MitraStar DSL-100HNU-T1 v3 Скачать руководство пользователя страница 151 | Manualshive

Страница: 151 / 235

background image

14

Chapter

Chapter 14 Firewall

151

C

HAPTER

14

Chapter 14

Firewall

14.1 Overview

This chapter shows you how to enable the Device firewall. Use the firewall to protect your Device

and network from attacks by hackers on the Internet and control access to it. The firewall:

• allows traffic that originates from your LAN computers to go to all other networks.
• blocks traffic that originates on other networks from going to the LAN.
• blocks SYN and port scanner attacks.

By default, the Device blocks DDOS, LAND and Ping of Death attacks whether the firewall is enabled

or disabled.

The following figure illustrates the firewall action. User

A

can initiate an IM (Instant Messaging)

session from the LAN to the WAN (1). Return traffic for this session is also allowed (2). However

other traffic initiated from the WAN is blocked (3 and 4).

Figure 98

Default Firewall Action

WAN

LAN

3
4

1
2

A

14.1.1 What You Can Do in the Firewall Screens

• Use the

General

screen (

Section 14.2 on page 153

) to select the firewall protection level on the

Device.

• Use the

Default Action

screen (

Section 14.3 on page 154

) to set the default action that the

firewall takes on packets that do not match any of the firewall rules.

«
...
149
150
151
152
153
...
»

Содержание DSL-100HNU-T1 v3

Страница 1: ...014 MitraStar Technology Corp Firmware Version 1 14 Edition 1 12 2014 Default Login Details http 192 168 1 1 User Name admin Password 1234 DSL 100HNU T1 v3 802 11n 2x2 Wireless ADSL2 4 port Gateway Us...

Страница 2: ...to differences in operating systems operating system versions or if you installed updated firmware software for your device Every effort has been made to ensure that the information in this manual is...

Страница 3: ...5 Overview 15 Accessing the Web Configurator 17 The Web Configurator Layout 17 Title Bar 18 Main Window 19 Chapter 3 Quick Start 19 Overview 19 Quick Start Setup 22 Chapter 4 Connection Status and Sys...

Страница 4: ...ion 56 More Secure WPA2 PSK 57 WPA2 Authentication 59 More AP Screen 60 Edit More AP 61 MAC Authentication Screen 63 The WPS Screen 65 The WDS Screen 67 The WMM Screen 68 Scheduling Screen 69 Add or E...

Страница 5: ...c Route Edit 112 Chapter 9 Quality of Service QoS 112 Overview 112 What You Can Do in this Chapter 112 What You Need to Know 113 The QoS General Screen 114 The Queue Setup Screen 115 Edit a QoS Queue...

Страница 6: ...Screens 146 The IP MAC Filter Screen 148 The IPv6 MAC Filter Screen 151 Chapter 14 Firewall 151 Overview 151 What You Can Do in the Firewall Screens 152 What You Need to Know About Firewall 153 Firewa...

Страница 7: ...or 181 Overview 181 What You Can Do in this Chapter 181 What You Need To Know 182 The Log Screen 183 The WAN Traffic Status Screen 184 The LAN Traffic Status Screen 185 The NAT Traffic Status Screen 1...

Страница 8: ...WW Screen 205 Configuring the WWW Screen 206 Telnet Screen 207 FTP Screen 208 SNMP Screen 209 Configuring SNMP 210 DNS Screen 211 ICMP Screen 212 SSH Screen 213 SSH Example 216 Chapter 26 Diagnostic 2...

Страница 9: ...ia a 3G wireless card or share files via a USB memory stick or a USB hard drive The Device can also function as a print server with an USB printer connected Only use firmware for your Device s specifi...

Страница 10: ...ice s LAN ports or wirelessly Figure 1 Device s Router Features DSL LAN Configure firewall and filtering features on the Device for secure Internet access Set the firewall to allow responses from the...

Страница 11: ...button Figure 2 Wireless Access Example 1 5 1 Using the WLAN WPS Button By default the Device s wireless network is enabled To turn it off simply press the WPS WLAN button on top of the Device for ov...

Страница 12: ...the RESET button at the back of the device to reload the factory default configuration file This means that you will lose all configurations that you had previously and the user name and password wil...

Страница 13: ...ng with other wireless clients Orange Blinking The Device is setting up a WPS connection Off The wireless network is not activated DSL Green On The DSL line is up Blinking The DSL line is initializing...

Страница 14: ...Chapter 1 Introduction 14...

Страница 15: ...eb configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions e...

Страница 16: ...gain 5 The following screen displays if you have not yet changed your password It is strongly recommended you change the default password Enter a new password retype it to confirm and click Apply alte...

Страница 17: ...information 2 2 The Web Configurator Layout Click Connection Status System Info to show the following screen Figure 7 Web Configurator Layout B C A a b As illustrated above the main screen is divided...

Страница 18: ...est of this document Click LAN Device on the System Info screen a in Figure 7 on page 17 to display the Connection Status screen See Chapter 4 on page 24 for more information on the System Info and Co...

Страница 19: ...eless settings See the rest of this guide for background information on the features in this chapter 3 2 Quick Start Setup 1 The Quick Start Wizard appears automatically after login Or you can click t...

Страница 20: ...r 3 Quick Start 20 2 Enter your Internet connection information in this screen The screen and fields to enter may vary depending on your current connection type Click Next Figure 10 WAN Interface Sele...

Страница 21: ...LAN on or off If you keep it on record the security settings so you can configure your wireless clients to connect to the Device Click Save Figure 11 Internet Connection 4 Your Device saves your sett...

Страница 22: ...rfaces LAN WAN and WLAN and SIP accounts You can also register and unregister SIP accounts If you click Virtual Device on the System Info screen a visual graphic appears showing the connection status...

Страница 23: ...cted LAN devices in a list click List View in the Viewing mode selection box Figure 13 Connection Status List View In Icon View if you want to view information about a client click the client s name a...

Страница 24: ...field is described in the following table Table 2 System Info Screen LABEL DESCRIPTION Refresh Interval Select how often you want the Device to update this screen from the drop down list box Device In...

Страница 25: ...ws the first and second DNS server address assigned by the ISP LAN Information IP Address This field displays the current IP address of the Device in the LAN IP Subnet Mask This field displays the cur...

Страница 26: ...iFi interface Security Firewall This shows whether or not the firewall is enabled on System Status DSL UpTime This field displays how long the DSL connection has been active System Uptime This field d...

Страница 27: ...Interface This column displays each interface the Device has Status This field indicates whether or not the Device is using the interface For the LAN interfaces this field displays Up when the Device...

Страница 28: ...t connects your private networks such as a LAN Local Area Network and other networks so that a computer in one location can communicate with computers in other locations Figure 15 LAN and WAN WAN LAN...

Страница 29: ...address to connect to the Internet and communicate with devices in other networks It can be static fixed or dynamically assigned by the ISP when the Device connects to the Internet If your ISP assigns...

Страница 30: ...to the ISP s Border Relay router BR in the figure to connect to the native IPv6 Internet The local network can also use IPv4 services The Device uses it s configured IPv4 WAN IP to route IPv4 traffic...

Страница 31: ...LAN IPv6 IPv4 WAN IPv6 IPv4 in IPv6 Dual Stack Lite 3G 3G Third Generation is a digital packet switched wireless technology Bandwidth usage is optimized as multiple users share the same channel and b...

Страница 32: ...Connection Screen Use this screen to change your Device s WAN settings Click Network Setting Broadband Internet Connection The screen differs by the mode and encapsulation you select Figure 19 Networ...

Страница 33: ...ssigned If assigned a name in the form user domain where domain identifies a service name then enter both components exactly as given Password PPPoA and PPPoE encapsulation only Enter the password ass...

Страница 34: ...tunneling relay server s IPv4 address in this field Via DHCP Option 212 Select this to have the Device detect it automatically through DHCP option 212 Manual Select this to manually enter the followin...

Страница 35: ...ct it automatically through DHCPv6 Remote IPv6 Address When you set the Mode field to Manual specify the AFTR IPv6 address IPv6 Address When you enable Static IP Address enter the IPv6 address of the...

Страница 36: ...t on Demand Select Connect on Demand when you don t want the connection up all the time and specify an idle time out in the Max Idle Timeout field Max Idle Time Specify an idle time out in the Max Idl...

Страница 37: ...duce multicast traffic significantly Select None to turn off MLD proxy ATM QoS This section is available when the connection s Virtual Channel field is set to an ADSL option ATM QoS Type Select CBR Co...

Страница 38: ...onnection Enter the MTU in this field For ENET ENCAP the MTU value is 1500 For PPPoE the MTU value is 1492 For PPPoA and RFC 1483 the MTU is 65535 Apply Click this to save your changes Cancel Click th...

Страница 39: ...and multiplexing type the Internet connection uses Modify The first ISP connection is read only in this screen Use the Broadband Internet Connection screen to edit it Click the Edit icon to edit the I...

Страница 40: ...multiplexing used by your ISP from the drop down list Choices are VC Mux or LLC By prior agreement a protocol is assigned a specific virtual circuit for example VC1 will carry IP If you select VC mux...

Страница 41: ...v6 prefix from the connected router s Router Advertisement RA to generate an IPv6 address Static IP Address Select this option if you have a fixed IPv6 address assigned by your ISP DHCP IPv6 Select DH...

Страница 42: ...Idle Timeout field Max Idle Timeout Specify an idle time out in the Max Idle Timeout field when you select Connect on Demand The default setting of 0 means the Internet session will not timeout NAT If...

Страница 43: ...m None Both In Only and Out Only RIP Version You do not configure this field if you set the RIP Direction field to None Select the RIP Version from RIP 1 RIP 2B RIP 2M Multicast Devices use the IGMP I...

Страница 44: ...ain Cell Rate SCR sets the average cell rate long term that can be transmitted Type the SCR which must be less than the PCR Note the system default of 0 cells sec Maximum Burst Size Maximum Burst Size...

Страница 45: ...8 Network Setting Broadband 3G Backup LABEL DESCRIPTION 3G Backup Select Enable 3G Backup to have the Device use the 3G connection as your WAN or a backup when the wired WAN connection fails Card Desc...

Страница 46: ...ss Automatically Select this option If your ISP did not assign you a fixed IP address Use the following static IP address Select this option If the ISP assigned a fixed IP address IP Address Enter you...

Страница 47: ...g PPPoE For the service provider PPPoE offers an access and authentication method that works with existing access control systems for example RADIUS PPPoE lets you access one of multiple network servi...

Страница 48: ...ing overhead this method may be advantageous if it is not practical to have a separate VC for each carried protocol for example if charging heavily depends on the number of simultaneous VCs 5 5 3 VPI...

Страница 49: ...dynamic IP For a static IP you must fill in all the IP Address and Gateway IP Address fields as supplied by your ISP However for a dynamic IP the Device acts as a DHCP client on the WAN port and so th...

Страница 50: ...the Device acts as a bridge with other access points Use the WMM screen to enable Wi Fi MultiMedia WMM to ensure quality of service in wireless networks for multimedia applications Section 6 7 on pag...

Страница 51: ...work is the part in the blue circle In this wireless network devices A and B use the access point AP to interact with the other devices such as the printer or with the Internet Your Device is the AP E...

Страница 52: ...le What is the most appropriate standard to use What security options do the other wireless devices support WPA2 PSK for example What is the best one to use Do the other wireless devices support WPS W...

Страница 53: ...OFF button to ON to use wireless LAN The WLAN LED should be on Wireless Network Settings Wireless Network Name SSID The SSID Service Set IDentity identifies the service set with which a wireless devic...

Страница 54: ...l that is as many channels away from any channels used by neighboring APs as possible The channel number which the Device is currently using then displays in the Operating Channel field Scan Click thi...

Страница 55: ...emented for ease of use and when security is not an issue The wireless station and the AP or peer computer do not share a secret key Thus the wireless stations can associate with any AP or peer comput...

Страница 56: ...SCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F WEP Encryption Select 64 bits or 128 bits This dictate...

Страница 57: ...ice supports WPA PSK and WPA2 PSK simultaneously Group Key Update Timer The Group Key Update Timer is the rate at which the RADIUS server sends a new group key out to all clients Encryption If the sec...

Страница 58: ...IP Address Enter the IP address of the external authentication server in dotted decimal notation Port Number Enter the port number of the external authentication server The default port number is 181...

Страница 59: ...reauthentication off Note If wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority WPA Compatible Select this if you want the Devic...

Страница 60: ...BSSs The SSID Service Set IDentifier identifies the Service Set with which a wireless device is associated This field displays the name of the wireless profile on the network When a wireless client sc...

Страница 61: ...elect both Client Isolation and MBSSID LAN Isolation to allow this SSID s wireless clients to only connect to the Internet through the Device Security Level Security Mode Select Basic WEP or More Secu...

Страница 62: ...table Select Disable to turn off MAC filtering Select Deny to block access to the Device MAC addresses not listed will be allowed to access the Device Select Allow to permit access to the Device MAC...

Страница 63: ...ies the security settings of the SSID1 profile see Section 6 2 on page 52 If you want to use the WPS feature make sure you have set the security mode of SSID1 to WPA2 PSK or WPA2 PSK WPA PSK mixed or...

Страница 64: ...ck Apply to activate WPS on the Device Add a new device with WPS Method These fields display after you enable WPS and click Apply Method 1 PBC Use this section to set up a WPS wireless network using P...

Страница 65: ...ry when you use WPS push button method Click the Generate New PIN button to have the Device create a new PIN Status This displays Configured when the Device has connected to a wireless network using W...

Страница 66: ...ect the type of the key used to encrypt data between APs All the wireless APs including the Device must use the same pre shared key for data transmission The option is available only when you set the...

Страница 67: ...SCRIPTION Enable WMM of SSID1 4 This enables the Device to automatically give a service a priority level according to the ToS value in the IP header of packets it sends WMM QoS Wifi MultiMedia Quality...

Страница 68: ...eate a new wireless LAN scheduling rule This is the index number of the entry Rule Name This field shows the name configured for the scheduling rule Days This field displays to which days of the week...

Страница 69: ...Scheduling Add New Rule LABEL DESCRIPTION From Schedule Rules To create a new scheduling rule based off an existing one select it here Rule Name Specify a descriptive name to identify the scheduling...

Страница 70: ...o associate with the Device Select 802 11g to allow only IEEE 802 11g compliant WLAN devices to associate with the Device Select 802 11b g to allow either IEEE 802 11b or IEEE 802 11g compliant WLAN d...

Страница 71: ...ming in your wireless network There are two preamble modes long and short If a device uses a different preamble mode than the Device does it cannot communicate with the Device Authentication The proce...

Страница 72: ...security standard is very secure if you use a long key which is difficult for an attacker s software to guess for example a twenty letter long string of apparently random numbers and letters but it i...

Страница 73: ...like a secret code If you do not know the secret code you cannot understand the message The types of encryption you can choose depend on the type of authentication See Section 6 10 2 2 on page 73 for...

Страница 74: ...se wireless networks are radio networks their signals are subject to limitations of distance interference and absorption Problems with distance occur when the two radios are too far apart Problems wit...

Страница 75: ...is also the possibility of channel interference The Device s MBSSID Multiple Basic Service Set IDentifier function allows you to use one access point to provide several BSSs simultaneously You can the...

Страница 76: ...At the time of writing WDS security is not compatible with all access points Refer to your other access point s documentation for details The following figure illustrates how WDS link works between AP...

Страница 77: ...e Static DHCP screen to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses Section 7 3 on page 82 Use the IP Alias screen Section 7 4 on page 84 to configure...

Страница 78: ...es you enter when you set up DHCP are passed to the client machines along with the assigned IP address and subnet mask 7 1 2 2 About UPnP How do I know if I m using UPnP UPnP hardware is identified as...

Страница 79: ...ing systems such as Windows or Linux have different file systems The file sharing feature on your Device supports FAT16 FAT32 NTFS EXT2 and EXT3 Common Internet File System The Device uses Common Inte...

Страница 80: ...for printing and be compatible with the RAW port 9100 protocol The following OSs support Device s printer sharing feature Microsoft Windows 95 Windows 98 SE Second Edition Windows Me Windows NT 4 0 Wi...

Страница 81: ...nds and receives on the subnet Select the RIP Direction from None Both IN Only and OUT Only Multicast IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in...

Страница 82: ...ult The Device sends out its own LAN IP address to the DHCP clients as the first DNS server address DHCP clients use this first DNS server to send domain name queries to the Device The Device sends a...

Страница 83: ...dwired address that is assigned at the factory This address follows an industry standard that ensures no other adapter has a similar address IP Address This field displays the IP address relative to t...

Страница 84: ...ernet interface with the Device itself as the gateway for the LAN network When you use IP alias you can also configure firewall rules to control access to the LAN s logical network subnet Use this scr...

Страница 85: ...Setting Home Networking Static DHCP UPnP to display the screen shown next Figure 47 Network Setting Home Networking UPnP The following table describes the labels in this screen Table 29 Network Settin...

Страница 86: ...Chapter 7 Home Networking 86 7 6 The IPv6 LAN Setup Screen Use this screen to configure the IPv6 settings for your Device s LAN interface...

Страница 87: ...Chapter 7 Home Networking 87 Figure 48 Network Setting Home Networking IPv6 LAN Setup...

Страница 88: ...Identifier is appended to the IPv6 address prefix to create the routable global IPv6 address Select EUI64 to use the EUI 64 format to generate an interface ID from the Ethernet MAC address Lan Identi...

Страница 89: ...formation to the clients Stateless The Device uses IPv6 stateless autoconfiguration RADVD Router Advertisement Daemon is enabled to have the Device send IPv6 prefix information in router advertisement...

Страница 90: ...nor communicate with other networks if you disable this feature Delegate M O flag from WAN Select this to have the Device obtain the M O Managed Other flag setting from the service provider or uplink...

Страница 91: ...retransmissions Possible values for this field are 1000 4294967295 RA Interval Enter the time in seconds between router advertisement messages Possible values for this field are 4 1800 Delegate MTU fr...

Страница 92: ...oup In this case contact your network administrator 7 7 1 Before You Begin Make sure the Device is connected to your network and turned on 1 Connect the USB device to one of the Device s USB ports Mak...

Страница 93: ...uration File Sharing Services SMB Select Enable to activate file sharing through the Device Share Directory Access Level Select Public to allow all LAN users to access the shared folders Select Securi...

Страница 94: ...racters Note that as you type a password the screen displays a for each character you type After you change the password use the new password to access the Device Retype New Password Type the new pass...

Страница 95: ...be connected to your Device A USB printer with the driver already installed on your computer The computers on your network must have the printer software already installed before they can create a TC...

Страница 96: ...e The actual physical connection determines whether the Device ports are LAN or WAN ports There are two separate IP networks one inside the LAN network and the other outside the WAN network as shown n...

Страница 97: ...ssigned Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise Let s say you select 192 168 1 0 as the net...

Страница 98: ...ation do not create an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466...

Страница 99: ...lick OK to go back to the Add Remove Programs Properties window and click Next 5 Restart the computer when prompted Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows...

Страница 100: ...Networking 100 4 The Windows Optional Networking Components Wizard window displays Select Networking Service in the Components selection box and click Details Figure 58 Windows Optional Networking Com...

Страница 101: ...11 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the Device Make sure the...

Страница 102: ...ight click the icon and select Properties Figure 60 Network Connections 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatically created Figure 6...

Страница 103: ...click Add to manually add port mappings Figure 62 Internet Connection Properties Advanced Settings Figure 63 Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disc...

Страница 104: ...rrent Internet connection status Figure 65 Internet Connection Status Web Configurator Easy Access With UPnP you can access the web based configurator on the Device without finding out the IP address...

Страница 105: ...es Figure 66 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your Device and select Invoke The web configurat...

Страница 106: ...Networking 106 6 Right click on the icon for your Device and select Properties A properties window displays with basic information about the Device Figure 68 Network Connections My Network Places Prop...

Страница 107: ...s most traffic from A to the Internet through the Device s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to...

Страница 108: ...rameter specifies the IP network address of the final destination Routing is always based on network number Gateway This is the IP address of the gateway The gateway is a router or switch on the same...

Страница 109: ...bnet mask here Gateway IP Address You can decide if you want to forward packets to a gateway IP address or a bound interface If you want to configure Gateway IP Address enter the IP address of the nex...

Страница 110: ...ion Routing is always based on network number Prefix length An IPv6 prefix length specifies how many most significant bits starting from the left in the address compose the network address This field...

Страница 111: ...to specify a route to a single host use a prefix length of 128 in the prefix length field to force the network number to be identical to the host ID IPv6 Prefix Length Enter the address prefix to spec...

Страница 112: ...lowing time sensitive applications to flow more smoothly Time sensitive applications include both those that require a low level of latency delay and a low level of jitter variations in delay such as...

Страница 113: ...ew DS field which replaces the eight bit ToS Type of Service field in the IP header Tagging and Marking In a QoS class you can configure whether to add or change the DSCP DiffServ Code Point value ain...

Страница 114: ...ccording to your classification rules Traffic which does not match any of the classification rules is mapped into the default queue with the lowest priority Ethernet Priority Automatically assign prio...

Страница 115: ...name of this queue Interface This shows the name of the Device s interface through which traffic in this queue passes Priority This shows the priority of this queue Weight This shows the weight of thi...

Страница 116: ...eights Rate Limit Specify the maximum transmission rate in Kbps or allowed for traffic on this queue OK Click this to save your changes Cancel Click this to exit this screen without saving 9 4 The Cla...

Страница 117: ...oming in through a specific interface it displays here Classification Criteria This shows criteria specified in this classifier for example the interface from which traffic of this class should come a...

Страница 118: ...ter 9 Quality of Service QoS 118 9 4 1 Add Edit QoS Class Click Add new Classifier in the Class Setup screen or the Edit icon next to an existing classifier to configure it Figure 78 Class Setup Add E...

Страница 119: ...s means any source IP address IP Subnet Mask Enter the source subnet mask Exclude Select this option to exclude the packets that match the specified criteria from this classifier Port Range If you sel...

Страница 120: ...t the service classification of the traffic FTP or SIP IP Protocol Select this option and select the protocol service type from TCP or UDP If you select User defined enter the protocol service type nu...

Страница 121: ...class according to the default routing table If traffic of this class comes from a WAN interface and is in a queue that forwards traffic through the LAN WLAN interface the Device ignores the setting...

Страница 122: ...N ID fields If you select Same the Device keep the Ethernet Priority and VLAN ID in the packets To configure the Ethernet Priority you can either select a priority number in the first drop down list b...

Страница 123: ...These are the rates and burst sizes against which the policer checks the traffic of the member QoS classes Action This shows the how the policer has the Device treat different types of traffic belongi...

Страница 124: ...urst size two rate three color or excess burst size single rate three color if it is also configured This is the maximum size of the first token bucket in a traffic metering algorithm Conforming Actio...

Страница 125: ...about the topics covered in this chapter 9 7 1 DiffServ QoS is used to prioritize source to destination traffic flows All packets in the flow are given the same priority You can use CoS class of servi...

Страница 126: ...S field DSCP is backward compatible with the three precedence bits in the ToS octet so that non DiffServ compliant ToS enabled network device will not conflict with the DSCP mapping DSCP 6 bits Unused...

Страница 127: ...1 2 What You Need To Know The following terms and concepts may help as you read this chapter Inside Outside and Global Local Inside outside denotes where a host is located relative to the Device for e...

Страница 128: ...en Figure 82 Network Setting NAT General The following table describes the fields in this screen Table 46 Network Setting NAT General LABEL DESCRIPTION Max NAT Firewall Session Per User Use this field...

Страница 129: ...ocesses such as a Web or FTP server from your location Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location If you are unsure r...

Страница 130: ...d if you manually added a service You can change this by clicking the edit icon External Start Port This is the first external port number that identifies a service External End Port This is the last...

Страница 131: ...is for a user defined entry Enter the original destination port for the packets To forward only one port enter the port number again in the External End Port field To forward a series of ports enter t...

Страница 132: ...n the Port Forwarding screen Note If you do not assign a default server the Device discards all packets received for ports not specified in the virtual server configuration Apply Click this to save yo...

Страница 133: ...NAT ALG LABEL DESCRIPTION SIP ALG Enable this to make sure SIP VoIP works correctly with port forwarding Apply Click this to save your changes back to the Device Cancel Click Cancel to restore your p...

Страница 134: ...st 10 6 2 What NAT Does In the simplest form NAT changes the source IP address in a packet received from a subscriber the inside local address to another the inside global address before forwarding th...

Страница 135: ...nication with hosts on other networks It replaces the original IP source address and TCP or UDP source port numbers for Many to One and Many to Many Overload NAT mapping in each packet and then forwar...

Страница 136: ...ersa For ports not belonging to a port binding group the Device forwards traffic according to the routing table Additionally specify ATM QoS settings for an ADSL virtual channel PVC to satisfy the ban...

Страница 137: ...for the port binding group When a port is assigned to a port binding group traffic will be forwarded to the other ports in the group but not to ports in other groups If a port is not included in any...

Страница 138: ...the labels in this screen Table 53 Network Setting Port Binding Port Binding Summary LABEL DESCRIPTION Group ID This field displays the group index number Group Port This field displays the ports and...

Страница 139: ...ervice LABEL DESCRIPTION Index This is the index number for the port binding group Option60 This is the Vendor Class Identifier of the matched traffic Option61 This is the device identity of the match...

Страница 140: ...llowing screen Figure 93 Any Port Any Service Add Edit The following table describes the labels in this screen Table 55 Any Port Any Service Add Edit LABEL DESCRIPTION Interface Select the WAN interfa...

Страница 141: ...type Select DUID LLT DUID Based on Link layer Address Plus Time to enter the hardware type a time value and the MAC address of the device Select DUID EN DUID Assigned by Vendor Based upon Enterprise N...

Страница 142: ...een and click Apply It is suggested to reboot the Device after you have changed the port binding settings or WAN encapsulation Figure 94 Network Setting Port Binding Disable OK Click this to save your...

Страница 143: ...changes each time you reconnect Your friends or relatives will always be able to call you even if they don t know your IP address First of all you need to have registered a dynamic DNS account with ww...

Страница 144: ...ynamic DNS service provider Host Name Type the domain name assigned to your Device by your Dynamic DNS provider Username Type your user name for the Dynamic DNS service provider Password Type your pas...

Страница 145: ...rules you can configure to restrict traffic by IPv4 and IPv6 addresses and MAC addresses 13 1 1 What You Can Do in the Filter Screens Use the IP MAC Filter screen Section 13 2 on page 146 to create IP...

Страница 146: ...ls in this screen Table 57 Security Filter LABEL DESCRIPTION Rule Type Rule Type selection Select White List to create a filter rule that allows traffic Select Black List to create a filter rule that...

Страница 147: ...pper layer protocol Source MAC Address This field is only available when you select MAC in the Rule Type field Enter the MAC address of the packets you wish to filter IP MAC Filter Listing This is the...

Страница 148: ...Security Filter IPv6 MAC Filter LABEL DESCRIPTION Rule Type Rule Type selection Select White List to create a filter rule that allows traffic Select Black List to create a filter rule that blocks traf...

Страница 149: ...reachable 4 port unreachable 2 Packet Too Big 3 Time Exceeded 0 hop limit exceeded in transit 1 fragment reassembly time exceeded 4 Parameter Problem 0 erroneous header field encountered 1 unrecognize...

Страница 150: ...PrefixLength This displays the source IPv6 address and prefix length Dest IP PrefixLength This displays the destination IPv6 address and prefix length Mac Address This is the MAC address of the packet...

Страница 151: ...DDOS LAND and Ping of Death attacks whether the firewall is enabled or disabled The following figure illustrates the firewall action User A can initiate an IM Instant Messaging session from the LAN to...

Страница 152: ...o the Internet Their goal is not to steal information but to disable a device or network so users no longer have access to network resources The Device is pre configured to automatically detect and th...

Страница 153: ...from being sent This keeps outsiders from discovering your Device when unsupported ports are probed ICMP Internet Control Message Protocol ICMP is a message control and error reporting protocol betwee...

Страница 154: ...This setting allows the customer to create and edit individual firewall rules Firewall rules can be created in the Default Action screen Section 14 3 on page 154 and Rules screen Section 14 4 on page...

Страница 155: ...cted direction and do not match any of the firewall rules Select Drop to silently discard the packets without sending a TCP reset packet or an ICMP destination unreachable message to the sender Select...

Страница 156: ...e the rule Source IP Address This column displays the source addresses or ranges of addresses to which this firewall rule applies Please note that a blank source or destination address is equivalent t...

Страница 157: ...this screen to configure firewall rules In the Rules screen select an index number and click Add or click a rule s Edit icon to display this screen and refer to the following table for information on...

Страница 158: ...hat includes Single Address Range Address Subnet Address and Any Address Start IP Address Enter the single IP address or the starting IP address in a range here End IP Address Enter the ending IP addr...

Страница 159: ...en Edit Customized Services Click the Edit Customized Service button to bring up the screen that you use to configure a new custom service that is not in the predefined list of services TCP Flag Speci...

Страница 160: ...tart Port This is a single port number or the starting port number of a range that defines your customized service End Port This is a single port number or the ending port number of a range that defin...

Страница 161: ...hresholds at which the Device will start dropping sessions 14 5 1 The DoS Advanced Screen For DoS attacks the Device uses thresholds to determine when to start dropping sessions that do not become ful...

Страница 162: ...d settings as the default threshold values should work for most small offices Tune these parameters when you believe the Device has been receiving DoS attacks that are not recorded in the logs or the...

Страница 163: ...sions When the rate of new connection attempts rises above this number the Device deletes half open sessions as required to accommodate new connection attempts ICMP Echo Request Count This is the rate...

Страница 164: ...teful packet inspection allows packets traveling in the following directions LAN to Router These rules specify which computers on the LAN can manage the Device remote management You can also configure...

Страница 165: ...ncing Security With Your Firewall 1 Change the default password via web configurator 2 Think about access control before you connect to the network in any way 3 Limit who can access your router 4 Don...

Страница 166: ...Triangle Route When the firewall is on your Device acts as a secure gateway between your LAN and the Internet In an ideal network topology all incoming and outgoing network traffic passes through the...

Страница 167: ...our network into logical sections over the same Ethernet interface Your Device supports up to three logical LAN interfaces with the Device being the gateway for each logical network It s like having m...

Страница 168: ...Chapter 14 Firewall 168 4 The Device then sends it to the computer on the LAN in Subnet 1 Figure 110 IP Alias 1 2 3 LAN A ISP 1 ISP 2 4 WAN Subnet 1 Subnet 2...

Страница 169: ...ules Click Security Parental Control to open the following screen Figure 111 Security Parental Control The following table describes the fields in this screen Table 67 Parental Control Parental Contro...

Страница 170: ...s configured If not None will be shown Website Blocked This shows whether the website block is configured If not None will be shown Modify Click the Edit icon to go to the screen where you can edit th...

Страница 171: ...it it Use this screen to configure a restricted access schedule and or URL filtering settings to block the users on your network from accessing certain web sites Figure 112 Add Edit Parental Control R...

Страница 172: ...viewing the Web sites with the URLs listed below If you select Access the Device blocks access to all URLs except ones listed below Add new service Click this to show a screen in which you can add a n...

Страница 173: ...g terms and concepts may help as you read this chapter Certification Authorities A Certification Authority CA issues certificates and guarantees the identity of each certificate owner There are commer...

Страница 174: ...server s list of revoked certificates The framework of servers software procedures and policies that handles keys is called PKI public key infrastructure Advantages of Certificates Certificates offer...

Страница 175: ...re 114 Certificate Details 4 Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields The secure method may very based on you...

Страница 176: ...about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certificate have unique subject informatio...

Страница 177: ...Type in the location of the SSH SCP SFTP certificate file you want to upload in this field or click Browse to find it Choose file Click this link to find the certificate file you want to upload Curren...

Страница 178: ...mended that each certificate have unique subject information Type This field displays general information about the certificate ca means that a Certification Authority signed the certificate Action Cl...

Страница 179: ...Trusted CA screen Click the View icon to open the View Certificate screen Figure 118 Trusted CA View The following table describes the labels in this screen Apply Click this to save the certificate o...

Страница 180: ...ert the binary certificate into a printable form You can copy and paste the certificate into an e mail to send to friends or colleagues or you can copy and paste the certificate into a text editor and...

Страница 181: ...of the Device s clients Section 17 5 on page 185 17 1 2 What You Need To Know The following terms and concepts may help as you read this chapter Alerts and Logs An alert is a type of log that warrant...

Страница 182: ...VERITY 0 Emergency The system is unusable 1 Alert Action must be taken immediately 2 Critical The system condition is critical 3 Error There is an error condition on the system 4 Warning There is a wa...

Страница 183: ...is to save a copy of the logs to your computer Email Log Now Click this to have the Device send the log to the email server you configured in the Log Setting screen This field is a sequential value an...

Страница 184: ...Packets Sent Data This indicates the number of transmitted packets on this interface Error This indicates the number of frames with errors transmitted on this interface Drop This indicates the number...

Страница 185: ...the LAN or WLAN interface Sent Packet Data This indicates the number of transmitted packets on this interface Error This indicates the number of frames with errors transmitted on this interface Drop T...

Страница 186: ...date this screen and click Set Interval to apply the change Click Stop to halt updating of the screen Device Name This shows the name of the client IP Address This shows the IP address of the client M...

Страница 187: ...78 Maintenance User Account LABEL DESCRIPTION User Name You can configure the password for the admin account Old Password Type the default password or the existing password you use to access the syste...

Страница 188: ...Chapter 18 User Account 188...

Страница 189: ...emote Procedure Calls RPCs between an ACS and a client device RPCs are sent in Extensible Markup Language XML format over HTTP or HTTPS An administrator can use an ACS to remotely set up the Device mo...

Страница 190: ...port port 80 If you change it make sure it does not conflict with another port on your network and it is recommended to use a port number above 1024 not a commonly used port The management server shou...

Страница 191: ...able describes the labels in this screen Table 80 Maintenance System LABEL DESCRIPTION Administrator Inactivity Timer Type how many minutes a management session either via the web configurator can be...

Страница 192: ...o change your Device s time and date click Maintenance Time The screen appears as shown Use this screen to configure the Device s time based on your local time zone Figure 126 Maintenance Time Setting...

Страница 193: ...and type 2 in the o clock field Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same...

Страница 194: ...er Chapter 22 Log Setting 194 CHAPTER 22 Chapter 22 Log Setting 22 1 Overview You can configure where the Device sends logs and which logs and or immediate alerts the Device records in the Log Setting...

Страница 195: ...Chapter 22 Log Setting 195 22 2 The Log Setting Screen To change your Device s log settings click Maintenance Log Setting The screen appears as shown Figure 127 Maintenance Log Setting...

Страница 196: ...needed but this feature is disabled you will not receive the E mail logs Mail Server Enter the server name or the IP address of the mail server for the e mail addresses specified below If this field...

Страница 197: ...If this field is left blank alert messages will not be sent via E mail Alarm Interval Specify the number of seconds between the sending of alarm log e mails Active Log and Select Level Log Category S...

Страница 198: ...ance Firmware Upgrade to open the following screen The upload process uses HTTP Hypertext Transfer Protocol and may take up to three minutes After a successful upload the system will reboot Do NOT tur...

Страница 199: ...mporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen If the upload was not successful an error screen will appear Click OK to go back to the F...

Страница 200: ...n and restoring configuration appears in this screen as shown next Figure 132 Maintenance Backup Restore Backup Configuration Backup Configuration allows you to back up save the Device s current confi...

Страница 201: ...t your device settings back to the factory default Do not turn off the Device while configuration file upload is in progress After the Device configuration has been restored successfully the login scr...

Страница 202: ...ess Message You can also press the RESET button on the back panel to reset the factory defaults of your Device Refer to Section 1 6 on page 12 for more information on the RESET button 24 3 The Reboot...

Страница 203: ...AN HTTP Telnet When you configure remote management to allow management from the WAN you still need to configure a IP filter rule to allow access You may manage your Device from a remote location via...

Страница 204: ...not your Device will respond to pings and probes for services that you have not made available Use the SSH screen Section 25 8 on page 212 to configure through which interfaces and from which IP addr...

Страница 205: ...IPTION Server Port This displays the service port number for accessing the Device using HTTP or HTTPS If the number is grayed out it is not editable Server Access Select the interfaces through which a...

Страница 206: ...MGMT Telnet Secured Client IP Address A secured client is a trusted computer that is allowed to communicate with the Device using this service Select All to allow any computer to access the Device us...

Страница 207: ...client is a trusted computer that is allowed to communicate with the Device using this service Select All to allow any computer to access the Device using this service Choose Range to just allow the c...

Страница 208: ...to allow any computer to access the Device using this service Choose Range to just allow the computers with an IP address in the range that you specify to access the Device using this service Apply Cl...

Страница 209: ...s It executes applications that control and monitor managed devices The managed devices contain object variables managed objects that define each piece of information to be collected about a device Ex...

Страница 210: ...Enter the Get Community which is the password for the incoming Get and GetNext requests from the management station The default is public and allows all requests Set Community Enter the Set community...

Страница 211: ...vice Secured Client IP Address A secured client is a trusted computer that is allowed to send DNS queries to the Device Select All to allow any computer to send DNS queries to the Device Choose Range...

Страница 212: ...AN and WAN Ping requests Secured Client IP Address A secured client is a trusted computer that is allowed to send Ping requests to the Device Select All to allow any computer to send Ping requests to...

Страница 213: ...ance User Account To allow access from the WAN you will need to configure a WAN to Router firewall rule Secured Client IP Address A secured client is a trusted computer that is allowed to communicate...

Страница 214: ...25 Remote Management 214 1 Enter the IP address and port number Select SSH 2 A window displays prompting you to store the host key in your computer Click Yes to continue 3 Enter your user name and pa...

Страница 215: ...Chapter 25 Remote Management 215 4 The command line interface displays...

Страница 216: ...ce 26 1 1 What You Can Do in the Diagnostic Screens Use the Ping screen Section 26 2 on page 216 to ping an IP address Use the DSL Line screen Section 26 3 on page 217 to view the DSL line statistics...

Страница 217: ...ntered TracerouteV 6 Click this to show the path that packets take from the system to the IPv6 address that you entered TraceRouteV 4 Click this button to perform the traceroute function This determin...

Страница 218: ...Pkts is the number of ATM Operations Administration and Management OAM F4 cells that have been received See ITU recommendation I 610 for more on OAM for ATM inF5Pkts is the number of ATM OAM F5 cells...

Страница 219: ...t allocation This is displayed as the number in hexadecimal format of bits transmitted for each tone This can be used to determine the quality of the connection whether a given sub carrier loop has su...

Страница 220: ...one of the LEDs turn on 1 Make sure the Device is turned on 2 Make sure you are using the power adaptor or cord included with the Device 3 Make sure the power adaptor or cord is connected to the Devic...

Страница 221: ...ssword is 1234 and the default user password is 1234 2 If you can t remember the password you have to reset the device to its factory defaults See Section 1 6 on page 12 I cannot see or access the Log...

Страница 222: ...ce to its factory defaults See Section 27 2 on page 220 I cannot Telnet to the Device See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator Ignore the...

Страница 223: ...1 There might be a lot of traffic on the network Look at the LEDs and check Section 1 7 on page 12 If the Device is sending or receiving a lot of information try closing some programs that use the Int...

Страница 224: ...nd the wired network The available security modes in your ZyXEL device are as follows WPA2 PSK recommended This uses a pre shared key with the WPA2 standard WPA PSK This has the device use either WPA...

Страница 225: ...connect the Ethernet cable from the Device s LAN port or from your computer 2 Re connect the Ethernet cable The Local Area Connection icon for UPnP disappears in the screen Restart your computer I can...

Страница 226: ...or an experienced radio TV technician for help Caution Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment...

Страница 227: ...relevante bepalingen van richtlijn 1999 5 EC Maltese Hawnhekk MitraStar jiddikjara li dan tag mir jikkonforma mal ti ijiet essenzjali u ma provvedimenti o rajn relevanti li hemm fid Dirrettiva 1999 5...

Страница 228: ...ropriate power adaptor or cord for your device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe Use ONLY power wires of the appropriate wire gauge see f...

Страница 229: ...uirements when using the included antenna s Only use the included antenna s Your product is marked with this symbol which is known as the WEEE mark WEEE stands for Waste Electronics and Electrical Equ...

Страница 230: ...50 certificate factory default 182 certificates 179 CA 179 replacing 182 storage space 182 thumbprint algorithms 181 thumbprints 181 trusted CAs 183 184 verifying fingerprints 180 Certification Autho...

Страница 231: ...53 Extended Service Set IDentification 59 67 F File Sharing 97 filters 151 IP MAC 152 154 IP MAC filter configuration 153 155 MAC address 68 firewalls 157 actions 164 address types 164 anti probing 1...

Страница 232: ...Area Network see LAN login passwords 19 logout 20 automatic 20 logs 200 firewalls 164 M MAC 29 30 MAC address 69 89 filter 68 MAC authentication 68 Management Information Base MIB 215 Maximum Burst S...

Страница 233: ...208 restoring configuration 207 RFC 1483 38 46 54 RFC 1631 133 RFC 3164 187 RIP 43 Routing Information Protocol see RIP RPPCs 195 RTS threshold 77 S scan 60 scheduling wireless LAN 74 SCR 43 50 securi...

Страница 234: ...tual Channel Identifier see VCI Virtual Path Identifier see VPI VPI 39 47 54 W WAN 32 ATM QoS 43 50 encapsulation 33 38 46 IGMP 33 IP address 33 49 55 mode 38 46 MTU 44 multicast 33 43 multiplexing 38...

Страница 235: ...ctivation 66 WDS 72 82 compatibility 72 example 82 WEP 79 WPA 80 WPA PSK 80 WPS push button 15 wireless network example 56 wizard setup Internet 23 WLAN 56 auto scan channel 60 scheduling 74 see also...

Отзывы:

Нет отзывов

Похожие инструкции для DSL-100HNU-T1 v3

Бренд: THOMSON Страницы: 974

Бренд: 3onedata Страницы: 44

INKNXMIT015C000

Бренд: HMS Страницы: 32

Бренд: Moxa Technologies Страницы: 7

BEST CAS 2700-74

Бренд: Chipkin Страницы: 55

SteelConnect SDI-5030

Бренд: Riverbed Страницы: 46

Бренд: SSS Siedle Страницы: 28

ACCESS MANAGER 3.1 SP1 - ADMINISTRATION

Бренд: Novell Страницы: 42

Бренд: Novatel Страницы: 88

GSM Gateway Proline Digital

Бренд: Elexim Страницы: 11

Бренд: EnGenius Страницы: 10

Бренд: Avaya Страницы: 360

Бренд: Raisecom Страницы: 197

Communication Server 2100

Бренд: Avaya Страницы: 138

Бренд: ACT'L Страницы: 34

Бренд: Ubee Страницы: 101

Бренд: Repotec Страницы: 101

Бренд: IAI Страницы: 125

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды