manualshive.com logo in svg

ZyXEL Communications SBG5500-A, Руководство пользователя

Поделиться
Скачать
ZyXEL Communications SBG5500-A Скачать руководство пользователя страница 184

Chapter 10 VPN

SBG5500 Series User’s Guide

184

(2) Client loses connectivity to the SBG for a period of time.

(3) Any IPsec VPN configuration change is applied on the SBG.

(4) Either 

Default_L2TP_VPN_GW

 IPsec configuration or L2TP VPN is disabled on the SBG.

(5) When any one of these configuration changes is applied on the SBG: WAN Interface used for L2TP 
VPN, IP Address Pool, Access Group.

(6) The SBG WAN interface on which the L2TP connection established is disconnected.

5

An L2TP client is connected successfully but cannot access the local host or server behind the SBG.

Tip: 

This may be caused by one of the followings:

(1) The local host or server is disconnected. 

(2) The Access Group is not configured correctly. From the SBG’s GUI, go to the 

VPN 

L2TP VPN

 screen 

to check. Note that all local hosts are by default accessible unless Access Group is configured.

(3) 

IP Address Pool 

for L2TP VPN is conflicting with any WAN, LAN, DMZ, WLAN, or PPTP VPN subnet 

configured on the SBG. Note that

 IP Address Pool

 for L2TP VPN has 24-bit netmask and should not 

conflict with any others listed above even if they are not in use.

6

An L2TP client is connected successfully but cannot browse Internet.

Tip: 

From the SBG’s GUI, click 

VPN

 > 

L2TP VPN

. Check if DNS Server is configured. A client cannot browse 

Internet without DNS resolved. Note that when a new DNS Server is configured, the client must 
disconnect then reconnect in order for the new DNS Server to take effect.

7

The L2TP client can no longer connect to SBG after the 

Encryption

 or

 Authentication

 for the 

Default_L2TP_VPN_GW

 IPsec VPN rule is changed.

Tip: 

A user usually do not need change the default

 Encryption

 or 

Authentication

 algorithms in the 

Default_L2TP_VPN 

IPsec VPN rule. The default 

Encryption

 and 

Authentication

 algorithms should support 

the built-in L2TP/IPsec client software in the popular operating systems (Windows (XP, Vista, 7), Android, 
and iOS). 

Refer to 

Table 71 on page 172

 for the default setting of the 

Default_L2TP_VPN_GW 

IPsec VPN rule.

As a reference, 

Table 76 on page 184

 lists the IPsec proposals provided by a built-in L2TP client in the 

popular operating systems during IPsec phase 1 negotiation. The first proposal that can be supported by 
the phase 1 setting in the 

Default_L2TP_VPN_GW

 IPsec VPN rule will be accepted by the SBG. The 

algorithms in red in 

Table 76 on page 184

 indicate the ones that will be accepted based on 

Table 72 on 

page 174

Table 76   Phase 1 IPsec proposals provided by the built-in L2TP client in popular operating systems 

(Encryption/Authentication/Key Group)

WINDOWS XP

WINDOWS VISTA

WINDOWS 7

IOS 5.1

ANDROID 4.1

1

3DES/SHA1/DH15

3DES/SHA1/DH15

AES/SHA1/DH15

AES/SHA1/DH2

AES/SHA1/DH2

2

3DES/SHA1/DH2

3DES/SHA1/DH2

3DES/SHA1/DH15

AES/MD5/DH2

AES/MD5/DH2

3

3DES/MD5/DH2

3DES/SHA1/DH2

3DES/SHA1/DH2

3DES/SHA1/DH2

4

DES/SHA1/DH1

3DES/MD5/DH2

3DES/MD5/DH2

Содержание SBG5500-A

Страница 1: ...ails User s Guide SBG5500 Series SBG5500 A SBG5500 B Small Business Gateway Copyright 2017 Zyxel Communications Corporation LAN IP Address http 192 168 1 1 User Name admin Password 1234 Version 1 10 E...

Страница 2: ...product due to differences in your product firmware or your computer operating system Every effort has been made to ensure that the information in this manual is accurate Related Documentation Quick S...

Страница 3: ...s guide Product labels screen names field labels and field choices are all in bold font A right angle bracket within a screen name denotes a mouse click For example Configuration Log Report Log Settin...

Страница 4: ...d 45 WAN Internet 48 LAN 85 Routing 108 Network Address Translation NAT 122 Firewall 138 VPN 159 Bandwidth Management 194 Network Management 212 Log Report 215 Service License 225 Device Name 227 Host...

Страница 5: ...ations for the SBG 14 1 4 1 Internet Access 14 1 4 2 SBG s USB Support 16 1 5 LEDs Lights 17 1 6 The RESET Button 18 Chapter 2 The Web Configurator 20 2 1 Overview 20 2 1 1 Accessing the Web Configura...

Страница 6: ...een 68 5 5 The Port Setting Screen 72 5 6 The Multi WAN Screen 73 5 6 1 Edit Multi WAN 74 5 6 2 How to Configure Multi WAN for Load Balancing and Failover 75 5 7 The Dynamic DNS screen 76 5 7 1 Edit D...

Страница 7: ...1 Add Edit Policy Route 116 7 4 The Static Route Screen 118 7 4 1 Add Edit Static Route 119 7 5 The RIP Screen 120 Chapter 8 Network Address Translation NAT 122 8 1 Overview 122 8 1 1 What You Can Do...

Страница 8: ...52 9 10 The Certificate Screen 153 9 11 The AAA Server 154 9 11 1 Add Edit an LDAP Server 155 9 11 2 Add Edit an RADIUS Server 157 Chapter 10 VPN 159 10 1 Overview 159 10 2 What You Can Do in this Cha...

Страница 9: ...98 11 4 The Classification Setup Screen 199 11 4 1 Add Edit a QoS Class 200 11 5 The Policer Setup Screen 204 11 5 1 Add Edit a QoS Policer 205 11 6 The Shaper Setup Screen 206 11 6 1 Add Edit a QoS S...

Страница 10: ...8 User Account 233 18 1 Overview 233 18 2 What You Can Do in this Chapter 233 18 3 The User Account Screen 233 18 3 1 Add Edit a Users Account 234 Chapter 19 USB Storage 236 19 1 Overview 236 19 1 1 W...

Страница 11: ...Backup Restore Screen 250 Chapter 23 Language 252 23 1 Overview 252 23 2 The Language Screen 252 Chapter 24 Restart Shutdown 253 24 1 Overview 253 24 2 The Restart Shutdown Screen 253 Chapter 25 Troub...

Страница 12: ...12 PART I User s Guide...

Страница 13: ...ge Features One DSL Port for Internet Connection Combo GbE and SFP Port for Internet Connection One USB Port for 3G 4G Connection and File Sharing Five GbE Ports for LAN Connection Firewall with Secur...

Страница 14: ...s As a small business gateway your SBG has multiple WAN interfaces including 3G 4G DSL fiber and Gigabit Ethernet to share the network traffic load You can configure multiple WAN load balance and fail...

Страница 15: ...eries User s Guide 15 Computers can connect to the SBG s LAN ports Figure 1 SBG s Internet Access Application ADSL VDSL Figure 2 SBG s Internet Access Application ADSL Figure 3 SBG s Internet Access A...

Страница 16: ...by default unless it is initiated from your network This means that probes from the outside to your network are not allowed but you can safely browse the Internet and download files 1 4 2 SBG s USB Su...

Страница 17: ...igure 7 SBG5500 B Front and Rear Panels None of the LEDs are on if the SBG is not receiving power The location of the LEDs are highlighted in the figures above Table 1 LED Descriptions LED COLOR STATU...

Страница 18: ...The SBG is initializing the ADSL VDSL line Off The ADSL VDSL line is down SFP Green On The SBG has established an SFP connection Blinking The SBG is sending or receiving data to from the SFP connecti...

Страница 19: ...ide 19 2 To set the device back to the factory default settings press the RESET button for five seconds or until the POWER LED begins to blink and then release it When the POWER LED begins to blink th...

Страница 20: ...Java permissions enabled by default 2 1 1 Accessing the Web Configurator 1 Make sure your SBG hardware is properly connected refer to the Quick Start Guide 2 Launch your web browser If the SBG does no...

Страница 21: ...cally so you can log in with your new password Figure 9 Change Password Screen 5 The Wizard appears automatically after login Use the Wizard to configure SBG s basic settings See Chapter 3 on page 26...

Страница 22: ...page 26 Configuration Configuration Site Map Click this to view a summary of all the available screens in the Configuration menu WAN Internet WAN Status WAN Status Use this screen to view the WAN por...

Страница 23: ...and configure domain zone forwarder on the SBG Routing Routing Status Use this screen to view the IPv4 and IPv6 routing flow Policy Route Use this screen to view and set up policy routes on the SBG S...

Страница 24: ...also configure the QoS rules and actions Queue Setup Use this screen to configure QoS queues Classification Setup Use this screen to define a classifier Policer Setup Use these screens to configure Qo...

Страница 25: ...ity Fault Management MD maintenance domain to perform connectivity tests and view test reports OAM Ping Use this screen to verify the connectivity of a specific PVC Packet Capture Use this screen to c...

Страница 26: ...The Wizard consists of the following setups Wizard Basic Setup Use Basic Setup to set up a WAN Internet connection This Wizard creates matching ISP account settings in the SBG if you use PPPoE See Se...

Страница 27: ...to connect to the Internet Click Next to continue the Wizard Back to return to the previous screen Figure 13 Wizard Basic Setup 1 Enter your Internet connection information in this screen The screen...

Страница 28: ...Series User s Guide 28 Figure 14 Connect to the Internet 2 If you select the ADSL over ATM connection type enter the VPI and VCI assigned to you and the method of multiplexing used by your ISP Figure...

Страница 29: ...his screen to specify which IPv4 address the SBG uses to connect to the Internet If your ISP gave you this information enter it here Otherwise select Obtain an IP Address Automatically Figure 17 IPv4...

Страница 30: ...nd Time 7 The SBG saves your settings and attempts to connect to the Internet If the SBG failed to connect to the Internet or if you want to modify any of the settings you previously configured you ca...

Страница 31: ...You can register your device and manage subscription services available for your SBG at myZyxel portal for online services Figure 21 Register Device and Services 9 Once you completed the basic setup a...

Страница 32: ...Network rule for a secure connection to another computer or network Figure 23 Wizard IPsec VPN Setup There are two types of VPN policies you can configure in the SBG Select one and click Next Express...

Страница 33: ...3 3 2 on page 35 Figure 24 VPN Policy Type 3 3 1 VPN Express Settings The following screens will display if you select Express in the previous screen 1 Type the Rule Name used to identify this VPN co...

Страница 34: ...apsulation this connection is to use Configure a Secure Gateway IP as the peer SBG s WAN IP address Type a secure Pre Shared Key Set Local Policy to be the IP address range of the network connected to...

Страница 35: ...configured on the SBG Figure 28 VPN Express Settings Completed 3 3 2 VPN Advanced Settings The following screens will display if you select Advanced in the VPN Policy screen 1 Type the Rule Name used...

Страница 36: ...nced Settings 2 Use the following screen to setup Phase 1 Settings Select an Encryption Authentication Algorithm and Key Group and define how often the SBG renegotiates the IKE SA in the Life Time fie...

Страница 37: ...1 Settings 3 Use the following screen to setup Phase 2 Settings Phase 2 in an IKE uses the SA that was established in phase1 to negotiate Security Associations SAs for IPsec For more information on ea...

Страница 38: ...00 Series User s Guide 38 Figure 31 Phase 2 Settings 4 A read only summary of the VPN tunnel s configuration will display If you want to save your changes click Save otherwise go Back to modify any pr...

Страница 39: ...Chapter 3 Wizard SBG5500 Series User s Guide 39 Figure 32 Summary 5 Your SBG saves your settings Now the rule is configured on the SBG Click Finish to exit the VPN Setup Wizard...

Страница 40: ...es User s Guide 40 Figure 33 VPN Advanced Settings Completed 3 4 Wizard IPv6 Setup Click the IPv6 Setup down arrow to configure the IPv6 settings on the SBG Click Next to continue the Wizard Back to r...

Страница 41: ...the Wizard IPv6 setup is completed If you want to enter a static IPv6 address or obtain it from a DHCP server click Next Figure 35 Interface Setup 7 If you did not select Auto Detection the following...

Страница 42: ...lect Delegate Prefix From WAN to automatically obtain an IPv6 network prefix from the previously selected interface Or select Static to configure a static IPv6 address for the SBG s LAN IPv6 address S...

Страница 43: ...Chapter 3 Wizard SBG5500 Series User s Guide 43 9 A read only summary of the IPv6 settings will display Click Finish to exit the Wizard IPv6 Setup Figure 38 Summary...

Страница 44: ...44 PART II Technical Reference...

Страница 45: ...e current status of the SBG system resources and interfaces LAN and WAN 4 2 The Dashboard Screen Use this screen to view the connections status of the SBG When you click the Dashboard tab a network ma...

Страница 46: ...firmware version System Status System Uptime This field displays how long the SBG has been running since it last restarted or was turned on Current Date Time This field displays the time in the SBG Ea...

Страница 47: ...there is enough traffic that the second interface needs to be used and so on Failover This field displays the passive interfaces used for failover in the SBG VPN Status This field displays the SBG s...

Страница 48: ...your private networks such as a LAN Local Area Network and other networks so that a computer in one location can communicate with computers in other locations Figure 41 LAN and WAN 3G third generatio...

Страница 49: ...you read this chapter Encapsulation Method Encapsulation is used to include data from an upper layer protocol into a lower layer protocol To set up a WAN connection to the Internet you need to use the...

Страница 50: ...pported by the VDSL2 standard In PTM packets are encapsulated directly in the High level Data Link Control HDLC frames It is designed to provide a low overhead transparent way of transporting packets...

Страница 51: ...g Both an IPv6 address and IPv6 subnet mask compose of 128 bit binary digits which are divided into eight 16 bit blocks and written in hexadecimal notation Hexadecimal uses four bits for each characte...

Страница 52: ...Transition Router AFTR in the graphic to connect to the IPv4 Internet The local network can also use IPv6 services The VDSL Router uses it s configured IPv6 WAN IP to route IPv6 traffic to the IPv6 I...

Страница 53: ...us xDSL Statistics Table 6 Configuration WAN Internet WAN Status LABEL DESCRIPTION Name This displays the name of the WAN interface Status This shows Up if the connection to this interface is up other...

Страница 54: ...sion targets Actual Delay This is the upstream and downstream interleave delay It is the wait in milliseconds that determines the size of a single block of data to be interleaved assembled and then tr...

Страница 55: ...s ES This is the number of Errored Seconds meaning the number of seconds containing at least one errored block or at least one defect SES This is the number of Severely Errored Seconds meaning the num...

Страница 56: ...the SFP transceiver s serial number provided by the vendor Revision This field displays the SFP transceiver s serial number revision level for part number Data Code This field displays the SFP transce...

Страница 57: ...service name of the connection Type This shows whether it is an ATM PTM or Ethernet connection Mode This shows whether the connection is in routing or bridge mode Encapsulation This is the method of...

Страница 58: ...Chapter 5 WAN Internet SBG5500 Series User s Guide 58 Figure 49 WAN Internet WAN Setup Add Edit Routing Mode...

Страница 59: ...ver PTM or Ethernet the choices are PPPoE and IPoE If your connection type is ADSL over ATM the choices are PPPoE PPPoA IPoE and IPoA IPv4 IPv6 Mode Select IPv4 Only if you want the SBG to run IPv4 on...

Страница 60: ...ge cell rate long term that can be transmitted Type the SCR which must be less than the PCR Note that system default is 0 cells sec This field is available only when you select VBR nrt or Realtime VBR...

Страница 61: ...Identifier IAID of the device for example the WAN connection index number DUID Type Select DUID LLT to have the SBG use DUID LLT DUID Based on Link layer Address Plus Time for identification when exc...

Страница 62: ...1048576 Ingress Bandwidth This is reserved for future use Enter the maximum amount of traffic in kilobits per second the SBG can receive from the network through the interface Allowed values are 0 10...

Страница 63: ...way for the connectivity check Check This Address Select this to specify a domain name or IP address for the connectivity check Enter that domain name or IP address in the field next to it WAN MAC Add...

Страница 64: ...u select Bridge you cannot use routing functions such as QoS Firewall DHCP server and NAT on traffic from the selected LAN port s VLAN Enable Select this to add the VLAN Tag specified below to the out...

Страница 65: ...e The SBG uses the ADSL technology for data transmission over the DSL port Mode Select Bridge when your ISP provides you more than one IP address and you want the connected computers to get individual...

Страница 66: ...te for applications with bursty connections that require closely controlled delay and delay variation Peak Cell Rate Divide the DSL line rate bps by 424 the size of an ATM cell to find the Peak Cell R...

Страница 67: ...ss Default Gateway Enter the IP address of the next hop gateway The gateway is a router or switch on the same segment as your SBG s interface s The gateway helps forward packets to their destinations...

Страница 68: ...the first IPv6 DNS server address assigned by the ISP DNS Server 2 Enter the second IPv6 DNS server address assigned by the ISP Tunnel This is available only when you select IPv6 Only in the IPv4 IPv6...

Страница 69: ...Chapter 5 WAN Internet SBG5500 Series User s Guide 69 Figure 53 Configuration WAN Internet Mobile...

Страница 70: ...ervice provider s base station Your ISP should provide the phone number For example 99 is the dial string to establish a GPRS or 3G or 4G connection in Taiwan APN Enter the APN Access Point Name provi...

Страница 71: ...SBG takes the actions you specified when a limit is exceeded during the month Time Budget Select this option and specify the amount of time in hours that the 3G connection can be used within one month...

Страница 72: ...sical Ethernet ports are shown at the bottom and the Ethernet interfaces are shown at the bottom of the screen Use the radio buttons to select for which interface network you want to use each physical...

Страница 73: ...ng table describes the labels in this screen Table 15 Configuration WAN Internet Multi WAN LABEL DESCRIPTION Configuration Disconnect Connections Before Falling Back Select this to terminate existing...

Страница 74: ...ns Select Least Load First to send new session traffic through the least utilized trunk member Select Spillover to send network traffic through the first interface in the group member list until there...

Страница 75: ...terfaces form a ratio This ratio determines how much traffic the SBG assigns to each member interface The higher an interface s weight is relative to the weights of the interfaces the more sessions th...

Страница 76: ...n 5 6 2 2 What Can Go Wrong There can only be one WAN connection configured as passive mode at a time If there is already a WAN connection configured as passive mode you will not be able to add or edi...

Страница 77: ...tus This field displays whether the dynamic DNS is active or not A green ON button signifies that this dynamic DNS is active A gray OFF button signifies that this dynamic DNS is not active Profile Nam...

Страница 78: ...core Spaces are not allowed Password Type the password provided by the DDNS provider You can use up to 32 alphanumeric characters and the underscore Spaces are not allowed DDNS Settings Domain Name Ty...

Страница 79: ...designed to provide protection against noise on the DSL line It improves voice video and data transmission resilience by utilizing a retransmission buffer Click Configuration WAN Internet xDSL Advance...

Страница 80: ...of ADSL generally functions better with splitters T1 413 ANSI T1 413 is a technical standard that defines the requirements for the single asymmetric digital subscriber line ADSL for the interface betw...

Страница 81: ...FC 2364 for more information on PPPoA Refer to RFC 1661 for more information on PPP PPP over Ethernet PPPoE Point to Point Protocol over Ethernet PPPoE provides access control and billing functionalit...

Страница 82: ...connection would be non time sensitive data file transfers Unspecified Bit Rate UBR The Unspecified Bit Rate UBR ATM traffic class is for bursty data transfers However UBR doesn t guarantee any bandwi...

Страница 83: ...ecipient or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and not just 1 Internet Group Multicast Protocol IGMP is a networ...

Страница 84: ...written as 2001 db8 1a2b 15 0 0 1a2f 0 Any number of consecutive blocks of zeros can be replaced by a double colon A double colon can only appear once in an IPv6 address So 2001 0db8 0000 0000 1a2f 00...

Страница 85: ...e LAN IP address subnet mask and DHCP settings of your SBG Section 6 2 on page 87 Use the Static DHCP screen to assign IP addresses on the LAN to specific individual computers based on their MAC Addre...

Страница 86: ...at an ISP disseminates the DNS server addresses The ISP tells you the DNS server addresses usually in the form of an information sheet when you sign up If your ISP gives you DNS server addresses enter...

Страница 87: ...to show the interfaces currently connected to the SBG Name This shows the name of the LAN interface Status This shows Up if the SBG detect a connection through this port Otherwise it shows Down Tx Pkt...

Страница 88: ...tus Click this to look at the current list of multicast groups the SBG has joined and which ports have joined it This is the multicast status table entry number Type This is the protocol used by the i...

Страница 89: ...ix and prefix length you configured when you enable IPv6 on the LAN interface and set Address Assign This field displays 1 when the IPv6 address is assigned using IPv6 stateful autoconfiguration DHCPv...

Страница 90: ...nd broadcast unknown multicast packets from the WAN to all LAN ports Select Blocking Mode to have the SBG block all unknown multicast packets from the WAN DHCP Setting DHCP Mode Select DHCP Server to...

Страница 91: ...an Interface select the WAN interface that receives the DNS server address from its DHCP server Remote DHCP Server Enter the DHCP server s address so the SBG forwards DHCP requests to this address Thi...

Страница 92: ...a 64 bit Extended Unique Identifier EUI to link locally without DHCP Select Manual to manually enter an interface ID for the LAN interface s global IPv6 address LAN Identifier Enter an interface ID f...

Страница 93: ...cally and in response to router solicitations DHCPv6 server is disabled Stateful DHCP The SBG uses IPv6 stateful autoconfiguration The DHCPv6 server is enabled to have the SBG act as a DHCPv6 server a...

Страница 94: ...dit Static DHCP If you click Add in the Static DHCP screen or Edit next to a static DHCP entry the following screen displays Table 24 Network Setting LAN Static DHCP LABEL DESCRIPTION Add Click this t...

Страница 95: ...interface group Select Device Info If you select Manual Input you can manually type in the MAC address and IP address of a computer on your LAN You can also choose the name of a computer from the drop...

Страница 96: ...Wake on LAN Screen Use this screen to turn on a device on the LAN network To use this feature the remote device must also support Wake On LAN Table 26 Configuration LAN Home Network Additional Subnet...

Страница 97: ...Click Edit to open the following screen Figure 68 Wake On LAN Edit Table 27 Configuration LAN Home Network Wake on LAN LABEL DESCRIPTION Add Click this to add a new device to Wake on LAN Remove Selec...

Страница 98: ...escribes the labels on this screen Table 28 Configuration LAN Home Network Wake on LAN LABEL DESCRIPTION Wake From Manual Type MAC Select this to enter the MAC address of the device to turn it on remo...

Страница 99: ...e 70 VLAN Interface Group Add Edit VLAN Group Remove Click Remove to delete an interface group This shows the index number of the interface group Mode This shows VLAN when this is a VLAN group This sh...

Страница 100: ...ck this check box to create a VLAN group Interface Group To Bridge Bundle WAN Interfaces Click this check box to create an interface group 802 1p IEEE 802 1p defines up to 8 separate traffic types by...

Страница 101: ...traffic through tagged member ports of this group A VLAN ID cannot be assigned to more than one group Interfaces This shows the LAN ports included in the VLAN group and if traffic leaving the port wil...

Страница 102: ...ABEL DESCRIPTION WAN Type Select the current WAN connection type WAN Interface Select the current WAN interface OK Click OK to save your changes Cancel Click Cancel to exit this screen without saving...

Страница 103: ...wing screen DHCP Option 61 Click this to enter the Identity Association IDentifier IAD Option 61 of the matched traffic such as the MAC address of the device Type the DHCP Unique Identifier DUID you w...

Страница 104: ...etwork DNS Forwarder LABEL DESCRIPTION Add Click this to add a domain zone forwarder record Edit Select an existing domain zone forwarder record and click Edit to modify it Remove Click this to delete...

Страница 105: ...ame Enter the domain zone in this field A domain zone is a fully qualified domain name without the host For example zyxel com tw is a wildcard domain zone for the www zyxel com tw fully qualified doma...

Страница 106: ...G supports the IPCP DNS server extensions through the DNS proxy feature Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions It does not mean you can leave the DNS se...

Страница 107: ...en your two branch offices you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has reserved the following three blocks of IP addresses sp...

Страница 108: ...R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router R3 connected to the LA...

Страница 109: ...the Routing Flow section the related routes activated will display in the Routing Table section To access this screen click Configuration Routing Routing Status Note Once a packet matches the criteri...

Страница 110: ...ting SBG5500 Series User s Guide 110 Figure 81 Configuration Routing Routing Status Policy Route Figure 82 Configuration Routing Routing Status L2TP Server Figure 83 Configuration Routing Routing Stat...

Страница 111: ...Chapter 7 Routing SBG5500 Series User s Guide 111 Figure 84 Configuration Routing Routing Status Static Route Figure 85 Configuration Routing Routing Status Dynamic Route RIP...

Страница 112: ...Chapter 7 Routing SBG5500 Series User s Guide 112 Figure 86 Configuration Routing Routing Status Multi WAN Figure 87 Configuration Routing Routing Status Main Table...

Страница 113: ...name of an interface associated with the route The following fields are available if you click Policy Route in the Routing Flow section This is the number of an individual policy route Status This fie...

Страница 114: ...amic route Destination This indicates the destination IP address of this route Gateway IP This indicates the IP address of the gateway that helps forward this route s traffic Interface This indicates...

Страница 115: ...C Up Cache The route is up and it is a cache entry Reject The route is blocked and will force a route lookup to fail G Gateway The route uses a gateway to forward traffic H Host The target of the rout...

Страница 116: ...A gray OFF button signifies that this route is not active Click the slide button to enable and disable the policy router Name This field displays the descriptive name of the policy route Source IP Thi...

Страница 117: ...t you specify Criteria Source Use this section to configure where the packets are coming from in this policy route Address Select Any if the policy route will receive packets from all IP addresses Sel...

Страница 118: ...address object to which the packets go Destination Port Enter the port number 1 65535 to which the packets go The SBG applies the policy route to the packets that go to the corresponding service port...

Страница 119: ...ect one or more static routes and click this to enable them Multiple Entries Turn Off Select one or more static route and click this to disable them This is the index number of the static route Status...

Страница 120: ...of the final destination Subnet Mask Enter the IP subnet mask here If you are using IPv4 and need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to f...

Страница 121: ...n RIP version RIPv1 is probably adequate for most networks unless you have an unusual network topology Operation Select Passive to have the SBG update the routing table based on the RIP packets receiv...

Страница 122: ...e 131 Use the ALG screen to enable and disable the NAT and SIP VoIP ALG in the SBG Section 8 6 on page 133 8 1 2 What You Need To Know Inside Outside Inside outside denotes where a host is located rel...

Страница 123: ...known services or where one server can support more than one service for example both FTP and web service it might be better to specify a range of port numbers You can allocate a server IP address tha...

Страница 124: ...of the rule Status This field displays whether the rule is active or not A green ON button signifies that this rule is active A gray OFF button signifies that this rule is not active Click the slide b...

Страница 125: ...Port This is the last internal port number that identifies a service Table 42 Configuration NAT Port Forwarding continued LABEL DESCRIPTION Table 43 Port Forwarding Add Edit LABEL DESCRIPTION Enable...

Страница 126: ...ch time you want a different LAN computer to use the application For example WAN IP Enter the WAN IP address for which the incoming service is destined If the packet s destination IP address doesn t m...

Страница 127: ...e minutes with UDP User Datagram Protocol or two hours with TCP IP Transfer Control Protocol Internet Protocol Click Configuration NAT Port Triggering to open the following screen Use this screen to v...

Страница 128: ...ed Trigger Start Port The trigger port is a port or a range of ports that causes or triggers the SBG to record the IP address of the LAN computer that sent the traffic to a server on the WAN This is t...

Страница 129: ...onfigure port triggering rules Trigger Protocol Select the transport layer protocol from TCP UDP or TCP UDP Starting Port The trigger port is a port or a range of ports that causes or triggers the SBG...

Страница 130: ...al IP address Note that port numbers do not change for the One to one NAT mapping type Many to One Source NAT This mode maps multiple local IP addresses to one global IP address This is equivalent to...

Страница 131: ...multiple local IP addresses to one global IP address This is equivalent to SUA that is PAT port address translation the SBG s Single User Account feature that previous routers supported only Many to M...

Страница 132: ...ce group that was created in the Configuration LAN Home Network VLAN Interface Group screen Default Server Address This shows the IP address of the default server Table 49 Default Server Edit LABEL DE...

Страница 133: ...file transfer in IM applications work correctly with port forwarding and address mapping rules FTP ALG Turn on the FTP ALG to detect FTP File Transfer Program traffic and help build FTP sessions throu...

Страница 134: ...e simplest form NAT changes the source IP address in a packet received from a subscriber the inside local address to another the inside global address before forwarding the packet to the WAN side When...

Страница 135: ...esses to globally unique ones required for communication with hosts on other networks It replaces the original IP source address and TCP or UDP source port numbers for Many to One and Many to Many Ove...

Страница 136: ...Example Let s say you want to assign ports 21 25 to one FTP Telnet and SMTP server A in the example port 80 to another B in the example and assign a default server IP address of 192 168 1 35 to a thir...

Страница 137: ...slation NAT SBG5500 Series User s Guide 137 example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 107 Multiple...

Страница 138: ...Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 108 Default Firewall Action...

Страница 139: ...queue is full the system will ignore all incoming SYN requests making the system unavailable for legitimate users DoS Denials of Service DoS attacks are aimed at devices and networks with a connection...

Страница 140: ...on server the SBG supports Local user database The SBG uses the built in local user database to authenticate administrative users logging into the SBG s Web Configurator or network access users loggin...

Страница 141: ...the DoS Protection Blocking check box to activate protection against DoS attacks Then click Apply to save your settings Figure 110 Configuration Firewall Security DoS 9 4 The Firewall Rules Screen Th...

Страница 142: ...e or more rules and click this to disable them This is the index number of the rule Status This field displays whether the firewall rule is active or not A green ON button signifies that this firewall...

Страница 143: ...Order Select an existing number for where you want to put this firewall rule to move the firewall rule to the number you selected after clicking OK Ordering your rules is important because the SBG ap...

Страница 144: ...t select Any enter the destiniation IP address in this field Select Service Select the transport layer protocol that defines your customized port from the drop down list box The specific protocol rule...

Страница 145: ...ws the interfaces this service is allowed access to the SBG from the WAN Trust Domain This shows a check icon if the service is allowed access to the SBG from the Trust Domain Port This field displays...

Страница 146: ...Configuration Firewall Security Device Service LABEL DESCRIPTION Table 56 Device Service Edit LABEL DESCRIPTION Service This is the service you may use to access the SBG Port You may change the server...

Страница 147: ...ackets to which they apply Click Configuration Firewall Security Zone Control to display the following screen Figure 116 Configuration Firewall Security Zone Control Table 57 Trust Domain Add Edit LAB...

Страница 148: ...aveling from a computer on one LAN subnet to a computer on another LAN subnet on the LAN interface of the device You can define the EXTRA zone to include the VPN connection The Router zone can only be...

Страница 149: ...ied to a certain feature This is the index number of the rule Rule Name This is the name of the rule Days This shows the day s on which this rule is enabled Green days show when the rule is enabled Gr...

Страница 150: ...een Figure 120 Service Add Edit Table 61 Configuration Firewall Security Service LABEL DESCRIPTION Add Click this to add a new service Edit Click this to modify an existing service Remove Click this t...

Страница 151: ...board characters including spaces for your customized port Description Enter a description for your customized port Protocol Choose the IP protocol TCP UDP ICMP Other or ICMPv6 that defines your custo...

Страница 152: ...or more MAC filter rules and click this to disable them Status This field displays whether the MAC filter rule is active or not A green ON button signifies that this MAC filter rule is active A gray...

Страница 153: ...e LABEL DESCRIPTION My Certificate Settings Trusted CA Settings Add Click this to create a new certificate Select a rule and click Add to create a new certificate after the selected entry Remove To re...

Страница 154: ...and country Valid From This field displays the date that the certificate becomes applicable The text displays in red and includes a Not Yet Valid message if the certificate has not yet become applicab...

Страница 155: ...create a new server Select a rule and click Add to create a new server after the selected entry Edit Double click a server or select it and click Edit to open a screen where you can modify the server...

Страница 156: ...ect this if the server checks the case of the user names Server Authentication Bind DN Specify the bind DN for logging into the LDAP server Enter up to 127 alphanumerical characters For example cn zyx...

Страница 157: ...aracters Server Settings Server Address Enter the IP address or FQDN of the RADIUS authentication server Authentication Port Specify the port number on the RADIUS server to which the SBG sends authent...

Страница 158: ...ernal authentication server and the SBG The key is not sent over the network This key must be the same on the external authentication server and the SBG User Login Settings Group Membership Attribute...

Страница 159: ...splay and manage active IPsec VPN connections Section 10 5 on page 163 Use the PPTP VPN screen to configure the PPTP VPN settings in the SBG Section 10 6 on page 176 Use the L2TP VPN screen to configu...

Страница 160: ...rs on the local network and remote network The following figure illustrates this Figure 128 VPN IKE SA and IPsec SA In this example a computer in network A is exchanging data with a computer in networ...

Страница 161: ...de the office When you connect to a remote network B through a PPTP VPN all of your traffic goes through the PPTP VPN gateway X Figure 129 PPTP VPN Example L2TP VPN The Layer 2 Tunneling Protocol L2TP...

Страница 162: ...ly My Address This field displays the interface the VPN gateway uses Secure Gateway This field displays the peer gateway address of the IPsec router with which you are making the VPN connection Up Tim...

Страница 163: ...VPN gateway Use Connection Configuration to specify which IPsec VPN gateway an IPsec VPN connection policy uses which devices behind the IPsec routers can use the VPN tunnel and the IPsec SA settings...

Страница 164: ...this VPN gateway My Address This field displays the interface the VPN gateway uses Secure Gateway This field displays the peer gateway address of the IPsec router with which you are making the VPN co...

Страница 165: ...to site with Dynamic Peer Choose this if the remote IPsec router has a dynamic IP address Only the remote IPsec router can initiate the VPN tunnel Remote Access Server Role Choose this to allow incom...

Страница 166: ...PTION Show Advanced Settings Hide Advanced Settings Click this button to display a greater or lesser number of configuration fields General Settings Enable Select the check box to activate this VPN ga...

Страница 167: ...es to using the secondary connection the SBG will reconnect to the primary address when it becomes available again and stop using the secondary connection Users will lose their VPN connection briefly...

Страница 168: ...ified by he IP address specified in the My Address field Content This field is read only if the SBG and remote IPsec router use certificates to identify each other Type the identity of the SBG during...

Страница 169: ...nabled IPsec rules When the default IPsec rule Default_L2TP_VPN_GW is enabled if you want to add a new Remote Access IPsec rule you can use phase 1 Encryption Authentication and Key Group pair DES MD5...

Страница 170: ...There are one or more NAT routers between the SBG and remote IPsec router and these routers do not support IPsec pass thru or a similar feature The remote IPsec router must also enable NAT traversal a...

Страница 171: ...if one of the routers the SBG or the remote IPsec router verifies a user name and password from the other router using the local user database and or an external server Allowed Auth Method This displ...

Страница 172: ...splay a greater or lesser number of configuration fields General Settings Enable Select the check box to activate this VPN connection Connection Name Type the name used to identify this IPsec SA You m...

Страница 173: ...remote IPsec device You can also specify a subnet This must match the local IP address configured on the remote IPsec device Full Tunnel Select this check box if you need the SBG to send packets thro...

Страница 174: ...icate packet data in the IPsec SA Choices are SHA1 SHA256 and SHA512 SHA is generally considered stronger than MD5 but it is also slower The SBG and the remote IPsec router must both have a proposal t...

Страница 175: ...he right Use that IP address for the client device to connect c The WAN interface which the SBG s PPTP VPN is using is not connected Action From the SBG s GUI click Status Check if the WAN interface t...

Страница 176: ...nected b The access group is not configured correctly From the SBG s GUI go to VPN PPTP VPN to check Note that all local hosts are by default accessible unless access group is configured c IP Address...

Страница 177: ...Group optional Specify up to 2 LAN groups subnets which a PPTP VPN client is allowed to access If none is specified all LAN groups can be accessed Enter the IP address and Subnet Mask for the LAN gro...

Страница 178: ...SBG s GUI click VPN PPTP VPN Check Enable check box and click Apply e PPTP is not configured correctly on the client device Action Check the PPTP VPN configuration on the client device f The client en...

Страница 179: ...any WAN LAN DMZ WLAN or L2TP VPN subnet configured on the SBG Note that the IP Address Pool for PPTP VPN has a 24 bit netmask and should not conflict with any others listed above even if they are not...

Страница 180: ...s subnets which a L2TP VPN client is allowed to access If none is specified all LAN groups can be accessed Enter the IP address and Subnet Mask for the LAN group s Keep Alive Timer The SBG sends a Hel...

Страница 181: ...act as a L2TP VPN client Also the screen varies depending on which option you select here Enable Select the check box to enable the SBG s L2TP VPN function as a client Default Route Enable Select the...

Страница 182: ...ype Select PAP or and CHAP as your authentication method s PAP Password Authentication Protocol The L2TP server will crosscheck the username and password sent by the client with the database for authe...

Страница 183: ...Check the L2TP VPN configuration on the client device g The client entered an incorrect user name or password Action From the SBG s GUI click Maintenance User Account The client should use one of the...

Страница 184: ...en a new DNS Server is configured the client must disconnect then reconnect in order for the new DNS Server to take effect 7 The L2TP client can no longer connect to SBG after the Encryption or Authen...

Страница 185: ...ES SHA1 DH2 6 DES MD5 DH2 Table 77 Phase 2 IPsec proposals provided by the built in L2TP client in popular operating systems Tunnel Mode Encryption Authentication Encapsulation Transport WINDOWS XP WI...

Страница 186: ...ys the name of the L2TP Network Server Server WAN IP This field displays the WAN IP address of the L2TP Network Server Client WAN IP This field displays the WAN IP address of the L2TP client Server L2...

Страница 187: ...m describes the use of encryption techniques such as DES Data Encryption Standard and Triple DES algorithms The Authentication Algorithms HMAC MD5 RFC 2403 and HMAC SHA 1 RFC 2404 provide an authentic...

Страница 188: ...y use of portions of the original IP header in the hashing process Tunnel Mode Tunnel mode encapsulates the entire IP packet to transmit it securely A Tunnel mode is required for gateway services to p...

Страница 189: ...Hellman public key cryptography key group Set the IPsec SA lifetime This field allows you to determine how long the IPsec SA should stay up before it times out The SBG automatically renegotiates the I...

Страница 190: ...psulates the entire original packet including headers in a new IP packet The new IP packet s source address is the outbound address of the sending VPN gateway and its destination address is the inboun...

Страница 191: ...ith NAT in tunnel and transport modes is summarized in the following table Y This is supported in the SBG if you enable NAT traversal 10 9 7 ID Type and Content With aggressive negotiation mode see Se...

Страница 192: ...a public key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel Diffie Hellman is used within IKE SA setup to establish session keys 76...

Страница 193: ...10 VPN SBG5500 Series User s Guide 193 supported Upon completion of the Diffie Hellman exchange the two peers have a shared secret but the IKE SA is not authenticated For authentication use pre share...

Страница 194: ...ency delay and a low level of jitter variations in delay such as Voice over IP VoIP or Internet gaming and those for which jitter alone is a problem such as Internet radio or streaming video This chap...

Страница 195: ...e transmitted with a pre configured data transmission rate using buffers or queues Your SBG uses the Token Bucket algorithm to allow a certain amount of large bursts while keeping a limit at the avera...

Страница 196: ...than the interfaces actual transmission speed The SBG uses up to 95 of the DSL port s actual upstream transmission speed even if you set this number higher than the DSL port s actual transmission spee...

Страница 197: ...e Automatically assign priority based on the first three bits of the TOS field in the IP header Packet Length Automatically assign priority based on the packet size Smaller packets get higher priority...

Страница 198: ...this queue Interface This shows the name of the SBG s interface through which traffic in this queue passes Priority This shows the priority of this queue Weight This shows the weight of this queue Bu...

Страница 199: ...the priority level from 1 to 8 of this queue The smaller the number the higher the priority level Traffic assigned to higher priority queues gets through faster while traffic in lower priority queues...

Страница 200: ...een ON button signifies that this classifier is active A gray OFF button signifies that this classifier is not active Click the slide button to turn on or turn off the classifier Class Name This is th...

Страница 201: ...le this classifier Class Name Enter a descriptive name for the classifier You can use up to 31 alphanumeric characters it must begin with a letter The valid characters are 0 9 a z A Z _ Order Select a...

Страница 202: ...he specified criteria from this classifier Destination Criteria Configuration Address Select the check box and enter the source IP address in dotted decimal notation A blank source IP address means an...

Страница 203: ...Type field If you select this option the matched TCP packets must contain the ACK Acknowledge flag Exclude Select this option to exclude the packets that match the specified criteria from this classif...

Страница 204: ...n you take this action Multiple Entries Turn On Select one or more policers and click this to enable them Multiple Entries Turn Off Select one ore more policers and click this to disable them This is...

Страница 205: ...be transmitted Each token represents one byte The algorithm allows bursts of up to b bytes which is also the bucket size The Single Rate Three Color Marker srTCM is based on the token bucket filter a...

Страница 206: ...ter the DSCP mark value to use The packets may be dropped if there is congestion on the network Non Conforming Action Specify what the SBG does for packets that exceed the excess burst size or peak ra...

Страница 207: ...shapers and click this to disable them This is the index number of the entry Status This field displays whether the shaper is active or not A green ON button signifies that this shaper is active A gra...

Страница 208: ...ice TOS field in the IP header The DS field contains a 2 bit unused field and a 6 bit DSCP field which can define up to 64 service levels The following figure illustrates the DS field DSCP is backward...

Страница 209: ...1p priority level IP precedence and or packet length to assign priority to traffic which does not match a class The following table shows you the internal layer 2 and layer 3 QoS mapping on the SBG On...

Страница 210: ...hat may cause outgoing packets to be dropped A larger transmission rate requires a big bucket size For example use a bucket size of 10 kbytes to get the transmission rate up to 10 Mbps Single Rate Thr...

Страница 211: ...priority levels High packet loss priority level is referred to as red medium is referred to as yellow and low is referred to as green The trTCM is based on the token bucket filter and has two token bu...

Страница 212: ...ionality which allows a manager station to manage and monitor the SBG through the network The SBG supports SNMP version one SNMPv1 and version two SNMPv2c The next figure illustrates an SNMP managemen...

Страница 213: ...perations Set Allows the manager to set values for object variables within an agent Trap Used by the agent to inform the manager of some events Click Configuration Network Management SNMP to open the...

Страница 214: ...p Destination Type the IP address of the station to send your SNMP traps to Apply Click Apply to save your changes back to the SBG Reset Click Reset to restore your previously saved settings Table 95...

Страница 215: ...empted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts display in red and logs...

Страница 216: ...lay filter is available If the filter settings are shown the Display Priority Source Address Destination IP Address Source Interface Destination Interface Protocol Keyword Search and Reset fields are...

Страница 217: ...face of the destination of the incoming packet when the log message was generated Keyword Type a keyword of the policy service available from SBG to search for a log Search This displays when you show...

Страница 218: ...rn Off Select one or more entries and click this to disable them This field is a sequential value and it is not associated with a specific log Status This field displays whether the log setting is act...

Страница 219: ...ts for all log categories enable normal logs and debug logs yellow check mark send the remote server log messages alerts and debugging information for all log categories This field is a sequential val...

Страница 220: ...vious screen Cancel Click this to return to the previous screen without saving your changes Table 99 Configuration Log Report Log Settings Edit USB LABEL DESCRIPTION Table 100 Configuration Log Report...

Страница 221: ...when the log is e mailed Password This box is effective when you select the SMTP Authentication check box Type the password to provide to the SMTP server when the log is e mailed Retype to Confirm Ty...

Страница 222: ...n the Log Viewer tab The Default category includes debugging messages generated by open source software System Log Select which events you want to log by Log Category There are three choices disable a...

Страница 223: ...kinds of messages are included in log information in the Log Settings section Log Format This field displays the format of the log information It is read only VRPT Syslog Zyxel s Vantage Report syslo...

Страница 224: ...gory of messages It is the same value used in the Display and Category fields in the Log Viewer tab The Default category includes debugging messages generated by open source software Selection Select...

Страница 225: ...e LABEL DESCRIPTION Service License Status This is the entry s position in the list Service This lists the services that are available on the SBG Status This field displays the status of your service...

Страница 226: ...maximum number of users that may connect to the SBG at the same time or how many managed APs the SBG can support with your current license It displays 0 if this field does not apply to a service Serv...

Страница 227: ...er a descriptive name to identify your SBG This name can be up to 64 alphanumeric characters long Spaces are not allowed but dashes underscores _ and periods are accepted Domain Name Enter the domain...

Страница 228: ...reen to view and manage the clients that you added to the host list Figure 161 Maintenance Host Name List The following table describes the labels in this screen 16 2 1 Add Host Name Click Add to crea...

Страница 229: ...e host device manually You can also enter a device s IP address and click Get to obtain its MAC address Member List Select a member device from the drop down list Get MAC Address From IP Enter the IP...

Страница 230: ...gure system related settings such as system time and the daylight saving setup 17 2 The Date Time Screen To change your SBG s time and date click Maintenance Date Time The screen appears as shown Use...

Страница 231: ...time starts in most parts of the United States on the second Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States set the...

Страница 232: ...7 Date Time SBG5500 Series User s Guide 232 Apply Click Apply to save your changes back to the SBG Reset Click Reset to restore your previously saved settings Table 106 Maintenance Date Time LABEL DES...

Страница 233: ...re 164 Maintenance User Account The following table describes the labels in this screen Table 107 Maintenance User Account LABEL DESCRIPTION Add Click this to configure a new user account Edit Select...

Страница 234: ...ce User Account continued LABEL DESCRIPTION Table 108 Users Configuration Add Edit LABEL DESCRIPTION User Name This field is read only if you are editing the user account Enter a descriptive name for...

Страница 235: ...G locks the user out Idle Timeout Enter the number of minutes that the system can idle before being logged out Lock Period Enter the number of minutes for the lockout period A user cannot log into the...

Страница 236: ...eed To Know The following terms and concepts may help as you read this chapter Workgroup name This is the name given to a set of computers that are connected on a network and share resources such as a...

Страница 237: ...g systems refer to your systems specifications for CIFS compatibility 19 1 2 Before You Begin Make sure the SBG is connected to your network and turned on 1 Connect the USB device to one of the SBG s...

Страница 238: ...Edit Select a share and click Edit to modify it Remove Select a share and click Remove to delete it Multiple Entries Turn On Select one or more shares and click this to enable them Multiple Entries T...

Страница 239: ...ance USB Storage LABEL DESCRIPTION Table 110 USB Storage Add LABEL DESCRIPTION Volume Select the name of the USB where the file you want to share is located Share Path Select a file drop down list to...

Страница 240: ...inistration and Maintenance packet to verify the connectivity of a specific PVC Section 20 4 on page 242 The Packet Capture screen to capture packets going through the SBG Section 20 5 on page 244 20...

Страница 241: ...ostic Network Tools LABEL DESCRIPTION Ping TraceRoute Test Bound Interface Choose a connected interface from the drop down list LAN WAN to perform the ping tracer route test Address Type the URL or IP...

Страница 242: ...ress Enter the target device s MAC address to which the SBG performs a CFM loopback test 802 1Q VLAN ID Type a VLAN ID 0 4095 for this MA VDSL Traffic Type This shows whether the VDSL traffic is activ...

Страница 243: ...he same VPI as the user data cells on VP connections but use different predefined VCI values F5 cells use the same VPI and VCI as the user data cells on the VC connections and are distinguished from d...

Страница 244: ...Packet Capture to open the packet capture screen Note New capture files overwrite existing files of the same name Change the File Suffix field s setting to avoid this Table 113 Maintenance Diagnostic...

Страница 245: ...the port This displays Ready when the USB is ready for capture This displays Unmount USB to confirm you can remove your USB drive safely This displays Capturing when the packet is in process of being...

Страница 246: ...tart another capture Capture Duration Set a time limit in seconds for the capture The SBG stops the capture and generates the capture file when either this period of time has passed Capture File Size...

Страница 247: ...ecific model Refer to the label on the bottom of your SBG 21 2 The Firmware Screen Click Maintenance Firmware Upgrade to open the following screen The upload process uses HTTP Hypertext Transfer Proto...

Страница 248: ...t firmware version Released Date This shows the date the present firmware was released Upgrade Click the Upgrade icon to open a new screen where you Browse the location of the bin file you want to Upl...

Страница 249: ...XEL website and upload it to the SBG Click Maintenance Firmware Upgrade Mobile Profile to open the following screen The upload process uses HTTP Hypertext Transfer Protocol and may take up to two minu...

Страница 250: ...restoring configuration appears in this screen as shown next Figure 179 Maintenance Backup Restore Backup Configuration Backup Configuration allows you to back up save the SBG s current configuration...

Страница 251: ...uration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address 192 168 1 1 If the upload was not successful the following screen...

Страница 252: ...or 23 2 The Language Screen Click Maintenance Language to open the following screen Figure 182 Maintenance Language Select the language of your preference and click Apply to save your changes to the S...

Страница 253: ...tdown Screen System restart allows you to reboot the SBG remotely without turning the power off You may need to do this if the SBG hangs for example Click Maintenance Restart Shutdown Click Restart to...

Страница 254: ...on 2 Make sure you are using the power adaptor or cord included with the SBG 3 Make sure the power adaptor or cord is connected to the SBG and plugged in to an appropriate power source Make sure the...

Страница 255: ...ts See Section 1 6 on page 18 I cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the...

Страница 256: ...log out 3 Turn the SBG off and on 4 If this does not work you have to reset the device to its factory defaults See Section 25 1 on page 254 I cannot Telnet to the SBG See the troubleshooting suggestio...

Страница 257: ...sure you turn off the DHCP feature in the Configuration LAN Home Network LAN Setup screen to have the clients get WAN IP addresses directly from your ISP s DHCP server I cannot connect to the Interne...

Страница 258: ...0 Series User s Guide 258 2 Reboot the SBG 3 If you are connecting a USB hard drive that comes with an external power supply make sure it is connected to an appropriate power source that is on 4 Re co...

Страница 259: ...nformation Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief des...

Страница 260: ...om pk Philippines Zyxel Philippines http www zyxel com ph Singapore Zyxel Singapore Pte Ltd http www zyxel com sg Taiwan Zyxel Communications Corporation http www zyxel com tw zh Thailand Zyxel Thaila...

Страница 261: ...Republic Zyxel Communications Czech s r o http www zyxel cz Denmark Zyxel Communications A S http www zyxel dk Estonia Zyxel Estonia http www zyxel com ee et Finland Zyxel Communications http www zyx...

Страница 262: ...elux http www zyxel nl Norway Zyxel Communications http www zyxel no Poland Zyxel Communications Poland http www zyxel pl Romania Zyxel Romania http www zyxel com ro ro Russia Zyxel Russia http www zy...

Страница 263: ...raine http www ua zyxel com Latin America Argentina Zyxel Communication Corporation http www zyxel com ec es Brazil Zyxel Communications Brasil Ltda https www zyxel com br pt Ecuador Zyxel Communicati...

Страница 264: ...User s Guide 264 North America USA Zyxel Communications Inc North America Headquarters http www zyxel com us en Oceania Australia Zyxel Communications Corporation http www zyxel com au en Africa South...

Страница 265: ...Reorient or relocate the receiving antenna Increase the separation between the devices Connect the equipment to an outlet other than the receiver s Consult a dealer or an experienced radio TV technici...

Страница 266: ...ices allowed to be connected to a telephone interface The termination of an interface may consist of any combination of devices subject only to the requirement that the sum of the RENs of all the devi...

Страница 267: ...IT CONFORME SELON 21 CFR 1040 10 ET 1040 11 Environment Statement ErP Energy related Products Zyxel products put on the EU market in compliance with the requirement of the European Parliament and the...

Страница 268: ...roperty damage The meaning of these symbols are described below It is important that you read these descriptions thoroughly and fully understand the contents Explanation of the Symbols Viewing Certifi...

Страница 269: ...ement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or...

Страница 270: ...250 reset 251 restoring 251 static route 119 234 Connectivity Check Messages see CCMs contact information 259 copyright 265 CoS 208 CoS technologies 195 customer support 259 D DDoS 139 default server...

Страница 271: ...hange 188 Internet Protocol Security See IPsec Internet Protocol version 6 50 Internet Service Provider see ISP IP address 86 106 ping 241 private 107 WAN 50 IP Address Assignment 82 IP alias NAT appl...

Страница 272: ...negotiation mode 189 Network Address Translation see NAT Network Map 45 NNTP 136 O outside header 188 P passwords 20 21 Per Hop Behavior see PHB 208 PHB 208 Ping of Death 139 Point to Point Tunneling...

Страница 273: ...106 SYN attack 139 syslog protocol 215 severity levels 215 system firmware 247 passwords 20 21 reset 18 status 45 T Tag Control Information See TCI Tag Protocol Identifier See TPID TCI The 50 TPID 83...

Страница 274: ...Index SBG5500 Series User s Guide 274 Wide Area Network see WAN 48 warranty 269 note 269 web configurator 20 login 20 passwords 20 21 wizard setup Internet 27 Z Zone Control 147...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды