manualshive.com logo in svg

ZyXEL Communications P-660H-T1 v2, Руководство пользователя

"ZyXEL Communications P-660H-T1 v2" - мощный маршрутизатор для домашнего пользования с возможностью подключения телефона. У нас вы можете скачать бесплатно руководство пользователя на manualshive.com. Идеальное устройство для быстрого и удобного доступа к интернету и совершения звонков.

Поделиться
Скачать
background image

 Chapter 8 Firewalls

P-660H-Tx v2 User’s Guide

119

If an initiation packet originates on the LAN, this means that someone is trying to make a 
connection from the LAN to the Internet. Assuming that this is an acceptable part of the 
security policy (as is the case with the default policy), the connection will be allowed. A cache 
entry is added which includes connection information such as IP addresses, TCP ports, 
sequence numbers, etc.
When the ZyXEL Device receives any subsequent packet (from the Internet or from the LAN), 
its connection information is extracted and checked against the cache. A packet is only 
allowed to pass through if it corresponds to a valid connection (that is, if it is a response to a 
connection which originated on the LAN).

8.5.4  UDP/ICMP Security

UDP and ICMP do not themselves contain any connection information (such as sequence 
numbers). However, at the very minimum, they contain an IP address pair (source and 
destination). UDP also contains port pairs, and ICMP has type and code information. All of 
this data can be analyzed in order to build "virtual connections" in the cache. 
For instance, any UDP packet that originates on the LAN will create a cache entry. Its IP 
address and port pairs will be stored. For a short period of time, UDP packets from the WAN 
that have matching IP and UDP information will be allowed back in through the firewall.
A similar situation exists for ICMP, except that the ZyXEL Device is even more restrictive. 
Specifically, only outgoing echoes will allow incoming echo replies, outgoing address mask 
requests will allow incoming address mask replies, and outgoing timestamp requests will 
allow incoming timestamp replies. No other ICMP packets are allowed in through the firewall, 
simply because they are too dangerous and contain too little tracking information. For 
instance, ICMP redirect packets are never allowed in, since they could be used to reroute 
traffic through attacking machines. 

8.5.5  Upper Layer Protocols

Some higher layer protocols (such as FTP and RealAudio) utilize multiple network 
connections simultaneously. In general terms, they usually have a "control connection" which 
is used for sending commands between endpoints, and then "data connections" which are used 
for transmitting bulk information. 
Consider the FTP protocol. A user on the LAN opens a control connection to a server on the 
Internet and requests a file. At this point, the remote server will open a data connection from 
the Internet. For FTP to work properly, this connection must be allowed to pass through even 
though a connection from the Internet would normally be rejected.
In order to achieve this, the ZyXEL Device inspects the application-level FTP data. 
Specifically, it searches for outgoing "PORT" commands, and when it sees these, it adds a 
cache entry for the anticipated data connection. This can be done safely, since the PORT 
command contains address and port information, which can be used to uniquely identify the 
connection.
Any protocol that operates in this way must be supported on a case-by-case basis. You can use 
the web configurator’s Custom Ports feature to do this.

Содержание P-660H-T1 v2

Страница 1: ...www zyxel com P 660H Tx v2 ADSL 2 4 port Gateway User s Guide Version 3 40 2 2007 Edition 1...

Страница 2: ......

Страница 3: ...Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information It is recommended you use the web configurator to configure the ZyXEL Device Supporting...

Страница 4: ...stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER ke...

Страница 5: ...e 5 Icons Used in Figures Figures in this User s Guide may use the following generic icons The ZyXEL Device icon is not an exact representation of your device ZyXEL Device Computer Notebook computer S...

Страница 6: ...all cables from this device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect the power adaptor or cord to the right supply voltage for example 1...

Страница 7: ...Safety Warnings P 660H Tx v2 User s Guide 7...

Страница 8: ...Safety Warnings P 660H Tx v2 User s Guide 8...

Страница 9: ...ork 65 WAN Setup 67 LAN Setup 85 Network Address Translation NAT Screens 97 Security 109 Firewalls 111 Firewall Configuration 123 Content Filtering 145 Advanced Setup 149 Static Route 151 Bandwidth Ma...

Страница 10: ...Contents Overview P 660H Tx v2 User s Guide 10...

Страница 11: ...od Habits for Managing the ZyXEL Device 33 1 4 LEDs 33 1 5 Splitters and Microfilters 34 1 5 1 Connecting a POTS Splitter 34 1 5 2 Telephone Microfilters 35 1 6 Hardware Connections 35 Chapter 2 Intro...

Страница 12: ...ment Services 59 4 3 Bandwidth Management Wizard Setup 60 Part III Network 65 Chapter 5 WAN Setup 67 5 1 WAN Overview 67 5 1 1 Encapsulation 67 5 1 2 Multiplexing 68 5 1 3 Encapsulation and Multiplexi...

Страница 13: ...t List 93 6 6 LAN IP Alias 94 Chapter 7 Network Address Translation NAT Screens 97 7 1 NAT Overview 97 7 1 1 NAT Definitions 97 7 1 2 What NAT Does 98 7 1 3 How NAT Works 98 7 1 4 NAT Application 98 7...

Страница 14: ...9 8 5 5 Upper Layer Protocols 119 8 6 Guidelines for Enhancing Security with Your Firewall 120 8 6 1 Security In General 120 8 7 Packet Filtering Vs Firewall 121 8 7 1 Packet Filtering 121 8 7 2 Firew...

Страница 15: ...pter 12 Bandwidth Management 155 12 1 Bandwidth Management Overview 155 12 2 Application based Bandwidth Management 155 12 3 Subnet based Bandwidth Management 155 12 4 Application and Subnet based Ban...

Страница 16: ...P Traps 175 14 7 3 Configuring SNMP 175 14 8 Configuring DNS 177 14 9 Configuring ICMP 177 14 10 TR 069 178 Chapter 15 Universal Plug and Play UPnP 181 15 1 Introducing Universal Plug and Play 181 15...

Страница 17: ...8 1 General Diagnostic 207 18 2 DSL Line Diagnostic 208 Chapter 19 Logs 209 19 1 Logs Overview 209 19 1 1 Alerts and Logs 209 19 2 Viewing the Logs 209 19 3 Configuring Log Settings 210 19 3 1 Example...

Страница 18: ...18 Appendix E Pop up Windows JavaScripts and Java Permissions 283 Appendix F Firewall Commands 289 Appendix G NetBIOS Filter Commands 295 Appendix H Triangle Route 297 Appendix I Legal Information 29...

Страница 19: ...o DSL Connection 52 Figure 19 Auto Detection Failed 53 Figure 20 Auto Detection PPPoE 53 Figure 21 Internet Access Wizard Setup ISP Parameters 54 Figure 22 Internet Connection with PPPoE 55 Figure 23...

Страница 20: ...l Application 113 Figure 59 Three Way Handshake 114 Figure 60 SYN Flood 115 Figure 61 Smurf Attack 115 Figure 62 Stateful Inspection 117 Figure 63 Firewall General 126 Figure 64 Firewall Rules 128 Fig...

Страница 21: ...al Networking Components Wizard 185 Figure 101 Networking Services 185 Figure 102 Network Connections 186 Figure 103 Internet Connection Properties 187 Figure 104 Internet Connection Properties Advanc...

Страница 22: ...P Properties 265 Figure 144 Macintosh OS 8 9 Apple Menu 266 Figure 145 Macintosh OS 8 9 TCP IP 266 Figure 146 Macintosh OS X Apple Menu 267 Figure 147 Macintosh OS X Network 268 Figure 148 Red Hat 9 0...

Страница 23: ...Tx v2 User s Guide 23 Figure 168 Security Settings Java Scripting 287 Figure 169 Security Settings Java 287 Figure 170 Java Sun 288 Figure 171 Ideal Setup 297 Figure 172 Triangle Route Problem 298 Fi...

Страница 24: ...List of Figures P 660H Tx v2 User s Guide 24...

Страница 25: ...agement Wizard Configuration 62 Table 15 Internet Connection 73 Table 16 Advanced Internet Connection Setup 75 Table 17 More Connections 77 Table 18 More Connections Edit 78 Table 19 More Connections...

Страница 26: ...width Management Priorities 159 Table 56 Over Allotment of Bandwidth Example 159 Table 57 Media Bandwidth Management Summary 160 Table 58 Bandwidth Management Rule Setup 161 Table 59 Bandwidth Managem...

Страница 27: ...02 Abbreviations Used in the Example Internal SPTGEN Screens Table 244 Table 103 Menu 1 General Setup 244 Table 104 Menu 3 244 Table 105 Menu 4 Internet Access Setup 246 Table 106 Menu 12 248 Table 10...

Страница 28: ...List of Tables P 660H Tx v2 User s Guide 28 Table 125 NetBIOS Filter Default Settings 296...

Страница 29: ...29 PART I Introduction Introducing the ZyXEL Device 31 Introducing the Web Configurator 37...

Страница 30: ...30...

Страница 31: ...names ending in 3 denote a device that works over ISDN Integrated Services Digital Network The DSL RJ 11 ADSL over POTS models or RJ 45 ADSL over ISDN models connects to your ADSL enabled telephone li...

Страница 32: ...ttainable for each standard are shown in the next table If your ZyXEL Device does not support Annex M the maximum ADSL2 2 upstream data rate is 1 2 Mbps ZyXEL Devices which work over ISDN do not suppo...

Страница 33: ...o remotely configure your device 1 3 Good Habits for Managing the ZyXEL Device Do the following things regularly to make the ZyXEL Device more secure and to manage the ZyXEL Device more effectively Ch...

Страница 34: ...ter at the point where the telephone line enters your residence as shown in the following figure Figure 4 Connecting a POTS Splitter 1 Connect the side labeled Phone to your telephone Table 2 Front Pa...

Страница 35: ...ansmissions do not interfere with your telephone voice transmissions The use of a telephone microfilter is optional 1 Locate and disconnect each telephone 2 Connect a cable from the wall jack to the w...

Страница 36: ...Chapter 1 Introducing the ZyXEL Device P 660H Tx v2 User s Guide 36...

Страница 37: ...use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScripts enabled by default Java pe...

Страница 38: ...ess enter the default admin password 1234 to configure the wizards and the advanced features 2 Click Login to proceed to a screen asking you to change your password or click Cancel to revert to the de...

Страница 39: ...at least once the following screen appears every time you log in with the admin password Figure 8 Change Password at Login 4 Select Go to Wizard setup and click Apply to display the wizard main screen...

Страница 40: ...eload the factory default configuration file This means that you will lose all configurations that you had previously and the password will be reset to 1234 2 3 1 Using the Reset Button 1 Make sure th...

Страница 41: ...P DNS Server MAC address assignment BANDWIDTH MANAGEMENT SETUP Use these screens to limit bandwidth usage by application or packet type Logout Click this icon to exit the web configurator Status This...

Страница 42: ...pply the rule Rules This screen shows a summary of the firewall rules and allows you to edit add a firewall rule Anti Probing Use this screen to change your anti probing settings Threshold Use this sc...

Страница 43: ...face s and from which IP address es users can send DNS queries to the ZyXEL Device ICMP Use this screen to change your anti probing settings UPnP Use this screen to enable UPnP on the ZyXEL Device Mai...

Страница 44: ...tification purposes Model Number This is your ZyXEL Device s model name MAC Address This is the MAC Media Access Control or Ethernet address unique to your ZyXEL Device ZyNOS Firmware Version This is...

Страница 45: ...ched Memory Usage This number shows the ZyXEL Device s total heap memory in kilobytes The bar displays what percent of the ZyXEL Device s heap memory is in use The bar turns from green to red when the...

Страница 46: ...used bandwidth and the blue color represents the percentage of bandwidth in use Figure 13 Status Bandwidth Status Table 5 Status Any IP Table LABEL DESCRIPTION This is the index number of the host com...

Страница 47: ...EL DESCRIPTION System Monitor System up Time This is the elapsed time the system has been up Current Date Time This field displays your ZyXEL Device s present date and time CPU Usage This field specif...

Страница 48: ...p dropping a call if you re using PPPoE encapsulation TxPkts This field displays the number of packets transmitted on this port RxPkts This field displays the number of packets received on this port E...

Страница 49: ...49 PART II Wizards Wizard Setup for Internet Access 51 Bandwidth Management Wizard 59...

Страница 50: ...50...

Страница 51: ...e your system for Internet access with the information given to you by your ISP See the advanced menu chapters for background information on these fields 3 2 Internet Access Wizard Setup 1 After you e...

Страница 52: ...varies depending on the connection type you use If the wizard does not detect a connection type and the following screen appears see Figure 18 on page 52 check your hardware connections and click Res...

Страница 53: ...ting you to enter your Internet account information Enter the username password and or service name exactly as provided 2 Click Next Figure 20 Auto Detection PPPoE 3 2 2 Manual Configuration 1 If the...

Страница 54: ...hoices vary depending on what you select in the Mode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field select PPPoA RFC 1483 ENET ENC...

Страница 55: ...where domain identifies a service name then enter both components exactly as given Password Enter the password associated with the user name above Service Name Type the name of your PPPoE service here...

Страница 56: ...dress Select Static IP Address if your ISP gives you a fixed IP address IP Address Enter your ISP assigned IP address Subnet Mask Enter a subnet mask in dotted decimal notation Refer to the appendices...

Страница 57: ...ou can modify them Figure 26 Connection Test Failed 1 If the following screen displays check if your account is activated or click Restart the Internet Setup Wizard to verify your Internet access sett...

Страница 58: ...Chapter 3 Wizard Setup for Internet Access P 660H Tx v2 User s Guide 58 Figure 27 Connection Test Failed 2...

Страница 59: ...r Protocol enables fast transfer of files including large files that may not be possible by e mail FTP uses port number 21 NetMeeting H 323 A multimedia communications product from Microsoft that enab...

Страница 60: ...ted primarily over UDP but can also be transported over TCP using the default port number 5060 Telnet Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environment...

Страница 61: ...ces that you want to apply bandwidth management and select the priorities that you want to apply to the services listed Table 13 Bandwidth Management Wizard General Information LABEL DESCRIPTION Activ...

Страница 62: ...priority for traffic that matches that service A service with High priority is given as much bandwidth as it needs If you select services as having the same priority then bandwidth is divided equally...

Страница 63: ...Chapter 4 Bandwidth Management Wizard P 660H Tx v2 User s Guide 63 Figure 32 Bandwidth Management Wizard Complete...

Страница 64: ...Chapter 4 Bandwidth Management Wizard P 660H Tx v2 User s Guide 64...

Страница 65: ...65 PART III Network WAN Setup 67 LAN Setup 85 Network Address Translation NAT Screens 97...

Страница 66: ...66...

Страница 67: ...Point to Point Protocol over Ethernet provides access control and billing functionality in a manner similar to dial up services using PPP PPPoE is an IETF standard RFC 2516 specifying how a personal...

Страница 68: ...ominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical 5 1 2 2 LLC based Multiplexing In this case one VC carries multiple protocols with protocol identifyin...

Страница 69: ...your choices for IP address and ENET ENCAP gateway 5 1 5 1 IP Assignment with PPPoA or PPPoE Encapsulation If you have a dynamic IP then the IP Address and ENET ENCAP Gateway fields are not applicabl...

Страница 70: ...Section 5 8 on page 82 For example if the normal route has a metric of 1 and the traffic redirect route has a metric of 2 and dial backup route has a metric of 3 then the normal route acts as the pri...

Страница 71: ...Constant Bit Rate CBR provides fixed bandwidth that is always available even if no data is being sent CBR traffic is generally time sensitive doesn t tolerate delay CBR is used for connections that co...

Страница 72: ...nsfer 5 4 Zero Configuration Internet Access Once you turn on and connect the ZyXEL Device to a telephone jack it automatically detects the Internet connection settings such as the VCI VPI numbers and...

Страница 73: ...he drop down list box Choices vary depending on the mode you select in the Mode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field sel...

Страница 74: ...ow If you use RFC 1483 enter the IP address given by your ISP in the IP Address field Subnet Mask ENET ENCAP encapsulation only Enter a subnet mask in dotted decimal notation Refer to the appendices t...

Страница 75: ...Rate to specify fixed always on bandwidth for voice or data traffic Select UBR Unspecified Bit Rate for applications that are non time sensitive such as e mail Select VBR nRT Variable Bit Rate non Re...

Страница 76: ...thod from the ISP and make the necessary configuration changes Select No to disable this feature You must manually configure the ZyXEL Device for Internet access PPPoE Passthrough This feature is avai...

Страница 77: ...lect the check box to enable it Name This is the descriptive name for this connection VPI VCI This is the VPI and VCI values used for this connection Encapsulation This is the method of encapsulation...

Страница 78: ...me Enter a unique descriptive name of up to 13 ASCII characters for this connection Mode Select Routing from the drop down list box if your ISP allows multiple computers to share an Internet account I...

Страница 79: ...use the encapsulation type except RFC 1483 select Obtain an IP Address Automatically when you have a dynamic IP address otherwise select Static IP Address and type your ISP assigned IP address in the...

Страница 80: ...RIP Direction Select the RIP direction from None Both In Only and Out Only RIP Version Select the RIP version from RIP 1 RIP 2B and RIP 2M Multicast IGMP Internet Group Multicast Protocol is a networ...

Страница 81: ...ubnet Subnet 1 in the following figure and the backup gateway in another subnet Subnet 2 Configure filters that allow packets from the protected LAN Subnet 1 to the backup gateway Subnet 2 Sustain Cel...

Страница 82: ...Tx v2 User s Guide 82 Figure 40 Traffic Redirect LAN Setup 5 8 Configuring WAN Backup To change your ZyXEL Device s WAN backup settings click Network WAN WAN Backup Setup The screen appears as shown...

Страница 83: ...ZyXEL Device to wait between checks Allow more time if your destination IP address handles lots of traffic Timeout Type the number of seconds 3 recommended for your ZyXEL Device to wait for a ping re...

Страница 84: ...Chapter 5 WAN Setup P 660H Tx v2 User s Guide 84...

Страница 85: ...ea usually the same building or floor of a building The LAN screens can help you configure a LAN DHCP server and manage IP addresses See Section 6 3 on page 90 to configure the LAN screens 6 1 1 LANs...

Страница 86: ...that an ISP disseminates the DNS server addresses The ISP tells you the DNS server addresses usually in the form of an information sheet when you sign up If your ISP gives you DNS server addresses ent...

Страница 87: ...other device on your network is using that IP address The subnet mask specifies the network number portion of an IP address Your ZyXEL Device will compute the subnet mask automatically based on the IP...

Страница 88: ...t or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and not just 1 IGMP Internet Group Multicast Protocol is a network layer...

Страница 89: ...er to the ZyXEL Device and access the Internet The following figure depicts a scenario where a computer is set to use a static private IP address in the corporate environment In a residential house wh...

Страница 90: ...ZyXEL Device receives packets from the computer it creates an entry in the IP routing table so it can properly forward packets intended for the computer After all the routing information is updated t...

Страница 91: ...ddresses of the computer and the ZyXEL Device are not in the same subnet When you disable the Any IP feature only computers with dynamic IP addresses or static IP addresses in the same subnet as the Z...

Страница 92: ...and DNS servers to Windows 95 Windows NT and other systems that support the DHCP client If set to None the DHCP server will be disabled If set to Relay the ZyXEL Device acts as a surrogate DHCP server...

Страница 93: ...erver This field is not available when you set DHCP to Relay Enter the IP addresses of the DNS servers The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask If t...

Страница 94: ...Name This field displays the computer host name IP Address This field displays the IP address relative to the field listed above MAC Address The MAC Media Access Control or Ethernet address on a LAN...

Страница 95: ...s Select the RIP direction from None Both In Only Out Only When set to Both or Out Only the ZyXEL Device will broadcast its routing table periodically When set to Both or In Only it will incorporate t...

Страница 96: ...ter 6 LAN Setup P 660H Tx v2 User s Guide 96 Apply Click Apply to save your changes to the ZyXEL Device Cancel Click Cancel to begin configuring this screen afresh Table 25 LAN IP Alias LABEL DESCRIPT...

Страница 97: ...a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that inside outside refers to the l...

Страница 98: ...venting intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 7 1 3 How NAT Works Each packet has two addresses a s...

Страница 99: ...tance PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported the SUA Only option in today s routers Many to Many Overload In Many to Many Overload mode...

Страница 100: ...NAT un friendly because they embed IP addresses and port numbers in their packets data payload Some NAT routers may include a SIP Application Layer Gateway ALG An Application Layer Gateway ALG manages...

Страница 101: ...NAT sessions If you do not limit the number of NAT sessions a single client can establish this can result in all of the available NAT sessions being used In this case no additional NAT sessions can be...

Страница 102: ...ion Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location If you are unsure refer to your ISP 7 5 1 Default Server IP Address In...

Страница 103: ...pears as a single host on the Internet Figure 53 Multiple Servers Behind NAT Example 7 6 Configuring Port Forwarding The Port Forwarding screen is available only when you select SUA Only in the NAT Ge...

Страница 104: ...ere or in the remote management setup Port Forwarding Service Name Select a service from the drop down list box Server IP Address Enter the IP address of the server for the specified service Add Click...

Страница 105: ...ABEL DESCRIPTION Active Click this check box to enable the rule Service Name Enter a name to identify this port forwarding rule Start Port Enter a port number in this field To forward only one port en...

Страница 106: ...e 32 Address Mapping Rules LABEL DESCRIPTION This is the rule index number Local Start IP This is the starting Inside Local IP Address ILA Local IP addresses are N A for Server port mapping Local End...

Страница 107: ...address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported only M M Ov Overload Many to Many Overload mode maps multiple local IP addresses to shared global IP addre...

Страница 108: ...rvices behind the NAT to be accessible to the outside world Local Start IP This is the starting local IP address ILA Local IP addresses are N A for Server port mapping Local End IP This is the end loc...

Страница 109: ...109 PART IV Security Firewalls 111 Firewall Configuration 123 Content Filtering 145...

Страница 110: ...110...

Страница 111: ...the only mechanism or method employed For a firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In...

Страница 112: ...assure the integrity of the connection and to adapt to dynamic protocols These firewalls generally provide the best speed and transparency however they may lack the granular application level access c...

Страница 113: ...fic functions An extension number called the TCP port or UDP port identifies these protocols such as HTTP Web FTP File Transfer Protocol POP3 E mail etc For example Web traffic by default uses TCP por...

Страница 114: ...series of IP fragments with overlapping offset fields When these fragments are reassembled at the destination some systems will crash hang or reboot 6 Weaknesses in the TCP IP specification leave it o...

Страница 115: ...r floods a router with Internet Control Message Protocol ICMP echo request packets pings Since the destination IP address of each packet is the broadcast address of the network the router will broadca...

Страница 116: ...ing a router or firewall into thinking that the communications are coming from within the trusted network To engage in IP spoofing a hacker must modify the packet headers so that it appears that the p...

Страница 117: ...packet leaves the LAN network through the firewall s WAN interface The TCP packet is the first in a session and the packet s application layer protocol is configured for a firewall rule inspection 1...

Страница 118: ...w certain types of traffic from the Internet to specific hosts on the LAN Allow access to a Web server to everyone but competitors Restrict use of certain protocols such as Telnet to authorized users...

Страница 119: ...ve Specifically only outgoing echoes will allow incoming echo replies outgoing address mask requests will allow incoming address mask replies and outgoing timestamp requests will allow incoming timest...

Страница 120: ...cularly vulnerable because they provide more opportunities for hackers to crack your system Turn your computer off when not in use Never give out a password or any sensitive information to an unsolici...

Страница 121: ...ilters can not distinguish traffic originating from an inside host or an outside host by IP address To block allow IP trace route 8 7 2 Firewall The firewall inspects packet contents as well as their...

Страница 122: ...ish traffic originating from an inside host or an outside host by IP address The firewall performs better than filtering if you need to check many rules Use the firewall if you need routine e mail rep...

Страница 123: ...vel of packets to which they apply By default the ZyXEL Device s stateful packet inspection allows packets traveling in the following directions LAN to LAN Router This allows computers on the LAN to m...

Страница 124: ...precedence and override the ZyXEL Device s default rules 9 3 Rule Logic Overview Study these points carefully before configuring rules 9 3 1 Rule Checklist State the intent of the rule For example Thi...

Страница 125: ...nds an ICMP destination unreachable message to the sender 9 3 3 2 Service Select the service from the Service scrolling list box If the service is not listed it is necessary to first define it See Sec...

Страница 126: ...you will need to create custom rules to allow it 9 4 2 Alerts Alerts are reports on events such as attacks that you may want to know about right away You can choose to generate an alert when a rule is...

Страница 127: ...the direction of travel of packets LAN to LAN Router LAN to WAN WAN to WAN Router WAN to LAN Firewall rules are grouped based on the direction of travel of packets to which they apply For example LAN...

Страница 128: ...nfigure summarized below take priority over the general firewall action settings in the General screen This is your firewall rule number The ordering of your rules is important as rules are applied in...

Страница 129: ...an edit the rule Click the Remove icon to delete an existing firewall rule A window displays asking you to confirm that you want to delete the firewall rule Note that subsequent firewall rules move up...

Страница 130: ...Chapter 9 Firewall Configuration P 660H Tx v2 User s Guide 130 Figure 65 Firewall Edit Rule...

Страница 131: ...e Source or Destination Address box You can add multiple addresses ranges of addresses and or subnets Edit To edit an existing source or destination address select it from the box and click Edit Delet...

Страница 132: ...mized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one This action displays the following screen Apply Click Apply to save you...

Страница 133: ...ces LABEL DESCRIPTION Service Name Type a unique name for your custom port Service Type Choose the IP port TCP UDP or TCP UDP that defines your customized port from the drop down list box Port Configu...

Страница 134: ...becomes rule 8 4 Click Add to display the firewall rule configuration screen 5 In the Edit Rule screen click the Edit Customized Services link to open the Customized Service screen 6 Click an index n...

Страница 135: ...ample Edit Rule Destination Address 9 Use the Add and Remove buttons between Available Services and Selected Services list boxes to configure it as follows Click Apply when you are done Custom service...

Страница 136: ...wall Example Edit Rule Select Customized Services On completing the configuration procedure for this Internet firewall rule the Rules screen should look like the following Rule 1 allows a MyService co...

Страница 137: ...service ports may also be configured using the Edit Customized Services function discussed previously Table 43 Predefined Services SERVICE DESCRIPTION AIM NEW_ICQ TCP 5190 AOL s Internet Messenger se...

Страница 138: ...from a POP3 server through a temporary connection TCP IP or other PPTP TCP 1723 Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the control channel PPTP_...

Страница 139: ...tion user Refer to Section 8 1 on page 111 for more information Click Security Firewall Anti Probing to display the screen as shown Figure 73 Firewall Anti Probing SSH TCP UDP 22 Secure Shell Remote L...

Страница 140: ...rules Table 44 Firewall Anti Probing LABEL DESCRIPTION Respond to PING on The ZyXEL Device does not respond to any incoming Ping requests when Disable is selected Select LAN to reply to incoming LAN P...

Страница 141: ...The ZyXEL Device continues to delete half open sessions as necessary until the rate of new connection attempts drops below another threshold one minute low The rate is the number of new attempts detec...

Страница 142: ...eting half open sessions When the rate of new connection attempts rises above this number the ZyXEL Device deletes half open sessions as required to accommodate new connection attempts 100 half open s...

Страница 143: ...sessions with the same destination host IP address that causes the firewall to start dropping half open sessions to that same destination host IP address Enter a number between 1 and 256 As a general...

Страница 144: ...Chapter 9 Firewall Configuration P 660H Tx v2 User s Guide 144...

Страница 145: ...en the ZyXEL Device performs content filtering You can also specify trusted IP addresses on the LAN for which the ZyXEL Device will not perform content filtering 10 2 Configuring Keyword Blocking Use...

Страница 146: ...st of all the keywords that you have configured the ZyXEL Device to block Delete Highlight a keyword in the box and click Delete to remove it Clear All Click Clear All to remove all of the keywords fr...

Страница 147: ...e which days of the week or everyday and which time of the day you want the content filtering to be active Active Everyday to Block Select this option to allow continuous filtering of websites based o...

Страница 148: ...of a computer or the beginning IP address of a specific range of computers on the LAN that you want to exclude from content filtering To Type the ending IP address of a specific range of users on you...

Страница 149: ...149 PART V Advanced Setup Static Route 151 Bandwidth Management 155 Dynamic DNS Setup 165 Remote Management Configuration 169 Universal Plug and Play UPnP 181...

Страница 150: ...150...

Страница 151: ...tance the ZyXEL Device knows about network N2 in the following figure through remote node Router 1 However the ZyXEL Device is unable to route a packet to network N3 because it doesn t know that there...

Страница 152: ...heck box Name This is the name that describes or identifies this route Destination This parameter specifies the IP network address of the final destination Routing is always based on network number Ga...

Страница 153: ...on Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical t...

Страница 154: ...Chapter 11 Static Route P 660H Tx v2 User s Guide 154...

Страница 155: ...traffic that comes into an interface Bandwidth management applies to all traffic flowing out of the router regardless of the traffic s source Traffic redirect or IP alias may cause LAN to LAN traffic...

Страница 156: ...e ZyXEL Device has two types of scheduler fairness based and priority based 12 5 1 Priority based Scheduler With the priority based scheduler the ZyXEL Device forwards traffic from bandwidth classes a...

Страница 157: ...he available bandwidth first as much as they require if there is enough available bandwidth and then to lower priority classes if there is still bandwidth available The ZyXEL Device distributes the av...

Страница 158: ...and marketing departments 1536 kbps extra to each for a total of 3584 kbps for each because they both have the highest priority level Research requires more bandwidth but only gets its budgeted 2048...

Страница 159: ...only browse the web when VoIP NetMeeting and FTP do not use all 1000 Kbps of available bandwidth 12 8 Configuring Summary Click Advanced Bandwidth MGMT to open the screen as shown next Enable bandwid...

Страница 160: ...smission speed For example set the WAN interface speed to 1000 kbps if your Internet connection has an upstream transmission speed of 1 Mbps You can set this number higher than the interface s actual...

Страница 161: ...the following table This is the number of an individual bandwidth management rule Active This displays whether the rule is enabled Select this check box to have the ZyXEL Device apply this bandwidth...

Страница 162: ...ule Configuration Active Select this check box to have the ZyXEL Device apply this bandwidth management rule Enable a bandwidth management rule to give traffic that matches the rule priority over traf...

Страница 163: ...cket based network that does not provide a guaranteed quality of service Select H 323 from the drop down list box to configure this bandwidth filter for traffic that uses H 323 Select User defined fro...

Страница 164: ...ntage of unused bandwidth and the blue color represents the percentage of bandwidth in use The screen refreshes every few seconds Figure 85 Bandwidth Management Monitor Table 60 Services and Port Numb...

Страница 165: ...ow your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a...

Страница 166: ...Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma User Name Type your user name Password Type the p...

Страница 167: ...P address of the NAT router that has a public IP address Note The DDNS server may not be able to detect the proper IP address if there is an HTTP proxy server between the ZyXEL Device and the DDNS ser...

Страница 168: ...Chapter 13 Dynamic DNS Setup P 660H Tx v2 User s Guide 168...

Страница 169: ...s You may manage your ZyXEL Device from a remote location via Internet WAN only ALL LAN and WAN LAN only Neither Disable When you choose WAN only or LAN WAN you still need to configure a firewall rule...

Страница 170: ...agement session running at one time There is a firewall rule that blocks it 14 1 2 Remote Management and NAT When NAT is enabled Use the ZyXEL Device s WAN IP address when configuring from the WAN Use...

Страница 171: ...ay change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Access Status Select the interface s through which...

Страница 172: ...mand A list of valid commands can be found by typing help or at the command prompt 5 Type exit to close the session when finished Table 63 Remote Management Telnet LABEL DESCRIPTION Port You may chang...

Страница 173: ...le 64 Remote Management FTP LABEL DESCRIPTION Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote manag...

Страница 174: ...n a managed device the ZyXEL Device An agent translates the local management information from the managed device into a form compatible with SNMP The manager is the console through which network admin...

Страница 175: ...e 14 7 2 SNMP Traps The ZyXEL Device will send traps to the SNMP manager when any one of the following events occurs 14 7 3 Configuring SNMP To change your ZyXEL Device s SNMP settings click Advanced...

Страница 176: ...EL Device using this service Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service SNMP Configuration Get Community Enter the Ge...

Страница 177: ...unsupported port on your ZyXEL Device an ICMP response packet is automatically returned This allows the outside user to know the ZyXEL Device exists Your ZyXEL Device supports anti probing which preve...

Страница 178: ...ion user Respond to Ping on The ZyXEL Device will not respond to any incoming Ping requests when Disable is selected Select LAN to reply to incoming LAN Ping requests Select WAN to reply to incoming W...

Страница 179: ...N wan tr069 All TR 069 related commands must be preceded by wan tr069 load Start configuring TR 069 on your ZyXEL Device active 0 no 1 yes Enable disable TR 069 operation acsUrl URL Set the IP address...

Страница 180: ...Chapter 14 Remote Management Configuration P 660H Tx v2 User s Guide 180...

Страница 181: ...work will appear as a separate icon Selecting the icon of a UPnP device will allow you to access the information and properties of that device 15 1 2 NAT Traversal UPnP NAT traversal automates the pro...

Страница 182: ...UPnP to display the screen shown next See Section 15 1 on page 181 for more information Figure 96 Configuring UPnP The following table describes the fields in this screen Table 70 Configuring UPnP LAB...

Страница 183: ...Components selection box Click Details Figure 97 Add Remove Programs Windows Setup Communication 3 In the Communications window select the Universal Plug and Play check box in the Components selectio...

Страница 184: ...ompted 15 3 2 Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click start and Control Panel 2 Double click Network Connections 3 In the Network Connections win...

Страница 185: ...elect the Universal Plug and Play check box Figure 101 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next 15 4 Using UPnP in Windows XP...

Страница 186: ...ZyXEL Device 15 4 1 Auto discover Your UPnP enabled Network Device 1 Click start and Control Panel Double click Network Connections An icon displays under Internet Gateway 2 Right click the icon and...

Страница 187: ...Play UPnP P 660H Tx v2 User s Guide 187 Figure 103 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings Figure 104 Internet Connection...

Страница 188: ...dd When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 5 Select Show icon in notification area when connected option and click OK An icon di...

Страница 189: ...access the web based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first This comes helpful if you do not know the IP address of the ZyXEL Device Follow the...

Страница 190: ...v2 User s Guide 190 Figure 108 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your ZyXEL Device and select...

Страница 191: ...191 Figure 109 Network Connections My Network Places 6 Right click on the icon for your ZyXEL Device and select Properties A properties window displays with basic information about the ZyXEL Device Fi...

Страница 192: ...Chapter 15 Universal Plug and Play UPnP P 660H Tx v2 User s Guide 192...

Страница 193: ...193 PART VI Maintenance and Troubleshooting System 195 Tools 201 Diagnostic 207 Logs 209 Troubleshooting 227...

Страница 194: ...194...

Страница 195: ...ndows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it a...

Страница 196: ...e how many minutes a management session can be left idle before the session times out The default is 5 minutes After it times out you have to log in with your password again Very long idle timeouts ma...

Страница 197: ...r the existing password you use to access the system for configuring advanced features New Password Type your new system password up to 30 characters Note that as you type a password the screen displa...

Страница 198: ...Time and Date Setup to Manual enter the new date in this field and then click Apply Get from Time Server Select this radio button to have the ZyXEL Device get the time and date from the time server yo...

Страница 199: ...e zone is one hour ahead of GMT or UTC GMT 1 End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving The o clock field uses the 24 hour format Here ar...

Страница 200: ...Chapter 16 System P 660H Tx v2 User s Guide 200...

Страница 201: ...ter a successful upload the system will reboot Only use firmware for your device s specific model Refer to the label on the bottom of your device Click Maintenance Tools to open the Firmware screen Fo...

Страница 202: ...ystems you may see the following icon on your desktop Figure 115 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen If the upload...

Страница 203: ...Backup Configuration Backup configuration allows you to back up save the ZyXEL Device s current configuration to a file on your computer Once your ZyXEL Device is configured and functioning properly...

Страница 204: ...following icon on your desktop Figure 119 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as tha...

Страница 205: ...s You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device Refer to the chapter about introducing the web configurator for more information on the RESET...

Страница 206: ...Chapter 17 Tools P 660H Tx v2 User s Guide 206...

Страница 207: ...agnostic Click Maintenance Diagnostic to open the screen shown next Figure 122 Diagnostic General The following table describes the fields in this screen Table 75 Diagnostic General LABEL DESCRIPTION...

Страница 208: ...VCIs before you begin this test The ZyXEL Device sends an OAM F5 packet to the DSLAM ATM switch and then returns it loops it back to the ZyXEL Device The ATM loopback test is useful for troubleshootin...

Страница 209: ...warrants more serious attention They include system errors attacks access control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You m...

Страница 210: ...77 View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop down list box Select a category of logs to view select All Logs to view logs from al...

Страница 211: ...bject line of the log e mail message that the ZyXEL Device sends Not all ZyXEL models have this field Send Log To The ZyXEL Device sends logs to the e mail address specified in this field If this fiel...

Страница 212: ...ect which day of the week to send the logs Time for Sending Log Enter the time of the day in 24 hour format for example 23 00 equals 11 00 pm to send the logs Clear log after sending mail Select the c...

Страница 213: ...src port 00520 dest port 00520 1 02 End of Firewall Log Table 79 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on information fr...

Страница 214: ...e using HTTPS protocol HTTPS login failed Someone has failed to log on to the router s web configurator interface using HTTPS protocol Table 80 System Error Logs LOG MESSAGE DESCRIPTION s exceeds the...

Страница 215: ...l session time out sent TCP RST The router sent a TCP reset packet when a dynamic firewall session timed out The default timeout values are as follows ICMP idle timeout 3 minutes UDP idle timeout 3 mi...

Страница 216: ...annel d call d s C01 Outgoing Call dev x ch x s The router received the setup requirements for a call call is the reference count number of the call dev is the device type 3 is for dial up 6 is for PP...

Страница 217: ...sponded that the web site is in the blocked category list and returned the category type s cache hit The system detected that the web site is in the blocked list from the local cache but does not know...

Страница 218: ...rewall detected an UDP teardrop attack teardrop ICMP type d code d The firewall detected an ICMP teardrop attack For type and code details see Table 95 on page 224 illegal command TCP The firewall det...

Страница 219: ...SA process done The phase 1 IKE SA process has been completed Duplicate requests with the same cookie The router received multiple requests from the same peer while still processing the first IKE pack...

Страница 220: ...ID contents do not match Configured Peer ID Content Configured Peer ID Content The phase 1 ID contents do not match and the configured Peer ID Content is displayed Incoming ID Content Incoming Peer I...

Страница 221: ...e 1 hash mismatch The listed rule s IKE phase 1 hash did not match between the router and the peer Rule d Phase 1 preshared key mismatch The listed rule s IKE phase 1 pre shared key did not match betw...

Страница 222: ...ame as recorded from the LDAP server whose IP address and port are recorded in the Source field Rcvd ARL size issuer name The router received an ARL Authority Revocation List with size and issuer name...

Страница 223: ...ecific information missing 14 Not used 15 CRL is too old 16 CRL is not valid 17 CRL signature was not verified correctly 18 CRL was not found anywhere 19 CRL was not added to the cache 20 CRL decoding...

Страница 224: ...ed to queue the datagrams for output to the next network on the route to the destination network 5 Redirect 0 Redirect datagrams for the Network 1 Redirect datagrams for the Host 2 Redirect datagrams...

Страница 225: ...gured one when the router generates a syslog The facility is defined in the web MAIN MENU LOGS Log Settings page The severity is the log s syslog class The definition of messages and notes are defined...

Страница 226: ...Chapter 19 Logs P 660H Tx v2 User s Guide 226...

Страница 227: ...the power adaptor or cord included with the ZyXEL Device 3 Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source Make sure the power sourc...

Страница 228: ...reen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address Section 6 2 1 on page 86 use the new IP address If you...

Страница 229: ...Device 1 Make sure you have entered the user name and password correctly The default password is 1234 This field is case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web confi...

Страница 230: ...not available anymore 1 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 1 4 on page 33 2 Reboot the ZyXEL Device 3 Turn the ZyXEL...

Страница 231: ...ernal SPTGEN 241 Setting up Your Computer s IP Address 257 IP Addresses and Subnetting 273 Pop up Windows JavaScripts and Java Permissions 283 Firewall Commands 289 NetBIOS Filter Commands 295 Triangl...

Страница 232: ...232...

Страница 233: ...128 x 36 mm Power Specification 12V AC 1A Built in Switch Four auto negotiating auto MDI MDI X 10 100 Mbps RJ 45 Ethernet ports Operation Temperature 0 C 40 C Storage Temperature 20 60 C Operation Hu...

Страница 234: ...parent bridging for unsupported network layer protocols DHCP Server Client Relay RIP I RIP II ICMP ATM QoS SNMP v1 and v2c with MIB II support RFC 1213 IP Multicasting IGMP v1 and v2 IGMP Proxy UPnP M...

Страница 235: ...the computers on your network Port Forwarding If you have a server mail or web server for example on your network you can use this feature to let people access it from the Internet DHCP Dynamic Host...

Страница 236: ...u to decide whether a service HTTP or FTP traffic for example from a computer on a network LAN or WAN for example can access the ZyXEL Device Any IP The Any IP feature allows a computer to access the...

Страница 237: ...s ADSL2 that extends the capability of basic ADSL by doubling the number of downstream bits RFC 1112 IGMP v1 Internet Group Management Protocol Version 1 RFC 2236 IGMP v2 Internet Group Management Pro...

Страница 238: ...of the screws and the wall 3 Make sure the screws are snugly fastened to the wall They need to hold the weight of the ZyXEL Device with the connection cables 4 Align the holes on the back of the ZyXE...

Страница 239: ...Appendix A Product Specifications P 660H Tx v2 User s Guide 239...

Страница 240: ...Appendix A Product Specifications P 660H Tx v2 User s Guide 240...

Страница 241: ...You can use FTP to get the Internal SPTGEN file Then edit the file in a text editor and use FTP to upload it again to the same device or another one See the following sections for details The Configur...

Страница 242: ...you enter a value other than 0 or 1 in the Input column of Field Identification Number 1000000 refer to Figure 129 on page 241 Figure 130 Invalid Parameter Entered Command Line Example The ZyXEL Devic...

Страница 243: ...r computer to the ZyXEL Device using the put command computer to the ZyXEL Device 4 Exit this FTP application Figure 133 Internal SPTGEN FTP Upload Example c ftp 192 168 1 1 220 PPP FTP version 1 0 re...

Страница 244: ...Route IP 0 No 1 Yes 1 10000006 Bridge 0 No 1 Yes 0 Table 104 Menu 3 Menu 3 1 General Ethernet Setup FIN FN PVA INPUT 30100001 Input Protocol filters Set 1 2 30100002 Input Protocol filters Set 2 256...

Страница 245: ...None 1 Both 2 In Only 3 Out Only 0 30200011 Version 0 Rip 1 1 Rip 2B 2 Rip 2M 0 30200012 Multicast 0 IGMP v2 1 IGMP v1 2 None 2 30200013 IP Policies Set 1 1 12 256 30200014 IP Policies Set 2 1 12 256...

Страница 246: ...1017 RIP Direction 0 None 1 Both 2 In Only 3 Out Only 0 30201018 Version 0 Rip 1 1 Rip 2B 2 Rip 2M 0 30201019 IP Alias 2 Incoming protocol filters Set 1 256 30201020 IP Alias 2 Incoming protocol filte...

Страница 247: ...e IP address 0 0 0 0 40000015 Remote IP subnet mask 0 40000016 ISP incoming protocol filter set 1 6 40000017 ISP incoming protocol filter set 2 256 40000018 ISP incoming protocol filter set 3 256 4000...

Страница 248: ...Route set 1 Gateway 0 0 0 0 120101006 IP Static Route set 1 Metric 0 120101007 IP Static Route set 1 Private 0 No 1 Yes 0 Menu 12 1 2 IP Static Route Setup FIN FN PVA INPUT 120108001 IP Static Route...

Страница 249: ...0 All 6 TCP 17 U DP 0 150000019 SUA Server 5 Port Start 0 150000020 SUA Server 5 Port End 0 150000021 SUA Server 5 Local IP address 0 0 0 0 150000022 SUA Server 6 Active 0 No 1 Yes 0 0 150000023 SUA S...

Страница 250: ...0 150000052 SUA Server 12 Active 0 No 1 Yes 0 150000053 SUA Server 12 Protocol 0 All 6 TCP 17 U DP 0 150000054 SUA Server 12 Port Start 0 150000055 SUA Server 12 Port End 0 150000056 SUA Server 12 Lo...

Страница 251: ...Rule 2 Dest IP address 0 0 0 0 210102005 IP Filter Set 1 Rule 2 Dest Subnet Mask 0 210102006 IP Filter Set 1 Rule 2 Dest Port 138 210102007 IP Filter Set 1 Rule 2 Dest Port Comp 0 none 1 equal 2 not...

Страница 252: ...1 Src Port 0 210201011 IP Filter Set 2 Rule 1 Src Port Comp 0 none 1 equal 2 not equal 3 less 4 g reater 0 210201013 IP Filter Set 2 Rule 1 Act Match 1 check next 2 forward 3 drop 3 210201014 IP Filt...

Страница 253: ...1234 Menu 23 2 System security radius server FIN FN PVA INPUT 230200001 Authentication Server Configured 0 No 1 Yes 1 230200002 Authentication Server Active 0 No 1 Yes 1 230200003 Authentication Serve...

Страница 254: ...Privacy for Broadcast Multicast packets 0 TKIP 1 WEP 0 230400010 WPA Broadcast Multicast Key Update Timer 0 Table 110 Menu 23 System Menus continued Table 111 Menu 24 11 Remote Management Control Men...

Страница 255: ...ted with the ZyXEL Device s command interpreter commands Table 112 Command Examples FIN FN PVA INPUT ci command for annex a wan adsl opencmd FIN FN PVA INPUT 990000001 ADSL OPMD 0 glite 1 t1 413 2 gdm...

Страница 256: ...Appendix B Internal SPTGEN P 660H Tx v2 User s Guide 256...

Страница 257: ...a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are...

Страница 258: ...hen click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In the Network window click Add 2 Select Protocol and then click Add 3 Select Microsoft...

Страница 259: ...select Obtain an IP address automatically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields Figure 135 Windows 95 98 Me...

Страница 260: ...the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your ZyXEL Device and restart your computer when prompted Verifying Settings 1 Click St...

Страница 261: ...v2 User s Guide 261 Figure 137 Windows XP Start Menu 2 In the Control Panel double click Network Connections Network and Dial up Connections in Windows 2000 NT Figure 138 Windows XP Control Panel 3 R...

Страница 262: ...b in Win XP and then click Properties Figure 140 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic...

Страница 263: ...dd In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default ga...

Страница 264: ...he General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server...

Страница 265: ...k Connections window Network and Dial up Connections in Windows 2000 NT 11 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and...

Страница 266: ...acintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 145 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings select Using DHCP Server from the Configure list...

Страница 267: ...nfiguration 7 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Click the Apple menu a...

Страница 268: ...k in the Subnet mask box Type the IP address of your ZyXEL Device in the Router address box 5 Click Apply Now and close the window 6 Turn on your ZyXEL Device and restart your computer if prompted Ver...

Страница 269: ...ow to configure your computer IP address using the KDE 1 Click the Red Hat button located on the bottom left corner select System Setting and click Network Figure 148 Red Hat 9 0 KDE Network Configura...

Страница 270: ...0 KDE Network Configuration DNS 5 Click the Devices tab 6 Click the Activate button to apply the changes The following screen displays Click Yes to save the changes in all screens Figure 151 Red Hat...

Страница 271: ...the etc directory The following figure shows an example where two DNS server IP addresses are specified Figure 154 Red Hat 9 0 DNS Settings in resolv conf 3 After you edit and save the configuration f...

Страница 272: ...root localhost ifconfig eth0 Link encap Ethernet HWaddr 00 50 BA 72 5B 44 inet addr 172 23 19 129 Bcast 172 23 19 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 71...

Страница 273: ...share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host...

Страница 274: ...s part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet masks always consis...

Страница 275: ...d by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a follo...

Страница 276: ...hows the company network before subnetting Figure 158 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The s...

Страница 277: ...8 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to...

Страница 278: ...bnet 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet A...

Страница 279: ...T BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252...

Страница 280: ...entered You don t need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address I...

Страница 281: ...computer B which is a DHCP client Neither can access the Internet This problem can be solved by assigning a different static IP address to computer A or setting computer A to obtain an IP address aut...

Страница 282: ...can not use the same IP address In the following example the computer and the router s LAN port both use 192 168 1 1 as the IP address The computer cannot access the Internet This problem can be solve...

Страница 283: ...rnet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking...

Страница 284: ...web pop up blockers you may have enabled Figure 164 Internet Options Privacy 3 Click Apply to save this setting Enable pop up Blockers with Exceptions Alternatively if you only want to allow pop up w...

Страница 285: ...ide 285 Figure 165 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 4 Click Add to mo...

Страница 286: ...play properly in Internet Explorer check that JavaScripts are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 167 Internet Options Security 2 Click the Cus...

Страница 287: ...tings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permiss...

Страница 288: ...Permissions P 660H Tx v2 User s Guide 288 JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected 3 C...

Страница 289: ...of all the firewall settings including e mail attack and the sets rules config display firewall set set This command shows the current configuration of a set including timeout values name default per...

Страница 290: ...e mail hour 0 23 This command sets the hour when the firewall log is sent through e mail if the ZyXEL Device is set to send it on an hourly daily or weekly basis config edit firewall e mail minute 0 5...

Страница 291: ...h the same destination where the ZyXEL Device starts dropping half open sessions to that destination Sets config edit firewall set set name desired name This command sets a name to identify a specifie...

Страница 292: ...MP Config edit firewall set set rule rule log none match not match both This command sets the ZyXEL Device to log traffic that matches the rule doesn t match both or neither Config edit firewall set s...

Страница 293: ...and to enter various non consecutive port numbers config edit firewall set set rule rule TCP destport range start port end port This command sets a rule to have the ZyXEL Device check for TCP traffic...

Страница 294: ...Commands P 660H Tx v2 User s Guide 294 config delete firewall set set rule rule This command removes the specified rule in a firewall configuration set Table 124 Firewall Commands continued FUNCTION...

Страница 295: ...configure NetBIOS filters to do the following Allow or disallow the sending of NetBIOS packets from the LAN to the WAN and from the WAN to the LAN Allow or disallow the sending of NetBIOS packets thr...

Страница 296: ...initiating calls Disabled type Identify which NetBIOS filter numbered 0 3 to configure 0 Between LAN and WAN 3 IPSec packet pass through 4 Trigger Dial on off For type 0 and 1 use on to enable the fi...

Страница 297: ...Ethernet devices Some companies have more than one route to one or more ISPs If the alternate gateway is on the LAN and it s IP address is in the same subnet the triangle route problem may occur The s...

Страница 298: ...al LAN interfaces with the ZyXEL Device being the gateway for each logical network By putting your LAN and Gateway B in different subnets all returning network traffic must pass through the ZyXEL Devi...

Страница 299: ...ice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in this publication are used for identification purposes only and m...

Страница 300: ...he date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials ZyXEL will at its discretion repair...

Страница 301: ...by ZyXEL to the corresponding return address Postage Paid This warranty gives you specific legal rights and you may also have other rights that vary from country to country Registration Register your...

Страница 302: ...Appendix I Legal Information P 660H Tx v2 User s Guide 302...

Страница 303: ...8 2439 Web Site www zyxel com www europe zyxel com FTP Site ftp zyxel com ftp europe zyxel com Regular Mail ZyXEL Communications Corp 6 Innovation Road II Science Park Hsinchu 300 Taiwan Costa Rica Su...

Страница 304: ...ki Finland France E mail info zyxel fr Telephone 33 4 72 52 97 97 Fax 33 4 72 52 19 20 Web Site www zyxel fr Regular Mail ZyXEL France 1 rue des Vergers Bat 1 C 69760 Limonest France Germany Support E...

Страница 305: ...1 U S A Norway Support E mail support zyxel no Sales E mail sales zyxel no Telephone 47 22 80 61 80 Fax 47 22 80 61 81 Web Site www zyxel no Regular Mail ZyXEL Communications A S Nils Hansens vei 13 0...

Страница 306: ...l support ua zyxel com Sales E mail sales ua zyxel com Telephone 380 44 247 69 78 Fax 380 44 494 49 32 Web Site www ua zyxel com Regular Mail ZyXEL Ukraine 13 Pimonenko Str Kiev 04050 Ukraine United K...

Страница 307: ...dth 59 235 budget 161 bandwidth management 59 155 bandwidth manager class configuration 160 monitor 164 summary 159 blocking time 141 brute force attack 115 C CBR 75 80 certifications 299 notices 300...

Страница 308: ...based scheduler 157 FCC interference statement 299 File Transfer Protocol see FTP filename extension 201 finger 102 firewall 234 access methods 123 address type 131 alerts 126 anti probing 139 command...

Страница 309: ...gement 234 Management Information Base see MIB management server 236 managing the device good habits 33 using FTP See FTP using Telnet See command interface using the command interface See command int...

Страница 310: ...mote management and NAT 170 remote management limitations 170 reset 205 reset button 40 resetting the ZyXEL device 40 restart 201 205 restore configuration 204 restore settings 204 RFC 1483 68 RFC 163...

Страница 311: ...lnet 60 171 temperature 233 TFTP restrictions 170 three way handshake 114 threshold values 140 time and date settings 197 timeout 170 tools 201 TR 069 236 traceroute 116 trademarks 299 traffic redirec...

Страница 312: ...WAN setup 67 WAN to LAN rules 126 warranty 300 note 300 web configurator 37 40 41 119 120 125 screen summary 41 Wide Area Network see WAN wizard icon 51 world wide web 170 Z zero configuration Interne...

Отзывы:

Нет отзывов

Похожие инструкции для P-660H-T1 v2

C-Bus 5200PG User Manual preview
5200PG
Бренд: C-Bus Страницы: 36
Danfoss ECL Comfort 110 Installation Manual preview
ECL Comfort 110
Бренд: Danfoss Страницы: 8
Elpro Technologies 905U-G User Manual preview
905U-G
Бренд: Elpro Technologies Страницы: 164
Top Global MB9000 Series User Manual preview
MB9000 Series
Бренд: Top Global Страницы: 66
Patton SmartNode 4940 Series User Manual preview
SmartNode 4940 Series
Бренд: Patton Страницы: 59
Beijer Electronics Korenix JetWave 2310 Series Quick Installation Manual preview
Korenix JetWave 2310 Series
Бренд: Beijer Electronics Страницы: 2
Net2Phone MAX 400 Series Command Reference Manual preview
MAX 400 Series
Бренд: Net2Phone Страницы: 129
XLOCK G3 Ethernnet Instruction Manual preview
G3 Ethernnet
Бренд: XLOCK Страницы: 2
D-Link DG-102SH Manual preview
DG-102SH
Бренд: D-Link Страницы: 83
SpectraLink NetLink 150 Technical Bulletin preview
NetLink 150
Бренд: SpectraLink Страницы: 2
THOMSON 905 User Manual preview
905
Бренд: THOMSON Страницы: 54
THOMSON TCW750-4 Instruction Manual preview
TCW750-4
Бренд: THOMSON Страницы: 74
King Pigeon BL280 User Manual preview
BL280
Бренд: King Pigeon Страницы: 52
King Pigeon S175 User Manual preview
S175
Бренд: King Pigeon Страницы: 55
Innoband 6000-B1 User Manual preview
6000-B1
Бренд: Innoband Страницы: 87
ZyXEL Communications UAG5100 User Manual preview
UAG5100
Бренд: ZyXEL Communications Страницы: 505
Watchguard SSL 1000 Hardware Manual preview
SSL 1000
Бренд: Watchguard Страницы: 30
Teltonika TRB245 Quick Start Manual preview
TRB245
Бренд: Teltonika Страницы: 6

Бренды по названию

Популярные бренды

Загрузить еще бренды