to an external syslog server Active Click Active to enable syslog logging Syslog Server IP Address Enter the server name or IP address of the syslog server that will log the selected categories of logs Log Facility Select a location from the drop down list box ...

Page 229: ...er a successful upload the system will reboot Only use firmware for your device s specific model Refer to the label on the bottom of your device Click Maintenance Tools to open the Firmware screen Follow the instructions in this screen to upload firmware to your ZyXEL Device Figure 127 Tools Firmware The following table describes the labels in this screen Table 85 Tools Firmware LABEL DESCRIPTION ...

Page 230: ...n on your desktop Figure 129 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen If the upload was not successful the following screen will appear Click Return to go back to the Firmware screen Browse Click Browse to find the bin file you want to upload Remember that you must decompress compressed zip files before you can upload ...

Page 231: ... this screen Table 86 Tools Configuration LABEL DESCRIPTION Backup Configuration Backup Click this to save the ZyXEL Device s current configuration to a file on your computer Once your device is configured and functioning properly it is highly recommended that you back up your configuration file before making configuration changes The backup configuration file is useful if you need to return to yo...

Page 232: ... computer to be in the same subnet as that of the ZyXEL Device See your Quick Start Guide or the appendices for details on how to set up your computer s IP address You might have to open a new browser to log in again If the upload was not successful a Configuration Upload Error screen appears Upload Click this to restore the selected configuration file See below for more information about this Not...

Page 233: ...urn to go back to the previous screen 19 3 Restart System restart allows you to reboot the ZyXEL Device without turning the power off Click Maintenance Tools Restart Click Restart to have the ZyXEL Device reboot This does not affect the ZyXEL Device s configuration Figure 135 Tools Restart ...

Page 234: ...Chapter 19 Tools P 793H User s Guide 234 ...

Page 235: ...next Figure 136 Diagnostic General The following table describes the fields in this screen 20 2 DSL Line Diagnostic Use this screen to run DSL diagnostics Click Maintenance Diagnostic DSL Line to open the screen shown next Table 87 Diagnostic General LABEL DESCRIPTION TCP IP Address Type the IP address of a computer that you want to ping in order to test a connection Ping Click this button to ping...

Page 236: ...ATM status Capture All Logs Click this button to display all logs generated by the DSL line DSL Line Status Click this button to view the DSL port s line operating values and line bit allocation Reset DSL Line Click this button to reinitialize the DSL line The large text box above then displays the progress and results of this operation for example Start to reset DSL Loading DSL modem F W Reset DS...

Page 237: ...tup 263 Remote Node Setup 265 Static Route Setup 275 NAT Setup 279 Firewall Setup 293 Filter Configuration 295 SNMP Configuration 309 System Password 311 System Information Diagnosis 313 Firmware and Configuration File Maintenance 323 Menus 24 8 to 24 11 337 IP Routing Policy Setup 343 Schedule Setup 349 Troubleshooting 353 ...

Page 238: ...238 ...

Page 239: ... SMT Follow these steps 1 In Windows click Start Run 2 Type telnet w x y z and click OK w x y z is the IP address of the ZyXEL Device the default address is 192 168 1 1 The ZyXEL Device prompts you for the password Figure 138 Login Screen 3 Enter the password The default password is 1234 As you type the password the screen displays an asterisk for each character you type 4 After you enter the pass...

Page 240: ...d 4 Internet Access Setup 24 System Maintenance 25 IP Routing Policy Setup Advanced Applications 26 Schedule Setup 11 Remote Node Setup 12 Static Routing Setup 15 NAT Setup 99 Exit Enter Menu Selection Number Table 89 Main Menu Summary MENU FUNCTION 1 General Setup Use this menu to set up device mode dynamic DNS and administrative information 2 WAN Setup Use this menu to configure the DSL connecti...

Page 241: ...able 89 Main Menu Summary MENU FUNCTION Table 90 SMT Menus Overview MENUS SUB MENUS 1 General Setup 1 1 Configure Dynamic DNS 2 WAN Setup 2 1 Traffic Redirect Setup 2 2 Dial Backup Setup 2 2 1 Advanced Dial Backup Setup 3 LAN Setup 3 1 LAN Port Filter Setup 3 2 TCP IP and DHCP Setup 3 2 1 IP Alias Setup 3 6 Port Based VLAN Setup 4 Internet Access Setup 11 Remote Node Setup 11 1 Remote Node Profile...

Page 242: ...ystem Maintenance Upload System Configuration File 24 8 Command Interpreter Mode 24 9 System Maintenance Call Control 24 9 1 Budget Management 24 10 System Maintenance Time and Date Setting 24 11 Remote Management Control 25 IP Routing Policy Summary 25 1 IP Routing Policy Setup 25 1 1 IP Routing Policy 26 Schedule Setup 26 1 Schedule Set Setup Table 90 SMT Menus Overview continued MENUS SUB MENUS...

Page 243: ...ed fields or ChangeMe All fields with the symbol must be filled in order to be able to save the new configuration All fields with ChangeMe must not be left blank in order to be able to save the new configuration N A fields N A Some of the fields in the SMT will show a N A This symbol refers to an option that is Not Applicable Save your configuration ENTER Save your configuration by pressing ENTER ...

Page 244: ...Chapter 21 Introducing the SMT P 793H User s Guide 244 ...

Page 245: ...anumeric characters long Spaces are not allowed but dashes and underscores _ are accepted Location Enter a descriptive name for the place where the ZyXEL Device is located You can enter up to 31 characters or you can leave this field blank Contact Person s Name Enter the name of the person to contact for questions about the ZyXEL Device You can enter up to 30 characters or you can leave this field...

Page 246: ...able bridging in the ZyXEL Device for protocols that are not supported by IP based routing for example SNA If Route IP is No select Yes in this field to enable bridging in the ZyXEL Device for all protocols In either case this setting is not effective for a specific remote node unless you enable bridging in the remote node too See Menu 11 1 Remote Node Profile nodes 1 7 in Section 26 3 on page 265...

Page 247: ...DNS Server Auto Detect IP Address field recommended or the Use Specified IP Address field but not both With the DDNS Server Auto Detect IP Address and Use Specified IP Address fields both set to No the DDNS server automatically updates the IP address of the host name s with the ZyXEL Device s WAN IP address DDNS does not work with a private IP address When both fields are set to No the ZyXEL Devic...

Page 248: ...Chapter 22 General Setup P 793H User s Guide 248 ...

Page 249: ...eout sec 9677 Traffic Redirect No Dial Backup No Table 94 Menu 2 WAN Setup FIELD DESCRIPTION Service Mode Press SPACE BAR to indicate whether the ZyXEL Device should use 2 wire or 4 wire mode for the DSL connection This is related to the phone line you use and affects the maximum speed of the connection In 2 wire mode the maximum data rate is up to 5 69 Mbps while in 4 wire mode the maximum data r...

Page 250: ...n using a WAN backup connection the ZyXEL Device periodically pings the addresses configured here and uses the other WAN backup connection if configured if there is no response KeepAlive Fail Tolerance Type the number of times 2 recommended that your ZyXEL Device may ping the IP addresses configured in the Check WAN IP Address field without getting a response before switching to a WAN backup conne...

Page 251: ...mum data rate is up to 5 69 Mbps for each DSL connection Service Type The ZyXEL Device automatically acts as a server in 2wire 2line mode Rate Adaption The field on the left refers to DSL 1 connection and the field on the right refers to DSL 2 connection Press SPACE BAR to let the ZyXEL Device adjust the speed of its connection to that of the other device Transfer Max Rate Kbps The field on the le...

Page 252: ... in the Check WAN IP Address field without getting a response before switching to a WAN backup connection or a different WAN backup connection Recovery Interval sec When the ZyXEL Device is using a lower priority connection usually a WAN backup connection it periodically checks to whether or not it can use a higher priority connection Type the number of seconds 30 recommended for the ZyXEL Device ...

Page 253: ... the IP address of your backup gateway in dotted decimal notation The ZyXEL Device automatically forwards traffic to this IP address if the ZyXEL Device s Internet connection terminates Metric This field sets this route s priority among the routes the ZyXEL Device uses The metric represents the cost of transmission A router determines the best route for transmission by choosing a path with the low...

Page 254: ...Dial Backup port and the external device Available speeds are 9600 19200 38400 57600 115200 or 230400 bps AT Command String Init Enter the AT command string to initialize the WAN device Consult the manual of your WAN device connected to your Dial Backup port for specific AT commands Edit Advanced Setup To edit the advanced setup for the Dial Backup port move the cursor to this field press the SPAC...

Page 255: ...s from the WAN device CLID is required for CLID authentication Called Id Enter the keyword preceding the dialed number Speed Enter the keyword preceding the connection speed Call Control Dial Timeout sec Enter a number of seconds for the ZyXEL Device to keep trying to set up an outgoing call before timing out stopping The ZyXEL Device times out and stops if it cannot set up an outgoing call within...

Page 256: ...Chapter 23 WAN Setup P 793H User s Guide 256 ...

Page 257: ... This menu allows you to specify the filter sets that you wish to apply to the LAN traffic You seldom need to filter the LAN traffic however the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Figure 148 Menu 3 1 LAN Port Filter Setup Menu 3 LAN Setup 1 LAN Port Filter Setup 2 TCP IP and DHCP Setup 6 Port Based VLAN Setup Menu 3 1 LAN Port Filter Set...

Page 258: ...emote DHCP Server N A TCP IP Setup IP Address 192 168 1 1 IP Subnet Mask 255 255 255 0 RIP Direction Both Version RIP 2B Multicast IGMP v2 IP Policies Edit IP Alias No Table 99 Menu 3 2 TCP IP and DHCP Ethernet Setup FIELD DESCRIPTION DHCP Setup DHCP This field enables disables the DHCP server If set to Server your ZyXEL Device will act as a DHCP server You should configure the rest of the fields ...

Page 259: ...ver that choice changes to None after you save your changes Select None if you do not want to configure DNS servers If you do not configure a DNS server you must know the IP address of a machine in order to access it Remote DHCP Server If Relay is selected in the DHCP field above then type the IP address of the actual remote DHCP server here TCP IP Setup IP Address Enter the LAN IP address of your...

Page 260: ...irection N A Version N A Incoming protocol filters N A Outgoing protocol filters N A Table 100 Menu 3 2 1 IP Alias Setup FIELD DESCRIPTION IP Alias 1 2 Choose Yes to configure the LAN network for the ZyXEL Device IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation IP Subnet Mask Your ZyXEL Device will automatically calculate the subnet mask based on the IP address that ...

Page 261: ...H User s Guide 261 Figure 151 Menu 3 6 Port Based VLAN Setup Press SPACE BAR to select Yes or No to allow or block layer 2 traffic between each pair of ports Menu 3 6 Port Based VLAN Setup 1 2 3 4 1 Yes Yes Yes 2 Yes Yes 3 Yes 4 ...

Page 262: ...Chapter 24 LAN Setup P 793H User s Guide 262 ...

Page 263: ...QoS Type UBR Peak Cell Rate PCR 0 Sustain Cell Rate SCR 0 Maximum Burst Size MBS 0 My Login N A My Password N A ENET ENCAP Gateway 0 0 0 0 IP Address Assignment Static IP Address 0 0 0 0 Network Address Translation SUA Only Address Mapping Set N A Table 101 Menu 4 Internet Access Setup FIELD DESCRIPTION ISP s Name Enter a descriptive name for your ISP for identification purposes Encapsulation Pres...

Page 264: ...your ISP did not assign you a fixed IP address press SPACE BAR and then ENTER to select Dynamic otherwise select Static and enter the IP address and subnet mask in the following fields IP Address This field is enabled if the IP Address Assignment is Static Enter the fixed IP address assigned to you by your ISP static IP address assignment is selected in the previous field Network Address Translati...

Page 265: ...s a WAN connection Note that when you use menu 4 to set up Internet access you are actually configuring a remote node 26 2 Remote Node Setup From the main menu select menu option 11 to open Menu 11 Remote Node Setup shown below Figure 153 Menu 11 Remote Node Setup Type the node number you want to configure and press ENTER 26 3 Remote Node Profile The following explains how to configure remote node...

Page 266: ... your ISP did not provide one Incoming This section is only enabled for PPPoA or PPPoE connections Rem Login Type the login name that this remote node will use to call your ZyXEL Device The login name and the Rem Password will be used to authenticate this node Rem Password Type the password used when this remote node calls your ZyXEL Device Outgoing This section is only enabled for PPPoA or PPPoE ...

Page 267: ...n press SPACE BAR to select Yes and press ENTER Menu 11 8 appears Telco Option This section is only enabled for PPPoA or PPPoE connections Allocated Budget min Enter the maximum amount of time in minutes each call can last Enter 0 if there is no limit With Period you can set a limit on the total outgoing call time of the ZyXEL Device within a certain period of time When the total outgoing call tim...

Page 268: ...rt both choices Pri Phone Sec Phone Type the phone number s for this remote node If the Primary Phone number is busy or does not answer your ZyXEL Device dials the Secondary Phone number if available Some areas require dialing the pound sign before the phone number for local calls Include a symbol at the beginning of the phone numbers as required Edit PPP Options Press SPACE BAR to select Yes and ...

Page 269: ...hedule sets that apply to this connection Nailed Up Connection Select this if you want the ZyXEL Device to automatically connect to your ISP when it is turned on and to remain connected all the time This is not recommended if you pay for your Internet connected based on the amount of time you are connected Session Options Edit Filter Sets If you want to specify input and output filter sets for the...

Page 270: ...e more than one public WAN IP address for your ZyXEL Device Address Mapping Set This field is enabled if NAT is Full Feature Specify which address mapping set you want to use for this remote node Metric This field sets this route s priority among the routes the ZyXEL Device uses The metric represents the cost of transmission A router determines the best route for transmission by choosing a path wi...

Page 271: ...yXEL Device uses to support multicasting on this port Multicasting only sends packets to some computers and is an alternative to unicasting sending packets to one computer and broadcasting sending packets to every computer None The ZyXEL Device does not support multicasting IGMP v1 The ZyXEL Device supports IGMP version 1 IGMP v2 The ZyXEL Device supports IGMP version 2 Multicasting can improve ov...

Page 272: ...emote Node Filter FIELD DESCRIPTION Input Filter Sets protocol filters Enter up to four filter sets If you enter more than one separate each one with a comma device filters Enter up to four filter sets If you enter more than one separate each one with a comma Output Filter Sets protocol filters Enter up to four filter sets If you enter more than one separate each one with a comma device filters En...

Page 273: ...l management of ATM traffic Enter the VCI assigned to you ATM QoS Type Select CBR Constant Bit Rate to specify fixed always on bandwidth for voice or data traffic Select UBR Unspecified Bit Rate for applications that are non time sensitive such as e mail Select VBR Variable Bit Rate for bursty traffic and bandwidth sharing with other applications Peak Cell Rate PCR Divide the DSL line rate bps by ...

Page 274: ...ddition to the ZyXEL Device s built in PPPoE client you can enable PPPoE Passthrough to allow up to ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the ZyXEL Device Each host can have a separate account and a public WAN IP address PPPoE pass through is an alternative to NAT for applications where NAT is not appropriate Disable PPPoE passthrough if you...

Page 275: ...routes as shown next to configure IP static routes in menu 12 1 Figure 160 Menu 12 1 IP Static Route Setup Now enter the index number of the static route that you want to configure Menu 12 1 IP Static Route Setup 1 ________ 2 ________ 3 ________ 4 ________ 5 ________ 6 ________ 7 ________ 8 ________ 9 ________ 10 ________ 11 ________ 12 ________ 13 ________ 14 ________ 15 ________ 16 ________ ...

Page 276: ...gle host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID IP Subnet Mask Enter the IP subnet mask for this destination Gateway IP Address Enter the IP address of the gateway The gateway is an immediate neighbor of your ZyXEL Device that will forward the packet to the destination On the LAN the gateway must be a router on the s...

Page 277: ...Name Enter a descriptive name for this route This is for identification purposes only Active This field allows you to activate deactivate this static route Ether Address This parameter specifies the MAC address of the final destination IP Address Enter the IP address of the gateway The gateway is an immediate neighbor of your ZyXEL Device that will forward the packet to the destination On the LAN ...

Page 278: ...Chapter 27 Static Route Setup P 793H User s Guide 278 ...

Page 279: ...e and Server See Section 28 2 1 on page 281 for a detailed description of the NAT set for SUA The ZyXEL Device also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types Choose SUA Only if you have just one public WAN IP address for your ZyXEL Device Choose Full Feature if you have multiple public WAN IP address...

Page 280: ...4 Internet Access Setup ISP s Name MyISP Encapsulation ENET ENCAP Multiplexing LLC based VPI 0 VCI 33 ATM QoS Type UBR Peak Cell Rate PCR 0 Sustain Cell Rate SCR 0 Maximum Burst Size MBS 0 My Login N A My Password N A ENET ENCAP Gateway 0 0 0 0 IP Address Assignment Static IP Address 0 0 0 0 Network Address Translation SUA Only Address Mapping Set N A Menu 11 3 Remote Node Network Layer Options IP...

Page 281: ...e main menu to bring up the following screen Figure 166 Menu 15 NAT Setup 28 2 1 Address Mapping Sets Enter 1 to bring up Menu 15 1 1 Address Mapping Sets Table 110 Applying NAT in Menus 4 11 3 FIELD DESCRIPTION OPTIONS Network Address Translation When you select this option the SMT will use the specified address mapping set menu 15 1 see Section 28 2 1 on page 281 for further discussion You can c...

Page 282: ...ng Sets The entire set will be deleted if you leave the Set Name field blank and press ENTER at the bottom of the screen Figure 168 Menu 15 1 1 Address Mapping Rules Menu 15 1 Address Mapping Sets 1 ACL Default Set 2 3 4 5 6 7 8 255 SUA read only Menu 15 1 1 Address Mapping Rules Set Name ACL Default Set Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 0 0 0 0 Serve 2 3 4 5 6 7...

Page 283: ...tion is taken Selecting Edit in the Action field and then selecting a rule brings up the following menu Menu 15 1 1 1 Address Mapping Rule in which you can edit an individual rule and configure the Type Local and Global Start End IPs An IP End address must be numerically greater than its corresponding IP Start address Table 111 Menu 15 1 1 Address Mapping Rules FIELD DESCRIPTION Set Name This is t...

Page 284: ... 4 3 on page 288 for an example Local IP These fields are enabled depending on the Type Start Enter the starting local IP address ILA End Enter the ending local IP address ILA If the rule is for all local IPs then put the Start IP as 0 0 0 0 and the End IP as 255 255 255 255 This field is N A for One to One and Server types Global IP These fields are enabled depending on the Type Start Enter the s...

Page 285: ...et you want to modify for full feature NAT In Menu 15 2 NAT Server Setup configure the port forwarding rules Figure 171 Menu 15 2 NAT Server Setup Menu 15 2 NAT Server Sets 1 Server Set 1 Used for SUA Only 2 Server Set 2 3 Server Set 3 4 Server Set 4 5 Server Set 5 6 Server Set 6 7 Server Set 7 8 Server Set 8 9 Server Set 9 10 Server Set 10 Menu 15 2 NAT Server Setup Rule Start Port No End Port No...

Page 286: ...e 1 Table 113 Menu 15 2 NAT Server Setup FIELD DESCRIPTION Rule This field is a sequential value and it is not associated with a specific rule The sequence is important however The ZyXEL Device checks each active rule in order and it only follows the first one that applies Start Port This field displays the beginning of the range of port numbers forwarded by this rule End Port This field displays ...

Page 287: ...Example 2 Internet Access with a Default Server Figure 174 NAT Example 2 In this case you do exactly as above use the convenient pre configured SUA Only set and also go to menu 15 2 1 to specify the Default Server behind the NAT as shown in the next figure Menu 4 Internet Access Setup ISP s Name MyISP Encapsulation ENET ENCAP Multiplexing LLC based VPI 0 VCI 33 ATM QoS Type UBR Peak Cell Rate PCR ...

Page 288: ...the first IGA to the first inside FTP server for FTP traffic in both directions 1 1 mapping giving both local and global IP addresses 2 Map the second IGA to our second inside FTP server for FTP traffic in both directions 1 1 mapping giving both local and global IP addresses 3 Map the other outgoing LAN traffic to IGA3 Many 1 mapping 4 You also map your third IGA to the web server and mail server ...

Page 289: ...10 the IP address of FTP Server 1 the global Start IP as 10 132 50 1 our first IGA See Figure 178 on page 289 6 Repeat the previous step for rules 2 to 4 as outlined above 7 When finished menu 15 1 1 should look like as shown in Figure 179 on page 290 Figure 177 Example 3 Menu 11 3 The following figure shows how to configure the first rule Figure 178 Example 3 Menu 15 1 1 1 Menu 11 3 Remote Node N...

Page 290: ...e 3 Menu 15 2 Menu 15 1 1 Address Mapping Rules Set Name Example3 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 10 132 50 1 1 1 2 192 168 1 11 10 132 50 2 1 1 3 0 0 0 0 255 255 255 255 10 32 50 3 M 1 4 10 132 50 3 Serve 5 6 7 8 9 10 Action None Select Rule N A Menu 15 2 NAT Server Setup Rule Start Port No End Port No IP Address 1 Default Default 0 0 0 0 2 80 80 ...

Page 291: ... gaming programs are NAT unfriendly because they embed addressing information in the data stream These applications won t work through NAT even when using One to One and Many One to One mapping types Follow the steps outlined in example 3 above to configure these two menus as follows Figure 182 Example 4 Menu 15 1 1 1 Address Mapping Rule After you ve configured your rule you should be able to che...

Page 292: ...le 4 Menu 15 1 1 Address Mapping Rules Menu 15 1 1 Address Mapping Rules Set Name Example4 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 192 168 1 12 10 132 50 1 10 132 50 3 M M N 2 3 4 5 6 7 8 9 10 Action None Select Rule N A ...

Page 293: ...etup 29 1 1 Activating the Firewall Enter option 2 in this menu to bring up the following screen Press SPACE BAR and then ENTER to select Yes in the Active field to activate the firewall The firewall must be active to protect against Denial of Service DoS attacks Use the web configurator to configure firewall rules Use the web configurator or SMT menu 15 to configure the LAN to WAN Set Name and WA...

Page 294: ...vice DoS attacks when it is active The default Policy sets 1 allow all sessions originating from the LAN to the WAN and 2 deny all sessions originating from the WAN to the LAN You may define additional Policy rules or modify existing ones but please exercise extreme caution in doing so Active Yes LAN to WAN Set Name ACL Default Set WAN to LAN Set Name ACL Default Set Please configure the Firewall ...

Page 295: ...a filters are divided into incoming and outgoing filters depending on the direction of the packet relative to a port Data filtering can be applied on either the WAN side or the LAN side Call filtering is used to determine if a packet should be allowed to trigger a call Remote node call filtering is only applicable when using PPPoE encapsulation Outgoing packets must undergo data filtering before t...

Page 296: ...e filter rules and protocol filter rules within the same set You can apply up to four filter sets to a particular port to block multiple types of packets With each filter set having up to six rules you can have a maximum of 24 rules active for a single port Sets of factory default filter rules have been configured in menu 21 to prevent NetBIOS traffic from triggering calls and to prevent incoming ...

Page 297: ...o a particular port to block multiple types of packets With each filter set having up to six rules you can have a maximum of 24 rules active for a single port 30 2 Configuring a Filter Set The ZyXEL Device includes filtering for NetBIOS over TCP IP packets by default To configure another filter set follow the procedure below ...

Page 298: ...firm to open Menu 21 1 1 Filter Rules Summary This screen shows the summary of the existing rules in the filter set Figure 190 Menu 21 1 1 Filter Rules Summary Menu 21 Filter and Firewall Setup 1 Filter Setup 2 Firewall Setup Menu 21 1 Filter Set Configuration Filter Filter Set Comments Set Comments 1 NetBIOS_WAN 7 _______________ 2 NetBIOS_LAN 8 _______________ 3 TELNET_WAN 9 _______________ 4 PP...

Page 299: ...ave Table 114 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION This is an index number A Active Y means the rule is active N means the rule is inactive Type The type of filter rule GEN for Generic IP for TCP IP Filter Rules These parameters are displayed here M More Y means there are more rules to check which form a rule chain with the present rule An action cannot be taken un...

Page 300: ...TCP IP Filter Rule FIELD DESCRIPTION Active Press SPACE BAR and then ENTER to select Yes to activate the filter rule or No to deactivate it IP Protocol Protocol refers to the upper layer protocol for example TCP is 6 UDP is 17 and ICMP is 1 Type a value between 0 and 255 A value of 0 matches ANY protocol IP Source Route Press SPACE BAR and then ENTER to select Yes to apply the rule to packets with...

Page 301: ...or No If Yes a matching packet is passed to the next filter rule before an action is taken if No the packet is disposed of according to the action fields If More is Yes then Action Matched and Action Not Matched will be N A Log Press SPACE BAR and then ENTER to select a logging option from the following None No packets will be logged Action Matched Only packets that match the rule parameters will ...

Page 302: ...re 192 Executing an IP Filter 30 2 3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule The purpose of generic rules is to allow you to filter non IP packets For IP it is generally easier to use the IP rules directly ...

Page 303: ... set filter rule co ordinates in other words 2 3 refers to the second filter set and the third rule of that set Filter Type Use SPACE BAR and then ENTER to select a rule type Parameters displayed below each type will be different TCP IP filter rules are used to filter IP packets while generic filter rules allow filtering of non IP packets Options are Generic Filter Rule and TCP IP Filter Rule Acti...

Page 304: ... at the message Press ENTER to confirm to open Menu 21 1 3 Filter Rules Summary 6 Enter 1 to configure the first filter rule the only filter rule of this set Make the entries in this menu as shown in the following figure Action Matched Select the action for a packet matching the rule Options are Check Next Rule Forward and Drop Action Not Matched Select the action for a packet not matching the rul...

Page 305: ...tion is not matched no matter whether there are more rules to be checked there aren t in this example After you ve created the filter set you must apply it 1 Enter 11 from the main menu to go to menu 11 2 Enter 1 or 2 to open Menu 11 x Remote Node Profile 3 Go to the Edit Filter Sets field press SPACE BAR to select Yes and press ENTER 4 This brings you to menu 11 1 4 Apply a filter set our example...

Page 306: ...IP address and port number before NAT for outgoing packets and after NAT for incoming packets On the other hand the generic or device filters are applied to the raw packets that appear on the wire They are applied at the point when the ZyXEL Device is receiving and sending the packets in other words the interface The interface can be an Ethernet port or any other hardware port The following diagra...

Page 307: ...ffic 30 6 2 Applying Remote Node Filters Go to menu 11 5 shown below note that call filter sets are only present for PPPoA or PPPoE encapsulation and enter the number s of the filter set s as appropriate You can cascade up to four filter sets by entering their numbers separated by commas The ZyXEL Device already has filters to prevent NetBIOS traffic from triggering calls and block incoming telnet...

Page 308: ...Chapter 30 Filter Configuration P 793H User s Guide 308 ...

Page 309: ...IPTION Get Community Type the Get community which is the password for the incoming Get and GetNext requests from the management station Set Community Type the Set community which is the password for incoming Set requests from the management station Trusted Host If you enter a trusted host your ZyXEL Device will only respond to SNMP messages from this address A blank default field means your ZyXEL ...

Page 310: ...Chapter 31 SNMP Configuration P 793H User s Guide 310 ...

Page 311: ...1 Menu 23 System Password The following table describes the labels in this menu Menu 23 System Password Old Password New Password Retype to confirm Table 119 Menu 23 System Password FIELD DESCRIPTION Old Password Enter the current administrator password for the ZyXEL Device New Password Enter the new administrator password for the ZyXEL Device Retype to confirm Enter the new administrator password...

Page 312: ...Chapter 32 System Password P 793H User s Guide 312 ...

Page 313: ...shown in the next figure System Status is a tool that can be used to monitor your ZyXEL Device Specifically it gives you information on your system firmware version number of packets sent and number of packets received To get to the System Status 1 Enter number 24 to go to Menu 24 System Maintenance 2 In this menu enter 1 to open System Maintenance Status 3 There are three commands in Menu 24 1 Sy...

Page 314: ...plays Down line is down Up line is up or connected if you re using Ethernet encapsulation and Down line is down Up line is up or connected Idle line ppp idle Dial starting to trigger a call and Drop dropping a call if you re using PPPoE encapsulation It displays N A if the port is not connected TxPkts This is the number of packets transmitted from the ZyXEL Device to the remote node RxPkts This is...

Page 315: ...rmation on your routing protocol Ethernet address IP address etc WAN This section displays information about the WAN port Note In a point to 2points connection this field only displays line 1 status Line Status This field displays the port speed and duplex setting if you re using Ethernet encapsulation and Down line is down or not connected Idle line ppp idle Dial starting to trigger a call or Dro...

Page 316: ...P Mask 255 255 255 0 DHCP Server Table 121 Menu 24 2 1 System Maintenance Information FIELD DESCRIPTION Name This is the ZyXEL Device s system name domain name assigned in menu 1 For example System Name xxx Domain Name baboo mickey com Name xxx baboo mickey com Routing Refers to the routing protocol used ZyNOS F W Version Refers to the version of ZyXEL s Network Operating System software SHDSL Chi...

Page 317: ... Maintenance Log and Trace 1 View Error Log 2 UNIX Syslog 34 Sat Jan 1 00 00 02 2000 PP05 WARN SNMP TRAP 3 link up 35 Sat Jan 1 00 00 04 2000 PP00 INFO Channel 0 ok 36 Sat Jan 1 00 00 06 2000 PP0c INFO LAN promiscuous mode 0 37 Sat Jan 1 00 00 06 2000 PP00 WARN SNMP TRAP 0 cold start 38 Sat Jan 1 00 00 06 2000 PP00 INFO main init completed 39 Sat Jan 1 00 00 06 2000 PP00 INFO Starting Connectivity...

Page 318: ...address of the syslog server that will log the selected categories of logs Log Facility Press SPACE BAR and then ENTER to select a location The log facility allows you to log the messages to different files in the syslog server Refer to the documentation of your syslog program for more details When finished configuring this screen press ENTER to confirm or ESC to cancel CDR Message Format SdcmdSys...

Page 319: ...a86614ca849a7b0427001700195b451d143013500400007 7600000 Filter log Message Format SdcmdSyslogSend SYSLOG_FILLOG SYSLOG_NOTICE String String IP Src xx xx xx xx Dst xx xx xx xx prot spo xxxx dpo xxxx S04 R01mD IP is the packet header and S04 R01mD means filter set 4 S and rule 1 R match m drop D Src Source Address Dst Destination Address prot Protocol TCP UDP ICMP spo Source port dpo Destination por...

Page 320: ... IPXCP Jul 19 11 42 44 192 168 102 2 ZyXEL ppp LCP Closing Jul 19 11 42 49 192 168 102 2 ZyXEL ppp IPCP Closing Jul 19 11 42 54 192 168 102 2 ZyXEL ppp CCP Closing Firewall Log Message Format SdcmdSyslogSend SYSLOG_FIREWALL SYSLOG_NOTICE buf buf IP Src xx xx xx xx spo xxxx Dst xx xx xx xx dpo xxxx prot rule action Src Source Address spo Source port empty means no source port information Dst Destin...

Page 321: ...TION Reset xDSL Enter 1 to reset the DSL connection on the WAN port Ping Host Enter 12 to ping any machine with an IP address on your LAN or WAN Enter its IP address in the Host IP Address field below Reboot System Enter 11 to reboot the ZyXEL Device Command Mode Enter 22 to go to the Command Interpreter CI for further diagnosis You can also enter the CI using menu 24 8 Host IP Address If you ente...

Page 322: ...Chapter 33 System Information Diagnosis P 793H User s Guide 322 ...

Page 323: ...r ZyXEL Device s performance 34 2 Filename Conventions The configuration file often called the romfile or rom 0 contains the factory default settings in the menus such as password DHCP Setup TCP IP Setup etc It arrives from ZyXEL with a rom filename extension Once you have customized the ZyXEL Device s settings they can be saved back to your computer under a filename of your choosing ZyNOS ZyXEL N...

Page 324: ...onfiguration to your computer Backup is highly recommended once your ZyXEL Device is functioning properly FTP is the preferred method for backing up your current configuration to your computer since it is faster You can also perform backup and restore using menu 24 through the console port Any serial communications program should work fine however you must use Xmodem protocol to perform the downlo...

Page 325: ... quit to exit the ftp prompt 34 3 3 Example of FTP Commands from the Command Line Figure 212 FTP Session Example Menu 24 5 Backup Configuration To transfer the configuration file to your computer follow the procedure below 1 Launch the FTP client on your computer 2 Type open and the IP address of your system Then type root and SMT password as requested 3 Locate the rom 0 file 4 Type get rom 0 to b...

Page 326: ...backup the configuration file follow the procedure shown next 1 Use telnet from your computer to connect to the ZyXEL Device and log in Because TFTP does not have any security checks the ZyXEL Device records the IP address of the telnet client and accepts TFTP requests only from this address 2 Put the SMT in command interpreter CI mode by entering 8 in Menu 24 System Maintenance 3 Enter command sy...

Page 327: ...me of the configuration file on the ZyXEL Device to the file destination on the computer and renames it config rom 34 3 8 GUI based TFTP Clients The following table describes some of the fields that you may see in GUI based TFTP clients Refer to Section 34 3 5 on page 326 to read about configurations that disallow TFTP and FTP over WAN 34 3 9 Backup Via Console Port Back up configuration via conso...

Page 328: ... key to return to the SMT menu Figure 216 Successful Backup Confirmation Screen 34 4 Restore Configuration This section shows you how to restore a previously saved configuration Note that this function erases the current configuration before restoring a previous back up configuration please do not attempt to restore unless you have a backup configuration file stored on disk FTP is the preferred me...

Page 329: ... computer for example put config rom rom 0 transfers the configuration file config rom on your computer to the ZyXEL Device See earlier in this chapter for more information on filename conventions 8 Enter quit to exit the ftp prompt The ZyXEL Device will automatically restart after a successful restore process Menu 24 6 Restore Configuration To transfer the firmware and the configuration file foll...

Page 330: ...at the Xmodem download has started Figure 220 System Maintenance Starting Xmodem Download Screen 3 Run the HyperTerminal program by clicking Transfer then Send File as shown in the following screen Figure 221 Restore Configuration Example 4 After a successful restoration you will see the following screen Press any key to restart the ZyXEL Device and return to the SMT menu ftp put config rom rom 0 ...

Page 331: ... for uploading firmware and the configuration file using FTP Figure 223 Menu 24 7 1 System Maintenance Upload System Firmware 34 5 2 Configuration File Upload You see the following screen when you telnet into menu 24 7 2 Save to ROM Hit any key to start system reboot Menu 24 7 1 System Maintenance Upload System Firmware To upload the system firmware follow the procedure below 1 Launch the FTP clie...

Page 332: ...d renames it rom 0 Likewise get rom 0 config rom transfers the configuration file on the ZyXEL Device to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the ftp prompt Menu 24 7 2 System Maintenance Upload System Configuration File To upload the system configuration file follow the procedure below 1 Launch the FT...

Page 333: ...command interpreter CI mode by entering 8 in Menu 24 System Maintenance 3 Enter the command sys stdio 0 to disable the console timeout so the TFTP transfer will not be interrupted Enter command sys stdio 5 to restore the five minute console timeout default when the file transfer is complete 4 Launch the TFTP client on your computer and connect to the ZyXEL Device Set the transfer mode to binary be...

Page 334: ...program should work fine however you must use the Xmodem protocol to perform the download upload 34 5 8 Uploading Firmware File Via Console Port 1 Select 1 from Menu 24 7 System Maintenance Upload Firmware to display Menu 24 7 1 System Maintenance Upload System Firmware and then follow the instructions as shown in the following screen Figure 226 Menu 24 7 1 As Seen Using the Console Port 2 After t...

Page 335: ...uld be similar 3 Enter atgo to restart the ZyXEL Device 34 5 11 Example Xmodem Configuration Upload Using HyperTerminal Click Transfer then Send File to display the following screen Menu 24 7 2 System Maintenance Upload System Configuration File To upload system configuration file 1 Enter y at the prompt below to go into debug mode 2 Enter atlc after Enter Debug Mode message 3 Wait for Starting XM...

Page 336: ...apter 34 Firmware and Configuration File Maintenance P 793H User s Guide 336 Figure 229 Example Xmodem Upload After the configuration upload process has completed restart the ZyXEL Device by entering atgo ...

Page 337: ...included disk or zyxel com for more detailed information on CI commands Enter 8 from Menu 24 System Maintenance 1 Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable Figure 230 Command Mode in Menu 24 35 1 1 Command Syntax The command keywords are in courier new font Enter the command keywords exactly as shown do not abbreviate The required fields i...

Page 338: ...llows you to set a limit on the total outgoing call time of the ZyXEL Device within certain times When the total outgoing call time exceeds the limit the current call will be dropped and any future outgoing calls will be blocked Call history chronicles preceding incoming and outgoing calls To access the call control menu select option 9 in menu 24 to go to Menu 24 9 System Maintenance Call Control...

Page 339: ...on your ZyXEL Device Menu 24 10 allows you to update the time and date settings of your ZyXEL Device The real time is then displayed in the ZyXEL Device error logs and firewall logs Select menu 24 in the main menu to open Menu 24 System Maintenance as shown next Menu 24 9 1 Budget Management Remote Node Connection Time Total Budget Elapsed Time Total Period 1 MyISP No Budget No Budget 2 3 4 5 6 7 ...

Page 340: ...ew Date yyyy mm dd 2000 01 01 Time Zone GMT 0100 Brussels Copenhagen Madrid Paris Daylight Saving No Start Date mm nth week hr Jan 1st Sun 02 00 End Date mm nth week hr Jan 1st Sun 02 00 Table 128 Menu 24 10 System Maintenance Time and Date Setting FIELD DESCRIPTION Time Protocol Enter the time service protocol that your timeserver uses Not all time servers support all protocols so you may have to...

Page 341: ...Time at 2 A M local time So in the United States you would select Apr 1st Sun and type 02 in the hr field Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would select Mar Last Sun The time you type in the hr field depends on you...

Page 342: ...erver Server Port 23 Server Access ALL Secured Client IP 0 0 0 0 FTP Server Server Port 21 Server Access ALL Secured Client IP 0 0 0 0 Web Server Server Port 80 Server Access ALL Secured Client IP 0 0 0 0 Table 129 Menu 24 11 Remote Management Control FIELD DESCRIPTION TELNET Server FTP Server Web Server Each of these read only labels denotes a service that you may use to remotely manage the ZyXEL...

Page 343: ...nizations to distribute interactive traffic on high bandwidth high cost paths while using low cost paths for batch traffic Load Sharing Network administrators can use IPPR to distribute traffic among multiple paths NAT The ZyXEL Device performs NAT by default for traffic going to or from the ge1 interface Routing policy s SNAT allows network administrators to have traffic received on a specified i...

Page 344: ...omment in the Edit Name field and press ENTER 3 Press ENTER at the message Press ENTER to confirm to open Menu 25 1 IP Routing Policy Setup 36 5 IP Routing Policy Setup Use this menu to look at a policy route To open this menu enter the number and name of a policy route in menu 25 Menu 25 IP Routing Policy Setup Policy Policy Set Name Set Name 1 _______________ 7 _______________ 2 _______________ ...

Page 345: ...______________________________________________ ______________________________________________________________________ 6 N ______________________________________________________________________ ______________________________________________________________________ Enter Policy Rule Number 1 6 to Configure Table 130 Menu 25 1 IP Routing Policy Setup FIELD DESCRIPTION This field displays the rule num...

Page 346: ...olicy Summary Active Press SPACE BAR and then ENTER to select Yes to activate the policy Criteria IP Protocol Enter a number that represents an IP layer 4 protocol for example UDP 17 TCP 6 ICMP 1 and Don t care 0 Type of Service Prioritize incoming network traffic by choosing from Don t Care Normal Min Delay Max Thruput or Max Reliable Precedence Precedence value of the incoming packet Press SPACE...

Page 347: ...hown next Action Specifies whether action should be taken on criteria Matched or Not Matched Gateway addr Enter the IP address of the gateway to which the ZyXEL Device forwards the packet The gateway is an immediate neighbor of your ZyXEL Device and must be on the same subnet as the ZyXEL Device if it is on the LAN or the IP address of a remote node if it is on the WAN Enter 0 0 0 0 to specify the...

Page 348: ... correctly Menu 25 1 1 IP Routing Policy Policy Set Name example1 Active Yes Criteria IP Protocol 6 Type of Service Don t Care Packet length 10 Precedence Don t Care Len Comp Equal Source addr start 192 168 1 33 end 192 168 1 64 port start 0 end N A Destination addr start 0 0 0 0 end N A port start 80 end 80 Action Matched Gateway addr 192 168 1 1 Log No Type of Service Max Thruput Precedence 0 Me...

Page 349: ... television program in a VCR or TiVo 37 2 Schedule Setup This menu is only applicable if your Internet connection uses PPPoE encapsulation Use this menu to look at the schedule sets in the ZyXEL Device To open this menu enter 26 in the main menu Figure 243 Menu 26 Schedule Setup Menu 26 Schedule Setup Schedule Schedule Set Name Set Name 1 _______________ 7 _______________ 2 _______________ 8 _____...

Page 350: ...avoids scheduling conflicts For example if sets 1 2 3 and 4 in are applied in the remote node then set 1 takes precedence over set 2 3 and 4 Enter Schedule Set Number to Configure If you want to configure a schedule set enter the number of the static route in this field enter the name in the Edit Name field and press ENTER Menu 26 1 appears If you want to delete a schedule set enter the number of ...

Page 351: ...u selected Once in the How Often field above then enter the date the set should activate here in year month date format Weekdays If you selected Weekly in the How Often field above then select the day s when the set should activate and recur by going to that day s and pressing SPACE BAR to select Yes then press ENTER Start Time Enter the start time when you wish the schedule set to take effect in ...

Page 352: ...Chapter 37 Schedule Setup P 793H User s Guide 352 ...

Page 353: ...e using the power adaptor or cord included with the ZyXEL Device 3 Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the ZyXEL Device off and on 5 If the problem continues contact the vendor V One of the LEDs does not behave as expected 1 Make sure you understand the normal behavior of t...

Page 354: ...page 357 V I cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address Section 6 3 on page 97 use the new IP address If you changed the IP address and have forgotten it see the troubleshooting suggestions for I forgot the IP address for the ZyXEL Device 2 Check the hardware conn...

Page 355: ...son who is logged in to log out 3 Turn the ZyXEL Device off and on 4 If this does not work you have to reset the device to its factory defaults See Section 38 5 on page 357 V I cannot access the SMT I cannot Telnet to the ZyXEL Device See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator Ignore the suggestions about your browser V I cannot use FTP ...

Page 356: ... the ZyXEL Device but my Internet connection is not available anymore 1 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 1 4 on page 41 2 Turn the ZyXEL Device off and on 3 If the problem continues contact your ISP V The Internet connection is slow or intermittent 1 There might be a lot of traffic on the network Look at the LEDs a...

Page 357: ... Quick Start Guide 2 If you are using a point to 2point configuration WAN backup is disabled 38 4 Advanced Features V I cannot set up a VPN tunnel to another device 1 Make sure your VPN settings are set correctly Specifically check the authentication settings See Chapter 11 on page 153 2 If you are using a point to 2point configuration then you can only establish a VPN tunnel with remote node 1 38...

Page 358: ...ED begins to blink The default settings have been restored If the ZyXEL Device restarts automatically wait for the ZyXEL Device to finish restarting and log in to the web configurator The password is 1234 If the ZyXEL Device does not restart automatically disconnect and reconnect the ZyXEL Device s power Then follow the directions above again ...

Page 359: ... up Your Computer s IP Address 367 Pop up Windows JavaScripts and Java Permissions 383 IP Addresses and Subnetting 389 IP Address Assignment Conflicts 397 Common Services 401 Command Interpreter 405 Log Descriptions 411 NetBIOS Filter Commands 427 Legal Information 429 Customer Support 433 Index 437 ...

Page 360: ...360 ...

Page 361: ...r 2 wire two pairs 4 wire or 2 lines with one pair each 2 wire per pair Operation Temperature 0º C 40º C Storage Temperature 20º 60º C Operation Humidity 20 90 RH Storage Humidity 10 90 RH Distance between the centers of the holes on the device s back 108 mm Screw size for wall mounting M4 Table 136 Firmware Routing Bridge Support IP RFC 791 routing is supported TCP UDP ICMP IGMP v1 and v2 ARP RIP...

Page 362: ...PP RFC 1334 RFC 1994 Microsoft CHAP Stateful packet inspection firewall Content filter Prevent Denial of service Access control of service Real time attack alert and log Network Management Web based Configuration Command line interface Password protected Telnet support SNMP MIB I MIB II support TFTP FTP firmware upgrade and configuration backup VPN IPSec VPN support 10 VPN tunnels IKE Manual Key D...

Page 363: ...ticast groups see RFC 2236 IP Alias IP alias allows you to subdivide a physical network into logical networks over the same Ethernet interface with the ZyXEL Device itself as the gateway for each subnet Time and Date Get the current time and date from an external server when you turn on your ZyXEL Device You can also set the time manually These dates and times are then used in logs Logging and Tra...

Page 364: ...fic on your network by reserving bandwidth and giving priority to certain types of traffic and or to particular computers Remote Management This allows you to decide whether a service HTTP or FTP traffic for example from a computer on a network LAN or WAN for example can access the ZyXEL Device Table 137 Firmware Features FEATURE DESCRIPTION DSL 1 DSL 2 ...

Page 365: ...e holes matches what is listed in the product specifications appendix Be careful to avoid damaging pipes or cables located inside the wall when drilling holes for the screws 3 Do not screw the screws all the way into the wall Leave a small gap of about 0 5 cm between the heads of the screws and the wall 4 Make sure the screws are snugly fastened to the wall They need to hold the weight of the ZyXE...

Page 366: ...Appendix B Wall mounting Instructions P 793H User s Guide 366 ...

Page 367: ...third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of using dynamic assignment make sure that your computers have IP address...

Page 368: ...n click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In the Network window click Add 2 Select Protocol and then click Add 3 Select Microsoft from the list of manufacturers 4 Select TCP IP from the list of network protocols and then click OK If you need Client for Microsoft Networks 1 Click Add 2 Select Client and then click Add 3 Select Mic...

Page 369: ...lect Obtain an IP address automatically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields Figure 248 Windows 95 98 Me TCP IP Properties IP Address 3 Click the DNS Configuration tab If you do not know your DNS information select Disable DNS If you know your DNS information select Enable DNS and type the information in t...

Page 370: ...he TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your ZyXEL Device and restart your computer when prompted Verifying Settings 1 Click Start and then Run 2 In the Run window type winipcfg and then click OK to open the IP Configuration window 3 Select your network adapter You should see your computer s IP address subnet mask and default g...

Page 371: ...H User s Guide 371 Figure 250 Windows XP Start Menu 2 In the Control Panel double click Network Connections Network and Dial up Connections in Windows 2000 NT Figure 251 Windows XP Control Panel 3 Right click Local Area Connection and then click Properties ...

Page 372: ...in Win XP and then click Properties Figure 253 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP address click Obtain an IP address automatically If you have a static IP address click Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields Click Advanced ...

Page 373: ... In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a default metric the number of tra...

Page 374: ... General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them ...

Page 375: ...Connections window Network and Dial up Connections in Windows 2000 NT 11 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right click a network connection click Status and then click the Support tab ...

Page 376: ...intosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 258 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings select Using DHCP Server from the Configure list 4 For statically assigned settings do the following From the Configure box select Manually ...

Page 377: ...iguration 7 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Click the Apple menu and click System Preferences to open the System Preferences window Figure 259 Macintosh OS X Apple Menu 2 Click Network in the icon bar Select Automatic from the Location list Select Built in Ethernet fr...

Page 378: ...in the Subnet mask box Type the IP address of your ZyXEL Device in the Router address box 5 Click Apply Now and close the window 6 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings Check your TCP IP properties in the Network window Linux This section shows you how to configure your computer s TCP IP settings in Red Hat Linux 9 0 Procedure screens and file location ...

Page 379: ... to configure your computer IP address using the KDE 1 Click the Red Hat button located on the bottom left corner select System Setting and click Network Figure 261 Red Hat 9 0 KDE Network Configuration Devices 2 Double click on the profile of the network card you wish to configure The Ethernet Device General screen displays as shown Figure 262 Red Hat 9 0 KDE Ethernet Device General ...

Page 380: ... KDE Network Configuration DNS 5 Click the Devices tab 6 Click the Activate button to apply the changes The following screen displays Click Yes to save the changes in all screens Figure 264 Red Hat 9 0 KDE Network Configuration Activate 7 After the network card restart process is complete make sure the Status is Active in the Network Configuration screen Using Configuration Files Follow the steps ...

Page 381: ...e etc directory The following figure shows an example where two DNS server IP addresses are specified Figure 267 Red Hat 9 0 DNS Settings in resolv conf 3 After you edit and save the configuration files you must restart the network card Enter network restart in the etc rc d init d directory The following figure shows an example Figure 268 Red Hat 9 0 Restart Ethernet Card DEVICE eth0 ONBOOT yes BO...

Page 382: ...oot localhost ifconfig eth0 Link encap Ethernet HWaddr 00 50 BA 72 5B 44 inet addr 172 23 19 129 Bcast 172 23 19 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 717 errors 0 dropped 0 overruns 0 frame 0 TX packets 13 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 100 RX bytes 730412 713 2 Kb TX bytes 1570 1 5 Kb Interrupt 10 Base address 0x1000 r...

Page 383: ...et Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 270 Pop up Blocker You can...

Page 384: ...eb pop up blockers you may have enabled Figure 271 Internet Options Privacy 3 Click Apply to save this setting Enable pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab 2 Select Settings to open the Pop up Blocker Settings screen ...

Page 385: ...e 385 Figure 272 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 4 Click Add to move the IP address to the list of Allowed sites Figure 273 Pop up Blocker Settings ...

Page 386: ...ay properly in Internet Explorer check that JavaScripts are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 274 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default 6 Click...

Page 387: ...ngs Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected 5 Click OK to close the window Figure 276 Security Settings Java ...

Page 388: ...ava Permissions P 793H User s Guide 388 JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected 3 Click OK to close the window Figure 277 Java Sun ...

Page 389: ...are a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the network the packets are delivered Structure An IP address is made up of four p...

Page 390: ...part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask followed by a continuous sequence of zeros for a total number of 32 bits Subnet masks can be referred to by the size of the...

Page 391: ...by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a followed by the number of bits in the mask after the address For example 192 1 1 0 25 is equivalent to saying 192 1 1 0 with subnet mask 255 255 255 128 The following table shows some possible subnet masks u...

Page 392: ...ws the company network before subnetting Figure 279 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 0 25 and 192 168 1 128 25 The following figure shows the company...

Page 393: ...1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits giving 26...

Page 394: ...et 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 145 Subnet 4 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1...

Page 395: ...BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31 128 1 Table 148 16 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 255 192 0 18 4 16382 ...

Page 396: ...ntered You don t need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet running only between two branch offices for example you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Aut...

Page 397: ...r on the LAN Figure 281 IP Address Conflicts Case A You must set the ZyXEL Device to use different LAN and WAN IP addresses on different subnets if you enable DHCP server on the ZyXEL Device For example you set the WAN IP address to 192 59 1 1 and the LAN IP address to 10 59 1 1 Otherwise It is recommended the ZyXEL Device use a public WAN IP address Case B The ZyXEL Device LAN IP address conflict...

Page 398: ...u enable DHCP server on the ZyXEL Device For example you set the WAN IP address to 192 59 1 1 and the LAN IP address to 10 59 1 1 Otherwise It is recommended the ZyXEL Device uses a public WAN IP address Case D Two or more subscribers have the same IP address By converting all private IP addresses to the WAN IP address the ZyXEL Device allows subscribers with different network configurations to ac...

Page 399: ...F IP Address Assignment Conflicts P 793H User s Guide 399 Figure 284 IP Address Conflicts Case D This problem can be solved by adding a VLAN enabled switch or set the computers to obtain IP addresses dynamically ...

Page 400: ...Appendix F IP Address Assignment Conflicts P 793H User s Guide 400 ...

Page 401: ...s USER this is the IP protocol number Description This is a brief explanation of the applications that use this service or the situations in which this service is used Table 149 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM New ICQ TCP 5190 AOL s Internet Messenger service It is al...

Page 402: ...net chat program NEWS TCP 144 A protocol for news groups NFS UDP 2049 Network File System NFS is a client server distributed file service that provides transparent file sharing for network environments NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service PING User Defined 1 Packet INternet Groper is a protocol that sends out ICMP echo requests to ...

Page 403: ...g mainframes midrange systems UNIX systems and network servers SSH TCP UDP 22 Secure Shell Remote Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Inte...

Page 404: ...Appendix G Common Services P 793H User s Guide 404 ...

Page 405: ...a command are enclosed in angle brackets The optional fields in a command are enclosed in square brackets The symbol means or For example sys filter netbios config type on off means that you must specify the type of netbios filter and whether to turn it on or off Command Usage A list of valid commands can be found by typing help or at the command prompt Always type the full command Type exit to cl...

Page 406: ...rts for that category and 3 to record both logs and alerts for that category Not every parameter is available with every category 5 Use the sys logs save command to store the settings in the ZyXEL Device you must do this in order to record logs Displaying Logs Use the sys logs display command to show all of the logs in the ZyXEL Device s log Use the sys logs category display command to show the lo...

Page 407: ... category access 3 ras sys logs save ras sys logs display access time source destination notes message 0 06 08 2004 05 58 21 172 21 4 154 224 0 1 24 ACCESS BLOCK Firewall default policy IGMP W to W ZW 1 06 08 2004 05 58 20 172 21 3 56 239 255 255 250 ACCESS BLOCK Firewall default policy IGMP W to W ZW 2 06 08 2004 05 58 20 172 21 0 2 239 255 255 254 ACCESS BLOCK Firewall default policy IGMP W to W...

Page 408: ...ce respond to gratuitous ARP requests For example say the regular gateway goes down and a backup gateway sends a gratuitous ARP request If the request is for an IP address that is not already in the ZyXEL Device s ARP table the ZyXEL Device sends an ARP request to ask which host is using the IP address After the ZyXEL Device receives a reply from the backup gateway it adds an ARP table entry If th...

Page 409: ...en there is an existing entry Setting the Key Length for Phase 2 IPSec AES Encryption By default the ZyXEL Device uses a 128 bit AES encryption key for phase 2 IPSec tunnels Use this command to edit an existing VPN rule to use a longer AES encryption key See the following example Say you have a VPN rule one that uses AES for the phase 2 encryption and you want it to use 192 bit encryption Use the ...

Page 410: ...ios No Name test ControlPing No LogControlPing No Control ping address 0 0 0 0 Local Addr Type SINGLE Port Start 0 End N A IP Addr Start 0 0 0 0 Mask N A Remote Addr Type SINGLE Port Start 0 End N A IP Addr Start 0 0 0 0 Mask N A Enable Replay Detection No Key Management IKE Phase 2 Active Protocol ESP Encryption Algorithm AES Authentication Algorithm SHA1 Encryption Key Length 192 SA Life Time Se...

Page 411: ... failed Someone has failed to log on to the router via telnet Successful FTP login Someone has logged on to the router via ftp FTP login failed Someone has failed to log on to the router via ftp NAT Session Table is Full The maximum number of NAT session table entries has been exceeded and the table is full Starting Connectivity Monitor Starting Connectivity Monitor Time initialized by Daytime Ser...

Page 412: ...AN connection is down You cannot access the network through this interface Table 152 Access Control Logs LOG MESSAGE DESCRIPTION Firewall default policy TCP UDP IGMP ESP GRE OSPF Packet Direction Attempted TCP UDP IGMP ESP GRE OSPF access matched the default policy and was blocked or forwarded according to the default policy s setting Firewall rule NOT match TCP UDP IGMP ESP GRE OSPF Packet Direct...

Page 413: ...omplete sent TCP RST The router sent a TCP reset packet when the number of incomplete connections TCP and UDP exceeded the user configured threshold Incomplete count is for all TCP and UDP connections through the firewall Note When the number of incomplete connections TCP UDP Maximum Incomplete High the router sends TCP RST packets for TCP connections and destroys TOS firewall dynamic sessions unt...

Page 414: ...Means the router has dialed to the PPPoE server 3 times board d line d channel d call d s C02 OutCall Connected d s The PPPoE PPTP or dial up call is connected board d line d channel d call d s C02 Call Terminated The PPPoE PPTP or dial up call was disconnected Table 157 PPP Logs LOG MESSAGE DESCRIPTION ppp LCP Starting The PPP connection s Link Control Protocol stage has started ppp LCP Opening T...

Page 415: ...d list from the local cache and knows the category type s Trusted Web site The web site is in a trusted domain s When the content filter is not on according to the time schedule or you didn t select the Block Matched Web Site check box the system forwards the web content Waiting content filter server timeout The external content filtering server did not respond within the timeout period DNS resolv...

Page 416: ...poofing no routing entry ICMP type d code d The firewall classified an ICMP packet with no source routing entry as an IP spoofing attack vulnerability ICMP type d code d The firewall detected an ICMP vulnerability attack For type and code details see Table 167 on page 422 traceroute ICMP type d code d The firewall detected an ICMP traceroute attack For type and code details see Table 167 on page 4...

Page 417: ...r phase 2 parameters don t match Please check all protocols settings Ex One device being configured for 3DES and the other being configured for DES causes the connection to fail Local remote IPs of incoming request conflict with rule d The security gateway is set to 0 0 0 0 and the router used the peer s Local Address as the router s Remote Address This information conflicted with static rule d th...

Page 418: ...P Maximum Segment Size value after establishing a tunnel Rule d input idle time out disconnect The tunnel for the listed rule was dropped because there was no inbound traffic within the idle timeout period XAUTH succeed Username Username The router used extended authentication to authenticate the listed username XAUTH fail Username Username The router was not able to use extended authentication to...

Page 419: ...ule Rule d Receiving IKE request IKE received an IKE request for the listed rule Swap rule to rule d The router changed to using the listed rule Rule d Phase 1 key length mismatch The listed rule s IKE phase 1 key length with the AES encryption algorithm did not match between the router and the peer Rule d phase 1 mismatch The listed rule s IKE phase 1 did not match between the router and the peer...

Page 420: ...rupted user certificate from the LDAP server whose address and port are recorded in the Source field Failed to decode the received CRL The router received a corrupted CRL Certificate Revocation List from the LDAP server whose address and port are recorded in the Source field Failed to decode the received ARL The router received a corrupted ARL Authority Revocation List from the LDAP server whose a...

Page 421: ...SSAGE DESCRIPTION Local User Database accepts user A user was authenticated by the local user database Local User Database reports user credential error A user was not authenticated by the local user database because of an incorrect user password Local User Database does not find user s credential A user was not authenticated by the local user database because the user is not listed in the local u...

Page 422: ...ion server No Server to authenticate user There is no authentication server to authenticate a user Local User Database does not find user s credential A user was not authenticated by the local user database because the user is not listed in the local user database Table 166 ACL Setting Notes PACKET DIRECTION DIRECTION DESCRIPTION L to W LAN to WAN ACL set for packets traveling from the LAN to the ...

Page 423: ...Timestamp Reply 0 Timestamp reply message 15 Information Request 0 Information request message 16 Information Reply 0 Information reply message Table 168 Syslog Logs LOG MESSAGE DESCRIPTION Facility 8 Severity Mon dd hr mm ss hostname src srcIP srcPort dst dstIP dstPort msg msg note note devID mac address last three numbers cat category This message is sent by the system RAS displays as the system...

Page 424: ...ng buffer that allows you to configure which logs the ZyXEL Device is to record 2 Use sys logs category to view a list of the log categories Figure 290 Displaying Log Categories Example 3 Use sys logs category followed by a log category to display the parameters that are available for the category TRANS Transform KE Key Exchange ID Identification CER Certificate CER_REQ Certificate Request HASH Ha...

Page 425: ...is available with every category 5 Step 5 Use the sys logs save command to store the settings in the ZyXEL Device you must do this in order to record logs Displaying Logs Use the sys logs display command to show all of the logs in the ZyXEL Device s log Use the sys logs category display command to show the log settings for all of the log categories Use the sys logs display log category command to ...

Page 426: ...4 ACCESS BLOCK Firewall default policy IGMP W to W ZW 1 06 08 2004 05 58 20 172 21 3 56 239 255 255 250 ACCESS BLOCK Firewall default policy IGMP W to W ZW 2 06 08 2004 05 58 20 172 21 0 2 239 255 255 254 ACCESS BLOCK Firewall default policy IGMP W to W ZW 3 06 08 2004 05 58 20 172 21 3 191 224 0 1 22 ACCESS BLOCK Firewall default policy IGMP W to W ZW 4 06 08 2004 05 58 20 172 21 0 254 224 0 0 1 ...

Page 427: ...ets cause unwanted calls You can configure NetBIOS filters to do the following Allow or disallow the sending of NetBIOS packets from the LAN to the WAN and from the WAN to the LAN Allow or disallow the sending of NetBIOS packets through VPN connections Allow or disallow NetBIOS packets to initiate calls Display NetBIOS Filter Settings This command gives a read only list of the current NetBIOS filt...

Page 428: ...nitiating calls Disabled type Identify which NetBIOS filter numbered 0 3 to configure 0 Between LAN and WAN 3 IPSec packet pass through 4 Trigger Dial on off For type 0 and 1 use on to enable the filter and block NetBIOS packets Use off to disable the filter and forward NetBIOS packets For type 3 use on to block NetBIOS packets from being sent through a VPN connection Use off to allow NetBIOS pack...

Page 429: ...e Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners Certifications Federal Communications Commission FCC Interference Statement The device complies with Part 15 of FCC rules Operation is subject to the followin...

Page 430: ...e date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials ZyXEL will at its discretion repair or replace the defective products or components without charge for either parts or labor and to whatever extent it shall deem necessary to restore the product or components to proper operating conditio...

Page 431: ...y ZyXEL to the corresponding return address Postage Paid This warranty gives you specific legal rights and you may also have other rights that vary from country to country Registration Register your product online to receive e mail notices of firmware upgrades and information at www zyxel com for global products or at www us zyxel com for North American products ...

Page 432: ...Appendix K Legal Information P 793H User s Guide 432 ...

Page 433: ...39 Web Site www zyxel com www europe zyxel com FTP Site ftp zyxel com ftp europe zyxel com Regular Mail ZyXEL Communications Corp 6 Innovation Road II Science Park Hsinchu 300 Taiwan Costa Rica Support E mail soporte zyxel co cr Sales E mail sales zyxel co cr Telephone 506 2017878 Fax 506 2015098 Web Site www zyxel co cr FTP Site ftp zyxel co cr Regular Mail ZyXEL Costa Rica Plaza Roble Escazú Eta...

Page 434: ... Finland France E mail info zyxel fr Telephone 33 4 72 52 97 97 Fax 33 4 72 52 19 20 Web Site www zyxel fr Regular Mail ZyXEL France 1 rue des Vergers Bat 1 C 69760 Limonest France Germany Support E mail support zyxel de Sales E mail sales zyxel de Telephone 49 2405 6909 0 Fax 49 2405 6909 99 Web Site www zyxel de Regular Mail ZyXEL Deutschland GmbH Adenauerstr 20 A2 D 52146 Wuerselen Germany Hung...

Page 435: ...U S A Norway Support E mail support zyxel no Sales E mail sales zyxel no Telephone 47 22 80 61 80 Fax 47 22 80 61 81 Web Site www zyxel no Regular Mail ZyXEL Communications A S Nils Hansens vei 13 0667 Oslo Norway Poland E mail info pl zyxel com Telephone 48 22 333 8250 Fax 48 22 333 8251 Web Site www pl zyxel com Regular Mail ZyXEL Communications ul Okrzei 1A 03 715 Warszawa Poland Russia Support...

Page 436: ... support ua zyxel com Sales E mail sales ua zyxel com Telephone 380 44 247 69 78 Fax 380 44 494 49 32 Web Site www ua zyxel com Regular Mail ZyXEL Ukraine 13 Pimonenko Str Kiev 04050 Ukraine United Kingdom Support E mail support zyxel co uk Sales E mail sales zyxel co uk Telephone 44 1344 303044 08707 555779 UK only Fax 44 1344 303034 Web Site www zyxel co uk FTP Site ftp zyxel co uk Regular Mail ...

Page 437: ... notices 430 viewing 430 Change Password screen 44 command interface 41 Command Interpreter CI 337 command syntax 337 command usage 338 configuration file 323 back up 231 324 back up using FTP 325 backing up using console port 327 backing up using TFTP 326 restore 231 328 restoring using console port 330 restoring using FTP 329 console port for backing up configuration file 327 for restoring confi...

Page 438: ...t 295 and firewall 306 and NAT 306 and remote node 271 data 295 generic filter rule 302 structure 296 TCP IP filter rule 300 firewall 117 and filter set 306 and IP alias 101 and remote management 195 anti probing 144 application level 118 direction 129 packet filtering 117 packet filtering vs stateful inspection 127 rule 130 stateful inspection 118 122 stateful inspection for ICMP 125 stateful ins...

Page 439: ...al policy 159 manual keys 160 Perfect Forward Secrecy PFS 160 proposal 160 remote policy 159 Security Parameter Index SPI manual keys 161 transport mode 160 tunnel mode 159 when IKE SA is disconnected 159 IPSec SA See also VPN IPSec See also VPN L LAN 93 and WAN 93 LAN ports communication between 260 LEDs 41 LLC multiplexing 72 Local Area Network See LAN log 225 log categories 226 logical interfac...

Page 440: ...See PPPoA Point to Point Protocol over Ethernet See PPPoE policy route 343 actions 343 and metric 74 criteria 343 port forwarding 107 and your ISP 107 default server 107 port number 119 PPPoA 72 and IP address 73 nailed up connection 73 PPPoE 71 access and authentication methods 71 and client software 71 and IP address 73 nailed up connection 73 services 71 product registration 431 R reboot 233 re...

Page 441: ...9 41 203 trademarks 429 traffic class 75 Constant Bit Rate CBR 75 Unspecified Bit Rate UBR 75 Variable Bit Rate VBR 75 traffic redirect 85 and bandwidth management 181 and IP alias 85 and triangle route 85 traffic shaping 74 Maximum Burst Size MBS 74 Peak Cell Rate PCR 74 Sustained Cell Rate SCR 74 triangle route 132 and IP alias 133 and traffic redirect 85 U Unspecified Bit Rate UBR 75 using cons...

Page 442: ...Index P 793H User s Guide 442 minimum requirements 43 Wide Area Network See WAN wizards 53 WWW remote management 196 www dyndns org 191 ...

Page 443: ...Index P 793H User s Guide 443 ...

Page 444: ...Index P 793H User s Guide 444 ...

Reviews:

No comments

Related manuals for G.SHDSL.bis 4-port Security Gateway P-793H

Icom VE-PG3 Installation preview
VE-PG3
Brand: Icom Pages: 2
Icom VE-PG3 Instruction Manual preview
VE-PG3
Brand: Icom Pages: 326
DEUTSCHMANN AUTOMATION UNIGATE IC - Powerlink Instruction Manual preview
UNIGATE IC - Powerlink
Brand: DEUTSCHMANN AUTOMATION Pages: 50
Alphatech BlueGate A User Manual preview
BlueGate A
Brand: Alphatech Pages: 16
Caroma Smart Command 410100 Installation Manual preview
Smart Command 410100
Brand: Caroma Pages: 2
Telco Access 211N Installation Manual preview
Access 211N
Brand: Telco Pages: 4
NEC MG-SIP Configuration Manual preview
MG-SIP
Brand: NEC Pages: 81
ICC ECAT-1000 User Manual preview
ECAT-1000
Brand: ICC Pages: 58
ICC DNET-100 User Manual preview
DNET-100
Brand: ICC Pages: 70
Meraki MG21 Installation Manual preview
MG21
Brand: Meraki Pages: 11
Intel II User Manual preview
II
Brand: Intel Pages: 96
ViewSonic viewstick 2 User Manual preview
viewstick 2
Brand: ViewSonic Pages: 58
Hitron CODA-4 8 Series User Manual preview
CODA-4 8 Series
Brand: Hitron Pages: 150
Fluke COMARK 3927739 Service Manual preview
COMARK 3927739
Brand: Fluke Pages: 65
D.I.P. CDN366 User Manual preview
CDN366
Brand: D.I.P. Pages: 93
Promise Technology VTrak G1000 Product Manual preview
VTrak G1000
Brand: Promise Technology Pages: 58
ActionTec GT704-WG User Manual preview
GT704-WG
Brand: ActionTec Pages: 127
Divebiss VCG-E-C-G User Manual preview
VCG-E-C-G
Brand: Divebiss Pages: 45

Brands by name

Popular brands

Load more brands