manualshive.com logo in svg

ZyXEL Communications P-2602HWLNI, Руководство пользователя, Страница: 234 / 496

Поделиться
Скачать
ZyXEL Communications P-2602HWLNI Скачать руководство пользователя страница 234

Chapter 14 Firewalls

P-2602HWLNI User’s Guide

234

14.2.2  Application-level Firewalls

Application-level firewalls restrict access by serving as proxies for external servers. Since they 
use programs written for specific Internet services, such as HTTP, FTP and telnet, they can 
evaluate network packets for valid application-specific data. Application-level gateways have 
a number of general advantages over the default mode of permitting application traffic directly 
to internal hosts:
Information hiding prevents the names of internal systems from being made known via DNS 
to outside systems, since the application gateway is the only host whose name must be made 
known to outside systems.
Robust authentication and logging pre-authenticates application traffic before it reaches 
internal hosts and causes it to be logged more effectively than if it were logged with standard 
host logging. Filtering rules at the packet filtering router can be less complex than they would 
be if the router needed to filter application traffic and direct it to a number of specific systems. 
The router need only allow application traffic destined for the application gateway and reject 
the rest.

14.2.3   Stateful Inspection Firewalls 

Stateful inspection firewalls restrict access by screening data packets against defined access 
rules. They make access control decisions based on IP address and protocol. They also 
"inspect" the session data to assure the integrity of the connection and to adapt to dynamic 
protocols. These firewalls generally provide the best speed and transparency, however, they 
may lack the granular application level access control or caching that some proxies support. 
See 

Section 14.5 on page 238

 for more information on stateful inspection.

Firewalls, of one type or another, have become an integral part of standard security solutions 
for enterprises.

14.3  Introduction to ZyXEL’s Firewall

The ZyXEL Device firewall is a stateful inspection firewall and is designed to protect against 
Denial of Service attacks when activated. The ZyXEL Device’s purpose is to allow a private 
Local Area Network (LAN) to be securely connected to the Internet. The ZyXEL Device can 
be used to prevent theft, destruction and modification of data, as well as log events, which may 
be important to the security of your network. The ZyXEL Device also has packet filtering 
capabilities.
The ZyXEL Device is installed between the LAN and the Internet. This allows it to act as a 
secure gateway for all data passing between the Internet and the LAN.
The ZyXEL Device has one DSL/ISDN port and one Ethernet LAN port, which physically 
separate the network into two areas.

• The DSL/ISDN port connects to the Internet.
• The LAN (Local Area Network) port attaches to a network of computers, which needs 

security from the outside world. These computers will have access to Internet services 
such as e-mail, FTP, and the World Wide Web.  However, “inbound access” will not be 
allowed unless you configure remote management or create a firewall rule to allow a 
remote host to use a specific service.

Содержание P-2602HWLNI

Страница 1: ...LNI Series 802 11g Wireless ADSL2 4 Port VoIP IAD User s Guide Version 3 40 9 2007 Edition 2 DEFAULT LOGIN IP Address http 192 168 1 1 Administrator Name admin Administrator Password admin User Name u...

Страница 2: ......

Страница 3: ...Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information It is recommended you use the web configurator to configure the ZyXEL Device Supporting...

Страница 4: ...A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENT...

Страница 5: ...e 5 Icons Used in Figures Figures in this User s Guide may use the following generic icons The ZyXEL Device icon is not an exact representation of your device ZyXEL Device Computer Notebook computer S...

Страница 6: ...vice before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect the power adaptor or cord to the right supply voltage for example 110V AC in North America...

Страница 7: ...Safety Warnings P 2602HWLNI User s Guide 7...

Страница 8: ...Safety Warnings P 2602HWLNI User s Guide 8...

Страница 9: ...Status Screens 87 Network 99 WAN Setup 101 LAN Setup 117 Wireless LAN 129 Network Address Translation NAT Screens 155 VoIP 167 Voice 169 VoIP Trunking 211 Phone Usage 227 Security 231 Firewalls 233 F...

Страница 10: ...Overview P 2602HWLNI User s Guide 10 Maintenance and Troubleshooting 373 System 375 Call History 381 Logs 387 Troubleshooting 401 Tools 407 Diagnostic 419 Product Specifications 423 Appendices and In...

Страница 11: ...he ZyXEL Device 42 1 4 Applications for the ZyXEL Device 43 1 4 1 Internet Access 43 1 4 2 Making Calls via Internet Telephony Service Provider 43 1 4 3 Make Peer to peer Calls 44 1 4 4 Firewall for S...

Страница 12: ...Wireless Connection Wizard Setup 71 3 3 1 Manually Assign a WPA PSK Key 74 3 3 2 Manually Assign a WEP Key 74 Chapter 4 VoIP Wizard 77 4 1 Introduction 77 4 2 VoIP Wizard Setup 77 Chapter 5 Bandwidth...

Страница 13: ...nections Edit Advanced 113 7 9 Traffic Redirect 114 7 10 WAN Backup Setup 114 Chapter 8 LAN Setup 117 8 1 LAN Overview 117 8 1 1 LANs WANs and the ZyXEL Device 117 8 1 2 DHCP Setup 118 8 2 DNS Server...

Страница 14: ...1 Application Priority Configuration 147 9 10 WDS Screen 148 9 10 1 Static WEP 149 9 10 2 WPA PSK 150 9 10 3 WPA2 PSK 152 Chapter 10 Network Address Translation NAT Screens 155 10 1 NAT General Overv...

Страница 15: ...creen 179 11 6 SIP QoS Screen 182 11 7 Phone 183 11 7 1 PSTN Line 183 11 7 2 ISDN Line 184 11 7 3 Voice Activity Detection Silence Suppression 184 11 7 4 Comfort Noise Generation 184 11 7 5 Echo Cance...

Страница 16: ...ng Scenarios 213 12 4 1 VoIP Phone To PSTN Phone 213 12 4 2 PSTN Phone To VoIP Phone 213 12 4 3 PSTN Phone To PSTN Phone via VoIP 214 12 5 Trunking General Screen 214 12 6 Trunking Peer Call Screen 21...

Страница 17: ...e 235 14 4 1 Basics 235 14 4 2 Types of DoS Attacks 236 14 5 Stateful Inspection 238 14 5 1 Stateful Inspection Process 239 14 5 2 Stateful Inspection on Your ZyXEL Device 240 14 5 3 TCP Security 240...

Страница 18: ...1 Content Filtering Overview 265 16 2 Configuring Keyword Blocking 265 16 3 Configuring the Schedule 266 16 4 Configuring Trusted Computers 267 Chapter 17 Introduction to IPSec 269 17 1 VPN Overview 2...

Страница 19: ...8 16 Viewing SA Monitor 295 18 17 Configuring Global Setting 297 18 18 Telecommuter VPN IPSec Examples 297 18 18 1 Telecommuters Sharing One VPN Rule Example 297 18 18 2 Telecommuters Using Unique VPN...

Страница 20: ...idth Management 332 21 5 Application and Subnet based Bandwidth Management 333 21 5 1 Bandwidth Management Priorities 333 21 6 Configuring Bandwidth Management General 333 21 7 Bandwidth Management Ru...

Страница 21: ...e 2 Linux 357 23 15 Secure FTP Using SSH Example 358 Chapter 24 Universal Plug and Play UPnP 361 24 1 Introducing Universal Plug and Play 361 24 1 1 How do I know if I m using UPnP 361 24 1 2 NAT Trav...

Страница 22: ...kup and Restore 410 29 5 1 Backup Configuration 411 29 5 2 Restore Configuration 411 29 5 3 Reset to Factory Defaults 412 29 6 Restart 413 29 7 Using FTP or TFTP to Back Up Configuration 413 29 7 1 Us...

Страница 23: ...3 Voice Specifications 427 31 4 Wireless Features Wireless Devices Only 429 31 4 1 IEEE 802 11g Wireless LAN 430 31 5 Power Adaptor Specifications 431 Part VIII Appendices and Index 433 Appendix A Se...

Страница 24: ...Table of Contents P 2602HWLNI User s Guide 24...

Страница 25: ...s Wizard Setup ISP Parameters 67 Figure 18 Internet Connection with PPPoE 68 Figure 19 Internet Connection with RFC 1483 68 Figure 20 Internet Connection with ENET ENCAP 69 Figure 21 Internet Connecti...

Страница 26: ...AN Backup Setup 115 Figure 58 LAN and WAN IP Addresses 117 Figure 59 Any IP Example 121 Figure 60 LAN IP 122 Figure 61 Advanced LAN Setup 123 Figure 62 DHCP Setup 124 Figure 63 LAN Client List 126 Fig...

Страница 27: ...ough Proxy Servers 174 Figure 101 DiffServ Differentiated Service Field 177 Figure 102 SIP SIP Settings 178 Figure 103 VoIP SIP Settings Advanced 180 Figure 104 SIP QoS 183 Figure 105 Phone Analog Pho...

Страница 28: ...ices 254 Figure 144 Firewall Configure Customized Services 255 Figure 145 Firewall Example Rules 256 Figure 146 Edit Custom Port Example 256 Figure 147 Firewall Example Edit Rule Destination Address 2...

Страница 29: ...sed Bandwidth Management Example 332 Figure 188 Bandwidth Management General 333 Figure 189 Bandwidth Management Rule Setup 334 Figure 190 Bandwidth Management Rule Configuration 335 Figure 191 Bandwi...

Страница 30: ...re 228 Call History Call History 383 Figure 229 Call History Call History Settings 384 Figure 230 View Log 388 Figure 231 Log Settings 389 Figure 232 E mail Log Example 391 Figure 233 Firmware Upgrade...

Страница 31: ...ker 447 Figure 263 Internet Options Privacy 448 Figure 264 Internet Options Privacy 449 Figure 265 Pop up Blocker Settings 449 Figure 266 Internet Options Security 450 Figure 267 Security Settings Jav...

Страница 32: ...List of Figures P 2602HWLNI User s Guide 32...

Страница 33: ...Wizard Configuration 80 Table 16 Bandwidth Management Wizard General Information 84 Table 17 Status Screen 88 Table 18 Any IP Table 91 Table 19 WLAN Status 92 Table 20 Packet Statistics 93 Table 21 Vo...

Страница 34: ...it Address Mapping Rule 165 Table 58 SIP Call Progression 173 Table 59 SIP Call Progression 174 Table 60 Custom Tones Details 176 Table 61 SIP SIP Settings 178 Table 62 VoIP SIP Settings Advanced 180...

Страница 35: ...t Filter Trusted 267 Table 101 VPN and NAT 273 Table 102 AH and ESP 276 Table 103 VPN Setup 278 Table 104 VPN and NAT 280 Table 105 Local ID Type and Content Fields 282 Table 106 Peer ID Type and Cont...

Страница 36: ...ote Management FTP 349 Table 141 SNMP Traps 351 Table 142 Remote Management SNMP 352 Table 143 Remote Management DNS 353 Table 144 Remote Management ICMP 354 Table 145 ADVANCED REMOTE MGMT SSH 356 Tab...

Страница 37: ...dware Specifications 423 Table 184 Firmware Specifications 423 Table 185 Voice Features 427 Table 186 Wireless Features 429 Table 187 IEEE 802 11g 430 Table 188 P 2602HWL Series Power Adaptor Specific...

Страница 38: ...List of Tables P 2602HWLNI User s Guide 38...

Страница 39: ...39 PART I Introduction Introducing the ZyXEL Device 41 Introducing the Web Configurator 49...

Страница 40: ...40...

Страница 41: ...g this guide covers the following models In the ZyXEL Device product name H denotes an integrated 4 port switch hub W denotes wireless functionality There is an embedded mini PCI module for IEEE 802 1...

Страница 42: ...n file that allows you to configure the device by uploading an SPTGEN file This is especially convenient if you need to configure many devices of the same type Vantage CNM Centralized Network Manageme...

Страница 43: ...hown below Figure 1 Internet Access Application 1 4 1 1 Internet Single User Account For a SOHO Small Office Home Office environment your device offers the Single User Account SUA feature that allows...

Страница 44: ...re shows a basic example of how you would make a peer to peer VoIP call You use your analog phone A in the figure and your device B changes the call into VoIP and sends the call through the Internet t...

Страница 45: ...User s Guide 45 Figure 4 Firewall Application 1 4 5 LAN to LAN Application You can use your device to connect two geographically dispersed networks over the ADSL line A typical LAN to LAN application...

Страница 46: ...ing a self test Red On Your device is not ready or there is a malfunction None Off Your device is not turned on ETHERNET 1 4 Green On Your device has a successful Ethernet connection Blinking The ZyXE...

Страница 47: ...has an IP connection but no traffic Your device has a WAN IP address either static or assigned by a DHCP server PPP negotiation was successfully completed if used and the DSL connection is up Blinking...

Страница 48: ...five seconds and release it The WLAN LED should flash while the device uses OTIST to send wireless settings to OTIST clients W models only To set the device back to the factory default settings press...

Страница 49: ...screen resolution is 1024 by 768 pixels In order to use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Se...

Страница 50: ...the default password in the password field If you have changed the password enter your password and click Login 3 Follow steps from step 3 in Section 2 2 2 on page 50 The default user name and passwo...

Страница 51: ...Replace Certificate Screen 5 A screen displays to let you choose whether to go to the wizard or the advanced screens Click Go to Wizard setup if you are logging in for the first time or if you want t...

Страница 52: ...ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes default If this happens log in again Figure 10 Wizard or Advanced Screen 2 3 Web Configurator Main Scree...

Страница 53: ...on to go to the configuration wizards See Chapter 3 on page 63 for more information Logout Click this icon to log out of the web configurator Table 4 Navigation Panel Summary LINK TAB FUNCTION Status...

Страница 54: ...n to set which Phone 1 and Phone 2 port settings ISDN Phone Use this screen to configure the ISDN phone port settings Common Use this screen to configure general phone port settings Ext Table Use this...

Страница 55: ...lobal Setting Use this screen to allow NetBIOS traffic through VPN tunnels Certificates My Certificates Use this screen to generate and export self signed certificates or certification requests and im...

Страница 56: ...eneral Use this screen to configure your device s name domain name management inactivity timeout and password Time Setting Use this screen to change your ZyXEL Device s time and date Logs View Log Use...

Страница 57: ...up Wizard O O VoIP Setup Wizard O O Bandwidth Management Wizard O O System Statistics O O Network WAN Internet Access Setup O O More Connections O WAN Backup Setup O LAN IP O DHCP Setup O Client List...

Страница 58: ...up O Monitor O VPN Global Setting O Certificates My Certificates O Trusted CAs O Trusted Remote Hosts O Directory Servers O Advanced Static Route Static Route O Bandwidth MGMT General O O Rule Setup O...

Страница 59: ...the Status screen is displayed See Chapter 6 on page 87 for more information about the Status screen 2 3 4 Status Bar Check the status bar when you click Apply or OK to verify that the configuration...

Страница 60: ...Chapter 2 Introducing the Web Configurator P 2602HWLNI User s Guide 60...

Страница 61: ...61 PART II Wizards and Status Internet and Wireless Setup Wizard 63 VoIP Wizard 77 Bandwidth Management Wizard 83 Status Screens 87...

Страница 62: ...62...

Страница 63: ...up screens to configure your system for Internet access with the information given to you by your ISP See the advanced menu chapters for background information on these fields 3 2 Internet Access Wiza...

Страница 64: ...screen appears if a connection is not detected Check your hardware connections and click Restart the Internet Wireless Setup Wizard to return to the wizard welcome screen If you still cannot connect c...

Страница 65: ...unt information username password and or service name exactly as provided by your ISP Then click Next and see Section 3 3 on page 71 for wireless connection wizard setup Figure 15 Auto Detection PPPoE...

Страница 66: ...2 1 Manual Configuration 1 If the ZyXEL Device fails to detect your DSL connection type but the physical line is connected enter your Internet access information in the wizard screen exactly as your...

Страница 67: ...ncapsulation drop down list box Choices vary depending on what you select in the Mode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode fie...

Страница 68: ...ter the user name exactly as your ISP assigned If assigned a name in the form user domain where domain identifies a service name then enter both components exactly as given Password Enter the password...

Страница 69: ...tic IP address is a fixed IP that your ISP gives you A dynamic IP address is not fixed the ISP assigns you a different one each time you connect to the Internet Select Obtain an IP Address Automatical...

Страница 70: ...them Apply Click Apply to save your changes back to the ZyXEL Device Exit Click Exit to close the wizard screen without saving your changes Table 10 Internet Connection with PPPoA LABEL DESCRIPTION U...

Страница 71: ...ted or click Restart the Internet Wireless Setup Wizard to verify your Internet access settings Figure 23 Connection Test Failed 2 3 3 Wireless Connection Wizard Setup After you configure the Internet...

Страница 72: ...e check box to enable OTIST if you want to transfer your ZyXEL Device s SSID and WEP or WPA PSK security settings to wireless clients that support OTIST and are within transmission range You must also...

Страница 73: ...e range of radio frequencies used by IEEE 802 11b g wireless devices is called a channel Select a channel ID that is not already in use by a neighboring device Security Select Automatically assign a W...

Страница 74: ...ey Choose Manually assign a WEP key to setup WEP Encryption parameters Figure 28 Manually Assign a WEP Key Table 13 Manually Assign a WPA key LABEL DESCRIPTION Pre Shared Key Type from 8 to 63 case se...

Страница 75: ...eless LAN settings display if you chose not to configure wireless LAN settings Table 14 Manually Assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data Both the ZyXEL Device and...

Страница 76: ...r web browser and navigate to www zyxel com Internet access is just the beginning Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features If you ca...

Страница 77: ...o use up to two SIP based VoIP accounts The ZyXEL Device provides ten SIP accounts although you can configure only 2 via the VoIP wizard See Chapter 11 on page 178 to configure the others In the follo...

Страница 78: ...web page for example http www zyxel com You must have a SIP account before you setup the VoIP wizard 1 After you enter the password to access the web configurator select Go to Wizard setup and click...

Страница 79: ...rovider is not in the list select None and click Apply Figure 34 SIP Server Profile Selection 4 Fill in the fields with the information provided by your VoIP service provider When you are finished cli...

Страница 80: ...ce domain name in this field the domain name that comes after the symbol in a SIP account like 11223344 SIPA Account com You can use up to 127 ASCII Extended set characters User Name This is the usern...

Страница 81: ...on page 401 for troubleshooting Figure 37 VoIP Wizard Fail 7 The congratulations screen displays if your SIP account registration was successful You are ready to make and receive VoIP phone calls Cli...

Страница 82: ...ce provider s dialing plan to call regular phone numbers You dial a prefix number provided to you by your VoIP service provider followed by a regular phone number To find out more information about co...

Страница 83: ...itize the distribution of the bandwidth according to service bandwidth requirements This helps keep one service from using all of the available bandwidth and shutting out other users 5 2 Bandwidth Man...

Страница 84: ...een instructions and click Finish to complete the wizard setup and save your configuration Table 16 Bandwidth Management Wizard General Information LABEL DESCRIPTION Active Select the Active check box...

Страница 85: ...Chapter 5 Bandwidth Management Wizard P 2602HWLNI User s Guide 85 Figure 42 Bandwidth Management Wizard Complete...

Страница 86: ...Chapter 5 Bandwidth Management Wizard P 2602HWLNI User s Guide 86...

Страница 87: ...of the device system resources interfaces LAN and WAN and SIP accounts You can also register and unregister SIP accounts The Status screen also provides detailed information from Any IP and DHCP and...

Страница 88: ...resh Interval Enter how often you want the ZyXEL Device to update this screen Apply Click this to update this screen immediately Device Information Host Name This field displays the ZyXEL Device syste...

Страница 89: ...field displays what DHCP services the ZyXEL Device is providing to the LAN Choices are Server The ZyXEL Device is a DHCP server in the LAN It assigns IP addresses to other computers in the LAN Relay T...

Страница 90: ...call if you re using PPPoE encapsulation For the LAN interface this field displays Up when the ZyXEL Device is using the interface and Down when the ZyXEL Device is not using the interface For the WL...

Страница 91: ...XEL Device attempt to register the SIP account with the SIP server The second field displays the reason the account is not registered Inactive The SIP account is not active You can activate it in VoIP...

Страница 92: ...o access this screen Read only information here includes port status and packet specific statistics Also provided are system up time and poll interval s The Poll Interval s field is configurable Table...

Страница 93: ...This is the downstream speed of your ZyXEL Device Node Link This field displays the remote node index number and link type Link types are PPPoA ENET RFC 1483 and PPPoE Status This field displays Down...

Страница 94: ...s disabled TxPkts This field displays the number of packets transmitted on this interface RxPkts This field displays the number of packets received on this interface Collisions This is the number of c...

Страница 95: ...he SIP account has never dialed a number Call Statistics Phone This field displays each phone port in the ZyXEL Device Hook This field indicates whether the phone is on the hook or off the hook On The...

Страница 96: ...Stop Click this to make the ZyXEL Device stop updating the screen Table 21 VoIP Statistics LABEL DESCRIPTION Table 22 LED Status LABEL STATUS DESCRIPTION Connection DSL Green The DSL port has a succe...

Страница 97: ...e outgoing VoIP calls Off This phone port does not have a successful SIP account registration This field displays the number of the SIP account used to make outgoing calls on the corresponding phone p...

Страница 98: ...Chapter 6 Status Screens P 2602HWLNI User s Guide 98...

Страница 99: ...99 PART III Network WAN Setup 101 LAN Setup 117 Wireless LAN 129 Network Address Translation NAT Screens 155...

Страница 100: ...100...

Страница 101: ...ZyXEL Device supports PPPoE Point to Point Protocol over Ethernet PPPoE is an IETF Draft standard RFC 2516 specifying how a personal computer PC interacts with a broadband modem DSL cable wireless etc...

Страница 102: ...iplexing In this case by prior mutual agreement each protocol is assigned to a specific virtual circuit for example VC1 carries IP etc VC based multiplexing may be dominant in environments where dynam...

Страница 103: ...imeout is disabled The second is that the ZyXEL Device will try to bring up the connection when turned on and whenever the connection is down A nailed up connection can be very expensive for obvious r...

Страница 104: ...ATM network This agreement helps eliminate congestion which is important for transmission of real time data such as audio and video connections Peak Cell Rate PCR is the maximum rate at which the send...

Страница 105: ...me data transfers and the bandwidth requirement varies in proportion to the video image s changing dynamics The VBR nRT non real time Variable Bit Rate type is used with bursty connections that do not...

Страница 106: ...an Internet account Otherwise select Bridge Encapsulation Select the method of encapsulation used by your ISP from the drop down list box Choices vary depending on the mode you select in the Mode fie...

Страница 107: ...ddress of a DNS server Enter the DNS server s IP address in the field to the right If you chose User Defined but leave the IP address set to 0 0 0 0 User Defined changes to None after you click Apply...

Страница 108: ...details of your WAN setup Table 23 Internet Access Setup continued LABEL DESCRIPTION Table 24 Advanced Internet Access Setup LABEL DESCRIPTION RIP Multicast Setup RIP Direction RIP Routing Information...

Страница 109: ...S refers to the maximum number of cells that can be sent at the peak rate Type the MBS which is less than 65535 Zero Configuration This feature is not applicable available when you configure the ZyXEL...

Страница 110: ...or not Name This is the name you gave to the Internet connection VPI VCI This field displays the Virtual Path Identifier VPI and Virtual Channel Identifier VCI numbers configured for this WAN connecti...

Страница 111: ...t box if your ISP allows multiple computers to share an Internet account If you select Bridge the ZyXEL Device will forward any packet that it does not route to this remote node otherwise the packets...

Страница 112: ...e IP address given by your ISP in the IP Address field Subnet Mask Enter a subnet mask in dotted decimal notation Refer to the appendices to calculate a subnet mask If you are implementing subnetting...

Страница 113: ...Continuous Bit Rate to specify fixed always on bandwidth for voice or data traffic Select UBR Unspecified Bit Rate for applications that are non time sensitive such as e mail Select VBR Variable Bit...

Страница 114: ...ackup gateway is connected to the LAN Use IP alias to configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network Put the protected LAN in one...

Страница 115: ...s the other WAN backup connection if configured if there is no response Fail Tolerance Type the number of times 2 recommended that your ZyXEL Device may ping the IP addresses configured in the Check W...

Страница 116: ...e cost of transmission A router determines the best route for transmission by choosing a path with the lowest cost RIP routing uses hop count as the measurement of cost with a minimum of 1 for directl...

Страница 117: ...y the same building or floor of a building The LAN screens can help you configure a LAN DHCP server and manage IP addresses See Section 8 4 on page 122 for information on configuring the LAN screens 8...

Страница 118: ...that an ISP disseminates the DNS server addresses The ISP tells you the DNS server addresses usually in the form of an information sheet when you sign up If your ISP gives you DNS server addresses ent...

Страница 119: ...other device on your network is using that IP address The subnet mask specifies the network number portion of an IP address Your ZyXEL Device will compute the subnet mask automatically based on the IP...

Страница 120: ...t or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and not just 1 IGMP Internet Group Multicast Protocol is a network layer...

Страница 121: ...er to the ZyXEL Device and access the Internet The following figure depicts a scenario where a computer is set to use a static private IP address in the corporate environment In a residential house wh...

Страница 122: ...routing table so it can properly forward packets intended for the computer After all the routing information is updated the computer can access the ZyXEL Device and the Internet as if it is in the sam...

Страница 123: ...d to establish membership in a multicast group The ZyXEL Device supports both IGMP version 1 IGMP v1 and IGMP v2 Select None to disable it Any IP Setup Select the Active check box to enable the Any IP...

Страница 124: ...etBIOS packets going from the LAN to the WAN and from the WAN to the LAN Back Click Back to return to the previous screen Apply Click Apply to save the changes Cancel Click Cancel to begin configuring...

Страница 125: ...DNS server s IP address in the field to the right If you chose User Defined but leave the IP address set to 0 0 0 0 User Defined changes to None after you click Apply If you set a second choice to Use...

Страница 126: ...s This field displays the IP address relative to the field listed above MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your computer six pairs of...

Страница 127: ...cal networks subnets Make sure that the subnets of the logical networks do not overlap The following figure shows a LAN divided into subnets A B and C Figure 64 Physical Network Partitioned Logical Ne...

Страница 128: ...outing table periodically When set to Both or In Only it will incorporate the RIP information that it receives when set to None it will not send any RIP packets and will ignore any RIP packets receive...

Страница 129: ...ample of a Wireless Network The wireless network is the part in the blue circle In this wireless network devices A and B use the access point AP to interact with the other devices such as the printer...

Страница 130: ...et the MAC address for each device in the wireless network see the device s User s Guide or other documentation You can use the MAC address filter to tell the ZyXEL Device which devices are allowed or...

Страница 131: ...you have a wireless network with the ZyXEL Device and you do not have a RADIUS server Therefore there is no authentication Suppose the wireless network has two devices Device A only supports WEP and...

Страница 132: ...oS gives high priority to voice and video which makes them run more smoothly Similarly it gives low priority to many large file downloads so that they do not reduce the quality of other applications 9...

Страница 133: ...its for a CTS Clear To Send before it transmits This stops wireless clients from transmitting packets at the same time and causing data collisions A wireless client sends an RTS for all packets larger...

Страница 134: ...Device from a computer connected to the wireless LAN and you change the ZyXEL Device s SSID or WEP settings you will lose your wireless connection when you press Apply to confirm You must then change...

Страница 135: ...cessible to any wireless networking device that is within range Figure 69 Wireless No Security The following table describes the labels in this screen 9 5 2 WEP Encryption Screen Select Static WEP fro...

Страница 136: ...38 Wireless Static WEP Encryption LABEL DESCRIPTION Security Mode Choose Static WEP from the drop down list box Passphrase Enter a Passphrase up to 32 printable characters and click Generate The ZyXEL...

Страница 137: ...swords in order to stay connected Enter a time interval between 10 and 9999 seconds The default time interval is 1800 seconds 30 minutes Note If wireless station authentication is done using a RADIUS...

Страница 138: ...f you want the ZyXEL Device to support WPA and WPA2 simultaneously ReAuthentication Timer in seconds Specify how often wireless stations have to resend usernames and passwords in order to stay connect...

Страница 139: ...entication server The default port number is 1812 You need not change this value unless your network administrator instructs you to do so with additional information Shared Secret Enter a password up...

Страница 140: ...le type from the drop down list menu Choices are Long Short or Dynamic The default setting is Long See the appendix for more information 802 11 Mode Select 802 11b Only to allow only IEEE 802 11b comp...

Страница 141: ...up key in the ZyXEL Device you must change it on the wireless devices too Yes Select this if you want the ZyXEL Device to automatically generate a pre shared key for the wireless network Before you do...

Страница 142: ...less devices and the ZyXEL Device in any order After you click Start in the ZyXEL Device the following screen appears in the ZyXEL Device Figure 76 OTIST Settings You can use the key in this screen to...

Страница 143: ...ss device finds an OTIST enabled AP you must click Start in the ZyXEL Device s Network Wireless LAN OTIST screen or hold in the Reset button on the ZyXEL Device for one or two seconds to transfer the...

Страница 144: ...listed will be allowed to access the ZyXEL Device Select Allow to permit access to the ZyXEL Device MAC addresses not listed will be denied access to the ZyXEL Device Set This is the index number of t...

Страница 145: ...f an associated wireless station MAC Address This field displays the MAC address of a wireless station that is currently associated with the ZyXEL Device Association Time When a wireless station is ac...

Страница 146: ...you want to apply WMM QoS The table appears only if you select Application Priority in WMM QoS Policy This is the number of an individual application entry Name This field displays a description give...

Страница 147: ...g table describes the fields in this screen Modify Click the Edit icon to open the Application Priority Configuration screen Modify an existing application entry or create a application entry in the A...

Страница 148: ...default ports for e mail POP3 port 110 IMAP port 143 SMTP port 25 HTTP port 80 FTP File Transfer Protocol enables fast transfer of files including large files that it may not be possible to send via...

Страница 149: ...ou do not select the check box this link is down MAC Address Type the MAC address of the peer device in a valid MAC address format six hexadecimal character pairs 12 34 56 78 9a bc for example Securit...

Страница 150: ...cters including spaces and symbols are allowed Eight character reception key rx this must be the same as the next AP s transmission key All ASCII characters including spaces and symbols are allowed Th...

Страница 151: ...the same common key 0123456789123456 The transmission key 22222222 of AP 1 is exactly the same as the reception key 22222222 of AP 2 The transmission key 33333333 of AP 2 is exactly the same as the re...

Страница 152: ...PA Pre Shared Key for data transmission When you choose this the Pre Share Key you enter must have the following format Sixteen character common key common all APs in the WDS share the same common key...

Страница 153: ...A2 PSK LABEL DESCRIPTION Security Mode Choose WPA PSK from the drop down list box Pre Shared Key The Pre Shared key PSK is used to encrypt data All the wireless APs including the ZyXEL Device must use...

Страница 154: ...Chapter 9 Wireless LAN P 2602HWLNI User s Guide 154...

Страница 155: ...ess of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that inside outside refers to...

Страница 156: ...oming inquiries thus preventing intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 10 1 3 How NAT Works Each pac...

Страница 157: ...stance PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported the SUA Only option in today s routers Many to Many Overload In Many to Many Overload mode...

Страница 158: ...le 52 on page 158 Choose SUA Only if you have just one public WAN IP address for your ZyXEL Device Choose Full Feature if you have multiple public WAN IP addresses for your ZyXEL Device 10 3 NAT Gener...

Страница 159: ...you have just one public WAN IP address for your ZyXEL Device Full Feature Select this radio button if you have multiple public WAN IP addresses for your ZyXEL Device Max NAT Firewall Session Per Use...

Страница 160: ...iscards all packets received for ports that are not specified here or in the remote management setup 10 4 2 Port Forwarding Services and Port Numbers Use the Port Forwarding screen to forward incoming...

Страница 161: ...Default Server Setup Default Server In addition to the servers for specified services NAT supports a default server A default server receives packets from ports that are not specified in this screen...

Страница 162: ...54 Port Forwarding LABEL DESCRIPTION Table 55 Port Forwarding Rule Setup LABEL DESCRIPTION Active Click this check box to enable the rule Service Name Enter a name to identify this port forwarding rul...

Страница 163: ...rule number 9 In the set summary screen the new rule will be rule 7 not 9 Now if you delete rule 4 rules 5 to 7 will be pushed up by 1 rule so old rules 5 6 and 7 become new rules 4 5 and 6 To change...

Страница 164: ...ne to one NAT mapping type M 1 Many to One mode maps multiple local IP addresses to one global IP address This is equivalent to SUA i e PAT port address translation ZyXEL s Single User Account feature...

Страница 165: ...s of different services behind the NAT to be accessible to the outside world Local Start IP This is the starting local IP address ILA Local IP addresses are N A for Server port mapping Local End IP Th...

Страница 166: ...Chapter 10 Network Address Translation NAT Screens P 2602HWLNI User s Guide 166...

Страница 167: ...167 PART IV VoIP Voice 169 VoIP Trunking 211 Phone Usage 227...

Страница 168: ...168...

Страница 169: ...P is an application layer control signaling protocol that handles the setting up altering and tearing down of voice and multimedia sessions over the Internet SIP signaling is separate from the media f...

Страница 170: ...vice can act as both a SIP client and a SIP server 11 2 2 1 SIP User Agent A SIP user agent can make and receive VoIP telephone calls This means that SIP can be used for peer to peer communications ev...

Страница 171: ...at originally sent the request can send requests to the IP address that it received back from the redirect server Redirect servers do not initiate SIP requests In the following example you want to use...

Страница 172: ...dress to which the SIP requests and responses should be sent Registration is initiated by the User Agent Client UAC running in the VoIP gateway the ZyXEL Device The gateway must be configured with inf...

Страница 173: ...ge to acknowledge that B has answered the call 7 Now A and B exchange voice media talk 8 After talking A hangs up and sends a BYE request 9 B replies with an OK response confirming receipt of the BYE...

Страница 174: ...telephone call Proxy 1 sends a response indicating that it is trying to complete the request 2 Proxy 1 sends a SIP INVITE request to Proxy 2 Proxy 2 sends a response indicating that it is trying to co...

Страница 175: ...dio into digital signals based on the difference between each audio sample and a prediction based on previous samples The more similar the audio sample is to the prediction the less space needed to de...

Страница 176: ...d and wait for the message that says you are in the configuration menu 2 Press a number from 1201 1208 followed by the key to listen to the tone 3 You can continue to add listen to or delete tones or...

Страница 177: ...n the IP header The DS field contains a 2 bit unused field and a 6 bit DSCP field which can define up to 64 service levels The following figure illustrates the DS field DSCP is backward compatible wit...

Страница 178: ...can make up the SIP numbers However you should still activate a SIP account and configure its number and map it to a phone port so that the person you call knows what SIP number you are using and the...

Страница 179: ...n name of the SIP register server if your VoIP service provider gave you one Otherwise enter the same address you entered in the SIP Server Address field You can use up to 95 printable ASCII character...

Страница 180: ...ide 180 Figure 103 VoIP SIP Settings Advanced Each field is described in the following table Table 62 VoIP SIP Settings Advanced LABEL DESCRIPTION SIP Account This field displays the SIP account you s...

Страница 181: ...he Start Port and End Port fields To enter a range of ports enter the port number at the beginning of the range in the Start Port field enter the port number at the end of the range in the End Port fi...

Страница 182: ...subscribes to the service Before this time passes the ZyXEL Device automatically subscribes again Call Forward Call Forward Table Select which call forwarding table you want the ZyXEL Device to use fo...

Страница 183: ...gency you can make outgoing calls Table 63 SIP QoS LABEL DESCRIPTION SIP TOS Priority Setting Enter the priority for SIP voice transmissions The ZyXEL Device creates Type of Service priority tags with...

Страница 184: ...ndwidth that a call uses by not transmitting silent packets when you are not speaking 11 7 4 Comfort Noise Generation When using VAD the ZyXEL Device generates comfort noise when the other party is no...

Страница 185: ...e ISDN phone line see Section 11 23 1 on page 208 If you have MSNs from your ISDN service provider you can use the Analog Phone screen to have the phone s connected to the analog PHONE ports make and...

Страница 186: ...is phone port to use the analog PSTN phone line You need to enter the prefix number you configure in the VoIP PSTN Line screen when you want to make an analog call ISDN Line Select this to allow outgo...

Страница 187: ...lect more than one source for incoming calls there is no way to distinguish between them when you receive phone calls MSN Select the MSNs you want the phone s connected to this phone port to receive W...

Страница 188: ...es for speech that it receives from the peer device 1 is the quietest and 1 is the loudest Echo Cancellation G 168 Active Select this if you want to eliminate the echo caused by the sound of your voic...

Страница 189: ...vice ISDN Integrated Services Digital Network phone calls These calls are made and received using an ISDN line connected to the PSTN ISDN port on the ZyXEL Device Dialing Interval Select Enter the num...

Страница 190: ...figure the SIP account you want to use for outgoing calls with the MSN you selected SIP Account You must configure a SIP account in the VoIP SIP screen before you can make VoIP phone calls Select whic...

Страница 191: ...ou select this dial the phone number and then press the pound key The ZyXEL Device makes the call immediately instead of waiting You can still wait if you want Call Fallback Force to PSTN if SIP unreg...

Страница 192: ...ISDN port You must also configure your ISDN phone s to use these MSNs You can use the MSN to call an ISDN phone from another phone connected to the ZyXEL Device If an ISDN phone already has a MSN conf...

Страница 193: ...b number is four digits When the Enable Group Number is not selected the extension number is simply the sub number Extension Number This read only field displays the extension number which is a combin...

Страница 194: ...XEL Device to forward all incoming internal calls Busy Forward to Number Specify the extension number to which you want the ZyXEL Device to forward incoming internal calls if the phone port is busy If...

Страница 195: ...his section describes how to use supplementary phone services with the Europe Type Call Service Mode Commands for supplementary services are listed in the table below After pressing the flash key if y...

Страница 196: ...2 3 European Call Transfer Do the following to transfer an incoming call that you have answered to another phone 1 Press the flash key to put the caller on hold 2 When you hear the dial tone dial 98 f...

Страница 197: ...e dial 98 followed by the number to which you want to transfer the call 3 After you hear the ring signal or the second party answers it hang up the phone 11 14 3 4 USA Three Way Conference Use the fol...

Страница 198: ...a speed dial rule you can use a shortcut the speed dial number 01 for example on your phone s keypad to call the phone number Use this screen to add edit or remove speed dial numbers for outgoing cal...

Страница 199: ...o call when you dial the speed dial number Name Enter a name to identify the party you call when you dial the speed dial number You can use up to 127 printable ASCII characters Type Select Use Proxy i...

Страница 200: ...speed dial entry uses one of your SIP accounts Otherwise this field shows the IP address or domain name of the SIP server or other party This field corresponds with the Type field in the Speed Dial se...

Страница 201: ...wait for you to answer an incoming call before it considers the call is unanswered Advanced Setup The ZyXEL Device checks these rules before it checks the rules in the Forward to Number section This f...

Страница 202: ...ng call comes in the ZyXEL Device checks whether it is from any of the phone numbers you set up in this screen If the number matches an enabled entry the ZyXEL Device sends the corresponding ring to y...

Страница 203: ...this to listen to the ring All the phones connected to the ZyXEL Device ring when you click this button Ring Select Use this section to first assign rings to groups and then assign phone numbers to th...

Страница 204: ...ne number you entered You can select Family Workmate Friend or VIP You can also select distinctive rings based on whether a call comes from the registered SIP accounts the PSTN line or another phone c...

Страница 205: ...in the SIP Selection by Prefix section to update the SIP Prefix Phone Book section SIP Prefix Phone Book This section displays all SIP prefix numbers currently configured on the ZyXEL Device This is...

Страница 206: ...mergency you can make outgoing calls You can also use the PSTN Line screen to specify phone numbers that should always use the regular phone service without having to dial a prefix number Do this for...

Страница 207: ...he prefix number For example you should enter emergency numbers The number 1 9 is not a speed dial number It is just a sequential value that is not associated with any phone number Apply Click this to...

Страница 208: ...N 777 and Bob configures his phone to use the other 888 When someone calls 123456777 only Alice s phone rings and when someone calls 123456888 only Bob s phone rings When you use MSNs with ISDN device...

Страница 209: ...configure this prefix number see Section 11 22 on page 207 11 23 2 Receiving Analog Calls With Digital Phones The ZyXEL Device enables you to receive analog PSTN calls with a digital ISDN phone as fo...

Страница 210: ...ur ISDN phone to use the same number see your ISDN phone s documentation for details on how to do this When the ZyXEL Device receives a PSTN call your ISDN phone rings ISDN Item This is the MSN index...

Страница 211: ...s to PSTN subscribers at reduced cost Connect to the ZyXEL Device via VoIP and the ZyXEL Device forwards the call to a PSTN phone Creating a link over the IP network requires two VoIP devices VoIP tru...

Страница 212: ...device B via the IP address of B Figure 119 Peer Devices Connecting A peer to peer call doesn t require any authentication however authentication is required when you request the remote peer device to...

Страница 213: ...nt to configure and the rule you want to set up 12 4 VoIP Trunking Scenarios There are several different VoIP trunking scenarios 12 4 1 VoIP Phone To PSTN Phone A VoIP phone A makes a call to the ZyXE...

Страница 214: ...rwards the call to a PSTN phone D Figure 122 PSTN Phone To PSTN Phone via VoIP 12 5 Trunking General Screen Use this screen to enable VoIP trunking Click VoIP Trunking General VoIP Trunking requires t...

Страница 215: ...default Enter a value from 1 to 255 seconds When the auto attendant times out the phone directly connected to the ZyXEL Device rings Dialing Interval sec Enter the number of seconds the ZyXEL Device s...

Страница 216: ...with the remote peer device This is an index number of your outgoing authentication accounts Name Enter a descriptive name for the remote peer device of this account For example if the peer device is...

Страница 217: ...value unless the remote peer device does not follow the standard Incoming Authentication You can set up multiple accounts which are allowed to use your ZyXEL Device for VoIP trunking When peer devices...

Страница 218: ...call to a peer VoIP device For example if you want to use trunking to call phone numbers which start with the number 555 then enter 555 in this field Enter up to 32 numeric characters If the number yo...

Страница 219: ...head office has a public IP address a b c d and the branch office has a public IP address w x y z Figure 126 VoIP to PSTN Example The proposed solution is to establish a peer to peer call between the...

Страница 220: ...XEL Device The name of this rule is CityB referring to the branch office ZyXEL Device In this example the username is headquarters and the password is password This can be configured in the VoIP Trunk...

Страница 221: ...mple shows how to configure a PSTN to PSTN call with a VoIP link It also shows how call rules can be used to automate VoIP trunking Table 85 VoIP Trunking Call Progression HEADQUARTERS BRANCH OFFICE S...

Страница 222: ...ution is to configure a call rule which will allow the sales manager to call into the headquarters via PSTN establish a VoIP link between the two ZyXEL Devices and have the remote peer device forward...

Страница 223: ...ample the username is headquarters and the password is password This can be configured in the VoIP Trunking Peer Call screen Figure 132 PSTN to PSTN Example Outgoing Authentication 3 A call rule needs...

Страница 224: ...must match the username and password of the outgoing authentication account of the headquarters ZyXEL Device This can be configured in the VoIP Trunking Peer Call screen Figure 134 PSTN to PSTN Exampl...

Страница 225: ...er dials the PIN 12345 The ZyXEL Device confirms the password and allows for VoIP trunking The ZyXEL Device inspects the phone number against call rules Since the number starts with the pattern 5555 i...

Страница 226: ...Chapter 12 VoIP Trunking P 2602HWLNI User s Guide 226...

Страница 227: ...uring the speed dial entry and adding it to the phonebook press the speed dial entry s key combination on your phone s keypad 13 3 Internal Calls When you have more than one phone connected to the ZyX...

Страница 228: ...on hold 2 When you hear the dial tone dial 98 followed by the number to which you want to transfer the call 3 After you hear the ring signal or the second party answers it hang up the phone 13 3 3 Cal...

Страница 229: ...owed by the extension number of the ringing phone to receive the call 2 If the ringing phone belongs to the same group of your phone press 97 to receive the call 13 4 Checking the Device s IP Address...

Страница 230: ...Chapter 13 Phone Usage P 2602HWLNI User s Guide 230...

Страница 231: ...231 PART V Security Firewalls 233 Firewall Configuration 245 Content Filtering 265 Introduction to IPSec 269 VPN Screens 275 Certificates 301...

Страница 232: ...232...

Страница 233: ...only mechanism or method employed For a firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In ad...

Страница 234: ...assure the integrity of the connection and to adapt to dynamic protocols These firewalls generally provide the best speed and transparency however they may lack the granular application level access c...

Страница 235: ...cific functions An extension number called the TCP port or UDP port identifies these protocols such as HTTP Web FTP File Transfer Protocol POP3 E mail etc For example Web traffic by default uses TCP p...

Страница 236: ...series of IP fragments with overlapping offset fields When these fragments are reassembled at the destination some systems will crash hang or reboot 6 Weaknesses in the TCP IP specification leave it o...

Страница 237: ...r floods a router with Internet Control Message Protocol ICMP echo request packets pings Since the destination IP address of each packet is the broadcast address of the network the router will broadca...

Страница 238: ...king a router or firewall into thinking that the communications are coming from within the trusted network To engage in IP spoofing a hacker must modify the packet headers so that it appears that the...

Страница 239: ...P packet leaves the LAN network through the firewall s WAN interface The TCP packet is the first in a session and the packet s application layer protocol is configured for a firewall rule inspection 1...

Страница 240: ...w certain types of traffic from the Internet to specific hosts on the LAN Allow access to a Web server to everyone but competitors Restrict use of certain protocols such as Telnet to authorized users...

Страница 241: ...ve Specifically only outgoing echoes will allow incoming echo replies outgoing address mask requests will allow incoming address mask replies and outgoing timestamp requests will allow incoming timest...

Страница 242: ...e they provide more opportunities for hackers to crack your system Turn your computer off when not in use Never give out a password or any sensitive information to an unsolicited telephone call or e m...

Страница 243: ...Filters can not distinguish traffic originating from an inside host or an outside host by IP address To block allow IP trace route 14 7 2 Firewall The firewall inspects packet contents as well as the...

Страница 244: ...ish traffic originating from an inside host or an outside host by IP address The firewall performs better than filtering if you need to check many rules Use the firewall if you need routine e mail rep...

Страница 245: ...on the direction of travel of packets to which they apply The LAN includes both the LAN port and the WLAN By default the ZyXEL Device s stateful packet inspection allows packets traveling in the foll...

Страница 246: ...address Destination IP address and IP protocol type of network traffic to rules set by the administrator Your customized rules take precedence and override the ZyXEL Device s default rules 15 3 Rule L...

Страница 247: ...Reject means the firewall discards packets and sends an ICMP destination unreachable message to the sender 15 3 3 2 Service Select the service from the Service scrolling list box If the service is no...

Страница 248: ...will need to create custom rules to allow it 15 4 2 Alerts Alerts are reports on events such as attacks that you may want to know about right away You can choose to generate an alert when a rule is ma...

Страница 249: ...ter LAN to WAN WAN to WAN Router WAN to LAN Firewall rules are grouped based on the direction of travel of packets to which they apply For example LAN to LAN Router means packets traveling from a comp...

Страница 250: ...e general firewall action settings in the General screen This is your firewall rule number The ordering of your rules is important as rules are applied in turn Active This field displays whether a fir...

Страница 251: ...an existing firewall rule A window displays asking you to confirm that you want to delete the firewall rule Note that subsequent firewall rules move up by one when you take this action Order Click th...

Страница 252: ...this screen Table 93 Firewall Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule Action for Matched Packet Use the drop down list box to select whether to discard Drop...

Страница 253: ...ion on services available Highlight a service from the Available Services box on the left then click Add to add it to the Selected Services box on the right To remove a service highlight it in the Sel...

Страница 254: ...escribes the labels in this screen 15 6 3 Configuring a Customized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one This actio...

Страница 255: ...mized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port Service Type Choose the IP port TCP UDP or TCP UDP that defines your customized port from the drop down list box P...

Страница 256: ...becomes rule 8 4 Click Add to display the firewall rule configuration screen 5 In the Edit Rule screen click the Edit Customized Services link to open the Customized Service screen 6 Click an index n...

Страница 257: ...ample Edit Rule Destination Address 9 Use the Add and Remove buttons between Available Services and Selected Services list boxes to configure it as follows Click Apply when you are done Custom service...

Страница 258: ...ewall Example Edit Rule Select Customized Services On completing the configuration procedure for this Internet firewall rule the Rules screen should look like the following Rule 1 allows a MyService c...

Страница 259: ...une these parameters when something is not working and after you have checked the firewall counters These default values should work fine for most small offices Factors influencing choices for thresho...

Страница 260: ...The ZyXEL Device continues to delete half open sessions as necessary until the rate of new connection attempts drops below another threshold one minute low The rate is the number of new attempts dete...

Страница 261: ...leting half open sessions When the rate of new connection attempts rises above this number the ZyXEL Device deletes half open sessions as required to accommodate new connection attempts 100 half open...

Страница 262: ...e This is the number of existing half open TCP sessions with the same destination host IP address that causes the firewall to start dropping half open sessions to that same destination host IP address...

Страница 263: ...nding on off rst113 Turns TCP reset sending for port 113 on off display Displays the TCP reset sending settings icmp This rule is not in use dos smtp Enables disables the SMTP DoS defender display Dis...

Страница 264: ...Chapter 15 Firewall Configuration P 2602HWLNI User s Guide 264...

Страница 265: ...e performs content filtering You can also specify trusted IP addresses on the LAN for which the ZyXEL Device will not perform content filtering 16 2 Configuring Keyword Blocking Use this screen to blo...

Страница 266: ...the list of all the keywords that you have configured the ZyXEL Device to block Delete Highlight a keyword in the box and click Delete to remove it Clear All Click Clear All to remove all of the keywo...

Страница 267: ...the content filtering to be active on the selected day Start TIme Enter the time when you want the content filtering to take effect in hour minute format End Time Enter the time when you want the cont...

Страница 268: ...Chapter 16 Content Filtering P 2602HWLNI User s Guide 268...

Страница 269: ...ommunications across a public network like the Internet IPSec is built around a number of standardized cryptographic techniques to provide confidentiality data integrity and authentication at the IP l...

Страница 270: ...e following VPN applications Linking Two or More Private Networks Together Connect branch offices and business partners over the Internet with significant cost savings and improved performance when co...

Страница 271: ...Algorithm describes the use of encryption techniques such as DES Data Encryption Standard and Triple DES algorithms The Authentication Algorithms HMAC MD5 RFC 2403 and HMAC SHA 1 RFC 2404 provide an...

Страница 272: ...Tunnel Mode Tunnel mode encapsulates the entire IP packet to transmit it securely A Tunnel mode is required for gateway services to provide access to internal systems Tunnel mode is fundamentally an...

Страница 273: ...ding headers in a new IP packet The new IP packet s source address is the outbound address of the sending VPN gateway and its destination address is the inbound address of the VPN device at the receiv...

Страница 274: ...Chapter 17 Introduction to IPSec P 2602HWLNI User s Guide 274...

Страница 275: ...uthentication sequence integrity replay resistance and non repudiation but not for confidentiality for which the ESP was designed In applications where confidentiality is not required or not sanctione...

Страница 276: ...ing a private secret key DES applies a 56 bit key to each 64 bit block of data MD5 default MD5 Message Digest 5 produces a 128 bit digest to authenticate packet data 3DES Triple DES 3DES is a variant...

Страница 277: ...Secure Gateway Address If the remote secure gateway has a dynamic WAN IP address and does not use DDNS enter 0 0 0 0 as the secure gateway s address In this case only the remote secure gateway can in...

Страница 278: ...lays the identification name for this VPN policy Local Address This is the IP address es of computer s on your local network behind your ZyXEL Device The same static IP address is displayed twice when...

Страница 279: ...ta has been maliciously altered Remote Address This is the IP address es of computer s on the remote network behind the remote IPSec router This field displays N A when the Secure Gateway Address fiel...

Страница 280: ...For NAT traversal to work you must Use ESP security protocol in either transport or tunnel mode Use IKE keying mode Enable NAT traversal on both IPSec endpoints Set the NAT router to forward UDP port...

Страница 281: ...emote IPSec routers that have dynamic WAN IP addresses Telecommuters can use separate passwords to simultaneously connect to the ZyXEL Device from IPSec routers with dynamic IP addresses seeSection 18...

Страница 282: ...6 Peer ID Type and Content Fields PEER ID TYPE CONTENT IP Type the IP address of the computer with which you will make the VPN connection or leave the field blank to have the ZyXEL Device automaticall...

Страница 283: ...IKE negotiation seeSection 18 12 on page 288for more on IKE phases It is called pre shared because you have to share it with another party before you can communicate with them over a secure connectio...

Страница 284: ...the SA after the SA lifetime times out even if there is no traffic The remote IPSec router must also have keep alive enabled in order for this feature to work NAT Traversal This function is available...

Страница 285: ...ddress on the LAN behind your ZyXEL Device When the Local Address Type field is configured to Range enter the beginning static IP address in a range of computers on your LAN behind your ZyXEL Device W...

Страница 286: ...is for identification purposes only and can be any string My IP Address Enter the WAN IP address of your ZyXEL Device The VPN tunnel has to be rebuilt if this IP address changes The following applies...

Страница 287: ...self Both ends of the VPN tunnel must use the same pre shared key You will receive a PYLD_MALFORMED payload malformed packet if the same pre shared key is not used on both ends Certificate Click the b...

Страница 288: ...field allows you to determine how long an IKE SA should stay up before it times out An IKE SA times out when the IKE SA lifetime period expires If an IKE SA times out when an IPSec SA is already estab...

Страница 289: ...n remote access situations where the address of the initiator is not know by the responder and both parties want to use pre shared key authentication 18 12 2 Diffie Hellman DH Key Groups Diffie Hellma...

Страница 290: ...rt Type a port number from 0 to 65535 Some of the most common IP ports are 21 FTP 53 DNS 23 Telnet 80 HTTP 25 SMTP 110 POP3 End Enter a port number in this field to define a port range This port numbe...

Страница 291: ...Select MD5 for minimal security and SHA 1 for maximum security SA Life Time Seconds Define the length of time before an IPSec SA automatically renegotiates in this field It may range from 60 to 3 000...

Страница 292: ...screen as shown next SA Life Time Seconds Define the length of time before an IKE SA automatically renegotiates in this field It may range from 60 to 3 000 000 seconds almost 35 days A short SA Life...

Страница 293: ...pe up to 32 characters to identify this VPN policy You may use any character including spaces but the ZyXEL Device drops trailing spaces IPSec Key Mode Select IKE or Manual from the drop down list box...

Страница 294: ...Address Type field is configured to Range enter the end static IP address in a range of computers on the LAN behind your ZyXEL Device When the Local Address Type field is configured to Subnet this is...

Страница 295: ...and Authentication Algorithm fields described next Encryption Algorithm Select DES 3DES or NULL from the drop down list box When DES is used for data communications both sender and receiver must know...

Страница 296: ...Figure 165 VPN SA Monitor The following table describes the fields in this screen Table 112 VPN SA Monitor LABEL DESCRIPTION No This is the security association index number Name This field displays t...

Страница 297: ...igure to use one VPN rule to simultaneously access a ZyXEL Device at headquarters HQ in the figure The telecommuters do not have domain names mapped to the WAN IP addresses of their IPSec routers The...

Страница 298: ...mmuters IPSec routers should not overlap See the following table and figure for an example where three telecommuters each use a different VPN rule for a VPN connection with a ZyXEL Device located at h...

Страница 299: ...EL Device Rule 1 Local ID Type IP Peer ID Type IP Local ID Content 192 168 2 12 Peer ID Content 192 168 2 12 Local IP Address 192 168 2 12 Secure Gateway Address telecommuter1 com Remote Address 192 1...

Страница 300: ...18 VPN Screens P 2602HWLNI User s Guide 300 18 19 VPN and Remote Management If a VPN tunnel uses Telnet FTP WWW then you should configure remote management Remote Management to allow access for that...

Страница 301: ...be kept secure Public key encryption in general works as follows 1 Tim wants to send a private message to Jenny Tim generates a public key pair What is encrypted with one key can only be decrypted us...

Страница 302: ...o matter how many devices you need to authenticate Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys 19 2 Self signed C...

Страница 303: ...use this button to replace the factory default certificate with one that uses your ZyXEL Device s MAC address This field displays the certificate index number The certificates are listed in alphabeti...

Страница 304: ...information about the certificate Click the delete icon to remove the certificate A window displays asking you to confirm that you want to delete the certificate You cannot delete a certificate that...

Страница 305: ...ertificate into a printable form Binary PKCS 7 This is a standard that defines the general syntax for data including digital signatures that may be encrypted The ZyXEL Device currently allows the impo...

Страница 306: ...te Name Type up to 31 ASCII characters not including spaces to identify this certificate Subject Information Use these fields to record information that identifies the owner of the certificate You do...

Страница 307: ...cation request and enroll for a certificate immediately online to have the ZyXEL Device generate a request for a certificate and apply to a certification authority for a certificate You must have the...

Страница 308: ...rtificate Create screen Make sure that the certification authority information is correct and that your Internet connection is working properly if you want the ZyXEL Device to enroll a certificate onl...

Страница 309: ...Chapter 19 Certificates P 2602HWLNI User s Guide 309 Figure 173 My Certificate Details...

Страница 310: ...the certificate Type This field displays general information about the certificate CA signed means that a Certification Authority signed the certificate Self signed means that the certificate s owner...

Страница 311: ...evice calculated using the MD5 algorithm SHA1 Fingerprint This is the certificate s message digest that the ZyXEL Device calculated using the SHA1 algorithm Certificate in PEM Base 64 Encoded Format T...

Страница 312: ...bject information Issuer This field displays identifying information about the certificate s issuing certification authority such as a common name organizational unit or department organization or com...

Страница 313: ...te icon to remove the certificate A window displays asking you to confirm that you want to delete the certificates Note that subsequent certificates move up by one when you take this action Import Cli...

Страница 314: ...o open the Trusted CA Details screen Use this screen to view in depth information about the certification authority s certificate change the certificate s name and set whether or not you want the ZyXE...

Страница 315: ...ation Authority signed the certificate Self signed means that the certificate s owner signed the certificate not a certification authority X 509 means that this certificate was created and signed acco...

Страница 316: ...le This field also displays the domain names or IP addresses of the servers MD5 Fingerprint This is the certificate s message digest that the ZyXEL Device calculated using the MD5 algorithm You can us...

Страница 317: ...tion about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certificate have unique subject infor...

Страница 318: ...ssage digests calculated using the MD5 or SHA1 algorithms The following procedure describes how to use a certificate s fingerprint to verify that you have the remote host s actual certificate 1 Browse...

Страница 319: ...table describes the labels in this screen 19 14 Trusted Remote Host Certificate Details Click Security Certificates Trusted Remote Hosts to open the Trusted Remote Hosts screen Click the details icon...

Страница 320: ...Chapter 19 Certificates P 2602HWLNI User s Guide 320 Figure 181 Trusted Remote Host Details...

Страница 321: ...rmation that identifies the owner of the certificate such as Common Name CN Organizational Unit OU Organization O and Country C Issuer This field displays identifying information about the default sel...

Страница 322: ...Fingerprint This is the certificate s message digest that the ZyXEL Device calculated using the SHA1 algorithm You cannot use this value to verify that this is the remote host s actual certificate bec...

Страница 323: ...xpired or unnecessary certificates before adding more certificates The index number of the directory server The servers are listed in alphabetical order Name This field displays the name used to ident...

Страница 324: ...n dotted decimal notation or the domain name of the directory server Server Port This field displays the default server port number of the protocol that you select in the Access Protocol field You may...

Страница 325: ...325 PART VI Advanced Static Route 327 Bandwidth Management 331 Dynamic DNS Setup 339 Remote Management Configuration 343 Universal Plug and Play UPnP 361...

Страница 326: ...326...

Страница 327: ...ance the ZyXEL Device knows about network N2 in the following figure through remote node Router 1 However the ZyXEL Device is unable to route a packet to network N3 because it doesn t know that there...

Страница 328: ...meter specifies the IP network address of the final destination Routing is always based on network number Netmask This parameter specifies the IP network subnet mask of the final destination Gateway T...

Страница 329: ...Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to...

Страница 330: ...Chapter 20 Static Route P 2602HWLNI User s Guide 330...

Страница 331: ...urce Traffic redirect or IP alias may cause LAN to LAN traffic to pass through the ZyXEL Device and be managed by bandwidth management 21 2 Application based Bandwidth Management You can create bandwi...

Страница 332: ...vice sends traffic with smaller packets before traffic with larger packets if the network is congested ATC assigns priority to packets as shown in the following table 21 4 Subnet based Bandwidth Manag...

Страница 333: ...anced Bandwidth MGMT to open the screen as shown next Use this screen to enable or disable bandwidth management and to enable or disable automatic traffic classification Figure 188 Bandwidth Managemen...

Страница 334: ...sensitive applications such as VoIP tend to have smaller packet sizes than non time sensitive applications such as FTP When ATC is enabled traffic with a smaller packet size is assigned a higher prior...

Страница 335: ...a bandwidth filter make sure that the interface s root class has more bandwidth than the sum of the bandwidths of the interface s bandwidth management rules Add Click this button to save your rule It...

Страница 336: ...nd over TCP IP networks A system running the FTP server accepts commands from a system running an FTP client The service allows users to send commands to the server for uploading and downloading files...

Страница 337: ...represents the percentage of bandwidth in use Figure 191 Bandwidth Management Monitor Source Port Enter the port number of the source See Appendix E on page 475 for some common services and port numb...

Страница 338: ...Chapter 21 Bandwidth Management P 2602HWLNI User s Guide 338...

Страница 339: ...ow your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a...

Страница 340: ...Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma User Name Type your user name Password Type the...

Страница 341: ...dress of the NAT router that has a public IP address Note The DDNS server may not be able to detect the proper IP address if there is an HTTP proxy server between the ZyXEL Device and the DDNS server...

Страница 342: ...Chapter 22 Dynamic DNS Setup P 2602HWLNI User s Guide 342...

Страница 343: ...h computers The following figure shows secure and insecure management of the ZyXEL Device coming in from the WAN HTTPS and SSH access are secure HTTP and Telnet access are not secure Figure 193 Secure...

Страница 344: ...mote management screen You have disabled that service in one of the remote management screens The IP address in the Secured Client IP field does not match the client IP address If it does not match th...

Страница 345: ...e SSL server the ZyXEL Device must always authenticate itself to the SSL client the computer which requests the HTTPS connection with the ZyXEL Device whereas the SSL client only should authenticate i...

Страница 346: ...w the computer with the IP address that you specify to access the ZyXEL Device using this service HTTPS Server Host Key Select the certificate that the ZyXEL Device will use to identify itself The ZyX...

Страница 347: ...access is allowed You can allow only secure web configurator access by setting the HTTP Access Status field to Disable and setting the HTTPS Access Status field to an interface s Secure Client IP A se...

Страница 348: ...ON Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Access Status Select the interface s...

Страница 349: ...y available if TCP IP is configured Table 140 Remote Management FTP LABEL DESCRIPTION Port You may change the server port number for a service if needed however you must use the same port number in or...

Страница 350: ...formation Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple request response protocol based...

Страница 351: ...er on 1 warmStart defined in RFC 1215 A trap is sent after booting software reboot 4 authenticationFailure defined in RFC 1215 A trap is sent to the manager when receiving any SNMP get or set requirem...

Страница 352: ...ice using this service Secured Client IP A secured client is a trusted computer that is allowed to communicate with the ZyXEL Device using this service Select All to allow any computer to access the Z...

Страница 353: ...upported ports are probed If you want your device to respond to pings and requests for unauthorized services you may also need to configure the firewall anti probing settings to match Table 143 Remote...

Страница 354: ...ot respond to any incoming Ping requests when Disable is selected Select LAN to reply to incoming LAN Ping requests Select WAN to reply to incoming WAN Ping requests Otherwise select LAN WAN to reply...

Страница 355: ...host key and server key and sends the result back to the server The client automatically saves any new server public keys In subsequent connections the server public key is checked against the saved...

Страница 356: ...onfiguring SSH Click ADVANCED REMOTE MGMT SSH to change your ZyXEL Device s Secure Shell settings It is recommended that you disable Telnet and FTP when you configure SSH for secure connections Figure...

Страница 357: ...s to continue Figure 206 SSH Example 1 Store Host Key Enter the password to log in to the ZyXEL Device The SMT main menu displays next 23 14 2 Example 2 Linux This section describes how to access the...

Страница 358: ...on file transfer using the OpenSSH client program The configuration and connection steps are similar for other SSH client programs Refer to your SSH client program user s guide 1 Enter sftp 1 192 168...

Страница 359: ...192 168 1 1 can t be established RSA1 key fingerprint is 21 6c 07 25 7e f4 75 80 ec af bd d4 3d 80 53 d1 Are you sure you want to continue connecting yes no yes Warning Permanently added 192 168 1 1 R...

Страница 360: ...Chapter 23 Remote Management Configuration P 2602HWLNI User s Guide 360...

Страница 361: ...work will appear as a separate icon Selecting the icon of a UPnP device will allow you to access the information and properties of that device 24 1 2 NAT Traversal UPnP NAT traversal automates the pro...

Страница 362: ...4 1 on page 361 for more information Figure 210 Configuring UPnP The following table describes the fields in this screen Table 146 Configuring UPnP LABEL DESCRIPTION Active the Universal Plug and Play...

Страница 363: ...onents selection box Click Details Figure 211 Add Remove Programs Windows Setup Communication 3 In the Communications window select the Universal Plug and Play check box in the Components selection bo...

Страница 364: ...prompted Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click Start and Control Panel 2 Double click Network Connections 3 In the Network Connections window...

Страница 365: ...5 Figure 214 Windows Optional Networking Components Wizard 5 In the Networking Services window select the Universal Plug and Play check box Figure 215 Networking Services 6 Click OK to go back to the...

Страница 366: ...Make sure the computer is connected to a LAN port of the ZyXEL Device Turn on your computer and the ZyXEL Device Auto discover Your UPnP enabled Network Device 1 Click Start and Control Panel Double...

Страница 367: ...Chapter 24 Universal Plug and Play UPnP P 2602HWLNI User s Guide 367 Figure 217 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings...

Страница 368: ...s Advanced Settings Figure 219 Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 6...

Страница 369: ...us Web Configurator Easy Access With UPnP you can access the web based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first This comes helpful if you do not kn...

Страница 370: ...NI User s Guide 370 Figure 222 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your ZyXEL Device and select I...

Страница 371: ...371 Figure 223 Network Connections My Network Places 6 Right click on the icon for your ZyXEL Device and select Properties A properties window displays with basic information about the ZyXEL Device Fi...

Страница 372: ...Chapter 24 Universal Plug and Play UPnP P 2602HWLNI User s Guide 372...

Страница 373: ...373 PART VII Maintenance and Troubleshooting System 375 Call History 381 Logs 387 Troubleshooting 401 Tools 407 Diagnostic 419 Product Specifications 423...

Страница 374: ...374...

Страница 375: ...click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it as the Syste...

Страница 376: ...how many minutes a management session either via the web configurator or telnet can be left idle before the session times out The default is 5 minutes After it times out you have to log in with your p...

Страница 377: ...stem Time Setting The following table describes the fields in this screen Table 148 System Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your ZyXEL...

Страница 378: ...C 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 The default NTP RFC 1305 is similar to Time RFC 868 Time Server Address Enter the IP address or URL up...

Страница 379: ...irst Sunday November and 2 00 Daylight Saving Time ends in the European Union on the last Sunday of October All of the time zones in the European Union stop using Daylight Saving Time at the same mome...

Страница 380: ...Chapter 25 System P 2602HWLNI User s Guide 380...

Страница 381: ...ail or to a mail server This feature allows you to trace all of your PSTN and VoIP call records and see details of how many calls you missed dialed and received You can also see call timers showing ho...

Страница 382: ...lick Maintenance Call History Call History The following screen displays Table 149 Call History Summary LABEL DESCRIPTION Type of Summary This field displays the time period for which the entry applie...

Страница 383: ...E mail Call History Settings fields in the Call History Settings screen Refresh Click Refresh to renew the screen Clear Call History Click Clear Call History to delete all call history records Next p...

Страница 384: ...ttings screen to configure where the ZyXEL Device is to send call history records and the schedule for saving and sending the records To change your ZyXEL Device s call history settings click Maintena...

Страница 385: ...n Log is Full Hourly Daily Weekly None If you select Weekly or Daily specify a time of day when the e mail should be sent If you select Weekly then also specify which day of the week the e mail should...

Страница 386: ...2602HWLNI User s Guide 386 Apply Click Apply to save your customized settings and exit this screen Cancel Click Cancel to return to the previously saved settings Table 151 Call History Call History S...

Страница 387: ...on They include system errors attacks access control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You may differentiate them by their...

Страница 388: ...The categories that you select in the Log Settings screen display in the drop down list box Select a category of logs to view select All Logs to view logs from all of the log categories that you selec...

Страница 389: ...erver for the e mail addresses specified below If this field is left blank logs and alert messages will not be sent via E mail Mail Subject Type a title that you want to be in the subject line of the...

Страница 390: ...ify a time of day when the E mail should be sent If you select Weekly then also specify which day of the week the E mail should be sent If you select When Log is Full an alert is sent when the log fil...

Страница 391: ...6 means RCPT TO fail 7 means DATA fail 8 means mail data send fail Subject Firewall Alert From Date Fri 07 Apr 2000 10 05 42 From user zyxel com To user zyxel com 1 Apr 7 00 From 192 168 1 1 To 192 1...

Страница 392: ...the router via ftp NAT Session Table is Full The maximum number of NAT session table entries has been exceeded and the table is full Starting Connectivity Monitor Starting Connectivity Monitor Time in...

Страница 393: ...he firewall allowed a triangle route session to pass through Packet without a NAT table entry blocked TCP UDP IGMP ESP GRE OSPF The router blocked a packet that didn t have a corresponding NAT table e...

Страница 394: ...et Direction type d code d ICMP access matched the default policy and was blocked or forwarded according to the user s setting Firewall rule NOT match ICMP Packet Direction rule d type d code d ICMP a...

Страница 395: ...ion s Internet Protocol Control Protocol stage is opening ppp LCP Closing The PPP connection s Link Control Protocol stage is closing ppp IPCP Closing The PPP connection s Internet Protocol Control Pr...

Страница 396: ...vulnerability ICMP type d code d The firewall detected an ICMP vulnerability attack traceroute ICMP type d code d The firewall detected an ICMP traceroute attack Table 166 802 1X Logs LOG MESSAGE DES...

Страница 397: ...er to authenticate user There is no authentication server to authenticate a user Local User Database does not find user s credential A user was not authenticated by the local user database because the...

Страница 398: ...DESCRIPTION Facility 8 Severity Mon dd hr mm ss hostname src srcIP srcPort dst dstIP dstPort msg msg note note devID mac address last three numbers cat category This message is sent by the system RAS...

Страница 399: ...hone port to initiate a VoIP call to the listed destination VoIP Call Established Ph Phone Port Outgoing Call Number Someone used a phone connected to the listed phone port to make a VoIP call to the...

Страница 400: ...efer to RFC 2408 for detailed information on each type Table 175 RFC 2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE SA Security Association PROP Proposal TRANS Transform KE Key Exchange ID Identif...

Страница 401: ...are using the power adaptor or cord included with the ZyXEL Device 3 Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source Make sure the p...

Страница 402: ...creen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address Section 8 3 1 on page 118 use the new IP address If y...

Страница 403: ...ice 1 Make sure you have entered the user name and password correctly The default password is 1234 These fields are case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web confi...

Страница 404: ...ure the LEDs are behaving as expected See the Quick Start Guide and Section 1 5 on page 46 2 Turn the ZyXEL Device off and on 3 If the problem continues contact your ISP V The Internet connection is s...

Страница 405: ...with the SIP server contact your VoIP service provider V I cannot call from one of the ZyXEL Device s phone ports to the other phone port If you are using extension numbers to call from one phone to...

Страница 406: ...Chapter 28 Troubleshooting P 2602HWLNI User s Guide 406...

Страница 407: ...ernately upload the factory default configuration file if you want to return the device to the original default settings The firmware determines the device s available features and functionality You c...

Страница 408: ...L Device that is on your computer local network or FTP site and so the name but not the extension may vary After uploading new firmware see the Status screen to confirm that you have uploaded the corr...

Страница 409: ...d is in progress Figure 233 Firmware Upgrade The following table describes the labels in this screen After you see the Firmware Upload in Progress screen wait two minutes before logging into the ZyXEL...

Страница 410: ...og in again and check your new firmware version in the Status screen If the upload was not successful the following screen will appear Click Return to go back to the Firmware screen Figure 236 Error M...

Страница 411: ...uration to your computer 29 5 2 Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device 1 Do not turn off...

Страница 412: ...P address of your computer to be in the same subnet as that of the default device IP address 192 168 1 1 See Appendix A on page 435 for details on how to set up your computer s IP address If the uploa...

Страница 413: ...evice s configuration Figure 243 Restart Screen 29 7 Using FTP or TFTP to Back Up Configuration This section covers how to use FTP or TFTP to save your device s configuration file to your computer 29...

Страница 414: ...mended To use TFTP your computer must have both telnet and TFTP clients To backup the configuration file follow the procedure shown next 331 Enter PASS command Password 230 Logged in ftp bin 200 Type...

Страница 415: ...ary transfer mode 29 7 5 TFTP Command Configuration Backup Example The following is an example TFTP command tftp i host get rom 0 config rom where i specifies binary image transfer mode use this mode...

Страница 416: ...iguration process is complete the device automatically restarts 29 8 1 Restore Using FTP Session Example Figure 245 Restore Using FTP Session Example Refer to Section 29 3 on page 408 to read about co...

Страница 417: ...9 9 2 FTP Session Example of Firmware File Upload Figure 246 FTP Session Example of Firmware File Upload More commands found in GUI based FTP clients are listed earlier in this chapter Refer to Sectio...

Страница 418: ...and the device in CI mode before and during the TFTP transfer For details on TFTP commands see following example please consult the documentation of your TFTP client program For UNIX use get to transf...

Страница 419: ...e screen shown next Figure 247 Diagnostic General The following table describes the fields in this screen 30 2 DSL Line Diagnostic Click Maintenance Diagnostic DSL Line to open the screen shown next T...

Страница 420: ...cards is the number of ATM cells sent that were rejected inF4Pkts is the number of ATM Operations Administration and Management OAM F4 cells that have been received See ITU recommendation I 610 for mo...

Страница 421: ...ine the quality of the connection whether a given sub carrier loop has sufficient margins to support certain ADSL transmission rates and possibly to determine whether particular specific types of inte...

Страница 422: ...Chapter 30 Diagnostic P 2602HWLNI User s Guide 422...

Страница 423: ...hernet ports PHONE Ports 2 RJ 11 FXS POTS ports ISDN PHONE Port 1 RJ 45 FXS ISDN port PSTN ISDN Port 1 RJ 45 FXO PSTN or ISDN port RESET Button Restores factory defaults Antenna One attached external...

Страница 424: ...rs The ZyXEL Device supports versions 1 and 2 of IGMP Internet Group Management Protocol used to join multicast groups see RFC 2236 Time and Date Get the current time and date from an external server...

Страница 425: ...Sec connections Universal Plug and Play UPnP Your device and other UPnP enabled devices can use the standard TCP IP protocol to dynamically join a network obtain an IP address and convey their capabil...

Страница 426: ...ging for unsupported network layer protocols RIP I RIP II ICMP ATM QoS SNMP v1 and v2c with MIB II support RFC 1213 IP Multicasting IGMP v1 and v2 IGMP Proxy Management Embedded Web Configurator CLI C...

Страница 427: ...u to set the ZyXEL Device to automatically use the PSTN ISDN connection for outgoing calls if the SIP account is not working or to use the SIP account for outgoing calls if the PSTN ISDN port is unplu...

Страница 428: ...onnected to the ZyXEL Device an extension number and place a internal call to a specific phone HTTP Pincode When new firmware is available for your ZyXEL Device you hear a recorded message when you pi...

Страница 429: ...prioritized over the network MSNs You can use MSNs Multiple Subscriber Numbers to identify individual ISDN phone connected to the ZyXEL Device for internal calls Configure MSNs in the ZyXEL Device all...

Страница 430: ...defines stronger encryption authentication and key management than WPA WDS Use the WDS Wireless Distribution System to secure the link between the ZyXEL Device and other APs on your network At the tim...

Страница 431: ...W 180100 MU18 2180100 A1 Input Power AC 100 240Volts 50 60Hz 0 5A AC 100 240Volts 50 60Hz 0 6A Output Power DC 18Volts 1A DC 18Volts 1A Power Consumption 12 Watt max 12 Watt max Safety Standards UL C...

Страница 432: ...Chapter 31 Product Specifications P 2602HWLNI User s Guide 432...

Страница 433: ...es and Index Setting up Your Computer s IP Address 435 Pop up Windows JavaScripts and Java Permissions 447 IP Addresses and Subnetting 453 Wireless LANs 461 Services 475 Legal Information 479 Customer...

Страница 434: ...434...

Страница 435: ...third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are...

Страница 436: ...en click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In the Network window click Add 2 Select Protocol and then click Add 3 Select Microsoft...

Страница 437: ...elect Obtain an IP address automatically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields Figure 250 Windows 95 98 Me T...

Страница 438: ...o save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your ZyXEL Device and restart your computer when prompted Verifying Set...

Страница 439: ...HWLNI User s Guide 439 Figure 252 Windows XP Start Menu 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up Connections Figure 253 Windows XP Control Panel 3 Right...

Страница 440: ...tab in Win XP and click Properties Figure 255 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP...

Страница 441: ...ure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a defau...

Страница 442: ...lick OK to close the Local Area Connection Properties window 10 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Comma...

Страница 443: ...ess P 2602HWLNI User s Guide 443 Figure 258 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 259 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings sele...

Страница 444: ...k Save if prompted to save changes to your configuration 7 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel w...

Страница 445: ...om the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your ZyXEL Device in the Router address box 5 Click...

Страница 446: ...Appendix A Setting up Your Computer s IP Address P 2602HWLNI User s Guide 446...

Страница 447: ...rnet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking...

Страница 448: ...web pop up blockers you may have enabled Figure 263 Internet Options Privacy 3 Click Apply to save this setting Enable pop up Blockers with Exceptions Alternatively if you only want to allow pop up wi...

Страница 449: ...de 449 Figure 264 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 4 Click Add to mov...

Страница 450: ...lay properly in Internet Explorer check that JavaScripts are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 266 Internet Options Security 2 Click the Cust...

Страница 451: ...tings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permiss...

Страница 452: ...Permissions P 2602HWLNI User s Guide 452 JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected 3 Cl...

Страница 453: ...hare a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host...

Страница 454: ...the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet mas...

Страница 455: ...by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a follow...

Страница 456: ...ows the company network before subnetting Figure 271 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The su...

Страница 457: ...8 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to...

Страница 458: ...bnet 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet A...

Страница 459: ...T BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252...

Страница 460: ...entered You don t need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address If...

Страница 461: ...endent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 273 Peer to Peer Communication in an Ad hoc Net...

Страница 462: ...red connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired networ...

Страница 463: ...ially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 chan...

Страница 464: ...equested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if th...

Страница 465: ...it and to provide more efficient communications Use the dynamic setting to automatically use short preamble when all wireless devices on the network support it otherwise the Product Name short uses lo...

Страница 466: ...ices Some advantages of IEEE 802 1x are User based identification that allows for roaming Support for RADIUS Remote Authentication Dial In User Service RFC 2138 2139 for centralized user profile and a...

Страница 467: ...nt and the RADIUS server for user accounting Accounting Request Sent by the access point requesting accounting Accounting Response Sent by the RADIUS server to indicate that it has started or stopped...

Страница 468: ...wireless clients for mutual authentication The server presents a certificate to the client After validating the identity of the server the client sends a different certificate to the server The exchan...

Страница 469: ...defines stronger encryption authentication and key management than WPA Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication If both an AP and the wireless...

Страница 470: ...with and the packet is dropped By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism MIC with TKIP and AES it is more difficult to decrypt dat...

Страница 471: ...lient s authentication request to the RADIUS server 2 The RADIUS server then checks the user s identification against its database and grants or denies network access accordingly 3 A 256 bit Pairwise...

Страница 472: ...to this table to see what other security parameters you should configure for each authentication method or key management protocol type MAC address filters are not dependent on how you configure these...

Страница 473: ...oor site each 1dB increase in gain results in a range increase of approximately 5 Actual results may vary depending on the network environment Antenna gain is sometimes specified in dBi which is how m...

Страница 474: ...d in a direct line of sight to each other to attain the best performance For omni directional antennas mounted on a table desk and so on point the antenna up For omni directional antennas mounted on a...

Страница 475: ...ervice is used Table 204 Examples of Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM TCP 5190 AOL...

Страница 476: ...ger service uses this protocol NetBIOS TCP UDP TCP UDP TCP UDP TCP UDP 137 138 139 445 The Network Basic Input Output System is used for communication between computers in a LAN NEW ICQ TCP 5190 An In...

Страница 477: ...sages from one e mail server to another SMTPS TCP 465 This is a more secure version of SMTP that runs over SSL SNMP TCP UDP 161 Simple Network Management Program SNMP TRAPS TCP UDP 162 Traps for use w...

Страница 478: ...e transfer protocol similar to FTP but uses the UDP User Datagram Protocol rather than TCP Transmission Control Protocol VDOLIVE TCP UDP 7000 user defined A videoconferencing solution The UDP port num...

Страница 479: ...ce Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in this publication are used for identification purposes only and ma...

Страница 480: ...not be co located or operating in conjunction with any other antenna or transmitter IEEE 802 11b or 802 11g operation of this product in the U S A is firmware limited to channels 1 through 11 To comp...

Страница 481: ...God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties exp...

Страница 482: ...Appendix F Legal Information P 2602HWLNI User s Guide 482...

Страница 483: ...mail support zyxel com tw Sales E mail sales zyxel com tw Telephone 886 3 578 3942 Fax 886 3 578 2439 Web www zyxel com www europe zyxel com FTP ftp zyxel com ftp europe zyxel com Regular Mail ZyXEL...

Страница 484: ...448 Web www zyxel fi Regular Mail ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland France E mail info zyxel fr Telephone 33 4 72 52 97 97 Fax 33 4 72 52 19 20 Web www zyxel fr Regular Mai...

Страница 485: ...agawa ku Tokyo 141 0022 Japan Kazakhstan Support http zyxel kz support Sales E mail sales zyxel kz Telephone 7 3272 590 698 Fax 7 3272 590 689 Web www zyxel kz Regular Mail ZyXEL Kazakhstan 43 Dostyk...

Страница 486: ...Okrzei 1A 03 715 Warszawa Poland Russia Support http zyxel ru support Sales E mail sales zyxel ru Telephone 7 095 542 89 29 Fax 7 095 542 89 25 Web www zyxel ru Regular Mail ZyXEL Russia Ostrovityanov...

Страница 487: ...il ZyXEL Thailand Co Ltd 1 1 Moo 2 Ratchaphruk Road Bangrak Noi Muang Nonthaburi 11000 Thailand Ukraine Support E mail support ua zyxel com Sales E mail sales ua zyxel com Telephone 380 44 247 69 78 F...

Страница 488: ...Appendix G Customer Support P 2602HWLNI User s Guide 488...

Страница 489: ...e adaptation 426 auto provisioning 229 425 B backup 411 backup type 115 bandwidth management 331 bandwidth manager class configuration 334 bandwidth manager monitor 337 bandwidth manager summary 333 B...

Страница 490: ...LAN IP address 49 Denial of Service 234 235 260 destination address 247 DH 289 DHCP 118 339 375 diagnostic 419 Differential Binary Phase Shift Keyed Modulation 430 Differential Quadrature Phase Shift...

Страница 491: ...o WAN rules 248 policies 245 rule checklist 246 rule logic 246 rule security ramifications 246 types 233 when to use 243 firmware 408 upload 409 upload error 410 firmware upgrade 428 flash key 195 fla...

Страница 492: ...426 IP network and PSTN connection 211 IP Policy Routing IPPR 425 IP pool 125 IP pool setup 118 IP spoofing 236 238 IP to IP Calls 44 IPSec 269 IPSec algorithms 271 275 IPSec and NAT 272 IPSec archit...

Страница 493: ...Cell Rate PCR 104 109 113 peer call authentication VoIP trunking 212 peer IP 217 peer port 217 peer to peer calls 44 Perfect Forward Secrecy 289 per hop behavior 177 Permanent Virtual Circuits 426 PF...

Страница 494: ...nfiguration 416 RF Radio Frequency 431 RFC 1483 102 426 RFC 1631 155 RFC 1889 173 429 RFC 1890 429 RFC 2327 429 RFC 2364 426 RFC 2516 425 426 RFC 2684 426 RFC 3261 429 Ringer Equivalence Number 428 ri...

Страница 495: ...SUA Single User Account 158 SUA vs NAT 158 subnet 453 subnet mask 118 253 454 subnetting 456 supplementary services 194 Sustain Cell Rate SCR 109 113 Sustained Cell Rate SCR 104 SYN flood 236 237 SYN...

Страница 496: ...214 VPI VCI 102 VPN 269 VPN applications 270 W WAN Wide Area Network 101 WAN to LAN rules 248 warranty 481 note 481 Web 346 Web Configurator 49 241 242 247 and VoIP trunking 214 WEP Wired Equivalent...

Отзывы:

Нет отзывов