manualshive.com logo in svg

ZyXEL Communications PMG2006-T20A, Руководство пользователя

ПО PMG2006-T20A от ZyXEL Communications - прекрасное устройство для домашнего интернета. Скачайте бесплатное руководство пользователя с нашего сайта, чтобы быстро и легко настроить ваше оборудование. Необходимая информация доступна на manualshive.com. Удобное и надежное средство для вашей домашней сети.

Поделиться
Скачать
background image

 Chapter 12 Firewall

PMG2006-T20A User’s Guide

96

12.1.2  What You Need to Know

SYN Attack

A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted 
system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYN-
ACK, it queues up all outstanding SYN-ACK responses on a backlog queue. SYN-ACKs are moved off the 
queue only when an ACK comes back or when an internal timer terminates the three-way handshake. 
Once the queue is full, the system will ignore all incoming SYN requests, making the system unavailable 
for legitimate users.

DoS

Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. 
Their goal is not to steal information, but to disable a device or network so users no longer have access 
to network resources. The PMG2006-T20A is pre-configured to automatically detect and thwart all 
known DoS attacks.

DDoS

A DDoS attack is one in which multiple compromised systems attack a single target, thereby causing 
denial of service for users of the targeted system.

LAND Attack

In a LAND attack, hackers flood SYN packets into the network with a spoofed source IP address of the 
target system. This makes it appear as if the host computer sent the packets to itself, making the system 
unavailable while the target system tries to respond to itself.

Ping of Death

Ping of Death uses a "ping" utility to create and send an IP packet that exceeds the maximum 65,536 
bytes of data allowed by the IP specification. This may cause systems to crash, hang or reboot.

SPI

Stateful Packet Inspection (SPI) tracks each connection crossing the firewall and makes sure it is valid. 
Filtering decisions are based not only on rules but also context. For example, traffic from the WAN may 
only be allowed to cross the firewall in response to a request from the LAN.

12.2  The Firewall Screen

Use this screen to set the security level of the firewall on the PMG2006-T20A, and block unauthorized 
access to your network. Firewall rules are grouped based on the direction of travel of packets to which 
they apply. Note that a higher firewall level means more restrictions to the Internet activities you want to 
perform.

Click 

Security > Firewall 

to display the 

General 

screen. 

Содержание PMG2006-T20A

Страница 1: ...ogin Details User s Guide PMG2006 T20A GPON HGU with 4 port GbE Switch Copyright 2017 Zyxel Communications Corporation LAN IP Address http 192 168 1 1 User Name admin Password 1234 Version 5 21 Edition 1 04 2017 ...

Страница 2: ...in this book may differ slightly from what you see due to differences in release versions or your computer operating system Every effort has been made to ensure that the information in this manual is accurate Related Documentation Quick Start Guide The Quick Start Guide shows how to connect the PMG2006 T20A and get up and running right away More Information Go to support zyxel com to find other in...

Страница 3: ...uting 63 Network Address Translation NAT 70 Dynamic DNS Setup 87 Interface Grouping 91 Firewall 95 MAC Filter 102 Parental Control 104 Scheduler Rule 109 Certificates 111 Log 117 Traffic Status 120 ARP Table 124 Routing Table 126 System 128 User Account 129 Remote Management 132 SNMP 135 Time Settings 137 E mail Notification 139 Log Setting 141 Firmware Upgrade 145 Backup Restore 147 Diagnostic 15...

Страница 4: ...t Access 12 1 5 Hardware 13 1 5 1 Front Panel 13 1 5 2 LEDs Lights 13 1 5 3 Rear Panel 14 1 5 4 The Reset Button 15 1 6 Wall Mounting 15 Chapter 2 The Web Configurator 17 2 1 Overview 17 2 1 1 Accessing the Web Configurator 17 2 2 Web Configurator Layout 19 2 2 1 Title Bar 19 2 2 2 Navigation Panel 20 Chapter 3 Quick Start 23 3 1 Overview 23 3 2 Quick Start Setup 23 Chapter 4 Tutorials 25 4 1 Over...

Страница 5: ...w 39 6 1 1 What You Can Do in This Chapter 39 6 1 2 What You Need to Know 39 6 1 3 Before You Begin 42 6 2 The Broadband Screen 42 6 2 1 Add Edit Internet Connection 43 Chapter 7 Home Networking 49 7 1 Overview 49 7 1 1 What You Can Do in this Chapter 49 7 1 2 What You Need To Know 49 7 1 3 Before You Begin 51 7 2 The LAN Setup Screen 51 7 3 The Static DHCP Screen 55 7 4 The UPnP Screen 56 7 4 1 T...

Страница 6: ... Screen 71 9 2 1 Add Edit Port Forwarding 73 9 3 The Applications Screen 74 9 3 1 Add New Application 75 9 4 The Port Triggering Screen 76 9 4 1 Add Edit Port Triggering Rule 77 9 5 The DMZ Screen 78 9 6 The ALG Screen 79 9 7 The Address Mapping Screen 80 9 7 1 Add Edit Address Mapping Rule 81 9 8 The Sessions Screen 82 9 9 Technical Reference 82 9 9 1 NAT Definitions 83 9 9 2 What NAT Does 83 9 9...

Страница 7: ...ol Screen 97 12 3 1 Add Edit a Service 98 12 4 The Access Control Screen 99 12 4 1 Add Edit an ACL Rule 99 12 5 The DoS Screen 101 Chapter 13 MAC Filter 102 13 1 Overview 102 13 2 The MAC Filter Screen 102 Chapter 14 Parental Control 104 14 1 Overview 104 14 2 The Parental Control Screen 104 14 2 1 Add Edit a Parental Control Profile 105 Chapter 15 Scheduler Rule 109 15 1 Overview 109 15 2 The Sch...

Страница 8: ...3 The Security Log Screen 118 Chapter 18 Traffic Status 120 18 1 Overview 120 18 1 1 What You Can Do in this Chapter 120 18 2 The WAN Status Screen 120 18 3 The LAN Status Screen 121 18 4 The NAT Status Screen 122 Chapter 19 ARP Table 124 19 1 Overview 124 19 1 1 How ARP Works 124 19 2 ARP Table Screen 124 Chapter 20 Routing Table 126 20 1 Overview 126 20 2 The Routing Table Screen 126 Chapter 21 ...

Страница 9: ...rview 137 25 2 The Time Screen 137 Chapter 26 E mail Notification 139 26 1 Overview 139 26 2 The E mail Notification Screen 139 26 2 1 E mail Notification Edit 140 Chapter 27 Log Setting 141 27 1 Overview 141 27 2 The Log Settings Screen 141 27 2 1 Example E mail Log 143 Chapter 28 Firmware Upgrade 145 28 1 Overview 145 28 2 The Firmware Screen 145 Chapter 29 Backup Restore 147 29 1 Overview 147 2...

Страница 10: ...ing TraceRoute NsLookup 151 151 Chapter 31 Troubleshooting 152 31 1 Power Hardware Connections and LEDs 152 31 2 PMG2006 T20A Access and Login 153 31 3 Internet Access 154 31 4 UPnP 155 Part III Appendices 156 Appendix A Customer Support 157 Appendix B IPv6 163 Appendix C Services 171 Appendix D Legal Information 175 Index 179 ...

Страница 11: ...11 PART I User s Guide ...

Страница 12: ...more effectively Change the password Use a password that s not easy to guess and that consists of different types of characters such as numbers and letters Write down the password and put it in a safe place Back up the configuration and make sure you know how to restore it Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes If you forget your pas...

Страница 13: ...uide 13 Figure 1 PMG2006 T20A Applications 1 5 Hardware 1 5 1 Front Panel The following graphic displays the front panel of the PMG2006 T20A Figure 2 PMG2006 T20A Front Panel 1 5 2 LEDs Lights The following graphic displays the labels of the LEDs ...

Страница 14: ...T20A has a PON line connection Blinking The PMG2006 T20A s PON port is trying to build the connection Off The PMG2006 T20A s PON port is not connected The optical transceiver may have malfunctioned or the fiber cable may not be connected or may be broken or damaged enough to break the PON connection INTERNET Green On The PMG2006 T20A has an IP connection but no traffic Blinking The PMG2006 T20A is...

Страница 15: ...e careful to avoid damaging pipes or cables located inside the wall when drilling holes for the screws 3 If using screw anchors drill two holes for the screw anchors into the wall Push the anchors into the full depth of the holes then insert the screws into the anchors Do not insert the screws all the way in leave a small gap of about 0 5 cm If not using screw anchors use a screwdriver to insert t...

Страница 16: ...Make sure the screws are fastened well enough to hold the weight of the PMG2006 T20A with the connection cables 5 Align the holes on the back of the PMG2006 T20A with the screws on the wall Hang the PMG2006 T20A on the screws Figure 5 Wall Mounting Example ...

Страница 17: ...ce Pack 2 JavaScript enabled by default Java permissions enabled by default 2 1 1 Accessing the Web Configurator 1 Make sure your PMG2006 T20A hardware is properly connected refer to the Quick Start Guide 2 Launch your web browser If the PMG2006 T20A does not automatically re direct you to the login screen go to http 192 168 1 1 3 A password screen displays To access the administrative web configu...

Страница 18: ...You can configure basic Internet access and wireless settings See Chapter 3 on page 23 for more information 6 After you finished or closed the Quick Start Wizard screen the Network Map page appears Figure 8 Network Map 7 Click Status to display the Status screen where you can view the PMG2006 T20A s interface and system information ...

Страница 19: ... 2 2 1 Title Bar The title bar provides some icons in the upper right corner The icons provide the following functions C A B Table 4 Web Configurator Icons in the Title Bar ICON DESCRIPTION Language Select the language you prefer Quick Start Click this icon to open screens where you can configure the PMG2006 T20A s time zone Internet access and wireless settings Logout Click this icon to log out o...

Страница 20: ... Use this screen to configure policy routing on the PMG2006 T20A RIP Use this screen to configure Routing Information Protocol to exchange routing information with other routers NAT Port Forwarding Use this screen to make your local servers visible to the outside world Applications Use this screen to configure servers behind the PMG2006 T20A Port Triggering Use this screen to change your PMG2006 T...

Страница 21: ...ies include Account Attack Firewall MAC Filter Traffic Status WAN Use this screen to view the status of all network traffic going through the WAN port of the PMG2006 T20A LAN Use this screen to view the status of all network traffic going through the LAN ports of the PMG2006 T20A NAT Use this screen to view NAT statistics for connected hosts ARP table ARP table Use this screen to view the ARP tabl...

Страница 22: ...this screen to upload firmware to your PMG2006 T20A Backup Restore Backup Restore Use this screen to backup and restore your PMG2006 T20A s configuration settings or reset the factory default settings Reboot Reboot Use this screen to reboot the PMG2006 T20A without turning the power off Diagnostic Ping Traceroute Nslookup Use this screen to identify problems with the DSL connection You can use Pin...

Страница 23: ...4 on page 25 for background information on the features in this chapter 3 2 Quick Start Setup 1 You can click the Quick Start icon in the top right corner of the web configurator to open the quick start screens Select the time zone of your location Click Next Figure 10 Quick Start Welcome 2 Enter your Internet connection information in this screen The screen and fields to enter may vary depending ...

Страница 24: ... PMG2006 T20A User s Guide 24 Figure 11 Quick Start Internet Connection 3 Your PMG2006 T20A saves your settings and attempts to connect to the Internet Click Close to complete the setup Figure 12 Quick Start Result Summary ...

Страница 25: ...t connection using the Web Configurator If you connect to the Internet through a GPON connection use the information from your Internet Service Provider ISP to configure the PMG2006 T20A Be sure to contact your service provider for any information you need to configure the Broadband screens 1 Click Network Setting Broadband to open the following screen Click Add New WAN Interface 2 In this example...

Страница 26: ...Enter the account information provided to you by your DSL service provider 5 Configure this rule as your default Internet connection by selecting the Apply as Default Gateway check box Then select DNS as Static and enter the DNS server addresses provided to you such as 192 168 5 2 DNS server1 192 168 5 1 DNS server2 6 Leave the rest of the fields to the default settings 7 Click Apply to save your ...

Страница 27: ... a summary of your new GPON connection setup in the Broadband screen as follows Try to connect to a website to see if you have correctly set up your Internet connection Be sure to contact your service provider for any information you need to configure the WAN screens ...

Страница 28: ...utings In the following figure router R is connected to the PMG2006 T20A s LAN R connects to two networks N1 192 168 1 x 24 and N2 192 168 10 x 24 If you want to send traffic from computer A in N1 network to computer B in N2 network the traffic is sent to the PMG2006 T20A s WAN default gateway by default In this case B will never receive the traffic You need to specify a static routing rule on the...

Страница 29: ...ng settings 4a Select Enable in Active field Enter the Route Name as R 4b Set IP Type to IPv4 4c Type 192 168 10 0 and subnet mask 255 255 255 0 for the destination N2 4d Select Enable in the Use Gateway IP Address field Type 192 168 1 253 R s N1 address in the Gateway IP Address field 4e Select Default GPON as the Use Interface Table 6 IP Settings in this Tutorial DEVICE COMPUTER IP ADDRESS The P...

Страница 30: ...al covers Registering a DDNS Account on www dyndns org Configuring DDNS on Your PMG2006 T20A Testing the DDNS Setting Note If you have a private WAN IP address then you cannot use DDNS 4 4 1 Registering a DDNS Account on www dyndns org 1 Open a browser and type http www dyndns org 2 Apply for a user account This tutorial uses UserName1 and 12345 as the username and password 3 Log into www dyndns o...

Страница 31: ...n the computer using the IP address a b c d that is connected to the Internet 2 Type http zyxelrouter dyndns org and press Enter 3 The PMG2006 T20A s login page should appear You can then log into the PMG2006 T20A and manage it 4 5 Configuring the MAC Address Filter Thomas noticed that his daughter Josephine spends too much time surfing the web and downloading media files He decided to prevent Jos...

Страница 32: ...ivate MAC filter function 2 Select Allow Then enter the host name and MAC address of Thomas computer in this screen Click Apply Thomas can also grant access to the computers of other members of his family and friends However Josephine and others not listed in this screen will no longer be able to access the Internet through the PMG2006 T20A ...

Страница 33: ...33 PART II Technical Reference ...

Страница 34: ...status of the PMG2006 T20A and clients connected to it You can use the Status screen to look at the current status of the PMG2006 T20A system resources and interfaces LAN WAN and WLAN 5 2 The Network Map Screen Use this screen to view the network connection status of the device and its clients A warning message appears if there is a connection problem Figure 13 Network Map Icon View Mode ...

Страница 35: ...want to change the name or icon of the client click Change name icon If you prefer to view the status in a list click List View in the Viewing mode selection box You can configure how often you want the PMG2006 T20A to update this screen in Refresh interval Figure 14 Network Map List View Mode 5 3 The Status Screen Use this screen to view the status of the PMG2006 T20A Click Status to open this sc...

Страница 36: ...umber of the PMG2006 T20A Firmware Version This is the current version of the firmware inside the PMG2006 T20A WAN Information These fields display when you have a WAN connection Encapsulation This field displays the current encapsulation method IP Address This field displays the current IP address of the PMG2006 T20A in the WAN IP Subnet Mask This field displays the current subnet mask in the WAN...

Страница 37: ...Time Setting System Resource CPU Usage This field displays what percentage of the PMG2006 T20A s processing ability is currently used When this percentage is close to 100 the PMG2006 T20A is running at full load and the throughput is not going to improve anymore If you want some applications to have more throughput you should turn off other applications Memory Usage This field displays what percen...

Страница 38: ...the optical transceiver s voltage in Volts The normal range is 3 13 3 47 Volts Rx Power dbm This displays the optical transceiver s optical receiving power in dBm Tx Power dbm This displays the optical transceiver s optical transmitting power in dBm Temperature C This displays the optical transceiver s temperature in Celsius The normal range is 0 55 degrees Table 7 Status Screen continued LABEL DE...

Страница 39: ... Chapter Use the Broadband screen to view remove or add a WAN interface You can also configure the WAN settings on the PMG2006 T20A for Internet access Section 6 2 on page 42 6 1 2 What You Need to Know The following terms and concepts may help as you read this chapter WAN IP Address The WAN IP address is an IP address for the PMG2006 T20A which makes it accessible from an outside network It is us...

Страница 40: ...s an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2f 0 32 means that the first 32 bits 2001 db8 is the subnet prefix IPv6 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose...

Страница 41: ...d you set IPv4 IPv6 Mode to IPv6 Only you can enable Dual Stack Lite to use IPv4 computers and services The PMG2006 T20A tunnels IPv4 packets inside IPv6 encapsulation packets to the ISP s Address Family Transition Router AFTR in the graphic to connect to the IPv4 Internet The local network can also use IPv6 services The PMG2006 T20A uses it s configured IPv6 WAN IP to route IPv6 traffic to the IP...

Страница 42: ...s the method of encapsulation used by this connection 802 1p This indicates the 802 1p priority level assigned to traffic sent through this connection This displays N A when there is no priority level assigned 802 1q This indicates the VLAN ID number assigned to traffic sent through this connection This displays N A when there is no VLAN ID number assigned IGMP Proxy This shows whether the PMG2006...

Страница 43: ... the mode encapsulation and IPv6 IPv4 mode you select 6 2 1 1 Routing Mode Use Routing mode if your ISP give you one IP address only and you want multiple computers to share an Internet account The following example screen displays when you select Routing mode and PPPoE encapsulation The screen varies when you select other interface type encapsulation and IPv4 IPv6 mode Figure 20 Network Setting B...

Страница 44: ...MG2006 T20A receives packets destined for the Internet Idle Timeout This value specifies the time in minutes that elapses before the router automatically disconnects from the PPPoE server This field is not available if you select Auto Connect in the PPP Connection Trigger field PPPoE Passthrough This field is available when you select PPPoE encapsulation In addition to the PMG2006 T20A s built in ...

Страница 45: ...n DNS Info Automically if you want the PMG2006 T20A to use the DNS server addresses assigned by your ISP Select Use Following Static DNS Address if you want the PMG2006 T20A to use the DNS server addresses you configure manually Primary DNS Server Enter the first DNS server address assigned by the ISP Secondary DNS Server Enter the second DNS server address assigned by the ISP Tunnel The DS Lite D...

Страница 46: ... router s Router Advertisement RA to generate an IPv6 address Static IPv6 Address Select Static IPv6 Address if you have a fixed IPv6 address assigned by your ISP When you select this the following fields appear IPv6 Address Enter an IPv6 IP address that your ISP gave to you for this WAN interface PrefixLength Enter the address prefix length to specify how many most significant bits in an IPv6 add...

Страница 47: ...ued LABEL DESCRIPTION Table 10 Network Setting Broadband Add New WAN Interface Edit Bridge Mode LABEL DESCRIPTION General Active Select Enable or Disable to activate or deactivate the interface Name Enter a service name of the connection Type This shows it is a GPON connection Mode Select Bridge when your ISP provides you more than one IP address and you want the connected computers to get individ...

Страница 48: ...e the VLAN ID number from 0 to 4094 for traffic through this connection OK Click OK to save your changes Cancel Click Cancel to exit this screen without saving Table 10 Network Setting Broadband Add New WAN Interface Edit Bridge Mode continued LABEL DESCRIPTION ...

Страница 49: ... Addresses Section 7 3 on page 55 Use the UPnP screen to enable UPnP and UPnP NAT traversal on the PMG2006 T20A Section 7 4 on page 56 Use the Additional Subnet screen to configure IP alias and public static IP Section 7 5 on page 59 Use the TFTP Server Name screen to set a TFTP server address which is passed to the clients using DHCP option 66 Section 7 6 on page 60 7 1 2 What You Need To Know 7 ...

Страница 50: ...device installed on your network will appear as a separate icon Selecting the icon of a UPnP device will allow you to access the information and properties of that device NAT Traversal UPnP NAT traversal automates the process of allowing an application to operate through NAT UPnP network devices can automatically configure network addressing announce their presence in the network to other UPnP dev...

Страница 51: ... on LANs 7 1 3 Before You Begin Find out the MAC addresses of your network devices if you intend to add them to the DHCP Client List screen 7 2 The LAN Setup Screen Use this screen to set the Local Area Network IP address and subnet mask of your PMG2006 T20A Click Network Setting Home Networking to open the LAN Setup screen Follow these steps to configure your LAN settings 1 Enter an IP address in...

Страница 52: ...Chapter 7 Home Networking PMG2006 T20A User s Guide 52 3 Click Apply to save your settings Figure 22 Network Setting Home Networking LAN Setup ...

Страница 53: ...elect Enable in the DHCP field Beginning IP Address This field specifies the first of the contiguous addresses in the IP address pool Ending IP Address This field specifies the last of the contiguous addresses in the IP address pool Auto reserve IP for the same host Select Enable to have the PMG2006 T20A record DHCP IP addresses with the MAC addresses the IP addresses are assigned to The PMG2006 T...

Страница 54: ...rmation through DHCPv6 From RA DHCPv6 Server The PMG2006 T20A provides DNS information through both router advertisements and DHCPv6 DHCPv6 Configuration DHCPv6 Active This shows the status of the DHCPv6 DHCPv6 Server displays if you configured the PMG2006 T20A to act as a DHCPv6 server which assigns IPv6 addresses and or DNS information to clients IPv6 Router Advertisement State RADVD Active This...

Страница 55: ...ic DHCP screen or the Edit icon next to a static DHCP entry the following screen displays Table 12 Network Setting Home Networking Static DHCP LABEL DESCRIPTION Static DHCP Configuration Click this to add a new static DHCP entry This is the index number of the entry Status This field displays whether the client is connected to the PMG2006 T20A MAC Address The MAC Media Access Control or Ethernet a...

Страница 56: ...Select this to activate the connection between the client and the PMG2006 T20A Group Name Select the interface group name for which you want to configure static DHCP settings See Chapter 11 on page 91 for how to create a new interface group IP Type This field displays IPv4 for the type of the DHCP IP address At the time of writing it is not allowed to select other type Select Device Info Select a ...

Страница 57: ...till enter the password to access the web configurator UPnP NAT T State UPnP NAT T Select Enable to allow UPnP enabled applications to automatically configure the PMG2006 T20A so that they can communicate through the PMG2006 T20A by using NAT traversal UPnP applications automatically reserve a NAT forwarding port in order to communicate with another UPnP enabled device this eliminates the need to ...

Страница 58: ... and Sharing Center 2 Click Change Advanced Sharing Settings 3 Select Turn on network discovery and click Save Changes Network discovery allows your computer to find other computers and devices on the network and other computers on the network to find your computer This makes it easier to share files and printers ...

Страница 59: ...bnet The following table describes the labels in this screen Table 15 Network Setting Home Networking Additional Subnet LABEL DESCRIPTION IP Alias Setup Group Name Select the interface group name for which you want to configure the IP alias settings See Chapter 11 on page 91 for how to create a new interface group Active Select Enable to configure a LAN network for the PMG2006 T20A IPv4 Address En...

Страница 60: ... Network Setting Home Networking TFTP Server Name The following table describes the labels in this screen 7 7 Technical Reference This section provides some technical background information about the topics covered in this chapter 7 7 1 LANs WANs and the PMG2006 T20A There are two separate IP networks one inside the LAN network and the other outside the WAN network as shown next Apply Click Apply ...

Страница 61: ...ithout it you must know the IP address of a computer before you can access it The DNS server addresses you enter when you set up DHCP are passed to the client machines along with the assigned IP address and subnet mask There are two ways that an ISP disseminates the DNS server addresses The ISP tells you the DNS server addresses usually in the form of an information sheet when you sign up If your ...

Страница 62: ...work Once you have decided on the network number pick an IP address that is easy to remember for instance 192 168 1 1 for your PMG2006 T20A but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP address Your PMG2006 T20A will compute the subnet mask automatically based on the IP address that you entered You don t ne...

Страница 63: ... s LAN interface The PMG2006 T20A routes most traffic from A to the Internet through the PMG2006 T20A s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router R3 connected to the LAN Figure 29 Example of Routing Topology 8 2 The Routing Screen Use this screen t...

Страница 64: ...s that this route is active A gray bulb signifies that this route is not active Name This is the name that describes or identifies this route Destination IP This parameter specifies the IP network address of the final destination Routing is always based on network number Subnet Mask Prefix Length This parameter specifies the IP network subnet mask of the final destination Gateway This is the IP ad...

Страница 65: ...sk field to force the network number to be identical to the host ID Enter the IP subnet mask here Use Gateway IP Address The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gateway helps forward packets to their destinations If you want to use the gateway IP address select Enable Gateway IP Address Enter the IP address of the gateway Also the gateway I...

Страница 66: ...ied to outgoing packets prior to the normal routing You can use source based policy forwarding to direct traffic from different users through different connections or distribute traffic among multiple paths for load sharing Subnet Mask This is the subnet mask of the DNS route entry Modify Click the Edit icon to modify the DNS route Click the Delete icon to delete the DNS route Table 19 Network Set...

Страница 67: ...te is active or not A yellow bulb signifies that this DNS route is active A gray bulb signifies that this DNS route is not active Name This is the name of the rule Source IP This is the source IP address Source Subnet Mask This is the source subnet mask address Protocol This is the transport layer protocol Source Port This is the source port number Source MAC This is the source MAC address Source ...

Страница 68: ...e Select to enable or disable this policy route Route Name Enter a descriptive name of up to 8 printable English keyboard characters not including spaces Source IP Address Enter the source IP address Source Subnet Mask Enter the source subnet mask address Protocol Select the transport layer protocol TCP or UDP Source Port Enter the source port number Source MAC Enter the source MAC address Source ...

Страница 69: ...ed but RIP version 2 carries more information RIP version 1 is probably adequate for most networks unless you have an unusual network topology Operation Select Passive to have the PMG2006 T20A update the routing table based on the RIP packets received from neighbors but not advertise its route information to other routers in this interface Select Active to have the PMG2006 T20A advertise its route...

Страница 70: ...on 9 4 on page 76 Use the DMZ screen to configure a default server Section 9 5 on page 78 Use the ALG screen to enable and disable the NAT and SIP VoIP ALG in the PMG2006 T20A Section 9 6 on page 79 Use the Address Mapping screen to configure the PMG2006 T20A s address mapping settings Section 9 7 on page 80 Use the Sessions screen to configure the PMG2006 T20A s maximum number of NAT sessions Sec...

Страница 71: ...ess of the desired server The port number identifies a service for example web service is on port 80 and FTP on port 21 In some cases such as for unknown services or where one server can support more than one service for example both FTP and web service it might be better to specify a range of port numbers You can allocate a server IP address that corresponds to a port or a range of ports The most...

Страница 72: ...ive A gray bulb signifies that this rule is not active Service Name This shows the service s name Originating IP This field displays the source IP address from the WAN interface WAN Interface This shows the WAN interface through which the service is forwarded Server IP Address This is the server s IP address Start Port This is the first external port number that identifies a service End Port This ...

Страница 73: ... have already configured a WAN connection with NAT enabled Start Port Enter the original destination port for the packets To forward only one port enter the port number again in the End Port field To forward a series of ports enter the start port number here and the end port number in the End Port field End Port Enter the last port of the original destination port range To forward only one port en...

Страница 74: ...appears Figure 40 Network Setting NAT Applications The following table describes the labels in this screen Translation End Port This shows the last port of the translated port range Server IP Address Enter the inside IP address of the virtual server here Configure Originating IP Select Enable to enter the source IP address of WAN interface Originating IP Enter the source IP address of WAN interfac...

Страница 75: ...ing NAT Applications continued LABEL DESCRIPTION Table 27 Network Setting NAT Applications Add LABEL DESCRIPTION WAN Interface Select the WAN interface that you want to apply this NAT rule to Server IP Address Enter the inside IP address of the application here Application Category Select the category of the application from the drop down list box Application Forwarded Select a service from the dr...

Страница 76: ...c port number and protocol open port the PMG2006 T20A forwards the traffic to the LAN IP address of the computer that sent the request After that computer s connection for that service closes another computer on the LAN can use the service in the same manner This way you do not need to configure a new IP address each time you want a different LAN computer to use the application For example Figure ...

Страница 77: ...field shows the WAN interface through which the service is forwarded Trigger Start Port The trigger port is a port or a range of ports that causes or triggers the PMG2006 T20A to record the IP address of the LAN computer that sent the traffic to a server on the WAN This is the first port number that identifies a service Trigger End Port This is the last port number that identifies a service Trigge...

Страница 78: ...rts that causes or triggers the PMG2006 T20A to record the IP address of the LAN computer that sent the traffic to a server on the WAN Type a port number or the starting port number in a range of port numbers Trigger End Port Type a port number or the ending port number in a range of port numbers Trigger Protocol Select the transport layer protocol from TCP or UDP Open Start Port The open port is ...

Страница 79: ... T20A s private IP address inside the SIP data stream to a public IP address You do not need to use STUN or an outbound proxy if your PMG2006 T20A is behind a SIP ALG Use this screen to enable and disable the ALGs in the PMG2006 T20A To access this screen click Network Setting NAT ALG Figure 46 Network Setting NAT ALG Table 30 Network Setting NAT DMZ LABEL DESCRIPTION Default Server Address Enter ...

Страница 80: ... RTSP sessions through its NAT The Real Time Streaming media control Protocol RTSP is a remote control for multimedia on the Internet PPTP ALG Enable this to turn on the PPTP ALG on the PMG2006 T20A to detect PPTP traffic and help build PPTP sessions through the PMG2006 T20A s NAT IPSEC ALG Enable this to turn on the IPsec ALG on the PMG2006 T20A to detect IPsec traffic and help build IPsec sessio...

Страница 81: ...his is the WAN interface to which the address mapping rule applies Modify Click the Edit icon to go to the screen where you can edit the address mapping rule Click the Delete icon to delete an existing address mapping rule Note that subsequent address mapping rules move up by one when you take this action Table 32 Network Setting NAT Address Mapping continued LABEL DESCRIPTION Table 33 Address Map...

Страница 82: ...Global IP Address IGA Enter 0 0 0 0 here if you have a dynamic IP address from your ISP You can only do this for the Many to One mapping type Global End IP Enter the ending Inside Global IP Address IGA This field is blank for One to One and Many to One mapping types WAN Interface Select a WAN interface to which the address mapping rule applies OK Click OK to save your changes Cancel Click Cancel t...

Страница 83: ... IP address in a packet received from a subscriber the inside local address to another the inside global address before forwarding the packet to the WAN side When the response comes back NAT translates the destination address the inside global address back to the inside local address before forwarding it to the original inside host Note that the IP address either local or global of an outside host...

Страница 84: ...o globally unique ones required for communication with hosts on other networks It replaces the original IP source address and TCP or UDP source port numbers for Many to One and Many to Many Overload NAT mapping in each packet and then forwards it to the Internet The PMG2006 T20A keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored...

Страница 85: ...her B in the example and assign a default server IP address of 192 168 1 35 to a third C in the example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Table 36 Services and Port Numbers SERVICES PORT NUMBER ECHO 7 FTP File Transfer Protocol 21 SMTP Simple Mail Transfer Protocol 25 DNS Domain Name System 53 Finger 79 H...

Страница 86: ...Chapter 9 Network Address Translation NAT PMG2006 T20A User s Guide 86 Figure 52 Multiple Servers Behind NAT Example ...

Страница 87: ...n contact you in NetMeeting CU SeeMe etc You can also access your FTP server or Web site on your own computer using a domain name for instance myhost dhs org where myhost is a name of your choice that will never change instead of using an IP address that changes each time you reconnect Your friends or relatives will always be able to call you even if they don t know your IP address First of all yo...

Страница 88: ... You can manually add or edit the PMG2006 T20A s DNS name and IP address entry Click Add New DNS Entry in the DNS Entry screen or the Edit icon next to the entry you want to edit The screen shown next appears Figure 54 DNS Entry Add Edit Table 37 Network Setting DNS DNS Entry LABEL DESCRIPTION Add New DNS Entry Click this to create a new DNS entry This is the index number of the entry Hostname Thi...

Страница 89: ...e IPv4 address of the DNS entry OK Click OK to save your changes Cancel Click Cancel to exit this screen without saving Table 39 Network Setting DNS Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Dynamic DNS Select Enable to use dynamic DNS Service Provider Select your Dynamic DNS service provider from the drop down list box Host Name Type the domain name assigned to your PMG2006 T20A by your Dyn...

Страница 90: ...Dynamic IP This shows the IP address your Dynamic DNS provider has currently associated with the hostname Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 39 Network Setting DNS Dynamic DNS continued LABEL DESCRIPTION ...

Страница 91: ...nually add a LAN interface to a new group Alternatively you can have the PMG2006 T20A automatically add the incoming traffic and the LAN interface on which traffic is received to an interface group when its DHCP Vendor ID option information matches one listed for the interface group Use the LAN screen to configure the private IP addresses the DHCP server on the PMG2006 T20A assigns to the clients ...

Страница 92: ...o create a new interface group Note An interface can belong to only one group at a time Table 40 Network Setting Interface Grouping LABEL DESCRIPTION Add New Interface Group Click this button to create a new interface group Group Name This shows the descriptive name of the group WAN Interface This shows the WAN interfaces in the group LAN Interfaces This shows the LAN interfaces in the group Crite...

Страница 93: ...HPNA or wireless LAN in the Available LAN Interfaces list and use the left arrow to move them to the Selected LAN Interfaces list on the left to add the interfaces to this group To remove a LAN or wireless LAN interface from the Selected LAN Interfaces list use the right facing arrow Automatically Add Clients With the following DHCP Vendor IDs Click Add to identify LAN hosts to add to the interfac...

Страница 94: ...or Class Identifier Option 60 of the matched traffic such as the type of the hardware or firmware Enable wildcard Select this option to be able to use wildcards in the Vendor Class Identifier configured for DHCP option 60 DHCP Option 61 Select this and enter the device identity of the matched traffic DHCP Option 125 Select this and enter vendor specific information of the matched traffic Enterpris...

Страница 95: ...ser A can initiate an IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 60 Default Firewall Action 12 1 1 What You Can Do in this Chapter Use the General screen to configure the security level of the firewall on the PMG2006 T20A Section 12 2 on page 96 Use the Protocol scre...

Страница 96: ...sing denial of service for users of the targeted system LAND Attack In a LAND attack hackers flood SYN packets into the network with a spoofed source IP address of the target system This makes it appear as if the host computer sent the packets to itself making the system unavailable while the target system tries to respond to itself Ping of Death Ping of Death uses a ping utility to create and sen...

Страница 97: ...ocol Table 43 Security Firewall General LABEL DESCRIPTION Firewall Select Enable to activate the firewall feature on the PMG2006 T20A Low Select Low to allow LAN to WAN and WAN to LAN packet directions Medium Select Medium to allow LAN to WAN but deny WAN to LAN packet directions High Select High to deny LAN to WAN and WAN to LAN packet directions When the security level is set to High access to t...

Страница 98: ...e service uses another IP protocol Modify Click the Edit icon to edit the entry Click the Delete icon to remove this entry Also corresponding ACL rules will be removed when a protocol rule is deleted Table 45 Security Firewall Protocol Add Edit LABEL DESCRIPTION Service Name Enter a unique name up to 32 printable English keyboard characters including spaces for your customized port Description Ent...

Страница 99: ...irewall Access Control LABEL DESCRIPTION Add New ACL Rule Click this to go to add a filter rule for incoming or outgoing IP traffic This is the index number of the entry Name This displays the name of the rule Src IP This displays the source IP addresses to which this rule applies Please note that a blank source address is equivalent to Any Dst IP This displays the destination IP addresses to whic...

Страница 100: ...lies If you select Specific IP Address enter the destiniation IP address in the field below Destination IP Address Enter the destination IP address IP Type Select whether your IP type is IPv4 or IPv6 Select Service Select the transport layer protocol that defines your customized port from the drop down list box If you want to configure a customized protocol select Specific Service Protocol This fi...

Страница 101: ...ule Direction Use the drop down list box to select the direction of traffic to which this rule applies Enable Rate Limit Select this check box to set a limit on the upstream downstream transmission rate for the specified protocol Specify how many packets per minute or second the transmission rate is Scheduler Rules Select a schedule rule for this ACL rule form the drop down list box You can config...

Страница 102: ...et device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You need to know the MAC addresses of the devices to configure this screen 13 2 The MAC Filter Screen Use this screen to allow wireless and LAN clients access to the PMG2006 T20A Click Security MAC Filter The screen app...

Страница 103: ... This is the index number of the MAC address Active Select Active to enable the MAC filter rule The rule will not be applied if Active is not selected Host Name Enter the host name of the wireless or LAN clients that are allowed access to the PMG2006 T20A MAC Address Enter the MAC addresses of the wireless or LAN clients that are allowed access to the PMG2006 T20A in these address fields Enter the...

Страница 104: ...l Parental Control Select Enable to activate parental control Parental Control Profile PCP Add New PCP Click this if you want to configure a new Parental Control Profile PCP This shows the index number of the rule Status This indicates whether the rule is active or not A yellow bulb signifies that this rule is active A gray bulb signifies that this rule is not active PCP Name This shows the name o...

Страница 105: ... restricted access schedule and or URL filtering settings to block the users on your network from accessing certain web sites Figure 69 Parental Control Rule Add Edit Rule Modify Click the Edit icon to go to the screen where you can edit the rule Click the Delete icon to delete an existing rule Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings Tab...

Страница 106: ...Setting If you select Block the PMG2006 T20A prohibits the users from viewing the Web sites with the URLs listed below If you select Allow the PMG2006 T20A blocks access to all URLs except ones listed below Add New Service Click this to show a screen in which you can add a new service rule You can configure the Service Name Protocol and Port of the new rule This shows the index number of the rule ...

Страница 107: ... to save your changes Cancel Click Cancel to exit this screen without saving Table 52 Parental Control Rule Add Edit Add New Service LABEL DESCRIPTION Service Name Select the name of the service Otherwise select User Define and manually specify the protocol and the port of the service If you have chosen a pre defined service in the Service Name field this field will not be configurable Protocol Se...

Страница 108: ...lick OK to save your changes Cancel Click Cancel to exit this screen without saving Table 53 Parental Control Rule Add Edit Add Keyword LABEL DESCRIPTION Site URL Keyword Enter a keyword and click OK to have the PMG2006 T20A block access to the website URLs that contain the keyword OK Click OK to save your changes Cancel Click Cancel to exit this screen without saving Table 52 Parental Control Rul...

Страница 109: ...en 15 2 1 Add Edit a Schedule Click the Add New Rule button in the Scheduler Rule screen or click the Edit icon next to a schedule rule to open the following screen Use this screen to configure a restricted access schedule Table 54 Security Scheduler Rule LABEL DESCRIPTION Add New Rule Click this to create a new rule This is the index number of the entry Rule Name This shows the name of the rule D...

Страница 110: ...1 printable English keyboard characters not including spaces for this schedule Day Select check boxes for the days that you want the PMG2006 T20A to perform this scheduler rule Time of Day Range Enter the time period of each day in 24 hour format during which the rule will be enforced Description Enter a description for this scheduler rule OK Click OK to save your changes Cancel Click Cancel to ex...

Страница 111: ...ing terms and concepts may help as you read through this chapter Certification Authority A Certification Authority CA issues certificates and guarantees the identity of each certificate owner There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities The certification authority uses its private key to sign certificates Anyone can then use th...

Страница 112: ...rtificate It is recommended that you give each certificate a unique name Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certificate have unique subject information Issuer This field displays identifying information about the certificate ...

Страница 113: ...elect Customize to enter it manually Type the IP address in dotted decimal notation domain name or e mail address in the field provided The domain name or e mail address can be up to 63 ASCII characters The domain name or e mail address is for identification purposes only and can be any string Organization Name Type up to 63 characters to identify the company or group to which the certificate owne...

Страница 114: ...rity Certificates Trusted CA to open the following screen This screen displays a summary list of certificates of the certification authorities that you have set the PMG2006 T20A to accept as trusted The PMG2006 T20A accepts any valid certificate signed by a certification authority on this list as being trustworthy thus you do not need to import any certificate that is signed by one of these certif...

Страница 115: ...MG2006 T20A This is the index number of the entry Name This field displays the name used to identify this certificate Subject This field displays information that identifies the owner of the certificate such as Common Name CN OU Organizational Unit or department Organization O State ST and Country C It is recommended that each certificate have unique subject information Type This field displays ge...

Страница 116: ... field displays information that identifies the owner of the certificate such as Common Name CN Organizational Unit OU Organization O and Country C Certificate This read only text box displays the certificate in Privacy Enhanced Mail PEM format PEM uses base 64 to convert the binary certificate into a printable form You can copy and paste the certificate into an e mail to send to friends or collea...

Страница 117: ...rors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts display in red and logs display in black Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages A syslog enabled device can generate a syslog message and send it to a syslog server Syslog ...

Страница 118: ...e drop down list box This filters search results according to the severity level you have selected When you select a severity the PMG2006 T20A searches through all logs of that severity or higher Category Select the type of logs to display Clear Log Click this to delete all the logs Refresh Click this to renew the log screen Export Log Click this to export the selected log s Email Log Now Click th...

Страница 119: ...he logs Refresh Click this to renew the log screen Export Log Click this to export the selected log s E mail Log Now Click this to send the log file s to the E mail address you specify in the Maintenance Logs Setting screen This field is a sequential value and is not associated with a specific entry Time This field displays the time the log was recorded Facility The log facility allows you to send...

Страница 120: ... client s Section 18 4 on page 122 18 2 The WAN Status Screen Click System Monitor Traffic Status to open the WAN screen The figure in this screen shows the number of bytes received and sent on the PMG2006 T20A form the Internet Figure 84 System Monitor Traffic Status WAN The following table describes the fields in this screen Table 65 System Monitor Traffic Status WAN LABEL DESCRIPTION Refresh In...

Страница 121: ...ropped on this interface Disabled Interface This shows the name of the WAN interface that is currently disconnected Packets Sent Data This indicates the number of transmitted packets on this interface Error This indicates the number of frames with errors transmitted on this interface Drop This indicates the number of outgoing packets dropped on this interface Packets Received Data This indicates t...

Страница 122: ...erface Received Packets Data This indicates the number of received packets on this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface Table 66 System Monitor Traffic Status LAN continued LABEL DESCRIPTION Table 67 System Monitor Traffic Status NAT LABEL DESCRIPTION Refresh Interval ...

Страница 123: ...y is found for the IP address ARP broadcasts the request to all the devices on the LAN The device fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the device puts all ones in the target MAC field FF FF FF FF FF FF is the Ethernet broadcast address The replying device which is either the IP addres...

Страница 124: ...ble 68 System Monitor ARP Table LABEL DESCRIPTION This is the ARP table entry number IPv4 IPv6 Address This is the learned IPv4 or IPv6 IP address of a device connected to a port MAC Address This is the MAC address of the device with the listed IP address Device This is the type of interface used by the device ...

Страница 125: ...itor Routing Table to open the following screen Figure 88 System Monitor Routing Table The following table describes the labels in this screen Table 69 System Monitor Routing Table LABEL DESCRIPTION IPv4 IPv6 Routing Table Destination This indicates the destination IPv4 address or IPv6 address and prefix of this route Gateway This indicates the IPv4 address or IPv6 address of the gateway that help...

Страница 126: ... represents the cost of transmission A router determines the best route for transmission by choosing a path with the lowest cost The smaller the number the lower the cost Interface This indicates the name of the interface through which the route is forwarded brx indicates a LAN interface where x can be 0 3 to represent LAN1 to LAN4 respectively nasx indicates a WAN interface using IPoE or in bridg...

Страница 127: ...owing screen Figure 89 Maintenance System The following table describes the labels in this screen Table 70 Maintenance System LABEL DESCRIPTION Host Name Type a hostname for your PMG2006 T20A Enter a descriptive name of up to 16 alphanumeric characters not including spaces underscores and dashes Domain Name Type a Domain name for your host PMG2006 T20A Apply Click Apply to save your changes Cancel...

Страница 128: ...disable the user account Select the check box to enable it User Name This field displays the name of the account used to log into the PMG2006 T20A web configurator Retry Times This field displays the number of times consecutive wrong passwords can be entered for this account 0 means there is no limit Idle Timeout This field displays the length of inactive time before the PMG2006 T20A will automati...

Страница 129: ... password used to access the PMG2006 T20A web configurator Password New Password Type your new system password up to 256 characters Note that as you type a password the screen displays a for each character you type After you change the password use the new password to access the PMG2006 T20A Verify Password Verify New Password Type the new password again for confirmation Retry Times Enter the numb...

Страница 130: ... User Account PMG2006 T20A User s Guide 131 OK Click OK to save your changes Cancel Click Cancel to exit this screen without saving Table 72 Maintenance User Account Add Edit continued continued LABEL DESCRIPTION ...

Страница 131: ...wing screen Figure 92 Maintenance Remote Management MGMT Services The following table describes the fields in this screen Table 73 Maintenance Remote Management MGMT Services LABEL DESCRIPTION WAN Interface used for services Select Any_WAN to have the PMG2006 T20A automatically activate the remote management service when any WAN connection is up Select Multi_WAN and then select one or more WAN con...

Страница 132: ...want to allow access to the PMG2006 T20A from all WAN connections Trust Domain Select the Enable check box for the corresponding services that you want to allow access to the PMG2006 T20A from the trusted hosts configured in the Maintenance Remote MGMT Trust Domain screen If you only want certain WAN connections to have access to the PMG2006 T20A using the corresponding services then clear WAN sel...

Страница 133: ... describes the fields in this screen Table 75 Maintenance Remote Management Trust Domain Add Trust Domain LABEL DESCRIPTION IP Address Enter a public IPv4 IP address which is allowed to access the service on the PMG2006 T20A from the WAN OK Click OK to save your changes back to the PMG2006 T20A Cancel Click Cancel to exit this screen without saving ...

Страница 134: ...ed network consists of two main types of component agents and a manager An agent is a management software module that resides in a managed device the PMG2006 T20A An agent translates the local management information from the managed device into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications t...

Страница 135: ...P The following table describes the fields in this screen Table 76 Maintenance SNMP LABEL DESCRIPTION SNMP Agent Select Enable to let the PMG2006 T20A act as an SNMP agent which allows a manager station to manage and monitor the PMG2006 T20A through the network Select Disable to turn this feature off Get Community Enter the Get Community which is the password for the incoming Get and GetNext reque...

Страница 136: ...G2006 T20A s time and date click Maintenance Time The screen appears as shown Use this screen to configure the PMG2006 T20A s time based on your local time zone Figure 97 Maintenance Time The following table describes the fields in this screen Table 77 Maintenance Time LABEL DESCRIPTION Current Date Time Current Time This field displays the time of your PMG2006 T20A Each time you reload this page ...

Страница 137: ...Sunday the month to March and the time to 2 in the Hour field Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would set the day to Last Sunday and the month to March The time you select depends on your time zone In Germany for i...

Страница 138: ... The default service port for e mail notification is port 25 Figure 98 Maintenance E mail Notification The following table describes the labels in this screen Table 78 Maintenance E mail Notification LABEL DESCRIPTION Add New E mail Click this button to create a new entry Mail Server Address This field displays the server name or the IP address of the mail server Username This field displays the u...

Страница 139: ...thentication Username Enter the user name up to 32 characters This is usually the user name of a mail account you specified in the Account Email Address field Authentication Password Enter the password associated with the user name above Account E mail Address Enter the e mail address that you want to be in the from sender line of the e mail notification that the PMG2006 T20A sends If you activate...

Страница 140: ... screen 27 2 The Log Settings Screen To change your PMG2006 T20A s log settings click Maintenance Logs Setting The screen appears as shown If you have a LAN client on your network that is running a syslog utility you can also save its log files by enabling Syslog Logging selecting Remote or Local File and Remote in the Mode field and entering the IP address of the LAN client in the Syslog Server f...

Страница 141: ...ote syslog server and save it in a local file select Local File and Remote Syslog Server Enter the server name or IP address of the syslog server that will log the selected categories of logs UDP Port Enter the port number used by the syslog server E mail Log Settings E mail Log Settings Select Enable to have the PMG2006 T20A send logs and alarm messages to the configured e mail addresses Mail Acc...

Страница 142: ... this field If this field is left blank the PMG2006 T20A does not send logs via E mail Send Alarm to Alerts are real time notifications that are sent as soon as an event such as a DoS attack system error or forbidden web access attempt occurs Enter the E mail address where the alert messages will be sent Alerts include system errors attacks and attempted access to blocked web sites If this field i...

Страница 143: ...55 default policy forward 09 54 17 UDP src port 00520 dest port 00520 1 00 3 Apr 7 00 From 192 168 1 6 To 10 10 10 10 match forward 09 54 19 UDP src port 03516 dest port 00053 1 01 snip snip 126 Apr 7 00 From 192 168 1 1 To 192 168 1 255 match forward 10 05 00 UDP src port 00520 dest port 00520 1 02 127 Apr 7 00 From 192 168 1 131 To 192 168 1 255 match forward 10 05 17 UDP src port 00520 dest por...

Страница 144: ...o minutes After a successful upload the system will reboot Do NOT turn off the PMG2006 T20A while firmware upload is in progress Figure 102 Maintenance Firmware Upgrade The following table describes the labels in this screen After you see the firmware updating screen wait two minutes before logging into the PMG2006 T20A again Table 81 Maintenance Firmware Upgrade LABEL DESCRIPTION Upgrade Firmware...

Страница 145: ...n on your desktop Figure 104 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen Choose File Click this to find the bin file you want to upload Remember that you must decompress compressed zip files before you can upload them Upload Click this to begin the upload process This process may take up to two minutes Table 81 Maintenanc...

Страница 146: ...figuration appears in this screen as shown next Figure 105 Maintenance Backup Restore Backup Configuration Backup Configuration allows you to back up save the PMG2006 T20A s current configuration to a file on your computer Once your PMG2006 T20A is configured and functioning properly it is highly recommended that you back up your configuration file before making configuration changes The backup co...

Страница 147: ...e default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address 192 168 1 1 If the upload was not successful the following screen will appear Click OK to go back to the Configuration screen Figure 107 Configuration Upload Error Reset to Factory Defaults Click the Reset button to clear all user entered configurati...

Страница 148: ... for more information on the RESET button 29 3 The Reboot Screen System restart allows you to reboot the PMG2006 T20A remotely without turning the power off You may need to do this if the PMG2006 T20A hangs for example It will take a few minutes before you can log into the PMG2006 T20A again after rebooting Click Maintenance Reboot Click Reboot to have the PMG2006 T20A reboot This does not affect ...

Страница 149: ... Need to Know The following terms and concepts may help as you read through this chapter How CFM Works A Maintenance Association MA defines a VLAN and associated Maintenance End Point MEP ports on the device under a Maintenance Domain MD level An MEP port has the ability to send Connectivity Check Messages CCMs and get other MEP ports information from neighbor devices CCMs within an MA CFM provide...

Страница 150: ... or the host name of a computer that you want to perform ping traceroute or nslookup in order to test a connection The test result will be shown in the Info area Ping Click this to ping the IPv4 address that you entered Ping 6 Click this to ping the IPv6 address that you entered Trace Route Click this to display the route path and transmission delays between the PMG2006 T20A to the IPv4 address th...

Страница 151: ...re you are using the power adaptor or cord included with the PMG2006 T20A 3 Make sure the power adaptor or cord is connected to the PMG2006 T20A and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the PMG2006 T20A off and on 5 If the problem continues contact the vendor One of the LEDs does not behave as expected 1 Make sure you understand the normal behavi...

Страница 152: ...ou have to reset the device to its factory defaults See Section 1 6 on page 21 I cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address Section 7 2 on page 51 use the new IP address If you changed the IP address and have forgotten it see the troubleshooting suggestions for I ...

Страница 153: ...d is case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is using Telnet to access the PMG2006 T20A Log out of the PMG2006 T20A in the other session or ask the person who is logged in to log out 3 Turn the PMG2006 T20A off and on 4 If this does not work you have to reset the device to its factory defaults See Section 31 1 on page 152 I cannot T...

Страница 154: ...d that the wireless settings in the wireless client are the same as the settings in the PMG2006 T20A 4 Disconnect all the cables from your device and reconnect them 5 If the problem continues contact your ISP I cannot access the PMG2006 T20A anymore I had access to the PMG2006 T20A but my connection is not available anymore 1 Your session with the PMG2006 T20A may have expired Try logging into the...

Страница 155: ...156 PART III Appendices Appendices contain general information Some information may not apply to your device ...

Страница 156: ...nformation Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it Corporate Headquarters Worldwide Taiwan Zyxel Communications Corporation http www zyxel com Asia China Zyxel Communications Shanghai Corp Zyx...

Страница 157: ...om pk Philippines Zyxel Philippines http www zyxel com ph Singapore Zyxel Singapore Pte Ltd http www zyxel com sg Taiwan Zyxel Communications Corporation http www zyxel com tw zh Thailand Zyxel Thailand Co Ltd http www zyxel co th Vietnam Zyxel Communications Corporation Vietnam Office http www zyxel com vn vi Europe Austria Zyxel Deutschland GmbH http www zyxel de Belarus Zyxel BY http www zyxel ...

Страница 158: ...Czech Republic Zyxel Communications Czech s r o http www zyxel cz Denmark Zyxel Communications A S http www zyxel dk Estonia Zyxel Estonia http www zyxel com ee et Finland Zyxel Communications http www zyxel fi France Zyxel France http www zyxel fr Germany Zyxel Deutschland GmbH http www zyxel de Hungary Zyxel Hungary SEE http www zyxel hu Italy Zyxel Communications Italy http www zyxel it ...

Страница 159: ...elux http www zyxel nl Norway Zyxel Communications http www zyxel no Poland Zyxel Communications Poland http www zyxel pl Romania Zyxel Romania http www zyxel com ro ro Russia Zyxel Russia http www zyxel ru Slovakia Zyxel Communications Czech s r o organizacna zlozka http www zyxel sk Spain Zyxel Communications ES Ltd http www zyxel es Sweden Zyxel Communications http www zyxel se Switzerland Stud...

Страница 160: ...raine http www ua zyxel com Latin America Argentina Zyxel Communication Corporation http www zyxel com ec es Brazil Zyxel Communications Brasil Ltda https www zyxel com br pt Ecuador Zyxel Communication Corporation http www zyxel com ec es Middle East Israel Zyxel Communication Corporation http il zyxel com homepage shtml Middle East Zyxel Communication Corporation http www zyxel com me en ...

Страница 161: ...User s Guide 162 North America USA Zyxel Communications Inc North America Headquarters http www zyxel com us en Oceania Australia Zyxel Communications Corporation http www zyxel com au en Africa South Africa Nology Pty Ltd http www zyxel co za ...

Страница 162: ... 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2f 0 32 means th...

Страница 163: ... of ff00 8 The following table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group Table 85 Predefined Multicast Address MULTICAST ADDRESS DESCRIPTION FF01 0 0 0 0 0 0 1 All hosts on a local node FF01 0 0 0 0 0 0 2 All routers on a local node FF02 0 0 0 0 0 0 1 All hosts on a loca...

Страница 164: ...of the MAC address See the following example Identity Association An Identity Association IA is a collection of addresses assigned to a DHCP client through which the server and client can manage a set of related IP addresses Each IA must be associated with exactly one interface The DHCP client uses the IA assigned to an interface to obtain configuration from a DHCP server for that interface Each I...

Страница 165: ...s an IPv6 router to use the IPv6 prefix network address received from the ISP or a connected uplink router for its LAN The PMG2006 T20A uses the received IPv6 prefix for example 2001 db2 48 to generate its LAN IP address Through sending Router Advertisements RAs regularly by multicast the PMG2006 T20A passes the IPv6 prefix information to its LAN hosts The hosts then can use the prefix to generate...

Страница 166: ...rough a router If the address is unlink the address is considered as the next hop Otherwise the PMG2006 T20A determines the next hop from the default router list or routing table Once the next hop IP address is known the PMG2006 T20A looks into the neighbor cache to get the link layer address and sends the packet when the neighbor is reachable If the PMG2006 T20A cannot find an entry in the neighb...

Страница 167: ...HCPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in your network ignore this section This example uses Dibbler as the DHCPv6 client To enable DHCPv6 client on your computer 1 Install Dibbler and select the DHCPv6 client option on your computer 2 After ...

Страница 168: ... Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network and Sharing Center Local Area Connection 2 Select the Internet Protocol Version 6 TCP IPv6 checkbox to enable it 3 Click OK to save the change ...

Страница 169: ...r dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address 2001 b021 2d 1000 Link local IPv6 Address fe80 25d8 dcab c80a 5189 11 IPv4 Address 172 16 100 61 Subnet Mask 255 255 255 0 Default Gateway fe80 213 49ff feaa 7125 11 172 16 100...

Страница 170: ...pe of IP protocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is USER DEFINED the Port s is the IP protocol number not the port number Port s This value depends on the Protocol If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanation ...

Страница 171: ...es including large files that may not be possible by e mail H 323 TCP 1720 NetMeeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS TCP 443 HTTPS is a secured http session often used in e commerce ICMP User Defined 1 Internet Control Message Protocol is often used for diagnostic purposes ICQ UDP 4000 This is a popular Internet cha...

Страница 172: ... REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login ROADRUNNER TCP UDP 1026 This is an ISP that provides services mainly for cable modems RTELNET TCP 107 Remote Telnet RTSP TCP UDP 554 The Real Time Streaming media control Protocol RTSP is a remote control for multimedia on the Internet SFTP TCP 115 The Simple File Transfer Protocol is an old way of transferring files between comput...

Страница 173: ...in and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host systems VDOLIVE TCP UDP 7000 user defined A videoconferencing solution The UDP port number is specified in the application Table 87 Examples of Services continued NAME PROTOCOL PORT S DESCRIPTION ...

Страница 174: ...pt any interference received including interference that may cause undesired operation Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the device This product has been tested and complies with the specifications for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide re...

Страница 175: ...at the applicable collection point for the recycling of electrical and electronic devices For detailed information about recycling of this product please contact your local city office your household waste disposal service or the store where you purchased the product The following warning statements apply where the disconnect device is not incorporated in the device or where the plug on the power ...

Страница 176: ...z le à un centre de recyclage Au moment de la mise au rebut la collecte séparée de votre produit et ou de sa batterie aidera à économiser les ressources naturelles et protéger l environnement et la santé humaine Il simbolo sotto significa che secondo i regolamenti locali il vostro prodotto e o batteria deve essere smaltito separatamente dai rifiuti domestici Quando questo prodotto raggiunge la fin...

Страница 177: ...warranty of merchantability or fitness for a particular use or purpose Zyxel shall in no event be held liable for indirect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact your vendor You may also refer to the warranty policy for the region in which you bought the device at http www zyxel com web support_warranty_info php Registration Register y...

Страница 178: ... Authority 111 Certification Authority see CA certifications 176 viewing 178 CFM CCMs 150 link trace test 150 loopback test 150 MA 150 MD 150 MEP 150 MIP 150 client list 55 configuration backup 147 firewalls 96 reset 148 restoring 148 static route 64 66 88 Connectivity Check Messages see CCMs contact information 157 copyright 175 creating certificates 112 customer support 157 D DDoS 96 default ser...

Страница 179: ...col version 6 see IPv6 IP address 49 62 ping 151 private 62 WAN 39 IP alias NAT applications 85 IPv6 40 163 addressing 40 163 EUI 64 165 global address 163 interface ID 165 link local address 163 Neighbor Discovery Protocol 163 ping 163 prefix 40 163 prefix delegation 42 prefix length 40 163 unspecified address 164 L LAN 49 client list 55 DHCP 50 61 DNS 50 61 IP address 49 51 62 MAC address 55 sta...

Страница 180: ...Point Tunneling Protocol see PPTP POP3 85 port forwarding 71 ports 14 PPTP 85 prefix delegation 42 private IP address 62 product registration 178 R registration product 178 reset 148 resetting your device 15 restart 149 restoring configuration 148 RFC 1058 See RIP RFC 1389 See RIP RFC 3164 117 RIP 68 router features 12 Routing Information Protocol See RIP S Security Log 118 Security Parameter Inde...

Страница 181: ...otocol 117 severity levels 117 system firmware 145 version 36 passwords 17 status 34 LAN 37 WAN 36 time 137 T The 39 time 137 trademarks 178 U Universal Plug and Play see UPnP upgrading firmware 145 UPnP 56 cautions 50 NAT traversal 50 W WAN status 36 Wide Area Network see WAN 39 warranty 178 note 178 web configurator 17 login 17 passwords 17 wizard setup Internet 23 Z ZyXEL Family Safety page 107...

Отзывы:

Нет отзывов

Похожие инструкции для PMG2006-T20A

Campbell Hausfeld CW301300AJ Operating Instructions And Parts Manual preview
CW301300AJ
Бренд: Campbell Hausfeld Страницы: 12
AMX AVS-OP-1616-340 Product View preview
AVS-OP-1616-340
Бренд: AMX Страницы: 1
INFLUX MEASUREMENTS SPDB 30 Manual To The Installation, Operation & Maintenance preview
SPDB 30
Бренд: INFLUX MEASUREMENTS Страницы: 6
RDL EZ-HSX4 Installation And Operation Manual preview
EZ-HSX4
Бренд: RDL Страницы: 4
Vega VEGAPOINT 11 Operating Instructions Manual preview
VEGAPOINT 11
Бренд: Vega Страницы: 28
SMART Hub VE220 Installation And User Manual preview
Hub VE220
Бренд: SMART Страницы: 46
Aastra TA7102i Hardware Installation Manual preview
TA7102i
Бренд: Aastra Страницы: 52
Ruby Tech GS-1148L Technical Specifications preview
GS-1148L
Бренд: Ruby Tech Страницы: 2
NETGEAR ProSAFE JGS516PE Installation Manual preview
ProSAFE JGS516PE
Бренд: NETGEAR Страницы: 2
Kramer XL 1204V2 Specifications preview
XL 1204V2
Бренд: Kramer Страницы: 2
KYLAND Technology SICOM3028GP Series Hardware Installation Manual preview
SICOM3028GP Series
Бренд: KYLAND Technology Страницы: 40
Subject Link RPT-2012/P-4F-T-1 Series Hardware Installation Manual preview
RPT-2012/P-4F-T-1 Series
Бренд: Subject Link Страницы: 2
TRENDnet TI-G102 Quick Installation Manual preview
TI-G102
Бренд: TRENDnet Страницы: 2
Advantech eWorx SE500 User Manual preview
eWorx SE500
Бренд: Advantech Страницы: 209
Greengate ONW-D-1001-347-W Installation Instructions preview
ONW-D-1001-347-W
Бренд: Greengate Страницы: 2
Fore Systems forerunner series Configuration Manual preview
forerunner series
Бренд: Fore Systems Страницы: 352
Clever Little Box ZSU-5A User Instructions preview
ZSU-5A
Бренд: Clever Little Box Страницы: 12
IBM 86495BX Installer And User Manual preview
86495BX
Бренд: IBM Страницы: 60

Бренды по названию

Популярные бренды

Загрузить еще бренды