Manuale d’uso / di manutenzione del prodotto P-334 del fabbricante ZyXEL Communications
Vai alla pagina of 366
Prestige 334 Broadband Router with Firewall User ’ s Guide V ersion 3.60 12/2004.
Prestige 334 User’s Guide Copyright 2 Copyright Copyright © 2004 by ZyXEL Communications Corpo ration. The contents of this publication may not be reprod uced in any part or as a whole, transcribed.
Prestige 334 User’s Guide 3 Federal Communications Commission (FCC) Interference Statement Federal Communications Commission (FCC) Interference S t atement This device complies with Part 15 of FCC rul es. Operation is subject to the following two conditions: • This device may not cause harmful interference.
Prestige 334 User’s Guide ZyXEL Limited Warranty 4 ZyXEL Limited W arranty ZyXEL warrants to the original en d user (purchaser) that this product is free from any defects in materials or workmansh ip for a period of up to tw o years from the date of purchase .
Prestige 334 User’s Guide 5 ZyXEL Limited Warranty.
Prestige 334 User’s Guide Customer Support 6 Customer Support Please have the following information r eady when you contact customer support. • Product model and serial number . • W arranty Information. • Date that you received your de vice. • Brief description of the problem and the steps yo u took to solve i t.
Prestige 334 User’s Guide 7 Customer Suppo rt a. “+” is the (prefix) number yo u enter to make an international telephone call..
.
Prestige 334 User’s Guide Table of Contents 8 T able of Content s Copyright .................. ............................................................................................... . 2 Federal Communications Commissi on (FCC) Interference St atement .
Prestige 334 User’s Guide 9 Table of Contents 1.2.2.17 Port Forwarding .................... ................ ................ ............. ............ 35 1.2.2.18 DHCP (Dynamic Host Configuration Protocol) ......................... .....35 1.2.2.19 Full Network Management .
Prestige 334 User’s Guide Table of Contents 10 4.5 Configuring Password ............... ............. ............. ................ ............. ............. .....60 4.6 Configuring T ime Setting ........................ ................ ........
Prestige 334 User’s Guide 11 Table of Contents 7.3.1 Default Server IP Address .. ............. ................ ............. ................ ............ 91 7.3.2 Port Forwarding: Serv ices and Port Numbers .............. ............. ..........
Prestige 334 User’s Guide Table of Contents 12 Chapter 1 1 Firewall ........................................... ..................................................... .................. 126 1 1.1 Introduction ................. ................ ......
Prestige 334 User’s Guide 13 Table of Contents 14.1.3.1 Encryption .. ... .......... ............. ............. ................ ............. ............. 150 14.1.3.2 Data Confidentiality .............. ............. ............. ..............
Prestige 334 User’s Guide Table of Contents 14 15.17.2 T elecommuters U sing Unique VPN Rules Example .... .................... ...181 15.18 VPN and Remote Management ................... ................ ................ ................ 182 Chapter 16 Centralized Logs .
Prestige 334 User’s Guide 15 Table of Contents Chapter 21 Menu 3 LAN Setup .............. ..................................................... ............................ 212 21.1 LAN Setup .. ................ ............. ................ ......
Prestige 334 User’s Guide Table of Contents 16 25.5 General NA T Ex amples ..................... ...... ............. ............. ................ ............. 244 25.5.1 Example 1: In ternet Access Only ...... ................ ............. ....
Prestige 334 User’s Guide 17 Table of Contents 29.3.1.1 CDR .................. ............. ................ ............. ................ ............. ...279 29.3.1.2 Packet triggered ......... .......... ....... ............ ................. .
Prestige 334 User’s Guide Table of Contents 18 Chapter 32 Remote Management .................................................... ....................................... 306 32.1 Remote Management ....... ................. ................ ..........
Prestige 334 User’s Guide 19 Table of Contents Appendix H TMSS .............................................................................. ....................................... 356 Appendix I Triangle Route .....................................
Prestige 334 User’s Guide List of Figure s 20 List of Figures Figure 1 Secure Internet Acce ss via Cable, DSL or Wireless Modem ......... ................ ....... 36 Figure 2 VPN Application ... ................ ............. ................ ......
Prestige 334 User’s Guide 21 List of Figures Figure 37 S tatic Route: Edit .................. ............. ................. ............ ................. ................ ... 10 4 Figure 38 Configuring UPnP ........ ................ .............
Prestige 334 User’s Guide List of Figure s 22 Figure 80 Network T emporarily Disconnected .......................... ................ ................ .......... 195 Figure 81 Maintenance Configur ation ............. ................ ............. .
Prestige 334 User’s Guide 23 List of Figures Figure 123 Menu 15.2.1 Specifyi ng an Inside Server ............... ................ ............. ............. 246 Figure 124 NA T Example 3 ... ................ ............. ................. ........
Prestige 334 User’s Guide List of Figure s 24 Figure 166 V alid Commands . ................ ............. ................. ............ ................. ................ ... 299 Figure 167 Menu 24.9 System Maintenance : Ca ll C ontrol .......... .
Prestige 334 User’s Guide 25 List of Figures.
Prestige 334 User’s Guide List of Tables 26 List of T ables T able 1 Screens Summary .......... ............. ................ ................ ............. ................ ............. 41 T able 2 Wizard 2: Ethernet Encapsulation .. ............
Prestige 334 User’s Guide 27 List of Tables T able 37 Content Filter ......... ............. ................ ............. ................ ............. ................ ...... .1 3 5 T able 38 Remote Management: WW W .......... ....... ......... .
Prestige 334 User’s Guide List of Tables 28 T able 80 Applying NA T in Menus 4 & 1 1.3 ........ ................. ................ ................ ................ 238 T able 81 SUA Address Mapping Rules .......... ................ ............
Prestige 334 User’s Guide 29 List of Tables.
Prestige 334 User’s Guide Preface 30 Preface Congratulations on your p u rchase of the Presti ge 334 Broadband Router with Firewall. This manual is designed to guide you through the configuration of your Prestige for its various applications. This manual may refer to the Prest ige 334 or Broadband Router with Firewall as the Prestige.
Prestige 334 User’s Guide 31 Preface User Guide Feedback Help us help you! E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The T echnical W riting T eam, ZyXEL Communications Corp.
Prestige 334 User’s Guide Chapter 1 Getting to K now Your Pr estige 32 C HAPTER 1 Getting to Know Y our Prestige This chapter introduces the main featur es and applications of the Prestige. 1.1 Prestige Internet Security Gateway Overview The Prestige is the ideal secure ga teway for all data passing between the Internet and LAN’ s.
Prestige 334 User’s Guide 33 Chapter 1 Getting to Know Your Prestige 1.2.1.5 Reset Button The Prestige reset button is built into the rear panel. Use this button to restore the factory default password to 1234 ; IP address to 192.168.1 .1, subnet mask to 255.
Prestige 334 User’s Guide Chapter 1 Getting to K now Your Pr estige 34 1.2.2.7 Universal Plug and Play (UPnP) Using the standard TCP/IP protocol, the Pr estige and other UPnP enabled devic es can dynamically join a network, obtain an IP addr ess and convey its capab ilities to other devices on the network.
Prestige 334 User’s Guide 35 Chapter 1 Getting to Know Your Prestige 1.2.2.14 SNMP SNMP (Simple Network Management Protoc ol) is a protocol u sed for exch anging management information b etween network devices. SNMP is a member of the TCP/IP protocol suite.
Prestige 334 User’s Guide Chapter 1 Getting to K now Your Pr estige 36 • Unix syslog facility support. • Firewall logs. • Content filtering logs. 1.2.2.22 Upgrade Prest ige Firmware via LAN The firmware of the Prestige can be upgraded via the LAN ( r efer to Maintenance- F/W Upload Scr een) .
Prestige 334 User’s Guide 37 Chapter 1 Getting to Know Your Prestige Figure 2 VPN Application.
Prestige 334 User’s Guide Chapter 2 Introducing the Web Configur ator 38 C HAPTER 2 Introducing the W eb Configurator This chapter describes how to access the Prestige web config urator and provides an overview of its screens.
Prestige 334 User’s Guide 39 Chapter 2 Introducing the Web Configurator Figure 3 Change Password Screen Y ou should now see the MAIN MENU screen ) 2.
Prestige 334 User’s Guide Chapter 2 Introducing the Web Configur ator 40 • Click to view the web configurator in the language of your choic e. • Click LOGOUT at any time to exit the web configurator . • Click MAINTENANCE to view information about your Prestige or upgrade configuration/firmware files.
Prestige 334 User’s Guide 41 Chapter 2 Introducing the Web Configurator The following table describes the sub-menus. Table 1 Screens Summary LINK TA B FUNCTION WIZARD SETUP Use these screens for initial co nfiguration including general setup, ISP parameters for In ternet Access and WAN IP/DNS Server/MAC address assignme nt.
Prestige 334 User’s Guide Chapter 2 Introducing the Web Configur ator 42 REMOTE MGMT TELNET Use this screen to configure through which inte rface(s) and from which IP address(es) users can use T elnet to manage the Prestige.
Prestige 334 User’s Guide 43 Chapter 2 Introducing the Web Configurator.
Prestige 334 User’s Guide Chapter 3 Wizard Setup 44 C HAPTER 3 W izard Setup This chapter provides informa tion on the W izard Setup screens in the web configurator . 3.1 Wizard Setup Overview The web configurator ’ s setup w izard helps you configure your devic e to access the Internet.
Prestige 334 User’s Guide 45 Chapter 3 Wizard Setup Figure 5 Wizard 1: General Setup 3.3 Wizard Setup: Screen 2 The Prestige offers three choices of encapsulation. They are Ethernet , PPP over Ethernet or PP TP . 3.3.1 Ethernet Choose Ethernet when the W AN po rt is used as a r egular Ethernet.
Prestige 334 User’s Guide Chapter 3 Wizard Setup 46 Figure 6 Wizard 2: Ethernet Encap sulation The following table describes the labels in this screen.
Prestige 334 User’s Guide 47 Chapter 3 Wizard Setup 3.3.2 PPPoE Encap sulation Point-to-Point Protocol ov er Ethernet (PPPoE) function s as a dial-up connection. PPPoE is an IETF (Internet Engineering T ask Force) draft standard specifying how a host personal computer interacts with a broadband modem (for example DSL, cable, wireless, etc.
Prestige 334 User’s Guide Chapter 3 Wizard Setup 48 Figure 7 Wizard 2: PPPoE Encapsulation The following table describes the labels in this screen. 3.
Prestige 334 User’s Guide 49 Chapter 3 Wizard Setup Refer to the appendix for more information on PP TP . Figure 8 Wizard 2: PPTP Encapsulation The following table describes the fields in this screen Note: The PRESTIGE supports one PP TP server connection at any given time.
Prestige 334 User’s Guide Chapter 3 Wizard Setup 50 3.4 Wizard Setup: Screen 3 The fifth wizard screen allows you to configure W AN IP address assignment, DNS server address assignment and the W AN MAC address. 3.4.1 W AN IP Address Assignment Every computer on the Internet must have a unique IP address.
Prestige 334 User’s Guide 51 Chapter 3 Wizard Setup Where you obtain your netwo rk number depends on your particular situation. If the ISP or your network administrator assigns yo u a bloc k of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
Prestige 334 User’s Guide Chapter 3 Wizard Setup 52 Y ou can configure the W AN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Onc e it is successfully configured, the address will be copied to the "r om" file (ZyNOS configuration f ile).
Prestige 334 User’s Guide 53 Chapter 3 Wizard Setup 3.5 Basic Setup Complete Click Back to return to the previous screen or click Finish to complete and save the wizard setup. Gateway IP Address T ype the IP address of the gateway . The ga teway is an imme diate neighbour of your Prestige that will forward the packet to the destination.
Prestige 334 User’s Guide Chapter 3 Wizard Setup 54 Figure 10 Wizard Fi nish W ell done! Y ou have successfully set up your Pr estige to operate on your network and access the Internet.
Prestige 334 User’s Guide 55 Chapter 3 Wizard Setup.
Prestige 334 User’s Guide Chapter 4 Syst em Screens 56 C HAPTER 4 System Screens This chapter provides informa tion on the System screens. 4.1 System Overview See the Wi z a r d S e t u p chapter for more informatio n on the next few screens. 4.2 Configuring General Setup Click SYSTEM to open the General screen.
Prestige 334 User’s Guide 57 Chapter 4 Syste m Screens Figure 1 1 System General Setup The following table describes the labels in this screen. Table 8 System Gene ral Setup LABEL DESCRIPTION System Name Choose a descriptive name for identification purposes.
Prestige 334 User’s Guide Chapter 4 Syst em Screens 58 4.3 Dynamic DNS Dynamic DNS allows you to update your curre nt dynamic IP address with one or many dynamic DNS services so that anyone can c ont act you (in NetMeeting, CU-SeeMe, etc.
Prestige 334 User’s Guide 59 Chapter 4 Syste m Screens Figure 12 DDNS The following table describes the labels in this screen. Table 9 DDNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider Select the name of your Dy namic DNS service provider .
Prestige 334 User’s Guide Chapter 4 Syst em Screens 60 4.5 Configuring Password T o change your Prestige’ s password (recommended), click SYSTEM , then the Password tab. The screen appears as shown. This screen a llows you to change the Prestige’ s password.
Prestige 334 User’s Guide 61 Chapter 4 Syste m Screens Figure 14 Ti m e S etting The following table describes the labels in this screen. Table 11 Time Setting LABEL DESCRIPTION Use T ime Server when Bootup Select the time service protocol that your time server sends when you turn on the Prestige.
Prestige 334 User’s Guide Chapter 4 Syst em Screens 62 New Date This field disp lays the last updated date from the time server . When you select None in the Time Pro tocol field, enter the new date in this field and then click Apply . Ti m e Z o ne Choose th e T ime Zon e of your location.
Prestige 334 User’s Guide 63 Chapter 4 Syste m Screens.
Prestige 334 User’s Guide Chapter 5 LAN Screens 64 C HAPTER 5 LAN Screens This chapter describes how to configure LAN settings. 5.1 LAN Overview Local Area Network (LAN) is a shared communic ation system to which many computers are attached.
Prestige 334 User’s Guide 65 Chapter 5 LA N Screens • IP address of 1 92.168.1.1 with subn et mask of 255.255.25 5.0 (24 bits) • DHCP server enabled with 32 client IP addresses starting from 192.168.1.33. These parameters should work fo r the majority of installations .
Prestige 334 User’s Guide Chapter 5 LAN Screens 66 224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address 224.0.0.1 is used for query messages and is assi gned to the permanent group of all IP hosts (including gateways).
Prestige 334 User’s Guide 67 Chapter 5 LA N Screens Figure 15 LAN IP The following table describes the labels in this screen. Table 12 LAN IP LABEL DESCRIPTION DHCP Server DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allow s individual clients (computers) to obtain TC P/IP configuration at startup from a server .
Prestige 334 User’s Guide Chapter 5 LAN Screens 68 First DNS Server Second DNS Server Third DNS Server Select From ISP if your ISP dynamically assign s DNS server information (and the Prestige's W A N IP address). The field to the right displays the (read-only) DNS server IP address that the ISP assigns.
Prestige 334 User’s Guide 69 Chapter 5 LA N Screens 5.5 Configuring S tatic DHCP This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Med ia Access Control) addre ss.
Prestige 334 User’s Guide Chapter 5 LAN Screens 70 Figure 16 S tatic DHCP The following table describes the labels in this screen. 5.6 Configuring IP Alias IP Alias allows you to partition a physical netw ork into dif ferent logical networks over the same Ethernet interface.
Prestige 334 User’s Guide 71 Chapter 5 LA N Screens Figure 17 IP Alias The following table describes the labels in this screen. Table 14 IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network fo r the Prestige.
Prestige 334 User’s Guide Chapter 6 WAN Screens 72 C HAPTER 6 W AN Screens This chapter describes how to configure W AN settings. 6.1 W AN Overview See the Wi z a r d S e t u p chapter for more information on the fields in the W AN screens. 6.2 TCP/IP Priority (Metric) The metric represents the "cost of transmissi on".
Prestige 334 User’s Guide 73 Chapter 6 WAN Screen s Figure 18 WA N : Ro ut e The following table describes the labels in this screen. 6.4 Configuring W AN ISP T o change your Prestige’ s W AN ISP settings, click WA N , then the WA N I S P tab. The screen differs by the encapsulation.
Prestige 334 User’s Guide Chapter 6 WAN Screens 74 Figure 19 Ethernet Encapsulation The following table describes the labels in this screen. 6.4.2 PPPoE Encap sulation The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet).
Prestige 334 User’s Guide 75 Chapter 6 WAN Screen s For the service provider , PPPoE of fers an acces s and authentication method that works with existing access control systems (for exampl e Radius).
Prestige 334 User’s Guide Chapter 6 WAN Screens 76 Figure 20 PPPoE Encapsulation The following table describes the labels in this screen. Table 17 PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters fo r Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE.
Prestige 334 User’s Guide 77 Chapter 6 WAN Screen s 6.4.3 PPTP Encap sulation Point-to-Point T unneling Protocol (PP TP) is a ne twork protocol that enables secure transfer of data from a remote client to a private server , creating a V irtual Private Network (VPN) using TCP/IP-based networks.
Prestige 334 User’s Guide Chapter 6 WAN Screens 78 6.5 Configuring W AN IP T o change your Prestige’ s W AN IP settings, click WA N , then the WA N I P tab.
Prestige 334 User’s Guide 79 Chapter 6 WAN Screen s Figure 22 WA N : IP The following table describes the labels in this screen. Table 19 WAN: I P LABEL DESCRIPTION W AN IP Address Assignmen t Get automatically from ISP Select this option If your ISP did not assi gn you a fixed IP address.
Prestige 334 User’s Guide Chapter 6 WAN Screens 80 Network Address T ransla tion Network Address T ransl ation (NA T) allows the translation of an Internet protocol address used wi thin one n etw or.
Prestige 334 User’s Guide 81 Chapter 6 WAN Screen s 6.6 Configuring W AN MAC T o change your Prestige’ s W AN MAC settings, click WA N , then the W AN MAC tab.
Prestige 334 User’s Guide Chapter 6 WAN Screens 82 Otherwise, click Spoof this computer's MAC addr ess - IP Address and enter the IP address of the computer on the LAN w hose MAC you ar e cloning. Once it is successfully configured, the address will be copied to the rom file (ZyNOS configuration file).
Prestige 334 User’s Guide 83 Chapter 6 WAN Screen s Figure 25 T raffic Redirect LAN Setup 6.8 Configuring T raffic Redirect T o change your Prestige’ s T r affic Redirect settings, click WA N , then the T r affic Redirect tab. The screen appears as shown.
Prestige 334 User’s Guide Chapter 6 WAN Screens 84 Metric This field sets this route's priority among th e routes the Prestige uses. The metric represents the "cost of transm ission". A router determines the best route for transmission by choosin g a path with the lowest "cost".
Prestige 334 User’s Guide 85 Chapter 6 WAN Screen s.
Prestige 334 User’s Guide Chapter 7 Network Address Translatio n (NAT) Screens 86 C HAPTER 7 Network Address T ranslation (NA T) Screens This chapter discusses how to configure NA T on the Prestige. 7.1 NA T Overview NA T (Network Address Translation - NA T , RFC 1631) is the translation of the IP address of a host in a packet.
Prestige 334 User’s Guide 87 Chapter 7 Network Addre ss Translation (NAT) Screen s 7.1.2 What NA T Does In the simplest form, NA T changes the sour ce IP address in a packet received from a subscriber (the inside local address) to anothe r (the inside global address) before forwarding the packet to the W AN side.
Prestige 334 User’s Guide Chapter 7 Network Address Translatio n (NAT) Screens 88 Figure 27 How NA T W orks 7.1.4 NA T Application The following figure illustrates a possible NA T application, wher e three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct W AN networks.
Prestige 334 User’s Guide 89 Chapter 7 Network Addre ss Translation (NAT) Screen s Figure 28 NA T Application With IP Alias 7.1.5 NA T Mapping T ypes NA T supports five types of IP/port mapping. They are: • One to One : In One-to-One mode, the Prestige maps one local IP address to one global IP address.
Prestige 334 User’s Guide Chapter 7 Network Address Translatio n (NAT) Screens 90 The following table summarizes these types. 7.2 Using NA T 7.2.1 SUA (Single User Account) V ersus NA T SUA (Single User Account) is a ZyNOS implemen tation of a subset of NA T that supports two types of mapping, Many-to-One and Server .
Prestige 334 User’s Guide 91 Chapter 7 Network Addre ss Translation (NAT) Screen s Y ou may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server . The port number identifies a service; for example, web service is on port 80 and FTP on port 21.
Prestige 334 User’s Guide Chapter 7 Network Address Translatio n (NAT) Screens 92 The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Please also re fer to the Supporting CD for more examples and details on SUA/NA T.
Prestige 334 User’s Guide 93 Chapter 7 Network Addre ss Translation (NAT) Screen s Figure 29 Multiple Servers Be hind NA T Example 7.4 Configuring SUA Server Click SUA/NA T to open the SUA Server screen. Refer to T able 23 for port numbers commonly u sed for particular services.
Prestige 334 User’s Guide Chapter 7 Network Address Translatio n (NAT) Screens 94 Figure 30 SUA/NA T Setup The following table describes the labels in this screen. Table 24 SUA/NAT Setup LABEL DESCRIPTION Default Server In addition to the servers for specifi ed services, NA T supports a default server .
Prestige 334 User’s Guide 95 Chapter 7 Network Addre ss Translation (NAT) Screen s 7.5 Configuring Address Mapping Ordering your rules is important because the Pr estige applies the rules in the order that you specify . When a rule matches the c urrent pack et, the Prestige take s the corresponding action and the remaining rules are ignored.
Prestige 334 User’s Guide Chapter 7 Network Address Translatio n (NAT) Screens 96 7.5.1 Configuring Address Mapping T o edit an address mapping rule, select the radio button of a rule and click the Edit button to display the screen shown next. Ty p e 1.
Prestige 334 User’s Guide 97 Chapter 7 Network Addre ss Translation (NAT) Screen s Figure 32 Address Mapping Edit The following table describes the labels in this screen. Table 26 Address Mapp ing Edit LABEL DESCRIPTION Ty p e Choose the port mapping type from one of the following.
Prestige 334 User’s Guide Chapter 7 Network Address Translatio n (NAT) Screens 98 7.6 T rigger Port Forwarding Some services use a dedicated range of ports on the client side and a dedica ted range of ports on the server side.
Prestige 334 User’s Guide 99 Chapter 7 Network Addre ss Translation (NAT) Screen s 7.6.2 T w o Point s T o Remember About T rigger Port s 1 T rigger events only happen on data that is going coming from inside the Prestige and going to the outside.
Prestige 334 User’s Guide Chapter 7 Network Address Translatio n (NAT) Screens 100 Incoming Incoming is a port (or a range of ports) that a server on the W AN uses when it sends out a particular service. The Prestige forwar ds the traffic with this port (or range of ports) to the client computer on t he LAN that requested the service.
Prestige 334 User’s Guide 101 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens.
Prestige 334 User’s Guide Chapter 8 Static Route Screens 102 C HAPTER 8 S t atic Route Screens This chapter shows you how to config ure static routes for your Prestige. 8.1 St atic Route Overview Each remote node specifies only the network to which the gateway is di rectly connected, and the Prestige has no knowledge of the networks beyon d.
Prestige 334 User’s Guide 103 Chapter 8 Static Route Screens Figure 36 S tatic Route The following table describes the labels in this screen. 8.2.1 Configuring Route Entr y Select a static route index numb er and click Edit . The screen shown next appears.
Prestige 334 User’s Guide Chapter 8 Static Route Screens 104 Figure 37 S tatic Route: Edit The following table describes the labels in this screen. Table 29 Static Route: Edit LABEL DESCRIPTION Route Name Enter the n ame of the IP static route. Leave this field blank to delete this static route.
Prestige 334 User’s Guide 105 Chapter 8 Static Route Screens.
Prestige 334 User’s Guide Chapter 9 UPnP 106 C HAPTER 9 UP N P This chapter introduces the Universal Plug and Play feature. 9.1 Universal Plug and Play Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectiv ity between devices.
Prestige 334 User’s Guide 107 Chapter 9 UPnP All UPnP-enabled devices may communicate freely with eac h other without additional configuration. Disable UPnP if this is not your intention. 9.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from th e Universal Plug and Play Forum Creates UPnP™ Implementers Corp.
Prestige 334 User’s Guide Chapter 9 UPnP 108 Figure 38 Configuring U PnP The following table describes the labels in this screen. 9.4 Inst alling UPnP in Windows Example This section shows ho w to install UPnP in W indows Me and W indows XP .
Prestige 334 User’s Guide 109 Chapter 9 UPnP 9.4.1 Inst alling UPnP in Windows Me Follow the steps below to in stall UPnP in W indows Me. 1 Click St a r t and Control Panel . Double- click Add/Remove Programs . 2 Click on the Win d o ws S et u p ta b and select Communication in the Components selection box.
Prestige 334 User’s Guide Chapter 9 UPnP 110 9.4.2 Inst alling UPnP in Windows XP Follow the steps below to install UPnP in W indows XP . 1 Click St a r t and Contr ol Panel . 2 Double-click Network Connections . 3 In the Network Connections window , click Advanced in the main menu and select Optional Networking Components … .
Prestige 334 User’s Guide 111 Chapter 9 UPnP 9.5 Using UPnP in Windows XP Example This section shows yo u how to use the UPnP feature in Wi ndows XP . Y ou must al ready have UPnP installed in W indows XP and UPnP activated on the ZyXEL devi ce. Make sure the computer is co nnected to a LAN port of the ZyXEL device.
Prestige 334 User’s Guide Chapter 9 UPnP 112 9.5.1 Auto-discover Y our UPnP-en abled Network Device 1 Click St a r t and Control Panel . Double-click Network Connections . An icon displays under Internet Gateway . 2 Right-click the icon and select Prop erties .
Prestige 334 User’s Guide 113 Chapter 9 UPnP 9.5.2 Web Configurator Easy Access W ith UPnP , you can access the web-bas ed configur ator on the ZyXEL device without finding out the IP address of the ZyXEL device first. This is helpful if you do not know the IP address of the ZyXEL device.
Prestige 334 User’s Guide Chapter 9 UPnP 114 9.5.3 Web Configurator Easy Access W ith UPnP , you can access the web-bas ed configur ator on the ZyXEL device without finding out the IP address of the ZyXEL device first. This is helpful if you do not know the IP address of the ZyXEL device.
Prestige 334 User’s Guide 115 Chapter 9 UPnP Follow the steps below to access the web configurator . 1 Click Start and then Control Panel. 2 Double-click Network Connections . 3 Select My Network Places under Other Places . 4 An icon with the d escription for each UPnP-enabled device displays under Local Network .
Prestige 334 User’s Guide Chapter 10 Tre nd Micro Se curity Services 116 C HAPTER 10 T rend Micro Security Services This chapter contains informa tion about configuring T rend Micr o Security Services settings, virus protection, parental controls an d customization.
Prestige 334 User’s Guide 117 Chapter 10 Trend Micro Security Services Figure 39 Service Settings The following table describes the labels in this screen. Table 31 Service Settings LABEL DESCRIPTION Enable Trend Micro Security Services Select the checkbox to enable T rend Micro Security Services o n your Prestige.
Prestige 334 User’s Guide Chapter 10 Tre nd Micro Se curity Services 118 10.3 V irus Protection This screen allows you to check the computers in the network for Trend Micro Internet Security . Y ou can also select antivirus compon ent update time intervals and monitor the virus protection status on each client computer in your network.
Prestige 334 User’s Guide 119 Chapter 10 Trend Micro Security Services Figure 40 Virus Protection The following table describes the labels in this screen.
Prestige 334 User’s Guide Chapter 10 Tre nd Micro Se curity Services 120 10.5 Parent al Controls Parental Controls lets a parent (LAN admini strator) control a LAN user's Internet access privileges by blocking spec ified categories.
Prestige 334 User’s Guide 121 Chapter 10 Trend Micro Security Services Figure 41 Parental Controls Licens e S tatus If you have registered with TMSS and your license is valid, you can configure the Parental Controls configuration screen.
Prestige 334 User’s Guide Chapter 10 Tre nd Micro Se curity Services 122 Figure 42 Parental Controls The following table describes the labels in this screen. Table 33 Parental Controls LABEL DESCRIPTION Enable Parental Controls Select the check box to enable this feature on your Prestige.
Prestige 334 User’s Guide 123 Chapter 10 Trend Micro Security Services T ime of Day to Block (24- Hour Format) Select the time of day you want web page blocking to take effect. Configure blocking to take effect all day by selecting the All Day check box.
Prestige 334 User’s Guide Chapter 10 Tre nd Micro Se curity Services 124 10.6.1 Parent al Controls St atistics The Prestige can display a record of attempted entries to W eb pages or actual entries to W eb pages from a list of content filtering categories.
Prestige 334 User’s Guide 125 Chapter 10 Trend Micro Security Services Figure 43 Parental Controls S tatistics The following table describes the labels in this screen.
Prestige 334 User’s Guide Chapter 11 Firewall 126 C HAPTER 11 Firewall This chapter gives some bac kground information on firewalls and explains how to get started with the Prestige firewall.
Prestige 334 User’s Guide 127 Chapter 11 Fir ewall The Prestige has one Ethernet W AN port and fo ur Ethernet LAN ports, which are used to physically separate the network into two areas .The W AN (W ide Area Network) port attaches to the broadband (cab le or DSL) modem to the Internet.
Prestige 334 User’s Guide Chapter 11 Firewall 128 Figure 44 Firewall: Settings The following table describes the labels in this screen. Table 35 Firewall: Settings LABEL DESCRIPTION Enable Firewall Select this che ck box to activate th e firewall.
Prestige 334 User’s Guide 129 Chapter 11 Fir ewall 1 1.3 The Firewall, NA T and Remote Management Figure 45 Firewall Rule Directions 1 1.3.1 LAN-to-W AN rules LAN-to-W AN rules are local netw ork to Internet firewall rules. The default is to forward all traffic from your local network to the Internet.
Prestige 334 User’s Guide Chapter 11 Firewall 130 • Configuring WA N or LAN & W AN access for services in the Remote Management screens or SMT menus. When you a llow re mote management from the W AN, you are actually configuring W AN-to-W AN/Prestig e firewall rules.
Prestige 334 User’s Guide 131 Chapter 11 Fir ewall Figure 46 Firewall: Service The following table describes the labels in this screen. Table 36 Firewall: Service LABEL DESCRIPTION Enable Services Blocking Select this ch eck box to enabl e this feature.
Prestige 334 User’s Guide Chapter 11 Firewall 132 Clear All Click Clear All to empty the Blocked Service . Day to Block: Select a check box to configure which da ys of the we ek (or everyday) you w ant the content filtering to be active. T ime of Day to Block (24-Hour Format) Select the time of day you want service blocking to take effect.
Prestige 334 User’s Guide 133 Chapter 11 Fir ewall.
Prestige 334 User’s Guide Chapter 12 Content Filtering 134 C HAPTER 12 Content Filtering This chapter provides a brief overview of co ntent filtering using the embedded W ebGUI. 12.1 Introduction to Content Filtering Internet content filtering allows you to create and enforce Internet access policies tailored to their needs.
Prestige 334 User’s Guide 135 Chapter 12 Content Filtering Figure 47 Content Filter The following table describes the labels in this screen. Table 37 Content Filter LABEL DESCRIPTION Restrict Web Features Select the box(es) to restri ct a feature.
Prestige 334 User’s Guide Chapter 12 Content Filtering 136 Keyword T ype a keyword in this field. Y ou may use any character (up to 64 characters). Wildcards are not allowed. Y ou can also enter a numerical IP address. Keyword List This list displays the keywords a lready added.
Prestige 334 User’s Guide 137 Chapter 12 Content Filtering.
Prestige 334 User’s Guide Chapter 13 Remo te Management Scr eens 138 C HAPTER 13 Remote Management Screens This chapter provides information on the Remote Management screens. 13.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which Prestige interface (if any) from which computers.
Prestige 334 User’s Guide 139 Chapter 13 Remo te Managemen t Screens 2 Y ou have disabled that service in one of the remote management screens. 3 The IP address in the Secured Client IP field does not match th e client IP address. If it does not match, the Prestige will disconnect the session immediately .
Prestige 334 User’s Guide Chapter 13 Remo te Management Scr eens 140 Figure 48 Remote Management: WWW The following table describes the labels in this screen. 13.3 Configuring T elnet Y ou can configure your Prestige for remote T e lnet access as shown next.
Prestige 334 User’s Guide 141 Chapter 13 Remo te Managemen t Screens Figure 49 T elnet Configuration on a TCP/IP Network 13.4 Configuring TELNET Click REMOTE MGMT and the TELNET tab to display the screen as shown. Figure 50 Remote Management: T elnet The following table describes the labels in this screen.
Prestige 334 User’s Guide Chapter 13 Remo te Management Scr eens 142 13.5 Configuring FTP Y ou can upload and download the Prestige’ s firmware and co nfiguration files using FTP , please see the chapter on firmware and configuration file maintena nce for details.
Prestige 334 User’s Guide 143 Chapter 13 Remo te Managemen t Screens 13.6 SNMP Simple Network Management Protocol (SNM P) i s a protocol u sed for exchanging management information b etween network devices. SNMP is a member of the TCP/IP protocol suite.
Prestige 334 User’s Guide Chapter 13 Remo te Management Scr eens 144 SNMP itself is a simple request/response prot ocol based on the manager/agent model. The manager issues a request and the agent retu rns responses using the following protocol operations: • Get - Allows the manager to retrieve an object variable from the ag ent.
Prestige 334 User’s Guide 145 Chapter 13 Remo te Managemen t Screens Figure 53 Remote Management: SNMP The following table describes the labels in this screen.
Prestige 334 User’s Guide Chapter 13 Remo te Management Scr eens 146 13.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to the chapter on W izard Setup for background information.
Prestige 334 User’s Guide 147 Chapter 13 Remo te Managemen t Screens 13.8 Configuring Security T o change your Prestige’ s security settings, click REMOTE MGMT , then the Security tab. The screen appears as shown. If an outside user attempts to probe an unsupp orted port on your Prestige, an ICMP respon se packet is automatically returned.
Prestige 334 User’s Guide Chapter 13 Remo te Management Scr eens 148 Do not respond to requests for unauthorized services Select this option to prevent hackers from finding the Prestige by probing for unused ports.
Prestige 334 User’s Guide 149 Chapter 13 Remo te Managemen t Screens.
Prestige 334 User’s Guide Chapter 14 Introduction to IPSec 150 C HAPTER 14 Introduction to IPSec This chapter introduces the basics of IPSec VPNs 14.1 VPN Overview A VPN (V irtual Private Network) provides sec ure communications between sites without the expense of leased site-to-site lines.
Prestige 334 User’s Guide 151 Chapter 1 4 Introduc tion to IPSec Figure 56 Encryption and Decryption 14.1.3.2 Dat a Confidentiality The IPSec sender can encrypt packets befo re transmitting them across a network.
Prestige 334 User’s Guide Chapter 14 Introduction to IPSec 152 Figure 57 IPSec Architecture 14.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402 ) describe the packe t formats and the default standards for packet structure (including implemen tation algori thms).
Prestige 334 User’s Guide 153 Chapter 1 4 Introduc tion to IPSec Figure 58 T ransport and T unnel Mode IPSec Encapsulation 14.3.1 T ransport Mode Tr a n s p o r t mode is used to protect upper layer prot ocols and only af fects the da ta in the IP packet.
Prestige 334 User’s Guide Chapter 14 Introduction to IPSec 154 NA T is incompatible with the AH protocol in both Tr a n s p o r t and T unnel mode. An IPSec VPN using the AH protocol digitally sig n s the outbound packet, both data p a yload and headers, with a hash value appe nded to the pack et.
Prestige 334 User’s Guide 155 Chapter 1 4 Introduc tion to IPSec.
Prestige 334 User’s Guide Chapter 15 VPN Screens 156 C HAPTER 15 VPN Screens This chapter introduces the VPN W eb Configurator . See the Logs chapter for information on viewing logs and the Appendices for IPSec log descriptions.
Prestige 334 User’s Guide 157 Chapter 15 VPN Screen s An added featu re of the ESP is payload padding, which further protects communications b y concealing the size of the packet being transmitted. 15.3 My IP Address My IP Address is the W AN IP address of the Prestige.
Prestige 334 User’s Guide Chapter 15 VPN Screens 158 15.4.1 Dynamic Secure Gateway Address If the remote secure gateway has a dynamic W AN IP address and does not use DDNS, enter 0.0.0.0 as the secure gateway’ s address. In th is ca se only the remote secure gateway can initiate SAs.
Prestige 334 User’s Guide 159 Chapter 15 VPN Screen s Figure 60 VPN: Summary The following table describes the labels in this screen. Table 47 VPN: Summary LABEL DESCRIPTION # The VPN po licy index number . Active This field displays whether the VPN policy is active or not.
Prestige 334 User’s Guide Chapter 15 VPN Screens 160 15.6 Keep Alive When you initiate an IPSec tunnel with keep alive enabled, the Prestige automatically renegotiates the tunnel when the IPSec SA lif etime period expires ( the IPSec Algorithms section for more on the IPSec SA lifetime).
Prestige 334 User’s Guide 161 Chapter 15 VPN Screen s • Enable NA T traversal on both IPSec endpoints. In order for IPSec router A (see the figure) to receive an initiating IPSec packet from IPSec router B, set the NA T router to forward UDP port 500 to IPSec router A.
Prestige 334 User’s Guide Chapter 15 VPN Screens 162 15.8 ID T ype and Content W ith aggressive negotiation mode (see Section Negotiation Mode), th e Prestige identifies incoming SAs by ID type and content since this identifying information is not encrypted.
Prestige 334 User’s Guide 163 Chapter 15 VPN Screen s 15.8.1 ID T ype and Content Examples T wo IPSec routers must have matching ID type and content configuration in order to set up a VPN tunnel.
Prestige 334 User’s Guide Chapter 15 VPN Screens 164 15.10 Editing VPN Rules Click Edit on th e Summary screen or click the Rule Setup tab to edit VPN rules.
Prestige 334 User’s Guide 165 Chapter 15 VPN Screen s IPSec Keying Mode Select IKE or Manual from the drop-down list box. IKE provides more p rotection so it is generally recommended.
Prestige 334 User’s Guide Chapter 15 VPN Screens 166 Secure Gateway Address T ype the WAN IP address or the URL (up to 31 characters) of the IPSec router with which you're making the VPN connection. Set this fiel d to 0.0.0.0 if the remote IPSec router has a dynamic W AN IP address (the IPSec Keyi ng Mode field must be set to IKE ).
Prestige 334 User’s Guide 167 Chapter 15 VPN Screen s 15.1 1 IKE Phases There are two phases to every IKE (Internet Key Exchange) ne gotiation – phase 1 (Authentication) and ph ase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and the second one uses that SA to negotiate SAs for IPSe c.
Prestige 334 User’s Guide Chapter 15 VPN Screens 168 • Choose an encryption algorithm. • Choose an authentication algorithm • Choose whether to enable Perfect Forward Secrecy (PFS) using Dif fie-Hellman public- key cryptog raphy – see Section Pe rfect Forwar d Secr e cy (PFS) .
Prestige 334 User’s Guide 169 Chapter 15 VPN Screen s This may be unnecessary for data that does not require such security , so PFS is disabled ( None ) by default in the Prestige.
Prestige 334 User’s Guide Chapter 15 VPN Screens 170 Figure 66 VPN IKE: Advance d.
Prestige 334 User’s Guide 171 Chapter 15 VPN Screen s The following table describes the labels in this screen. Table 52 VPN IKE: Advanced LABEL DESCRIPTION Active Select this check box to activate this VPN policy . Keep Alive Select this check box to turn on the Keep Alive feature for this SA.
Prestige 334 User’s Guide Chapter 15 VPN Screens 172 Remote Addres s End/ Mask When the remote IP address is a single address, type it a second ti me here. When the remote IP address is a range, en te r the end (static) IP address, in a range of computers on the network behind the re mote IPSec ro uter .
Prestige 334 User’s Guide 173 Chapter 15 VPN Screen s Peer Content The configuration of the peer content depen ds on the peer ID type. •F o r IP , type the IP address of the computer with which you will make the VPN connection. If you configure this field to 0.
Prestige 334 User’s Guide Chapter 15 VPN Screens 174 15.13 Manual Key Setup Manual key managemen t is useful if you have pro blems with IKE key managemen t. IPSec Protocol Select ESP or AH from the drop-down list box. The Prestige's IPSec Protocol should be identical to the secure remote gatew ay .
Prestige 334 User’s Guide 175 Chapter 15 VPN Screen s 15.13.1 Security Pa rameter Index (SPI) An SPI is used to distinguish dif ferent SAs te rminating at the same de stination and using the same IPSec protocol. This data allows for the multiplexing of SAs to a single gateway .
Prestige 334 User’s Guide Chapter 15 VPN Screens 176 Figure 67 Setup: Manual The following table describes the labels in this screen. Table 53 Rule Setup: Ma nual LABEL DESCRIPTION Active Select this check box to activate this VPN policy . IPSec Keying Mode Select IKE or Manual from the drop-down list box.
Prestige 334 User’s Guide 177 Chapter 15 VPN Screen s Local Port End T ype a port number in this field to define a port range. This port number must be greater than that specified in the previo us field. If Local Port S tart is left at 0, Local Port End will also remain at 0.
Prestige 334 User’s Guide Chapter 15 VPN Screens 178 15.15 V iewing SA Monitor In the web configurator , click VPN and the SA Monitor tab. Use this screen to display and manage active VPN connections. A Security Association (SA) is the group of se cu rity settings related to a specific VPN tunnel.
Prestige 334 User’s Guide 179 Chapter 15 VPN Screen s Figure 68 SA Monitor The following table describes the labels in this screen. 15.16 Configuring Global Setting T o change your Prestige’ s Global Settings, click VPN , then the Global Setting tab.
Prestige 334 User’s Guide Chapter 15 VPN Screens 180 Figure 69 VPN: Global Setting The following table describes the labels in this screen. 15.17 T elecommuter VPN/IPSec Examples The following examp.
Prestige 334 User’s Guide 181 Chapter 15 VPN Screen s Having everyone use the same pre-shared key ma y create a vulnerability . If the pre-shared key is compromised, all of the VPN connections using that VPN rule are at risk.
Prestige 334 User’s Guide Chapter 15 VPN Screens 182 See the following graphic for an example where three telecommut ers each use a different VPN rule to initiate a VPN connection to a Prestig e l ocated at headquarters.
Prestige 334 User’s Guide 183 Chapter 15 VPN Screen s.
Prestige 334 User’s Guide Chapter 16 Centralized Logs 184 C HAPTER 16 Centralized Logs This chapter contains inform ation about configuring genera l log settings and viewing the Prestige’ s logs. Refer to the appendices for example log message explanations.
Prestige 334 User’s Guide 185 Chapter 16 Centralized Logs Figure 72 Vi ew Logs The following table describes the labels in this screen. Table 57 View Logs LABEL DESCRIPTION Display The categories that you select in the Log Settings page (see section ) display in the drop-do wn list box.
Prestige 334 User’s Guide Chapter 16 Centralized Logs 186 16.2 Log Settings Y ou can configure the Pr estige’ s general log settin gs in one location. Click the LOGS in the navigation panel and then the Log Settings tab to open the Log Settings screen.
Prestige 334 User’s Guide 187 Chapter 16 Centralized Logs Figure 73 Log Settings The following table describes the labels in this screen. Table 58 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the ser ver name or the IP address of the mail server for the e-ma il addresses specified below .
Prestige 334 User’s Guide Chapter 16 Centralized Logs 188 Mail Subject T ype a title that you want to be in the su bject line of the log e-mail message that the Prestige sends. Not all Prestige models have this field. Send Log T o The Prestige se nds logs to the e-mail address s pecified in this field.
Prestige 334 User’s Guide 189 Chapter 16 Centralized Logs.
Prestige 334 User’s Guide Chapter 17 Maintenance 190 C HAPTER 17 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics.
Prestige 334 User’s Guide 191 Chapter 17 Maintenance Figure 74 Maintenance S tatus The following table describes the labels in this screen. Table 59 Maintenance Status LABEL DESCRIPTION System Name This is the System Name you chose in the first Inter net Access Wizard screen.
Prestige 334 User’s Guide Chapter 17 Maintenance 192 17.2.1 System St atistics Read-only information here includ es port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable.
Prestige 334 User’s Guide 193 Chapter 17 Maintenance Click MAINTENANCE , and then the DHCP T able tab. Read-only information here relates to your DHCP status. The DHCP table shows cu rrent DHCP Client information (including IP Address , Host Name and MAC Address ) of all network clients using the DHCP server .
Prestige 334 User’s Guide Chapter 17 Maintenance 194 Use the upgrade tool file with a "*.exe" extension found in the ZIP file and follow the steps to begin the firmware upgrade. 17.4.1 Prep aring your Pr estige for Firmware Upload 1 Change the login password of the Prestige to the factory default password of “1234”.
Prestige 334 User’s Guide 195 Chapter 17 Maintenance Figure 78 Upgrade T ool If you log into your Prestige befo re the upgrade is co mplete, the following screen is displayed. Figure 79 Upload W arning 6 The Prestige automatically restarts in this time causing a temporary network disconnect.
Prestige 334 User’s Guide Chapter 17 Maintenance 196 • Change your Prestige passwo rd and IP address back to your preferred setting. 8 Log in again and ch eck your new firmware version in the System S tatus screen.
Prestige 334 User’s Guide 197 Chapter 17 Maintenance Click Backup to save the Prestige’ s current configuration to your compute r 17.5.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your Prestige.
Prestige 334 User’s Guide Chapter 17 Maintenance 198 If the upload was not successful, the following screen will appear . Click Return to go back to the Configuration screen.
Prestige 334 User’s Guide 199 Chapter 17 Maintenance Figure 86 System Restart.
Prestige 334 User’s Guide Chapter 18 Intro ducing the SMT 200 C HAPTER 18 Introducing the SMT This chapter explains how to access and na viga te the System Management T erminal and gives an overview of its menus.
Prestige 334 User’s Guide 201 Chapter 18 In troducing the SMT Figure 87 Login Screen 18.1.3 Prestige SMT Menu Overview The following figure gives you an overview of the various SMT menu screens of you r Prestige.
Prestige 334 User’s Guide Chapter 18 Intro ducing the SMT 202 Several operations that you should be fam iliar with before you a ttempt to modify the configuration are listed in the table below . After you enter the password, the SMT di splays the main menu, as shown next.
Prestige 334 User’s Guide 203 Chapter 18 In troducing the SMT Figure 89 SMT Main Menu 18.2.1 System Manage ment T erminal Interface Summary The following table describes the fields in the previous screen. Copyright (c) 1994 - 2 004 ZyXEL Communications Corp.
Prestige 334 User’s Guide Chapter 18 Intro ducing the SMT 204 18.3 Changing the System Password Change the P restige defau lt password by following the steps shown next. 1 Enter 23.1 in the ma in menu to display Menu 23.1 - System Security - Change Password.
Prestige 334 User’s Guide 205 Chapter 18 In troducing the SMT.
Prestige 334 User’s Guide Chapter 19 Menu 1 General Setup 206 C HAPTER 19 Menu 1 General Setup Menu 1 - General Setup contains administrative and system-related informa tion. 19.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next).
Prestige 334 User’s Guide 207 Chapter 19 Menu 1 General Setup Figure 91 Menu 1 General Setup. 2 Fill in the required fields. Refer to the tabl e sho wn next for more information about these fields. Menu 1 - General Setup System Name= Domain Name= zyxel.
Prestige 334 User’s Guide Chapter 19 Menu 1 General Setup 208 19.2.1 Procedure to Configure Dynamic DNS T o configure Dynamic DNS, go to Menu 1 — General Setup and select Ye s in the Edit Dynamic DNS field. Press [ ENTER ] to display Menu 1.1— Configur e Dynamic DNS as shown next.
Prestige 334 User’s Guide 209 Chapter 19 Menu 1 General Setup Offline This field is only available when CustomDNS is selected in the DDNS T ype field. Press [SP ACE BAR] and then [ENTER] to select Ye s . When Ye s is selected, http:/ /www .dyndns.or g/ traffic is redirected to a URL that you h ave previously specified (see www .
Prestige 334 User’s Guide Chapter 20 Menu 2 WAN Setup 210 C HAPTER 20 Menu 2 W AN Setup This chapter describes how to configure th e W AN using menu 2. 20.1 Introduction to W AN This chapter explains how to configure settings for your W AN port. 20.
Prestige 334 User’s Guide 211 Chapter 20 Menu 2 WAN Setup.
Prestige 334 User’s Guide Chapter 21 Menu 3 LAN Setup 212 C HAPTER 21 Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 21.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup .
Prestige 334 User’s Guide 213 C hapter 21 Men u 3 LAN Setup 21.2 Protocol Dependent Ethernet Setup Depending on the proto cols for your applications, you need to co nfigure the respectiv e Ethernet Setup, as outlined below . • For TCP/IP Ethernet setup refer to the Internet Access Application chapte r .
Prestige 334 User’s Guide Chapter 21 Menu 3 LAN Setup 214 Use the instructions in the following table to configure TCP/IP parameters for the LAN port.
Prestige 334 User’s Guide 215 C hapter 21 Men u 3 LAN Setup 21.3.1 IP Alias Setup IP alias allows you to partition a physical network into dif fer ent logical networks over the same Ethernet interface.
Prestige 334 User’s Guide Chapter 21 Menu 3 LAN Setup 216 IP Subnet Mask Y our Prestige will automatically calc ulate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the Prestige.
Prestige 334 User’s Guide 217 C hapter 21 Men u 3 LAN Setup.
Prestige 334 User’s Guide Chapter 22 Internet Access 218 C HAPTER 22 Internet Access This chapter shows you how to config ure your Prestige for Internet access . 22.1 Introduction to Internet Access Setup Use information from your ISP along with the in st ructions in this chapter to set up your Prestige to access the Internet.
Prestige 334 User’s Guide 219 Chapter 22 Internet Access Figure 99 Menu 4 Internet Access Setup The following table describes the fields in this menu.
Prestige 334 User’s Guide Chapter 22 Internet Access 220 22.3 Configuring the PPTP Client T o configure a PP TP client, you must configure the My Login and Password fields for a PPP connection and the PP TP parame ters for a PP TP connection.
Prestige 334 User’s Guide 221 Chapter 22 Internet Access Figure 100 Internet Access Setup (PPTP) The following table contains in structions about the new fie lds when you choose PPTP in the Encapsula tion field in menu 4. 22.4 Configuring the PPPoE Client If you enable PPPoE in menu 4, you wil l see th e next screen.
Prestige 334 User’s Guide Chapter 22 Internet Access 222 Figure 101 Internet Access Setup (PPPoE) The following table contains instructions about the new fields when you choose PPPoE in the Encapsula tion field in menu 4.
Prestige 334 User’s Guide 223 Chapter 22 Internet Access.
Prestige 334 User’s Guide Chapter 23 Remot e Node Configur ation 224 C HAPTER 23 Remote Node Configuration This chapter covers remo te node configuration. 23.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gatewa y .
Prestige 334 User’s Guide 225 Chap ter 23 Remote Node Configuratio n Figure 102 Menu 1 1.1 Remote Node Profile for Ether net Encapsulation The following table describes the fields in this menu.
Prestige 334 User’s Guide Chapter 23 Remot e Node Configur ation 226 23.2.2 PPPoE Encap sulation The Prestige supports PPPoE (Point-to-Point Pr otocol over Ethernet). Y ou can only use PPPoE encapsulation when you’re using the Prestige with a DSL modem as the W AN device.
Prestige 334 User’s Guide 227 Chap ter 23 Remote Node Configuratio n 23.2.2.2 Nailed-Up Connection A nailed-up connection is a dial-u p line where the connectio n is always up regardless of tra ffic demand. The Prestige does two things when you specify a nailed-up connection.
Prestige 334 User’s Guide Chapter 23 Remot e Node Configur ation 228 Figure 104 Menu 1 1.1 Remote Node Profile for PPTP Encapsulation The next table shows h ow to configure field s in menu 1 1.1 not previously discussed . 23.3 Edit IP Move the cu rs or to the Edit IP field in menu 1 1.
Prestige 334 User’s Guide 229 Chap ter 23 Remote Node Configuratio n Figure 105 Menu 1 1.3 Remote Node Network Layer Op tions for Ethernet Encapsulation This menu displays the My W A N Addr field for PPPoE and PPTP encapsulations and Gateway IP Addr field for Ethernet encapsulation.
Prestige 334 User’s Guide Chapter 23 Remot e Node Configur ation 230 23.4 Remote Node Filter Move the cu rsor to the field Edit Filter Sets in menu 1 1.1, and then press [SP ACE BAR] to set the value to Ye s . Pre ss [ENTER] to open Menu 1 1.5 - Remote Node Filter .
Prestige 334 User’s Guide 231 Chap ter 23 Remote Node Configuratio n Figure 106 M enu 1 1.5: Remote Node Filter (Ethernet Encap sulation) Figure 107 Menu 1 1.
Prestige 334 User’s Guide Chapter 23 Remot e Node Configur ation 232 Figure 108 Menu 1 1.6: T raffic Redirect Setup The following table describes the fields in this screen. Menu 11.6 - Tra ffic Redirect Setup Active= Yes Configuration: Backup Gateway IP A ddress= 0.
Prestige 334 User’s Guide 233 Chap ter 23 Remote Node Configuratio n.
Prestige 334 User’s Guide Chapter 24 Static Route Setup 234 C HAPTER 24 S t atic Route Setup This chapter shows how to setup IP static routes. 24.1 IP S t atic Route Setup T o configure an IP static route, use Menu 12 – S tatic Routing Setup (shown next).
Prestige 334 User’s Guide 235 Chapter 24 Static Route Setup Figure 1 10 Menu12.1 Edit IP S tatic Route The following table describes the fields for Menu 12.
Prestige 334 User’s Guide Chapter 25 Network Address Translation (NAT) 236 C HAPTER 25 Network Address T ranslation (NA T) This chapter discusses how to configure NA T on the Prestige.
Prestige 334 User’s Guide 237 Chapter 25 Network Address Transla tion (NAT) Figure 1 1 1 Menu 4 Applying NA T for Interne t Access The following figure shows how you apply NA T to the remote node in menu 1 1.
Prestige 334 User’s Guide Chapter 25 Network Address Translation (NAT) 238 Figure 1 12 Menu 1 1.3 Applying NA T to the Remote Node The following table describes the optio ns for Network Address T ranslation.
Prestige 334 User’s Guide 239 Chapter 25 Network Address Transla tion (NAT) Figure 1 13 Menu 15 NA T Setup 25.3.1 Address Mapping Set s Enter 1 to bring up Menu 15.1 — Address Mapping Sets . Figure 1 14 Menu 15.1 Addr ess Mapping Set s Enter 255 to display the next screen (see the SUA (Single User Account) V ersus NA T sec tion ) .
Prestige 334 User’s Guide Chapter 25 Network Address Translation (NAT) 240 Figure 1 15 Menu 15.1.255 SUA Address Mapping Rule s The following table explains the fields in t his menu. 25.3.1.1 User-Defined Address Mapping Set s Now let’ s look at option 1 in menu 15.
Prestige 334 User’s Guide 241 Chapter 25 Network Address Transla tion (NAT) Figure 1 16 Menu 15.1.1 First Set 25.3.1.2 Ordering Y our Rules Ordering your rules is important because the Pr estige applies the rules in the order that you specify .
Prestige 334 User’s Guide Chapter 25 Network Address Translation (NAT) 242 Now if you delete rule 4, rules 5 to 7 will be pus hed up by 1 rule, so as old rule 5 become s rule 4, old rule 6 becomes rule 5 and o ld rule 7 becomes rule 6. Selecting Edit in the Action field and then selecting a rule brings up the following menu, Menu 15.
Prestige 334 User’s Guide 243 Chapter 25 Network Address Transla tion (NAT) Figure 1 17 Menu 15.1.1.1 Editing/ Configuring an Individual Rule in a Set The following table explains the fields in t his menu.
Prestige 334 User’s Guide Chapter 25 Network Address Translation (NAT) 244 Figure 1 18 Menu 15.2.1 NA T Server Setup 3 Enter a port number in an unused St a r t P o r t N o field. T o forward only one port, enter it again in the End Port No field. T o specify a range of po rts, enter the last port to be forwarded in the End Port No field.
Prestige 334 User’s Guide 245 Chapter 25 Network Address Transla tion (NAT) 25.5.1 Example 1: Internet Access Only In the following Internet access example, you onl y need one rule where the ILAs (Inside Local Addresses) of computers A through D map to one dynamic IGA (Inside Global Address) assigned by your ISP .
Prestige 334 User’s Guide Chapter 25 Network Address Translation (NAT) 246 Figure 122 NA T Examp le 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NA T as shown in the next figure.
Prestige 334 User’s Guide 247 Chapter 25 Network Address Transla tion (NAT) 4 Y ou also map your third IGA to the web serv er and mail server on the LAN. T ype Server allows you to specify multiple servers, of different t ypes, to other computers behind NA T on the LAN.
Prestige 334 User’s Guide Chapter 25 Network Address Translation (NAT) 248 Figure 125 NA T Example 3: Menu 1 1.3 The following figures show how to configure the first rule.
Prestige 334 User’s Guide 249 Chapter 25 Network Address Transla tion (NAT) Figure 126 Example 3: Menu 15.1.1.1 Figure 127 Example 3: Final Menu 15.1.1 Now configure the IGA3 to map to our web server and mail server on the LAN. 8 Enter 15 from the main menu.
Prestige 334 User’s Guide Chapter 25 Network Address Translation (NAT) 250 Figure 128 Example 3: Menu 15.2 25.5.4 Example 4: NA T Unfr iendly Application Programs Some applications do not support NA T Mapping using TCP or UDP port address translation.
Prestige 334 User’s Guide 251 Chapter 25 Network Address Transla tion (NAT) Figure 129 NA T Examp le 4 Follow the steps outlined in example 3 to configure t h ese two menus as follows Figure 130 Example 4: Menu 15.1.1.1 Address Map ping Rule. After you’ve configured your rule , you should be able to check the settings in menu 15.
Prestige 334 User’s Guide Chapter 25 Network Address Translation (NAT) 252 Figure 131 Example 4: Menu 15.1.1 Address Map ping Rules 25.6 Configuring T rigger Port Forwarding Enter 3 in menu 15 to d isplay Menu 15.3 — T rigger Port Setup , shown next.
Prestige 334 User’s Guide 253 Chapter 25 Network Address Transla tion (NAT) Figure 132 Menu 15.3 T rigger Port Setup The following table describes the fields in this screen. Menu 15.3 - Trigger Port Setup Inco ming Trigger Rule Name Start Port End Port Start Port End Port ---------------------------------- ------------------------------------ 1.
Prestige 334 User’s Guide Chapter 26 Enabling the Firewall 254 C HAPTER 26 Enabling the Firewall This chapter shows you how to get started with the Prestige firewall.
Prestige 334 User’s Guide 255 Chapter 26 Enablin g the Firewall Figure 133 Menu 21.2 Firewa ll Setup Menu 21.2 - Firewa ll Setup The firewall protects against D enial of Service (DoS) attacks when it is active. Your network is vulnerable to a ttacks when the firewall is turned off.
Prestige 334 User’s Guide Chapter 27 Filter Configuration 256 C HAPTER 27 Filter Configuration This chapter shows you how to create and apply filters. 27.1 Introduction to Filters Y our Prestige uses filters to decide whether to a llow passage of a data packet and/or to make a call.
Prestige 334 User’s Guide 257 Chapter 27 Filter Configuration 27.1.1 The Filter St ructure of the Prestige A filter set consists of one or more filter rules. Usually , you would group related rules, e.g., all the rules for NetBIOS, into a single set and gi ve it a descriptive name.
Prestige 334 User’s Guide Chapter 27 Filter Configuration 258 Figure 135 Filter Rule Process Y ou can apply up to four filter sets to a particular port to block multiple types of packets. W ith each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.
Prestige 334 User’s Guide 259 Chapter 27 Filter Configuration Figure 136 Menu 21: Filter and Firewa ll Setup 2 Enter 1 to bring up the following menu. Figure 137 Menu 21.1: Filter Set Configuration 3 Select the filter set you wish to configure (1-12) and press [ENTER] .
Prestige 334 User’s Guide Chapter 27 Filter Configuration 260 The protocol dependent filter rules abbreviation are listed as follows: Refer to the next section for inform ation on configurin g the filter rules. 27.2.1 Configuring a Filter Rule T o configure a filter rule, type its number in Menu 21.
Prestige 334 User’s Guide 261 Chapter 27 Filter Configuration T o configure TCP/IP rules, select TCP/IP Filter Rule from the Filter T ype field and press [ENTER] to open Menu 21.1.1.1 - TCP/IP Filter Rule , as shown next Figure 138 Menu 21.1.1.1 TCP/IP Filter Rule.
Prestige 334 User’s Guide Chapter 27 Filter Configuration 262 The following figure illustrates th e logic flow of an IP filter . Source IP Address Enter the source IP Address of th e packet you wish to filter . Th is field is ignored i f it is 0.0.0.
Prestige 334 User’s Guide 263 Chapter 27 Filter Configuration Figure 139 Executing an IP Filter 27.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generi c filter rule. The purpose of generic rules is to allow you to filter non-IP packets.
Prestige 334 User’s Guide Chapter 27 Filter Configuration 264 Figure 140 Menu 21.1.4.1 Generic Filter Ru le The following table describes the fiel ds in the Generic Filter Rule menu.
Prestige 334 User’s Guide 265 Chapter 27 Filter Configuration 27.3 Example Filter Let’ s look at an example to block outside users from accessing the Prestige via telnet. Figure 141 T elnet Filter Example 1 Enter 21 from the main menu to open Menu 21 - Filter and Firewall Setup .
Prestige 334 User’s Guide Chapter 27 Filter Configuration 266 Figure 142 Example Filter: Menu 21 .1.3.1 • Select Ye s from the Active field to activate this rule. • 6 is the TCP IP Pr otocol . •T h e Port # for the telnet service (TCP protocol) is 23.
Prestige 334 User’s Guide 267 Chapter 27 Filter Configuration Figure 143 Example Filter Rules Summar y: Menu 21.1.3 This shows you that you have configured and activated ( A = Y ) a TCP/IP filter rule ( Ty p e = IP , Pr = 6 ) for destination telnet ports ( DP = 23 ).
Prestige 334 User’s Guide Chapter 27 Filter Configuration 268 Figure 144 Protocol and Device Filter Set s 27.5 Firewall V ersus Filters Firewall configuration is discussed in the fir ewall chapters of this manual. Further comparisons are also made between filtering, NA T and the firewall.
Prestige 334 User’s Guide 269 Chapter 27 Filter Configuration Figure 145 Filtering LAN T raffic 27.6.2 Applying Re mote Node Filters Go to menu 1 1.5 (shown be low – note that call filter set s are only present for PPPoE encapsulation) and enter the numb er(s) of the filter set(s) as appropriate.
Prestige 334 User’s Guide Chapter 28 SNMP Configuration 270 C HAPTER 28 SNMP Configuration This chapter explains SNMP Configuration menu 22. 28.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging man agement information between network devices.
Prestige 334 User’s Guide 271 Chapter 28 SNMP Configuration The managed devices cont ain object variables/ managed objects that define each piece of information to be collected ab out a device. Examples of vari ables include the number of packets received, node port status etc.
Prestige 334 User’s Guide Chapter 28 SNMP Configuration 272 Figure 148 Menu 22 SNMP Configurat ion The following table describes the SNMP configuration parameters.
Prestige 334 User’s Guide 273 Chapter 28 SNMP Configuration The port number is its interface index under the interface group. 4 linkUp ( defined in RFC-1215 ) A trap is sent with the port number .
Prestige 334 User’s Guide Chapter 29 System Inform ation and Diagnosis 274 C HAPTER 29 System Information and Diagnosis This chapter covers the information and diag nostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status , port status, log and trace capabiliti es and upgrades for the system software.
Prestige 334 User’s Guide 275 Chapter 29 System Information and Diagnosis Figure 150 Menu 24.1 System Maintenance : S tatus The following table describes the fields present in Menu 24.1 — System Maintenance — St a t u s . These fields are READ-ONL Y and meant fo r diagnostic pu rposes.
Prestige 334 User’s Guide Chapter 29 System Inform ation and Diagnosis 276 29.2 System Information T o get to the System Information: 1 Enter 24 to display Menu 24 — System Information a nd Console Port Speed . 2 Enter 2 to display Menu 24.2 — System Information .
Prestige 334 User’s Guide 277 Chapter 29 System Information and Diagnosis Figure 152 Menu 24.2.1 System Maintenance : Informatio n The following table describes the fields in this menu. 29.2.2 Console Port Speed Y ou can set up different port speeds for the console port through Menu 24.
Prestige 334 User’s Guide Chapter 29 System Inform ation and Diagnosis 278 Figure 153 Menu 24.2.2 System Maintenance : Chang e Console Port Speed 29.3 Log and T race There are two logging faci lities in the Prestige. The first is the error logs and trace records that are stored locally .
Prestige 334 User’s Guide 279 Chapter 29 System Information and Diagnosis 29.3.1.1 CDR 29.3.1.2 Packet triggered CDR Message Format SdcmdSyslogSend ( SYSLOG_CDR, SYSLOG _INFO, String); String = boar.
Prestige 334 User’s Guide Chapter 29 System Inform ation and Diagnosis 280 29.3.1.3 Filter log 29.3.1.4 PPP log Filter log Message Format SdcmdSyslogSend(SYSLOG_FILLOG, SYSLO G_NOTICE, String ); String = IP[Src=xx.
Prestige 334 User’s Guide 281 Chapter 29 System Information and Diagnosis 29.3.1.5 Firewall log 29.3.2 Call-T riggering Packet Call-T riggering Packet displays information about the packet tha t triggered a dial-out call in an easy readable format. Equiva lent information is available in menu 24.
Prestige 334 User’s Guide Chapter 29 System Inform ation and Diagnosis 282 Figure 155 Call-T riggering Packet Example 29.4 Diagnostic The diagnostic facility allows you to test the di f ferent aspects of your Prestige to determine if it is working properly .
Prestige 334 User’s Guide 283 Chapter 29 System Information and Diagnosis Figure 156 Menu 24.4 System Maintenance : Diagnostic 29.4.1 W AN DHCP DHCP functionality can be enabled on the L AN or W AN as shown in LAN & W AN DHCP. LAN DHCP has already been discussed.
Prestige 334 User’s Guide Chapter 29 System Inform ation and Diagnosis 284 W AN D HCP Renewal Enter 3 to renew your W AN DHCP settings. Internet Setu p T est Enter 4 to test the Internet setup. Y o u can also test the Internet setup in Menu 4 - Internet Access .
Prestige 334 User’s Guide 285 Chapter 29 System Information and Diagnosis.
Prestige 334 User’s Guide Chapter 30 Firmware and Confi guration File Maintenance 286 C HAPTER 30 Firmware and Configuration File Maintenance This chapter tells y ou how to backup and restor e your configuration file as well as upload new firmware and configuration files.
Prestige 334 User’s Guide 287 Chapter 30 Firmware and Con f iguration File Main tenance The following table is a summary . Please note that the internal filename refe rs to the filename on the Prest.
Prestige 334 User’s Guide Chapter 30 Firmware and Confi guration File Maintenance 288 Figure 158 T elnet in Menu 24.5 30.2.2 Using the FTP Command from the Comman d Line 1 Launch the FTP client on your computer . 2 Enter “open”, followed by a space and the IP addres s of your Pres tige.
Prestige 334 User’s Guide 289 Chapter 30 Firmware and Con f iguration File Main tenance 30.2.3 Example of FTP Comm ands from the Command Line Figure 159 FTP Session Example 30.2.4 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients.
Prestige 334 User’s Guide Chapter 30 Firmware and Confi guration File Maintenance 290 30.2.6 Backup Configuration Using TFTP The Prestige support s the up/downloading of the firmware and the configuration file using TFTP (T rivial File T ransfer Protocol) over LA N.
Prestige 334 User’s Guide 291 Chapter 30 Firmware and Con f iguration File Main tenance 30.2.8 GUI-based TFTP Client s The following table describes some of the fiel ds that you may see in GUI-based TFTP clients. 30.3 Restore Configuration This section shows you how to restore a previ ously saved configuration.
Prestige 334 User’s Guide Chapter 30 Firmware and Confi guration File Maintenance 292 Figure 160 T elnet into Menu 24.6. 1 Launch the FTP client on your computer . 2 Enter “open”, followed by a space and the IP addres s of your Pres tige. 3 Press [ENTER] when prompted for a username.
Prestige 334 User’s Guide 293 Chapter 30 Firmware and Con f iguration File Main tenance 30.3.2 Restore Usin g FTP Session Example Figure 161 Restore Using FTP Session Example 30.4 Uploading Firmware and Configuration Files This section shows yo u how to upload firmware and co nfiguration files.
Prestige 334 User’s Guide Chapter 30 Firmware and Confi guration File Maintenance 294 Figure 162 T elnet Into Menu 24.7.1 Upload System Firmware 30.4.2 Configuration File Upload Y ou see the following screen when you telnet into menu 24.7.2 Figure 163 T elnet Into Menu 24.
Prestige 334 User’s Guide 295 Chapter 30 Firmware and Con f iguration File Main tenance 4 Enter your password as requested (the default is “1234”). 5 Enter “bin” to set transfer mode to binary . 6 Use “put” to transfer files from the comp uter to the Pres tige, for exam ple, “put firmware.
Prestige 334 User’s Guide Chapter 30 Firmware and Confi guration File Maintenance 296 3 Enter the command “sys stdio 0” to disable th e console t imeout, so the TFTP transfer will not be interrupted. Enter “co mmand sys stdio 5” to restore the five-minute console timeout (default) when the f ile transfer is complete.
Prestige 334 User’s Guide 297 Chapter 30 Firmware and Con f iguration File Main tenance.
Prestige 334 User’s Guide Chapter 31 System Maintenance 298 C HAPTER 31 System Maintenance This chapter leads you through SM T menus 24.8 to 24.10. 31.
Prestige 334 User’s Guide 299 Chapter 31 System M aintenance 31.1.2 Command Usage A list of commands can be found b y typing help or ? at the command prompt. Always type the full command. T ype exit to return to the SMT ma in menu when finished. Figure 166 V alid Commands 31.
Prestige 334 User’s Guide Chapter 31 System Maintenance 300 Figure 168 Budget Manage ment The total budget is the time li mit on the accumulated time for ou tgoing calls to a remo te node. When this limit is reached, th e call will be dropped and further outgoing calls to that remote node will be blocked.
Prestige 334 User’s Guide 301 Chapter 31 System M aintenance Figure 169 Menu 24.9.2 - Call History The following table describes the fields in this menu. 31.3 T ime and Date Setting The Real T ime Chip (R TC) keeps track of the time and date (not available on all models).
Prestige 334 User’s Guide Chapter 31 System Maintenance 302 Figure 170 Menu 24: System Maintenan ce Enter 10 to go to Menu 24.10 - System Maintena nce - Time and Date Setting to update the time and date settings of your Prestige as shown in the following screen.
Prestige 334 User’s Guide 303 Chapter 31 System M aintenance Figure 171 Menu 24.10 System Maintenance : T ime and Date Setting The following table describes the fields in this screen. Menu 24.10 - System Mainten ance - Time and Date Setting Time Protocol= NTP (RFC-1305) Time Server Address= time-b.
Prestige 334 User’s Guide Chapter 31 System Maintenance 304 31.3.1 Resetting the T ime The Prestige resets the time in three instances: 1 On leaving menu 24.10 after making changes. 2 When the Prestige starts up, if there is a timeserver configured in menu 24.
Prestige 334 User’s Guide 305 Chapter 31 System M aintenance.
Prestige 334 User’s Guide Chapter 32 Remo te Management 306 C HAPTER 32 Remote Management This chapter covers remote ma nagement (SMT menu 24.1 1). 32.1 Remote Management Remote management allows you to determ ine which services/protocols can access which Prestige interface (if any) from which computers.
Prestige 334 User’s Guide 307 Chapter 32 Remote Manag ement Figure 172 Menu 24.1 1 – Remote Managem ent Control The following table describes the fields in this screen. 32.1.1 Remote Management Limit ations Remote management over LAN or W AN will not work when: 1 A filter in menu 3.
Prestige 334 User’s Guide Chapter 32 Remo te Management 308 3 The IP address in the Secure Client IP field (menu 24.1 1) does not match the client IP address. If it does not match, the Prestig e will disconnect the session immediately . 4 There is an SMT console session running.
.
Prestige 334 User’s Guide Chapter 33 Call Scheduling 310 C HAPTER 33 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulati on only) allows you to dictate when a remote node sho uld be called and for how long.
Prestige 334 User’s Guide 311 Chapter 33 Call Scheduling Y ou can design up to 12 sched ule sets but you can only apply up to fo ur schedule sets for a remote node. T o setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.
Prestige 334 User’s Guide Chapter 33 Call Scheduling 312 Once your schedule sets are conf igured , you must then apply them to the desired remote node(s).
Prestige 334 User’s Guide 313 Chapter 33 Call Scheduling.
Prestige 334 User’s Guide Chapter 34 VPN/IPSec Setup 314 C HAPTER 34 VPN/IPSec Setup This chapter introduces the VPN SMT menus. 34.1 VPN/IPSec Overview The VPN/IPSec main SMT menu has these main submenus: 1 Define VPN policies in menu 27.
Prestige 334 User’s Guide 315 Chapter 34 VPN/IPSec Setup Figure 177 Menu 27 VPN/IPSec Setup 34.2 IPSec Summary Screen T ype 1 in menu 27 and then press [ENTER] to display Menu 27.1 IPSec Summary . This is a summary read-only menu of your IPSec rules (t unnels).
Prestige 334 User’s Guide Chapter 34 VPN/IPSec Setup 316 Local Addr St a r t When the Addr T ype field i n Menu 27.1.1 IPSec Setup is configured to Single , this is a static IP address on the LAN behind your Prestige. When the Addr T ype field in Menu 27.
Prestige 334 User’s Guide 317 Chapter 34 VPN/IPSec Setup Remote Addr End When the Addr T ype field in Menu 27.1.1 IPSec Setup is configured to Single , this is the same (static) IP address as in the Remote Addr S t art field. When the Addr T ype field in Menu 27.
Prestige 334 User’s Guide Chapter 34 VPN/IPSec Setup 318 Figure 179 Menu 27.1.1 IPSec Setup The following table describes the fields in this menu. Menu 27.1.1 – IPSec Setup Index= 1 Name= Taiwan Active= Yes Keep Alive= No Nat Traversal= No Local ID type Content= My IP Addr= 0.
Prestige 334 User’s Guide 319 Chapter 34 VPN/IPSec Setup Content When you select IP in the Local ID T ype fi eld, type the IP addre ss of your computer or leave the field blank to have the Pres tige automatically use its own IP address.
Prestige 334 User’s Guide Chapter 34 VPN/IPSec Setup 320 Port S tart 0 is the default and signifies any port. T y pe a port number from 0 to 65535. Y ou cannot create a VPN tunnel if you try to connect using a port number that does no t match this port number or range of port numbers.
Prestige 334 User’s Guide 321 Chapter 34 VPN/IPSec Setup 34.3 IKE Setup T o edit this menu, the Key Manageme nt field in Menu 27.1.1 – IPSec Setup must be set to IKE . Move the cursor to the Edit Key Management Setup field in Menu 27.1.1 – IPSec Setup ; press [SP ACE BAR] to select Ye s and then press [ENTER] to display Menu 27.
Prestige 334 User’s Guide Chapter 34 VPN/IPSec Setup 322 Figure 180 Menu 27.1.1.1 IKE Setup The following table describes the fields in this menu. Menu 27.
Prestige 334 User’s Guide 323 Chapter 34 VPN/IPSec Setup 34.4 Manual Setup Y ou only co nfigure Menu 27.1.1.2 – Manual Setup when you select Manual in the Key Management field in Menu 27.1.1 – IPSec Setup . Manual key mana gement is useful if you have problem s with IKE key management.
Prestige 334 User’s Guide Chapter 34 VPN/IPSec Setup 324 34.4.0.1 Active Protocol This field is a combination of mode and secu rity protocols used for the VPN.
Prestige 334 User’s Guide 325 Chapter 34 VPN/IPSec Setup Encryption Algorithm Press [SP ACE BAR] to choose from NULL , 3DES or DES and then press [ENTER]. Fill in the Key1 field below wh en you choose DES and fill in fields Key1 to Key3 when you choose 3DES .
Prestige 334 User’s Guide Chapter 35 SA Monitor 326 C HAPTER 35 SA Monitor This chapter teaches you h ow to manage your SAs by using the SA Monitor in SMT menu 27.2. 35.1 SA Monitor Overview A Security Association (SA) is the group of se cu rity settings related to a specific VPN tunnel.
Prestige 334 User’s Guide 327 Chapter 35 SA Monitor Figure 182 Menu 27.2 SA Monitor The following table describes the fields in this menu. Me nu 27.2 - SA Monitor # --- 001 002 003 004 005 006 007 008 009 010 Name -------------------------------- Taiwan : 3.
Prestige 334 User’s Guide Appendix A Tro ubleshooting 330 Appendix A T roubleshooting This chapter covers potential pr oblems and possible remedies. After each problem descri ption, some instructions are provided to help you to diagnose and to solve the problem.
Prestige 334 User’s Guide 331 Appendix A Troubleshooting 35.3 Problems with the Password 35.4 Problems with Remote Management Access to a web page with a URL containing a forbidden keyword is not blocked. Make sure that you select the Keywor d Blocking check box in the Content Filtering screen.
Prestige 334 User’s Guide Appendix B PPPoE 332 Appendix B PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP ov er Ethernet, RFC 2516) from your computer to an A TM PVC (Permanent V irt ual Circuit) whic h connects to a DSL Access Concentrator where the PPP session terminates (see the next figure).
Prestige 334 User’s Guide 333 Appendix B PPPoE Figure 183 Single-Compute r per Router Hardwa re Configuration How PPPoE W orks The PPPoE driver makes the Ethernet appea r as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC).
Prestige 334 User’s Guide Appendix C PPTP 334 Appendix C PPTP What is PPTP? PP TP (Point-to-Point T unneling Protocol) is a Microsoft proprietary protocol (RFC 2637 for PP TP is informational only) to tunnel PPP frames.
Prestige 334 User’s Guide 335 Appendix C PPTP PPTP Protocol Overview PP TP is very similar to L2TP , since L2TP is based on both PP TP and L2F (Cisco’ s Layer 2 Forwarding). Conceptually , there are three pa rties in PP TP , namely the PNS (PP TP Network Server), the P AC (PP TP Access Concentrator) a nd the PP TP user .
Prestige 334 User’s Guide Appendix C PPTP 336 Figure 187 Example Message Exchange between Computer and an ANT PPP Dat a Connection The PPP frames are tunneled between the PN S and P AC over GRE (General Routing Encapsulation, RFC 1701, 17 02). The individual calls within a tunnel are distinguished using the Call ID field in the GRE header .
Prestige 334 User’s Guide 337 Appendix C PPTP.
Prestige 334 User’s Guide Appendix D NetBIOS Filter Commands 338 Appendix D NetBIOS Filter Commands The following describes the Ne tBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System ) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN.
Prestige 334 User’s Guide 339 Appendix D NetBIOS Filter Commands The filter types and their defa ult settings are as follows. NetBIOS Filter Configuration Syntax:sys filter netbios config <ty pe&.
Prestige 334 User’s Guide Appendix E L og Descriptions 340 Appendix E Log Descriptions Configure centralized logs using the embedded web configurator; see online help for details. This appendix provides descrip tions of example log messages. Table 114 System Error logs LOG MESSAGE DESCRIPTION %s exceeds the max.
Prestige 334 User’s Guide 341 Appendix E Log Descriptions Table 116 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP pa ckets can pass through the firewall.
Prestige 334 User’s Guide Appendix F S etting up Yo ur Compute r’s IP Addres s 342 Appendix F Setting up Y our Computer ’ s IP Address All computers must have a 10M or 100M Et hernet adapter card and TCP/IP installed.
Prestige 334 User’s Guide 343 Appendix F Setting up Your Compu t er’s IP Address Figure 188 WIndows 95/98 /Me: Networ k: Configura tion Inst alling Component s The Network window Configuration tab displays a list of installed components. Y ou need a network adapter , the TCP/IP protocol and Client for Microso ft Networks.
Prestige 334 User’s Guide Appendix F S etting up Yo ur Compute r’s IP Addres s 344 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK . 5 Restart your computer so the changes you made take ef fect.
Prestige 334 User’s Guide 345 Appendix F Setting up Your Compu t er’s IP Address Figure 190 Windows 95/98/Me : TCP/IP Pr operties: DNS Configuration 4 Click the Gateway tab. • If you do no t know your gateway’ s IP address, remove previously installed gateways.
Prestige 334 User’s Guide Appendix F S etting up Yo ur Compute r’s IP Addres s 346 Figure 191 Windows XP: S tar t Menu 2 For W indows XP , click Network Connections . For W indows 2000/NT , click Network and Dial-up Connections . Figure 192 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Pr operties .
Prestige 334 User’s Guide 347 Appendix F Setting up Your Compu t er’s IP Address Figure 193 Windows XP: Control Panel: Network Connections: Pro perties 4 Select Internet Protocol (TCP/IP) (under the Genera l tab in W in XP) and click Properties .
Prestige 334 User’s Guide Appendix F S etting up Yo ur Compute r’s IP Addres s 348 • If you have a static IP address click Use the following IP Address and fill in the IP addr ess , Subnet mask , and Default gateway fields.
Prestige 334 User’s Guide 349 Appendix F Setting up Your Compu t er’s IP Address 7 In the Internet Protocol TCP/IP Pr operties window (the General tab in W indows XP): • Click Obtain D NS server address automatically if you do not know your DNS server IP addre ss(es).
Prestige 334 User’s Guide Appendix F S etting up Yo ur Compute r’s IP Addres s 350 Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel . Figure 197 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list.
Prestige 334 User’s Guide 351 Appendix F Setting up Your Compu t er’s IP Address Figure 198 Macintosh O S 8/9: TC P/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configur e: list. 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually .
Prestige 334 User’s Guide Appendix F S etting up Yo ur Compute r’s IP Addres s 352 • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab.
Prestige 334 User’s Guide 353 Appendix F Setting up Your Compu t er’s IP Address.
Prestige 334 User’s Guide Appendix G Brute-Force Password Guessing Protection 354 Appendix G Brute-Force Password Guessing Protection The following describes the c ommands for enablin g, disabling and configuring the brute-force password guessing protect ion mechanism for the password.
Prestige 334 User’s Guide 355 A ppendix G Brute-Forc e Password G uessing Pr otection.
Prestige 334 User’s Guide Appendix H TM SS 356 Appendix H TMSS This appendix discusses T rend Micro Security Se rvices setup and access. Please see your TMSS user guide for more information. T o view the TMSS dash boar d, follow the steps below . 1 Click TMSS under ADV ANCED in the we b configurator .
Prestige 334 User’s Guide 357 Appendix H TMSS Figure 202 TMSS Welcome Screen 7 Click Continue>> to proceed to down load ActiveX control. Figure 203 Download ActiveX Control 8 Select Y es to install and run ActiveX control. 9 Once the installation is complete the Ho me Network Security Services dashboard appears.
Prestige 334 User’s Guide Appendix H TM SS 358 Figure 204 Home Network Security Services Dashboar d 10 See the T rend Micr o User ’ s Guide for information on TMSS.
Prestige 334 User’s Guide 359 Appendix H TMSS.
Prestige 334 User’s Guide Appendix I Triangle Route 360 Appendix I T riangle Route The Ideal Setup When the firewall is on, your Prestige acts as a secure gateway between your LAN and the Internet. In an ideal network topology , a ll incoming and outgoing network traf fic passes through the Prestige to protect your LAN against attacks.
Prestige 334 User’s Guide 361 Appendix I Triangle Route Figure 206 “T riangle Route” Problem The “T riangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface.
Prestige 334 User’s Guide Appendix I Triangle Route 362 Figure 207 IP Alias Gateways on the W AN Side A second solution to the “triangle route” problem is to put all of your network gateways on the W AN side as the following figure shows. This en sures that all incoming netw ork traffic passes through your Prestige to your LAN.
Prestige 334 User’s Guide 363 Appendix I Triangle Route.
Prestige 334 User’s Guide Index 364 Index A Active 225 ActiveX 135 Allocated Bu dget 227 A T command 287 Authen 227 Authenticat ion Protocol 226 B Backup 196 , 287 Budget Management 299 , 300 C Call.
Prestige 334 User’s Guide 365 Index FTP 58 , 64 , 90 , 91 , 92 , 138 , 142 , 307 FTP File T ransfer 293 FTP Restrictio ns 138 , 289 , 307 FTP Server 247 G Gateway 235 Gateway IP Addr 229 Gateway IP .
Prestige 334 User’s Guide Index 366 O One to One 89 Outside 86 P Password 60 , 200 , 20 4 , 219 , 271 Period(hr) 227 Ping 283 Point-to-Point Tunneling Protocol 77 , 92 POP3 92 Port Numbers 92 PPPoE .
Prestige 334 User’s Guide 367 Index T race Record s 278 T raffic Redirect 82 , 83 T rigge r Port Forwarding 252 Process 98 U Universal Plug and Pl ay (UPnP) 106 UNIX Syslog 278 Upload Firmware 293 U.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il ZyXEL Communications P-334 è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del ZyXEL Communications P-334 - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso ZyXEL Communications P-334 imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul ZyXEL Communications P-334 ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il ZyXEL Communications P-334, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del ZyXEL Communications P-334.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il ZyXEL Communications P-334. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo ZyXEL Communications P-334 insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.