ZyXEL Communications LTE5121 User Manual Download Page 132 | Manualshive

Page: 132 / 234

background image

Chapter 12 Firewall

LTE-5121 User’s Guide

132

12.6 Firewall Technical Reference

This section provides some technical background information about the topics covered in this
chapter.

12.6.1 Guidelines For Enhancing Security With Your Firewall

1

Change the default password via web configurator.

2

Think about access control before you connect to the network in any way.

3

Limit who can access your LTE Device.

4

Don't enable any local service (such as Telnet or FTP) that you don't use. Any enabled service could
present a potential security risk. A determined hacker might be able to find creative ways to misuse
the enabled services to access the firewall or the network.

5

For local services that are enabled, protect against misuse. Protect by configuring the services to
communicate only with specific peers, and protect by configuring rules to block packets for the
services at specific interfaces.

6

Keep the firewall in a secured (locked) room.

12.6.2 Security Considerations

Note: Incorrectly configuring the firewall may block valid access or introduce security

risks to the LTE Device and your protected network. Use caution when creating or

deleting firewall rules and test your rules after you configure them.

Consider these security ramifications before creating a rule:

1

Does this rule stop LAN users from accessing critical resources on the Internet? For example, if IRC
is blocked, are there users that require this service?

2

Is it possible to modify the rule to be more specific? For example, if IRC is blocked for all users, will
a rule that blocks just certain users be more effective?

3

Does a rule that allows Internet users access to resources on the LAN create a security
vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN,
Internet users may be able to connect to computers with running FTP servers.

4

Does this rule conflict with any existing rules?

Once these questions have been answered, adding rules is simply a matter of entering the
information into the correct fields in the web configurator screens.

«
...
130
131
132
133
134
...
»

Summary of Contents for LTE5121

Page 1: ...Guide www zyxel com LTE5121 LTE IAD Version 1 00 Edition 1 6 2013 Copyright 2013 ZyXEL Communications Corporation User s Guide Default Login Details LAN IP Address http 192 168 1 1 User Name admin Pa...

Page 2: ...may differ slightly from your product due to differences in your product firmware or your computer operating system Every effort has been made to ensure that the information in this manual is accurat...

Page 3: ...Wireless 43 Home Networking 71 Static Route 95 DNS Route 99 Quality of Service QoS 103 Network Address Translation NAT 115 Dynamic DNS 123 Firewall 125 MAC Filter 133 Parental Control 135 Certificates...

Page 4: ...Contents Overview LTE 5121 User s Guide 4...

Page 5: ...1 5 Ways to Manage the LTE Device 17 1 6 Good Habits for Managing the LTE Device 17 1 7 LEDs Lights 17 1 8 The RESET Button 19 1 9 Wall mounting Instructions 19 Chapter 2 Introducing the Web Configura...

Page 6: ...gin 45 5 2 The Wireless General Screen 45 5 2 1 No Security 47 5 2 2 Basic Static WEP Shared WEP Encryption 47 5 2 3 More Secure WPA 2 PSK 49 5 2 4 WPA 2 Authentication 50 5 3 The More AP Screen 51 5...

Page 7: ...rview 95 7 2 Configuring Static Route 96 7 2 1 Add Edit Static Route 97 Chapter 8 DNS Route 99 8 1 Overview 99 8 1 1 What You Can Do in this Chapter 99 8 2 The DNS Route Screen 100 8 2 1 Add Edit DNS...

Page 8: ...t You Need To Know 123 11 2 The Dynamic DNS Screen 123 Chapter 12 Firewall 125 12 1 Overview 125 12 1 1 What You Can Do in this Chapter 125 12 1 2 What You Need to Know 126 12 2 The General Screen 126...

Page 9: ...1 Overview 149 16 2 The VPN Screen 149 16 3 IPSec VPN Add 150 16 4 VPN Monitor Screen 155 16 5 Technical Reference 155 16 5 1 IPSec Architecture 156 16 5 2 Encapsulation 156 16 5 3 IKE Phases 157 16 5...

Page 10: ...8 1 2 What You Need To Know 187 18 2 The LTE Status Screen 188 18 3 The System Log Screen 190 18 4 The Phone Log Screen 191 18 5 The VoIP Call History Screen 192 18 6 The WAN Status Screen 192 18 7 Th...

Page 11: ...reen 209 Chapter 26 Backup Restore 211 26 1 Overview 211 26 2 The Backup Restore Screen 211 26 3 The Reboot Screen 213 Chapter 27 Diagnostic 215 27 1 Overview 215 27 2 The Ping TraceRoute Screen 215 2...

Page 12: ...Table of Contents LTE 5121 User s Guide 12...

Page 13: ...13 PART I User s Guide...

Page 14: ...14...

Page 15: ...olution with VPN and a robust firewall that uses Stateful Packet Inspection SPI technology and protects against Denial of Service DoS attacks 1 2 Applications for the LTE Device Here are some example...

Page 16: ...LAN LED should change from on to off or vice versa Note You must also enable WLAN in the Network Wireless LAN General screen to use wireless LAN The WLAN LED should be on 1 4 The WPS Button Use the WP...

Page 17: ...r you will have to reset the LTE Device to its factory default settings If you backed up an earlier configuration file you would not have to totally re configure the LTE Device You could simply restor...

Page 18: ...n The LTE Device attempted to make an IP connection but failed ETHERNET 1 4 Green Giga Ethernet On The LTE Device has a successful 1000 Mbps Ethernet connection with a device on the Local Area Network...

Page 19: ...ease it When the POWER LED begins to blink the defaults have been restored and the device restarts 1 9 Wall mounting Instructions Do the following to hang your LTE Device on a wall 1 Locate a high pos...

Page 20: ...Make sure the screws are snugly fastened to the wall They need to hold the weight of the LTE Device with the connection cables Figure 5 Mount the Bracket on the Wall 7 Mount the LTE Device on the wal...

Page 21: ...E 5121 User s Guide 21 The following are dimensions of a screw anchor and M4 tap screw used for wall mounting All measurements are in millimeters mm The figure is enlarged to show detail Figure 7 Scre...

Page 22: ...Chapter 1 Introduction LTE 5121 User s Guide 22...

Page 23: ...abled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default 2 1 1 Accessing the Web Configurator 1 Make sure your LTE Device hardware is properly...

Page 24: ...t password Enter a new password retype it to confirm and click Apply alternatively click Skip to proceed to the main menu if you do not want to change the password now Figure 9 Change Password Screen...

Page 25: ...tor Layout As illustrated above the main screen is divided into these parts A title bar B main window C navigation panel 2 2 1 Title Bar The title bar shows the following icon in the upper right corne...

Page 26: ...you click LAN Device on the System Info screen a in Figure 11 on page 25 the Connection Status screen appears See Chapter 3 on page 29 for more information about the Connection Status screen If you cl...

Page 27: ...27 PART II Technical Reference The appendices provide general information Some details may not apply to your LTE Device...

Page 28: ...28...

Page 29: ...s If you click Virtual Device on the System Info screen a visual graphic appears showing the connection status of the LTE Device s ports See Section 2 2 2 on page 25 for more information 3 2 The Conne...

Page 30: ...e name icon In List View you can also view the client s information 3 3 The System Info Screen Click Connection Status System Info to open this screen Figure 15 System Info Screen Each field is descri...

Page 31: ...psulation used by the ISP IP Address This field displays the current IP address of the LTE Device in the WAN IP Subnet Mask This field displays the current subnet mask in the WAN LAN Information IP Ad...

Page 32: ...another SIM card error different from the ones listed above Signal Strength This displays the strength of the LTE connection that the LTE Device has with the base station which is also known as eNodeB...

Page 33: ...running since it last started up The LTE Device starts up when you plug it in when you restart it Maintenance Reboot or when you reset it see Section 1 8 on page 19 Current Date Time This field displa...

Page 34: ...e the LTE Device attempt to register the SIP account with the SIP server The second field displays the reason the account is not registered Inactive The SIP account is not active You can activate it i...

Page 35: ...Local Area Network and other networks so that a computer in one location can communicate with computers in other locations Figure 16 LAN and WAN 4 1 1 What You Can Do in this Chapter Use the Broadban...

Page 36: ...access settings such as LTE APN WAN IP address and SIM card s PIN code if the INTERNET light on your LTE Device is off Get this information from your service provider 4 2 The Broadband Screen The LTE...

Page 37: ...outing mode or bridge mode APN This field displays the name of the LTE network to which the LTE Device connects Encapsulation This shows the method of encapsulation used by this connection NAT This sh...

Page 38: ...network which your service provider gave you Dial String Enter the dial string for the ISP MTU The Maximum Transmission Unit MTU defines the size of the largest packet allowed on an interface or conn...

Page 39: ...card has PIN code security but you did not enter the PIN code yet PIN verified the SIM card has PIN code security and you entered the correct PIN code PIN locked you entered an incorrect PIN code too...

Page 40: ...If you enter the PIN code incorrectly too many times the ISP may block your 3G SIM card and not ley you use the account to access the Internet Remain attempts This is how many more times you can try t...

Page 41: ...uter before you can access it The LTE Device can get the DNS server addresses in the following ways 1 The ISP tells you the DNS server addresses usually in the form of an information sheet when you si...

Page 42: ...Chapter 4 Broadband LTE 5121 User s Guide 42...

Page 43: ...Status screen to check the noise levels of the wireless LAN channels Section 5 7 on page 57 You don t necessarily need to use all these screens to set up your wireless connection For example you may...

Page 44: ...nnel Like radio stations or television channels each wireless network uses a specific channel or frequency to send and receive information Every device in the same wireless network must use security c...

Page 45: ...S devices manually although this is somewhat more complicated to do What advanced options do you want to configure if any If you want to configure advanced options ensure that you know precisely what...

Page 46: ...sion rate of your LTE Device might be reduced when an 802 11b or 802 11g wireless client is associated with it Select 802 11b g to allow both IEEE 802 11b and IEEE 802 11g compliant WLAN devices to as...

Page 47: ...ase of use and when security is not an issue The wireless station and the AP or peer computer do not share a secret key Thus the wireless stations can associate with any AP or peer computer and listen...

Page 48: ...WEP LABEL DESCRIPTION Security Mode Choose Static WEP or Shared WEP from the drop down list box Select Static WEP to have the LTE Device allow association with wireless clients that use Open System mo...

Page 49: ...General screen Select More Secure as the security level Then select WPA PSK or WPA2 PSK from the Security Mode list Figure 25 Wireless General More Secure WPA 2 PSK The following table describes the...

Page 50: ...Then select WPA or WPA2 from the Security Mode list Figure 26 Wireless General More Secure WPA 2 WPA PSK Compatible This field appears when you choose WPA PSK2 as the Security Mode Check this field t...

Page 51: ...the external authentication server The default port number is 1812 You need not change this value unless your network administrator instructs you to do so with additional information Shared Secret Ent...

Page 52: ...gray bulb signifies that this SSID is not active SSID An SSID profile is the set of parameters relating to one of the LTE Device s BSSs The SSID Service Set IDentifier identifies the Service Set with...

Page 53: ...have the same SSID Enter a descriptive name up to 32 English keyboard characters for the wireless LAN Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot...

Page 54: ...S Method These fields display after you enable WPS and click Apply Method 1 PBC Use this section to set up a WPS wireless network using Push Button Configuration PBC WPS Click this button to add anoth...

Page 55: ...Device create a new PIN Status This displays Configured when the LTE Device has connected to a wireless network using WPS or Enable WPS is selected and wireless or wireless security settings have bee...

Page 56: ...vice a priority level according to the ToS value in the IP header of packets it sends WMM QoS Wifi MultiMedia Quality of Service gives high priority to voice and video which makes them run more smooth...

Page 57: ...oise levels of the wireless LAN channels Table 16 Network Setting Wireless Scheduling LABEL DESCRIPTION Wireless LAN Scheduling Select Enable to activate wireless LAN scheduling on your LTE Device WLA...

Page 58: ...s screen 5 8 Technical Reference This section discusses wireless LANs in depth For more information see the appendix Table 17 Network Setting Wireless Channel Status LABEL DESCRIPTION Channel Monitor...

Page 59: ...curity standard is very secure if you use a long key which is difficult for an attacker s software to guess for example a twenty letter long string of apparently random numbers and letters but it is n...

Page 60: ...cess of verifying whether a wireless device is allowed to use the wireless network You can make every user log in to the wireless network before using it However every device in the wireless network h...

Page 61: ...et up WPA2 PSK or WPA2 depending on the type of wireless network login and select the WPA compatible option in the LTE Device Many types of encryption use a key to protect the information in the wirel...

Page 62: ...ou can then assign varying QoS priorities and or security modes to different SSIDs Wireless devices can use different BSSIDs to associate with the same AP 5 8 5 1 Notes on Multiple BSSs A maximum of e...

Page 63: ...E Device see Section 5 4 on page 53 3 Press the button on one of the devices it doesn t matter which For the LTE Device you must press the WPS button for more than three seconds 4 Within two minutes p...

Page 64: ...in the AP s configuration interface 5 If the client device s configuration interface has an area for entering another device s PIN you can either enter the client s PIN in the AP or enter the AP s PI...

Page 65: ...acts as the enrollee the device that receives network and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the WPA PS...

Page 66: ...it is not part of an existing network and can act as either enrollee or registrar if it supports both functions If the registrar is unconfigured the security settings it transmits to the enrollee are...

Page 67: ...u know that Client 1 supports registrar mode but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network In this...

Page 68: ...rollees and one registrar you must set up the first enrollee by pressing the WPS button on the registrar and the first enrollee for example then check that it successfully enrolled then set up the sec...

Page 69: ...his has happened WPS works between only two devices simultaneously so if another device has enrolled your device will be unable to enroll and will not have access to the network If this happens open t...

Page 70: ...Chapter 5 Wireless LTE 5121 User s Guide 70...

Page 71: ...s on the LAN to specific individual computers based on their MAC Addresses Section 6 3 on page 75 Use the UPnP screen to enable UPnP Section 6 4 on page 77 Use the File Sharing screen to enable file s...

Page 72: ...1 2 2 About UPnP How do I know if I m using UPnP UPnP hardware is identified as an icon in the Network Connections folder Windows XP Each UPnP compatible device installed on your network will appear...

Page 73: ...File System The LTE Device uses Common Internet File System CIFS protocol for its file sharing functions CIFS compatible computers can access the USB file storage devices connected to the LTE Device...

Page 74: ...Device and configure the DNS server information that the LTE Device sends to the DHCP client devices on the LAN Figure 39 Network Setting Home Networking LAN Setup The following table describes the fi...

Page 75: ...addresses in the IP address pool Pool Size This field specifies the size or count of the IP address pool DNS Values DNS Server 1 3 The LTE Device supports DNS proxy by default The LTE Device sends out...

Page 76: ...ocal Area Network is unique to your computer six pairs of hexadecimal notation A network interface card such as an Ethernet adapter has a hardwired address that is assigned at the factory This address...

Page 77: ...Networking Static DHCP UPnP to display the screen shown next Figure 42 Network Setting Home Networking UPnP The following table describes the labels in this screen 6 5 The File Sharing Screen You can...

Page 78: ...ice is connected to your network and turned on 1 Connect the USB device to one of the LTE Device s USB ports Make sure the LTE Device is connected to your network 2 The LTE Device detects the USB devi...

Page 79: ...or not the share is available for sharing Share Name This field displays the share name on the LTE Device Share Path This field displays the path for the share directories folders on the LTE Device T...

Page 80: ...e the DMA 2500 to play the files Note Anyone on your network can play the media files in the published shares No user name and password or other form of security is used The media server is enabled by...

Page 81: ...ter must be connected to your LTE Device A USB printer with the driver already installed on your computer The computers on your network must have the printer software already installed before they can...

Page 82: ...TCP IP configuration at start up from a server You can configure the LTE Device as a DHCP server or disable it When configured as a server the LTE Device provides the TCP IP configuration for the clie...

Page 83: ...rved In other words the first three numbers specify the network number while the last number identifies an individual computer on that network Once you have decided on the network number pick an IP ad...

Page 84: ...SB Printers The following is a list of USB printer models compatible with the LTE Device print server Table 28 Compatible USB Printers BRAND MODEL Brother MFC7420 CANON BJ F9000 CANON i320 CANON PIXMA...

Page 85: ...HP Laserjet 2420 HP Color Laserjet 1500L HP Laserjet 3015 HP Officejet 4255 HP Officejet 5510 HP Officejet 5610 HP Officejet 7210 HP Officejet Pro L7380 HP Photosmart 2610 HP Photosmart 3110 HP Photo...

Page 86: ...indows Me Follow the steps below to install the UPnP in Windows Me 1 Click Start and Control Panel Double click Add Remove Programs 2 Click the Windows Setup tab and select Communication in the Compon...

Page 87: ...ponents 4 Click OK to go back to the Add Remove Programs Properties window and click Next 5 Restart the computer when prompted Installing UPnP in Windows XP Follow the steps below to install the UPnP...

Page 88: ...ing Components Wizard window displays Select Networking Service in the Components selection box and click Details Figure 53 Windows Optional Networking Components Wizard 5 In the Networking Services w...

Page 89: ...n Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the LTE Device Make sure the computer is connected to a LAN port of the LTE Device Turn on your computer and the L...

Page 90: ...r 6 Home Networking LTE 5121 User s Guide 90 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatically created Figure 56 Internet Connection Prope...

Page 91: ...appings or click Add to manually add port mappings Figure 57 Internet Connection Properties Advanced Settings Figure 58 Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled dev...

Page 92: ...ur current Internet connection status Figure 60 Internet Connection Status Web Configurator Easy Access With UPnP you can access the web based configurator on the LTE Device without finding out the IP...

Page 93: ...6 Home Networking LTE 5121 User s Guide 93 3 Select My Network Places under Other Places Figure 61 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local...

Page 94: ...Invoke The web configurator login screen displays Figure 62 Network Connections My Network Places 6 Right click on the icon for your LTE Device and select Properties A properties window displays with...

Page 95: ...tatic routes For example the next figure shows a computer A connected to the LTE Device s LAN interface The LTE Device routes most traffic from A to the Internet through the LTE Device s default gatew...

Page 96: ...te is not active Status This shows whether the static route is currently in use or not A yellow bulb signifies that this static route is in use A gray bulb signifies that this static route is not in u...

Page 97: ...gle host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID IP Subnet Mask Enter the IP subnet mask here Gateway IP Address You ca...

Page 98: ...Chapter 7 Static Route LTE 5121 User s Guide 98...

Page 99: ...esolve domain names that do not match any DNS routing entry After the LTE Device receives a DNS reply from a DNS server it creates a new entry for the resolved IP address in the routing table In the f...

Page 100: ...g DNS route Use this screen to configure the required information for a DNS route Figure 69 DNS Route Add Edit Table 31 Network Setting DNS Route LABEL DESCRIPTION Add new DNS route Click this to crea...

Page 101: ...e wildcard character an asterisk as the left most part of a domain name such as example com The LTE Device forwards DNS queries for any domain name ending in example com to the WAN interface specified...

Page 102: ...Chapter 8 DNS Route LTE 5121 User s Guide 102...

Page 103: ...a low level of latency delay and a low level of jitter variations in delay such as Internet gaming and those for which jitter alone is a problem such as Internet radio or streaming video 9 1 1 What Yo...

Page 104: ...Marking In a QoS class you can configure whether to add or change the DSCP DiffServ Code Point value ain a matched packet When the packet passes through a compatible network the networking device suc...

Page 105: ...he interface s actual transmission speed For example set the WAN interface speed to 1000 kbps if your Internet connection has an upstream transmission speed of 1 Mbps Setting this number higher than t...

Page 106: ...bulb signifies that this queue is not active Name This shows the descriptive name of this queue Interface This shows the name of the LTE Device s interface through which traffic in this queue passes P...

Page 107: ...he quality of other applications Click Network Setting QoS Class Setup to open the following screen Figure 73 Network Setting QoS Class Setup Priority Select the priority level from 1 to 7 of this que...

Page 108: ...me This is the name of the classifier Classification Criteria This shows criteria specified in this classifier for example the interface from which traffic of this class should come and the source MAC...

Page 109: ...con next to an existing classifier to configure it Figure 74 Class Setup Add Edit The following table describes the labels in this screen Table 37 Class Setup Add Edit LABEL DESCRIPTION Class Configur...

Page 110: ...nfigure source or destination MAC address IP address DHCP options DSCP value or the protocol type Source MAC Address Select the check box and enter the source MAC address of the packet MAC Mask Type t...

Page 111: ...ct User defined enter the protocol service type number IP Packet Length This field is available only when you select IP in the Ether Type field Select this option and enter the minimum and maximum pac...

Page 112: ...twork Setting QoS Monitor LABEL DESCRIPTION Monitor Refresh Interval Select how often you want the LTE Device to update this screen Select No Refresh to stop refreshing statistics Status This is the i...

Page 113: ...ing on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of...

Page 114: ...Chapter 9 Quality of Service QoS LTE 5121 User s Guide 114...

Page 115: ...The following terms and concepts may help as you read this chapter Inside Outside and Global Local Inside outside denotes where a host is located relative to the LTE Device for example the computers...

Page 116: ...for example both FTP and web service it might be better to specify a range of port numbers You can allocate a server IP address that corresponds to a port or a range of ports Please refer to RFC 1700...

Page 117: ...this by clicking the edit icon WAN Interface This shows the WAN interface through which the service is forwarded Start Port This is the first external port number that identifies a service End Port T...

Page 118: ...ne port enter the port number again in the External End Port field To forward a series of ports enter the start port number here and the end port number in the External End Port field End Port Configu...

Page 119: ...work Setting NAT Sessions Protocol Type Select the protocol supported by this virtual server Choices are TCP UDP or TCP UDP Apply Click Apply to save your changes Back Click Back to return to the prev...

Page 120: ...e fields in this screen 10 6 Technical Reference This section provides some technical background information about the topics covered in this chapter Table 42 Network Setting NAT Sessions LABEL DESCRI...

Page 121: ...inside local address before forwarding it to the original inside host Note that the IP address either local or global of an outside host is never changed The global IP addresses for the inside hosts...

Page 122: ...port numbers so incoming reply packets can have their original values restored The following figure illustrates this Figure 82 How NAT Works 192 168 1 13 192 168 1 10 192 168 1 11 192 168 1 12 SA 192...

Page 123: ...s First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The...

Page 124: ...ame assigned to your LTE Device by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma E Mail Address If you set the Dynamic DNS service provider to TZO or...

Page 125: ...ant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 84 Default Firewall Action 12 1...

Page 126: ...N interface and four Ethernet LAN ports which separate the network into two areas The WAN Wide Area Network connects to the Internet The LAN Local Area Network port attaches to a network of computers...

Page 127: ...es Table 46 Security Firewall General LABEL DESCRIPTION Firewall Select Enable to activate the firewall The LTE Device performs access control and protects against Denial of Service DoS attacks when t...

Page 128: ...vice Click the Delete icon to delete the service Note that subsequent rules move up by one when you take this action Deleting a service rule also deletes the related ACL rules which are configured in...

Page 129: ...er rule before you create a new one Add new ACL rule Click this to go to add a filter rule for incoming or outgoing IP traffic Name This displays the name of the rule Src IP This displays the source I...

Page 130: ...gle or Range depending on whether you want to enter a single or a range of source IP address es to which the ACL rule applies Select Any to indicate any source IP address Source IP Address Start Enter...

Page 131: ...d then enter a single port number or the range of port numbers of the destination Select Any to indicate any destination port Policy Use the drop down list box to select whether to silently discard DR...

Page 132: ...red locked room 12 6 2 Security Considerations Note Incorrectly configuring the firewall may block valid access or introduce security risks to the LTE Device and your protected network Use caution whe...

Page 133: ...Ethernet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You need to k...

Page 134: ...e LTE Device MAC addresses not listed will be denied access to the LTE Device If you clear this the MAC Address field for this set clears MAC Address Enter the MAC addresses of the wireless station an...

Page 135: ...n Table 53 Parental Control Parental Control LABEL DESCRIPTION Parental Control Select Enable to activate parental control Add new PCP Click this if you want to configure a new parental control rule T...

Page 136: ...arental Control Rule The following table describes the fields in this screen Website Block This shows whether the website block is configured If not None will be shown Modify Click the Edit icon to go...

Page 137: ...e blocks access to all URLs except ones listed below Add new service Click this to show a screen in which you can add a new service rule You can configure the Service Name Protocol and Name of the new...

Page 138: ...Chapter 14 Parental Control LTE 5121 User s Guide 138...

Page 139: ...ow The following terms and concepts may help as you read this chapter Certification Authorities A Certification Authority CA issues certificates and guarantees the identity of each certificate owner T...

Page 140: ...ce only has to store the certificates of the certification authorities that you decide to trust no matter how many devices you need to authenticate Key distribution is simple and very secure since you...

Page 141: ...uter 3 Double click the certificate s icon to open the Certificate window Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields Figure 95 Certificate Details 4 Use a...

Page 142: ...nizational unit or department organization or company and country Valid From This field displays the date that the certificate becomes applicable The text displays in red and includes a Not Yet Valid...

Page 143: ...te to the LTE Device Table 56 Security Certificates Trusted CA LABEL DESCRIPTION Import Certificate Click this button to open a screen where you can save the certificate of a certification authority t...

Page 144: ...e certificate s name and set whether or not you want the LTE Device to check a certification authority s list of revoked certificates before trusting a certificate issued by the certification authorit...

Page 145: ...ed CA View LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate If you want to change the name type up to 31 characters to identify this key certificate You...

Page 146: ...rtificate have unique subject information Issuer This field displays identifying information about the certificate s issuing certification authority such as a common name organizational unit or depart...

Page 147: ...The following table describes the labels in this screen Table 60 Security Certificates VPN Certificates Import LABEL DESCRIPTION Name Type in the name of the certificate Public Key Copy the public ke...

Page 148: ...Chapter 15 Certificates LTE 5121 User s Guide 148...

Page 149: ...16 2 The VPN Screen Use this screen to view and manage your VPN tunnel policies The following figure helps explain the main fields in the web configurator Figure 102 IPSec Fields Summary Click Securit...

Page 150: ...abled Tunnel Name The name of the VPN connection Local Address This displays the IP address of the LTE Device Remote Address This displays the IP address of the remote IPSec router IPSec Algorithm Thi...

Page 151: ...Chapter 16 VPN LTE 5121 User s Guide 151 Figure 104 IPSec VPN Add...

Page 152: ...cted specify IP addresses on a network by their subnet mask by entering a static IP address on the LAN behind your LTE Device Then enter the subnet mask to identify the network address End Subnet Mask...

Page 153: ...ype the IP address of the computer with which you will make the VPN connection If you configure this field to 0 0 0 0 or leave it blank the LTE Device will use the address in the Secure Gateway Addres...

Page 154: ...Sec SA automatically renegotiates in this field A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys However every time the VPN tunn...

Page 155: ...pt and decrypt information Both routers must use the same DH key group Choices are Diffie Hellman Group2 use a 1024 bit random number Diffie Hellman Group5 use a 1536 bit random number Diffie Hellman...

Page 156: ...gorithms The Encryption Algorithm describes the use of encryption techniques such as DES Data Encryption Standard and Triple DES algorithms The Authentication Algorithms HMAC MD5 RFC 2403 and HMAC SHA...

Page 157: ...se of portions of the original IP header in the hashing process Tunnel Mode Tunnel mode encapsulates the entire IP packet to transmit it securely A Tunnel mode is required for gateway services to prov...

Page 158: ...ic key cryptography key group Set the IPSec SA lifetime This field allows you to determine how long the IPSec SA should stay up before it times out The LTE Device automatically renegotiates the IPSec...

Page 159: ...lates the entire original packet including headers in a new IP packet The new IP packet s source address is the outbound address of the sending VPN gateway and its destination address is the inbound a...

Page 160: ...ized in the following table Y This is supported in the LTE Device if you enable NAT traversal 16 5 7 ID Type and Content With aggressive negotiation mode see Section 16 5 4 on page 158 the LTE Device...

Page 161: ...cured communications channel Diffie Hellman is used within IKE SA setup to establish session keys Upon completion of the Diffie Hellman exchange the two peers have a shared secret but the IKE SA is no...

Page 162: ...Chapter 16 VPN LTE 5121 User s Guide 162...

Page 163: ...the phones connected to the ZyXEL Device Section 17 3 on page 171 Use the Common screen to configure RFC 3262 support on the LTE Device Section 17 5 on page 175 Use the Phone Device screen to control...

Page 164: ...f the call routing and setup figuring out how to get your call to the right place in a way that you and the other person can talk to one another Voice Activity Detection Silence Suppression Voice Acti...

Page 165: ...provider gave you ready before you start to configure the LTE Device 17 2 The SIP Service Provider Screen Use this screen to configure the SIP server information QoS for VoIP calls the numbers for cer...

Page 166: ...ote Click more to see all the fields in the screen You don t necessarily need to use all these fields to set up your account Click hide more to see and configure only the fields needed for this featur...

Page 167: ...ection Service Provider Selection Select the SIP service provider profile you want to use for the SIP account you configure in this screen If you change this field the screen automatically refreshes G...

Page 168: ...AN connections The VoIP service is activated only when one of the selected WAN connections is up RFC Support PRACK RFC 3262 RFC 3262 defines a mechanism to provide reliable transmission of SIP provisi...

Page 169: ...ervice provider has a SIP outbound server to handle voice calls This allows the LTE Device to work with any type of NAT router and eliminates the need for STUN or a SIP ALG Turn off any SIP ALG on a N...

Page 170: ...call so that you won t miss any important calls Call Waiting Disable This code is used to turn the call waiting feature off One Shot Call Waiting Enable This code is used to enable call waiting only...

Page 171: ...scribes the labels in this screen Do Not Disturb Disable This code is used to turn the Do Not Disturb feature off Apply Click Apply to save your changes Cancel Click Cancel to restore your previously...

Page 172: ...Guide 172 17 3 1 Add Edit SIP Account You can configure a new SIP account or edit one To access this screen click Add new SIP Account in the SIP Account screen or Edit icon next to an existing account...

Page 173: ...clude the SIP service domain name Voice Features Primary Compression Type Secondary Compression Type Third Compression Type Select the type of voice coder decoder codec that you want the LTE Device to...

Page 174: ...call is forwarded to the specified phone number if you reject or ignore the second incoming call Active No Answer Forward Select this if you want the LTE Device to forward incoming calls to the speci...

Page 175: ...e uses Click VoIP Phone to access the Phone Device screen Figure 114 VoIP Phone Phone Device The following table describes the labels in this screen 17 5 1 Edit Phone Device You can decide which SIP a...

Page 176: ...g calls with the analog phone connected to this phone port SIP Number This shows the SIP account number SIP Account s to Receive Incoming Call SIP Account Select a SIP account if you want to receive p...

Page 177: ...figured a speed dial rule you can use a shortcut the speed dial number 01 for example on your phone s keypad to call the phone number Table 74 VoIP Phone Region LABEL DESCRIPTION Region Settings Selec...

Page 178: ...on to update the Speed Dial Phone Book section Phone Book Use this section to look at all the speed dial entries and to erase them This field displays the speed dial number you should dial to use this...

Page 179: ...m that of the signaling SIP handles telephone calls and can interface with traditional circuit switched telephone networks SIP Identities A SIP account uses an identity sometimes referred to as a SIP...

Page 180: ...registrations and subsequent SIP requests require a username and password for authorization These credentials are validated via a challenge response system using the HTTP digest mechanism as detailed...

Page 181: ...ds the translated IP address back to the device that sent the request Then the client device that originally sent the request can send requests to the IP address that it received back from the redirec...

Page 182: ...register RTP When you make a VoIP call using SIP the RTP Real time Transport Protocol is used to handle voice data transfer See RFC 3550 for details on RTP Pulse Code Modulation Pulse Code Modulation...

Page 183: ...n standard PCM conversion ADPCM converts analog audio into digital signals based on the difference between each audio sample and a prediction based on previous samples The more similar the audio sampl...

Page 184: ...DS Differentiated Services field to replace the Type of Service TOS field in the IP header The DS field contains a 2 bit unused field and a 6 bit DSCP field which can define up to 64 service levels Th...

Page 185: ...ble below After pressing the flash key if you do not issue the sub command before the default sub command time out 2 seconds expires or issue an invalid sub command the current operation will be abort...

Page 186: ...ess the flash key and then 2 European Call Transfer Do the following to transfer a call that you have answered to another phone number 1 Press the flash key to put the caller on hold 2 When you hear t...

Page 187: ...ection 18 8 on page 194 Use the VoIP Status screen to view the VoIP traffic statistics Section 18 9 on page 195 18 1 2 What You Need To Know The following terms and concepts may help as you read this...

Page 188: ...s screen Table 78 Syslog Severity Levels CODE SEVERITY 0 Emergency The system is unusable 1 Alert Action must be taken immediately 2 Critical The system condition is critical 3 Error There is an error...

Page 189: ...connection LTE displays for an LTE connection Signal Strength This displays the signal strength of the connection to the base station This is also known as the eNodeB or eNB Signal Quality This displ...

Page 190: ...the LTE module is using in dBm This only applies to an LTE connection Cell ID This identifies the radio tower to which the LTE module is connected TAC This displays the LTE module s current Tracking...

Page 191: ...ates the reason for the log Table 80 System Monitor Log System Log continued LABEL DESCRIPTION Table 81 System Monitor Log Phone Log LABEL DESCRIPTION Select a category of logs to view from the drop d...

Page 192: ...or Traffic Status WAN Table 82 System Monitor Log VoIP Call History LABEL DESCRIPTION Select a category of call records to view from the drop down list box select All Call History to view all call rec...

Page 193: ...op down list box Connected Interface This shows the name of the WAN interface that is currently connected Packets Sent Data This indicates the number of transmitted packets on this interface Error Thi...

Page 194: ...of frames with errors transmitted on this interface Drop This indicates the number of outgoing packets dropped on this interface Received Packet Data This indicates the number of received packets on t...

Page 195: ...he SIP server the attempt failed The LTE Device automatically tries to register the SIP account when you turn on the LTE Device or when you activate it Inactive The SIP account is not active You can a...

Page 196: ...c This field displays what voice codec is being used for a current VoIP call through a phone port Peer Number This field displays the SIP number of the party that is currently engaged in a VoIP call t...

Page 197: ...ance User Account LABEL DESCRIPTION User Name You can configure the password for the Power User and Admin accounts Old Password Type the default password or the existing password you use to access the...

Page 198: ...Chapter 19 User Account LTE 5121 User s Guide 198...

Page 199: ...rs to use a TR 064 compliant CPE management application on their computers from the LAN to discover the CPE and configure user specific parameters such as the username and password SSH SCP SFTP Secure...

Page 200: ...is is the service you may use to access the LTE Device LAN WLAN Select the Enable check box for the corresponding services that you want to allow access to the LTE Device from the LAN and WLAN WAN Sel...

Page 201: ...LTE Device supports SNMP version one SNMPv1 and version two SNMPv2c The next figure illustrates an SNMP management operation Figure 132 SNMP Management Model An SNMP managed network consists of two m...

Page 202: ...by a series of GetNext operations Set Allows the manager to set values for object variables within an agent Trap Used by the agent to inform the manager of some events Click Maintenance SNMP to open t...

Page 203: ...port files the domain name is www zyxel com 22 2 The System Screen Use the System screen to configure the system s host name domain name and inactivity time out interval The Host Name is for identific...

Page 204: ...ave this field blank the ISP may assign a domain name via DHCP The domain name entered by you is given priority over the ISP assigned domain name Administrator Inactivity Timer Type how many minutes a...

Page 205: ...ntenance System Time Setting LABEL DESCRIPTION Current Date Time Current Time This field displays the time of your LTE Device Current Date This field displays the date of your LTE Device Time and Date...

Page 206: ...The time you type in the o clock field depends on your time zone In Germany for instance you would type 2 because Germany s time zone is one hour ahead of GMT or UTC GMT 1 End Date Configure the day...

Page 207: ...where the LTE Device sends logs and which logs and or immediate alerts the LTE Device records in the Log Setting screen 24 2 The Log Setting Screen To change your LTE Device s log settings click Maint...

Page 208: ...logging Syslog Server Enter the server name or IP address of the syslog server that will log the selected categories of logs UDP Port Enter the port number used by the syslog server Active Log and Sel...

Page 209: ...Upgrade to open the following screen The upload process uses HTTP Hypertext Transfer Protocol and may take up to three minutes After a successful upload the system will reboot Do NOT turn off the LTE...

Page 210: ...ssage Browse Click this to find the bin file you want to upload Remember that you must decompress compressed zip files before you can upload them Upload Click this to begin the upload process This pro...

Page 211: ...figuration appears in this screen as shown next Figure 141 Maintenance Backup Restore Backup Configuration Backup Configuration allows you to back up save the LTE Device s current configuration to a f...

Page 212: ...on your desktop Figure 142 Network Temporarily Disconnected If you restore the default configuration you may need to change the IP address of your computer to be in the same subnet as that of the def...

Page 213: ...rocess Message You can also press the RESET button on the back panel to reset the factory defaults of your LTE Device Refer to Section 1 8 on page 19 for more information on the RESET button 26 3 The...

Page 214: ...Chapter 26 Backup Restore LTE 5121 User s Guide 214...

Page 215: ...shoot network or Internet connections Click Maintenance Diagnostic to open the Ping TraceRoute screen shown next Figure 145 Maintenance Diagnostic Ping TraceRoute The following table describes the fie...

Page 216: ...agnostic LTE The following table describes the fields in this screen Table 96 Maintenance Diagnostic LTE ITEM DESCRIPTION LTE Service Status Click this button to view the LTE connection s type APN int...

Page 217: ...The LTE Device does not turn on None of the LEDs turn on 1 Make sure the LTE Device is turned on 2 Make sure you are using the power adaptor or cord included with the LTE Device 3 Make sure the power...

Page 218: ...dress in your Internet browser 3 If this does not work you have to reset the device to its factory defaults See Section 1 8 on page 19 I forgot the password 1 The default admin password is 1234 and th...

Page 219: ...Make sure you have entered the user name and password correctly The default user name is admin These fields are case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configur...

Page 220: ...r device and follow the directions in the Quick Start Guide again 6 If the problem continues contact your ISP I cannot access the Internet anymore I had access to the Internet with the LTE Device but...

Page 221: ...and the wireless client Reduce the number of wireless clients connecting to the same AP simultaneously or add additional APs if necessary Try closing some programs that use the Internet especially pe...

Page 222: ...n Make sure that your telephone is connected to the PHONE port 2 You can also check the VoIP status in the System Info screen 3 If the VoIP settings are correct use speed dial to make peer to peer cal...

Page 223: ...twork 1 Disconnect the Ethernet cable from the LTE Device s LAN port or from your computer 2 Re connect the Ethernet cable The Local Area Connection icon for UPnP disappears in the screen Restart your...

Page 224: ...Chapter 28 Troubleshooting LTE 5121 User s Guide 224...

Page 225: ...elated service providers Do not use the LTE Device for illegal purposes Illegal downloading or sharing of files can result in severe civil and criminal penalties You are subject to the restrictions of...

Page 226: ...e Applied Standard s EN 62311 2008 EN 50385 2002 2 Safety Article 3 1 a of the R TTE Directive Applied Standard s EN 60950 1 2006 A11 2009 A1 2010 A12 2011 3 Electromagnetic compatibility Article 3 1...

Page 227: ...or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchanta...

Page 228: ...ice and the power source Do NOT attempt to repair the power adaptor or cord Contact your local vendor to order a new one Do not use the device outside and make sure all the connections are indoors The...

Page 229: ...call hold 185 call rule 177 call service mode 185 call transfer 186 call waiting 186 certificate factory default 142 certificates 139 CA 139 replacing 142 storage space 142 thumbprint algorithms 141 t...

Page 230: ...see DHCP DYNDNS wildcard 123 E echo cancellation 164 encapsulation 156 encryption 60 ESP 156 Europe type call service mode 185 Extended Service Set IDentification 46 53 F File Sharing 77 firewalls 125...

Page 231: ...80 iTunes server 80 model name 31 multimedia 179 Multiple BSS see MBSSID N NAT 83 116 default server 119 definitions 121 DMZ host 119 how it works 121 IPSec 159 traversal 159 what it does 121 negotia...

Page 232: ...itiation Protocol see SIP silence suppression 164 Simple Network Management Protocol see SNMP SIP 179 account 179 call progression 182 client 180 identities 179 INVITE request 183 number 179 proxy ser...

Page 233: ...see WAN 35 warning wall mounting 19 warnings 227 warranty 227 note 227 Web Configurator 23 web configurator passwords 23 WEP 48 61 WEP Encryption 49 wireless LAN 43 authentication 59 60 BSS 61 exampl...

Page 234: ...Index LTE 5121 User s Guide 234...

Reviews:

No comments

Related manuals for LTE5121

Brand: Patton Pages: 181

Brand: ZyXEL Communications Pages: 210

Brand: M-system Pages: 7

Brand: WITELCOM Pages: 2

Brand: PEHA Pages: 4

Brand: SharkRF Pages: 131

Brand: Gree Pages: 21

Brand: Dialogic Pages: 11

Brand: Technica Engineering Pages: 7

SpeedStream 5450

Brand: Siemens Pages: 83

SpeedStream 6500 Series

Brand: Siemens Pages: 98

Brand: ETC Pages: 5

Brand: Zoom Pages: 2

Brand: San Telequip Pages: 19

Brand: enphase Pages: 3

Brand: enphase Pages: 6

ENV-S-AM1-230-60

Brand: enphase Pages: 37

Enphase Envoy-S Metered

Brand: enphase Pages: 49

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands