ZyXEL Communications P-870HW-I Series User Manual Download | Manualshive

Page: 150 / 438

background image

P-870HW-I1 User’s Guide

150

Chapter 11 Firewalls

In general, services are consist of two parts. First, each service has one or two IP protocol
types (for example, TCP, UDP, or TCP/UDP). Second, each service has one or more port
numbers. Together, these parts define the service. See

Appendix I on page 431

for examples of

services.

11.1.6 DoS Thresholds

For DoS attacks, the ZyXEL Device uses thresholds to determine when to drop sessions that
do not become fully established. These thresholds apply globally to all sessions.

You can use the default threshold values, or you can change them to values more suitable to
your security requirements.

11.1.6.1 Threshold Values

Tune these parameters when something is not working and after you have checked the firewall
counters. These default values should work fine for most small offices. Factors influencing
choices for threshold values are:

• The maximum number of opened sessions.
• The minimum capacity of server backlog in your LAN network.
• The CPU power of servers in your LAN network.
• Network bandwidth.
• Type of traffic for certain servers.

If your network is slower than average for any of these factors (especially if you have servers
that are slow or handle many tasks and are often busy), then the default values should be
reduced.

You should make any changes to the threshold values before you continue configuring
firewall rules.

11.1.6.2 Half-Open Sessions

An unusually high number of half-open sessions (either an absolute number or measured as
the arrival rate) could indicate that a Denial of Service attack is occurring. For TCP, "half-
open" means that the session has not reached the established state-the TCP three-way
handshake has not yet been completed. For UDP, "half-open" means that the firewall has
detected no return traffic.

The ZyXEL Device measures both the total number of existing half-open sessions and the rate
of session establishment attempts. Both TCP and UDP half-open sessions are counted in the
total number and rate measurements. Measurements are made once a minute.

«
...
148
149
150
151
152
...
»

Summary of Contents for P-870HW-I Series

Page 1: ...P 870HW I Series 802 11g Wireless VDSL2 4 port Gateway User s Guide Version 3 50 8 2006 Edition 1...

Page 2: ......

Page 3: ...EL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it conv...

Page 4: ...there is no guarantee that interference will not occur in a particular installation If this device does cause harmful interference to radio television reception which can be determined by turning the...

Page 5: ...Switzerland with restrictions in France This device has been designed for the WLAN 2 4 GHz network throughout the EC region and Switzerland with restrictions in France This Class B digital apparatus...

Page 6: ...in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device i...

Page 7: ...P 870HW I1 User s Guide Safety Warnings 7 This product is recyclable Dispose of it properly...

Page 8: ...ent as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fi...

Page 9: ...odrany Cesk Republika info cz zyxel com 420 241 091 359 DENMARK support zyxel dk 45 39 55 07 00 www zyxel dk ZyXEL Communications A S Columbusvej 2860 Soeborg Denmark sales zyxel dk 45 39 55 07 07 FIN...

Page 10: ...t zyxel es 34 902 195 420 www zyxel es ZyXEL Communications Arte 21 5 planta 28033 Madrid Spain sales zyxel es 34 913 005 345 SWEDEN support zyxel se 46 31 744 7700 www zyxel se ZyXEL Communications A...

Page 11: ...Device 39 1 2 Features 39 1 2 1 Wireless Features 41 1 3 Application 42 1 3 1 Protected Internet Access 42 1 3 2 Management Server 43 1 4 LEDs 43 1 5 Splitters and Microfilters 44 1 5 1 Connecting a...

Page 12: ...creen 66 3 7 ISP Parameters Screen 67 3 7 1 ISP Parameters Ethernet Screen 67 3 7 2 ISP Parameters PPPoE Screen 68 3 8 IP Address Type Screen 69 3 9 Static IP Address Settings Screen 70 3 9 1 Static I...

Page 13: ...6 4 5 General Wireless LAN Screen 802 1x Dynamic WEP 101 6 4 6 General Wireless LAN Screen 802 1x Static WEP 103 6 4 7 General Wireless LAN Screen 802 1x No WEP 104 6 4 8 General Wireless LAN Screen W...

Page 14: ...en 139 10 3 Port Forwarding Screen 140 10 3 1 Port Forwarding Edit Screen 141 10 4 Trigger Port Screen 142 10 5 Address Mapping Screen 143 10 5 1 Address Mapping Edit Screen 144 Chapter 11 Firewalls 1...

Page 15: ...ficates 169 13 1 Certificates Overview 169 13 1 1 Advantages of Certificates 170 13 1 2 Self signed Certificates 170 13 1 3 Certificate File Formats 170 13 2 My Certificates Screen 170 13 3 Import My...

Page 16: ...e MGMT 205 16 1 Remote Management Overview 205 16 1 1 Remote Management Limitations 205 16 1 2 Remote Management and NAT 206 16 1 3 System Timeout 206 16 1 4 SNMP 206 16 1 4 1 Supported MIBs 207 16 1...

Page 17: ...w 237 19 1 1 Alerts and Logs 237 19 2 View Log Screen 237 19 3 Log Settings Screen 238 Chapter 20 Tools 241 20 1 Firmware Upgrade 241 20 2 Configuration Screen 242 20 3 Restart Screen 244 Chapter 21 I...

Page 18: ...ial in User Setup 277 28 1 Dial in User Setup 277 28 2 Edit Dial in User 277 Chapter 29 NAT Setup 279 29 1 Address Mapping Sets 279 29 2 Address Mapping Rules 279 29 3 Address Mapping Rule 281 29 4 NA...

Page 19: ...Triggering Packet 317 34 6 Diagnostic 317 Chapter 35 System Maintenance 24 5 24 7 319 35 1 Filename Conventions 319 35 2 Backup Configuration 320 35 2 1 Backup Configuration Using FTP 320 35 2 2 Using...

Page 20: ...ute 339 37 2 Benefits 339 37 3 Routing Policy 339 37 4 IP Routing Policy Summary 340 37 5 IP Routing Policy Setup 341 37 6 IP Routing Policy Setup 342 37 7 IP Policy Routing Example 343 Chapter 38 Sch...

Page 21: ...NAT 381 NAT Overview 381 NAT Definitions 381 What NAT Does 382 How NAT Works 382 NAT Application 383 NAT Mapping Types 383 NAT Types 384 SUA Single User Account Versus NAT 389 SUA Server 389 Appendix...

Page 22: ...P 870HW I1 User s Guide 22 Table of Contents Example Internal SPTGEN Menus 418 Appendix I Services 431 Index 435...

Page 23: ...ion Wizard Wireless Security Extend WPA PSK Security Screen 1 63 Figure 20 Connection Wizard Wireless Security Extend WPA PSK Security Screen 2 64 Figure 21 Connection Wizard Wireless Security Extend...

Page 24: ...Figure 57 OTIST Settings 110 Figure 58 OTIST In Progress on the ZyXEL Device 110 Figure 59 OTIST In Progress on the Wireless Client 111 Figure 60 Start OTIST 111 Figure 61 Network Wireless LAN MAC Fi...

Page 25: ...d CAs 180 Figure 101 Security Certificates Trusted CAs Import 181 Figure 102 Security Certificates Trusted CAs Edit 182 Figure 103 Security Certificates Trusted Remote Hosts 185 Figure 104 Certificate...

Page 26: ...ew Log 237 Figure 143 Maintenance Logs Log Settings 239 Figure 144 Maintenance Tools Firmware 241 Figure 145 Upload Firmware In Progress 242 Figure 146 Upload Firmware Network Temporarily Disconnected...

Page 27: ...8 Example Filter Menu 21 1 3 1 298 Figure 189 Example Filter Rules Summary Menu 21 1 3 299 Figure 190 Protocol and Device Filter Sets 300 Figure 191 Filtering LAN Traffic 301 Figure 192 Filtering Remo...

Page 28: ...e 229 IP Routing Policy Example 1 344 Figure 230 IP Routing Policy Example 2 345 Figure 231 Menu 26 Schedule Setup 348 Figure 232 Menu 26 1 Schedule Set Setup 349 Figure 233 Pop up Blocker 354 Figure...

Page 29: ...378 Figure 263 Red Hat 9 0 Checking TCP IP Properties 378 Figure 264 How NAT Works 382 Figure 265 NAT Application With IP Alias 383 Figure 266 Full Cone NAT Example 386 Figure 267 Restricted Cone NAT...

Page 30: ...P 870HW I1 User s Guide 30 List of Figures...

Page 31: ...6 Table 15 Connection Wizard ISP Parameters Ethernet 68 Table 16 Connection Wizard ISP Parameters PPPoE 69 Table 17 Connection Wizard IP Address Type 70 Table 18 Connection Wizard Static IP Address Et...

Page 32: ...ble 59 Network NAT Port Forwarding 140 Table 60 Network NAT Port Forwarding Edit 141 Table 61 Network NAT Trigger Port 142 Table 62 Network NAT Address Mapping 144 Table 63 Network NAT Address Mapping...

Page 33: ...SNMP 212 Table 99 Management Remote MGMT DNS 213 Table 100 Management Remote MGMT Security 214 Table 101 Management Remote MGMT SSH 215 Table 102 TR 069 Commands 216 Table 103 Configuring UPnP 218 Tab...

Page 34: ...0 Table 145 Menu 23 4 System Security IEEE802 1x 311 Table 146 Menu 24 1 System Maintenance Status 313 Table 147 Menu 24 2 1 System Maintenance Information 315 Table 148 Menu 24 2 2 System Maintenance...

Page 35: ...e 184 Attack Logs 402 Table 185 IPSec Logs 403 Table 186 IKE Logs 403 Table 187 PKI Logs 406 Table 188 Certificate Path Verification Failure Reason Codes 407 Table 189 802 1X Logs 408 Table 190 ACL Se...

Page 36: ...P 870HW I1 User s Guide 36 List of Tables...

Page 37: ...more characters Select or Choose means for you to use one of the predefined choices Mouse action sequences are denoted using a right angle bracket For example In Windows click Start Settings Control...

Page 38: ...stions for improvement to techwriters zyxel com tw or send regular mail to The Technical Writing Team ZyXEL Communications Corp 6 Innovation Road II Science Based Industrial Park Hsinchu 300 Taiwan Th...

Page 39: ...devices Note Actual speeds attained depend on the distance from your ISP line quality and so on Note Only use firmware for your ZyXEL Device s specific model Refer to the label on the bottom of your...

Page 40: ...of an Internet protocol address used within one network for example a private IP address used in a local network to a different IP address known within another network for example a public IP address...

Page 41: ...up from a centralized DHCP server The ZyXEL Device has built in DHCP server capability enabled by default It can assign IP addresses an IP default gateway and DNS servers to DHCP clients The ZyXEL De...

Page 42: ...Antenna The ZyXEL Device is equipped with one 2 dBi fixed antenna to provide clear radio signal between the wireless stations and the access points Output Power Management Output power management is...

Page 43: ...net Access 1 3 2 Management Server Your ZyXEL Device can be managed via a management server such as ZyXEL s Vantage CNM Access The management server can securely manage and update configuration change...

Page 44: ...ice is rebooting or performing diagnostics Red On Power to the ZyXEL Device is too low or there is a hardware error Off The system is not ready or has malfunctioned LAN 1 4 Green On The ZyXEL Device h...

Page 45: ...e above 4KHz A microfilter acts as a low pass filter for your telephone to ensure that VDSL transmissions do not interfere with your telephone voice transmissions The use of a telephone microfilter is...

Page 46: ...P 870HW I1 User s Guide 46 Chapter 1 Getting To Know Your ZyXEL Device...

Page 47: ...he web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScripts enabled by default Java permissi...

Page 48: ...screen appears Figure 7 Login Change Password Screen 4 Follow the directions to change your password or click Cancel to keep the default password If you do not change your password this screen appear...

Page 49: ...d setup to use the wizards See Chapter 3 on page 55 and Chapter 4 on page 77 Select Go to Advanced setup to open the main screen See Section 2 3 on page 49 Note By default the web configurator automat...

Page 50: ...Table 2 Web Configurator Navigation Panel and Icons LINK ICON SUB LINK FUNCTION Wizard INTERNET WIRELESS SETUP Use these screens to set up a basic wireless network and your Internet connection BANDWI...

Page 51: ...L Device s DHCP server which assigns IP addresses and provides DNS server information to other computers on the LAN or WLAN Static DHCP Use this screen to assign the same IP address to a computer on t...

Page 52: ...ers can use FTP to access the ZyXEL Device SNMP Use this screen to configure your ZyXEL Device s settings for Simple Network Management Protocol management DNS Use this screen to configure through whi...

Page 53: ...again Note You will lose all of your changes when you push the RESET button To reset the ZyXEL Device 1 Make sure the PWR SYS light is on and not blinking 2 Press and hold the RESET button until the P...

Page 54: ...P 870HW I1 User s Guide 54 Chapter 2 Introducing the Web Configurator...

Page 55: ...ard Screen The following table describes the labels in this screen Table 3 Main Wizard Screen LABEL DESCRIPTION Connection Wizard Select this to set up a basic wireless network and your Internet conne...

Page 56: ...the labels in this screen 3 3 System Information Screen Use this screen to set up the system name and domain name for your ZyXEL Device Table 4 Connection Wizard Welcome LABEL DESCRIPTION Back Click...

Page 57: ...d you enter your computer s Computer name in this field This name can be up to 30 alphanumeric characters long Spaces are not allowed but dashes and underscores _ are accepted Domain Name Enter the do...

Page 58: ...her wireless networks Security Select the strongest level that all the computers in your wireless network support From weakest to strongest the security levels are None Basic WEP Auto or Extend WPA PS...

Page 59: ...able 7 Connection Wizard Wireless Security None LABEL DESCRIPTION Do you want to enable OTIST Select Yes if you want to set up OTIST security If you set up OTIST your wireless network uses WPA PSK sec...

Page 60: ...ter the key using printable ASCII characters or hexadecimal 0 9 A F a f characters The ZyXEL Device and the wireless stations must use the same WEP key If you want to use a 64 bit WEP key enter 5 prin...

Page 61: ...elect Yes if you want to set up OTIST security If you set up OTIST your wireless network uses WPA PSK security not the security you selected and set up in the previous screen s See Section 6 5 on page...

Page 62: ...ST Select Yes if you want to set up OTIST security If you set up OTIST your wireless network uses WPA PSK security not the security you selected and set up in the previous screen s See Section 6 5 on...

Page 63: ...able OTIST for your wireless network Table 11 Connection Wizard Wireless Security Extend WPA PSK Security Screen 1 LABEL DESCRIPTION Pre Shared Key Type a pre shared key from 8 to 63 ASCII characters...

Page 64: ...ION Do you want to enable OTIST Select Yes if you want to set up OTIST security If you set up OTIST your wireless network uses WPA PSK security not the security you selected and set up in the previous...

Page 65: ...Wizard Wireless Security Extend WPA2 PSK Security Screen 1 LABEL DESCRIPTION Pre Shared Key Type a pre shared key from 8 to 63 ASCII characters including spaces and symbols The key is case sensitive B...

Page 66: ...labels in this screen 3 6 Auto Detection Screen Wait while your ZyXEL Device tries to detect your Internet connection Table 14 Connection Wizard Wireless Security Extend WPA2 PSK Security Screen 2 LAB...

Page 67: ...en Use these screens to set up your Internet connection The screen depends on which type of Connection Type your Internet connection uses If your ISP provided you a user name and password select PPP o...

Page 68: ...PoE Screen Use this screen to set up a PPPoE connection to the Internet Table 15 Connection Wizard ISP Parameters Ethernet LABEL DESCRIPTION Connection Type Select Ethernet Back Click this to return t...

Page 69: ...ers PPPoE LABEL DESCRIPTION Connection Type Select PPP over Ethernet Service Name Enter the service name provided by your ISP Leave this field blank if your ISP did not provide one User Name Enter the...

Page 70: ...Screen Use this screen to set up a static IP address for an Ethernet connection to the Internet Table 17 Connection Wizard IP Address Type LABEL DESCRIPTION Getautomatically from ISP Select this if y...

Page 71: ...of the gateway provided by your ISP DNS Servers DNS Domain Name System manages the relationships between domain names and IP addresses For example the IP address of www zyxel com is 204 217 0 2 Withou...

Page 72: ...ges the relationships between domain names and IP addresses For example the IP address of www zyxel com is 204 217 0 2 Without a DNS server you must know the IP address of the computer you want to acc...

Page 73: ...dress of another computer instead of its default MAC address You might try this if you lose your Internet connection because some ISPs check the MAC address of the device connected to the Internet IP...

Page 74: ...enabled OTIST wait while your ZyXEL Device starts OTIST You have to start OTIST on the wireless clients within three minutes of seeing this screen Table 21 Connection Wizard Internet Configuration LA...

Page 75: ...IST Start 3 13 Congratulations Screen Use this screen to finish the Connection Wizard Figure 32 Connection Wizard Congratulations The following table describes the labels in this screen Table 22 Conne...

Page 76: ...P 870HW I1 User s Guide 76 Chapter 3 Connection Wizard...

Page 77: ...ation If there is still more bandwidth all applications including those above and other types of applications share it Some applications such as VoIP and online gaming need to have enough bandwidth to...

Page 78: ...Table 23 Main Wizard Screen LABEL DESCRIPTION Connection Wizard Select this to set up a basic wireless network and your Internet connection Bandwidth Management Wizard Select this to set the priority...

Page 79: ...reen to activate bandwidth management and to set the amount of bandwidth you want to allocate for each interface on the ZyXEL Device Table 24 BWM Wizard Welcome LABEL DESCRIPTION Back Click this to re...

Page 80: ...f higher priority traffic uses all of the actual bandwidth You can also set this number lower than the interface s actual transmission speed However this will cause the ZyXEL Device to not use some of...

Page 81: ...example set it to 40000 kbps if your broadband modem or router has a maximum speed of 40000 kbps You can set this number higher than the interface s actual transmission speed This will stop lower pri...

Page 82: ...0 FTP File Transfer Program enables fast transfer of files including large files that may not be possible by e mail FTP uses port number 21 E Mail Electronic mail consists of messages sent through a c...

Page 83: ...DESCRIPTION Service This field displays the applications you selected in the previous screen Priority Select the priority of each application Other applications have lower priority than all the applic...

Page 84: ...4 Chapter 4 Bandwidth Management Wizard Figure 38 BWM Wizard Congratulations The following table describes the labels in this screen Table 28 BWM Wizard Congratulations LABEL DESCRIPTION Finish Click...

Page 85: ...CHAPTER 5 Status Screen This chapter introduces the Status screen and the summary screens you can open from it 5 1 Status Screen To open this screen click Status This screen also appears when you log...

Page 86: ...Network LAN IP to change it IP Subnet Mask This is the LAN port IP subnet mask Click Network LAN IP to change it DHCP This is the LAN port DHCP role Server Relay or None Click Network DHCP Server Gen...

Page 87: ...wn Up line is up or connected Idle line ppp idle Dial starting to trigger a call Drop dropping a call For the LAN port this field displays one of the following values Down there are no LAN connections...

Page 88: ...P 870HW I1 User s Guide 88 Chapter 5 Status Screen Figure 40 Status BW MGMT Monitor 5 1 2 Status DHCP Table To access this screen click Status and then click Details next to DHCP Table...

Page 89: ...s Figure 42 Status Packet Statistics Table 30 Status DHCP Table LABEL DESCRIPTION This field is a sequential value It is not associated with a specific entry IP Address This field displays the IP addr...

Page 90: ...screen TxPkts This field displays the number of packets transmitted on this port RxPkts This field displays the number of packets received on this port Collisions This is the number of collisions on...

Page 91: ...ABEL DESCRIPTION This field is a sequential value It is not associated with a specific entry MAC Address This field displays the MAC Media Access Control address of an associated wireless station Asso...

Page 92: ...P 870HW I1 User s Guide 92 Chapter 5 Status Screen...

Page 93: ...B are called wireless clients The wireless clients use the access point AP to interact with other devices such as the printer or with the Internet Your ZyXEL Device is the AP Every wireless network mu...

Page 94: ...haracters2 for example 00A0C5000002 or 00 A0 C5 00 00 02 To get the MAC address for each wireless client see the appropriate User s Guide or other documentation You can use the MAC address filter to t...

Page 95: ...ess network Encryption is like a secret code If you do not know the secret code you cannot understand the message The types of encryption you can choose depend on the type of user authentication See S...

Page 96: ...ce Then the ZyXEL Device transfers them to wireless clients in the wireless network As a result you do not have to set up the SSID and encryption on every wireless client The wireless clients in the w...

Page 97: ...N Name SSID Enter the name of the wireless network The name is called the Service Set IDentity SSID Every wireless client in the same wireless network must use the same SSID Note If you are using the...

Page 98: ...4 2 General Wireless LAN Screen Static WEP Use this screen to enable and configure WEP encryption in your wireless network To open this screen click Network Wireless LAN and set Security Mode to No S...

Page 99: ...rintable ASCII characters or hexadecimal 0 9 A F a f characters The ZyXEL Device and the wireless stations must use the same WEP key If you want to use a 64 bit WEP key enter 5 printable ASCII charact...

Page 100: ...er the information again In either case there is usually a short delay while the wireless client logs in to the wireless network again Enter a time interval between 10 and 9999 seconds This value is u...

Page 101: ...ation server If the wireless network is not keeping track of this information you can usually set this value higher to minimize the number of delays caused by logging in again Group Key Update Timer T...

Page 102: ...e wired network is allowed Enter a time interval between 10 and 9999 seconds Dynamic WEP Key Exchange Select the length of the keys The longer the key the stronger the security but also the more proce...

Page 103: ...dress Enter the IP address of the external accounting server in dotted decimal notation Port Number Enter the port number of the external accounting server You need not change this value unless your n...

Page 104: ...ion again In either case there is usually a short delay while the wireless client logs in to the wireless network again Enter a time interval between 10 and 9999 seconds This value is usually smaller...

Page 105: ...r case there is usually a short delay while the wireless client logs in to the wireless network again Enter a time interval between 10 and 9999 seconds This value is usually smaller when the wireless...

Page 106: ...u to do so Shared Secret Enter a password up to 31 alphanumeric characters as the key to be shared between the external accounting server and the ZyXEL Device The key must be the same on the external...

Page 107: ...nects a wireless station from the wired network after a period of inactivity The wireless station needs to enter the username and password again before access to the wired network is allowed Enter a t...

Page 108: ...ZyXEL Device sends a new group key to all clients This process changes the WEP key on a regular basis Enter a time interval between 10 and 9999 seconds Authentication Server IP Address Enter the IP a...

Page 109: ...TIST setup key in the ZyXEL Device you must change it on the wireless clients too Yes Select this if you want the ZyXEL Device to automatically generate a pre shared key for the wireless network Befor...

Page 110: ...reless clients and the ZyXEL Device in any order After you click Start in the ZyXEL Device the following screen appears in the ZyXEL Device Figure 57 OTIST Settings You can use the key in this screen...

Page 111: ...in the OTIST progress screen to stop the search 3 After the wireless client finds an OTIST enabled AP you must click Start in the ZyXEL Device s Network Wireless LAN OTIST screen or hold in the Reset...

Page 112: ...ZyXEL Device Other MAC address are allowed to access the ZyXEL Device Select Allow to allow these MAC addresses to access the ZyXEL Device Other MAC addresses are not allowed to access the ZyXEL Devi...

Page 113: ...s network must use the same UDP port number Enter a value between 1 and 65535 Wireless Advanced Setup Preamble A preamble affects the timing in your wireless network There are two preamble modes Long...

Page 114: ...P 870HW I1 User s Guide 114 Chapter 6 Wireless LAN...

Page 115: ...P 870HW I1 User s Guide Chapter 6 Wireless LAN 115...

Page 116: ...P 870HW I1 User s Guide 116 Chapter 6 Wireless LAN...

Page 117: ...P 870HW I1 User s Guide Chapter 6 Wireless LAN 117...

Page 118: ...P 870HW I1 User s Guide 118 Chapter 6 Wireless LAN...

Page 119: ...routing uses hop count as the measurement of cost with a minimum of 1 for directly connected networks The number must be between 1 and 15 a number greater than 15 means the link is down The smaller t...

Page 120: ...en Table 47 Network WAN Internet Connection Ethernet LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Select Ethernet WAN IP Address Assignment Get automatically from ISP Select this...

Page 121: ...ice to use the MAC address of another computer instead of its default MAC address You might try this if you lose your Internet connection because some ISPs check the MAC address of the device connecte...

Page 122: ...he fixed static IP address provided by your ISP Metric This field sets this route s priority among the routes the ZyXEL Device uses The metric represents the cost of transmission A router determines t...

Page 123: ...dress of the computer you want to access before you access it First DNS Server Second DNS Server Third DNS Server Select From ISP if your ISP dynamically assigns DNS server information In this case th...

Page 124: ...AN and is an alternative to unicasting sending packets to one computer and broadcasting sending packets to every computer None The ZyXEL Device does not support multicasting IGMP v1 The ZyXEL Device s...

Page 125: ...ot the default gateway is available anymore For example use one of your ISP s DNS server addresses If you enter 0 0 0 0 the test fails every time Fail Tolerance Enter the number of consecutive times t...

Page 126: ...P 870HW I1 User s Guide 126 Chapter 7 WAN...

Page 127: ...Otherwise it is recommended that you pick an IP address between 192 168 0 0 to 192 168 255 255 and that no other device on your network is using for example 192 168 1 1 Your ZyXEL Device automaticall...

Page 128: ...identify host groups and can be in the range 224 0 0 0 to 239 255 255 255 The address 224 0 0 0 is not assigned to any group and is used by IP multicast computers The address 224 0 0 1 is used for qu...

Page 129: ...onal subnets logical networks on your LAN port To open this screen click Network LAN IP Alias Table 51 Network LAN IP LABEL DESCRIPTION LAN TCP IP IP Address Enter the IP address of your ZyXEL Device...

Page 130: ...n on the subnet Both The ZyXEL Device sends and receives routing information on the subnet In Only The ZyXEL Device only receives routing information on the subnet Out Only The ZyXEL Device only sends...

Page 131: ...mation on the subnet In Only The ZyXEL Device only receives routing information on the subnet Out Only The ZyXEL Device only sends routing information on the subnet RIP Version Select which version of...

Page 132: ...ses to support multicasting on the LAN Multicast packets are sent to a group of computers on the LAN and are an alternative to unicast packets packets sent to one computer and broadcast packets packet...

Page 133: ...When the DHCP client leaves the network the DHCP servers can assign its IP address to another DHCP client The ZyXEL Device can be a DHCP server 1 In this case it provides the following information to...

Page 134: ...Setup Enable DHCP Server Select this to let the ZyXEL Device assign IP addresses and provides subnet mask gateway and DNS server information to the network If you clear this there should be another D...

Page 135: ...ddress of the corresponding DNS server specified in Network WAN Advanced User Defined enter a static IP address DNS Relay use the ZyXEL Device s IP address In this case the ZyXEL Device finds out the...

Page 136: ...o begin configuring this screen afresh Table 56 DHCP Setup LABEL DESCRIPTION Table 57 Network DHCP Server Client List LABEL DESCRIPTION This field is a sequential value and it is not associated with a...

Page 137: ...ntifies a service for example web service is on port 80 and FTP on port 21 In some cases such as for unknown services or where one server can support more than one service for example both FTP and web...

Page 138: ...specific port number and protocol incoming port the ZyXEL Device forwards the traffic to the LAN IP address of the computer that sent the request After that computer s connection for that service clo...

Page 139: ...might have to create a firewall rule Figure 76 Network NAT General The following table describes the labels in this screen Table 58 Network NAT General LABEL DESCRIPTION Enable Network Address Transla...

Page 140: ...rts that are not specified in the Port Forwarding section below or in the Management Remote MGMT screens Enter 0 0 0 0 if you want the ZyXEL Device to discard these packets instead Port Forwarding Thi...

Page 141: ...hanges back to the ZyXEL Device Reset Click this to begin configuring this screen afresh Table 59 Network NAT Port Forwarding continued LABEL DESCRIPTION Table 60 Network NAT Port Forwarding Edit LABE...

Page 142: ...the fields in this screen Apply Click this to save your changes back to the ZyXEL Device Reset Click this to return to the previous screen without saving any changes Table 60 Network NAT Port Forward...

Page 143: ...nd Port field If you want to delete this rule enter zero in the Start Port and End Port fields Trigger Start Port End Port Enter the outgoing port number or range of port numbers that makes the ZyXEL...

Page 144: ...r Server rule Global End IP is N A for One to one Many to One and Server mapping types Type 1 1 One to one mode maps one local IP address to one global IP address Note that port numbers do not change...

Page 145: ...o unique global IP addresses Server This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world Local Start IP Local End IP Enter the rang...

Page 146: ...P 870HW I1 User s Guide 146 Chapter 10 NAT...

Page 147: ...me an integral part of standard security solutions for enterprises Stateful inspection firewalls restrict access by screening data packets against defined access rules They make access control decisio...

Page 148: ...ted to the LAN interface LAN to WAN By default the ZyXEL Device s stateful packet inspection drops packets traveling in the following directions WAN to LAN WAN to WAN Router This prevents computers on...

Page 149: ...he LAN it is better to allow only certain machines on the Internet to access the LAN 11 1 4 2 Security Ramifications 1 Once the logic of the rule has been defined it is critical to consider the securi...

Page 150: ...ns The minimum capacity of server backlog in your LAN network The CPU power of servers in your LAN network Network bandwidth Type of traffic for certain servers If your network is slower than average...

Page 151: ...against the host Whenever the number of half open sessions with the same destination host address rises above a threshold TCP Maximum Incomplete the ZyXEL Device starts deleting half open sessions acc...

Page 152: ...e connection as the connection has not been acknowledged Figure 83 Triangle Route Problem 11 2 2 Solving the Triangle Route Problem If you have the ZyXEL Device allow triangle route sessions traffic f...

Page 153: ...ackets for the services at specific interfaces Protect against IP spoofing by making sure the firewall is active Keep the firewall in a secured locked room 11 3 1 Security In General You can never be...

Page 154: ...Also use passwords that are not easy to figure out The most difficult passwords to crack are those with upper and lower case letters numbers and a symbol such as or Upgrade your software regularly Man...

Page 155: ...N Firewall rules are grouped based on the direction of travel of packets to which they apply For example LAN to LAN Router means packets traveling from a computer subnet on the LAN to either another c...

Page 156: ...general firewall action settings in the Security Firewall General screen This is your firewall rule number The ordering of your rules is important as rules are applied in order Active This field disp...

Page 157: ...ing you to confirm that you want to delete the firewall rule Note that subsequent firewall rules move up by one when you take this action Order Click the Move icon to display the Move the rule to fiel...

Page 158: ...P 870HW I1 User s Guide 158 Chapter 11 Firewalls Figure 87 Security Firewall Rules Edit...

Page 159: ...Click Add to add a new address to the Source or Destination Address box You can add multiple addresses ranges of addresses and or subnets Edit To edit an existing source or destination address select...

Page 160: ...screen to create or edit a customized service for firewall rules To open this screen click a rules number in Security Firewall Rules Edit Edit Customized Services Apply Click this to save your change...

Page 161: ...scovering your ZyXEL Device when unsupported ports are probed To open this screen click a rules number in Security Firewall Anti Probing Table 68 Security Firewall Rules Edit Edit Customized Services...

Page 162: ...om finding the ZyXEL Device by probing for unused ports If you select this option the ZyXEL Device will not respond to port request s for unused ports thus leaving the unused ports and the ZyXEL Devic...

Page 163: ...tinues to delete half open requests as necessary until the number of existing half open sessions drops below this number Maximum Incomplete High This is the number of existing half open sessions that...

Page 164: ...yXEL Device should block new connection requests when TCP Maximum Incomplete is reached Enter the length of blocking time in minutes between 1 and 256 Apply Click this to save your changes back to the...

Page 165: ...y to block certain web features or specific URL keywords The ZyXEL Device can block web features such as ActiveX controls Java applets cookies and disable web proxies The ZyXEL Device also allows you...

Page 166: ...building dynamic and active Web pages and distributed object applications When you visit an ActiveX Web site ActiveX controls are downloaded to your browser where they remain in case you visit the si...

Page 167: ...Click Delete to remove the selected keyword in the Keyword List The keyword disappears after you click Apply Clear All Click this button to remove all of the keywords in the Keyword List Denied Access...

Page 168: ...P 870HW I1 User s Guide 168 Chapter 12 Content Filter...

Page 169: ...key encryption in general works as follows 1 Tim wants to send a private message to Jenny Tim generates a public key pair What is encrypted with one key can only be decrypted using the other 2 Tim ke...

Page 170: ...tes You can have the ZyXEL Device act as a certification authority and sign its own certificates 13 1 3 Certificate File Formats The ZyXEL Device supports the following formats for certification autho...

Page 171: ...to identify this certificate It is recommended that you give each certificate a unique name Type This field displays what kind of certificate this is REQ represents a certification request and is not...

Page 172: ...en a screen with an in depth list of information about the certificate Click a Remove icon to remove the certificate You cannot delete a certificate that is used by any features Do the following to de...

Page 173: ...cation authority or generate a certification request To open this screen click Create in Security Certificates My Certificates Table 74 Security Certificates My Certificates Import LABEL DESCRIPTION F...

Page 174: ...on to identify the certificate s owner by IP address domain name or e mail address Type the IP address in dotted decimal notation domain name or e mail address in the field provided The domain name or...

Page 175: ...he Reference Number and Key if the certification authority requires them Enrollment Protocol Select the certification authority s enrollment protocol from the drop down list box Simple Certificate Enr...

Page 176: ...essful click Return to go to the Security Certificates My Certificates screen Otherwise click Return to go to the Security Certificates My Certificates Create screen Make sure that the certification a...

Page 177: ...ted remote host certificates Select this if you want to make this self signed certificate the default certificate Certificate Path This field displays the end entity s certificate and a list of certif...

Page 178: ...ies may use rsa pkcs1 md5 RSA public private key encryption algorithm and the MD5 hash algorithm Valid From This field displays the date that the certificate becomes applicable The text displays in re...

Page 179: ...ertificate into a printable form You can copy and paste a certification request into a certification authority s web page an e mail that you send to the certification authority or a text editor and sa...

Page 180: ...ing information about the certificate s issuing certification authority such as a common name organizational unit or department organization or company and country With self signed certificates this i...

Page 181: ...the certificate s name In addition you can also specify whether or not to check certificates from the certification authority against a list of revoked certificates To open this screen click an Edit...

Page 182: ...authority against a Certificate Revocation List CRL Clear this to have the ZyXEL Device not check incoming certificates that are issued by this certification authority against a Certificate Revocation...

Page 183: ...sh algorithm Valid From This field displays the date that the certificate becomes applicable The text displays in red and includes a Not Yet Valid message if the certificate has not yet become applica...

Page 184: ...ty as being trustworthy Certificate in PEM Base 64 Encoded Format This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses 64 ASCII charac...

Page 185: ...e index number The certificates are listed in alphabetical order Name This field displays the name used to identify this certificate Subject This field displays identifying information about the certi...

Page 186: ...ars 3 Click the Details tab 4 Scroll down to the Thumbprint Algorithm and Thumbprint fields Figure 104 Certificate Details Verify over the phone for example that the remote host has the same informati...

Page 187: ...change the certificate s name To open this screen click an Edit icon in Security Certificates Trusted Remote Hosts Table 81 Security Certificates Trusted Remote Host Import LABEL DESCRIPTION File Path...

Page 188: ...n the hierarchy of certification authorities that validate a certificate s issuing certification authority For a trusted host the list consists of the end entity s own certificate and the default self...

Page 189: ...n be used to sign certificates and KeyEncipherment means that the key can be used to encrypt text Basic Constraint This field displays general information about the certificate For example Subject Typ...

Page 190: ...ESCRIPTION PKI Storage Space in Use This bar displays the percentage of the ZyXEL Device s PKI storage space that is currently in use The bar turns from green to red when the maximum is being approach...

Page 191: ...ver LDAP Lightweight Directory Access Protocol is a protocol over TCP that specifies how clients access directories of certificates and lists of revoked certificates Server Address Type the IP address...

Page 192: ...your changes to the ZyXEL Device Cancel Click this to return to the previous screen without saving any changes a At the time of writing LDAP is the only choice of directory server access protocol Tabl...

Page 193: ...gure through remote node Router 1 However the ZyXEL Device is unable to route a packet to network N3 because it doesn t know that there is a route through the same remote node Router 1 via gateway Rou...

Page 194: ...in order and it only follows the first one that applies Name This field displays the name that describes the static route Active This field shows whether this static route is active Yes or not No Des...

Page 195: ...ange of destination IP addresses that this static route affects If this static route affects only one IP address enter 255 255 255 255 Gateway IP Address Enter the IP address of the gateway to which t...

Page 196: ...P 870HW I1 User s Guide 196 Chapter 14 Static Route...

Page 197: ...it you can specify for each application according to the priorities that you assign to each application Assign real time applications like those using audio or video a higher priority number to provid...

Page 198: ...marketing applications 1536 kbps extra to each for a total of 3584 kbps for each because they both have the highest priority level Research requires more bandwidth but only gets its budgeted 2048 kbps...

Page 199: ...of their allocated bandwidth Suppose you try to browse the web too In this case VoIP NetMeeting and FTP all have higher priority so they get to use the bandwidth first You can only browse the web when...

Page 200: ...P 870HW I1 User s Guide 200 Chapter 15 Bandwidth MGMT Figure 112 Management Bandwidth MGMT Configuration...

Page 201: ...his number lower than the interface s actual transmission speed However this will cause the ZyXEL Device to not use some of the interface s available bandwidth WAN BW Budget kbps Enter the amount of b...

Page 202: ...ndwidth MGMT Configuration Edit Priority Select a priority from the drop down list box Choose High Mid or Low Modify Use this field to edit or erase the rule Click the Edit icon to open the Edit Bandw...

Page 203: ...of the bandwidth filter fields other than enabling or disabling the filter SIP Session Initiation Protocol is a signaling protocol used in Internet telephony instant messaging and other VoIP Voice ove...

Page 204: ...ent Bandwidth MGMT Monitor Source Port Enter the port number of the source Protocol Select the protocol TCP or UDP or select User defined and enter the protocol service type number A blank protocol ID...

Page 205: ...management session of lower priority when another remote management session of higher priority starts The priorities for the different types of remote management sessions are as follows 1 Telnet 2 HTT...

Page 206: ...not time out when a statistics screen is polling You can change the timeout period in the SYSTEM General screen 16 1 4 SNMP Simple Network Management Protocol SNMP is a protocol used for exchanging m...

Page 207: ...gent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all elements of a table from an agent it initiates...

Page 208: ...1 6 3 1 1 5 2 This trap is sent after booting software reboot This trap is defined in RFC 1215 linkDown 1 3 6 1 6 3 1 1 5 3 This trap is sent when the Ethernet link is down linkUp 1 3 6 1 6 3 1 1 5 4...

Page 209: ...s through which a computer may access the ZyXEL Device using this service Secured Client IP Address Select All to allow any computer to access the ZyXEL Device using this service Select Selected to on...

Page 210: ...lnet LABEL DESCRIPTION Server Port Enter the port number this service can use to access the ZyXEL Device The computer must use the same port number Server Access Select the interface s through which a...

Page 211: ...use to access the ZyXEL Device The computer must use the same port number Server Access Select the interface s through which a computer may access the ZyXEL Device using this service Secured Client I...

Page 212: ...SNMP manager The default is public and allows all requests Trap Destination Type the IP address of the station to which send SNMP traps SNMP Service Port Enter the port number this service can use to...

Page 213: ...agement Remote MGMT DNS LABEL DESCRIPTION Server Port This field is read only It displays the port number this service uses to access the ZyXEL Device The computer must use the same port number Server...

Page 214: ...from the LAN or the WAN Do not respond to requests for unauthorized services Select this to prevent outsiders from discovering your ZyXEL Device by sending requests to unsupported port numbers If an...

Page 215: ...domain name See Table 102 on page 216 for detailed descriptions of the commands Figure 123 Enabling TR 069 Table 101 Management Remote MGMT SSH LABEL DESCRIPTION Server Host Key Select the certificat...

Page 216: ...e server and must be provided by the CNM Access administrator password maxlength 15 Password used to authenticate the device when making a connection to CNM Access This password is set up on the serve...

Page 217: ...Selecting the icon of a UPnP device will allow you to access the information and properties of that device 17 1 2 NAT Traversal UPnP NAT traversal automates the process of allowing an application to o...

Page 218: ...click Management UPnP General Figure 124 Management UPnP The following table describes the fields in this screen Table 103 Configuring UPnP LABEL DESCRIPTION Enable the Universal Plug and Play UPnP F...

Page 219: ...onents selection box Click Details Figure 125 Add Remove Programs Windows Setup Communication 3 In the Communications window select the Universal Plug and Play check box in the Components selection bo...

Page 220: ...talling UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click Start and Control Panel 2 Double click Network Connections 3 In the Network Connections window click Advance...

Page 221: ...W I1 User s Guide Chapter 17 UPnP 221 Figure 128 Windows Optional Networking Components Wizard 5 In the Networking Services window select the Universal Plug and Play check box Figure 129 Networking Se...

Page 222: ...UPnP activated on the ZyXEL Device Make sure the computer is connected to a LAN port of the ZyXEL Device Turn on your computer and the ZyXEL Device Auto discover Your UPnP enabled Network Device 1 Cl...

Page 223: ...P 870HW I1 User s Guide Chapter 17 UPnP 223 Figure 131 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings...

Page 224: ...ettings Figure 133 Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 6 Select Show...

Page 225: ...gurator Easy Access With UPnP you can access the web based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first This comes helpful if you do not know the IP ad...

Page 226: ...17 UPnP Figure 136 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your ZyXEL Device and select Invoke The we...

Page 227: ...7 Network Connections My Network Places 6 Right click on the icon for your ZyXEL Device and select Properties A properties window displays with basic information about the ZyXEL Device Figure 138 Netw...

Page 228: ...P 870HW I1 User s Guide 228 Chapter 17 UPnP...

Page 229: ...r View system information and then click the Computer Name tab Note the entry in the Full computer name field and enter it as the ZyXEL Device System Name 18 1 2 Dynamic DNS Overview Dynamic DNS allow...

Page 230: ...ate and time manually the ZyXEL Device updates the current date and time when you save changes in Maintenance System Time Setting or SMT menu 24 10 see Section 36 4 on page 335 18 2 General System Scr...

Page 231: ...eter can be left idle before the session times out After it times out you have to log in with your password again Very long idle timeouts may have security risks A value of 0 means a management sessio...

Page 232: ...Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider You can specify up to two host names in the field separate them with a comma User Name Type the user name for your Dyna...

Page 233: ...ver With this feature the DDNS server automatically detects and uses the IP address of the appropriate NAT router that has a public IP address Note The DDNS server may not be able to detect the proper...

Page 234: ...you set Time and Date Setup to Manual enter the new date in this field and then click Apply Get from Time Server Select this radio button to have the ZyXEL Device get the time and date from the time...

Page 235: ...s one hour ahead of GMT or UTC GMT 1 End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving The o clock field uses the 24 hour format Here are a coup...

Page 236: ...P 870HW I1 User s Guide 236 Chapter 18 System...

Page 237: ...evice send them to an administrator as e mail or to a syslog server 19 1 1 Alerts and Logs An alert is a type of log that warrants more serious attention They include system errors attacks access cont...

Page 238: ...to view select All Logs to look at logs The drop down list box only lists categories that you select in the Log Settings screen Email Log Now Click this to send the log screen to the e mail address sp...

Page 239: ...ON E mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e mail addresses specified below If this field is left blank logs and alert messages will not be s...

Page 240: ...he week the E mail should be sent If you select When Log is Full an alert is sent when the log fills up If you select None no log messages are sent Day for Sending Log Use the drop down list box to se...

Page 241: ...essful upload the system will reboot To open this screen click Maintenance Tools Firmware Figure 144 Maintenance Tools Firmware The following table describes the labels in this screen Note Do NOT turn...

Page 242: ...Figure 146 Upload Firmware Network Temporarily Disconnected Log in again and check your new firmware version in the Status screen If the upload was not successful the following screen appears Click Re...

Page 243: ...tion file will be useful in case you need to return to your previous settings Backup Click this to save the ZyXEL Device s current configuration to your computer Restore Configuration File Path Type i...

Page 244: ...EL Device is different in the new configuration you may need to change the IP address in your browser and maybe put your computer in the same subnet as the ZyXEL Device See the appendix for details on...

Page 245: ...P 870HW I1 User s Guide Chapter 20 Tools 245 Figure 152 Restart Screen Click Restart to have the ZyXEL Device reboot...

Page 246: ...P 870HW I1 User s Guide 246 Chapter 20 Tools...

Page 247: ...to access the SMT Follow these steps 1 In Windows click Start Run 2 Type telnet w x y z and click OK w x y z is the IP address of the ZyXEL Device the default address is 192 168 1 1 The ZyXEL Device...

Page 248: ...Setup 21 Filter and Firewall Setup 2 WAN Setup 22 SNMP Configuration 3 LAN Setup 23 System Security 4 Internet Access Setup 24 System Maintenance 25 IP Routing Policy Setup 26 Schedule Setup Advanced...

Page 249: ...ilter sets for the WAN port 11 1 5 Traffic Redirect Setup Use this menu to set up a backup router if you have one in case the ZyXEL Device cannot access the Internet 12 Static Routing Setup Use this m...

Page 250: ...tion 24 2 System Information and Console Port Speed 24 2 1 Information Use this menu to look at basic device information and LAN interface settings 24 2 2 Change Console Port Speed Use this menu to ch...

Page 251: ...nfigure policy routes 25 1 1 IP Routing Policy Setup Use this menu to specify the ports from which traffic comes to which the policy routes apply 26 Schedule Setup Use this menu to look at the schedul...

Page 252: ...new configuration All fields with ChangeMe must not be left blank in order to be able to save the new configuration N A fields N A Some of the fields in the SMT will show a N A This symbol refers to a...

Page 253: ...NS No Table 113 Menu 1 General Setup FIELD DESCRIPTION System Name Choose a descriptive name for identification purposes It is recommended you enter your computer s Computer name in this field This na...

Page 254: ...your network Enter the IP address in the field below Select None if you do not want to use this DNS server If you select None for all of the DNS servers you must use IP addresses to configure the ZyXE...

Page 255: ...DNS Wildcard Enable Off Line Option This option is available when CustomDNS is selected in the DDNS Type field Check with your Dynamic DNS service provider to have traffic redirected to a URL that you...

Page 256: ...P 870HW I1 User s Guide 256 Chapter 22 General Setup...

Page 257: ...Address N A Table 116 Menu 2 WAN Setup FIELD DESCRIPTION MAC Address Assigned By Select IP address attached on LAN if you want the ZyXEL Device to use the MAC address of another computer instead of it...

Page 258: ...P 870HW I1 User s Guide 258 Chapter 23 WAN Setup...

Page 259: ...following table describes the labels in this menu Menu 3 1 LAN Port Filter Setup Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters Table 117 Menu 3 1...

Page 260: ...DHCP Select what type of DHCP service the ZyXEL Device provides to the network Choices are None the ZyXEL Device does not provide any DHCP services There is already a DHCP server on the network Relay...

Page 261: ...strator If they did not provide one use the default value RIP Direction Use this field to control how much routing information the ZyXEL Device sends and receives on the subnet None The ZyXEL Device d...

Page 262: ...ort IP Address Enter the IP address of the ZyXEL Device on the subnet IP Subnet Mask Enter the subnet mask of the subnet RIP Direction Use this field to control how much routing information the ZyXEL...

Page 263: ...send or receive routing information on the subnet Both The ZyXEL Device sends and receives routing information on the subnet In Only The ZyXEL Device only receives routing information on the subnet Ou...

Page 264: ...he ZyXEL Device s new settings Hide ESSID Select this check box to hide the ESSID so a station cannot get the ESSID through scanning using a site survey tool Channel ID Set the operating frequency or...

Page 265: ...8 00 00 00 00 00 00 30 00 00 00 00 00 00 7 00 00 00 00 00 00 19 00 00 00 00 00 00 31 00 00 00 00 00 00 8 00 00 00 00 00 00 20 00 00 00 00 00 00 32 00 00 00 00 00 00 9 00 00 00 00 00 00 21 00 00 00 00...

Page 266: ...P 870HW I1 User s Guide 266 Chapter 24 LAN Setup...

Page 267: ...ation your ISP uses If you select PPPoE and then save your changes the ZyXEL Device asks you if you want to test the settings The next fields are only available if your ISP uses PPPoE encapsulation My...

Page 268: ...ess Translation Select None if you do not want to use port forwarding trigger ports or NAT Select SUA Only if you want to use one or more of these features and have only one WAN IP address for your Zy...

Page 269: ...Route IP Active Yes Encapsulation PPPoE Edit IP No Telco Option Service Name Allocated Budget min 0 Outgoing Period hr 0 My Login hello Schedules My Password Nailed Up Connection No Retype to Confirm...

Page 270: ...f the ZyXEL Device within a certain period of time When the total outgoing call time exceeds the limit the current call will be dropped and any future outgoing calls will be blocked Period hr Enter ho...

Page 271: ...ur ISP These fields appear if you selected PPPoE in Encapsulation in menu 11 Rem IP Addr Enter the IP address of the remote peer computer to which the ZyXEL Device connects Rem Subnet Mask Enter the s...

Page 272: ...rough this connection Out Only The ZyXEL Device only sends routing information through this connection Version Select which version of RIP the ZyXEL Device uses when it sends or receives information o...

Page 273: ...125 Menu 11 1 4 Remote Node Filter FIELD DESCRIPTION Input Filter Sets protocol filters Enter up to four filter sets If you enter more than one separate each one with a comma device filters Enter up...

Page 274: ...hop count as the measurement of cost with a minimum of 1 for directly connected networks The number must be between 1 and 15 a number greater than 15 means the link is down The smaller the number the...

Page 275: ...34 ________ 49 ________ 5 ________ 20 ________ 35 ________ 50 ________ 6 ________ 21 ________ 36 ________ 7 ________ 22 ________ 37 ________ 8 ________ 23 ________ 38 ________ 9 ________ 24 ________ 3...

Page 276: ...et Mask Enter the subnet mask that defines the range of destination IP addresses that this static route affects If this static route affects only one IP address enter 255 255 255 255 Gateway IP Addres...

Page 277: ...n this menu enter a local user profile number in Enter Menu Selection Number in menu 14 Menu 14 Dial in User Setup 1 ________ 9 ________ 17 ________ 25 ________ 2 ________ 10 ________ 18 ________ 26 _...

Page 278: ...er Name Active No Password Table 130 Menu 14 1 Edit Dial in User FIELD DESCRIPTION User Name Enter a username up to 31 alphanumeric characters long for this user profile This field is case sensitive A...

Page 279: ...els in this menu 29 2 Address Mapping Rules Use this menu to look at network address translation mapping rules See Chapter 10 on page 137 for background information To open this menu select one of the...

Page 280: ...descriptive name for the NAT mapping rules Idx This is the rule index number Local Start IP Local End IP This is the range of IP addresses on the LAN port Local Start IP is N A for Server port mapping...

Page 281: ...s Single User Account feature that previous ZyXEL routers supported only M M Ov Overload Many to Many Overload mode maps multiple local IP addresses to shared global IP addresses MM No No Overload Man...

Page 282: ...supported only Many to Many Overload Many to Many Overload mode maps multiple local IP addresses to shared global IP addresses Many to Many No Overload Many to Many No Overload mode maps each local I...

Page 283: ...for ports that are not specified in the section below or in menu 24 11 remote management Enter 0 0 0 0 if you want the ZyXEL Device to discard these packets instead Rule This field is a sequential val...

Page 284: ...ortant however The ZyXEL Device checks each active rule in order and it only follows the first one that applies Name Enter a name to identify this rule You can use 1 31 printable ASCII characters or y...

Page 285: ...the ZyXEL Device records To forward one port number enter the port number in the Start Port and End Port fields To forward a range of ports enter the port number at the beginning of the range in the S...

Page 286: ...P 870HW I1 User s Guide 286 Chapter 29 NAT Setup...

Page 287: ...pass Data filters are divided into incoming and outgoing filters depending on the direction of the packet relative to a port Data filtering can be applied on either the WAN side or the LAN side Call...

Page 288: ...r rules and protocol filter rules within the same set You can apply up to four filter sets to a particular port to block multiple types of packets With each filter set having up to six rules you can h...

Page 289: ...multiple types of packets With each filter set having up to six rules you can have a maximum of 24 rules active for a single port 30 2 Configuring a Filter Set The ZyXEL Device includes filtering for...

Page 290: ...eld and press ENTER Press ENTER at the message Press ENTER to confirm to open Menu 21 1 1 Filter Rules Summary Menu 21 Filter and Firewall Setup 1 Filter Setup 2 Firewall Setup Menu 21 1 Filter Set Co...

Page 291: ...y Menu FIELD DESCRIPTION The filter rule number 1 to 6 A Active Y means the rule is active N means the rule is inactive Type The type of filter rule GEN for Generic IP for TCP IP Filter Rules These pa...

Page 292: ...rovided for protocol and device filter sets If you include a protocol filter set in a device filter field or vice versa the ZyXEL Device will warn you and will not allow you to save 30 2 2 Configuring...

Page 293: ...re used to filter IP packets while generic filter rules allow filtering of non IP packets Generic Filter Rule TCP IP Filter Rule Active Press SPACE BAR and then ENTER to select Yes to activate the fil...

Page 294: ...s SPACE BAR and then ENTER to select Yes to have the rule match packets that want to establish a TCP connection SYN 1 and ACK 0 if No it is ignored Yes No More Press SPACE BAR and then ENTER to select...

Page 295: ...185 Executing an IP Filter 30 2 3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule The purpose of generic rules is to allow you to filter non IP packets...

Page 296: ...adecimal numbers Note that it takes two hexadecimal digits to represent a byte so if the length is 4 the value in either field will take 8 digits for example FFFFFFFF To configure a generic rule selec...

Page 297: ...Length Enter the byte count of the data portion in the packet that you wish to compare The range for this field is 0 to 8 0 8 Mask Enter the mask in Hexadecimal notation to apply to the data portion...

Page 298: ...mmary 6 Enter 1 to configure the first filter rule the only filter rule of this set Make the entries in this menu as shown in the following figure Figure 188 Example Filter Menu 21 1 3 1 Select Yes fr...

Page 299: ...et Figure 189 Example Filter Rules Summary Menu 21 1 3 This shows you that you have configured and activated A Y a TCP IP filter rule Type IP Pr 6 for destination telnet ports DP 23 M N means an actio...

Page 300: ...r any other hardware port The following diagram illustrates this Figure 190 Protocol and Device Filter Sets 30 5 Firewall Versus Filters Firewall configuration is discussed in the firewall chapters of...

Page 301: ...ure 192 Filtering Remote Node Traffic Use this menu to set up your Internet connection input and output filter sets for the WAN port advanced features for the WAN port or a backup gateway 30 7 Remote...

Page 302: ...SP did not provide one My Login Enter the user name provided by your ISP My Password Enter the password provided by your ISP Retype to Confirm Enter the password again Authen This field appears if you...

Page 303: ...t and output filter sets for the WAN port press SPACE BAR to select Yes and press ENTER Menu 11 1 4 appears Idle Timeout sec Enter the number of seconds the ZyXEL Device should wait while there is no...

Page 304: ...P 870HW I1 User s Guide 304 Chapter 30 Filter Setup...

Page 305: ...te the firewall Select No to deactivate the firewall Menu 21 2 Firewall Setup The firewall protects against Denial of Service DoS attacks when it is active Your network is vulnerable to attacks when t...

Page 306: ...P 870HW I1 User s Guide 306 Chapter 31 Firewall Setup...

Page 307: ...on FIELD DESCRIPTION Get Community Enter the password for incoming Get requests and GetNext requests from the management station The default is public and allows all requests Set Community Enter the p...

Page 308: ...P 870HW I1 User s Guide 308 Chapter 32 SNMP Configuration...

Page 309: ...y Change Password The following table describes the labels in this menu 33 2 RADIUS Server Use this menu to configure a RADIUS server to use for wireless user authentication See Chapter 6 on page 93 f...

Page 310: ...Port Enter the port number of the external authentication server You need not change this value unless your network administrator instructs you to do so Shared Secret Enter a password up to 31 alphanu...

Page 311: ...end usernames and passwords in order to stay connected Enter a time interval between 10 and 9999 seconds Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wireless ne...

Page 312: ...vice might be reduced WPA Broadcast Multicast Key Update Timer This is the rate at which the ZyXEL Device sends a new group key to all clients This process changes the WEP key on a regular basis Enter...

Page 313: ...atus 10 57 51 Wed Jun 07 2006 Port Status TxPkts RxPkts Cols Tx B s Rx B s Up Time WAN Down 124 0 0 0 0 0 00 00 LAN 100M Full 9290 8691 0 272 128 1 48 14 WLAN Down 402 332 0 0 0 0 00 07 Port Ethernet...

Page 314: ...is the number of collisions on this port Tx B s This field displays the number of bytes transmitted in the last second Rx B s This field displays the number of bytes received in the last second Up Ti...

Page 315: ...CP Server Table 147 Menu 24 2 1 System Maintenance Information FIELD DESCRIPTION Name This is the system name and domain name used for identification purposes Routing This field displays the type of r...

Page 316: ...able 148 Menu 24 2 2 System Maintenance Change Console Port Speed FIELD DESCRIPTION Console Port Speed Select the console port speed Menu 24 3 2 System Maintenance Syslog Logging Syslog Active No Sysl...

Page 317: ...e IP Header IP Version 4 Header Length 20 Type of Service 0x00 0 Total Length 0x002C 44 Identification 0x0002 2 Flags 0x00 Fragment Offset 0x00 Time to Live 0xFE 254 Protocol 0x06 TCP Header Checksum...

Page 318: ...ress in the Host IP Address field WAN DHCP Release Select this if you want to release the IP address subnet mask and other network information provided by the DHCP server WAN DHCP Renewal Select this...

Page 319: ...e saved back to your computer under a filename of your choosing ZyNOS ZyXEL Network Operating System sometimes referred to as the ras file is the system firmware and has a bin filename extension With...

Page 320: ...kup is highly recommended once your ZyXEL Device is functioning properly FTP is the preferred method although TFTP can also be used Please note that the terms download and upload are relative to the c...

Page 321: ...ZyXEL Device to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the FTP prompt Menu 24 5 Backup Configuration To...

Page 322: ...ests only from this address 2 Put the SMT in command interpreter CI mode by entering 8 in Menu 24 System Maintenance 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get rom 0 z...

Page 323: ...transfer mode use this mode when transferring binary files host is the ZyXEL Device IP address get transfers the file source on the ZyXEL Device rom 0 name of the configuration file on the ZyXEL Devic...

Page 324: ...ows you to restore the configuration via FTP or TFTP to your ZyXEL Device The preferred method is FTP Note that this function erases the current configuration before restoring the previous backup conf...

Page 325: ...ration file Please be aware that uploading the configuration file replaces everything contained within Menu 24 6 Restore Configuration To transfer the firmware and the configuration file follow the pr...

Page 326: ...System Maintenance Upload System Firmware To upload the system firmware follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of your system Then type a...

Page 327: ...m 0 config rom transfers the configuration file on the ZyXEL Device to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to...

Page 328: ...ut so the TFTP transfer will not be interrupted Enter command sys stdio 5 to restore the five minute SMT timeout default when the file transfer is complete 4 Launch the TFTP client on your computer an...

Page 329: ...rial communications program should work fine however you must use the Xmodem protocol to perform the download upload 35 4 7 Uploading Firmware File Via Console Port Note The console port is internal a...

Page 330: ...ed the ZyXEL Device will automatically restart 35 4 9 Uploading Configuration File Via Console Port Note The console port is internal and reserved for technician use only 1 Select 2 from Menu 24 7 Sys...

Page 331: ...enu 24 7 2 System Maintenance Upload System Configuration File To upload system configuration file 1 Enter y at the prompt below to go into debug mode 2 Enter atlc after Enter Debug Mode message 3 Wai...

Page 332: ...P 870HW I1 User s Guide 332 Chapter 35 System Maintenance 24 5 24 7...

Page 333: ...the main system firmware The CI provides much of the same functionality as the SMT while adding some low level setup and diagnostic functions A list of valid commands can be found by entering help or...

Page 334: ...Elapsed Time Total Period 1 ChangeMe No Budget No Budget Reset Node 0 to update screen Table 154 Menu 24 9 1 Budget Management FIELD DESCRIPTION Remote Node This field displays the name of the ISP Co...

Page 335: ...nu 24 9 2 Call History FIELD DESCRIPTION Phone Number This field displays the PPPoE service name Dir This field displays whether the call was incoming or outgoing Rate This field displays the transfer...

Page 336: ...e between them is the format Daytime RFC 867 format is day month year time zone of the server Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 T...

Page 337: ...MT or UTC So in the European Union you would select March Last Sunday The time you type in the last field depends on your time zone In Germany for instance you would type 2 because Germany s time zone...

Page 338: ...servers and services Port Enter the port number this service can use to access the ZyXEL Device The computer must use the same port number Access Select the interface s through which a computer may ac...

Page 339: ...gs IPPR allows organizations to distribute interactive traffic on high bandwidth high cost paths while using low cost paths for batch traffic Load Sharing Network administrators can use IPPR to distri...

Page 340: ...________________________________ _____________________________________________________________________ 005 N _____________________________________________________________________ _____________________...

Page 341: ...Menu 25 IP Routing Policy Summary Abbreviations continued ABBREVIATION MEANING Menu 25 1 IP Routing Policy Setup Rule Index 1 Active No Criteria IP Protocol 0 Type of Service Don t Care Packet length...

Page 342: ...e only for TCP UDP Destination addr start end Destination IP address range from start to end port start end Destination port number range from start to end applicable only for TCP UDP Action Specifies...

Page 343: ...esents the default IP route and route 2 represents the configured IP route Figure 228 IP Routing Policy Example To force Web packets coming from clients with IP addresses of 192 168 1 33 to 192 168 1...

Page 344: ...rom any host IP 0 0 0 0 means any host with protocol TCP and port FTP access through another gateway 192 168 1 100 Menu 25 1 IP Routing Policy Setup Rule Index 1 Active Yes Criteria IP Protocol 6 Type...

Page 345: ...1 IP Routing Policy Setup Rule Index 2 Active No Criteria IP Protocol 6 Type of Service Don t Care Packet length 10 Precedence Don t Care Len Comp Equal Source addr start 0 0 0 0 end N A port start 0...

Page 346: ...P 870HW I1 User s Guide 346 Chapter 37 IP Routing Policy Setup...

Page 347: ...ows the ZyXEL Device to manage a remote node and dictate when a remote node should be called and for how long This feature is similar to the scheduler that lets you specify a time period to record a t...

Page 348: ...___ 11 _______________ 6 _______________ 12 _______________ Enter Schedule Set Number to Configure 0 Edit Name N A Table 162 Menu 26 Schedule Setup FIELD DESCRIPTION 1 12 This field shows the beginnin...

Page 349: ...in year month date format Valid dates are from the present to 2036 February 5 Start Date Should this schedule set recur weekly or be used just once only Press the SPACE BAR and then ENTER to select O...

Page 350: ...a demand call on the line and will persist for the time period specified in the Duration field Forced Down means that the connection is blocked whether or not there is a demand call on the line Enabl...

Page 351: ...Device s power adaptor is connected to the ZyXEL Device and plugged in to an appropriate power source Make sure that the ZyXEL Device and the power source are both turned on Turn the ZyXEL Device off...

Page 352: ...word the MAC address or the host name Make sure you have provided the correct user name and password if required in Network WAN Internet Connection Try spoofing your computer s MAC address in Network...

Page 353: ...ble 167 Troubleshooting Accessing the ZyXEL Device PROBLEM CORRECTIVE ACTION I cannot access the ZyXEL Device The default password is 1234 If you have changed the password and have now forgotten it yo...

Page 354: ...ps check box in the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 234 Internet Options 3 Click Apply to save this setting 39 4 1 1 2 Enable pop...

Page 355: ...shooting 355 Figure 235 Internet Options 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 1 1 4 Click Add to move th...

Page 356: ...Click Close to return to the Privacy screen 6 Click Apply to save this setting 39 4 1 2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer check that JavaScript...

Page 357: ...237 Internet Options 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that...

Page 358: ...s Java Scripting 39 4 1 3 Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java pe...

Page 359: ...hooting 359 Figure 239 Security Settings Java 39 4 1 3 1 JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun...

Page 360: ...ownload ActiveX controls or to use Trend Micro Security Services Make sure that ActiveX controls are allowed in Internet Explorer Screen shots for Internet Explorer 6 are shown Steps may vary dependin...

Page 361: ...41 Internet Options Security 3 Scroll down to ActiveX controls and plug ins 4 Under Download signed ActiveX controls select the Prompt radio button 5 Under Run ActiveX controls and plug ins make sure...

Page 362: ...P 870HW I1 User s Guide 362 Chapter 39 Troubleshooting Figure 242 Security Setting ActiveX Controls...

Page 363: ...ice Specifications Default IP Address 192 168 1 1 Default Subnet Mask 255 255 255 0 24 bits Default Password 1234 Dimensions W x D x H 205 mm L x 160 mm D x 45 mm H Power Specification 12 V AC 1 3 A B...

Page 364: ...P 870HW I1 User s Guide 364 Appendix A Product Specifications...

Page 365: ...ude the software components you need to install and use TCP IP on your computer Windows 3 1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on comp...

Page 366: ...Microsoft Networks If you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you ne...

Page 367: ...apter s TCP IP entry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP addres...

Page 368: ...save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Restart your computer when prompted Verifying Settings 1 Click Start and then Run...

Page 369: ...mputer s IP Address Figure 246 Windows XP Start Menu 2 In the Control Panel double click Network Connections Network and Dial up Connections in Windows 2000 NT Figure 247 Windows XP Control Panel 3 Ri...

Page 370: ...eral tab in Win XP and then click Properties Figure 249 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a d...

Page 371: ...click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional def...

Page 372: ...e General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server...

Page 373: ...Close the Network Connections window Network and Dial up Connections in Windows 2000 NT 11Restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command...

Page 374: ...how list Click the TCP IP tab 3 For dynamically assigned settings select Using DHCP from the Configure list Figure 254 Macintosh OS X Network 4 For statically assigned settings do the following From t...

Page 375: ...may vary depending on your Linux distribution and release version Note Make sure you are logged in as the root administrator Using the K Desktop Environment KDE Follow the steps below to configure you...

Page 376: ...ddresses and fill in the Address Subnet mask and Default Gateway Address fields 3 Click OK to save the changes and close the Ethernet Device General screen 4 If you know your DNS server IP address es...

Page 377: ...configuration file where eth0 is the name of the Ethernet card Open the configuration file with any plain text editor If you have a dynamic IP address enter dhcp in the BOOTPROTO field The following...

Page 378: ...al screen to check your TCP IP properties Figure 263 Red Hat 9 0 Checking TCP IP Properties DEVICE eth0 ONBOOT yes BOOTPROTO static IPADDR 192 168 1 10 NETMASK 255 255 255 0 USERCTL no PEERDNS yes TYP...

Page 379: ...ed calls You can configure NetBIOS filters to do the following Allow or disallow the sending of NetBIOS packets from the LAN to the WAN and from the WAN to the LAN Allow or disallow the sending of Net...

Page 380: ...initiating calls Disabled type Identify which NetBIOS filter numbered 0 3 to configure 0 Between LAN and WAN 3 IPSec packet pass through 4 Trigger Dial on off For type 0 and 1 use on to enable the fil...

Page 381: ...rk while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that inside outside refers to the location of a host while global local refers t...

Page 382: ...protection With no servers defined your ZyXEL Device filters out all incoming inquiries thus preventing intruders from probing your network For more information on IP address translation refer to RFC...

Page 383: ...aps one local IP address to one global IP address Many to One In Many to One mode the ZyXEL Device maps multiple local IP addresses to one global IP address This is equivalent to SUA i e PAT port addr...

Page 384: ...t may be implemented on a router in front of the ZyXEL Device Full Cone Restricted Cone Port Restricted Cone Symmetric Table 171 NAT Mapping Types TYPE IP MAPPING ABBREVIATION One to One ILA1 IGA1 1 1...

Page 385: ...ess 2 and port B and sends them to IP address 1 port A Table 172 NAT Types FULL CONE RESTRICTED CONE PORT RESTRICTED CONE SYMMETRIC Incoming Packets Any external host can send packets to the mapped ex...

Page 386: ...router handles packets coming in from the external network A host on the external network IP address 3 or IP address 4 for example can only send packets to the internal host if the internal host has...

Page 387: ...restricted cone NAT router handles packets coming in from the external network A host on the external network IP address 3 and Port C for example can only send packets to the internal host if the int...

Page 388: ...g example the NAT router maps the ZyXEL Device s source address IP address 1 and port A to IP address 2 and port B on the external network for packets sent to IP address 3 and port B The NAT router us...

Page 389: ...ter to the outside world You may enter a single port number or a range of port numbers to be forwarded and the local IP address of the desired server The port number identifies a service for example w...

Page 390: ...P 870HW I1 User s Guide 390 Appendix D NAT...

Page 391: ...sets rules config display firewall set set This command shows the current configuration of a set including timeout values name default permit and etc If you don t put use a number after set informati...

Page 392: ...te 0 59 This command sets the minute of the hour for the firewall log to be sent via e mail if the ZyXEL Device is set to send it on a hourly daily or weekly basis Attack config edit firewall attack s...

Page 393: ...set Config edit firewall set set default permit forward block This command sets whether a packet is dropped or allowed through when it does not meet a rule within the set Config edit firewall set set...

Page 394: ...Config edit firewall set set rule rule alert yes no This command sets whether or not the ZyXEL Device sends an alert e mail when a DOS attack or a violation of a particular rule occurs config edit fi...

Page 395: ...a rule to have the ZyXEL Device check for TCP traffic with a destination port in this range config edit firewall set set rule rule UDP destport single port This command sets a rule to have the ZyXEL D...

Page 396: ...P 870HW I1 User s Guide 396 Appendix E Firewall Commands...

Page 397: ...lnet Successful FTP login Someone has logged on to the router via ftp FTP login failed Someone has failed to log on to the router via ftp NAT Session Table is Full The maximum number of NAT session ta...

Page 398: ...face Table 176 Access Control Logs LOG MESSAGE DESCRIPTION Firewall default policy TCP UDP IGMP ESP GRE OSPF Packet Direction Attempted TCP UDP IGMP ESP GRE OSPF access matched the default policy and...

Page 399: ...inutes UDP idle timeout 3 minutes TCP connection three way handshaking timeout 270 seconds TCP FIN wait timeout 2 MSL Maximum Segment Lifetime set in the TCP header TCP idle established timeout s 150...

Page 400: ...P reply packet to the sender Table 180 CDR Logs LOG MESSAGE DESCRIPTION board d line d channel d call d s C01 Outgoing Call dev x ch x s The router received the setup requirements for a call call is t...

Page 401: ...ontent filter server responded that the web site is in the blocked category list but it did not return the category type s s The content filter server responded that the web site is in the blocked cat...

Page 402: ...ewall detected an ICMP echo attack For type and code details see Table 191 on page 409 syn flood TCP The firewall detected a TCP syn flood attack ports scan TCP The firewall detected a TCP port scan a...

Page 403: ...iled during IKE phase 2 because the router and the peer s Local Remote Addresses don t match Verifying Local ID failed The connection failed during IKE phase 2 because the router and the peer s Local...

Page 404: ...s Remote Address This information conflicted with static rule d thus the connection is not allowed Phase 1 ID type mismatch This router s Peer ID Type is different from the peer IPSec router s Local...

Page 405: ...e router and the peer Rule d Phase 2 encapsulation mismatch The listed rule s IKE phase 2 encapsulation did not match between the router and the peer Rule d Phase 2 pfs mismatch The listed rule s IKE...

Page 406: ...t subject name The router received a certification authority certificate with subject name as recorded from the LDAP server whose IP address and port are recorded in the Source field Rcvd user cert su...

Page 407: ...1 Algorithm mismatch between the certificate and the search constraints 2 Key usage mismatch between the certificate and the search constraints 3 Certificate was not valid in the time interval 4 Not u...

Page 408: ...expired User logout because of user deassociation The router logged out a user who ended the session User logout because of no authentication response from user The router logged out a user from whic...

Page 409: ...ion Unreachable 0 Net unreachable 1 Host unreachable 2 Protocol unreachable 3 Port unreachable 4 A packet that needed fragmentation was dropped because it was set to Don t Fragment DF 5 Source route f...

Page 410: ...by the system RAS displays as the system name if you haven t configured one when the router generates a syslog The facility is defined in the web MAIN MENU LOGS Log Settings page The severity is the l...

Page 411: ...to decide what to record Use 0 to not record logs for that category 1 to record only logs for that category 2 to record only alerts for that category and 3 to record both logs and alerts for that cate...

Page 412: ...access time source destination notes message 0 06 08 2004 05 58 21 172 21 4 154 224 0 1 24 ACCESS BLOCK Firewall default policy IGMP W to W ZW 1 06 08 2004 05 58 20 172 21 3 56 239 255 255 250 ACCESS...

Page 413: ...EL Device boot module commands as shown in the next screen ATBAx allows you to change the console port speed The x denotes the number preceding the colon to give the console port speed following the c...

Page 414: ...x y dump memory contents from address x for length y ATRBx display the 8 bit value of address x ATRWx display the 16 bit value of address x ATRLx display the 32 bit value of address x ATGO x run progr...

Page 415: ...it again to the same device or another one See the following sections for details The Configuration Text File Format All Internal SPTGEN text files conform to the following format field identificatio...

Page 416: ...n page 415 Figure 275 Invalid Parameter Entered Command Line Example The ZyXEL Device will display the following if you enter parameter s that are valid Figure 276 Valid Parameter Entered Command Line...

Page 417: ...t file from your computer to the ZyXEL Device using the put command 4 Exit this FTP application Figure 278 Internal SPTGEN FTP Upload Example c ftp 192 168 1 1 220 PPP FTP version 1 0 ready at Sat Ja...

Page 418: ...10000001 System Name Str Your Device 10000002 Location Str 10000003 Contact Person s Name Str 10000004 Route IP 0 No 1 Yes 1 10000006 Bridge 0 No 1 Yes 0 Table 196 Menu 3 Menu 3 1 General Ethernet Se...

Page 419: ...ary DNS Server 0 0 0 0 30200005 Secondary DNS Server 0 0 0 0 30200006 Remote DHCP Server 0 0 0 0 30200008 IP Address 172 21 2 200 30200009 IP Subnet Mask 16 30200010 RIP Direction 0 None 1 Both 2 In O...

Page 420: ...oing protocol filters Set 4 256 30201014 IP Alias 2 0 No 1 Yes 0 30201015 IP Address 0 0 0 0 30201016 IP Subnet Mask 0 30201017 RIP Direction 0 None 1 Both 2 In Only 3 Out Only 0 30201018 Version 0 Ri...

Page 421: ...0 30500007 Default Key 1 2 3 4 0 30500008 WEP Key1 30500009 WEP Key2 30500010 WEP Key3 30500011 WEP Key4 30500012 Wlan Active 0 Disable 1 Enable 0 30500013 Wlan 4X Mode 0 Disable 1 Enable 0 MENU 3 5...

Page 422: ...rd Str 1234 40000011 Single User Account 0 No 1 Yes 1 40000012 IP Address Assignment 0 Static 1 D ynamic 1 40000013 IP Address 0 0 0 0 40000014 Remote IP address 0 0 0 0 40000015 Remote IP subnet mask...

Page 423: ...Static Route set 1 Active 0 No 1 Yes 0 120101003 IP Static Route set 1 Destination IP address 0 0 0 0 120101004 IP Static Route set 1 Destination IP subnetmask 0 120101005 IP Static Route set 1 Gatewa...

Page 424: ...150000012 SUA Server 4 Active 0 No 1 Yes 0 150000013 SUA Server 4 Protocol 0 All 6 TCP 17 U DP 0 150000014 SUA Server 4 Port Start 0 150000015 SUA Server 4 Port End 0 150000016 SUA Server 4 Local IP a...

Page 425: ...TCP 17 U DP 0 150000044 SUA Server 10 Port Start 0 150000045 SUA Server 10 Port End 0 150000046 SUA Server 10 Local IP address 0 0 0 0 150000047 SUA Server 11 Active 0 No 1 Yes 0 150000048 SUA Server...

Page 426: ...er Set 1 Rule 1 Act Match 1 check next 2 forward 3 drop 3 210101014 IP Filter Set 1 Rule 1 Act Not Match 1 check next 2 forward 3 drop 1 Menu 21 1 1 2 set 1 rule 2 FIN FN PVA INPUT 210102001 IP Filter...

Page 427: ...IP Filter Set 2 Rule 1 Protocol 6 210201004 IP Filter Set 2 Rule 1 Dest IP address 0 0 0 0 210201005 IP Filter Set 2 Rule 1 Dest Subnet Mask 0 210201006 IP Filter Set 2 Rule 1 Dest Port 137 210201007...

Page 428: ...t 2 Rule 2 Src Subnet Mask 0 210202010 IP Filter Set 2 Rule 2 Src Port 0 210202011 IP Filter Set 2 Rule 2 Src Port Comp 0 none 1 equal 2 not equal 3 less 4 gr eater 0 210202013 IP Filter Set 2 Rule 2...

Page 429: ...Authentication Required 2 230400002 ReAuthentication Timer in second 555 230400003 Idle Timeout in second 999 230400004 Authentication Databases 0 Local User Database Only 1 RADIUS Only 2 Local RADIU...

Page 430: ...d IP address 0 0 0 0 241100004 FTP Server Port 21 241100005 FTP Server Access 0 all 1 none 2 L an 3 Wan 0 241100006 FTP Server Secured IP address 0 0 0 0 241100007 WEB Server Port 80 241100008 WEB Ser...

Page 431: ...ROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM TCP 5190 AOL s Internet Messenger service AUTH TCP 113 Authentica...

Page 432: ...omputers in a LAN NEW ICQ TCP 5190 An Internet chat program NEWS TCP 144 A protocol for news groups NFS UDP 2049 Network File System NFS is a client server distributed file service that provides trans...

Page 433: ...uctured Query Language is an interface to access data on many different types of database systems including mainframes midrange systems UNIX systems and network servers SSDP UDP 1900 The Simple Servic...

Page 434: ...P 870HW I1 User s Guide 434 Appendix I Services...

Page 435: ...nt filtering 40 copyright 3 custom ports creating editing 160 customer support 9 customized services 160 D default LAN IP address 47 Denial of Service See DoS device model number 241 DHCP 41 229 DHCP...

Page 436: ...rnet access setup 267 Internet Assigned Number Authority IANA 160 Internet Group Multicast Protocol See IGMP IP address 127 IP alias 41 383 and NAT 383 IP pool 134 IP protocol type 150 IP Routing Poli...

Page 437: ...Service See QoS Quick Start Guide 37 R radio frequency 42 RADIUS server 95 RAS 340 registration product 8 related documentation 37 remote management 205 and NAT 206 limitations 205 remote node setup...

Page 438: ...server 234 336 TMM QoS See also QoS trademarks 3 traffic redirect 40 triangle route 152 solutions 152 trigger port forwarding 138 process 138 Triple Play 39 U Universal Plug and Play See UPnP upload...

Reviews:

No comments

Related manuals for P-870HW-I Series

Brand: Eaton Pages: 2

Brand: Pathport Pages: 3

Brand: RTA Pages: 93

Brand: CHERUBINI Pages: 16

Brand: Pathport Pages: 3

Brand: BAB TECHNOLOGIE Pages: 75

Brand: Z-Wave Pages: 68

1898921 RSL 433 MHz

Brand: Sygonix Pages: 45

Brand: MikroTik Pages: 22

Brand: TENETICS, LLC Pages: 12

Brand: Media Pages: 8

Brand: More Pages: 24

Sure Cross DX80

Brand: Banner Pages: 10

Brand: Gardena Pages: 2

Brand: TEKTELIC Communications Pages: 20

Brand: Wildix Pages: 11

Brand: Zycoo Pages: 15

Brand: Zycoo Pages: 22

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands