ZyXEL Communications LTE5121 Скачать руководство пользователя страница 132 | Manualshive

Страница: 132 / 234

background image

Chapter 12 Firewall

LTE-5121 User’s Guide

132

12.6 Firewall Technical Reference

This section provides some technical background information about the topics covered in this
chapter.

12.6.1 Guidelines For Enhancing Security With Your Firewall

1

Change the default password via web configurator.

2

Think about access control before you connect to the network in any way.

3

Limit who can access your LTE Device.

4

Don't enable any local service (such as Telnet or FTP) that you don't use. Any enabled service could
present a potential security risk. A determined hacker might be able to find creative ways to misuse
the enabled services to access the firewall or the network.

5

For local services that are enabled, protect against misuse. Protect by configuring the services to
communicate only with specific peers, and protect by configuring rules to block packets for the
services at specific interfaces.

6

Keep the firewall in a secured (locked) room.

12.6.2 Security Considerations

Note: Incorrectly configuring the firewall may block valid access or introduce security

risks to the LTE Device and your protected network. Use caution when creating or

deleting firewall rules and test your rules after you configure them.

Consider these security ramifications before creating a rule:

1

Does this rule stop LAN users from accessing critical resources on the Internet? For example, if IRC
is blocked, are there users that require this service?

2

Is it possible to modify the rule to be more specific? For example, if IRC is blocked for all users, will
a rule that blocks just certain users be more effective?

3

Does a rule that allows Internet users access to resources on the LAN create a security
vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN,
Internet users may be able to connect to computers with running FTP servers.

4

Does this rule conflict with any existing rules?

Once these questions have been answered, adding rules is simply a matter of entering the
information into the correct fields in the web configurator screens.

«
...
130
131
132
133
134
...
»

Содержание LTE5121

Страница 1: ...Guide www zyxel com LTE5121 LTE IAD Version 1 00 Edition 1 6 2013 Copyright 2013 ZyXEL Communications Corporation User s Guide Default Login Details LAN IP Address http 192 168 1 1 User Name admin Pa...

Страница 2: ...may differ slightly from your product due to differences in your product firmware or your computer operating system Every effort has been made to ensure that the information in this manual is accurat...

Страница 3: ...Wireless 43 Home Networking 71 Static Route 95 DNS Route 99 Quality of Service QoS 103 Network Address Translation NAT 115 Dynamic DNS 123 Firewall 125 MAC Filter 133 Parental Control 135 Certificates...

Страница 4: ...Contents Overview LTE 5121 User s Guide 4...

Страница 5: ...1 5 Ways to Manage the LTE Device 17 1 6 Good Habits for Managing the LTE Device 17 1 7 LEDs Lights 17 1 8 The RESET Button 19 1 9 Wall mounting Instructions 19 Chapter 2 Introducing the Web Configura...

Страница 6: ...gin 45 5 2 The Wireless General Screen 45 5 2 1 No Security 47 5 2 2 Basic Static WEP Shared WEP Encryption 47 5 2 3 More Secure WPA 2 PSK 49 5 2 4 WPA 2 Authentication 50 5 3 The More AP Screen 51 5...

Страница 7: ...rview 95 7 2 Configuring Static Route 96 7 2 1 Add Edit Static Route 97 Chapter 8 DNS Route 99 8 1 Overview 99 8 1 1 What You Can Do in this Chapter 99 8 2 The DNS Route Screen 100 8 2 1 Add Edit DNS...

Страница 8: ...t You Need To Know 123 11 2 The Dynamic DNS Screen 123 Chapter 12 Firewall 125 12 1 Overview 125 12 1 1 What You Can Do in this Chapter 125 12 1 2 What You Need to Know 126 12 2 The General Screen 126...

Страница 9: ...1 Overview 149 16 2 The VPN Screen 149 16 3 IPSec VPN Add 150 16 4 VPN Monitor Screen 155 16 5 Technical Reference 155 16 5 1 IPSec Architecture 156 16 5 2 Encapsulation 156 16 5 3 IKE Phases 157 16 5...

Страница 10: ...8 1 2 What You Need To Know 187 18 2 The LTE Status Screen 188 18 3 The System Log Screen 190 18 4 The Phone Log Screen 191 18 5 The VoIP Call History Screen 192 18 6 The WAN Status Screen 192 18 7 Th...

Страница 11: ...reen 209 Chapter 26 Backup Restore 211 26 1 Overview 211 26 2 The Backup Restore Screen 211 26 3 The Reboot Screen 213 Chapter 27 Diagnostic 215 27 1 Overview 215 27 2 The Ping TraceRoute Screen 215 2...

Страница 12: ...Table of Contents LTE 5121 User s Guide 12...

Страница 13: ...13 PART I User s Guide...

Страница 14: ...14...

Страница 15: ...olution with VPN and a robust firewall that uses Stateful Packet Inspection SPI technology and protects against Denial of Service DoS attacks 1 2 Applications for the LTE Device Here are some example...

Страница 16: ...LAN LED should change from on to off or vice versa Note You must also enable WLAN in the Network Wireless LAN General screen to use wireless LAN The WLAN LED should be on 1 4 The WPS Button Use the WP...

Страница 17: ...r you will have to reset the LTE Device to its factory default settings If you backed up an earlier configuration file you would not have to totally re configure the LTE Device You could simply restor...

Страница 18: ...n The LTE Device attempted to make an IP connection but failed ETHERNET 1 4 Green Giga Ethernet On The LTE Device has a successful 1000 Mbps Ethernet connection with a device on the Local Area Network...

Страница 19: ...ease it When the POWER LED begins to blink the defaults have been restored and the device restarts 1 9 Wall mounting Instructions Do the following to hang your LTE Device on a wall 1 Locate a high pos...

Страница 20: ...Make sure the screws are snugly fastened to the wall They need to hold the weight of the LTE Device with the connection cables Figure 5 Mount the Bracket on the Wall 7 Mount the LTE Device on the wal...

Страница 21: ...E 5121 User s Guide 21 The following are dimensions of a screw anchor and M4 tap screw used for wall mounting All measurements are in millimeters mm The figure is enlarged to show detail Figure 7 Scre...

Страница 22: ...Chapter 1 Introduction LTE 5121 User s Guide 22...

Страница 23: ...abled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default 2 1 1 Accessing the Web Configurator 1 Make sure your LTE Device hardware is properly...

Страница 24: ...t password Enter a new password retype it to confirm and click Apply alternatively click Skip to proceed to the main menu if you do not want to change the password now Figure 9 Change Password Screen...

Страница 25: ...tor Layout As illustrated above the main screen is divided into these parts A title bar B main window C navigation panel 2 2 1 Title Bar The title bar shows the following icon in the upper right corne...

Страница 26: ...you click LAN Device on the System Info screen a in Figure 11 on page 25 the Connection Status screen appears See Chapter 3 on page 29 for more information about the Connection Status screen If you cl...

Страница 27: ...27 PART II Technical Reference The appendices provide general information Some details may not apply to your LTE Device...

Страница 28: ...28...

Страница 29: ...s If you click Virtual Device on the System Info screen a visual graphic appears showing the connection status of the LTE Device s ports See Section 2 2 2 on page 25 for more information 3 2 The Conne...

Страница 30: ...e name icon In List View you can also view the client s information 3 3 The System Info Screen Click Connection Status System Info to open this screen Figure 15 System Info Screen Each field is descri...

Страница 31: ...psulation used by the ISP IP Address This field displays the current IP address of the LTE Device in the WAN IP Subnet Mask This field displays the current subnet mask in the WAN LAN Information IP Ad...

Страница 32: ...another SIM card error different from the ones listed above Signal Strength This displays the strength of the LTE connection that the LTE Device has with the base station which is also known as eNodeB...

Страница 33: ...running since it last started up The LTE Device starts up when you plug it in when you restart it Maintenance Reboot or when you reset it see Section 1 8 on page 19 Current Date Time This field displa...

Страница 34: ...e the LTE Device attempt to register the SIP account with the SIP server The second field displays the reason the account is not registered Inactive The SIP account is not active You can activate it i...

Страница 35: ...Local Area Network and other networks so that a computer in one location can communicate with computers in other locations Figure 16 LAN and WAN 4 1 1 What You Can Do in this Chapter Use the Broadban...

Страница 36: ...access settings such as LTE APN WAN IP address and SIM card s PIN code if the INTERNET light on your LTE Device is off Get this information from your service provider 4 2 The Broadband Screen The LTE...

Страница 37: ...outing mode or bridge mode APN This field displays the name of the LTE network to which the LTE Device connects Encapsulation This shows the method of encapsulation used by this connection NAT This sh...

Страница 38: ...network which your service provider gave you Dial String Enter the dial string for the ISP MTU The Maximum Transmission Unit MTU defines the size of the largest packet allowed on an interface or conn...

Страница 39: ...card has PIN code security but you did not enter the PIN code yet PIN verified the SIM card has PIN code security and you entered the correct PIN code PIN locked you entered an incorrect PIN code too...

Страница 40: ...If you enter the PIN code incorrectly too many times the ISP may block your 3G SIM card and not ley you use the account to access the Internet Remain attempts This is how many more times you can try t...

Страница 41: ...uter before you can access it The LTE Device can get the DNS server addresses in the following ways 1 The ISP tells you the DNS server addresses usually in the form of an information sheet when you si...

Страница 42: ...Chapter 4 Broadband LTE 5121 User s Guide 42...

Страница 43: ...Status screen to check the noise levels of the wireless LAN channels Section 5 7 on page 57 You don t necessarily need to use all these screens to set up your wireless connection For example you may...

Страница 44: ...nnel Like radio stations or television channels each wireless network uses a specific channel or frequency to send and receive information Every device in the same wireless network must use security c...

Страница 45: ...S devices manually although this is somewhat more complicated to do What advanced options do you want to configure if any If you want to configure advanced options ensure that you know precisely what...

Страница 46: ...sion rate of your LTE Device might be reduced when an 802 11b or 802 11g wireless client is associated with it Select 802 11b g to allow both IEEE 802 11b and IEEE 802 11g compliant WLAN devices to as...

Страница 47: ...ase of use and when security is not an issue The wireless station and the AP or peer computer do not share a secret key Thus the wireless stations can associate with any AP or peer computer and listen...

Страница 48: ...WEP LABEL DESCRIPTION Security Mode Choose Static WEP or Shared WEP from the drop down list box Select Static WEP to have the LTE Device allow association with wireless clients that use Open System mo...

Страница 49: ...General screen Select More Secure as the security level Then select WPA PSK or WPA2 PSK from the Security Mode list Figure 25 Wireless General More Secure WPA 2 PSK The following table describes the...

Страница 50: ...Then select WPA or WPA2 from the Security Mode list Figure 26 Wireless General More Secure WPA 2 WPA PSK Compatible This field appears when you choose WPA PSK2 as the Security Mode Check this field t...

Страница 51: ...the external authentication server The default port number is 1812 You need not change this value unless your network administrator instructs you to do so with additional information Shared Secret Ent...

Страница 52: ...gray bulb signifies that this SSID is not active SSID An SSID profile is the set of parameters relating to one of the LTE Device s BSSs The SSID Service Set IDentifier identifies the Service Set with...

Страница 53: ...have the same SSID Enter a descriptive name up to 32 English keyboard characters for the wireless LAN Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot...

Страница 54: ...S Method These fields display after you enable WPS and click Apply Method 1 PBC Use this section to set up a WPS wireless network using Push Button Configuration PBC WPS Click this button to add anoth...

Страница 55: ...Device create a new PIN Status This displays Configured when the LTE Device has connected to a wireless network using WPS or Enable WPS is selected and wireless or wireless security settings have bee...

Страница 56: ...vice a priority level according to the ToS value in the IP header of packets it sends WMM QoS Wifi MultiMedia Quality of Service gives high priority to voice and video which makes them run more smooth...

Страница 57: ...oise levels of the wireless LAN channels Table 16 Network Setting Wireless Scheduling LABEL DESCRIPTION Wireless LAN Scheduling Select Enable to activate wireless LAN scheduling on your LTE Device WLA...

Страница 58: ...s screen 5 8 Technical Reference This section discusses wireless LANs in depth For more information see the appendix Table 17 Network Setting Wireless Channel Status LABEL DESCRIPTION Channel Monitor...

Страница 59: ...curity standard is very secure if you use a long key which is difficult for an attacker s software to guess for example a twenty letter long string of apparently random numbers and letters but it is n...

Страница 60: ...cess of verifying whether a wireless device is allowed to use the wireless network You can make every user log in to the wireless network before using it However every device in the wireless network h...

Страница 61: ...et up WPA2 PSK or WPA2 depending on the type of wireless network login and select the WPA compatible option in the LTE Device Many types of encryption use a key to protect the information in the wirel...

Страница 62: ...ou can then assign varying QoS priorities and or security modes to different SSIDs Wireless devices can use different BSSIDs to associate with the same AP 5 8 5 1 Notes on Multiple BSSs A maximum of e...

Страница 63: ...E Device see Section 5 4 on page 53 3 Press the button on one of the devices it doesn t matter which For the LTE Device you must press the WPS button for more than three seconds 4 Within two minutes p...

Страница 64: ...in the AP s configuration interface 5 If the client device s configuration interface has an area for entering another device s PIN you can either enter the client s PIN in the AP or enter the AP s PI...

Страница 65: ...acts as the enrollee the device that receives network and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the WPA PS...

Страница 66: ...it is not part of an existing network and can act as either enrollee or registrar if it supports both functions If the registrar is unconfigured the security settings it transmits to the enrollee are...

Страница 67: ...u know that Client 1 supports registrar mode but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network In this...

Страница 68: ...rollees and one registrar you must set up the first enrollee by pressing the WPS button on the registrar and the first enrollee for example then check that it successfully enrolled then set up the sec...

Страница 69: ...his has happened WPS works between only two devices simultaneously so if another device has enrolled your device will be unable to enroll and will not have access to the network If this happens open t...

Страница 70: ...Chapter 5 Wireless LTE 5121 User s Guide 70...

Страница 71: ...s on the LAN to specific individual computers based on their MAC Addresses Section 6 3 on page 75 Use the UPnP screen to enable UPnP Section 6 4 on page 77 Use the File Sharing screen to enable file s...

Страница 72: ...1 2 2 About UPnP How do I know if I m using UPnP UPnP hardware is identified as an icon in the Network Connections folder Windows XP Each UPnP compatible device installed on your network will appear...

Страница 73: ...File System The LTE Device uses Common Internet File System CIFS protocol for its file sharing functions CIFS compatible computers can access the USB file storage devices connected to the LTE Device...

Страница 74: ...Device and configure the DNS server information that the LTE Device sends to the DHCP client devices on the LAN Figure 39 Network Setting Home Networking LAN Setup The following table describes the fi...

Страница 75: ...addresses in the IP address pool Pool Size This field specifies the size or count of the IP address pool DNS Values DNS Server 1 3 The LTE Device supports DNS proxy by default The LTE Device sends out...

Страница 76: ...ocal Area Network is unique to your computer six pairs of hexadecimal notation A network interface card such as an Ethernet adapter has a hardwired address that is assigned at the factory This address...

Страница 77: ...Networking Static DHCP UPnP to display the screen shown next Figure 42 Network Setting Home Networking UPnP The following table describes the labels in this screen 6 5 The File Sharing Screen You can...

Страница 78: ...ice is connected to your network and turned on 1 Connect the USB device to one of the LTE Device s USB ports Make sure the LTE Device is connected to your network 2 The LTE Device detects the USB devi...

Страница 79: ...or not the share is available for sharing Share Name This field displays the share name on the LTE Device Share Path This field displays the path for the share directories folders on the LTE Device T...

Страница 80: ...e the DMA 2500 to play the files Note Anyone on your network can play the media files in the published shares No user name and password or other form of security is used The media server is enabled by...

Страница 81: ...ter must be connected to your LTE Device A USB printer with the driver already installed on your computer The computers on your network must have the printer software already installed before they can...

Страница 82: ...TCP IP configuration at start up from a server You can configure the LTE Device as a DHCP server or disable it When configured as a server the LTE Device provides the TCP IP configuration for the clie...

Страница 83: ...rved In other words the first three numbers specify the network number while the last number identifies an individual computer on that network Once you have decided on the network number pick an IP ad...

Страница 84: ...SB Printers The following is a list of USB printer models compatible with the LTE Device print server Table 28 Compatible USB Printers BRAND MODEL Brother MFC7420 CANON BJ F9000 CANON i320 CANON PIXMA...

Страница 85: ...HP Laserjet 2420 HP Color Laserjet 1500L HP Laserjet 3015 HP Officejet 4255 HP Officejet 5510 HP Officejet 5610 HP Officejet 7210 HP Officejet Pro L7380 HP Photosmart 2610 HP Photosmart 3110 HP Photo...

Страница 86: ...indows Me Follow the steps below to install the UPnP in Windows Me 1 Click Start and Control Panel Double click Add Remove Programs 2 Click the Windows Setup tab and select Communication in the Compon...

Страница 87: ...ponents 4 Click OK to go back to the Add Remove Programs Properties window and click Next 5 Restart the computer when prompted Installing UPnP in Windows XP Follow the steps below to install the UPnP...

Страница 88: ...ing Components Wizard window displays Select Networking Service in the Components selection box and click Details Figure 53 Windows Optional Networking Components Wizard 5 In the Networking Services w...

Страница 89: ...n Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the LTE Device Make sure the computer is connected to a LAN port of the LTE Device Turn on your computer and the L...

Страница 90: ...r 6 Home Networking LTE 5121 User s Guide 90 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatically created Figure 56 Internet Connection Prope...

Страница 91: ...appings or click Add to manually add port mappings Figure 57 Internet Connection Properties Advanced Settings Figure 58 Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled dev...

Страница 92: ...ur current Internet connection status Figure 60 Internet Connection Status Web Configurator Easy Access With UPnP you can access the web based configurator on the LTE Device without finding out the IP...

Страница 93: ...6 Home Networking LTE 5121 User s Guide 93 3 Select My Network Places under Other Places Figure 61 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local...

Страница 94: ...Invoke The web configurator login screen displays Figure 62 Network Connections My Network Places 6 Right click on the icon for your LTE Device and select Properties A properties window displays with...

Страница 95: ...tatic routes For example the next figure shows a computer A connected to the LTE Device s LAN interface The LTE Device routes most traffic from A to the Internet through the LTE Device s default gatew...

Страница 96: ...te is not active Status This shows whether the static route is currently in use or not A yellow bulb signifies that this static route is in use A gray bulb signifies that this static route is not in u...

Страница 97: ...gle host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID IP Subnet Mask Enter the IP subnet mask here Gateway IP Address You ca...

Страница 98: ...Chapter 7 Static Route LTE 5121 User s Guide 98...

Страница 99: ...esolve domain names that do not match any DNS routing entry After the LTE Device receives a DNS reply from a DNS server it creates a new entry for the resolved IP address in the routing table In the f...

Страница 100: ...g DNS route Use this screen to configure the required information for a DNS route Figure 69 DNS Route Add Edit Table 31 Network Setting DNS Route LABEL DESCRIPTION Add new DNS route Click this to crea...

Страница 101: ...e wildcard character an asterisk as the left most part of a domain name such as example com The LTE Device forwards DNS queries for any domain name ending in example com to the WAN interface specified...

Страница 102: ...Chapter 8 DNS Route LTE 5121 User s Guide 102...

Страница 103: ...a low level of latency delay and a low level of jitter variations in delay such as Internet gaming and those for which jitter alone is a problem such as Internet radio or streaming video 9 1 1 What Yo...

Страница 104: ...Marking In a QoS class you can configure whether to add or change the DSCP DiffServ Code Point value ain a matched packet When the packet passes through a compatible network the networking device suc...

Страница 105: ...he interface s actual transmission speed For example set the WAN interface speed to 1000 kbps if your Internet connection has an upstream transmission speed of 1 Mbps Setting this number higher than t...

Страница 106: ...bulb signifies that this queue is not active Name This shows the descriptive name of this queue Interface This shows the name of the LTE Device s interface through which traffic in this queue passes P...

Страница 107: ...he quality of other applications Click Network Setting QoS Class Setup to open the following screen Figure 73 Network Setting QoS Class Setup Priority Select the priority level from 1 to 7 of this que...

Страница 108: ...me This is the name of the classifier Classification Criteria This shows criteria specified in this classifier for example the interface from which traffic of this class should come and the source MAC...

Страница 109: ...con next to an existing classifier to configure it Figure 74 Class Setup Add Edit The following table describes the labels in this screen Table 37 Class Setup Add Edit LABEL DESCRIPTION Class Configur...

Страница 110: ...nfigure source or destination MAC address IP address DHCP options DSCP value or the protocol type Source MAC Address Select the check box and enter the source MAC address of the packet MAC Mask Type t...

Страница 111: ...ct User defined enter the protocol service type number IP Packet Length This field is available only when you select IP in the Ether Type field Select this option and enter the minimum and maximum pac...

Страница 112: ...twork Setting QoS Monitor LABEL DESCRIPTION Monitor Refresh Interval Select how often you want the LTE Device to update this screen Select No Refresh to stop refreshing statistics Status This is the i...

Страница 113: ...ing on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of...

Страница 114: ...Chapter 9 Quality of Service QoS LTE 5121 User s Guide 114...

Страница 115: ...The following terms and concepts may help as you read this chapter Inside Outside and Global Local Inside outside denotes where a host is located relative to the LTE Device for example the computers...

Страница 116: ...for example both FTP and web service it might be better to specify a range of port numbers You can allocate a server IP address that corresponds to a port or a range of ports Please refer to RFC 1700...

Страница 117: ...this by clicking the edit icon WAN Interface This shows the WAN interface through which the service is forwarded Start Port This is the first external port number that identifies a service End Port T...

Страница 118: ...ne port enter the port number again in the External End Port field To forward a series of ports enter the start port number here and the end port number in the External End Port field End Port Configu...

Страница 119: ...work Setting NAT Sessions Protocol Type Select the protocol supported by this virtual server Choices are TCP UDP or TCP UDP Apply Click Apply to save your changes Back Click Back to return to the prev...

Страница 120: ...e fields in this screen 10 6 Technical Reference This section provides some technical background information about the topics covered in this chapter Table 42 Network Setting NAT Sessions LABEL DESCRI...

Страница 121: ...inside local address before forwarding it to the original inside host Note that the IP address either local or global of an outside host is never changed The global IP addresses for the inside hosts...

Страница 122: ...port numbers so incoming reply packets can have their original values restored The following figure illustrates this Figure 82 How NAT Works 192 168 1 13 192 168 1 10 192 168 1 11 192 168 1 12 SA 192...

Страница 123: ...s First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The...

Страница 124: ...ame assigned to your LTE Device by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma E Mail Address If you set the Dynamic DNS service provider to TZO or...

Страница 125: ...ant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 84 Default Firewall Action 12 1...

Страница 126: ...N interface and four Ethernet LAN ports which separate the network into two areas The WAN Wide Area Network connects to the Internet The LAN Local Area Network port attaches to a network of computers...

Страница 127: ...es Table 46 Security Firewall General LABEL DESCRIPTION Firewall Select Enable to activate the firewall The LTE Device performs access control and protects against Denial of Service DoS attacks when t...

Страница 128: ...vice Click the Delete icon to delete the service Note that subsequent rules move up by one when you take this action Deleting a service rule also deletes the related ACL rules which are configured in...

Страница 129: ...er rule before you create a new one Add new ACL rule Click this to go to add a filter rule for incoming or outgoing IP traffic Name This displays the name of the rule Src IP This displays the source I...

Страница 130: ...gle or Range depending on whether you want to enter a single or a range of source IP address es to which the ACL rule applies Select Any to indicate any source IP address Source IP Address Start Enter...

Страница 131: ...d then enter a single port number or the range of port numbers of the destination Select Any to indicate any destination port Policy Use the drop down list box to select whether to silently discard DR...

Страница 132: ...red locked room 12 6 2 Security Considerations Note Incorrectly configuring the firewall may block valid access or introduce security risks to the LTE Device and your protected network Use caution whe...

Страница 133: ...Ethernet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You need to k...

Страница 134: ...e LTE Device MAC addresses not listed will be denied access to the LTE Device If you clear this the MAC Address field for this set clears MAC Address Enter the MAC addresses of the wireless station an...

Страница 135: ...n Table 53 Parental Control Parental Control LABEL DESCRIPTION Parental Control Select Enable to activate parental control Add new PCP Click this if you want to configure a new parental control rule T...

Страница 136: ...arental Control Rule The following table describes the fields in this screen Website Block This shows whether the website block is configured If not None will be shown Modify Click the Edit icon to go...

Страница 137: ...e blocks access to all URLs except ones listed below Add new service Click this to show a screen in which you can add a new service rule You can configure the Service Name Protocol and Name of the new...

Страница 138: ...Chapter 14 Parental Control LTE 5121 User s Guide 138...

Страница 139: ...ow The following terms and concepts may help as you read this chapter Certification Authorities A Certification Authority CA issues certificates and guarantees the identity of each certificate owner T...

Страница 140: ...ce only has to store the certificates of the certification authorities that you decide to trust no matter how many devices you need to authenticate Key distribution is simple and very secure since you...

Страница 141: ...uter 3 Double click the certificate s icon to open the Certificate window Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields Figure 95 Certificate Details 4 Use a...

Страница 142: ...nizational unit or department organization or company and country Valid From This field displays the date that the certificate becomes applicable The text displays in red and includes a Not Yet Valid...

Страница 143: ...te to the LTE Device Table 56 Security Certificates Trusted CA LABEL DESCRIPTION Import Certificate Click this button to open a screen where you can save the certificate of a certification authority t...

Страница 144: ...e certificate s name and set whether or not you want the LTE Device to check a certification authority s list of revoked certificates before trusting a certificate issued by the certification authorit...

Страница 145: ...ed CA View LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate If you want to change the name type up to 31 characters to identify this key certificate You...

Страница 146: ...rtificate have unique subject information Issuer This field displays identifying information about the certificate s issuing certification authority such as a common name organizational unit or depart...

Страница 147: ...The following table describes the labels in this screen Table 60 Security Certificates VPN Certificates Import LABEL DESCRIPTION Name Type in the name of the certificate Public Key Copy the public ke...

Страница 148: ...Chapter 15 Certificates LTE 5121 User s Guide 148...

Страница 149: ...16 2 The VPN Screen Use this screen to view and manage your VPN tunnel policies The following figure helps explain the main fields in the web configurator Figure 102 IPSec Fields Summary Click Securit...

Страница 150: ...abled Tunnel Name The name of the VPN connection Local Address This displays the IP address of the LTE Device Remote Address This displays the IP address of the remote IPSec router IPSec Algorithm Thi...

Страница 151: ...Chapter 16 VPN LTE 5121 User s Guide 151 Figure 104 IPSec VPN Add...

Страница 152: ...cted specify IP addresses on a network by their subnet mask by entering a static IP address on the LAN behind your LTE Device Then enter the subnet mask to identify the network address End Subnet Mask...

Страница 153: ...ype the IP address of the computer with which you will make the VPN connection If you configure this field to 0 0 0 0 or leave it blank the LTE Device will use the address in the Secure Gateway Addres...

Страница 154: ...Sec SA automatically renegotiates in this field A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys However every time the VPN tunn...

Страница 155: ...pt and decrypt information Both routers must use the same DH key group Choices are Diffie Hellman Group2 use a 1024 bit random number Diffie Hellman Group5 use a 1536 bit random number Diffie Hellman...

Страница 156: ...gorithms The Encryption Algorithm describes the use of encryption techniques such as DES Data Encryption Standard and Triple DES algorithms The Authentication Algorithms HMAC MD5 RFC 2403 and HMAC SHA...

Страница 157: ...se of portions of the original IP header in the hashing process Tunnel Mode Tunnel mode encapsulates the entire IP packet to transmit it securely A Tunnel mode is required for gateway services to prov...

Страница 158: ...ic key cryptography key group Set the IPSec SA lifetime This field allows you to determine how long the IPSec SA should stay up before it times out The LTE Device automatically renegotiates the IPSec...

Страница 159: ...lates the entire original packet including headers in a new IP packet The new IP packet s source address is the outbound address of the sending VPN gateway and its destination address is the inbound a...

Страница 160: ...ized in the following table Y This is supported in the LTE Device if you enable NAT traversal 16 5 7 ID Type and Content With aggressive negotiation mode see Section 16 5 4 on page 158 the LTE Device...

Страница 161: ...cured communications channel Diffie Hellman is used within IKE SA setup to establish session keys Upon completion of the Diffie Hellman exchange the two peers have a shared secret but the IKE SA is no...

Страница 162: ...Chapter 16 VPN LTE 5121 User s Guide 162...

Страница 163: ...the phones connected to the ZyXEL Device Section 17 3 on page 171 Use the Common screen to configure RFC 3262 support on the LTE Device Section 17 5 on page 175 Use the Phone Device screen to control...

Страница 164: ...f the call routing and setup figuring out how to get your call to the right place in a way that you and the other person can talk to one another Voice Activity Detection Silence Suppression Voice Acti...

Страница 165: ...provider gave you ready before you start to configure the LTE Device 17 2 The SIP Service Provider Screen Use this screen to configure the SIP server information QoS for VoIP calls the numbers for cer...

Страница 166: ...ote Click more to see all the fields in the screen You don t necessarily need to use all these fields to set up your account Click hide more to see and configure only the fields needed for this featur...

Страница 167: ...ection Service Provider Selection Select the SIP service provider profile you want to use for the SIP account you configure in this screen If you change this field the screen automatically refreshes G...

Страница 168: ...AN connections The VoIP service is activated only when one of the selected WAN connections is up RFC Support PRACK RFC 3262 RFC 3262 defines a mechanism to provide reliable transmission of SIP provisi...

Страница 169: ...ervice provider has a SIP outbound server to handle voice calls This allows the LTE Device to work with any type of NAT router and eliminates the need for STUN or a SIP ALG Turn off any SIP ALG on a N...

Страница 170: ...call so that you won t miss any important calls Call Waiting Disable This code is used to turn the call waiting feature off One Shot Call Waiting Enable This code is used to enable call waiting only...

Страница 171: ...scribes the labels in this screen Do Not Disturb Disable This code is used to turn the Do Not Disturb feature off Apply Click Apply to save your changes Cancel Click Cancel to restore your previously...

Страница 172: ...Guide 172 17 3 1 Add Edit SIP Account You can configure a new SIP account or edit one To access this screen click Add new SIP Account in the SIP Account screen or Edit icon next to an existing account...

Страница 173: ...clude the SIP service domain name Voice Features Primary Compression Type Secondary Compression Type Third Compression Type Select the type of voice coder decoder codec that you want the LTE Device to...

Страница 174: ...call is forwarded to the specified phone number if you reject or ignore the second incoming call Active No Answer Forward Select this if you want the LTE Device to forward incoming calls to the speci...

Страница 175: ...e uses Click VoIP Phone to access the Phone Device screen Figure 114 VoIP Phone Phone Device The following table describes the labels in this screen 17 5 1 Edit Phone Device You can decide which SIP a...

Страница 176: ...g calls with the analog phone connected to this phone port SIP Number This shows the SIP account number SIP Account s to Receive Incoming Call SIP Account Select a SIP account if you want to receive p...

Страница 177: ...figured a speed dial rule you can use a shortcut the speed dial number 01 for example on your phone s keypad to call the phone number Table 74 VoIP Phone Region LABEL DESCRIPTION Region Settings Selec...

Страница 178: ...on to update the Speed Dial Phone Book section Phone Book Use this section to look at all the speed dial entries and to erase them This field displays the speed dial number you should dial to use this...

Страница 179: ...m that of the signaling SIP handles telephone calls and can interface with traditional circuit switched telephone networks SIP Identities A SIP account uses an identity sometimes referred to as a SIP...

Страница 180: ...registrations and subsequent SIP requests require a username and password for authorization These credentials are validated via a challenge response system using the HTTP digest mechanism as detailed...

Страница 181: ...ds the translated IP address back to the device that sent the request Then the client device that originally sent the request can send requests to the IP address that it received back from the redirec...

Страница 182: ...register RTP When you make a VoIP call using SIP the RTP Real time Transport Protocol is used to handle voice data transfer See RFC 3550 for details on RTP Pulse Code Modulation Pulse Code Modulation...

Страница 183: ...n standard PCM conversion ADPCM converts analog audio into digital signals based on the difference between each audio sample and a prediction based on previous samples The more similar the audio sampl...

Страница 184: ...DS Differentiated Services field to replace the Type of Service TOS field in the IP header The DS field contains a 2 bit unused field and a 6 bit DSCP field which can define up to 64 service levels Th...

Страница 185: ...ble below After pressing the flash key if you do not issue the sub command before the default sub command time out 2 seconds expires or issue an invalid sub command the current operation will be abort...

Страница 186: ...ess the flash key and then 2 European Call Transfer Do the following to transfer a call that you have answered to another phone number 1 Press the flash key to put the caller on hold 2 When you hear t...

Страница 187: ...ection 18 8 on page 194 Use the VoIP Status screen to view the VoIP traffic statistics Section 18 9 on page 195 18 1 2 What You Need To Know The following terms and concepts may help as you read this...

Страница 188: ...s screen Table 78 Syslog Severity Levels CODE SEVERITY 0 Emergency The system is unusable 1 Alert Action must be taken immediately 2 Critical The system condition is critical 3 Error There is an error...

Страница 189: ...connection LTE displays for an LTE connection Signal Strength This displays the signal strength of the connection to the base station This is also known as the eNodeB or eNB Signal Quality This displ...

Страница 190: ...the LTE module is using in dBm This only applies to an LTE connection Cell ID This identifies the radio tower to which the LTE module is connected TAC This displays the LTE module s current Tracking...

Страница 191: ...ates the reason for the log Table 80 System Monitor Log System Log continued LABEL DESCRIPTION Table 81 System Monitor Log Phone Log LABEL DESCRIPTION Select a category of logs to view from the drop d...

Страница 192: ...or Traffic Status WAN Table 82 System Monitor Log VoIP Call History LABEL DESCRIPTION Select a category of call records to view from the drop down list box select All Call History to view all call rec...

Страница 193: ...op down list box Connected Interface This shows the name of the WAN interface that is currently connected Packets Sent Data This indicates the number of transmitted packets on this interface Error Thi...

Страница 194: ...of frames with errors transmitted on this interface Drop This indicates the number of outgoing packets dropped on this interface Received Packet Data This indicates the number of received packets on t...

Страница 195: ...he SIP server the attempt failed The LTE Device automatically tries to register the SIP account when you turn on the LTE Device or when you activate it Inactive The SIP account is not active You can a...

Страница 196: ...c This field displays what voice codec is being used for a current VoIP call through a phone port Peer Number This field displays the SIP number of the party that is currently engaged in a VoIP call t...

Страница 197: ...ance User Account LABEL DESCRIPTION User Name You can configure the password for the Power User and Admin accounts Old Password Type the default password or the existing password you use to access the...

Страница 198: ...Chapter 19 User Account LTE 5121 User s Guide 198...

Страница 199: ...rs to use a TR 064 compliant CPE management application on their computers from the LAN to discover the CPE and configure user specific parameters such as the username and password SSH SCP SFTP Secure...

Страница 200: ...is is the service you may use to access the LTE Device LAN WLAN Select the Enable check box for the corresponding services that you want to allow access to the LTE Device from the LAN and WLAN WAN Sel...

Страница 201: ...LTE Device supports SNMP version one SNMPv1 and version two SNMPv2c The next figure illustrates an SNMP management operation Figure 132 SNMP Management Model An SNMP managed network consists of two m...

Страница 202: ...by a series of GetNext operations Set Allows the manager to set values for object variables within an agent Trap Used by the agent to inform the manager of some events Click Maintenance SNMP to open t...

Страница 203: ...port files the domain name is www zyxel com 22 2 The System Screen Use the System screen to configure the system s host name domain name and inactivity time out interval The Host Name is for identific...

Страница 204: ...ave this field blank the ISP may assign a domain name via DHCP The domain name entered by you is given priority over the ISP assigned domain name Administrator Inactivity Timer Type how many minutes a...

Страница 205: ...ntenance System Time Setting LABEL DESCRIPTION Current Date Time Current Time This field displays the time of your LTE Device Current Date This field displays the date of your LTE Device Time and Date...

Страница 206: ...The time you type in the o clock field depends on your time zone In Germany for instance you would type 2 because Germany s time zone is one hour ahead of GMT or UTC GMT 1 End Date Configure the day...

Страница 207: ...where the LTE Device sends logs and which logs and or immediate alerts the LTE Device records in the Log Setting screen 24 2 The Log Setting Screen To change your LTE Device s log settings click Maint...

Страница 208: ...logging Syslog Server Enter the server name or IP address of the syslog server that will log the selected categories of logs UDP Port Enter the port number used by the syslog server Active Log and Sel...

Страница 209: ...Upgrade to open the following screen The upload process uses HTTP Hypertext Transfer Protocol and may take up to three minutes After a successful upload the system will reboot Do NOT turn off the LTE...

Страница 210: ...ssage Browse Click this to find the bin file you want to upload Remember that you must decompress compressed zip files before you can upload them Upload Click this to begin the upload process This pro...

Страница 211: ...figuration appears in this screen as shown next Figure 141 Maintenance Backup Restore Backup Configuration Backup Configuration allows you to back up save the LTE Device s current configuration to a f...

Страница 212: ...on your desktop Figure 142 Network Temporarily Disconnected If you restore the default configuration you may need to change the IP address of your computer to be in the same subnet as that of the def...

Страница 213: ...rocess Message You can also press the RESET button on the back panel to reset the factory defaults of your LTE Device Refer to Section 1 8 on page 19 for more information on the RESET button 26 3 The...

Страница 214: ...Chapter 26 Backup Restore LTE 5121 User s Guide 214...

Страница 215: ...shoot network or Internet connections Click Maintenance Diagnostic to open the Ping TraceRoute screen shown next Figure 145 Maintenance Diagnostic Ping TraceRoute The following table describes the fie...

Страница 216: ...agnostic LTE The following table describes the fields in this screen Table 96 Maintenance Diagnostic LTE ITEM DESCRIPTION LTE Service Status Click this button to view the LTE connection s type APN int...

Страница 217: ...The LTE Device does not turn on None of the LEDs turn on 1 Make sure the LTE Device is turned on 2 Make sure you are using the power adaptor or cord included with the LTE Device 3 Make sure the power...

Страница 218: ...dress in your Internet browser 3 If this does not work you have to reset the device to its factory defaults See Section 1 8 on page 19 I forgot the password 1 The default admin password is 1234 and th...

Страница 219: ...Make sure you have entered the user name and password correctly The default user name is admin These fields are case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configur...

Страница 220: ...r device and follow the directions in the Quick Start Guide again 6 If the problem continues contact your ISP I cannot access the Internet anymore I had access to the Internet with the LTE Device but...

Страница 221: ...and the wireless client Reduce the number of wireless clients connecting to the same AP simultaneously or add additional APs if necessary Try closing some programs that use the Internet especially pe...

Страница 222: ...n Make sure that your telephone is connected to the PHONE port 2 You can also check the VoIP status in the System Info screen 3 If the VoIP settings are correct use speed dial to make peer to peer cal...

Страница 223: ...twork 1 Disconnect the Ethernet cable from the LTE Device s LAN port or from your computer 2 Re connect the Ethernet cable The Local Area Connection icon for UPnP disappears in the screen Restart your...

Страница 224: ...Chapter 28 Troubleshooting LTE 5121 User s Guide 224...

Страница 225: ...elated service providers Do not use the LTE Device for illegal purposes Illegal downloading or sharing of files can result in severe civil and criminal penalties You are subject to the restrictions of...

Страница 226: ...e Applied Standard s EN 62311 2008 EN 50385 2002 2 Safety Article 3 1 a of the R TTE Directive Applied Standard s EN 60950 1 2006 A11 2009 A1 2010 A12 2011 3 Electromagnetic compatibility Article 3 1...

Страница 227: ...or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchanta...

Страница 228: ...ice and the power source Do NOT attempt to repair the power adaptor or cord Contact your local vendor to order a new one Do not use the device outside and make sure all the connections are indoors The...

Страница 229: ...call hold 185 call rule 177 call service mode 185 call transfer 186 call waiting 186 certificate factory default 142 certificates 139 CA 139 replacing 142 storage space 142 thumbprint algorithms 141 t...

Страница 230: ...see DHCP DYNDNS wildcard 123 E echo cancellation 164 encapsulation 156 encryption 60 ESP 156 Europe type call service mode 185 Extended Service Set IDentification 46 53 F File Sharing 77 firewalls 125...

Страница 231: ...80 iTunes server 80 model name 31 multimedia 179 Multiple BSS see MBSSID N NAT 83 116 default server 119 definitions 121 DMZ host 119 how it works 121 IPSec 159 traversal 159 what it does 121 negotia...

Страница 232: ...itiation Protocol see SIP silence suppression 164 Simple Network Management Protocol see SNMP SIP 179 account 179 call progression 182 client 180 identities 179 INVITE request 183 number 179 proxy ser...

Страница 233: ...see WAN 35 warning wall mounting 19 warnings 227 warranty 227 note 227 Web Configurator 23 web configurator passwords 23 WEP 48 61 WEP Encryption 49 wireless LAN 43 authentication 59 60 BSS 61 exampl...

Страница 234: ...Index LTE 5121 User s Guide 234...

Отзывы:

Нет отзывов

Похожие инструкции для LTE5121

Бренд: YOKOGAWA Страницы: 44

Бренд: Symantec Страницы: 2

Бренд: OlenCom Страницы: 299

Бренд: Ubee Страницы: 6

EU5C-SWD-ETHERCAT

Бренд: hilscher Страницы: 98

UNIGATE IC - Powerlink

Бренд: DEUTSCHMANN AUTOMATION Страницы: 50

Бренд: Aaeon Страницы: 40

Бренд: Yeastar Technology Страницы: 104

ePAQ-942 Series

Бренд: QEI Страницы: 42

Бренд: Ubiquiti Страницы: 19

Бренд: Dragino Страницы: 61

Бренд: RTA Страницы: 81

Бренд: WaveWare Страницы: 18

Бренд: AVIRE Страницы: 41

Бренд: Fujitsu Страницы: 46

BACnet UTY-VBGX

Бренд: Fujitsu Страницы: 103

Бренд: Fujitsu Страницы: 159

Бренд: Motorola Страницы: 46

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды