manualshive.com logo in svg

ZyXEL Communications SBG5500-A, User Manual

Share
Download
ZyXEL Communications SBG5500-A User Manual Download Page 190

Chapter 10 VPN

SBG5500 Series User’s Guide

190

Aggressive Mode

 is quicker than 

Main Mode

 because it eliminates several steps when the 

communicating parties are negotiating authentication (phase 1). However the trade-off is that faster 

speed limits its negotiating power and it also does not provide identity protection. It is useful in remote 
access situations where the address of the initiator is not know by the responder and both parties 

want to use pre-shared key authentication.

10.9.5  IPsec and NAT

Read this section if you are running IPsec on a host computer behind the SBG.

NAT is incompatible with the 

AH

 protocol in both 

Transport 

and 

Tunnel 

mode. An IPsec VPN using the 

AH

 

protocol digitally signs the outbound packet, both data payload and headers, with a hash value 
appended to the packet. When using 

AH

 protocol, packet contents (the data payload) are not 

encrypted.

A NAT device in between the IPsec endpoints will rewrite either the source or destination address with 
one of its own choosing. The VPN device at the receiving end will verify the integrity of the incoming 
packet by computing its own hash value, and complain that the hash value appended to the received 
packet doesn't match. The VPN device at the receiving end doesn't know about the NAT in the middle, 
so it assumes that the data has been maliciously altered.

IPsec using 

ESP

 in 

Tunnel 

mode encapsulates the entire original packet (including headers) in a new IP 

packet. The new IP packet's source address is the outbound address of the sending VPN gateway, and 
its destination address is the inbound address of the VPN device at the receiving end. When using 

ESP

 

protocol with authentication, the packet contents (in this case, the entire original packet) are 
encrypted. The encrypted contents, but not the new headers, are signed with a hash value appended 
to the packet.

Tunnel

 mode 

ESP

 with authentication is compatible with NAT because integrity checks are performed 

over the combination of the "original header plus original payload," which is unchanged by a NAT 
device. 

Transport

 mode 

ESP

 with authentication is not compatible with NAT.

10.9.6  VPN, NAT, and NAT Traversal

NAT is incompatible with the AH protocol in both transport

 

and tunnel

 

mode. An IPsec VPN using the AH 

protocol digitally signs the outbound packet, both data payload and headers, with a hash value 
appended to the packet, but a NAT device between the IPsec endpoints rewrites the source or 
destination address. As a result, the VPN device at the receiving end finds a mismatch between the 
hash value and the data and assumes that the data has been maliciously altered.

NAT is not normally compatible with ESP in transport mode either, but the SBG’s 

NAT Traversal

 feature 

provides a way to handle this. NAT traversal allows you to set up an IKE SA when there are NAT routers 
between the two IPsec routers.

Table 79   VPN and NAT

SECURITY PROTOCOL

MODE

NAT

AH

Transport

N

AH

Tunnel

N

ESP

Transport

N

ESP

Tunnel

Y

Summary of Contents for SBG5500-A

Page 1: ...ails User s Guide SBG5500 Series SBG5500 A SBG5500 B Small Business Gateway Copyright 2017 Zyxel Communications Corporation LAN IP Address http 192 168 1 1 User Name admin Password 1234 Version 1 10 E...

Page 2: ...product due to differences in your product firmware or your computer operating system Every effort has been made to ensure that the information in this manual is accurate Related Documentation Quick S...

Page 3: ...s guide Product labels screen names field labels and field choices are all in bold font A right angle bracket within a screen name denotes a mouse click For example Configuration Log Report Log Settin...

Page 4: ...d 45 WAN Internet 48 LAN 85 Routing 108 Network Address Translation NAT 122 Firewall 138 VPN 159 Bandwidth Management 194 Network Management 212 Log Report 215 Service License 225 Device Name 227 Host...

Page 5: ...ations for the SBG 14 1 4 1 Internet Access 14 1 4 2 SBG s USB Support 16 1 5 LEDs Lights 17 1 6 The RESET Button 18 Chapter 2 The Web Configurator 20 2 1 Overview 20 2 1 1 Accessing the Web Configura...

Page 6: ...een 68 5 5 The Port Setting Screen 72 5 6 The Multi WAN Screen 73 5 6 1 Edit Multi WAN 74 5 6 2 How to Configure Multi WAN for Load Balancing and Failover 75 5 7 The Dynamic DNS screen 76 5 7 1 Edit D...

Page 7: ...1 Add Edit Policy Route 116 7 4 The Static Route Screen 118 7 4 1 Add Edit Static Route 119 7 5 The RIP Screen 120 Chapter 8 Network Address Translation NAT 122 8 1 Overview 122 8 1 1 What You Can Do...

Page 8: ...52 9 10 The Certificate Screen 153 9 11 The AAA Server 154 9 11 1 Add Edit an LDAP Server 155 9 11 2 Add Edit an RADIUS Server 157 Chapter 10 VPN 159 10 1 Overview 159 10 2 What You Can Do in this Cha...

Page 9: ...98 11 4 The Classification Setup Screen 199 11 4 1 Add Edit a QoS Class 200 11 5 The Policer Setup Screen 204 11 5 1 Add Edit a QoS Policer 205 11 6 The Shaper Setup Screen 206 11 6 1 Add Edit a QoS S...

Page 10: ...8 User Account 233 18 1 Overview 233 18 2 What You Can Do in this Chapter 233 18 3 The User Account Screen 233 18 3 1 Add Edit a Users Account 234 Chapter 19 USB Storage 236 19 1 Overview 236 19 1 1 W...

Page 11: ...Backup Restore Screen 250 Chapter 23 Language 252 23 1 Overview 252 23 2 The Language Screen 252 Chapter 24 Restart Shutdown 253 24 1 Overview 253 24 2 The Restart Shutdown Screen 253 Chapter 25 Troub...

Page 12: ...12 PART I User s Guide...

Page 13: ...ge Features One DSL Port for Internet Connection Combo GbE and SFP Port for Internet Connection One USB Port for 3G 4G Connection and File Sharing Five GbE Ports for LAN Connection Firewall with Secur...

Page 14: ...s As a small business gateway your SBG has multiple WAN interfaces including 3G 4G DSL fiber and Gigabit Ethernet to share the network traffic load You can configure multiple WAN load balance and fail...

Page 15: ...eries User s Guide 15 Computers can connect to the SBG s LAN ports Figure 1 SBG s Internet Access Application ADSL VDSL Figure 2 SBG s Internet Access Application ADSL Figure 3 SBG s Internet Access A...

Page 16: ...by default unless it is initiated from your network This means that probes from the outside to your network are not allowed but you can safely browse the Internet and download files 1 4 2 SBG s USB Su...

Page 17: ...igure 7 SBG5500 B Front and Rear Panels None of the LEDs are on if the SBG is not receiving power The location of the LEDs are highlighted in the figures above Table 1 LED Descriptions LED COLOR STATU...

Page 18: ...The SBG is initializing the ADSL VDSL line Off The ADSL VDSL line is down SFP Green On The SBG has established an SFP connection Blinking The SBG is sending or receiving data to from the SFP connecti...

Page 19: ...ide 19 2 To set the device back to the factory default settings press the RESET button for five seconds or until the POWER LED begins to blink and then release it When the POWER LED begins to blink th...

Page 20: ...Java permissions enabled by default 2 1 1 Accessing the Web Configurator 1 Make sure your SBG hardware is properly connected refer to the Quick Start Guide 2 Launch your web browser If the SBG does no...

Page 21: ...cally so you can log in with your new password Figure 9 Change Password Screen 5 The Wizard appears automatically after login Use the Wizard to configure SBG s basic settings See Chapter 3 on page 26...

Page 22: ...page 26 Configuration Configuration Site Map Click this to view a summary of all the available screens in the Configuration menu WAN Internet WAN Status WAN Status Use this screen to view the WAN por...

Page 23: ...and configure domain zone forwarder on the SBG Routing Routing Status Use this screen to view the IPv4 and IPv6 routing flow Policy Route Use this screen to view and set up policy routes on the SBG S...

Page 24: ...also configure the QoS rules and actions Queue Setup Use this screen to configure QoS queues Classification Setup Use this screen to define a classifier Policer Setup Use these screens to configure Qo...

Page 25: ...ity Fault Management MD maintenance domain to perform connectivity tests and view test reports OAM Ping Use this screen to verify the connectivity of a specific PVC Packet Capture Use this screen to c...

Page 26: ...The Wizard consists of the following setups Wizard Basic Setup Use Basic Setup to set up a WAN Internet connection This Wizard creates matching ISP account settings in the SBG if you use PPPoE See Se...

Page 27: ...to connect to the Internet Click Next to continue the Wizard Back to return to the previous screen Figure 13 Wizard Basic Setup 1 Enter your Internet connection information in this screen The screen...

Page 28: ...Series User s Guide 28 Figure 14 Connect to the Internet 2 If you select the ADSL over ATM connection type enter the VPI and VCI assigned to you and the method of multiplexing used by your ISP Figure...

Page 29: ...his screen to specify which IPv4 address the SBG uses to connect to the Internet If your ISP gave you this information enter it here Otherwise select Obtain an IP Address Automatically Figure 17 IPv4...

Page 30: ...nd Time 7 The SBG saves your settings and attempts to connect to the Internet If the SBG failed to connect to the Internet or if you want to modify any of the settings you previously configured you ca...

Page 31: ...You can register your device and manage subscription services available for your SBG at myZyxel portal for online services Figure 21 Register Device and Services 9 Once you completed the basic setup a...

Page 32: ...Network rule for a secure connection to another computer or network Figure 23 Wizard IPsec VPN Setup There are two types of VPN policies you can configure in the SBG Select one and click Next Express...

Page 33: ...3 3 2 on page 35 Figure 24 VPN Policy Type 3 3 1 VPN Express Settings The following screens will display if you select Express in the previous screen 1 Type the Rule Name used to identify this VPN co...

Page 34: ...apsulation this connection is to use Configure a Secure Gateway IP as the peer SBG s WAN IP address Type a secure Pre Shared Key Set Local Policy to be the IP address range of the network connected to...

Page 35: ...configured on the SBG Figure 28 VPN Express Settings Completed 3 3 2 VPN Advanced Settings The following screens will display if you select Advanced in the VPN Policy screen 1 Type the Rule Name used...

Page 36: ...nced Settings 2 Use the following screen to setup Phase 1 Settings Select an Encryption Authentication Algorithm and Key Group and define how often the SBG renegotiates the IKE SA in the Life Time fie...

Page 37: ...1 Settings 3 Use the following screen to setup Phase 2 Settings Phase 2 in an IKE uses the SA that was established in phase1 to negotiate Security Associations SAs for IPsec For more information on ea...

Page 38: ...00 Series User s Guide 38 Figure 31 Phase 2 Settings 4 A read only summary of the VPN tunnel s configuration will display If you want to save your changes click Save otherwise go Back to modify any pr...

Page 39: ...Chapter 3 Wizard SBG5500 Series User s Guide 39 Figure 32 Summary 5 Your SBG saves your settings Now the rule is configured on the SBG Click Finish to exit the VPN Setup Wizard...

Page 40: ...es User s Guide 40 Figure 33 VPN Advanced Settings Completed 3 4 Wizard IPv6 Setup Click the IPv6 Setup down arrow to configure the IPv6 settings on the SBG Click Next to continue the Wizard Back to r...

Page 41: ...the Wizard IPv6 setup is completed If you want to enter a static IPv6 address or obtain it from a DHCP server click Next Figure 35 Interface Setup 7 If you did not select Auto Detection the following...

Page 42: ...lect Delegate Prefix From WAN to automatically obtain an IPv6 network prefix from the previously selected interface Or select Static to configure a static IPv6 address for the SBG s LAN IPv6 address S...

Page 43: ...Chapter 3 Wizard SBG5500 Series User s Guide 43 9 A read only summary of the IPv6 settings will display Click Finish to exit the Wizard IPv6 Setup Figure 38 Summary...

Page 44: ...44 PART II Technical Reference...

Page 45: ...e current status of the SBG system resources and interfaces LAN and WAN 4 2 The Dashboard Screen Use this screen to view the connections status of the SBG When you click the Dashboard tab a network ma...

Page 46: ...firmware version System Status System Uptime This field displays how long the SBG has been running since it last restarted or was turned on Current Date Time This field displays the time in the SBG Ea...

Page 47: ...there is enough traffic that the second interface needs to be used and so on Failover This field displays the passive interfaces used for failover in the SBG VPN Status This field displays the SBG s...

Page 48: ...your private networks such as a LAN Local Area Network and other networks so that a computer in one location can communicate with computers in other locations Figure 41 LAN and WAN 3G third generatio...

Page 49: ...you read this chapter Encapsulation Method Encapsulation is used to include data from an upper layer protocol into a lower layer protocol To set up a WAN connection to the Internet you need to use the...

Page 50: ...pported by the VDSL2 standard In PTM packets are encapsulated directly in the High level Data Link Control HDLC frames It is designed to provide a low overhead transparent way of transporting packets...

Page 51: ...g Both an IPv6 address and IPv6 subnet mask compose of 128 bit binary digits which are divided into eight 16 bit blocks and written in hexadecimal notation Hexadecimal uses four bits for each characte...

Page 52: ...Transition Router AFTR in the graphic to connect to the IPv4 Internet The local network can also use IPv6 services The VDSL Router uses it s configured IPv6 WAN IP to route IPv6 traffic to the IPv6 I...

Page 53: ...us xDSL Statistics Table 6 Configuration WAN Internet WAN Status LABEL DESCRIPTION Name This displays the name of the WAN interface Status This shows Up if the connection to this interface is up other...

Page 54: ...sion targets Actual Delay This is the upstream and downstream interleave delay It is the wait in milliseconds that determines the size of a single block of data to be interleaved assembled and then tr...

Page 55: ...s ES This is the number of Errored Seconds meaning the number of seconds containing at least one errored block or at least one defect SES This is the number of Severely Errored Seconds meaning the num...

Page 56: ...the SFP transceiver s serial number provided by the vendor Revision This field displays the SFP transceiver s serial number revision level for part number Data Code This field displays the SFP transce...

Page 57: ...service name of the connection Type This shows whether it is an ATM PTM or Ethernet connection Mode This shows whether the connection is in routing or bridge mode Encapsulation This is the method of...

Page 58: ...Chapter 5 WAN Internet SBG5500 Series User s Guide 58 Figure 49 WAN Internet WAN Setup Add Edit Routing Mode...

Page 59: ...ver PTM or Ethernet the choices are PPPoE and IPoE If your connection type is ADSL over ATM the choices are PPPoE PPPoA IPoE and IPoA IPv4 IPv6 Mode Select IPv4 Only if you want the SBG to run IPv4 on...

Page 60: ...ge cell rate long term that can be transmitted Type the SCR which must be less than the PCR Note that system default is 0 cells sec This field is available only when you select VBR nrt or Realtime VBR...

Page 61: ...Identifier IAID of the device for example the WAN connection index number DUID Type Select DUID LLT to have the SBG use DUID LLT DUID Based on Link layer Address Plus Time for identification when exc...

Page 62: ...1048576 Ingress Bandwidth This is reserved for future use Enter the maximum amount of traffic in kilobits per second the SBG can receive from the network through the interface Allowed values are 0 10...

Page 63: ...way for the connectivity check Check This Address Select this to specify a domain name or IP address for the connectivity check Enter that domain name or IP address in the field next to it WAN MAC Add...

Page 64: ...u select Bridge you cannot use routing functions such as QoS Firewall DHCP server and NAT on traffic from the selected LAN port s VLAN Enable Select this to add the VLAN Tag specified below to the out...

Page 65: ...e The SBG uses the ADSL technology for data transmission over the DSL port Mode Select Bridge when your ISP provides you more than one IP address and you want the connected computers to get individual...

Page 66: ...te for applications with bursty connections that require closely controlled delay and delay variation Peak Cell Rate Divide the DSL line rate bps by 424 the size of an ATM cell to find the Peak Cell R...

Page 67: ...ss Default Gateway Enter the IP address of the next hop gateway The gateway is a router or switch on the same segment as your SBG s interface s The gateway helps forward packets to their destinations...

Page 68: ...the first IPv6 DNS server address assigned by the ISP DNS Server 2 Enter the second IPv6 DNS server address assigned by the ISP Tunnel This is available only when you select IPv6 Only in the IPv4 IPv6...

Page 69: ...Chapter 5 WAN Internet SBG5500 Series User s Guide 69 Figure 53 Configuration WAN Internet Mobile...

Page 70: ...ervice provider s base station Your ISP should provide the phone number For example 99 is the dial string to establish a GPRS or 3G or 4G connection in Taiwan APN Enter the APN Access Point Name provi...

Page 71: ...SBG takes the actions you specified when a limit is exceeded during the month Time Budget Select this option and specify the amount of time in hours that the 3G connection can be used within one month...

Page 72: ...sical Ethernet ports are shown at the bottom and the Ethernet interfaces are shown at the bottom of the screen Use the radio buttons to select for which interface network you want to use each physical...

Page 73: ...ng table describes the labels in this screen Table 15 Configuration WAN Internet Multi WAN LABEL DESCRIPTION Configuration Disconnect Connections Before Falling Back Select this to terminate existing...

Page 74: ...ns Select Least Load First to send new session traffic through the least utilized trunk member Select Spillover to send network traffic through the first interface in the group member list until there...

Page 75: ...terfaces form a ratio This ratio determines how much traffic the SBG assigns to each member interface The higher an interface s weight is relative to the weights of the interfaces the more sessions th...

Page 76: ...n 5 6 2 2 What Can Go Wrong There can only be one WAN connection configured as passive mode at a time If there is already a WAN connection configured as passive mode you will not be able to add or edi...

Page 77: ...tus This field displays whether the dynamic DNS is active or not A green ON button signifies that this dynamic DNS is active A gray OFF button signifies that this dynamic DNS is not active Profile Nam...

Page 78: ...core Spaces are not allowed Password Type the password provided by the DDNS provider You can use up to 32 alphanumeric characters and the underscore Spaces are not allowed DDNS Settings Domain Name Ty...

Page 79: ...designed to provide protection against noise on the DSL line It improves voice video and data transmission resilience by utilizing a retransmission buffer Click Configuration WAN Internet xDSL Advance...

Page 80: ...of ADSL generally functions better with splitters T1 413 ANSI T1 413 is a technical standard that defines the requirements for the single asymmetric digital subscriber line ADSL for the interface betw...

Page 81: ...FC 2364 for more information on PPPoA Refer to RFC 1661 for more information on PPP PPP over Ethernet PPPoE Point to Point Protocol over Ethernet PPPoE provides access control and billing functionalit...

Page 82: ...connection would be non time sensitive data file transfers Unspecified Bit Rate UBR The Unspecified Bit Rate UBR ATM traffic class is for bursty data transfers However UBR doesn t guarantee any bandwi...

Page 83: ...ecipient or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and not just 1 Internet Group Multicast Protocol IGMP is a networ...

Page 84: ...written as 2001 db8 1a2b 15 0 0 1a2f 0 Any number of consecutive blocks of zeros can be replaced by a double colon A double colon can only appear once in an IPv6 address So 2001 0db8 0000 0000 1a2f 00...

Page 85: ...e LAN IP address subnet mask and DHCP settings of your SBG Section 6 2 on page 87 Use the Static DHCP screen to assign IP addresses on the LAN to specific individual computers based on their MAC Addre...

Page 86: ...at an ISP disseminates the DNS server addresses The ISP tells you the DNS server addresses usually in the form of an information sheet when you sign up If your ISP gives you DNS server addresses enter...

Page 87: ...to show the interfaces currently connected to the SBG Name This shows the name of the LAN interface Status This shows Up if the SBG detect a connection through this port Otherwise it shows Down Tx Pkt...

Page 88: ...tus Click this to look at the current list of multicast groups the SBG has joined and which ports have joined it This is the multicast status table entry number Type This is the protocol used by the i...

Page 89: ...ix and prefix length you configured when you enable IPv6 on the LAN interface and set Address Assign This field displays 1 when the IPv6 address is assigned using IPv6 stateful autoconfiguration DHCPv...

Page 90: ...nd broadcast unknown multicast packets from the WAN to all LAN ports Select Blocking Mode to have the SBG block all unknown multicast packets from the WAN DHCP Setting DHCP Mode Select DHCP Server to...

Page 91: ...an Interface select the WAN interface that receives the DNS server address from its DHCP server Remote DHCP Server Enter the DHCP server s address so the SBG forwards DHCP requests to this address Thi...

Page 92: ...a 64 bit Extended Unique Identifier EUI to link locally without DHCP Select Manual to manually enter an interface ID for the LAN interface s global IPv6 address LAN Identifier Enter an interface ID f...

Page 93: ...cally and in response to router solicitations DHCPv6 server is disabled Stateful DHCP The SBG uses IPv6 stateful autoconfiguration The DHCPv6 server is enabled to have the SBG act as a DHCPv6 server a...

Page 94: ...dit Static DHCP If you click Add in the Static DHCP screen or Edit next to a static DHCP entry the following screen displays Table 24 Network Setting LAN Static DHCP LABEL DESCRIPTION Add Click this t...

Page 95: ...interface group Select Device Info If you select Manual Input you can manually type in the MAC address and IP address of a computer on your LAN You can also choose the name of a computer from the drop...

Page 96: ...Wake on LAN Screen Use this screen to turn on a device on the LAN network To use this feature the remote device must also support Wake On LAN Table 26 Configuration LAN Home Network Additional Subnet...

Page 97: ...Click Edit to open the following screen Figure 68 Wake On LAN Edit Table 27 Configuration LAN Home Network Wake on LAN LABEL DESCRIPTION Add Click this to add a new device to Wake on LAN Remove Selec...

Page 98: ...escribes the labels on this screen Table 28 Configuration LAN Home Network Wake on LAN LABEL DESCRIPTION Wake From Manual Type MAC Select this to enter the MAC address of the device to turn it on remo...

Page 99: ...e 70 VLAN Interface Group Add Edit VLAN Group Remove Click Remove to delete an interface group This shows the index number of the interface group Mode This shows VLAN when this is a VLAN group This sh...

Page 100: ...ck this check box to create a VLAN group Interface Group To Bridge Bundle WAN Interfaces Click this check box to create an interface group 802 1p IEEE 802 1p defines up to 8 separate traffic types by...

Page 101: ...traffic through tagged member ports of this group A VLAN ID cannot be assigned to more than one group Interfaces This shows the LAN ports included in the VLAN group and if traffic leaving the port wil...

Page 102: ...ABEL DESCRIPTION WAN Type Select the current WAN connection type WAN Interface Select the current WAN interface OK Click OK to save your changes Cancel Click Cancel to exit this screen without saving...

Page 103: ...wing screen DHCP Option 61 Click this to enter the Identity Association IDentifier IAD Option 61 of the matched traffic such as the MAC address of the device Type the DHCP Unique Identifier DUID you w...

Page 104: ...etwork DNS Forwarder LABEL DESCRIPTION Add Click this to add a domain zone forwarder record Edit Select an existing domain zone forwarder record and click Edit to modify it Remove Click this to delete...

Page 105: ...ame Enter the domain zone in this field A domain zone is a fully qualified domain name without the host For example zyxel com tw is a wildcard domain zone for the www zyxel com tw fully qualified doma...

Page 106: ...G supports the IPCP DNS server extensions through the DNS proxy feature Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions It does not mean you can leave the DNS se...

Page 107: ...en your two branch offices you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has reserved the following three blocks of IP addresses sp...

Page 108: ...R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router R3 connected to the LA...

Page 109: ...the Routing Flow section the related routes activated will display in the Routing Table section To access this screen click Configuration Routing Routing Status Note Once a packet matches the criteri...

Page 110: ...ting SBG5500 Series User s Guide 110 Figure 81 Configuration Routing Routing Status Policy Route Figure 82 Configuration Routing Routing Status L2TP Server Figure 83 Configuration Routing Routing Stat...

Page 111: ...Chapter 7 Routing SBG5500 Series User s Guide 111 Figure 84 Configuration Routing Routing Status Static Route Figure 85 Configuration Routing Routing Status Dynamic Route RIP...

Page 112: ...Chapter 7 Routing SBG5500 Series User s Guide 112 Figure 86 Configuration Routing Routing Status Multi WAN Figure 87 Configuration Routing Routing Status Main Table...

Page 113: ...name of an interface associated with the route The following fields are available if you click Policy Route in the Routing Flow section This is the number of an individual policy route Status This fie...

Page 114: ...amic route Destination This indicates the destination IP address of this route Gateway IP This indicates the IP address of the gateway that helps forward this route s traffic Interface This indicates...

Page 115: ...C Up Cache The route is up and it is a cache entry Reject The route is blocked and will force a route lookup to fail G Gateway The route uses a gateway to forward traffic H Host The target of the rout...

Page 116: ...A gray OFF button signifies that this route is not active Click the slide button to enable and disable the policy router Name This field displays the descriptive name of the policy route Source IP Thi...

Page 117: ...t you specify Criteria Source Use this section to configure where the packets are coming from in this policy route Address Select Any if the policy route will receive packets from all IP addresses Sel...

Page 118: ...address object to which the packets go Destination Port Enter the port number 1 65535 to which the packets go The SBG applies the policy route to the packets that go to the corresponding service port...

Page 119: ...ect one or more static routes and click this to enable them Multiple Entries Turn Off Select one or more static route and click this to disable them This is the index number of the static route Status...

Page 120: ...of the final destination Subnet Mask Enter the IP subnet mask here If you are using IPv4 and need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to f...

Page 121: ...n RIP version RIPv1 is probably adequate for most networks unless you have an unusual network topology Operation Select Passive to have the SBG update the routing table based on the RIP packets receiv...

Page 122: ...e 131 Use the ALG screen to enable and disable the NAT and SIP VoIP ALG in the SBG Section 8 6 on page 133 8 1 2 What You Need To Know Inside Outside Inside outside denotes where a host is located rel...

Page 123: ...known services or where one server can support more than one service for example both FTP and web service it might be better to specify a range of port numbers You can allocate a server IP address tha...

Page 124: ...of the rule Status This field displays whether the rule is active or not A green ON button signifies that this rule is active A gray OFF button signifies that this rule is not active Click the slide b...

Page 125: ...Port This is the last internal port number that identifies a service Table 42 Configuration NAT Port Forwarding continued LABEL DESCRIPTION Table 43 Port Forwarding Add Edit LABEL DESCRIPTION Enable...

Page 126: ...ch time you want a different LAN computer to use the application For example WAN IP Enter the WAN IP address for which the incoming service is destined If the packet s destination IP address doesn t m...

Page 127: ...e minutes with UDP User Datagram Protocol or two hours with TCP IP Transfer Control Protocol Internet Protocol Click Configuration NAT Port Triggering to open the following screen Use this screen to v...

Page 128: ...ed Trigger Start Port The trigger port is a port or a range of ports that causes or triggers the SBG to record the IP address of the LAN computer that sent the traffic to a server on the WAN This is t...

Page 129: ...onfigure port triggering rules Trigger Protocol Select the transport layer protocol from TCP UDP or TCP UDP Starting Port The trigger port is a port or a range of ports that causes or triggers the SBG...

Page 130: ...al IP address Note that port numbers do not change for the One to one NAT mapping type Many to One Source NAT This mode maps multiple local IP addresses to one global IP address This is equivalent to...

Page 131: ...multiple local IP addresses to one global IP address This is equivalent to SUA that is PAT port address translation the SBG s Single User Account feature that previous routers supported only Many to M...

Page 132: ...ce group that was created in the Configuration LAN Home Network VLAN Interface Group screen Default Server Address This shows the IP address of the default server Table 49 Default Server Edit LABEL DE...

Page 133: ...file transfer in IM applications work correctly with port forwarding and address mapping rules FTP ALG Turn on the FTP ALG to detect FTP File Transfer Program traffic and help build FTP sessions throu...

Page 134: ...e simplest form NAT changes the source IP address in a packet received from a subscriber the inside local address to another the inside global address before forwarding the packet to the WAN side When...

Page 135: ...esses to globally unique ones required for communication with hosts on other networks It replaces the original IP source address and TCP or UDP source port numbers for Many to One and Many to Many Ove...

Page 136: ...Example Let s say you want to assign ports 21 25 to one FTP Telnet and SMTP server A in the example port 80 to another B in the example and assign a default server IP address of 192 168 1 35 to a thir...

Page 137: ...slation NAT SBG5500 Series User s Guide 137 example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 107 Multiple...

Page 138: ...Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 108 Default Firewall Action...

Page 139: ...queue is full the system will ignore all incoming SYN requests making the system unavailable for legitimate users DoS Denials of Service DoS attacks are aimed at devices and networks with a connection...

Page 140: ...on server the SBG supports Local user database The SBG uses the built in local user database to authenticate administrative users logging into the SBG s Web Configurator or network access users loggin...

Page 141: ...the DoS Protection Blocking check box to activate protection against DoS attacks Then click Apply to save your settings Figure 110 Configuration Firewall Security DoS 9 4 The Firewall Rules Screen Th...

Page 142: ...e or more rules and click this to disable them This is the index number of the rule Status This field displays whether the firewall rule is active or not A green ON button signifies that this firewall...

Page 143: ...Order Select an existing number for where you want to put this firewall rule to move the firewall rule to the number you selected after clicking OK Ordering your rules is important because the SBG ap...

Page 144: ...t select Any enter the destiniation IP address in this field Select Service Select the transport layer protocol that defines your customized port from the drop down list box The specific protocol rule...

Page 145: ...ws the interfaces this service is allowed access to the SBG from the WAN Trust Domain This shows a check icon if the service is allowed access to the SBG from the Trust Domain Port This field displays...

Page 146: ...Configuration Firewall Security Device Service LABEL DESCRIPTION Table 56 Device Service Edit LABEL DESCRIPTION Service This is the service you may use to access the SBG Port You may change the server...

Page 147: ...ackets to which they apply Click Configuration Firewall Security Zone Control to display the following screen Figure 116 Configuration Firewall Security Zone Control Table 57 Trust Domain Add Edit LAB...

Page 148: ...aveling from a computer on one LAN subnet to a computer on another LAN subnet on the LAN interface of the device You can define the EXTRA zone to include the VPN connection The Router zone can only be...

Page 149: ...ied to a certain feature This is the index number of the rule Rule Name This is the name of the rule Days This shows the day s on which this rule is enabled Green days show when the rule is enabled Gr...

Page 150: ...een Figure 120 Service Add Edit Table 61 Configuration Firewall Security Service LABEL DESCRIPTION Add Click this to add a new service Edit Click this to modify an existing service Remove Click this t...

Page 151: ...board characters including spaces for your customized port Description Enter a description for your customized port Protocol Choose the IP protocol TCP UDP ICMP Other or ICMPv6 that defines your custo...

Page 152: ...or more MAC filter rules and click this to disable them Status This field displays whether the MAC filter rule is active or not A green ON button signifies that this MAC filter rule is active A gray...

Page 153: ...e LABEL DESCRIPTION My Certificate Settings Trusted CA Settings Add Click this to create a new certificate Select a rule and click Add to create a new certificate after the selected entry Remove To re...

Page 154: ...and country Valid From This field displays the date that the certificate becomes applicable The text displays in red and includes a Not Yet Valid message if the certificate has not yet become applicab...

Page 155: ...create a new server Select a rule and click Add to create a new server after the selected entry Edit Double click a server or select it and click Edit to open a screen where you can modify the server...

Page 156: ...ect this if the server checks the case of the user names Server Authentication Bind DN Specify the bind DN for logging into the LDAP server Enter up to 127 alphanumerical characters For example cn zyx...

Page 157: ...aracters Server Settings Server Address Enter the IP address or FQDN of the RADIUS authentication server Authentication Port Specify the port number on the RADIUS server to which the SBG sends authent...

Page 158: ...ernal authentication server and the SBG The key is not sent over the network This key must be the same on the external authentication server and the SBG User Login Settings Group Membership Attribute...

Page 159: ...splay and manage active IPsec VPN connections Section 10 5 on page 163 Use the PPTP VPN screen to configure the PPTP VPN settings in the SBG Section 10 6 on page 176 Use the L2TP VPN screen to configu...

Page 160: ...rs on the local network and remote network The following figure illustrates this Figure 128 VPN IKE SA and IPsec SA In this example a computer in network A is exchanging data with a computer in networ...

Page 161: ...de the office When you connect to a remote network B through a PPTP VPN all of your traffic goes through the PPTP VPN gateway X Figure 129 PPTP VPN Example L2TP VPN The Layer 2 Tunneling Protocol L2TP...

Page 162: ...ly My Address This field displays the interface the VPN gateway uses Secure Gateway This field displays the peer gateway address of the IPsec router with which you are making the VPN connection Up Tim...

Page 163: ...VPN gateway Use Connection Configuration to specify which IPsec VPN gateway an IPsec VPN connection policy uses which devices behind the IPsec routers can use the VPN tunnel and the IPsec SA settings...

Page 164: ...this VPN gateway My Address This field displays the interface the VPN gateway uses Secure Gateway This field displays the peer gateway address of the IPsec router with which you are making the VPN co...

Page 165: ...to site with Dynamic Peer Choose this if the remote IPsec router has a dynamic IP address Only the remote IPsec router can initiate the VPN tunnel Remote Access Server Role Choose this to allow incom...

Page 166: ...PTION Show Advanced Settings Hide Advanced Settings Click this button to display a greater or lesser number of configuration fields General Settings Enable Select the check box to activate this VPN ga...

Page 167: ...es to using the secondary connection the SBG will reconnect to the primary address when it becomes available again and stop using the secondary connection Users will lose their VPN connection briefly...

Page 168: ...ified by he IP address specified in the My Address field Content This field is read only if the SBG and remote IPsec router use certificates to identify each other Type the identity of the SBG during...

Page 169: ...nabled IPsec rules When the default IPsec rule Default_L2TP_VPN_GW is enabled if you want to add a new Remote Access IPsec rule you can use phase 1 Encryption Authentication and Key Group pair DES MD5...

Page 170: ...There are one or more NAT routers between the SBG and remote IPsec router and these routers do not support IPsec pass thru or a similar feature The remote IPsec router must also enable NAT traversal a...

Page 171: ...if one of the routers the SBG or the remote IPsec router verifies a user name and password from the other router using the local user database and or an external server Allowed Auth Method This displ...

Page 172: ...splay a greater or lesser number of configuration fields General Settings Enable Select the check box to activate this VPN connection Connection Name Type the name used to identify this IPsec SA You m...

Page 173: ...remote IPsec device You can also specify a subnet This must match the local IP address configured on the remote IPsec device Full Tunnel Select this check box if you need the SBG to send packets thro...

Page 174: ...icate packet data in the IPsec SA Choices are SHA1 SHA256 and SHA512 SHA is generally considered stronger than MD5 but it is also slower The SBG and the remote IPsec router must both have a proposal t...

Page 175: ...he right Use that IP address for the client device to connect c The WAN interface which the SBG s PPTP VPN is using is not connected Action From the SBG s GUI click Status Check if the WAN interface t...

Page 176: ...nected b The access group is not configured correctly From the SBG s GUI go to VPN PPTP VPN to check Note that all local hosts are by default accessible unless access group is configured c IP Address...

Page 177: ...Group optional Specify up to 2 LAN groups subnets which a PPTP VPN client is allowed to access If none is specified all LAN groups can be accessed Enter the IP address and Subnet Mask for the LAN gro...

Page 178: ...SBG s GUI click VPN PPTP VPN Check Enable check box and click Apply e PPTP is not configured correctly on the client device Action Check the PPTP VPN configuration on the client device f The client en...

Page 179: ...any WAN LAN DMZ WLAN or L2TP VPN subnet configured on the SBG Note that the IP Address Pool for PPTP VPN has a 24 bit netmask and should not conflict with any others listed above even if they are not...

Page 180: ...s subnets which a L2TP VPN client is allowed to access If none is specified all LAN groups can be accessed Enter the IP address and Subnet Mask for the LAN group s Keep Alive Timer The SBG sends a Hel...

Page 181: ...act as a L2TP VPN client Also the screen varies depending on which option you select here Enable Select the check box to enable the SBG s L2TP VPN function as a client Default Route Enable Select the...

Page 182: ...ype Select PAP or and CHAP as your authentication method s PAP Password Authentication Protocol The L2TP server will crosscheck the username and password sent by the client with the database for authe...

Page 183: ...Check the L2TP VPN configuration on the client device g The client entered an incorrect user name or password Action From the SBG s GUI click Maintenance User Account The client should use one of the...

Page 184: ...en a new DNS Server is configured the client must disconnect then reconnect in order for the new DNS Server to take effect 7 The L2TP client can no longer connect to SBG after the Encryption or Authen...

Page 185: ...ES SHA1 DH2 6 DES MD5 DH2 Table 77 Phase 2 IPsec proposals provided by the built in L2TP client in popular operating systems Tunnel Mode Encryption Authentication Encapsulation Transport WINDOWS XP WI...

Page 186: ...ys the name of the L2TP Network Server Server WAN IP This field displays the WAN IP address of the L2TP Network Server Client WAN IP This field displays the WAN IP address of the L2TP client Server L2...

Page 187: ...m describes the use of encryption techniques such as DES Data Encryption Standard and Triple DES algorithms The Authentication Algorithms HMAC MD5 RFC 2403 and HMAC SHA 1 RFC 2404 provide an authentic...

Page 188: ...y use of portions of the original IP header in the hashing process Tunnel Mode Tunnel mode encapsulates the entire IP packet to transmit it securely A Tunnel mode is required for gateway services to p...

Page 189: ...Hellman public key cryptography key group Set the IPsec SA lifetime This field allows you to determine how long the IPsec SA should stay up before it times out The SBG automatically renegotiates the I...

Page 190: ...psulates the entire original packet including headers in a new IP packet The new IP packet s source address is the outbound address of the sending VPN gateway and its destination address is the inboun...

Page 191: ...ith NAT in tunnel and transport modes is summarized in the following table Y This is supported in the SBG if you enable NAT traversal 10 9 7 ID Type and Content With aggressive negotiation mode see Se...

Page 192: ...a public key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel Diffie Hellman is used within IKE SA setup to establish session keys 76...

Page 193: ...10 VPN SBG5500 Series User s Guide 193 supported Upon completion of the Diffie Hellman exchange the two peers have a shared secret but the IKE SA is not authenticated For authentication use pre share...

Page 194: ...ency delay and a low level of jitter variations in delay such as Voice over IP VoIP or Internet gaming and those for which jitter alone is a problem such as Internet radio or streaming video This chap...

Page 195: ...e transmitted with a pre configured data transmission rate using buffers or queues Your SBG uses the Token Bucket algorithm to allow a certain amount of large bursts while keeping a limit at the avera...

Page 196: ...than the interfaces actual transmission speed The SBG uses up to 95 of the DSL port s actual upstream transmission speed even if you set this number higher than the DSL port s actual transmission spee...

Page 197: ...e Automatically assign priority based on the first three bits of the TOS field in the IP header Packet Length Automatically assign priority based on the packet size Smaller packets get higher priority...

Page 198: ...this queue Interface This shows the name of the SBG s interface through which traffic in this queue passes Priority This shows the priority of this queue Weight This shows the weight of this queue Bu...

Page 199: ...the priority level from 1 to 8 of this queue The smaller the number the higher the priority level Traffic assigned to higher priority queues gets through faster while traffic in lower priority queues...

Page 200: ...een ON button signifies that this classifier is active A gray OFF button signifies that this classifier is not active Click the slide button to turn on or turn off the classifier Class Name This is th...

Page 201: ...le this classifier Class Name Enter a descriptive name for the classifier You can use up to 31 alphanumeric characters it must begin with a letter The valid characters are 0 9 a z A Z _ Order Select a...

Page 202: ...he specified criteria from this classifier Destination Criteria Configuration Address Select the check box and enter the source IP address in dotted decimal notation A blank source IP address means an...

Page 203: ...Type field If you select this option the matched TCP packets must contain the ACK Acknowledge flag Exclude Select this option to exclude the packets that match the specified criteria from this classif...

Page 204: ...n you take this action Multiple Entries Turn On Select one or more policers and click this to enable them Multiple Entries Turn Off Select one ore more policers and click this to disable them This is...

Page 205: ...be transmitted Each token represents one byte The algorithm allows bursts of up to b bytes which is also the bucket size The Single Rate Three Color Marker srTCM is based on the token bucket filter a...

Page 206: ...ter the DSCP mark value to use The packets may be dropped if there is congestion on the network Non Conforming Action Specify what the SBG does for packets that exceed the excess burst size or peak ra...

Page 207: ...shapers and click this to disable them This is the index number of the entry Status This field displays whether the shaper is active or not A green ON button signifies that this shaper is active A gra...

Page 208: ...ice TOS field in the IP header The DS field contains a 2 bit unused field and a 6 bit DSCP field which can define up to 64 service levels The following figure illustrates the DS field DSCP is backward...

Page 209: ...1p priority level IP precedence and or packet length to assign priority to traffic which does not match a class The following table shows you the internal layer 2 and layer 3 QoS mapping on the SBG On...

Page 210: ...hat may cause outgoing packets to be dropped A larger transmission rate requires a big bucket size For example use a bucket size of 10 kbytes to get the transmission rate up to 10 Mbps Single Rate Thr...

Page 211: ...priority levels High packet loss priority level is referred to as red medium is referred to as yellow and low is referred to as green The trTCM is based on the token bucket filter and has two token bu...

Page 212: ...ionality which allows a manager station to manage and monitor the SBG through the network The SBG supports SNMP version one SNMPv1 and version two SNMPv2c The next figure illustrates an SNMP managemen...

Page 213: ...perations Set Allows the manager to set values for object variables within an agent Trap Used by the agent to inform the manager of some events Click Configuration Network Management SNMP to open the...

Page 214: ...p Destination Type the IP address of the station to send your SNMP traps to Apply Click Apply to save your changes back to the SBG Reset Click Reset to restore your previously saved settings Table 95...

Page 215: ...empted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts display in red and logs...

Page 216: ...lay filter is available If the filter settings are shown the Display Priority Source Address Destination IP Address Source Interface Destination Interface Protocol Keyword Search and Reset fields are...

Page 217: ...face of the destination of the incoming packet when the log message was generated Keyword Type a keyword of the policy service available from SBG to search for a log Search This displays when you show...

Page 218: ...rn Off Select one or more entries and click this to disable them This field is a sequential value and it is not associated with a specific log Status This field displays whether the log setting is act...

Page 219: ...ts for all log categories enable normal logs and debug logs yellow check mark send the remote server log messages alerts and debugging information for all log categories This field is a sequential val...

Page 220: ...vious screen Cancel Click this to return to the previous screen without saving your changes Table 99 Configuration Log Report Log Settings Edit USB LABEL DESCRIPTION Table 100 Configuration Log Report...

Page 221: ...when the log is e mailed Password This box is effective when you select the SMTP Authentication check box Type the password to provide to the SMTP server when the log is e mailed Retype to Confirm Ty...

Page 222: ...n the Log Viewer tab The Default category includes debugging messages generated by open source software System Log Select which events you want to log by Log Category There are three choices disable a...

Page 223: ...kinds of messages are included in log information in the Log Settings section Log Format This field displays the format of the log information It is read only VRPT Syslog Zyxel s Vantage Report syslo...

Page 224: ...gory of messages It is the same value used in the Display and Category fields in the Log Viewer tab The Default category includes debugging messages generated by open source software Selection Select...

Page 225: ...e LABEL DESCRIPTION Service License Status This is the entry s position in the list Service This lists the services that are available on the SBG Status This field displays the status of your service...

Page 226: ...maximum number of users that may connect to the SBG at the same time or how many managed APs the SBG can support with your current license It displays 0 if this field does not apply to a service Serv...

Page 227: ...er a descriptive name to identify your SBG This name can be up to 64 alphanumeric characters long Spaces are not allowed but dashes underscores _ and periods are accepted Domain Name Enter the domain...

Page 228: ...reen to view and manage the clients that you added to the host list Figure 161 Maintenance Host Name List The following table describes the labels in this screen 16 2 1 Add Host Name Click Add to crea...

Page 229: ...e host device manually You can also enter a device s IP address and click Get to obtain its MAC address Member List Select a member device from the drop down list Get MAC Address From IP Enter the IP...

Page 230: ...gure system related settings such as system time and the daylight saving setup 17 2 The Date Time Screen To change your SBG s time and date click Maintenance Date Time The screen appears as shown Use...

Page 231: ...time starts in most parts of the United States on the second Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States set the...

Page 232: ...7 Date Time SBG5500 Series User s Guide 232 Apply Click Apply to save your changes back to the SBG Reset Click Reset to restore your previously saved settings Table 106 Maintenance Date Time LABEL DES...

Page 233: ...re 164 Maintenance User Account The following table describes the labels in this screen Table 107 Maintenance User Account LABEL DESCRIPTION Add Click this to configure a new user account Edit Select...

Page 234: ...ce User Account continued LABEL DESCRIPTION Table 108 Users Configuration Add Edit LABEL DESCRIPTION User Name This field is read only if you are editing the user account Enter a descriptive name for...

Page 235: ...G locks the user out Idle Timeout Enter the number of minutes that the system can idle before being logged out Lock Period Enter the number of minutes for the lockout period A user cannot log into the...

Page 236: ...eed To Know The following terms and concepts may help as you read this chapter Workgroup name This is the name given to a set of computers that are connected on a network and share resources such as a...

Page 237: ...g systems refer to your systems specifications for CIFS compatibility 19 1 2 Before You Begin Make sure the SBG is connected to your network and turned on 1 Connect the USB device to one of the SBG s...

Page 238: ...Edit Select a share and click Edit to modify it Remove Select a share and click Remove to delete it Multiple Entries Turn On Select one or more shares and click this to enable them Multiple Entries T...

Page 239: ...ance USB Storage LABEL DESCRIPTION Table 110 USB Storage Add LABEL DESCRIPTION Volume Select the name of the USB where the file you want to share is located Share Path Select a file drop down list to...

Page 240: ...inistration and Maintenance packet to verify the connectivity of a specific PVC Section 20 4 on page 242 The Packet Capture screen to capture packets going through the SBG Section 20 5 on page 244 20...

Page 241: ...ostic Network Tools LABEL DESCRIPTION Ping TraceRoute Test Bound Interface Choose a connected interface from the drop down list LAN WAN to perform the ping tracer route test Address Type the URL or IP...

Page 242: ...ress Enter the target device s MAC address to which the SBG performs a CFM loopback test 802 1Q VLAN ID Type a VLAN ID 0 4095 for this MA VDSL Traffic Type This shows whether the VDSL traffic is activ...

Page 243: ...he same VPI as the user data cells on VP connections but use different predefined VCI values F5 cells use the same VPI and VCI as the user data cells on the VC connections and are distinguished from d...

Page 244: ...Packet Capture to open the packet capture screen Note New capture files overwrite existing files of the same name Change the File Suffix field s setting to avoid this Table 113 Maintenance Diagnostic...

Page 245: ...the port This displays Ready when the USB is ready for capture This displays Unmount USB to confirm you can remove your USB drive safely This displays Capturing when the packet is in process of being...

Page 246: ...tart another capture Capture Duration Set a time limit in seconds for the capture The SBG stops the capture and generates the capture file when either this period of time has passed Capture File Size...

Page 247: ...ecific model Refer to the label on the bottom of your SBG 21 2 The Firmware Screen Click Maintenance Firmware Upgrade to open the following screen The upload process uses HTTP Hypertext Transfer Proto...

Page 248: ...t firmware version Released Date This shows the date the present firmware was released Upgrade Click the Upgrade icon to open a new screen where you Browse the location of the bin file you want to Upl...

Page 249: ...XEL website and upload it to the SBG Click Maintenance Firmware Upgrade Mobile Profile to open the following screen The upload process uses HTTP Hypertext Transfer Protocol and may take up to two minu...

Page 250: ...restoring configuration appears in this screen as shown next Figure 179 Maintenance Backup Restore Backup Configuration Backup Configuration allows you to back up save the SBG s current configuration...

Page 251: ...uration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address 192 168 1 1 If the upload was not successful the following screen...

Page 252: ...or 23 2 The Language Screen Click Maintenance Language to open the following screen Figure 182 Maintenance Language Select the language of your preference and click Apply to save your changes to the S...

Page 253: ...tdown Screen System restart allows you to reboot the SBG remotely without turning the power off You may need to do this if the SBG hangs for example Click Maintenance Restart Shutdown Click Restart to...

Page 254: ...on 2 Make sure you are using the power adaptor or cord included with the SBG 3 Make sure the power adaptor or cord is connected to the SBG and plugged in to an appropriate power source Make sure the...

Page 255: ...ts See Section 1 6 on page 18 I cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the...

Page 256: ...log out 3 Turn the SBG off and on 4 If this does not work you have to reset the device to its factory defaults See Section 25 1 on page 254 I cannot Telnet to the SBG See the troubleshooting suggestio...

Page 257: ...sure you turn off the DHCP feature in the Configuration LAN Home Network LAN Setup screen to have the clients get WAN IP addresses directly from your ISP s DHCP server I cannot connect to the Interne...

Page 258: ...0 Series User s Guide 258 2 Reboot the SBG 3 If you are connecting a USB hard drive that comes with an external power supply make sure it is connected to an appropriate power source that is on 4 Re co...

Page 259: ...nformation Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief des...

Page 260: ...om pk Philippines Zyxel Philippines http www zyxel com ph Singapore Zyxel Singapore Pte Ltd http www zyxel com sg Taiwan Zyxel Communications Corporation http www zyxel com tw zh Thailand Zyxel Thaila...

Page 261: ...Republic Zyxel Communications Czech s r o http www zyxel cz Denmark Zyxel Communications A S http www zyxel dk Estonia Zyxel Estonia http www zyxel com ee et Finland Zyxel Communications http www zyx...

Page 262: ...elux http www zyxel nl Norway Zyxel Communications http www zyxel no Poland Zyxel Communications Poland http www zyxel pl Romania Zyxel Romania http www zyxel com ro ro Russia Zyxel Russia http www zy...

Page 263: ...raine http www ua zyxel com Latin America Argentina Zyxel Communication Corporation http www zyxel com ec es Brazil Zyxel Communications Brasil Ltda https www zyxel com br pt Ecuador Zyxel Communicati...

Page 264: ...User s Guide 264 North America USA Zyxel Communications Inc North America Headquarters http www zyxel com us en Oceania Australia Zyxel Communications Corporation http www zyxel com au en Africa South...

Page 265: ...Reorient or relocate the receiving antenna Increase the separation between the devices Connect the equipment to an outlet other than the receiver s Consult a dealer or an experienced radio TV technici...

Page 266: ...ices allowed to be connected to a telephone interface The termination of an interface may consist of any combination of devices subject only to the requirement that the sum of the RENs of all the devi...

Page 267: ...IT CONFORME SELON 21 CFR 1040 10 ET 1040 11 Environment Statement ErP Energy related Products Zyxel products put on the EU market in compliance with the requirement of the European Parliament and the...

Page 268: ...roperty damage The meaning of these symbols are described below It is important that you read these descriptions thoroughly and fully understand the contents Explanation of the Symbols Viewing Certifi...

Page 269: ...ement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or...

Page 270: ...250 reset 251 restoring 251 static route 119 234 Connectivity Check Messages see CCMs contact information 259 copyright 265 CoS 208 CoS technologies 195 customer support 259 D DDoS 139 default server...

Page 271: ...hange 188 Internet Protocol Security See IPsec Internet Protocol version 6 50 Internet Service Provider see ISP IP address 86 106 ping 241 private 107 WAN 50 IP Address Assignment 82 IP alias NAT appl...

Page 272: ...negotiation mode 189 Network Address Translation see NAT Network Map 45 NNTP 136 O outside header 188 P passwords 20 21 Per Hop Behavior see PHB 208 PHB 208 Ping of Death 139 Point to Point Tunneling...

Page 273: ...106 SYN attack 139 syslog protocol 215 severity levels 215 system firmware 247 passwords 20 21 reset 18 status 45 T Tag Control Information See TCI Tag Protocol Identifier See TPID TCI The 50 TPID 83...

Page 274: ...Index SBG5500 Series User s Guide 274 Wide Area Network see WAN 48 warranty 269 note 269 web configurator 20 login 20 passwords 20 21 wizard setup Internet 27 Z Zone Control 147...

Reviews:

No comments

Brands by name

Popular brands

Load more brands