Manuale d’uso / di manutenzione del prodotto G.SHDSL.bis 4-port Security Gateway P-793H del fabbricante ZyXEL Communications
Vai alla pagina of 444
www .zyxel.com P-793H G .SHDSL.bis 4-port Security Gateway User ’ s Guide V ersion 3.40 1/2007 Edition 2.
.
About This User's Guide P-793H User’s Guide 3 About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator . Y ou should have at leas t a basic knowledge of TCP/IP networking concepts and topology .
Document Conventions P-793H User’s Guide 4 Document Conventions W arnings and Notes These are how warnings and notes are shown in this User ’ s Guide.
Document Conventions P-793H User’s Guide 5 Icons Used in Figures Figures in this User ’ s Guide may use the followi ng generic icons. The ZyXEL Device icon is not an exact representation of your device.
Safety Warnings P-793H User’s Guide 6 Safety Warnings 1 For your safety , be sure to read and follow all warni ng notices and instructions. • Do NOT use this product near water , for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids.
Safety Warnings P-793H User’s Guide 7 This product is recyclable . Dispose of it properly ..
Safety Warnings P-793H User’s Guide 8.
Contents Overview P-793H User’s Guide 9 Contents Overview Introduction, Wizards and T utorials ..................................................................................... 37 Getting T o K now Y our ZyXEL Device .............. .............
Contents Overview P-793H User’s Guide 10 Firewall Setup ................. ............. ................ ............. ............. ................ ............. ........... ......... . 293 Filter Configuration ......... ............. ............
Table of Contents P-793H User’s Guide 11 Table of Contents About This User's Guide ........................................................................... ............................... 3 Document Conventions...............................
Table of Contents P-793H User’s Guide 12 3.1 Internet Setup Wiza rd ......... ............. ............. ............. ............. ................ ............. ........... ..... 54 3.1.1 Screen 1 ....... ............. ............. ............
Table of Contents P-793H User’s Guide 13 5.5.2 Configuring More Connections Advanced Set up ............. ................ ................ .......... 84 5.6 T raffic Redirect ................... ............. ................ ............. ........
Table of Contents P-793H User’s Guide 14 Part III: Security and Advanced Setup ..................... ........................... 1 15 Chapter 8 Firewalls........................................................... ....................................
Table of Contents P-793H User’s Guide 15 9.7.2 Customized Services .................. ............. ................. ............ ............. ................ ..... 139 9.7.3 Configuring A Customized Service .... ............. ................ ..
Table of Contents P-793H User’s Guide 16 13.2 Application-based Bandwidth Management ..... ............. ................ ................. ............ ..... 181 13.3 Subnet-based Bandwidth M anagement ........... ................. ............ ...
Table of Contents P-793H User’s Guide 17 16.1.1 How do I know if I'm using U PnP? .... ............. ............. ................ ............. ............. . 205 16.1.2 NA T Traversal ... ............. ............ ................. .......
Table of Contents P-793H User’s Guide 18 21.2 SMT Menu Items . .......... ............. ............. ................ ............. ............. ............. ............ ... .. 24 0 21.3 Navigating the SMT Int erface .............. .............
Table of Contents P-793H User’s Guide 19 Chapter 28 NA T Setup ......................... .................................................................................... ......... ........ 279 28.1 Using NA T ............ ............. .........
Table of Contents P-793H User’s Guide 20 33.1 Introduction to System S tatus ........... ................ ................. ............ ................. ............ ..... 31 3 33.2 System S tatus ... ................ ............. ...............
Table of Contents P-793H User’s Guide 21 35.1 Command Interpreter Mode ............. ............. ............. ............. ................ ............. ........... 3 37 35.1.1 Command Syntax ........... ................ ............. .........
Table of Contents P-793H User’s Guide 22 Appendix E IP Addresses and Subnetting ........................................................................... 389 Appendix F IP Address Assignment Co nflicts .............................................
List of Figures P-793H User’s Guide 23 List of Figures Figure 1 High-speed Internet Acce ss with Y our ZyXEL Device .................... ............. ................ ............. 39 Figure 2 Point-to-point Connections with Y our ZyXEL Device ....
List of Figure s P-793H User’s Guide 24 Figure 39 LAN > IP > Advanc ed Setup ........ ............ ................. ............. ............ ............. ................ ....... 98 Figure 40 LAN > DHCP Setup .................. ........
List of Figures P-793H User’s Guide 25 Figure 82 VPN > Setup ............................ ....... ... ................ ............. ............. ............. ............ ....... ........ 162 Figure 83 VPN > Setup > Edit ............... .
List of Figure s P-793H User’s Guide 26 Figure 125 Logs > View Log ........ ................. ............ ................. ............. ................ ............. .... ............. 226 Figure 126 Logs > Log Settings .. ............. ..
List of Figures P-793H User’s Guide 27 Figure 168 Menu 15.1.1: Address Mapping Rules ....... ............. ................ ............. ................ ............. . 28 2 Figure 169 Menu 15.1.1.1: Addres s Mapping Rule ............ ............
List of Figure s P-793H User’s Guide 28 Figure 21 1 Menu 24.5: Bac kup Configuration ....... ............. ................ ................ ................. ............ ... .. 325 Figure 212 FTP Session Example ................... ... .......... .
List of Figures P-793H User’s Guide 29 Figure 254 Windows XP: Internet Pr otocol (TCP/IP) Properties .. ............. ................ ............. .............. 373 Figure 255 Windows XP: Advanced TCP/IP Propert ies ............ ................ .
List of Figure s P-793H User’s Guide 30.
List of Tables P-793H User’s Guide 31 List of Tables T able 1 LEDs ........... ............. ................ ............. ............. ................ ............. ............. ..... ..................... ... 42 T able 2 Web Configurator Screens Summary .
List of Tables P-793H User’s Guide 32 T able 39 Firewall > General ............ ............. ... ................ ............. ............. ............. ............. .. ............... 134 T able 40 Firewall > Rules .................. ...
List of Tables P-793H User’s Guide 33 T able 82 Syst em > Time Setting ........ ............. ................ ............. ................ ............. ................ .......... . 221 T able 83 Logs > View Log . ................ ........
List of Tables P-793H User’s Guide 34 T able 125 General C ommands for GUI-based FTP Clients ........... ................ ................ ................ ..... 326 T able 126 General C ommands for GUI-based TFTP Clients ... ................ ......
List of Tables P-793H User’s Guide 35 T able 168 Syslog Logs ...................... ................ ............. ................ ............. ............. ........... ............... . 423 T able 169 RFC -2408 ISAKMP Payload T ypes ........ ...
List of Tables P-793H User’s Guide 36.
37 P ART I Introduction, W izards and Tu t o r i a l s Getting T o Know Y our ZyXEL Device (39) Introducing the W eb Configurator (43) W izards (53) Point-to-(2)point Configuration (63).
38.
P-793H User’s Guide 39 C HAPTER 1 Getting To Know Your ZyXEL Device This chapter introduces the main features and applications of your ZyXEL De vice.
Chapter 1 Getting To Kn ow Your ZyXEL Device P-793H User’s Guide 40 1.1.2 High-speed Point-to-point Connections Use two ZyXEL Devices to create a cost-effectiv e, high-speed connectio n for high-bandwidth applications suc h as videocon fe rencing and distance learning.
Chapter 1 Getting To Know Your ZyXEL Device P-793H User’s Guide 41 1.2 W ays to Manage the ZyXEL Device Use any of the following method s to manage the ZyXEL Device. • W eb Configurator . This is recommended fo r everyday management of the ZyXEL Device using a (s upported) w eb browser .
Chapter 1 Getting To Kn ow Your ZyXEL Device P-793H User’s Guide 42 The following table describes the LEDs. T able 1 LEDs LED COLOR STATUS DESCRIPTION POWER Green On The ZyXEL Device is receiving power and functioning properly . Blinking The ZyXEL Device is rebooting or performing diagnostics.
P-793H User’s Guide 43 C HAPTER 2 Introducing the Web Configurator This chapter describes how to access and navigate the web configurator . 2.1 W eb Configurator Overview The web configurator is an HTML-based mana gement interface that allows easy ZyXEL Device setup and management via Internet browser .
Chapter 2 Introducing the Web Configur ator P-793H User’s Guide 44 Figure 5 Login Screen 6 If you entered the use r password, the St a t u s screen appears. See Section 2.4 on page 48 . If you entered the admin password, the following screen appe ars.
Chapter 2 Introducing the Web Configurator P-793H User’s Guide 45 7 Select Go to Wizard setup , an d click Apply to display the wizard main screen. Select Go to Advanced setup , and click Apply to display the St a t u s screen.
Chapter 2 Introducing the Web Configur ator P-793H User’s Guide 46 Figure 8 Web Configurator : Main Screen " Click the icon (located in the top right corner of most screens) to view embedded help. Use submenus to config ure ZyXEL Device Click the Logout icon at any time to exit the web configurator .
Chapter 2 Introducing the Web Configurator P-793H User’s Guide 47 LAN IP Use this screen to configure LAN TCP/IP settings and other advanced properties. DHCP Setup Use this screen to configure LAN DHCP settings. Client List Use this screen to view current DHCP client information and to always assign an IP address to a MAC address (and host name).
Chapter 2 Introducing the Web Configur ator P-793H User’s Guide 48 2.4 St atus Screen The following summarizes how to navigate the web configurator from the St a t u s screen. " Some fields or links are not available if you entered the user password in the login password screen (see Figure 5 on p age 44 ).
Chapter 2 Introducing the Web Configurator P-793H User’s Guide 49 Figure 9 S tatus The following table describes the labels shown in the St a t u s screen.
Chapter 2 Introducing the Web Configur ator P-793H User’s Guide 50 2.4.1 St atus: Bandwidth S tatus This is the same screen discussed in Figure 97 on page 190 . VPI/VCI This is the Virtual Path Identifier and Vi rtual Channel Iden tifier that you e ntered in the Wizard or W AN screen .
Chapter 2 Introducing the Web Configurator P-793H User’s Guide 51 2.4.2 St atus: Packet St atistics Click the Packet S tatistics hyperlink in the St a t u s screen. Read-only information here includes port status and packet specific statisti cs. Also provided are "system up time" and "poll interval(s)".
Chapter 2 Introducing the Web Configur ator P-793H User’s Guide 52 2.4.3 St atus: VPN St atus This is the same screen discussed in Figure 86 on page 173 .
P-793H User’s Guide 53 C HAPTER 3 Wizards Use these screens to configure Internet access or to configure basic bandwidth management. " See the advanced menu chapters for ba ckground information on these fields.
Chapter 3 Wizards P-793H User’s Guide 54 3.1 Internet Setup Wizard Use these screens to configure Internet ac cess settings. T o access this wizard, click INTERNET SETUP in the wizard main screen. 3.1.1 Screen 1 This screen lets you enter some of the ISP settings for your Internet connection.
Chapter 3 Wizards P-793H User’s Guide 55 3.1.2 Screen 2 These screens let you enter the rest of the Inte rnet settings , which depend on the encapsu lation your Internet connection u s es (and the mode you selected, for RFC1483). This screen appears if your Internet connection uses Ethernet encapsulation.
Chapter 3 Wizards P-793H User’s Guide 56 Figure 14 Internet Se tup Wizard: ISP Parameters (PPPoE) The following table describes the fields in this screen.
Chapter 3 Wizards P-793H User’s Guide 57 Figure 15 Internet Setup Wizard: IS P Parameters (RFC1483) The following table describes the fields in this screen.
Chapter 3 Wizards P-793H User’s Guide 58 The following table describes the fields in this screen. 3.1.3 Screen 3 This screen appears when you complete the Internet Se tup wizard. Figure 17 Internet Setup Wizard: Summ ary Screen 3 Use the read-only summary table to check wh ether what you h ave configured is correct.
Chapter 3 Wizards P-793H User’s Guide 59 Launch your web brows er and navigate to www .zyxel.com . If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct.
Chapter 3 Wizards P-793H User’s Guide 60 T o access this wizard, open the we b configurator (see Section 2.2 on page 43 ) and click BANDWIDTH MANAGEMENT SETUP in the wizard main screen. 3.2.1 Screen 1 Activate bandwidth management and select to a llocate bandwidth to packets ba sed on the services.
Chapter 3 Wizards P-793H User’s Guide 61 3.2.2 Screen 2 Use the second wizard screen to select the se rvices that you want to apply bandwidth management, and select the p riorities that you want to apply to the services listed. Figure 19 Bandwidt h Management Wizard: Configuration The following table describes the labels in this screen.
Chapter 3 Wizards P-793H User’s Guide 62 3.2.3 Screen 3 Follow the on-screen in structions and click Finish to complete the wizard setup and save your configuration.
P-793H User’s Guide 63 C HAPTER 4 Point-to-(2)point Configuration This chapter introduces point-to -poi nt and point-to-2point connections. 4.1 Point-to-point Connection Overview Y ou can set up point-to-point connection be tween two ZyXEL Devices.
Chapter 4 Point- to-(2)point Configuration P-793H User’s Guide 64 T o establish a point-to-p oint connection, on e of the ZyXEL Devices becomes the server (instead of the ISP). The server controls some of the attributes of the DSL connection, such as the transfer rate and the DSL op erational mode.
Chapter 4 Point-to-(2) point Configuration P-793H User’s Guide 65 3 Set the VPI , VCI , Multiplexing , and Encapsulation to the same values you set in the server . 4 Scroll down to the Service T ype section. See Figure 22 on page 64 abov e. 5 In the Service Mode field, select the same type of connec tion you selected for the server .
Chapter 4 Point- to-(2)point Configuration P-793H User’s Guide 66 In a point-to-2points connectio n, the ZyXEL Device wh ich has a physical connection to both client devices becomes the server . The server controls some of the attributes of the DSL connection, such as the transfer rate and the DSL operational mode.
Chapter 4 Point-to-(2) point Configuration P-793H User’s Guide 67 4.4.2 Set up the Clients 1 Log in to one of th e ZyXEL Devices that will be the client. (See Chapter 2 on page 43 .) 2 Click Network > W AN > Internet Connection . 3 Set the VPI , VCI , Multiplexing , and Encapsulation to the same values you set in the server .
Chapter 4 Point- to-(2)point Configuration P-793H User’s Guide 68.
69 P ART II Network Setup WA N S e t u p ( 7 1 ) LAN Setup (93) Network Address T ranslation (NA T) Screens (103).
70.
P-793H User’s Guide 71 C HAPTER 5 WAN Setup This chapter describes how to configure W AN settings. 5.1 W AN Overview A W AN (W ide Area Network) is an outside conn ection to another network or t he Internet. 5.1.1 Encap sulation Be sure to use the encapsulat ion method required by your ISP .
Chapter 5 WAN Setup P-793H User’s Guide 72 5.1.1.3 PPPoA PPPoA stands for Point to Point Protocol over A TM Adaptation Layer 5 (AAL5). A PPPoA connection functions like a dial -up Internet connection.
Chapter 5 WAN Setup P-793H User’s Guide 73 5.1.4.1 IP Assignment with PPPoA or PPPoE Encap sulation If you have a dynamic IP , the n the IP Address and ENET ENCAP Gateway fields are not applicable (N/A). If you have a static IP , then you only need to fill i n the IP Address field and not the ENET ENCAP Gateway field.
Chapter 5 WAN Setup P-793H User’s Guide 74 For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric of "2" and dial-backup route has a metric of "3", then the normal route acts as the primary default route.
Chapter 5 WAN Setup P-793H User’s Guide 75 5.3.1 A TM T raffic Classes These are the basic A TM traffic classes define d by the A TM Forum T raffic Management 4.0 Specification. 5.3.1.1 Const ant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent.
Chapter 5 WAN Setup P-793H User’s Guide 76 Figure 26 W AN > Internet Connection The following table describes the labels in this screen. T able 15 WAN > Internet Connection LABEL DESCRIPTION General Name Enter the name of your Internet Se rvice Pro vider , for example “MyISP”.
Chapter 5 WAN Setup P-793H User’s Guide 77 Password (PPPoA and PPPoE only ) Enter the p assword associ ated with the user name above. Service Name (PPPoE only) T ype the name of your PPPoE service here. Multiplexing Select the method of multip lexing used by your ISP from the drop-down list.
Chapter 5 WAN Setup P-793H User’s Guide 78 5.4.1 2Wire-2Line Service Mode The Service Mode section of the Internet Connection screen allows you to set up two DSL connections when you select 2wire-2line mode. This allows you to create a point-to-2points configuration.
Chapter 5 WAN Setup P-793H User’s Guide 79 The following table describes the labels in this screen. 5.4.2 Configuring Advance d Internet Connection Use this screen to edit your ZyXEL Device's ad vanc ed settings for more connections. Clic k the Advanced Setup button in the Internet Connection screen.
Chapter 5 WAN Setup P-793H User’s Guide 80 The following table describes the labels in this screen. T able 17 WAN > Internet Connection > Advanced Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other ro uters.
Chapter 5 WAN Setup P-793H User’s Guide 81 5.5 Configuring More Connections This section describes the protocol-independent parameters for a remote network. They are required for placing calls to a remote gate way and the network behind it across a W AN connection.
Chapter 5 WAN Setup P-793H User’s Guide 82 Figure 30 W AN > More Connections > Edit The following table describes the labels in this screen. T able 19 W AN > More Connectio ns > Edit LABEL DESCRIPTION General Active Select the check box to activate or clear the check box to deactivate this connection.
Chapter 5 WAN Setup P-793H User’s Guide 83 Multiplexing Select the method of multip lexing used by your ISP from the drop-down list. Choices ar e VC or LL C . By prior agreement, a protocol is assigned a specifi c virtual circuit, for exampl e, VC1 will carry IP .
Chapter 5 WAN Setup P-793H User’s Guide 84 5.5.2 Configuring More Connections Advanced Setup Use this screen to edit your ZyXEL Devi ce's advanced W AN settings. Click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown.
Chapter 5 WAN Setup P-793H User’s Guide 85 5.6 T raffic Redirect T raffic redirect forwards traf fic to a backup gate way when the ZyXEL Device cannot connect to the Internet.
Chapter 5 WAN Setup P-793H User’s Guide 86 Figure 33 T raffic Redirect LAN Setup 5.7 Dial Backup Interface The Dial Backu p port can be used in reserve, as a traditional dial-up connection should the broadband connectio n to the W AN port fa il.
Chapter 5 WAN Setup P-793H User’s Guide 87 Figure 34 WA N > WAN B a c k up S e t u p The following table describes the labels in this screen. T able 21 W AN > WAN Backup Setup LABEL DESCRIPTION Backup T ype Select the method that the ZyXEL Device uses to check the DSL connection.
Chapter 5 WAN Setup P-793H User’s Guide 88 T imeout T ype the number of seconds (3 recomm ended) for your ZyXEL Device to wait for a ping response from one of the IP addresses in the Check W AN IP Address field before timing out the request.
Chapter 5 WAN Setup P-793H User’s Guide 89 5.8.1 Advanced Backup Setup Use this screen to change your ZyXEL Devi ce’ s advanced dial backup settings.
Chapter 5 WAN Setup P-793H User’s Guide 90 Advanced Modem Setup Click Edit to change the advanced setting s for the modem. TCP/IP Options Metric This field sets this route's priority among the routes the ZyXEL Device uses. The metric represents the "cost of transmissio n".
Chapter 5 WAN Setup P-793H User’s Guide 91 5.8.2 Advanced Modem Setting s for Dial Backup Use this screen to change your Zy XEL Device’ s modem settings for dial back up. Click WA N > W AN Backup Setup > Advanced Setup > Edit . The screen appears as shown.
Chapter 5 WAN Setup P-793H User’s Guide 92 CLID Enter the keyword that precedes the CLID (Calling Line Identification) in the A T response string. This lets the ZyXEL Device capture the CLID in the A T response string that comes from the W AN device.
P-793H User’s Guide 93 C HAPTER 6 LAN Setup This chapter describes how to configure LAN settings. 6.1 LAN Overview A Local Area Network (LAN) is a shared comm unication system to which many computers are attached. A LAN is a computer network lim ited to the immediate area, usually the same building or floor of a building.
Chapter 6 LAN Setup P-793H User’s Guide 94 6.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol , RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server . Y ou can configure the ZyXEL Device as a DHCP server or disable it.
Chapter 6 LAN Setup P-793H User’s Guide 95 • The ISP tells you the DNS server addresses, us ually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the DHCP Setup screen.
Chapter 6 LAN Setup P-793H User’s Guide 96 6.2.1.1 Private IP Addresses Every machine on the Internet must ha ve a unique address. If your ne tworks are isolate d from the Internet, for example, only between your two branch of fices, you can assign any IP addresses to the hosts without problems.
Chapter 6 LAN Setup P-793H User’s Guide 97 6.2.3 Multicast T raditionally , IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of host s on the network - not everybody and not just 1.
Chapter 6 LAN Setup P-793H User’s Guide 98 6.3.1 Configuring Advanced LAN Setup Use this screen to edit your ZyXEL Devi ce's advanced LAN settings. Click the Advanced Setup button in the LAN IP screen. The screen a ppears as shown. Figure 39 LAN > IP > Advanced Setup The following table describes the labels in this screen.
Chapter 6 LAN Setup P-793H User’s Guide 99 6.4 DHCP Setup Use this screen to configure th e DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Figure 40 LAN > DHCP Setup The following table describes the labels in this screen.
Chapter 6 LAN Setup P-793H User’s Guide 100 6.5 LAN Client List This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Med ia Access Control) addre ss.
Chapter 6 LAN Setup P-793H User’s Guide 101 6.6 LAN IP Alias IP alias allows you to partition a physical network into dif fer ent logical networks over the same Ethernet interface. The ZyXEL Device s upports three logical LA N interfaces via its single physical Ethernet interface with th e ZyXEL Device itself as the gateway for each LAN network.
Chapter 6 LAN Setup P-793H User’s Guide 102 Figure 43 LAN > IP Alias The following table describes the labels in this screen. T able 28 LAN > IP Alias LABEL DESCRIPTION IP Alias 1, 2 S elect the check box to confi gure another LAN network for the Z yXEL Device.
P-793H User’s Guide 103 C HAPTER 7 Network Address Translation (NAT) Screens This chapter discusses how to configure NA T on the ZyXEL Device. 7.1 NA T Overview NA T (Network Address T ranslation, R.
Chapter 7 Network Add ress Translat ion (NAT) Screens P-793H User’s Guide 104 7.1.2 What NA T Does In the simplest form, NA T changes the sour ce IP address in a packet received from a subscriber (the inside local address) to anothe r (the inside global address) before forwarding the packet to the W AN side.
Chapter 7 Network Address Translation (NAT ) Screens P-793H User’s Guide 105 Figure 45 NA T Application With IP Alias 7.1.5 NA T Mapp ing T yp es NA T supports five types of IP/port mapping. They are: • One to One : In One-to-One mode, the ZyXEL Devi ce maps one local IP address to one global IP address.
Chapter 7 Network Add ress Translat ion (NAT) Screens P-793H User’s Guide 106 The following table summarizes these types. 7.2 SUA (Single User Account) V ersus NA T SUA (Single User Account) is a ZyNOS implemen tation of a subset of NA T that supports two types of mapping, Many-to-One and Server .
Chapter 7 Network Address Translation (NAT ) Screens P-793H User’s Guide 107 The following table describes the labels in this screen. 7.4 Port Forwarding A port forwarding set is a list of inside (b.
Chapter 7 Network Add ress Translat ion (NAT) Screens P-793H User’s Guide 108 " If you do not assign a Default Server IP address, the Zy XEL Device discards all packet s received for ports that are not specified here or in the remote management setup.
Chapter 7 Network Address Translation (NAT ) Screens P-793H User’s Guide 109 " If you do not assign a Default Server IP address, the Zy XEL Device discards all packet s received for ports that are not specified here or in the remote management setup.
Chapter 7 Network Add ress Translat ion (NAT) Screens P-793H User’s Guide 11 0 7.5.1 Port Forwarding Rule Edit Use this screen to edit a port forwarding rule. Cl ick the rule’ s edit icon in the Port Forwarding screen to display the screen show n next.
Chapter 7 Network Address Translation (NAT ) Screens P-793H User’s Guide 111 7.6 Address Mapping " The Address Mapping screen is available only when you select Full Feature in the NA T > General screen. Ordering your rules is important because the Zy XEL Device applies the rules in the order that you specify .
Chapter 7 Network Add ress Translat ion (NAT) Screens P-793H User’s Guide 11 2 7.6.1 Address Mapping Rule Edit Use this screen to edit an address mapping rule. Click the rule’ s edit icon in the Addr e ss Mapping screen to display the screen shown next.
Chapter 7 Network Address Translation (NAT ) Screens P-793H User’s Guide 11 3 Local End IP This is the end local IP address (ILA). If your rule is for all local IP addresses, then enter 0.0.0.0 as the Local S tart IP address and 255.255.255.255 as the Local End IP address.
Chapter 7 Network Add ress Translat ion (NAT) Screens P-793H User’s Guide 11 4.
11 5 P ART III Security and Advanced Setup Firewalls (1 17) Firewall Configuration (129) Content Filtering (149) IPSec VPN (153) S tatic Route (177) Bandwidth Management (1 81) Dynamic DNS Setup (191).
11 6.
P-793H User’s Guide 11 7 C HAPTER 8 Firewalls This chapter gives some back ground information on firewa lls and introduces the ZyXEL Device firewall. 8.1 Firewall Overview Originally , the term fir ewall referred to a construction techni que designe d to prevent the spread of fire from one room to another .
Chapter 8 Firewalls P-793H User’s Guide 11 8 8.2.2 Applicatio n-level Firewalls Application-level firewalls restrict access by serv ing as proxies for e xternal servers. Since they use programs written for specific Internet servic es, such as HTTP , FTP and telnet, they can evaluate network packets for valid ap plication-sp ecific data.
Chapter 8 Firewalls P-793H User’s Guide 11 9 8.3.1 Denial of Service Att acks Figure 52 ZyXEL Device Firewall Application 8.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks w ith a connection to the Internet.
Chapter 8 Firewalls P-793H User’s Guide 120 4 IP Spoofing. 5 " Ping of Death " and " T eardr op " attacks exploit bugs in th e TCP/IP implementations of various computer and host systems.
Chapter 8 Firewalls P-793H User’s Guide 121 Figure 54 SYN Flood •I n a LAND Attack , hackers flood SYN packets into the network with a spoofed source IP address of the targeted system . This makes it appear as if the host computer sent the packets to itself, making the sy stem unavaila ble while the target system tries to respond to itself.
Chapter 8 Firewalls P-793H User’s Guide 122 8.4.2.1 ICMP V ulnerability ICMP is an error -reporting protocol that works in concert with IP . The following ICMP types trigger an alert: 8.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal.
Chapter 8 Firewalls P-793H User’s Guide 123 are allowed in. The ZyXEL Device uses stateful packet inspection to protect the private LAN from hackers and vandals on the Internet.
Chapter 8 Firewalls P-793H User’s Guide 124 6 Later , an inbound packet reac hes the interface . This packet is part of the connection previously established with the outbound packet. The inbound packet is ev aluated against the inbound access list, and is permitted because of the temporary access list entry previously crea ted.
Chapter 8 Firewalls P-793H User’s Guide 125 If an initiation packet originates on the LAN, this means that someone is trying to make a connection from the LAN to the In ternet. Assuming that this is an acceptable part of the security policy (as is the case w ith the default policy), the connection will be allowed.
Chapter 8 Firewalls P-793H User’s Guide 126 8.6 Guidelines for Enhancing Security with Y our Firewall • Change the default pa ssword. • Limit who can telnet into your router . • Don't enable any local service (such as SN MP or NTP) that you don't use.
Chapter 8 Firewalls P-793H User’s Guide 127 • Always shred confidential inform ation, particularly about your computer , before throwing it away . Some hackers dig through the trash of companies or indivi duals for information that might help them in an attack.
Chapter 8 Firewalls P-793H User’s Guide 128 • T o selectively bloc k/allow inbound or outbou nd traffic between inside host/networks and outside host/networks. Remember that filters can not distinguish traf fic originating from an inside host or an ou tside host by IP address.
P-793H User’s Guide 129 C HAPTER 9 Firewall Configuration This chapter shows you how to enable and configure t he ZyXEL Device firewall. 9.1 Access Methods The web configurator is, by far , the most co mprehensive firewall configuration tool your ZyXEL Device has to offer .
Chapter 9 Firewall Configuration P-793H User’s Guide 130 " If you configure firewall rules without a good underst anding of how they work, you might inadvertently introduce securi ty risks to the fire wall and to the protected network. Make su re you test your rules after you configure them.
Chapter 9 Firewall Configuration P-793H User’s Guide 131 3 Is it possible to modify the rule to be more specific? For ex ample, if IRC is blocked for all users, will a rule that blocks just certain .
Chapter 9 Firewall Configuration P-793H User’s Guide 132 9.4.1 LAN to W AN Rules The default rule for LAN to W AN traffic is that all users on the LAN are allowed non- restricted access to the W AN. When you config ure a LAN to W AN rule, you in essenc e want to limit some or all users from accessing cer tain services on the W AN.
Chapter 9 Firewall Configuration P-793H User’s Guide 133 Figure 58 “T ria ngle Route” Prob lem 9.5.2 Solving the “T ri angle Route” Problem Y ou can have the ZyXEL Device allow triangle route sessions.
Chapter 9 Firewall Configuration P-793H User’s Guide 134 Figure 60 Firewall > Gene ral The following table describes the labels in this screen. T able 39 Firewall > General LABEL DESCRIPTION Active Firewall S elect th is check box to activate the firewa ll.
Chapter 9 Firewall Configuration P-793H User’s Guide 135 9.7 Firewall Rules Summary " The ordering of your rules is very important as rules are applied in turn. Refer to Section 8.1 on page 1 17 for more information. Click Security > Firewall > Rules to bring up the following scre en.
Chapter 9 Firewall Configuration P-793H User’s Guide 136 9.7.1 Configuring Firewa ll Rules Refer to Section 8.1 on page 1 17 for more information. Use this screen to create or edit a firewall rule.
Chapter 9 Firewall Configuration P-793H User’s Guide 137 Figure 62 Firewall > Rules > Add/Edit The following table describes the labels in this screen. T able 41 Firewall > Rules > Add/Edit LABEL DESCRIPTION Edit Rule # Activ e Select this option to enable th is firewall rule.
Chapter 9 Firewall Configuration P-793H User’s Guide 138 Source/Destination Address Address T ype Do you want your rule to apply to packets with a p articu lar (single) IP , a range of IP addresses (for example 192.
Chapter 9 Firewall Configuration P-793H User’s Guide 139 9.7.2 Customized Services Configure customized services and port number s not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) web site.
Chapter 9 Firewall Configuration P-793H User’s Guide 140 Figure 64 Firewall > Rules > Add/Edit > Ed it Customized Services > Edit The following table describes the labels in this screen. 9.8 Example Firewall Rule The following Internet firewa ll rule example allows a hypot hetical “MyService” connection from the Internet.
Chapter 9 Firewall Configuration P-793H User’s Guide 141 Figure 65 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule b ecomes number 7 and the previous rule 7 (if there is one) becomes rule 8.
Chapter 9 Firewall Configuration P-793H User’s Guide 142 Figure 67 Firewall Example: Edit Ru le: Des tination Addres s 9 Use the Add >> and Remove buttons between A vailable Services and Selected Services list boxes to configure it as follows.
Chapter 9 Firewall Configuration P-793H User’s Guide 143 Figure 68 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the W AN to IP addresses 10.
Chapter 9 Firewall Configuration P-793H User’s Guide 144 Figure 69 Firewall Example: Rules: MyService 9.9 Anti-Probing If an outside user attempts to probe an unsupp orted port on your ZyXEL Device , an ICMP response packet is automatically returned.
Chapter 9 Firewall Configuration P-793H User’s Guide 145 The following table describes the labels in this screen. 9.10 DoS Thresholds For DoS attacks, the ZyXEL Device uses threshol ds to determine when to drop sessions that do not become fully established.
Chapter 9 Firewall Configuration P-793H User’s Guide 146 9.10.2 Half-Open Sessions An unusually high number of half-open sessions (either an absolute number or measured as the arrival rate) could indicate that a Denial of Service a ttack is occurring.
Chapter 9 Firewall Configuration P-793H User’s Guide 147 Figure 71 Firewall > Thre shold The following table describes the labels in this screen. T able 45 Firewall > Threshold LABEL DESCRIPTI.
Chapter 9 Firewall Configuration P-793H User’s Guide 148 Action taken when TCP Maximum Incomplete reached threshold Delete the Oldest Half Open Session when New Connection Request Comes. Select this to clear the oldest half-open sessi on when a new connectio n request comes .
P-793H User’s Guide 149 C HAPTER 10 Content Filtering This chapter covers how to configure content filtering. 10.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs.
Chapter 10 Content Filtering P-793H User’s Guide 150 The following table describes the labels in this screen. 10.3 Configuring the Schedule Use this screen to set the days and times for the ZyXEL Device to pe rform content filtering. Click Security > Content Filter > Schedule .
Chapter 10 Con tent Filter ing P-793H User’s Guide 151 The following table describes the labels in this screen. 10.4 Configuring T rusted Computers Use this screen to exclude a range of users on the LAN from content f iltering on your ZyXEL Device. Click Security > Content Filter > Tr u s t e d .
Chapter 10 Content Filtering P-793H User’s Guide 152.
P-793H User’s Guide 153 C HAPTER 11 IPSec VPN This chapter explains how to set up and maintain IPSec VPNs in the ZyXEL Device. 1 1.1 IPSec VPN Overview A virtual private network (VPN) provides secu re communications between sites without the expense of leased site-to-site lines.
Chapter 11 IPSec VPN P-793H User’s Guide 154 Figure 76 VPN: IKE SA and IPSec SA In this example, a computer in network A is exchanging data with a computer in network B . Inside networks A and B , the data is transmitte d the same way data is normally transmitted in the networks.
Chapter 11 IPSec VPN P-793H User’s Guide 155 1 1.1.1.2 IKE SA Proposal The IKE SA proposal is used to identify the encryption algorithm, au thentication algorithm, and Diffie-Hellman (DH) key group that the ZyXEL Device a nd remote IPSec router use in the IKE SA.
Chapter 11 IPSec VPN P-793H User’s Guide 156 1 1.1.1.4 Authentication Before the ZyXEL Device and remote IPSec router establish an IKE SA, they have to verify each other ’ s identity . This process is based on pre-shared keys and router identities.
Chapter 11 IPSec VPN P-793H User’s Guide 157 In the following example, the authentication fails, so they cannot establish an IKE SA. It is also possible to config ure the ZyXEL Device to ignore the identity of the remote IPSec router . In this case, you usually set the pee r ID type to Any .
Chapter 11 IPSec VPN P-793H User’s Guide 158 Aggressive mode does not provid e as much security as main mo de because the identity of the ZyXEL Device and the identity of the remote IPSec router ar e not encrypted.
Chapter 11 IPSec VPN P-793H User’s Guide 159 " An IPSec SA stays connecte d even if the underlying IKE SA is not available anymore. This section introduces the key components of IPSec SA.
Chapter 11 IPSec VPN P-793H User’s Guide 160 • Inside header: The inside IP header contains the IP address of the computers behind the ZyXEL Device or remote IPSec router . In transport mode, the IP header is the origin al IP header , and the encapsulation depends on the active prot ocol.
Chapter 11 IPSec VPN P-793H User’s Guide 161 In IPSec SAs using manual keys, the ZyXEL Devi ce and remote IPSec router do not establish an IKE SA. They only establish an IPSec SA. As a result, an IPSec SA using manual keys has some characteristics of IKE SAs and some charac teristics of IPSec SAs.
Chapter 11 IPSec VPN P-793H User’s Guide 162 Figure 82 VPN > Setup The following table describes the fields in this screen. T able 51 VPN > Setup LABEL DESCRIPTION No. This is the VPN policy index number . Click a number to edit VPN policies. Activ e This field displays whether the VPN policy is acti ve or not.
Chapter 11 IPSec VPN P-793H User’s Guide 163 1 1.3 Editing VPN Policies See Section 1 1.1 on page 153 for backgrou nd info rmation. Us e this screen to edit VPN policies. Click an Edit icon in the VPN Setup Screen . Figure 83 VPN > Setup > Edit Modify Click the Ed it icon to go to the screen whe re you can edit the VPN configuration.
Chapter 11 IPSec VPN P-793H User’s Guide 164 The following table describes the fields in this screen. T able 52 VPN > Setup > Edit LABEL DESCRIPTION IPSec Setup Activ e Select this check box to activate this VPN policy . This opti on determines whether a VPN rule is applied before a packet leaves the firewall.
Chapter 11 IPSec VPN P-793H User’s Guide 165 End / Subnet Mask When the Local Address T ype field is configured to Single , this field is N/A. When the Local Address T ype field is configured to Range , enter the end (static) IP address, in a range of computers on the LAN behind your ZyXEL Device.
Chapter 11 IPSec VPN P-793H User’s Guide 166 My IP Addr ess Enter the W AN IP address of your ZyXEL Device. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this fi eld is configured as 0.0.0.0 : The ZyXEL Device uses the current ZyXE L Device WAN IP addres s (static or dynamic) to set up the VPN tunnel.
Chapter 11 IPSec VPN P-793H User’s Guide 167 1 1.4 Configuring Advanced IKE Settings See Section 1 1.1 on page 153 for backgrou nd info rmation. Us e this screen to configure advanced settings for the VPN tunnel. Click Advanced in the Editing VPN Polic ies screen to open this screen.
Chapter 11 IPSec VPN P-793H User’s Guide 168 The following table describes the fields in this screen. T able 53 VPN > Setup > Edit > Advanced LABEL DESCRIPTION VPN - IKE - Advanced Setup Protoc ol Ente r the IP protocol number whose traffic is allowed to use the VPN tunnel.
Chapter 11 IPSec VPN P-793H User’s Guide 169 1 1.5 Configuring Manual Key Y ou only configure VPN Man ual Key when you select Manual in the IPSec Key Mode field on the VPN IKE screen. This is the VPN Manual Key screen as shown next. Key Group Y ou must choose a DH key group for the IKE SA.
Chapter 11 IPSec VPN P-793H User’s Guide 170 Figure 85 VPN > Setup > Edit > Manual The following table describes the fields in this screen. T able 54 VPN > Setup > Edit > Manual LABEL DESCRIPTION IPSec Setup Activ e Select this check box to activate this VPN policy .
Chapter 11 IPSec VPN P-793H User’s Guide 171 Local Local IP addresses must b e static and corresp ond to the remote IPSec router's configured remote IP addresses. T wo active SAs cannot have the local and remote IP address(es) both the same. T wo active SAs can have the same lo cal or remote IP ad dress, but not both.
Chapter 11 IPSec VPN P-793H User’s Guide 172 1 1.6 V iewing SA Monitor Click Security , VPN and Monitor to open the SA Monito r screen as shown. Use this scree n to display and ma nage active VPN conn ections. When there is outbound traffic but no inbound tr affic, the SA times out automatically after two minutes.
Chapter 11 IPSec VPN P-793H User’s Guide 173 Figure 86 VPN > Monitor The following table describes the fields in this screen. 1 1.7 Configuring Global Setting Use this screen to change your Zy XEL Device’ s global settings. Click VPN and then VPN Global Setting .
Chapter 11 IPSec VPN P-793H User’s Guide 174 The following table describes the fields in this screen. 1 1.8 T elecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single ZyXEL D e vice at head quarters.
Chapter 11 IPSec VPN P-793H User’s Guide 175 1 1.8.2 T elecommuters Usin g Unique VPN Rules Example In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain names that are mapped to their dynamic W AN IP addresses (use Dynamic DNS to do this).
Chapter 11 IPSec VPN P-793H User’s Guide 176 1 1.9 VPN and Remote Management If a VPN tunnel uses T elnet, FTP , WWW , then you should configure remote management ( Remote Management ) to allow access for that service.
P-793H User’s Guide 177 C HAPTER 12 Static Route This chapter shows you how to configure static routes for your ZyXEL Device. 12.1 S tatic Route Each remote node specifies only the network to which the gateway is di rectly connected, and the ZyXEL Device has no know ledge of the ne tworks beyond.
Chapter 12 Static Rou te P-793H User’s Guide 178 Figure 91 S tatic Route > S tatic Route The following table describes the labels in this screen. 12.2.1 S tatic Route Edit Select a static route index numb er and click Edit . The screen shown next appears.
Chapter 12 Static Route P-793H User’s Guide 179 Figure 92 S tatic Route > S tatic Route > Edit The following table describes the labels in this screen. T able 60 Static Route > Static Route > Edit LABEL DESCRIPTION Activ e This field allows you to activa te/deactivate this static route.
Chapter 12 Static Rou te P-793H User’s Guide 180.
P-793H User’s Guide 181 C HAPTER 13 Bandwidth Management This chapter contains information about configuri ng bandwidth management, editing rules and viewing the ZyXEL Device’ s bandwidth managem ent logs.
Chapter 13 Bandwid th Manageme nt P-793H User’s Guide 182 Figure 93 Subnet-based Bandwid th Management Example 13.4 Application and Subnet-based Bandwid th Management Y ou could also create bandwidth clas ses based on a combination of a subnet and an application.
Chapter 13 Bandwidth Management P-793H User’s Guide 183 13.5.2 Fairness-based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one ba ndwidth class from using all of the interface’ s bandwidth.
Chapter 13 Bandwid th Manageme nt P-793H User’s Guide 184 The ZyXEL Device divides up the unb udgeted 2048 kbps among the class es that require more bandwidth. If the administratio n department only uses 1024 kbps of the budg eted 2048 kbps, the ZyXEL Device also divides the remaining 10 24 kbps among the classes that re quire more bandwidth.
Chapter 13 Bandwidth Management P-793H User’s Guide 185 13.6.3 Over Allotment of Bandw id th Y ou can set the bandwidth management speed fo r an interface higher than the interface’ s actual transmission speed.
Chapter 13 Bandwid th Manageme nt P-793H User’s Guide 186 Figure 94 Bandwid th MGMT > Summary The following table describes the labels in this screen. T able 67 Bandwidth MGMT > Summary LABEL DESCRIPTION Interface These read-only l abels represent the physica l interfaces.
Chapter 13 Bandwidth Management P-793H User’s Guide 187 13.8 Bandwid th Management Rule Setup See Section 13.1 on page 181 for background information. Y ou must use the Band width Management Summary screen to enable bandwidth ma nagement on an interface before you can configure rules for that interface.
Chapter 13 Bandwid th Manageme nt P-793H User’s Guide 188 13.8.1 Rule Configuration See Section 13.1 on page 181 for background information. Use this screen to configure a bandwidth management rule. Use bandwidth ru le s to allocate spec ific amounts of bandwidth capacity (bandwidth budgets) to specific appli cations and/or subnets.
Chapter 13 Bandwidth Management P-793H User’s Guide 189 13.9 Bandwid th Monitor See Section 13 .1 on page 181 for background information. Us e this screen to view the ZyXEL Device’ s bandwidth usage and allotments. Click Advanced > Bandwidth MGMT > Monitor .
Chapter 13 Bandwid th Manageme nt P-793H User’s Guide 190 Select an interface from the drop-down li st box to view the bandwidth usage of its bandwidth rules.
P-793H User’s Guide 191 C HAPTER 14 Dynamic DNS Setup This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 14.1 Dynamic DNS Overview Dynamic DNS allows you to update your curre nt dynamic IP address with one or many dynamic DNS services so that anyone can c ont act you (in NetMeeting, CU-SeeMe, etc.
Chapter 14 Dy namic DNS Se tup P-793H User’s Guide 192 Figure 98 Dynamic DNS > Dynamic DNS The following table describes th e fields in this screen. T able 70 Dynamic DNS > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic DNS Select this check box to use dy namic DNS.
Chapter 14 Dynamic DNS Setup P-793H User’s Guide 193 Use specified IP Address T ype the IP address of the host name(s). Use this if you have a static IP add ress. Apply Click Apply to save your change s back to the ZyXEL Device. Cancel Click Cancel to b egin configuring this screen afre sh.
Chapter 14 Dy namic DNS Se tup P-793H User’s Guide 194.
P-793H User’s Guide 195 C HAPTER 15 Remote Management Configuration This chapter provides information on config uring remote management. 15.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which ZyXEL Device interface (if any) from which computers.
Chapter 15 Remote Management Configuration P-793H User’s Guide 196 15.1.1 Remote Management Limit ations Remote management over LAN or W AN will not work when: • Y ou have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match th e client IP address.
Chapter 15 Remote Ma nagement Configuration P-793H User’s Guide 197 15.3 T elnet Y ou can configure your ZyXEL Device for remote T elnet access as show n next. The administrator uses T elnet from a computer on a remote netw ork to access the ZyXEL Device.
Chapter 15 Remote Management Configuration P-793H User’s Guide 198 The following table describes the labels in this screen. 15.5 Configuring FTP Y ou can upload and download the ZyXEL Devi ce’ s firmw are and configuration files using FTP , please see the chapter on firmware and configuration file maintenance for details.
Chapter 15 Remote Ma nagement Configuration P-793H User’s Guide 199 15.6 SNMP Simple Network Management Protocol (SNM P) i s a protocol used for ex changing management information b e tween network devices. SNMP is a member of the TCP/IP protocol suite.
Chapter 15 Remote Management Configuration P-793H User’s Guide 200 The managed devices cont ain object variables/ managed objects that define each piece of information to be collected ab out a device. Examples of variab les include such as number of packets received, node port status etc.
Chapter 15 Remote Ma nagement Configuration P-793H User’s Guide 201 15.6.3 Configuring SNMP See Section 15.1 on page 195 for background information. Us e this screen to change your ZyXEL Device’ s SNMP settings. Click Advanced > Remote MGMT > SNMP .
Chapter 15 Remote Management Configuration P-793H User’s Guide 202 15.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to the chapter on LAN for background information. See Section 15.
Chapter 15 Remote Ma nagement Configuration P-793H User’s Guide 203 Figure 106 Remote MGMT > ICMP The following table describes the labels in this screen. 15.9 TR-069 TR-069 is a standa rd that defines how your ZyXEL Device can be managed via a mana gement server such as ZyXEL ’ s V antage CNM Access.
Chapter 15 Remote Management Configuration P-793H User’s Guide 204 " In this example a.b.c.d is the IP address of CN M Access. Y ou must change this value to reflect y our actual managem ent server IP address or domain name. See T able 79 on p age 204 for detailed descriptions of the comman ds.
P-793H User’s Guide 205 C HAPTER 16 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configura tor . 16.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectiv ity between devices.
Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 206 When a UPnP device joins a network, it announ ces its presence with a multicast mess age. For security reasons, the ZyXEL Device allows multicast messages on the LAN only . All UPnP-enabled devices may communicate freely with eac h other without additional configuration.
Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 207 16.3 Inst alling UPnP in Windows Example This section shows ho w to install UPnP in W indows Me and W indows XP . Inst alling UPnP in Windows Me Follow the steps below to inst all the UPnP in W indows Me.
Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 208 Figure 1 10 Add/Remove Programs: Windows Setup: Co mmunication: Components 4 Click OK to go back to the Add/Re move Programs Pr oper ties window and click Next . 5 Restart the computer when prompted.
Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 209 Figure 1 12 Windows Optional Networ king Components Wizard 5 In the Networking Services window , select the Universal Plug and Play check box. Figure 1 13 Networking Services 6 Click OK to go back to the W indows Optional Networking Component W izard window and click Next .
Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 210 16.4 Using UPnP in Windows XP Example This section shows yo u how to use the UPnP feature in W indows XP . Y ou must already have UPnP installed in W indows XP and UP nP activated on the ZyXEL Device.
Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 21 1 Figure 1 15 Internet Connection Properties 4 Y ou may edit or delete the port mappings o r click Add to manually add port mappings.
Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 212 Figure 1 17 Internet Connection Properties: Adva nced Settings: Add 5 When the UP nP-enabled device is disconne cted from your computer , all port mappings will be deleted automatically .
Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 213 Figure 1 19 Internet Connection S tatus Web Configurator Eas y Access W ith UPnP , you can access the web-ba sed configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first.
Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 214 Figure 120 Network Connections 4 An icon with the description for e ach UPnP-enabled device disp lays under Local Network . 5 Right-click on the icon for y our ZyXEL Device an d select Invoke .
Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 215 Figure 121 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Pr operties . A properties window displays with basic info rmation about the ZyXEL Device.
Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 216.
217 P ART IV Maintenance System (219) Logs (225) T ools (229) Diagnostic (235).
218.
P-793H User’s Guide 219 C HAPTER 17 System This chapter explains how to configure the ZyXEL Device’ s system name, domain name, password, and time and date settings. 17.1 General Setup 17.1.1 General Setup and System Name General Setup contains administrative and system-related information.
Chapter 17 System P-793H User’s Guide 220 Figure 123 System > Gen eral The following table describes the labels in this screen. T able 81 System > General LABEL DESCRIPTION System Setup System Name Choose a descrip tive name for identificatio n purposes.
Chapter 17 System P-793H User’s Guide 221 17.2 T ime Setting T o change your ZyX EL Device’ s time and date, click Maintenance > System > Time Setting . The screen appears as shown. Use this screen to configure the ZyXEL Device’ s time based on your local time zone.
Chapter 17 System P-793H User’s Guide 222 T ime and Date Setup Manual Select this radio button to enter the time and da te manually . If you configure a new time and date, T ime Zone and Daylight Saving at the sa me time, the new time and date you entered has priority and the Time Zone and Daylight Saving settings do not affect it.
Chapter 17 System P-793H User’s Guide 223 End Date Configure the day and time when Dayli ght Saving Time ends i f you selected Enable Daylight Saving . The o' clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving T i me ends in the United S tates on the last Sunday of October .
Chapter 17 System P-793H User’s Guide 224.
P-793H User’s Guide 225 C HAPTER 18 Logs This chapter contains inform ation about configuring genera l log settings and viewing the ZyXEL Device’ s logs.
Chapter 18 Logs P-793H User’s Guide 226 Figure 125 Logs > V iew Log The following table describes th e fields in this screen. 18.3 Configuring Log Settings See Section 18.
Chapter 18 Lo gs P-793H User’s Guide 227 Figure 126 Logs > Log Settings The following table describes the fields in this screen. T able 84 Logs > Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail se rver for the e-mai l addresses specified below .
Chapter 18 Logs P-793H User’s Guide 228 Log Schedule This drop-down menu is used to config ure the frequency of log messages being sent as E-mail: Daily Weekly Hourly When Log is Full None. If you select Wee kl y or Daily , specify a time of day when the E-mail should be sent.
P-793H User’s Guide 229 C HAPTER 19 Tools This chapter covers uploadin g new firmware, managing config uration and restarting your ZyXEL Device. 19.1 Firmware Upgrade Find firmware at www .zyxel.com in a file that (usually) uses the system model name with a .
Chapter 19 Tools P-793H User’s Guide 230 1 Do NOT turn off the ZyXEL Device wh ile firmware uplo ad is in progress! After you see the Firmware Upload in Pr ogress screen, wait two minutes before logging into the ZyXEL Device again.
Chapter 19 Tools P-793H User’s Guide 231 Figure 130 Error Message 19.2 Configuration Use this screen to back up or restore the conf ig uration of the ZyXEL Devic e. Y ou ca n also use this screen to reset the ZyXEL Device to the factory default settings.
Chapter 19 Tools P-793H User’s Guide 232 1 Do not turn off the device while conf iguration file upl oad is in progress. When the ZyXEL Device has finished restoring the selected configuration file, the fol lowing screen appears. Figure 132 Configuration Upload Successfu l The device now automatically restarts.
Chapter 19 Tools P-793H User’s Guide 233 Figure 134 Configuration Upload Err or Click Return to go back to the previous screen. 19.3 Rest art System restart allows you t o reboot the Zy XEL Device without tu rning the power of f. Click Mainte nance > T o ols > Restart .
Chapter 19 Tools P-793H User’s Guide 234.
P-793H User’s Guide 235 C HAPTER 20 Diagnostic These read-only screens display information to help you identify problems with the ZyXEL Device. 20.1 General Diagnostic Use this screen to ping a comp uter on the network. Click Maintenance > Diagnostic to open the screen shown next.
Chapter 20 Diagnostic P-793H User’s Guide 236 Figure 137 Diagnostic > DSL Line The following table describes the fields in this screen. T able 88 Diagnostic > DSL Line LABEL DESCRIPTION AT M S t a t u s Cli ck this button to vie w A TM status.
237 P ART V SMT and T roubleshooting Introducing the SMT (239) General Setup (245) WA N S e t u p ( 2 4 9 ) LAN Setup (257) Internet Access Se tup (263) Remote Node Setup (265) Stat ic Route Setup (27.
238.
P-793H User’s Guide 239 C HAPTER 21 Introducing the SMT The System Management T erminal (SMT) provides a text-based, menu-driven console to manage the ZyXEL Device. This chapter describ es how to access the SMT and then provides an overview of its menus.
Chapter 21 Introd ucing the SMT P-793H User’s Guide 240 Figure 139 SMT Main Menu " There is an inactivity ti meout, and the de fault value is ten mi nutes. If there is no activity for longer than this, your ZyXEL Device will automatically log you out.
Chapter 21 Introdu cing the SMT P-793H User’s Guide 241 The following table gi ves you an overview of the various SMT menus. 15 NA T Setup Use this menu to configure Network Address Translation (NA T) on the ZyXEL Device. 21 Filter and Firewall Setup Use this menu to configure filters and to activa te or deactivate the firewall.
Chapter 21 Introd ucing the SMT P-793H User’s Guide 242 21.3 Navigating the SMT Interface Y ou should be familiar with the following operations before you try to use the SMT to modify the configuration. 23 System Password 24 System Maintenance 24.1 System Maintenance - St a t u s 24.
Chapter 21 Introdu cing the SMT P-793H User’s Guide 243 Move the cursor [ENTER] or [UP]/ [DOWN] arrow keys. Within a menu, press [ENTER] to move to the next field. Y ou can also use the [UP]/[DOWN] arrow ke ys to move to the previous and the nex t field, respectively .
Chapter 21 Introd ucing the SMT P-793H User’s Guide 244.
P-793H User’s Guide 245 C HAPTER 22 General Setup Use this menu to set up device mode, d ynamic DNS and administrative information. 22.1 Configuring General Setup 1 Enter 1 in the main menu to open Menu 1 - General Setup . 2 The Menu 1 - General Setup screen appears, as shown next .
Chapter 22 Gener al Setup P-793H User’s Guide 246 22.1.1 Configuring Dynamic DNS T o configure Dynamic DNS, set the ZyXEL Devi ce to router mode in menu 1 or in the MAINTENANCE Device Mode screen and go to Menu 1 - General Setup and pres s [SP ACE BAR] to select Ye s in the Edit Dynamic DNS field.
Chapter 22 General Setup P-793H User’s Guide 247 Follow the instructions in the next tabl e to configure Dynamic DNS parameters. T able 93 Menu 1.1: Configure Dynamic DNS FIELD DESCRIPTION Service Provider This is the na me of your Dynamic DNS service provider .
Chapter 22 Gener al Setup P-793H User’s Guide 248.
P-793H User’s Guide 249 C HAPTER 23 WAN Setup Use this menu to configure the DSL conn ection, traffic redire ct , and dial-backup interface. 23.1 W AN Setup From the main menu, enter 2 to open menu 2. Figure 142 Menu 2: W AN Setup The following table describes the fields in this screen.
Chapter 23 WAN Setup P-793H User’s Guide 250 T ransfer Max Rate(Kbps) This field is e nabled if Se rvice T ype is Server . Press [SP ACE BAR] to set the maximum rate at which the ZyXEL Device sends and receives information . If you enable Rate Adaption , the ZyXEL Device adjusts to the speed of the other device and may exceed this rate.
Chapter 23 WAN Setup P-793H User’s Guide 251 23.1.1 2wire-2line Service Mode From the main menu, enter 2 to open menu 2, then s elect 2wire-2line in the Servic e Mode field to see the screen as shown below . Figure 143 Menu 2: 2wire- 2line Service M ode The following table describes the fields in this screen.
Chapter 23 WAN Setup P-793H User’s Guide 252 23.2 Configuring T raffic Redirect From the main menu, in menu 2, select Ye s in T raffic Redirect , a nd then press [ENTER]. Figure 144 Menu 2.1: T raffic Redir ect Setup Check Mechani sm Select the method that the ZyXEL Devi ce uses to check the DSL connection.
Chapter 23 WAN Setup P-793H User’s Guide 253 The following table describes the fields in this menu. 23.3 Dial Backup Interface In the SMT , to set up the auxilia ry port for use, first make sure you have set up the switch and port connection. Then, use the following menus.
Chapter 23 WAN Setup P-793H User’s Guide 254 The following table describes the fields in this menu. 23.5 Advanced Dial Backup Setup " Consult the manual of th e device connected to y our Dial Backup port for specific A T commands.
Chapter 23 WAN Setup P-793H User’s Guide 255 The following table describes fields in this menu. T able 98 Menu 2.2.1: Advanced Dial Backup Setup FIELD DESCRIPTION A T Command St r i n g s : Dial Enter the A T Command string to make a call. Drop Enter the A T Command string to drop a call.
Chapter 23 WAN Setup P-793H User’s Guide 256.
P-793H User’s Guide 257 C HAPTER 24 LAN Setup Use this to apply LAN filters, configure LAN DHCP and TCP/IP settings, and to activate or deactivate VLAN on each LAN port. 24.1 Accessing the LAN Menus From the main menu, enter 3 to open Menu 3 - LAN Setup .
Chapter 24 LAN Set up P-793H User’s Guide 258 24.3 TCP/IP and DHCP Setup Menu From the main menu, enter 3 to open Menu 3 - LAN Setup to configure TCP/IP (RFC 1 155) and DHCP setup. From menu 3, select the submenu option TCP/IP and DHCP Setup and press [ ENTER ].
Chapter 24 LAN Setup P-793H User’s Guide 259 24.4 LAN IP Alias Use menu 3.2 to configure the first ne twork, and you use me nu 3.2.1 to configure the oth er two networks. Move the cursor to the Edit IP Alias field, press [SP ACE BAR] to choose Ye s and press [ENTER] to configure the second and third network.
Chapter 24 LAN Set up P-793H User’s Guide 260 Figure 150 Menu 3.2.1: IP Alias Setup Use the instructions in the following ta ble to configure IP alias parameters. 24.4.1 Port-based VLAN Setup Y ou use menu 3.6 to con trol whether or not the ZyXEL Device sends layer -2 traffic (M AC addresses) between LAN ports.
Chapter 24 LAN Setup P-793H User’s Guide 261 Figure 151 Menu 3.6: Port Ba sed VLAN Setup Press [SP AC E BAR] to select Y es or No to allow or block layer-2 traf fic between each pair of ports.
Chapter 24 LAN Set up P-793H User’s Guide 262.
P-793H User’s Guide 263 C HAPTER 25 Internet Access Setup Use this menu to configure your I nternet co nnection. Use information from your ISP along with the instructions in this chapter to set up your ZyXEL Device to access the Internet. Contact your ISP to determine what encapsulation type you sh ould use.
Chapter 25 Internet Access Setup P-793H User’s Guide 264 VCI The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of A TM traffic). Enter the VCI assigned to you. A TM QoS T ype Select CBR (Constant Bit Rate) to specify fixed (always-on) bandw idth for voice or data traf fic.
P-793H User’s Guide 265 C HAPTER 26 Remote Node Setup Use this menu to configure detailed remote node settings (for ex ample, your ISP is a remote node) as well as apply filters. 26.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gatewa y .
Chapter 26 Remot e Node Setup P-793H User’s Guide 266 Figure 154 Menu 1 1.1: Remote Node Profile (nodes 1-7) The following table describes the labels in this menu.
Chapter 26 Remote Node Setup P-793H User’s Guide 267 The following ex plains how to configure remote node 8 fo r the dial backup connection. Bridge If Route is IP , select Y es in this field to en able bridging to this remote node fo r protocols that are not supported by IP -ba sed routing (for example, SNA).
Chapter 26 Remot e Node Setup P-793H User’s Guide 268 Figure 155 Menu 1 1.1: Remote Node Profile (node 8) The following table describes the labels in this menu.
Chapter 26 Remote Node Setup P-793H User’s Guide 269 26.4 Remote Node Network Layer Options Move the cursor to the Edit IP/Bridge field in menu 1 1.1, then press [SP ACE BAR] to select Ye s . Press [ENTER] to open Menu 1 1.3 - Remote Node Network Layer Options .
Chapter 26 Remot e Node Setup P-793H User’s Guide 270 The following table describes the fields in this menu. T able 104 Menu 1 1.3: Remote Node Network Layer Options FIELD DESCRIPTION IP Address Assignment Select Dynamic if your ISP did not give you a fixed (static) IP address.
Chapter 26 Remote Node Setup P-793H User’s Guide 271 26.5 Remote Node Filter Move the cu rsor to the field Edit Filter Sets in menu 1 1 .1, and then press [SP ACE BAR] to set the value to Ye s . Press [ENTER] to open Menu 1 1.1.5 - Remote Node Filter .
Chapter 26 Remot e Node Setup P-793H User’s Guide 272 Figure 157 Menu 1 1.5: Remote Node Filter The following table describes the labels in this menu. 26.6 Remote Node A TM Layer Options Move the cu rs or to the Edit A TM Options field in menu 1 1.1, then press [SP ACE BAR] to select Ye s .
Chapter 26 Remote Node Setup P-793H User’s Guide 273 Figure 158 Menu 1 1.6: Remote Node A TM Layer Options The following table describes the fields in this menu.
Chapter 26 Remot e Node Setup P-793H User’s Guide 274 26.7 Advance Setup Options Move the cu rs or to the Edit Advance Options field in menu 1 1.1 (only for remote node 1), then press [SP ACE BAR] to select Ye s . Press [ENTER] to open Menu 1 1.8 - Advanced Setup Options .
P-793H User’s Guide 275 C HAPTER 27 Static Route Setup Use this menu to configure IP and bridge (MAC) static rout es. 27.1 IP S t atic Route Setup Enter 1 from the menu 12. Sele ct one of the IP static routes as show n next to configure IP static routes in menu 12.
Chapter 27 St atic Route Se tup P-793H User’s Guide 276 Figure 161 Menu 12.1.1: Edit IP S tatic Route The following table describes the fields in this screen. 27.2 Bridge S tatic Route Setup Enter 3 from menu 12. S e lect one of the bridge static routes as shown next to configure IP static routes in menu 12.
Chapter 27 Stat ic Route Setup P-793H User’s Guide 277 Figure 162 Menu 12.3: Bridge S tatic Route Setup Now , enter the index number of th e static route that you want to configure. Figure 163 Menu 12.3.1: Edit Bridge S tatic Route The following table describes the fields in this screen.
Chapter 27 St atic Route Se tup P-793H User’s Guide 278.
P-793H User’s Guide 279 C HAPTER 28 NAT Setup Use this menu to configure Network Ad dress Translation (NA T) on the ZyXE L Device. 28.1 Using NA T " Y ou must create a firewall rule in addi tion to setting up SUA/NA T , to allow traffic from the W AN to be forw arded through the ZyXEL Device.
Chapter 28 NAT Set up P-793H User’s Guide 280 Figure 164 Menu 4: Applying NA T for Internet Access The following figure shows how you apply NA T to the remote node in men u 1 1.3. 1 Enter 1 1 from the main menu. 2 Enter 1 to open Menu 1 1.1 - Remote Node Pr ofile .
Chapter 28 NAT Setup P-793H User’s Guide 281 The following table describes the fields in this menu. 28.2 NA T Setup Use the address mapping sets me nus and submenus to create the mapping table used to assign global addresses to computer s on the LAN and the DMZ.
Chapter 28 NAT Set up P-793H User’s Guide 282 Figure 167 Menu 15.1: Address Ma pping Sets Select the address mapping set you want to m odify . The fields in address 255 are used for SUA and are read-only .
Chapter 28 NAT Setup P-793H User’s Guide 283 " The T ype, Local and Global S tart/End IP s are configured in menu 15.1.1.1 (described later) and the values are displayed here. Ordering your rules is important because the Zy XEL Device applies the rules in the order that you specify .
Chapter 28 NAT Set up P-793H User’s Guide 284 Figure 169 Menu 15.1.1.1: Address Mappin g Rule The following table describes the fields in this menu. 28.
Chapter 28 NAT Setup P-793H User’s Guide 285 Follow these steps to config ure a server behind NA T : 1 Enter 15 in the main menu to go to Menu 15 - NA T Setup. 2 Enter 2 to open menu 15.2 (an d configure the address mapping rules for the W AN port on a ZyXEL Device with a single W AN port).
Chapter 28 NAT Set up P-793H User’s Guide 286 The first entry is for the Default Serv er . The following table describes the labels in this menu. 28.
Chapter 28 NAT Setup P-793H User’s Guide 287 Figure 173 Menu 4: Internet Access & NA T Example From menu 4 sho wn abov e, simply choose the SUA Only option from the Network Address Tr a n s l a t i o n field. This is the Many-to-One mapping discussed in Section 28.
Chapter 28 NAT Set up P-793H User’s Guide 288 Figure 175 Menu 15.2: S pecifying an Inside Server 28.4.3 Example 3: Multiple Public IP Addresses With Inside Servers In this example, there are 3 IGAs from our IS P . There are many departments but two have their own FTP server .
Chapter 28 NAT Setup P-793H User’s Guide 289 1 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets . Therefore you must choose the Full Feature option from the Network Address T rans lation field (in menu 4 or menu 11.
Chapter 28 NAT Set up P-793H User’s Guide 290 Figure 179 Example 3: Final Menu 15.1.1 Now configure the IGA3 to map to our web server and mail server on the LAN. 1 Enter 15 from the main menu. 2 Enter 2 to go to menu 15 .2. 3 (Enter 1 or 2 from menu 15.
Chapter 28 NAT Setup P-793H User’s Guide 291 28.4.4 Example 4: NA T Unfr iendly Application Programs Some applications do not support NA T Mapping using TCP or UDP port address translation. In this case it is better to use Many-One-to-One mapping as port numbers do not change for Many-One-to-One (and One-to-One ) NA T mapping types.
Chapter 28 NAT Set up P-793H User’s Guide 292 Figure 183 Example 4: Menu 15.1.1: Address Mapping Rules Menu 15.1.1 - Address Map ping Rules Set Name= Example4 Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- ------------- -- --------------- --------------- -- 1.
P-793H User’s Guide 293 C HAPTER 29 Firewall Setup Use this menu to activate or deactivate the firewall. 29.1 Using ZyXEL Device SMT Menus From the main menu enter 21 to go to Menu 21 - Filter and Firewall Setup to display the screen shown next. Figure 184 Menu 21: Filter and Firewa ll Setup 29.
Chapter 29 Fi rewall Setup P-793H User’s Guide 294 Figure 185 Menu 21.2: Fi rewall Setup " It is recommended to configure the fire wall rules using the web configurator . Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DoS) attacks when it is active.
P-793H User’s Guide 295 C HAPTER 30 Filter Configuration This chapter shows you how to create and apply filters. 30.1 Introduction to Filters Y our ZyXEL Device uses filters to decide whether to allow passage of a da ta packet and/or to make a call.
Chapter 30 Filter Configuration P-793H User’s Guide 296 30.1.1 The Filter Stru cture of the ZyXEL Device A filter set consists of one or more filter rul es. Usually , you would group related rules, for example all the rules for NetBIOS, into a sing le set and give it a descriptive name.
Chapter 30 Filter Configuration P-793H User’s Guide 297 Figure 187 Filter Rule Process Y ou can apply up to four filter sets to a particular port to block multiple types of packets. W ith each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.
Chapter 30 Filter Configuration P-793H User’s Guide 298 1 Enter 21 in the main me nu to open menu 2 1. Figure 188 Menu 21: Filter and Firewa ll Setup 2 Enter 1 to bring up the following menu. Figure 189 Menu 21.1: Filter Set Configuration 3 Select the filter set you wish to configure (1-12) and press [ENTER] .
Chapter 30 Filter Configuration P-793H User’s Guide 299 The following table describes the labels in this screen. The following tables contain a brief description of the abbreviations used in the previous menus.
Chapter 30 Filter Configuration P-793H User’s Guide 300 30.2.2 Configuring a TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fiel ds in the IP and the upper layer protocol, for example, UDP and TCP headers.
Chapter 30 Filter Configuration P-793H User’s Guide 301 The following figure illustrates th e logic flow of an IP filter . IP Addr Enter the source IP Address of the packet you wish to filter . This field is ignored if it is 0.0.0.0. IP Mask Enter the IP mask to apply to the Source: IP Addr .
Chapter 30 Filter Configuration P-793H User’s Guide 302 Figure 192 Executing an IP Filter 30.2.3 Configuring a Generic Filter Rule This section shows you how to co nfigure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets.
Chapter 30 Filter Configuration P-793H User’s Guide 303 For generic rules, the ZyXEL Device treats a pack et as a byte stream as oppos ed to an IP or IPX packet. Y ou specify the portion of the pa cket to check with the Offset (from 0) and the Length fields, both in bytes.
Chapter 30 Filter Configuration P-793H User’s Guide 304 30.3 Example Filter Let’ s look at an example to bloc k outside us ers from accessing the ZyXEL Device via telne t. Please see our included disk for more example filters. Figure 194 T elnet Filter Exam ple 1 Enter 21 from the main menu to open Menu 21 - Filter and Firewall Setup .
Chapter 30 Filter Configuration P-793H User’s Guide 305 Figure 195 Example Filter: Menu 21 .1.3.1 The port number for the telnet service (TCP protocol) is 23 . See RFC 1060 for port numbers of well-known services. When you press [ENTER] to confirm, you will see the fo llowing screen.
Chapter 30 Filter Configuration P-793H User’s Guide 306 5 Press [ENTER ] to confirm after you enter the set numbers and to leav e menu 1 1.1.4. 30.4 Filter T ypes and NA T There are two classes of filter rules, Generic Filter (Device) rules and protocol filter ( TCP/ IP ) rules.
Chapter 30 Filter Configuration P-793H User’s Guide 307 30.6.1 Applying LAN Filters LAN traffic filter sets may be useful to bloc k certain packets, reduce traffic and prevent security breaches. Go to menu 3. 1 (shown next) and enter the number(s) of the filter set(s) that you want to apply as appropriate.
Chapter 30 Filter Configuration P-793H User’s Guide 308.
P-793H User’s Guide 309 C HAPTER 31 SNMP Configuration Use this menu to configure SNMP . See Section 15.6 on page 199 for more information about SNMP . 31.1 SNMP Configuration T o configure SNMP , enter 22 from the main menu to display Menu 22 - SNMP Configuration as shown next.
Chapter 31 SNMP Configuration P-793H User’s Guide 310.
P-793H User’s Guide 31 1 C HAPTER 32 System Password Use this menu to change your password. This is the same password used to access the web configurator . T o open this menu , enter 23 in the main menu. Figure 201 Menu 23: System Password The following table describes the labels in this menu.
Chapter 32 System Password P-793H User’s Guide 312.
P-793H User’s Guide 313 C HAPTER 33 System Information & Diagnosis This chapter covers SMT menus 24.1 to 24.4. 33.1 Introduction to System St atus This chapter covers the diagnostic tools that help you to maintain your ZyXEL Device. These tools include updates on system status, po rt status and log and trace capabilities.
Chapter 33 System In formation & Diagnosis P-793H User’s Guide 314 Figure 203 Menu 24.1: System Maintenan ce - S tatus The following table describes the fields present in Menu 24.1 - System Maintenance - St a t u s . These fields are read-only and meant for di agnostic purposes.
Chapter 33 System Information & Diagnosis P-793H User’s Guide 315 33.3 System Information and Console Port S peed This section describes your system and allows you to choose different console port speeds. T o get to the System Informa tion and Console Port Speed: 1 Enter 24 to go to Menu 24 - System Maintenance .
Chapter 33 System In formation & Diagnosis P-793H User’s Guide 316 Figure 205 Menu 24.2.1: System Main tenance - Information The following table describes the fields in this screen. 33.3.2 Console Port Speed Y ou can change the speed of the console port through Menu 24.
Chapter 33 System Information & Diagnosis P-793H User’s Guide 317 33.4 Log and T race There are two logging facilities in the ZyXEL De vice. The first is the error logs and trace records that are stored locally . The second is the UNIX syslog facility for message logging.
Chapter 33 System In formation & Diagnosis P-793H User’s Guide 318 33.4.2 Syslog Logging The ZyXEL Device uses the syslog facility to log the CDR (Ca ll Detail Record) and system messages to a syslog server . Syslog an d accounting can be configured in Menu 24.
Chapter 33 System Information & Diagnosis P-793H User’s Guide 319 2 Packet triggered 3 Filter log Packet triggered Message Format SdcmdSyslogSend( SYSLOG_PKTTR I, SYSLOG_NOTICE, S tring ); S t ring = Packet trigger: Protocol=xx Data =xxxxxxxxxx….
Chapter 33 System In formation & Diagnosis P-793H User’s Guide 320 4 PPP log 5 Firewall log 33.5 Diagnostic The diagnostic facility allows you to test th e dif ferent aspects of your ZyXEL Device to determine if it is working properly . Menu 24.
Chapter 33 System Information & Diagnosis P-793H User’s Guide 321 Figure 210 Menu 24.4: System Maintenan ce - Diagnostic The following table describes the labels in this screen. Menu 24.4 - Syste m Maintenance - Diagnostic xDSL System 1. Reset xDSL 21.
Chapter 33 System In formation & Diagnosis P-793H User’s Guide 322.
P-793H User’s Guide 323 C HAPTER 34 Firmware and Configuration File Maintenance This chapter tells you how t o back up and rest ore your configuration file as well as upload new firmware and a new configura tion file.
Chapter 34 Firmware and Conf iguration File Main tenance P-793H User’s Guide 324 The following table is a summary . Please note that the internal filename refe rs to the filename on the ZyXEL Device.
Chapter 34 Firmw are and Co nfiguration File Maintenance P-793H User’s Guide 325 Figure 21 1 Menu 24.5: Back up Configura tion 34.3.2 Using the FTP Command from the Comman d Line 1 Launch the FTP client on your computer . 2 Enter “open”, followed by a space and th e IP address of your ZyXEL Device.
Chapter 34 Firmware and Conf iguration File Main tenance P-793H User’s Guide 326 34.3.4 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients.
Chapter 34 Firmw are and Co nfiguration File Maintenance P-793H User’s Guide 327 4 Launch the TFTP client on yo ur computer and connect to the ZyXEL Device. Set the transfer mode to binary before starting data transfer . 5 Use the TFTP client (see the example belo w) to transfer files between the ZyXEL Device and the computer .
Chapter 34 Firmware and Conf iguration File Main tenance P-793H User’s Guide 328 Figure 213 System Maintenance: Backup Configuration 2 The following screen indicates that the Xmodem download has started.
Chapter 34 Firmw are and Co nfiguration File Maintenance P-793H User’s Guide 329 1 Do not interrupt the fi le transfer process as this may PERMANENTL Y DAMAGE YOUR ZyXEL Device. When the Restore Configuration process is complete, the ZyXEL Device will automatically restart.
Chapter 34 Firmware and Conf iguration File Main tenance P-793H User’s Guide 330 34.4.2 Restore Usin g FTP Session Example Figure 218 Restore Using FTP Session Example Refer to Section 34.3.5 o n page 326 to read about configurations that disallow TFTP and FTP over W AN.
Chapter 34 Firmw are and Co nfiguration File Maintenance P-793H User’s Guide 331 Figure 222 Successful Restoration Confirmati on Screen 34.5 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuratio n files.
Chapter 34 Firmware and Conf iguration File Main tenance P-793H User’s Guide 332 Figure 224 Menu 24.7.2: System Maintenan ce - Upload System Configuration File T o upload the firmware and the configuration file, follow these examples 34.5.3 FTP File Upload Comman d from the DOS Prompt Example 1 Launch the FTP client on your computer .
Chapter 34 Firmw are and Co nfiguration File Maintenance P-793H User’s Guide 333 34.5.4 FTP Session Exampl e of Firmware File Upload Figure 225 FTP Session Example of Firmware File Upload More commands (found in GUI-based FTP clie nts) are listed earlier in this chapter .
Chapter 34 Firmware and Conf iguration File Main tenance P-793H User’s Guide 334 34.5.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.
Chapter 34 Firmw are and Co nfiguration File Maintenance P-793H User’s Guide 335 Figure 227 Example Xmodem Upload After the firmware upload process has comp leted, the ZyXEL Device will automatically restart. 34.5.10 Uploading Configur ation File V ia Console Port 1 Select 2 from Menu 24.
Chapter 34 Firmware and Conf iguration File Main tenance P-793H User’s Guide 336 Figure 229 Example Xmodem Upload After the configuration upload process has comple ted, restart the ZyXEL Device by entering “atgo”.
P-793H User’s Guide 337 C HAPTER 35 Menus 24.8 to 24.11 This chapter leads you through SM T menus 24.8 to 24.1 1. 35.1 Command Interpreter Mode The Command Interpre ter (CI) is a part of the main router firmware. The CI provides much of the same functionality as the SMT , while a dding some low-level se tup and diagnostic functions.
Chapter 35 Menus 24.8 to 24.11 P-793H User’s Guide 338 The optional fields in a c ommand are enclosed in s quare brackets [] . The | symbol means “or”. For example, sys filter netbios config <type> <on|off> means that you must specify the type of netb ios filter and whether to turn it on or of f.
Chapter 35 Menus 24.8 to 24.11 P-793H User’s Guide 339 Figure 233 Menu 24.9.1 - Budget Man agement The total budget is the time li mit on the accumulated time for ou tgoing calls to a remo te node. When this limit is reached, th e call will be dropped and further outgoing calls to that remote node will be blocked.
Chapter 35 Menus 24.8 to 24.11 P-793H User’s Guide 340 Figure 234 Menu 24: System Maintenan ce Enter 10 to go to Menu 24.10 - System Maintena nce - Time and Date Setting to update the time and date settings of your ZyXEL De vice as shown in the following screen.
Chapter 35 Menus 24.8 to 24.11 P-793H User’s Guide 341 35.4 Remote Management T o disable remote management of a service, select Disable in the corresponding Server Access field. Enter 1 1 from menu 24 to bring up Menu 24.1 1 - Remote Management Control .
Chapter 35 Menus 24.8 to 24.11 P-793H User’s Guide 342 Figure 236 Menu 24.1 1 – Re mote Manage ment Contro l The following table describes the fields in this screen. 35.4.1 Remote Management Limit ations Remote management over LAN or W AN will not work when: 1 A filter in menu 3.
P-793H User’s Guide 343 C HAPTER 36 IP Routing Policy Setup Use this menu to look at and confi gure policy routes. 36.1 Policy Route T raditionally , routing is based on the destinatio n address only and the ZyXEL Device takes the shortest path to forward a packet.
Chapter 36 IP Rout ing Policy Setup P-793H User’s Guide 344 IPPR follows the existing packet filtering fac ility of RAS in style and in implementation. 36.4 IP Routing Policy Setup Use this menu to look at a summary of policy rout es. T o open this menu, enter 25 in the main menu.
Chapter 36 IP Ro uting Policy Setup P-793H User’s Guide 345 Figure 238 Menu 25.1: IP Routing Policy Setup The following table describes the labels in this menu. Menu 25.1 - I P Routing Policy Setup # A Criteri a/Action - - ------------------------------- --------------------------------------- 1 N SA=1.
Chapter 36 IP Rout ing Policy Setup P-793H User’s Guide 346 36.6 IP Routing Policy Use this menu to configure policy ro utes. T o open this menu , select Edit and enter the appropriate r ule number in menu 25. Figure 239 Menu 25.1.1: IP Routing Policy The following table describes the labels in this menu.
Chapter 36 IP Ro uting Policy Setup P-793H User’s Guide 347 36.7 IP Policy Routing Example If a network has both Internet and remote node connections, you can route W eb packets to the Internet using one policy and route FTP packets to a remote ne twork using another policy .
Chapter 36 IP Rout ing Policy Setup P-793H User’s Guide 348 Figure 241 IP Routing Policy Example 1 2 Select Ye s in the LAN field in menu 25.1.1 to apply the policy to packets received on the LAN port. 3 Check Menu 25 - IP Routing Policy Summary to see if the rule is added correctly .
P-793H User’s Guide 349 C HAPTER 37 Schedule Setup Use this menu to look at and confi gure the schedule sets in the ZyXEL Device . 37.1 Schedule Set Overview Call scheduling (applicable for PPPoE encapsulation only) a llows the ZyXEL Device to manage a remote node and dictate wh en a remote node should be calle d and for how long.
Chapter 37 Schedu le Setup P-793H User’s Guide 350 The following table describes the labels in this menu. 37.3 Schedule Set Setup This menu is only a pplicable if your Internet connec tion uses PPPoE encapsulation. Use this menu to configure the schedule sets in the ZyXEL Device.
Chapter 37 Schedule Setup P-793H User’s Guide 351 The following table describes the labels in this menu. T able 134 Menu 26.1: Schedule Set Setup FIELD DESCRIPTION Activ e Press [SP ACE BAR] to select Ye s or No . Choose Ye s and press [ENTER] to activate the schedule set.
Chapter 37 Schedu le Setup P-793H User’s Guide 352.
P-793H User’s Guide 353 C HAPTER 38 Troubleshooting This chapter offers some sugg estions to solve problems you might encounter . The potential problems are divided into the following categories. • Power , Hardware Connections, and LEDs • ZyXEL Device Access and Login • Internet Access • Advanced Features 38.
Chapter 38 Trou bleshooting P-793H User’s Guide 354 38.2 ZyXEL Device Access and Login V I forgot the IP address for the ZyXEL Device. 1 The default IP address is 192.
Chapter 38 Trou bleshooting P-793H User’s Guide 355 6 If the problem continues, contact the network administrator or vendor , or try the advanced suggestio n. Advanced Suggestion • T ry to access the ZyXEL Device using anot her service, such as T elnet.
Chapter 38 Trou bleshooting P-793H User’s Guide 356 V I cannot use the cons ole port to access the ZyXEL Device. Make sure that you are using the included console ca ble and that the CON/AUX switch on the ZyXEL Device is set to CON . See the Quick Start Guide.
Chapter 38 Trou bleshooting P-793H User’s Guide 357 • Check the settings for ba ndwidth management. If it is disab led, you might consider activating it. If it is enabled, you migh t consider changing the allocations. See Chapter 13 on page 181 . V I cannot access a web site (on Mondays).
Chapter 38 Trou bleshooting P-793H User’s Guide 358 2 P ress and hold the RESET button for ten seconds. Release the RESET button when the POWER LED begins to blin k. The default settings have been restored. If the ZyXEL Device restarts automatically , wa it for the ZyXEL Device to finish restarting, and log in to the web configurator .
359 P ART VI Appendices and Index Product Specification s (361) W all-mounting Instructions (365) Setting up Y our Computer ’ s IP Address (367) Pop-up W indows, JavaScripts and Java Permissions (38.
360.
P-793H User’s Guide 361 A PPENDIX A Product S pecifications T able 135 Device Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bi ts) Default Password user: “use r” administrator: “1234” DHCP Pool 192.168.1.33 to 192.168.
Appendix A Product Specifications P-793H User’s Guide 362 A TM Support Multiple protocols over AAL5 (RFC1483) PPP over A TM (RFC 2364) PPP over Ethernet (RFC2516) A TM AAL5 supported Support 8 PVCs A TM Forum UNI3.
Appendix A Product Specifications P-793H User’s Guide 363 T able 137 Firmware Features FEATURE DESCRIPTION Firmware Upgrade Downlo ad new firmware (when available) from the ZyXEL web site and use the web config urator , an FTP or a TFTP tool to put it on the Zy XEL Device.
Appendix A Produ ct Specifications P-793H User’s Guide 364 Fig u re 2 4 5 Y - C a ble Connector Co n f i gu r ation Bandwidth Management Y ou can efficiently manage traffic on your network by rese rving bandwidth and giving priority to certain types of traffic and/or to particular computers.
P-793H User’s Guide 365 A PPENDIX B W all-mounting Instructions Do the following to hang your ZyXEL Devic e on a wall. " See the product specificat ions appendix for the size of screws to use and how far apart to place them. 1 Locate a high posit ion on a wall that is free of obstructions.
Appendix B Wall-mo unting Instructio ns P-793H User’s Guide 366.
P-793H User’s Guide 367 A PPENDIX C Setting up Y our Computer ’ s IP Address All computers must have a 10M or 100M Et hernet adapter card and TCP/IP installed.
Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 368 Figure 247 WIndows 95/98 /Me: Networ k: Configura tion Inst alling Components The Network window Configuration tab displays a list of installed components. Y ou need a network adapter , the TCP/IP protocol and Client for Microso ft Networks.
Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 369 Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically .
Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 370 Figure 249 Windows 95/98/Me : TCP/IP Pr operties: DNS Configuration 4 Click the Gateway tab. • If you do not know you r gateway’ s IP addr ess, remove previously installed gateways.
Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 371 Figure 250 Windows XP: S tart Menu 2 In the Control Panel , double-click Network Connections ( Network and Dial-up Connections in W indow s 2000/NT). Figure 251 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Pr operties .
Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 372 Figure 252 Windows XP: Control Panel: Network Connections: Pro perties 4 Select Internet Protocol (TCP/IP) (under the Genera l tab in W in XP) and then click Properties .
Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 373 Figure 254 Windows XP: Internet Protocol (TCP/IP) Propert ies 6 If you do not know your gateway's IP ad dress, remove any previously installed gateways in the IP Settings tab and click OK .
Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 374 Figure 255 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Pr operties window (the General tab in W indow s XP): • Click Obtain DNS server address automatically if yo u do not know your DNS server IP address(es).
Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 375 Figure 256 Windows XP: Internet Protocol (TCP/IP) Propert ies 8 Click OK to close the Internet Protocol (TCP/IP) Properties window . 9 Click Close ( OK in W i ndows 2000/NT) to close the Local Area Connection Properties window .
Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 376 Figure 257 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 258 Macintosh O S 8/9: TC P/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list.
Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 377 • T ype your IP address in the IP Address box. • T ype your subnet mask in the Subnet mask box. • T ype the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Contr ol Panel .
Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 378 Figure 260 Macintosh O S X: Netw ork 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address box.
Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 379 " Make sure you are logged in as the root administrator . Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE.
Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 380 • If you have a dyna mic IP address, clic k Automatically obtain IP address settings with and select dhcp from the drop down list.
Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 381 Figure 265 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 • If you have a static IP address, enter static in t he BOOTPROTO= field. T ype IPADDR = followed by the IP address (in do tted decimal notation) and type NETMASK = followed by the subnet mask.
Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 382 V erifying Settings Enter ifconfig in a terminal screen to ch eck your TCP/IP properties. Figure 269 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWadd r 00:50:BA:72:5B:44 inet addr:172.
P-793H User’s Guide 383 A PPENDIX D Pop-up Windows, JavaScript s and Java Permissions In order to use the web configurator you need to allow: • W eb browser pop-u p windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default).
Appendix D Pop-up Windows, JavaScripts and Java Perm issions P-793H User’s Guide 384 2 Clear the Block pop-ups check box in the Pop-up Block e r section of the screen. This disables any web po p-up blockers you may have ena bled. Figure 271 Internet Options: Privacy 3 Click Apply to save this setting.
Appendix D Pop-up Windows, JavaScripts and Java Per m issions P-793H User’s Guide 385 Figure 272 Internet Options: Privacy 3 T ype the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.
Appendix D Pop-up Windows, JavaScripts and Java Perm issions P-793H User’s Guide 386 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScript s If pages of the web configura tor do not display properly in Internet Explorer, check that JavaScripts are allowed.
Appendix D Pop-up Windows, JavaScripts and Java Per m issions P-793H User’s Guide 387 Figure 275 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer , click To o l s , Internet Options and then the Security tab. 2 Click the Custom Level.
Appendix D Pop-up Windows, JavaScripts and Java Perm issions P-793H User’s Guide 388 JA V A (Sun) 1 From Internet Explorer , click To o l s , Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is sele cted.
P-793H User’s Guide 389 A PPENDIX E IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify ind ividual devices on a network. Every networking device (includin g computers, servers, routers, printe rs, etc.
Appendix E IP Addre sses and Subnetting P-793H User’s Guide 390 Figure 278 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the s ubnet mask.
Appendix E IP Addresses and Subnetting P-793H User’s Guide 391 Subnet masks are expressed in dotted decimal no tation just like IP addresses. The follow ing examples show the binary and decimal not ation for 8-bit, 16-bit, 24-bit an d 29-bit subnet masks.
Appendix E IP Addre sses and Subnetting P-793H User’s Guide 392 Subnetting Y ou can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the c ompany network for security reasons.
Appendix E IP Addresses and Subnetting P-793H User’s Guide 393 Figure 280 Subnetting Example: Af ter Subnetting In a 25-bit subnet the host ID has 7 bits , so each sub-network has a maximum of 2 7 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’ s address itself, all ones is the subnet’ s broadcast address).
Appendix E IP Addre sses and Subnetting P-793H User’s Guide 394 Example: Eight Subnet s Similarly , use a 27-bit mask to create eight subnets (000, 00 1, 010, 01 1, 100, 101, 1 10 and 111 ) . The following table shows IP address last octet values for each subnet.
Appendix E IP Addresses and Subnetting P-793H User’s Guide 395 Subnet Planning The following table is a summary for su bnet planning on a network with a 24-bit network number . The following table is a summary for su bnet planning on a network with a 16-bit network number .
Appendix E IP Addre sses and Subnetting P-793H User’s Guide 396 Configuring IP Addresses Where you obtain your netwo rk number depends on your particular situation. If the ISP or your network administrator assigns yo u a bloc k of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
P-793H User’s Guide 397 A PPENDIX F IP Address Assignment Conflict s This appendix describes situations where IP addre ss conflicts may occur . Subs cribers with duplicate IP addresses will not be able to access the Internet.
Appendix F IP Ad dress Assignment Conflicts P-793H User’s Guide 398 Figure 282 IP Address Conflicts: Case B T o solve this problem, make sure the ZyXEL De vice LAN IP address is not in the DHCP IP address pool.
Appendix F IP Address Assignment Conflicts P-793H User’s Guide 399 Figure 284 IP Address Conflicts: Case D This problem can be solved by adding a VLAN- enabled switch or set the computers to obtain IP addresses dynamically .
Appendix F IP Ad dress Assignment Conflicts P-793H User’s Guide 400.
P-793H User’s Guide 401 A PPENDIX G Common Services The following table l ists some commonly-used se rvices and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site .
Appendix G Comm on Services P-793H User’s Guide 402 FTP TCP TCP 20 21 File Tr a nsfer Program, a program to enable fast transfer of files, including large fil es that may not be possible by e-mail. H.323 TCP 1720 NetMeeting uses this protocol. HTTP TCP 80 Hyper T ext T ransfer Protoco l - a client/ server protocol for the world wide web.
Appendix G C ommon S ervices P-793H User’s Guide 403 RTE L N ET TC P 107 Remote T elnet. RTS P TCP/UDP 554 The Real Time S treaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. SFTP TCP 11 5 Simple File Transfer Protocol.
Appendix G Comm on Services P-793H User’s Guide 404.
P-793H User’s Guide 405 A PPENDIX H Command Interpreter The following describes how to us e the command interpreter . See Se ction 35.1 on pa ge 337 for how to access the comma nd interpreter from SMT . See www .zyxel.com for more detailed information on these commands.
Appendix H Comma nd Interpreter P-793H User’s Guide 406 Configuring What Y ou W ant the ZyXEL Device to Log 1 Use the sys logs load command to load the log setting buffer that allows you to configure which logs the Zy XEL Device is to record. 2 Use sys logs category to view a list of the log categories.
Appendix H Command Interpreter P-793H User’s Guide 407 Log Command Example This example shows how to set the ZyXEL Devi ce to record the acc ess logs and alerts and then view the results. Routing Command Use this command to set the ZyXEL Device to route t raffic that doe s not match a NA T rule through a specific interface.
Appendix H Comma nd Interpreter P-793H User’s Guide 408 ARP Behavior and the ARP ackGratuitous Commands The ZyXEL Device does not accept ARP reply in formation if the ZyXEL Device did not send out a corresponding request.
Appendix H Command Interpreter P-793H User’s Guide 409 Figure 288 Backup Gateway Updating the ARP entries could increase the da nger of spoofing attacks. It is only recommended that you turn on ackGratuitous and force update if you need it like in the previous backup g a teway example.
Appendix H Comma nd Interpreter P-793H User’s Guide 410 Figure 289 Routing Command Examp l e ras> ipsec ipsecEdit 1 ras> ipsec ipsecConfig encryKeyLen 1 ras> ipsec ipsecDisplay ---------- I.
P-793H User’s Guide 41 1 A PPENDIX I Log Descriptions This appendix provides descrip tions of example log messages. T able 150 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router h as adjusted its time based on in formation from the time server .
Appendix I Log Desc riptions P-793H User’s Guide 412 Successful SSH login Someone has logged on to the router’s SSH server . SSH login failed Someone has failed to log on to the router ’s SSH server . Successful HTTPS login Someone has logged on to the router's web configurator interface using HTTPS protocol.
Appendix I Log Descriptions P-793H User’s Guide 413 T able 153 TCP Rese t Logs LOG MESSAGE DESCRIPTION Under SYN flood attack, sent TCP RST The router sent a TCP reset packet when a host was under a SYN flood attack (the TCP incomplete count is per destination ho st.
Appendix I Log Desc riptions P-793H User’s Guide 414 Triangle route packet forwarded: ICMP The firewall allowe d a triangle route sessi on to pass through. Packet without a NAT table entry blocked: ICMP The router blocked a packet that didn’t have a corresponding NA T table entry .
Appendix I Log Descriptions P-793H User’s Guide 415 T able 159 Content Filtering Logs LOG MESSAGE DESCRIPTION %s: Keyword blocking The content of a requested web page matched a user define d keyword. %s: Not in trusted web list The web site is not in a trusted domain, and the router blocks al l traffic except trusted domain sites.
Appendix I Log Desc riptions P-793H User’s Guide 416 ip spoofing - WAN [TCP | UDP | IGMP | ESP | GRE | OSPF] The firewall detected an IP spoofing attack on the W A N port. ip spoofing - WAN ICMP (type:%d, code:%d) The firewall detected an ICMP IP spoofing attack on the W AN port.
Appendix I Log Descriptions P-793H User’s Guide 417 T able 162 IKE Logs LOG MESSAGE DESCRIPTION Active connection allowed exceeded The IKE process for a new co nnection failed b ecause the limi t of simultaneous phase 2 SAs has b een reached. Start Phase 2: Quick Mode Phase 2 Qu ick Mode has started.
Appendix I Log Desc riptions P-793H User’s Guide 418 Remote IP <Remote IP> / <Remote IP> conflicts The security ga teway is set to “0.0.0.0” and the route r used the peer ’s “Local Address” a s the router ’s “Remote Address”.
Appendix I Log Descriptions P-793H User’s Guide 419 Rule [%d] Phase 2 authentication algorithm mismatch The listed ru le’s IKE phase 2 authentication al gorithm did not match between the router and the peer. Rule [%d] Phase 2 encapsulation mismatch The listed rule’s IKE phase 2 encapsulation did not match between the router a nd the peer.
Appendix I Log Desc riptions P-793H User’s Guide 420 Enrollment failed The CMP online certificate enrollment failed. The Destination fi eld records the certification authori ty server ’s IP address and port.
Appendix I Log Descriptions P-793H User’s Guide 421 7 Certificate was revoked by a CRL. 8 Certificate was not added to the cache. 9 Certificate decoding failed. 10 Certificate was not found (anywhere). 11 Certificate chain looped (did not fi nd trusted root).
Appendix I Log Desc riptions P-793H User’s Guide 422 User logout because of no authentication response from user. The router logge d out a user from which there was no authentication response. User logout because of idle timeout expired. The router l ogged out a us er whose idle ti meout period expired.
Appendix I Log Descriptions P-793H User’s Guide 423 The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type.
Appendix I Log Desc riptions P-793H User’s Guide 424 Log Commands This section provides some general examples of how to use the log commands. The items that display with your device may vary but the basic function should be the same. Go to the command in terpreter interface.
Appendix I Log Descriptions P-793H User’s Guide 425 Figure 291 Displaying Log Para meters Example 4 Use sys logs category followed by a log cate gory and a parameter to decide what to record.
Appendix I Log Desc riptions P-793H User’s Guide 426 Log Command Example This example shows how to set the ZyXEL Devi ce to record the acc ess logs and alerts and then view the results. ras> sys logs load ras> sys logs category access 3 ras> sys logs save ras> sys logs display access #.
P-793H User’s Guide 427 A PPENDIX J NetBIOS Filter Commands The following describes the NetB IOS packet filter commands. See Appendix H on page 4 05 for information on th e command structure. Introduction NetBIOS (Network Basic Input/Output System ) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN.
Appendix J NetBIOS Filter Commands P-793H User’s Guide 428 The filter types and their defa ult settings are as follows. NetBIOS Filter Configuration Syntax:sys filter netbios config <ty pe> &l.
P-793H User’s Guide 429 A PPENDIX K Legal Information Copyright Copyright © 2006 by ZyXEL Communications Corporation. The contents of this publication may not be reprod uced in any part or as a who.
Appendix K Legal In formation P-793H User’s Guide 430 If this device does cause harmful inte rference to radio/television reception, which can be determined by turning th e device off and on, the user is enc ouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna.
Appendix K Legal Information P-793H User’s Guide 431 ZyXEL) and the customer will be billed for part s and labor . All repaired or replaced products will be shipped by ZyXEL to th e corresponding return address, P o stage Paid. This warranty gives you specific legal rights, and yo u may also have othe r rights that vary from country to country .
Appendix K Legal In formation P-793H User’s Guide 432.
P-793H User’s Guide 433 A PPENDIX L Customer Support Please have the following information r eady when you contact customer support. Required Information • Product model and serial number . • W arranty Information. • Date that you received your de vice.
Appendix L Custo mer Support P-793H User’s Guide 434 Denmark • Support E-mail: support@zyxel.dk • Sales E-mail: sales@zyxel.dk • T elephone: +45-39-55-07-00 • Fax: +45-39-55-07-07 • W eb Site: www .
Appendix L Customer Support P-793H User’s Guide 435 • T elephone: +7-3272-590-698 • Fax: +7-327 2-590-689 • W eb Site: www .zyxel.kz • Re g u l a r Ma i l : ZyXEL Kazakhstan, 43, Dostyk ave.,Office 414, Dost yk Business Centre, 050010, Almaty , Republic of Kazakhstan North America • Support E-mail: support@zyxel.
Appendix L Custo mer Support P-793H User’s Guide 436 • W eb Site: www .zyxel.es • Re g u l ar M a il : ZyXEL Communications, Art e, 21 5ª planta, 28033 Madrid, Spain Sweden • Support E-mail: support@zyxel.se • Sales E-mail: sales@zyxel.se • T elephone: +46-31-744-7700 • Fax: +46-31-744-7701 • W eb Site: www .
Index P-793H User’s Guide 437 Index A active protocol 159 AH 159 and encapsulation 159 ESP 159 address mapping 111 AH 159 and transport mode 160 alert 225 alternative subnet mask notation 391 anti-probing 144 applications high-speed Internet access 39 point-to-point connections 40 A TM traffic class.
Index P-793H User’s Guide 438 Domain Name System. See DNS. DoS attack 11 9 brute-force 11 9 , 121 IP spoofing 120 LAN 120 ping of death 120 SYN flood 120 teardrop 120 threshold.
Index P-793H User’s Guide 439 main mode 154 , 157 NA T traversal 158 negotiation mode 154 peer identity 156 pre-shared key 156 proposal 155 IKE SA. See also VPN. installation wall-mounting 365 Internet Assigned Nu mbers Authority See IANA 396 Internet Control Message Protocol.
Index P-793H User’s Guide 440 and filter set 306 and IP alias 104 and remote managemen t 196 and VPN 158 examples 286 global 103 how it works 104 inside 103 local 103 many-to-many no overload 105 many-to-many overload 105 many-to-one 105 one-to-one 105 outside 103 port forwarding.
Index P-793H User’s Guide 441 S safety warnings 6 schedule set 349 Select Mode screen 45 Simple Network Management Protocol. See SNMP . Single User Account.
Index P-793H User’s Guide 442 minimum requirements 43 Wide Area Network. See W AN. wizards 53 WWW remote management 196 www .dyndns.org 191.
Index P-793H User’s Guide 443.
Index P-793H User’s Guide 444.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.