ZyXEL Communications P-660HW-D1 V2 Скачать руководство пользователя страница 148 | Manualshive

Страница: 148 / 358

background image

Chapter 9 Firewalls

P-660HW-Dx v2 User’s Guide

148

9.4.2.1 ICMP Vulnerability

ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types
trigger an alert:

9.4.2.2 Illegal Commands (NetBIOS and SMTP)

The only legal NetBIOS commands are the following - all others are illegal.

All SMTP commands are illegal except for those displayed in the following tables.

9.4.2.3 Traceroute

Traceroute is a utility used to determine the path a packet takes between two endpoints.
Sometimes when a packet filter firewall is configured incorrectly an attacker can traceroute
the firewall gaining knowledge of the network topology inside the firewall.
Often, many DoS attacks also employ a technique known as "

IP Spoofing

" as part of their

attack. IP Spoofing may be used to break into systems, to hide the hacker's identity, or to
magnify the effect of the DoS attack. IP Spoofing is a technique used to gain unauthorized
access to computers by tricking a router or firewall into thinking that the communications are
coming from within the trusted network. To engage in IP spoofing, a hacker must modify the
packet headers so that it appears that the packets originate from a trusted host and should be
allowed through the router or firewall. The ZyXEL Device blocks all IP Spoofing attempts.

9.5 Stateful Inspection

With stateful inspection, fields of the packets are compared to packets that are already known
to be trusted. For example, if you access some outside service, the proxy server remembers
things about your original request, like the port number and source and destination addresses.
This “remembering” is called

saving the state.

When the outside system responds to your

request, the firewall compares the received packets with the saved state to determine if they

Table 53

ICMP Commands That Trigger Alerts

5

REDIRECT

13

TIMESTAMP_REQUEST

14

TIMESTAMP_REPLY

17

ADDRESS_MASK_REQUEST

18

ADDRESS_MASK_REPLY

Table 54

Legal NetBIOS Commands

MESSAGE:

REQUEST:

POSITIVE:

VE:

RETARGET:

KEEPALIVE:

Table 55

Legal SMTP Commands

AUTH

DATA

EHLO

ETRN

EXPN

HELO

HELP

MAIL

NOOP

QUIT

RCPT

RSET

SAML

SEND

SOML

TURN

VRFY

«
...
146
147
148
149
150
...
»

Содержание P-660HW-D1 V2

Страница 1: ...www zyxel com P 660HW Dx v2 802 11g Wireless ADSL2 4 port Gateway User s Guide Version 3 40 3 2007 Edition 2...

Страница 2: ......

Страница 3: ...Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information It is recommended you use the web configurator to configure the ZyXEL Device Supporting...

Страница 4: ...stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key...

Страница 5: ...de 5 Icons Used in Figures Figures in this User s Guide may use the following generic icons The ZyXEL Device icon is not an exact representation of your device ZyXEL Device Computer Notebook computer...

Страница 6: ...LY an appropriate power adaptor or cord for your device Connect the power adaptor or cord to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to...

Страница 7: ...Safety Warnings P 660HW Dx v2 User s Guide 7...

Страница 8: ...Safety Warnings P 660HW Dx v2 User s Guide 8...

Страница 9: ...3 WAN Setup 75 LAN Setup 93 Wireless LAN 105 Network Address Translation NAT Screens 129 Security 141 Firewalls 143 Firewall Configuration 155 Content Filtering 177 Advanced 181 Static Route 183 Bandw...

Страница 10: ...Contents Overview P 660HW Dx v2 User s Guide 10...

Страница 11: ...Good Habits for Managing the ZyXEL Device 35 1 4 LEDs 35 1 5 Hardware Connections 36 1 5 1 Splitters and Microfilters 36 Chapter 2 Introducing the Web Configurator 39 2 1 Web Configurator Overview 39...

Страница 12: ...idth Management Wizard 67 4 1 Introduction 67 4 2 Predefined Media Bandwidth Management Services 67 4 3 Bandwidth Management Wizard Setup 68 Part III Network 73 Chapter 5 WAN Setup 75 5 1 WAN Overview...

Страница 13: ...P 97 6 3 Configuring LAN IP 98 6 3 1 Configuring Advanced LAN Setup 99 6 4 DHCP Setup 100 6 5 LAN Client List 101 6 6 LAN IP Alias 102 Chapter 7 Wireless LAN 105 7 1 Wireless Network Overview 105 7 2...

Страница 14: ...132 8 3 SIP ALG 132 8 4 NAT General Setup 133 8 5 Port Forwarding 133 8 5 1 Default Server IP Address 134 8 5 2 Port Forwarding Services and Port Numbers 134 8 5 3 Configuring Servers Behind Port For...

Страница 15: ...ic Overview 156 10 3 1 Rule Checklist 156 10 3 2 Security Ramifications 156 10 3 3 Key Fields For Configuring Rules 157 10 4 Connection Direction 157 10 4 1 LAN to WAN Rules 158 10 4 2 Alerts 158 10 5...

Страница 16: ...Usage 189 13 6 1 Reserving Bandwidth for Non Bandwidth Class Traffic 189 13 6 2 Maximize Bandwidth Usage Example 189 13 6 3 Bandwidth Management Priorities 191 13 7 Over Allotment of Bandwidth 191 13...

Страница 17: ...2 UPnP and ZyXEL 214 16 2 1 Configuring UPnP 214 16 3 Installing UPnP in Windows Example 215 16 3 1 Installing UPnP in Windows Me 215 16 3 2 Installing UPnP in Windows XP 216 16 4 Using UPnP in Windo...

Страница 18: ...1 1 Power Hardware Connections and LEDs 259 21 2 ZyXEL Device Access and Login 260 21 3 Internet Access 261 Part VII Appendices and Index 263 Appendix A Product Specifications and Wall Mounting 265 Ap...

Страница 19: ...Table of Contents P 660HW Dx v2 User s Guide 19 Index 351...

Страница 20: ...Table of Contents P 660HW Dx v2 User s Guide 20...

Страница 21: ...Packet Statistics 49 Figure 18 System General 50 Figure 19 Select a Mode 53 Figure 20 Wizard Welcome 54 Figure 21 Auto Detection No DSL Connection 54 Figure 22 Auto Detection Failed 55 Figure 23 Auto...

Страница 22: ...HCP Setup 100 Figure 57 LAN Client List 102 Figure 58 Physical Network Partitioned Logical Networks 103 Figure 59 LAN IP Alias 103 Figure 60 Example of a Wireless Network 105 Figure 61 Wireless LAN Ge...

Страница 23: ...ure 101 Firewall Threshold 174 Figure 102 Content Filter Keyword 177 Figure 103 Content Filter Schedule 178 Figure 104 Content Filter Trusted 179 Figure 105 Example of Static Routing Topology 183 Figu...

Страница 24: ...re 143 Firmware 251 Figure 144 Firmware Upload In Progress 252 Figure 145 Network Temporarily Disconnected 252 Figure 146 Error Message 253 Figure 147 Configuration 253 Figure 148 Configuration Restor...

Страница 25: ...t 9 0 Restart Ethernet Card 299 Figure 184 Red Hat 9 0 Checking TCP IP Properties 300 Figure 185 Network Number and Host ID 302 Figure 186 Subnetting Example Before Subnetting 304 Figure 187 Subnettin...

Страница 26: ...List of Figures P 660HW Dx v2 User s Guide 26...

Страница 27: ...Manually assign a WEP key 64 Table 17 Media Bandwidth Management Setup Services 67 Table 18 Bandwidth Management Wizard General Information 69 Table 19 Bandwidth Management Wizard Configuration 70 Tab...

Страница 28: ...irewall Configure Customized Services 165 Table 61 Predefined Services 169 Table 62 Firewall Anti Probing 172 Table 63 Firewall Threshold 174 Table 64 Content Filter Keyword 178 Table 65 Content Filte...

Страница 29: ...e 101 PPP Logs 240 Table 102 UPnP Logs 241 Table 103 Content Filtering Logs 241 Table 104 Attack Logs 242 Table 105 IPSec Logs 242 Table 106 IKE Logs 243 Table 107 PKI Logs 246 Table 108 Certificate P...

Страница 30: ...Planning 307 Table 135 16 bit Network Number Subnet Planning 307 Table 136 Firewall Commands 311 Table 137 Abbreviations Used in the Example Internal SPTGEN Screens Table 320 Table 138 Menu 1 General...

Страница 31: ...31 PART I Introduction Introducing the ZyXEL Device 33 Introducing the Web Configurator 39...

Страница 32: ...32...

Страница 33: ...ames ending in 3 denote a device that works over ISDN Integrated Services Digital Network The DSL RJ 11 ADSL over POTS models or RJ 45 ADSL over ISDN models connects to your ADSL enabled telephone lin...

Страница 34: ...ADSL ADSL2 ADSL2 standards Maximum data rates attainable for each standard are shown in the next table If your ZyXEL Device does not support Annex M the maximum ADSL2 2 upstream data rate is 1 2 Mbps...

Страница 35: ...configure many devices of the same type 1 3 Good Habits for Managing the ZyXEL Device Do the following things regularly to make the ZyXEL Device more secure and to manage the ZyXEL Device more effecti...

Страница 36: ...reen On The ZyXEL Device is receiving power and functioning properly Blinking The ZyXEL Device is rebooting or performing diagnostics Red On Power to the ZyXEL Device is too low Off The system is not...

Страница 37: ...re with your telephone voice transmissions The use of a telephone microfilter is optional 1 Locate and disconnect each telephone 2 Connect a cable from the wall jack to the wall side of the microfilte...

Страница 38: ...Y Connector to the ZyXEL Device 4 Connect the phone side of the microfilter to your telephone as shown in the following figure Figure 6 Connecting a Microfilter and Y Connector 1 5 1 3 ZyXEL Device W...

Страница 39: ...up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScripts enabled by default Java permissions enabled by default See the chapter on troubleshoo...

Страница 40: ...administrator access enter the default admin password 1234 to configure the wizards and the advanced features 2 Click Login to proceed to a screen asking you to change your password or click Cancel to...

Страница 41: ...hange Password at Login 4 Select Go to Wizard setup and click Apply to display the wizard main screen Otherwise select Go to Advanced setup and click Apply to display the Status screen Figure 11 Selec...

Страница 42: ...ot blinking 2 Press the RESET button for ten seconds or until the POWER LED begins to blink and then release it When the POWER LED begins to blink the defaults have been restored and the ZyXEL Device...

Страница 43: ...nable Any IP and other advanced properties DHCP Setup Use this screen to configure LAN DHCP settings Client List Use this screen to view current DHCP client information and to always assign an IP addr...

Страница 44: ...gure your ZyXEL Device s settings for Simple Network Management Protocol management DNS Use this screen to configure through which interface s and from which IP address es users can send DNS queries t...

Страница 45: ...evice s model name MAC Address This is the MAC Media Access Control or Ethernet address unique to your ZyXEL Device ZyNOS Firmware Version This is the ZyNOS firmware version and the date created ZyNOS...

Страница 46: ...s total heap memory in kilobytes The bar displays what percent of the ZyXEL Device s heap memory is in use The bar turns from green to red when the maximum is being approached Interface Status Interf...

Страница 47: ...lick the WLAN Status hyperlink in the Status screen to view the wireless stations that are currently associated to the ZyXEL Device Figure 15 Status WLAN Status Table 5 Status Any IP Table LABEL DESCR...

Страница 48: ...dwidth Status 2 4 6 Status Packet Statistics Click the Packet Statistics hyperlink in the Status screen Read only information here includes port status and packet specific statistics Also provided are...

Страница 49: ...Downstream Speed This is the downstream speed of your ZyXEL Device Node Link This field displays the remote node index number and link type Link types are PPPoA ENET RFC 1483 and PPPoE Status This fie...

Страница 50: ...down Up line is up or connected if you re using Ethernet encapsulation and Down line is down Up line is up or connected Idle line ppp idle Dial starting to trigger a call and Drop dropping a call if y...

Страница 51: ...51 PART II Wizards Wizard Setup for Internet Access 53 Bandwidth Management Wizard 67...

Страница 52: ...52...

Страница 53: ...h the information given to you by your ISP See the advanced menu chapters for background information on these fields 3 2 Internet Access Wizard Setup 1 After you enter the admin password to access the...

Страница 54: ...ype you use If the wizard does not detect a connection type and the following screen appears see Figure 21 on page 54 check your hardware connections and click Restart the Internet Wireless Setup Wiza...

Страница 55: ...pting you to enter your Internet account information Enter the username password and or service name exactly as provided 2 Click Next Figure 23 Auto Detection PPPoE 3 2 2 Manual Configuration 1 If the...

Страница 56: ...Choices vary depending on what you select in the Mode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field select PPPoA RFC 1483 ENET EN...

Страница 57: ...where domain identifies a service name then enter both components exactly as given Password Enter the password associated with the user name above Service Name Type the name of your PPPoE service here...

Страница 58: ...dress Select Static IP Address if your ISP gives you a fixed IP address IP Address Enter your ISP assigned IP address Subnet Mask Enter a subnet mask in dotted decimal notation Refer to the appendices...

Страница 59: ...an modify them Figure 29 Connection Test Failed 1 If the following screen displays check if your account is activated or click Restart the Internet Wireless Setup Wizard to verify your Internet access...

Страница 60: ...izard Setup After you configure the Internet access information use the following screens to set up your wireless LAN 1 Select Yes and click Next to configure wireless settings Otherwise select No and...

Страница 61: ...EL Device s SSID and WPA PSK security settings to wireless clients that support OTIST and are within transmission range You must also activate and start OTIST on the wireless client at the same time T...

Страница 62: ...s support WPA and OTIST This option is available only when you enable OTIST in the previous wizard screen Select Manually assign a WPA PSK key to configure a pre shared key WPA PSK Choose this option...

Страница 63: ...ss LAN setup screen to set up a Pre Shared Key Figure 34 Manually assign a WPA key The following table describes the labels in this screen 3 3 2 Manually assign a WEP key Choose Manually assign a WEP...

Страница 64: ...assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission Enter any 5 13 or 29 ASCII...

Страница 65: ...Figure 37 Internet Access and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www zyxel com Internet access is just the beginning Refer to the rest of this guide for more detailed...

Страница 66: ...Chapter 3 Wizard Setup for Internet Access P 660HW Dx v2 User s Guide 66...

Страница 67: ...d Wide Web WWW is an Internet system to distribute graphical hyper linked information based on Hyper Text Transfer Protocol HTTP a client server protocol for the World Wide Web The Web is not synonymo...

Страница 68: ...ort number 1720 VoIP SIP Sending voice signals over the Internet is called Voice over IP or VoIP Session Initiated Protocol SIP is an internationally recognized standard for implementing VoIP SIP is a...

Страница 69: ...requirements Figure 40 Bandwidth Management Wizard General Information The following fields describe the label in this screen Table 18 Bandwidth Management Wizard General Information LABEL DESCRIPTIO...

Страница 70: ...y the services names Priority Select High Mid or Low priority for each service to have your ZyXEL Device use a priority for traffic that matches that service A service with High priority is given as m...

Страница 71: ...k Finish to complete the wizard setup and save your configuration Figure 42 Bandwidth Management Wizard Complete Apply Click Apply to save your changes to the ZyXEL Device Exit Click Exit to close the...

Страница 72: ...Chapter 4 Bandwidth Management Wizard P 660HW Dx v2 User s Guide 72...

Страница 73: ...73 PART III Network WAN Setup 75 LAN Setup 93 Wireless LAN 105 Network Address Translation NAT Screens 129...

Страница 74: ...74...

Страница 75: ...E Point to Point Protocol over Ethernet provides access control and billing functionality in a manner similar to dial up services using PPP PPPoE is an IETF standard RFC 2516 specifying how a personal...

Страница 76: ...ominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical 5 1 2 2 LLC based Multiplexing In this case one VC carries multiple protocols with protocol identifyin...

Страница 77: ...your choices for IP address and ENET ENCAP gateway 5 1 5 1 IP Assignment with PPPoA or PPPoE Encapsulation If you have a dynamic IP then the IP Address and ENET ENCAP Gateway fields are not applicabl...

Страница 78: ...e Section 5 8 on page 89 For example if the normal route has a metric of 1 and the traffic redirect route has a metric of 2 and dial backup route has a metric of 3 then the normal route acts as the pr...

Страница 79: ...Constant Bit Rate CBR provides fixed bandwidth that is always available even if no data is being sent CBR traffic is generally time sensitive doesn t tolerate delay CBR is used for connections that co...

Страница 80: ...ansfer 5 4 Zero Configuration Internet Access Once you turn on and connect the ZyXEL Device to a telephone jack it automatically detects the Internet connection settings such as the VCI VPI numbers an...

Страница 81: ...Mode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field select PPPoA RFC 1483 ENET ENCAP or PPPoE User Name PPPoA and PPPoE encapsulat...

Страница 82: ...ss to use enter it here Subnet Mask ENET ENCAP encapsulation only Enter a subnet mask in dotted decimal notation Refer to the appendices to calculate a subnet mask If you are implementing subnetting G...

Страница 83: ...Rate to specify fixed always on bandwidth for voice or data traffic Select UBR Unspecified Bit Rate for applications that are non time sensitive such as e mail Select VBR nRT Variable Bit Rate non Re...

Страница 84: ...thod from the ISP and make the necessary configuration changes Select No to disable this feature You must manually configure the ZyXEL Device for Internet access PPPoE Passthrough This feature is avai...

Страница 85: ...lect the check box to enable it Name This is the descriptive name for this connection VPI VCI This is the VPI and VCI values used for this connection Encapsulation This is the method of encapsulation...

Страница 86: ...account If you select Bridge the ZyXEL Device will forward any packet that it does not route to this remote node otherwise the packets are discarded Encapsulation Select the method of encapsulation us...

Страница 87: ...use enter it here Subnet Mask Enter a subnet mask in dotted decimal notation Refer to the appendices to calculate a subnet mask If you are implementing subnetting Gateway IP address Specify a gateway...

Страница 88: ...ect CBR Continuous Bit Rate to specify fixed always on bandwidth for voice or data traffic Select UBR Unspecified Bit Rate for applications that are non time sensitive such as e mail Select VBR nRT Va...

Страница 89: ...ay is connected to the LAN Use IP alias to configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network Put the protected LAN in one subnet Sub...

Страница 90: ...ctivate either traffic redirect or dial backup you must configure at least one IP address here When using a WAN backup connection the ZyXEL Device periodically pings the addresses configured here and...

Страница 91: ...e If you activate traffic redirect you must configure at least one Check WAN IP Address Metric This field sets this route s priority among the routes the ZyXEL Device uses The metric represents the co...

Страница 92: ...Chapter 5 WAN Setup P 660HW Dx v2 User s Guide 92...

Страница 93: ...rea usually the same building or floor of a building The LAN screens can help you configure a LAN DHCP server and manage IP addresses See Section 6 3 on page 98 to configure the LAN screens 6 1 1 LANs...

Страница 94: ...dresses enter them in the DNS Server fields in DHCP Setup otherwise leave them blank Some ISP s choose to pass the DNS servers using the DNS server extensions of PPP IPCP IP Control Protocol after the...

Страница 95: ...ddress Translation NAT feature of the ZyXEL Device The Internet Assigned Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless y...

Страница 96: ...RIP packets but will not accept any RIP packets received None the ZyXEL Device will not send any RIP packets and will ignore any RIP packets received The Version field controls the format and the broa...

Страница 97: ...evice In cases where your computer is required to use a static IP address in another network you may need to manually configure the network settings of the computer every time you want to access the I...

Страница 98: ...ds packets to its default gateway which is not the ZyXEL Device by looking at the MAC address in its ARP table 2 When the computer cannot locate the default gateway an ARP request is broadcast on the...

Страница 99: ...Subnet Mask Type the subnet mask assigned to you by your ISP if given Apply Click Apply to save your changes to the ZyXEL Device Cancel Click Cancel to begin configuring this screen afresh Advanced Se...

Страница 100: ...over TCP IP NetBIOS Network Basic Input Output System are TCP or UDP packets that enable a computer to connect to and communicate with a LAN For some dial up services such as PPPoE or PPTP NetBIOS pac...

Страница 101: ...he clients Enter the IP address of the actual remote DHCP server in the Remote DHCP Server field in this case When DHCP is used the following items need to be set IP Pool Starting Address This field s...

Страница 102: ...ble entry row Status This field displays whether the client is connected to the ZyXEL Device Host Name This field displays the computer host name IP Address This field displays the IP address relative...

Страница 103: ...AN s logical networks subnets Make sure that the subnets of the logical networks do not overlap The following figure shows a LAN divided into subnets A B and C Figure 58 Physical Network Partitioned L...

Страница 104: ...s routing table periodically When set to Both or In Only it will incorporate the RIP information that it receives when set to None it will not send any RIP packets and will ignore any RIP packets rece...

Страница 105: ...less network devices A and B are called wireless clients The wireless clients use the access point AP to interact with other devices such as the printer or with the Internet Your ZyXEL Device is the A...

Страница 106: ...other documentation You can use the MAC address filter to tell the AP which wireless clients are allowed or not allowed to use the wireless network If a wireless client is allowed to use the wireless...

Страница 107: ...e if the wireless network has a RADIUS server you can choose WPA or WPA2 If users do not log in to the wireless network you can choose no encryption Static WEP WPA PSK or WPA2 PSK Usually you should s...

Страница 108: ...ZyXEL s OTIST you set up the SSID and WPA PSK on the ZyXEL Device Then the ZyXEL Device transfers them to the devices in the wireless networks As a result you do not have to set up the SSID and encry...

Страница 109: ...AP must have the same SSID Enter a descriptive name up to 32 printable 7 bit ASCII characters for the wireless LAN Note If you are configuring the ZyXEL Device from a computer connected to the wirele...

Страница 110: ...EL Device allows you to configure up to four 64 bit 128 bit or 256 bit WEP keys but only one key can be enabled at any one time In order to configure and enable WEP encryption click Network Wireless L...

Страница 111: ...er a Passphrase up to 32 printable characters and clicking Generate The ZyXEL Device automatically generates a WEP key WEP Key The WEP keys are used to encrypt data Both the ZyXEL Device and the wirel...

Страница 112: ...yXEL Device is using WPA2 PSK or WPA2 Pre Shared Key The encryption mechanisms used for WPA WPA2 and WPA PSK WPA2 PSK are the same The only difference between the two is that WPA PSK WPA2 PSK uses a s...

Страница 113: ...nnected to the wireless network for example using an authentication server If the wireless network is not keeping track of this information you can usually set this value higher to reduce the number o...

Страница 114: ...A2 ReAuthentication Timer In Seconds Specify how often wireless clients have to resend usernames and passwords in order to stay connected Enter a time interval between 10 and 9999 seconds The default...

Страница 115: ...ditional information Shared Secret Enter a password up to 31 alphanumeric characters as the key to be shared between the external authentication server and the ZyXEL Device The key must be the same on...

Страница 116: ...Select Short preamble if you are sure the wireless adapters support it and to provide more efficient communications Select Dynamic to have the ZyXEL Device automatically use short preamble when wirele...

Страница 117: ...n t configure one manually OTIST replaces the pre configured wireless settings on the wireless clients 7 4 1 Enabling OTIST You must enable OTIST on both the AP and wireless client before you start tr...

Страница 118: ...nt s Yes If you want OTIST to automatically generate a WPA PSK you must Change your security to any security other than WPA PSK in the Wireless LAN General screen Select the Yes checkbox in the OTIST...

Страница 119: ...wireless clients and AP in any order but they must all be within range and have OTIST enabled 1 In the AP a web configurator screen pops up showing you the security settings to transfer You can use th...

Страница 120: ...loses its wireless connection for more than ten seconds it will search for an OTIST enabled AP for up to one minute If you manually have the wireless client search for an OTIST enabled AP there is no...

Страница 121: ...this screen To change your ZyXEL Device s MAC filter settings click Network Wireless LAN MAC Filter The screen appears as shown Figure 74 MAC Address Filter The following table describes the labels in...

Страница 122: ...the MAC addresses of the wireless client that are allowed or denied access to the ZyXEL Device in these address fields Enter the MAC addresses in a valid MAC address format that is six hexadecimal cha...

Страница 123: ...used to find out if a user is logged on FTP TCP 20 21 File Transfer Program a program to enable fast transfer of files including large files that may not be possible by e mail H 323 TCP 1720 NetMeeti...

Страница 124: ...n the Internet SFTP TCP 115 Simple File Transfer Protocol SMTP TCP 25 Simple Mail Transfer Protocol is the message exchange standard for the Internet SMTP enables you to move messages from one e mail...

Страница 125: ...AN QoS The following table describes the fields in this screen Table 42 Wireless Lan QoS LABEL DESCRIPTION QoS Enable WMM QoS Select the check box to enable WMM QoS on the ZyXEL Device WMM QoS Policy...

Страница 126: ...he WMM QoS priority for traffic bandwidth Modify Click the to open the Application Priority Configuration screen Modify an existing application entry or create a application entry in the Application P...

Страница 127: ...HTTP a client server protocol for the World Wide Web The Web is not synonymous with the Internet rather it is just one service on the Internet Other services on the Internet include Internet Relay Ch...

Страница 128: ...Chapter 7 Wireless LAN P 660HW Dx v2 User s Guide 128...

Страница 129: ...f a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that inside outside refers to the...

Страница 130: ...eventing intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 8 1 3 How NAT Works Each packet has two addresses a...

Страница 131: ...stance PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported the SUA Only option in today s routers Many to Many Overload In Many to Many Overload mode...

Страница 132: ...NAT un friendly because they embed IP addresses and port numbers in their packets data payload Some NAT routers may include a SIP Application Layer Gateway ALG An Application Layer Gateway ALG manage...

Страница 133: ...the number of NAT sessions a single client can establish this can result in all of the available NAT sessions being used In this case no additional NAT sessions can be established and users may not b...

Страница 134: ...tion Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location If you are unsure refer to your ISP 8 5 1 Default Server IP Address I...

Страница 135: ...pears as a single host on the Internet Figure 80 Multiple Servers Behind NAT Example 8 6 Configuring Port Forwarding The Port Forwarding screen is available only when you select SUA Only in the NAT Ge...

Страница 136: ...here or in the remote management setup Port Forwarding Service Name Select a service from the drop down list box Server IP Address Enter the IP address of the server for the specified service Add Clic...

Страница 137: ...ABEL DESCRIPTION Active Click this check box to enable the rule Service Name Enter a name to identify this port forwarding rule Start Port Enter a port number in this field To forward only one port en...

Страница 138: ...le 50 Address Mapping Rules LABEL DESCRIPTION This is the rule index number Local Start IP This is the starting Inside Local IP Address ILA Local IP addresses are N A for Server port mapping Local End...

Страница 139: ...address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported only M M Ov Overload Many to Many Overload mode maps multiple local IP addresses to shared global IP addre...

Страница 140: ...rvices behind the NAT to be accessible to the outside world Local Start IP This is the starting local IP address ILA Local IP addresses are N A for Server port mapping Local End IP This is the end loc...

Страница 141: ...141 PART IV Security Firewalls 143 Firewall Configuration 155 Content Filtering 177 Certificates 145...

Страница 142: ...142...

Страница 143: ...e only mechanism or method employed For a firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In a...

Страница 144: ...assure the integrity of the connection and to adapt to dynamic protocols These firewalls generally provide the best speed and transparency however they may lack the granular application level access c...

Страница 145: ...fic functions An extension number called the TCP port or UDP port identifies these protocols such as HTTP Web FTP File Transfer Protocol POP3 E mail etc For example Web traffic by default uses TCP por...

Страница 146: ...series of IP fragments with overlapping offset fields When these fragments are reassembled at the destination some systems will crash hang or reboot 6 Weaknesses in the TCP IP specification leave it o...

Страница 147: ...er floods a router with Internet Control Message Protocol ICMP echo request packets pings Since the destination IP address of each packet is the broadcast address of the network the router will broadc...

Страница 148: ...ing a router or firewall into thinking that the communications are coming from within the trusted network To engage in IP spoofing a hacker must modify the packet headers so that it appears that the p...

Страница 149: ...P packet leaves the LAN network through the firewall s WAN interface The TCP packet is the first in a session and the packet s application layer protocol is configured for a firewall rule inspection 1...

Страница 150: ...ow certain types of traffic from the Internet to specific hosts on the LAN Allow access to a Web server to everyone but competitors Restrict use of certain protocols such as Telnet to authorized users...

Страница 151: ...ive Specifically only outgoing echoes will allow incoming echo replies outgoing address mask requests will allow incoming address mask replies and outgoing timestamp requests will allow incoming times...

Страница 152: ...icularly vulnerable because they provide more opportunities for hackers to crack your system Turn your computer off when not in use Never give out a password or any sensitive information to an unsolic...

Страница 153: ...ilters can not distinguish traffic originating from an inside host or an outside host by IP address To block allow IP trace route 9 7 2 Firewall The firewall inspects packet contents as well as their...

Страница 154: ...ish traffic originating from an inside host or an outside host by IP address The firewall performs better than filtering if you need to check many rules Use the firewall if you need routine e mail rep...

Страница 155: ...ravel of packets to which they apply By default the ZyXEL Device s stateful packet inspection allows packets traveling in the following directions LAN to LAN Router This allows computers on the LAN to...

Страница 156: ...precedence and override the ZyXEL Device s default rules 10 3 Rule Logic Overview Study these points carefully before configuring rules 10 3 1 Rule Checklist State the intent of the rule For example T...

Страница 157: ...ds an ICMP destination unreachable message to the sender 10 3 3 2 Service Select the service from the Service scrolling list box If the service is not listed it is necessary to first define it See Sec...

Страница 158: ...you will need to create custom rules to allow it 10 4 2 Alerts Alerts are reports on events such as attacks that you may want to know about right away You can choose to generate an alert when a rule i...

Страница 159: ...s the direction of travel of packets LAN to LAN Router LAN to WAN WAN to WAN Router WAN to LAN Firewall rules are grouped based on the direction of travel of packets to which they apply For example LA...

Страница 160: ...nfigure summarized below take priority over the general firewall action settings in the General screen This is your firewall rule number The ordering of your rules is important as rules are applied in...

Страница 161: ...can edit the rule Click the Remove icon to delete an existing firewall rule A window displays asking you to confirm that you want to delete the firewall rule Note that subsequent firewall rules move u...

Страница 162: ...Chapter 10 Firewall Configuration P 660HW Dx v2 User s Guide 162 Figure 92 Firewall Edit Rule...

Страница 163: ...he Source or Destination Address box You can add multiple addresses ranges of addresses and or subnets Edit To edit an existing source or destination address select it from the box and click Edit Dele...

Страница 164: ...tomized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one This action displays the following screen Apply Click Apply to save y...

Страница 165: ...vices LABEL DESCRIPTION Service Name Type a unique name for your custom port Service Type Choose the IP port TCP UDP or TCP UDP that defines your customized port from the drop down list box Port Confi...

Страница 166: ...e becomes rule 8 4 Click Add to display the firewall rule configuration screen 5 In the Edit Rule screen click the Edit Customized Services link to open the Customized Service screen 6 Click an index...

Страница 167: ...xample Edit Rule Destination Address 9 Use the Add and Remove buttons between Available Services and Selected Services list boxes to configure it as follows Click Apply when you are done Custom servic...

Страница 168: ...ewall Example Edit Rule Select Customized Services On completing the configuration procedure for this Internet firewall rule the Rules screen should look like the following Rule 1 allows a MyService c...

Страница 169: ...om service ports may also be configured using the Edit Customized Services function discussed previously Table 61 Predefined Services SERVICE DESCRIPTION AIM NEW_ICQ TCP 5190 AOL s Internet Messenger...

Страница 170: ...from a POP3 server through a temporary connection TCP IP or other PPTP TCP 1723 Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the control channel PPTP...

Страница 171: ...ation user Refer to Section 9 1 on page 143 for more information Click Security Firewall Anti Probing to display the screen as shown Figure 100 Firewall Anti Probing SSH TCP UDP 22 Secure Shell Remote...

Страница 172: ...ll rules Table 62 Firewall Anti Probing LABEL DESCRIPTION Respond to PING on The ZyXEL Device does not respond to any incoming Ping requests when Disable is selected Select LAN to reply to incoming LA...

Страница 173: ...The ZyXEL Device continues to delete half open sessions as necessary until the rate of new connection attempts drops below another threshold one minute low The rate is the number of new attempts dete...

Страница 174: ...eleting half open sessions When the rate of new connection attempts rises above this number the ZyXEL Device deletes half open sessions as required to accommodate new connection attempts 100 half open...

Страница 175: ...P sessions with the same destination host IP address that causes the firewall to start dropping half open sessions to that same destination host IP address Enter a number between 1 and 256 As a genera...

Страница 176: ...Chapter 10 Firewall Configuration P 660HW Dx v2 User s Guide 176...

Страница 177: ...ce performs content filtering You can also specify trusted IP addresses on the LAN for which the ZyXEL Device will not perform content filtering 11 2 Configuring Keyword Blocking Use this screen to bl...

Страница 178: ...list of all the keywords that you have configured the ZyXEL Device to block Delete Highlight a keyword in the box and click Delete to remove it Clear All Click Clear All to remove all of the keywords...

Страница 179: ...to Block Select this option to filter websites according to the day s and time s configured Active Select the check box to have the content filtering active on the selected day Start TIme Enter the st...

Страница 180: ...Chapter 11 Content Filtering P 660HW Dx v2 User s Guide 180...

Страница 181: ...181 PART V Advanced Static Route 183 Bandwidth Management 187 Dynamic DNS Setup 199 Remote Management Configuration 203 Universal Plug and Play UPnP 213...

Страница 182: ...182...

Страница 183: ...tance the ZyXEL Device knows about network N2 in the following figure through remote node Router 1 However the ZyXEL Device is unable to route a packet to network N3 because it doesn t know that there...

Страница 184: ...check box Name This is the name that describes or identifies this route Destination This parameter specifies the IP network address of the final destination Routing is always based on network number G...

Страница 185: ...ion Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical...

Страница 186: ...Chapter 12 Static Route P 660HW Dx v2 User s Guide 186...

Страница 187: ...traffic that comes into an interface Bandwidth management applies to all traffic flowing out of the router regardless of the traffic s source Traffic redirect or IP alias may cause LAN to LAN traffic...

Страница 188: ...he ZyXEL Device has two types of scheduler fairness based and priority based 13 5 1 Priority based Scheduler With the priority based scheduler the ZyXEL Device forwards traffic from bandwidth classes...

Страница 189: ...the available bandwidth first as much as they require if there is enough available bandwidth and then to lower priority classes if there is still bandwidth available The ZyXEL Device distributes the a...

Страница 190: ...and marketing departments 1536 kbps extra to each for a total of 3584 kbps for each because they both have the highest priority level Research requires more bandwidth but only gets its budgeted 2048...

Страница 191: ...n only browse the web when VoIP NetMeeting and FTP do not use all 1000 Kbps of available bandwidth 13 8 Configuring Summary Click Advanced Bandwidth MGMT to open the screen as shown next Enable bandwi...

Страница 192: ...nsmission speed For example set the WAN interface speed to 1000 kbps if your Internet connection has an upstream transmission speed of 1 Mbps You can set this number higher than the interface s actual...

Страница 193: ...llowing table To LAN Interface This is the number of an individual bandwidth management rule Active This displays whether the rule is enabled Select this check box to have the ZyXEL Device apply this...

Страница 194: ...that non DiffServ compliant ToS enabled network device will not conflict with the DSCP mapping Figure 111 DiffServ Differentiated Service Field The DSCP value determines the forwarding behavior the PH...

Страница 195: ...rated name or enter a descriptive name of up to 20 alphanumeric characters including spaces BW Budget Specify the maximum bandwidth allowed for the rule in kbps The recommendation is a setting between...

Страница 196: ...t to use a predefined application for the bandwidth class When you select User defined you need to configure at least one of the following fields other than the Subnet Mask fields which you only enter...

Страница 197: ...width in use The screen refreshes every few seconds Apply Click Apply to save your changes to the ZyXEL Device Cancel Click Cancel to begin configuring this screen afresh Table 79 Services and Port Nu...

Страница 198: ...nagement Monitor Table 80 Bandwidth Management Monitor LABEL DESCRIPTION Monitor This section allows you to select which network to monitor You may select either a LAN WLAN or WAN After selecting a ne...

Страница 199: ...now your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have...

Страница 200: ...Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma User Name Type your user name Password Type the...

Страница 201: ...P address of the NAT router that has a public IP address Note The DDNS server may not be able to detect the proper IP address if there is an HTTP proxy server between the ZyXEL Device and the DDNS ser...

Страница 202: ...Chapter 14 Dynamic DNS Setup P 660HW Dx v2 User s Guide 202...

Страница 203: ...from a remote location via Internet WAN only ALL LAN and WAN LAN only Neither Disable When you choose WAN only or LAN WAN you still need to configure a firewall rule to allow access See Appendix E on...

Страница 204: ...re is a firewall rule that blocks it A filter is applied through the commands to block a Telnet FTP or Web service 15 1 2 Remote Management and NAT When NAT is enabled Use the ZyXEL Device s WAN IP ad...

Страница 205: ...may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Access Status Select the interface s through whic...

Страница 206: ...ssword at the prompts The default password is 1234 The password is case sensitive Table 83 Remote Management Telnet LABEL DESCRIPTION Port You may change the server port number for a service if needed...

Страница 207: ...ion to manage and monitor the ZyXEL Device through the network The ZyXEL Device supports SNMP version one SNMPv1 and version two SNMPv2 The next figure illustrates an SNMP management operation Table 8...

Страница 208: ...collected about a device Examples of variables include such as number of packets received node port status etc A Management Information Base MIB is a collection of managed objects SNMP allows a manage...

Страница 209: ...T SNMP The screen appears as shown Figure 120 Remote Management SNMP Table 85 SNMP Traps TRAP TRAP NAME DESCRIPTION 0 coldStart defined in RFC 1215 A trap is sent after booting power on 1 warmStart de...

Страница 210: ...e using this service Secured Client IP A secured client is a trusted computer that is allowed to communicate with the ZyXEL Device using this service Select All to allow any computer to access the ZyX...

Страница 211: ...sponse packet from being sent This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed Table 87 Remote Management DNS LABEL DESCRIPTION Port The DNS service port numbe...

Страница 212: ...ices Select this option to prevent hackers from finding the ZyXEL Device by probing for unused ports If you select this option the ZyXEL Device will not respond to port request s for unused ports thus...

Страница 213: ...twork will appear as a separate icon Selecting the icon of a UPnP device will allow you to access the information and properties of that device 16 1 2 NAT Traversal UPnP NAT traversal automates the pr...

Страница 214: ...UPnP to display the screen shown next See Section 16 1 on page 213 for more information Figure 123 Configuring UPnP The following table describes the fields in this screen Table 89 Configuring UPnP LA...

Страница 215: ...Components selection box Click Details Figure 124 Add Remove Programs Windows Setup Communication 3 In the Communications window select the Universal Plug and Play check box in the Components selecti...

Страница 216: ...ompted 16 3 2 Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click start and Control Panel 2 Double click Network Connections 3 In the Network Connections win...

Страница 217: ...select the Universal Plug and Play check box Figure 128 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next 16 4 Using UPnP in Windows X...

Страница 218: ...e ZyXEL Device 16 4 1 Auto discover Your UPnP enabled Network Device 1 Click start and Control Panel Double click Network Connections An icon displays under Internet Gateway 2 Right click the icon and...

Страница 219: ...Play UPnP P 660HW Dx v2 User s Guide 219 Figure 130 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings Figure 131 Internet Connection...

Страница 220: ...dd When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 5 Select Show icon in notification area when connected option and click OK An icon di...

Страница 221: ...n access the web based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first This comes helpful if you do not know the IP address of the ZyXEL Device Follow the...

Страница 222: ...v2 User s Guide 222 Figure 135 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your ZyXEL Device and select...

Страница 223: ...223 Figure 136 Network Connections My Network Places 6 Right click on the icon for your ZyXEL Device and select Properties A properties window displays with basic information about the ZyXEL Device F...

Страница 224: ...Chapter 16 Universal Plug and Play UPnP P 660HW Dx v2 User s Guide 224...

Страница 225: ...225 PART VI Maintenance and Troubleshooting System 227 Logs 233 Tools 251 Diagnostic 257 Troubleshooting 259...

Страница 226: ...226...

Страница 227: ...indows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it...

Страница 228: ...pe how many minutes a management session can be left idle before the session times out The default is 5 minutes After it times out you have to log in with your password again Very long idle timeouts m...

Страница 229: ...or the existing password you use to access the system for configuring advanced features New Password Type your new system password up to 30 characters Note that as you type a password the screen displ...

Страница 230: ...Time and Date Setup to Manual enter the new date in this field and then click Apply Get from Time Server Select this radio button to have the ZyXEL Device get the time and date from the time server y...

Страница 231: ...me zone is one hour ahead of GMT or UTC GMT 1 End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving The o clock field uses the 24 hour format Here a...

Страница 232: ...Chapter 17 System P 660HW Dx v2 User s Guide 232...

Страница 233: ...warrants more serious attention They include system errors attacks access control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You m...

Страница 234: ...92 View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop down list box Select a category of logs to view select All Logs to view logs from a...

Страница 235: ...ubject line of the log e mail message that the ZyXEL Device sends Not all ZyXEL models have this field Send Log To The ZyXEL Device sends logs to the e mail address specified in this field If this fie...

Страница 236: ...is sent when the log fills up If you select None no log messages are sent Day for Sending Log Use the drop down list box to select which day of the week to send the logs Time for Sending Log Enter the...

Страница 237: ...src port 00520 dest port 00520 1 02 End of Firewall Log Table 94 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on information f...

Страница 238: ...e using HTTPS protocol HTTPS login failed Someone has failed to log on to the router s web configurator interface using HTTPS protocol Table 95 System Error Logs LOG MESSAGE DESCRIPTION s exceeds the...

Страница 239: ...l session time out sent TCP RST The router sent a TCP reset packet when a dynamic firewall session timed out The default timeout values are as follows ICMP idle timeout 3 minutes UDP idle timeout 3 mi...

Страница 240: ...hannel d call d s C01 Outgoing Call dev x ch x s The router received the setup requirements for a call call is the reference count number of the call dev is the device type 3 is for dial up 6 is for P...

Страница 241: ...esponded that the web site is in the blocked category list and returned the category type s cache hit The system detected that the web site is in the blocked list from the local cache but does not kno...

Страница 242: ...irewall detected an UDP teardrop attack teardrop ICMP type d code d The firewall detected an ICMP teardrop attack For type and code details see Table 110 on page 248 illegal command TCP The firewall d...

Страница 243: ...SA process done The phase 1 IKE SA process has been completed Duplicate requests with the same cookie The router received multiple requests from the same peer while still processing the first IKE pack...

Страница 244: ...ID contents do not match Configured Peer ID Content Configured Peer ID Content The phase 1 ID contents do not match and the configured Peer ID Content is displayed Incoming ID Content Incoming Peer I...

Страница 245: ...e 1 hash mismatch The listed rule s IKE phase 1 hash did not match between the router and the peer Rule d Phase 1 preshared key mismatch The listed rule s IKE phase 1 pre shared key did not match betw...

Страница 246: ...name as recorded from the LDAP server whose IP address and port are recorded in the Source field Rcvd ARL size issuer name The router received an ARL Authority Revocation List with size and issuer nam...

Страница 247: ...ecific information missing 14 Not used 15 CRL is too old 16 CRL is not valid 17 CRL signature was not verified correctly 18 CRL was not found anywhere 19 CRL was not added to the cache 20 CRL decoding...

Страница 248: ...ded to queue the datagrams for output to the next network on the route to the destination network 5 Redirect 0 Redirect datagrams for the Network 1 Redirect datagrams for the Host 2 Redirect datagrams...

Страница 249: ...gured one when the router generates a syslog The facility is defined in the web MAIN MENU LOGS Log Settings page The severity is the log s syslog class The definition of messages and notes are defined...

Страница 250: ...Chapter 18 Logs P 660HW Dx v2 User s Guide 250...

Страница 251: ...el name with a bin extension for example ZyXEL Device bin The upload process uses HTTP Hypertext Transfer Protocol and may take up to two minutes After a successful upload the system will reboot Only...

Страница 252: ...145 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen If the upload was not successful the following screen will appear Click Re...

Страница 253: ...Backup Configuration Backup configuration allows you to back up save the ZyXEL Device s current configuration to a file on your computer Once your ZyXEL Device is configured and functioning properly...

Страница 254: ...following icon on your desktop Figure 149 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as tha...

Страница 255: ...s You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device Refer to the chapter about introducing the web configurator for more information on the RESET...

Страница 256: ...Chapter 19 Tools P 660HW Dx v2 User s Guide 256...

Страница 257: ...he screen shown next Figure 152 Diagnostic General The following table describes the fields in this screen 20 2 DSL Line Diagnostic Click Maintenance Diagnostic DSL Line to open the screen shown next...

Страница 258: ...ice sends an OAM F5 packet to the DSLAM ATM switch and then returns it loops it back to the ZyXEL Device The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM network DSL...

Страница 259: ...the power adaptor or cord included with the ZyXEL Device 3 Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source Make sure the power sourc...

Страница 260: ...reen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address Section 6 2 1 on page 95 use the new IP address If you...

Страница 261: ...e entered the user name and password correctly The default password is 1234 This field is case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is u...

Страница 262: ...behaving as expected See the Quick Start Guide and Section 1 4 on page 35 2 Reboot the ZyXEL Device 3 Turn the ZyXEL Device off and on 4 If the problem continues contact your ISP V The Internet conne...

Страница 263: ...ur Computer s IP Address 285 IP Addresses and Subnetting 301 Firewall Commands 311 Internal SPTGEN 317 Command Interpreter 331 Pop up Windows JavaScripts and Java Permissions 333 NetBIOS Filter Comman...

Страница 264: ...264...

Страница 265: ...ce between the centers of the holes for wall mounting on the device s back 108 mm Screw size for wall mounting M4 Tap Screw Antenna The ZyXEL Device is equipped with one 3dBi fixed antenna Table 118 F...

Страница 266: ...gging and Tracing Use packet tracing and logs for troubleshooting You can send logs from the ZyXEL Device to an external syslog server PPPoE PPPoE mimics a dial up Internet access connection PPTP Enca...

Страница 267: ...fully compatible with both IEEE 802 11b and IEEE 802 11g standards and can support both kinds of clients on the same network WEP Encryption WEP Wired Equivalent Privacy allows the encryption of data b...

Страница 268: ...o and Super G modes IEEE 802 11d Standard for Local and Metropolitan Area Networks Media Access Control MAC Bridges IEEE 802 11x Port Based Network Access Control IEEE 802 11e QoS IEEE 802 11 e Wirele...

Страница 269: ...ipes or cables located inside the wall when drilling holes for the screws 4 Do not insert the screws all the way into the wall Leave a small gap of about 0 5 cm between the heads of the screws and the...

Страница 270: ...Appendix A Product Specifications and Wall Mounting P 660HW Dx v2 User s Guide 270 Figure 155 Masonry Plug and M4 Tap Screw...

Страница 271: ...pendent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 156 Peer to Peer Communication in an Ad hoc Ne...

Страница 272: ...ired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired netwo...

Страница 273: ...tially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 cha...

Страница 274: ...requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if t...

Страница 275: ...ort it and to provide more efficient communications Use the dynamic setting to automatically use short preamble when all wireless devices on the network support it otherwise the ZyXEL Device uses long...

Страница 276: ...dvantages of IEEE 802 1x are User based identification that allows for roaming Support for RADIUS Remote Authentication Dial In User Service RFC 2138 2139 for centralized user profile and accounting m...

Страница 277: ...int and the RADIUS server for user accounting Accounting Request Sent by the access point requesting accounting Accounting Response Sent by the RADIUS server to indicate that it has started or stopped...

Страница 278: ...wireless clients for mutual authentication The server presents a certificate to the client After validating the identity of the server the client sends a different certificate to the server The excha...

Страница 279: ...t defines stronger encryption authentication and key management than WPA Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication If both an AP and the wireless...

Страница 280: ...with and the packet is dropped By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism MIC with TKIP and AES it is more difficult to decrypt da...

Страница 281: ...client s authentication request to the RADIUS server 2 The RADIUS server then checks the user s identification against its database and grants or denies network access accordingly 3 A 256 bit Pairwise...

Страница 282: ...to this table to see what other security parameters you should configure for each authentication method or key management protocol type MAC address filters are not dependent on how you configure thes...

Страница 283: ...door site each 1dB increase in gain results in a range increase of approximately 5 Actual results may vary depending on the network environment Antenna gain is sometimes specified in dBi which is how...

Страница 284: ...nd in a direct line of sight to each other to attain the best performance For omni directional antennas mounted on a table desk and so on point the antenna up For omni directional antennas mounted on...

Страница 285: ...a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are...

Страница 286: ...hen click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In the Network window click Add 2 Select Protocol and then click Add 3 Select Microsoft...

Страница 287: ...select Obtain an IP address automatically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields Figure 163 Windows 95 98 Me...

Страница 288: ...e the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your ZyXEL Device and restart your computer when prompted Verifying Settings 1 Click S...

Страница 289: ...v2 User s Guide 289 Figure 165 Windows XP Start Menu 2 In the Control Panel double click Network Connections Network and Dial up Connections in Windows 2000 NT Figure 166 Windows XP Control Panel 3 R...

Страница 290: ...ab in Win XP and then click Properties Figure 168 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic...

Страница 291: ...Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default g...

Страница 292: ...the General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS serve...

Страница 293: ...k Connections window Network and Dial up Connections in Windows 2000 NT 11 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and...

Страница 294: ...Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 173 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings select Using DHCP Server from the Configure list...

Страница 295: ...onfiguration 7 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Click the Apple menu...

Страница 296: ...k in the Subnet mask box Type the IP address of your ZyXEL Device in the Router address box 5 Click Apply Now and close the window 6 Turn on your ZyXEL Device and restart your computer if prompted Ver...

Страница 297: ...low to configure your computer IP address using the KDE 1 Click the Red Hat button located on the bottom left corner select System Setting and click Network Figure 176 Red Hat 9 0 KDE Network Configur...

Страница 298: ...0 KDE Network Configuration DNS 5 Click the Devices tab 6 Click the Activate button to apply the changes The following screen displays Click Yes to save the changes in all screens Figure 179 Red Hat...

Страница 299: ...the etc directory The following figure shows an example where two DNS server IP addresses are specified Figure 182 Red Hat 9 0 DNS Settings in resolv conf 3 After you edit and save the configuration...

Страница 300: ...root localhost ifconfig eth0 Link encap Ethernet HWaddr 00 50 BA 72 5B 44 inet addr 172 23 19 129 Bcast 172 23 19 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 71...

Страница 301: ...share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host...

Страница 302: ...is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet masks always consi...

Страница 303: ...d by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a follo...

Страница 304: ...hows the company network before subnetting Figure 186 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The s...

Страница 305: ...68 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to...

Страница 306: ...ubnet 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet...

Страница 307: ...ST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252...

Страница 308: ...entered You don t need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address I...

Страница 309: ...o computer B which is a DHCP client Neither can access the Internet This problem can be solved by assigning a different static IP address to computer A or setting computer A to obtain an IP address au...

Страница 310: ...can not use the same IP address In the following example the computer and the router s LAN port both use 192 168 1 1 as the IP address The computer cannot access the Internet This problem can be solv...

Страница 311: ...e of all the firewall settings including e mail attack and the sets rules config display firewall set set This command shows the current configuration of a set including timeout values name default pe...

Страница 312: ...e mail hour 0 23 This command sets the hour when the firewall log is sent through e mail if the ZyXEL Device is set to send it on an hourly daily or weekly basis config edit firewall e mail minute 0 5...

Страница 313: ...th the same destination where the ZyXEL Device starts dropping half open sessions to that destination Sets config edit firewall set set name desired name This command sets a name to identify a specifi...

Страница 314: ...CMP Config edit firewall set set rule rule log none match not match both This command sets the ZyXEL Device to log traffic that matches the rule doesn t match both or neither Config edit firewall set...

Страница 315: ...mand to enter various non consecutive port numbers config edit firewall set set rule rule TCP destport range start port end port This command sets a rule to have the ZyXEL Device check for TCP traffic...

Страница 316: ...Commands P 660HW Dx v2 User s Guide 316 config delete firewall set set rule rule This command removes the specified rule in a firewall configuration set Table 136 Firewall Commands continued FUNCTION...

Страница 317: ...You can use FTP to get the Internal SPTGEN file Then edit the file in a text editor and use FTP to upload it again to the same device or another one See the following sections for details The Configu...

Страница 318: ...you enter a value other than 0 or 1 in the Input column of Field Identification Number 1000000 refer to Figure 191 on page 317 Figure 192 Invalid Parameter Entered Command Line Example The ZyXEL Devi...

Страница 319: ...r computer to the ZyXEL Device using the put command computer to the ZyXEL Device 4 Exit this FTP application Figure 195 Internal SPTGEN FTP Upload Example c ftp 192 168 1 1 220 PPP FTP version 1 0 re...

Страница 320: ...4 Route IP 0 No 1 Yes 1 10000006 Bridge 0 No 1 Yes 0 Table 139 Menu 3 Menu 3 1 General Ethernet Setup FIN FN PVA INPUT 30100001 Input Protocol filters Set 1 2 30100002 Input Protocol filters Set 2 256...

Страница 321: ...0 None 1 Both 2 In Only 3 Out Only 0 30200011 Version 0 Rip 1 1 Rip 2B 2 Rip 2M 0 30200012 Multicast 0 IGMP v2 1 IGMP v1 2 None 2 30200013 IP Policies Set 1 1 12 256 30200014 IP Policies Set 2 1 12 25...

Страница 322: ...01017 RIP Direction 0 None 1 Both 2 In Only 3 Out Only 0 30201018 Version 0 Rip 1 1 Rip 2B 2 Rip 2M 0 30201019 IP Alias 2 Incoming protocol filters Set 1 256 30201020 IP Alias 2 Incoming protocol filt...

Страница 323: ...e IP address 0 0 0 0 40000015 Remote IP subnet mask 0 40000016 ISP incoming protocol filter set 1 6 40000017 ISP incoming protocol filter set 2 256 40000018 ISP incoming protocol filter set 3 256 4000...

Страница 324: ...Route set 1 Gateway 0 0 0 0 120101006 IP Static Route set 1 Metric 0 120101007 IP Static Route set 1 Private 0 No 1 Yes 0 Menu 12 1 2 IP Static Route Setup FIN FN PVA INPUT 120108001 IP Static Route...

Страница 325: ...0 All 6 TCP 17 U DP 0 150000019 SUA Server 5 Port Start 0 150000020 SUA Server 5 Port End 0 150000021 SUA Server 5 Local IP address 0 0 0 0 150000022 SUA Server 6 Active 0 No 1 Yes 0 0 150000023 SUA S...

Страница 326: ...0 150000052 SUA Server 12 Active 0 No 1 Yes 0 150000053 SUA Server 12 Protocol 0 All 6 TCP 17 U DP 0 150000054 SUA Server 12 Port Start 0 150000055 SUA Server 12 Port End 0 150000056 SUA Server 12 Lo...

Страница 327: ...Rule 2 Dest IP address 0 0 0 0 210102005 IP Filter Set 1 Rule 2 Dest Subnet Mask 0 210102006 IP Filter Set 1 Rule 2 Dest Port 138 210102007 IP Filter Set 1 Rule 2 Dest Port Comp 0 none 1 equal 2 not...

Страница 328: ...e 1 Src Port 0 210201011 IP Filter Set 2 Rule 1 Src Port Comp 0 none 1 equal 2 not equal 3 less 4 g reater 0 210201013 IP Filter Set 2 Rule 1 Act Match 1 check next 2 forward 3 drop 3 210201014 IP Fil...

Страница 329: ...1234 Menu 23 2 System security radius server FIN FN PVA INPUT 230200001 Authentication Server Configured 0 No 1 Yes 1 230200002 Authentication Server Active 0 No 1 Yes 1 230200003 Authentication Serve...

Страница 330: ...a Privacy for Broadcast Multicast packets 0 TKIP 1 WEP 0 230400010 WPA Broadcast Multicast Key Update Timer 0 Table 145 Menu 23 System Menus continued Table 146 Menu 24 11 Remote Management Control Me...

Страница 331: ...ted with the ZyXEL Device s command interpreter commands Table 147 Command Examples FIN FN PVA INPUT ci command for annex a wan adsl opencmd FIN FN PVA INPUT 990000001 ADSL OPMD 0 glite 1 t1 413 2 gdm...

Страница 332: ...Appendix F Internal SPTGEN P 660HW Dx v2 User s Guide 332...

Страница 333: ...ernet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blockin...

Страница 334: ...web pop up blockers you may have enabled Figure 197 Internet Options Privacy 3 Click Apply to save this setting Enable pop up Blockers with Exceptions Alternatively if you only want to allow pop up w...

Страница 335: ...ide 335 Figure 198 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 4 Click Add to mo...

Страница 336: ...play properly in Internet Explorer check that JavaScripts are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 200 Internet Options Security 2 Click the Cus...

Страница 337: ...ttings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permis...

Страница 338: ...ermissions P 660HW Dx v2 User s Guide 338 JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected 3 C...

Страница 339: ...configure NetBIOS filters to do the following Allow or disallow the sending of NetBIOS packets from the LAN to the WAN and from the WAN to the LAN Allow or disallow the sending of NetBIOS packets thr...

Страница 340: ...initiating calls Disabled type Identify which NetBIOS filter numbered 0 3 to configure 0 Between LAN and WAN 3 IPSec packet pass through 4 Trigger Dial on off For type 0 and 1 use on to enable the fi...

Страница 341: ...Ethernet devices Some companies have more than one route to one or more ISPs If the alternate gateway is on the LAN and it s IP address is in the same subnet the triangle route problem may occur The...

Страница 342: ...al LAN interfaces with the ZyXEL Device being the gateway for each logical network By putting your LAN and Gateway B in different subnets all returning network traffic must pass through the ZyXEL Devi...

Страница 343: ...ice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in this publication are used for identification purposes only and m...

Страница 344: ...onjunction with any other antenna or transmitter IEEE 802 11b or 802 11g operation of this product in the U S A is firmware limited to channels 1 through 11 To comply with FCC RF exposure compliance r...

Страница 345: ...conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implie...

Страница 346: ...Appendix J Legal Information P 660HW Dx v2 User s Guide 346...

Страница 347: ...78 2439 Web Site www zyxel com www europe zyxel com FTP Site ftp zyxel com ftp europe zyxel com Regular Mail ZyXEL Communications Corp 6 Innovation Road II Science Park Hsinchu 300 Taiwan Costa Rica S...

Страница 348: ...ki Finland France E mail info zyxel fr Telephone 33 4 72 52 97 97 Fax 33 4 72 52 19 20 Web Site www zyxel fr Regular Mail ZyXEL France 1 rue des Vergers Bat 1 C 69760 Limonest France Germany Support E...

Страница 349: ...01 U S A Norway Support E mail support zyxel no Sales E mail sales zyxel no Telephone 47 22 80 61 80 Fax 47 22 80 61 81 Web Site www zyxel no Regular Mail ZyXEL Communications A S Nils Hansens vei 13...

Страница 350: ...il support ua zyxel com Sales E mail sales ua zyxel com Telephone 380 44 247 69 78 Fax 380 44 494 49 32 Web Site www ua zyxel com Regular Mail ZyXEL Ukraine 13 Pimonenko Str Kiev 04050 Ukraine United...

Страница 351: ...opback test 258 attack alert 174 attack types 148 attacks 233 auxiliary gateway 267 B backup 253 backup gateway 267 backup settings 253 backup type 90 bandwidth 67 budget 193 bandwidth management 67 1...

Страница 352: ...NS DoS 144 145 173 basics 145 types 146 downstream 33 34 DS Field 194 DS field 194 DSCPs 194 DSL reinitialize 258 DSLAM 33 dynamic DNS 199 dynamic WEP key exchange 279 DYNDNS wildcard 199 E EAP Authen...

Страница 353: ...IBSS 271 initialization vector IV 280 Integrated Services Digital Network see ISDN internal SPTGEN 317 FTP upload example 319 points to remember 318 text file 317 Internet access 34 53 wizard setup 53...

Страница 354: ...r 42 NetBIOS 339 commands 148 Network Address Translation see NAT Network Basic Input Output System see NetBIOS network disconnect icon 252 254 network management 134 NNTP 134 O one minute high 173 on...

Страница 355: ...ifications 156 Server 132 server 131 132 230 service 157 service set 109 Service Set IDentity See SSID service type 165 services 134 settings backup 253 defaults 253 restore 254 setup general 227 Sing...

Страница 356: ...name 200 V Variable Bit Rate see VBR VBR 83 88 VC 76 VC based multiplexing 76 VCI 77 Virtual Channel Identifier see VCI virtual circuit see VC Virtual Path Identifier see VPI Voice over IP see VoIP Vo...

Страница 357: ...279 user authentication 280 vs WPA2 PSK 280 wireless client supplicant 281 with RADIUS application example 281 WPA2 Pre Shared Key 279 WPA2 PSK 279 280 application example 281 WPA PSK 279 280 applica...

Страница 358: ...Index P 660HW Dx v2 User s Guide 358...

Отзывы:

Нет отзывов

Похожие инструкции для P-660HW-D1 V2

Бренд: Matrix Telecom Страницы: 32

fieldserver EZ Series

Бренд: MSA Страницы: 61

SmartNode 5540E Series

Бренд: Patton Страницы: 77

VBG-PN-K20-DMD-EV

Бренд: Pepperl+Fuchs Страницы: 11

Бренд: Huawei Страницы: 28

Бренд: Huawei Страницы: 12

Бренд: Sole Digital Страницы: 15

Бренд: Wireless Sensors Страницы: 35

Бренд: ViewSonic Страницы: 1

Бренд: Arris Страницы: 51

Бренд: Titan Logix Страницы: 50

HomeConnect 3CRWE50194

Бренд: 3Com Страницы: 2

VoxStack Series

Бренд: OpenVox Страницы: 106

Бренд: Sunrise Страницы: 162

Бренд: TAIKO Страницы: 20

Бренд: YOKOGAWA Страницы: 29

Бренд: Salto Страницы: 3

Бренд: Harman Страницы: 21

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды