Home » ZyXEL Manuals » Wireless » ZyXEL LTE7485-S905 » Manual Viewer

ZyXEL LTE7485-S905 User Guide - Page 128

Guidelines For Security Enhancement With Your Firewall, 11.7.3 Security Considerations

Add to My Manuals
Save this manual to your list of manuals

Page 128 highlights

Chapter 11 Firewall • WAN to Router By default the Zyxel Device stops computers on the WAN from managing the Zyxel Device. You could configure one of these rules to allow a WAN computer to manage the Zyxel Device. Note: You also need to configure the remote management settings to allow a WAN computer to manage the Zyxel Device. You may define additional rules and sets or modify existing ones but please exercise extreme caution in doing so. For example, you may create rules to: • Block certain types of traffic, such as IRC (Internet Relay Chat), from the LAN to the Internet. • Allow certain types of traffic, such as Lotus Notes database synchronization, from specific hosts on the Internet to specific hosts on the LAN. • Allow everyone except your competitors to access a web server. • Restrict use of certain protocols, such as Telnet, to authorized users on the LAN. These custom rules work by comparing the source IP address, destination IP address and IP protocol type of network traffic to rules set by the administrator. Your customized rules take precedence and override the Zyxel Device's default rules. 11.7.2 Guidelines For Security Enhancement With Your Firewall 1 Change the default password via the Web Configurator. 2 Think about access control before you connect to the network in any way. 3 Limit who can access your router. 4 Don't enable any local service (such as telnet or FTP) that you don't use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network. 5 For local services that are enabled, protect against misuse. Protect by configuring the services to communicate only with specific peers, and protect by configuring rules to block packets for the services at specific interfaces. 6 Protect against IP spoofing by making sure the firewall is active. 7 Keep the firewall in a secured (locked) room. 11.7.3 Security Considerations Note: Incorrectly configuring the firewall may block valid access or introduce security risks to the Zyxel Device and your protected network. Use caution when creating or deleting firewall rules and test your rules after you configure them. Consider these security ramifications before creating a rule: LTE Series User's Guide 128

Section	Page
LTE Series	1
Document Conventions	3
Contents Overview	4
Table of Contents	5
User’s Guide	12
Introduction	13
1.1 Overview	13
1.2 Application for the Zyxel Device	14
1.3 Manage the Zyxel Device	14
1.4 Good Habits for Managing the Zyxel Device	15
1.5 Front and Bottom Panels	15
1.5.1 LEDs (Lights)	17
1.5.2 Panel Ports & Buttons	17
1.5.3 Turning On/Off WiFi	18
1.5.4 The RESET Button	19
The Web Configurator	21
2.1 Overview	21
2.1.1 Access the Web Configurator	21
2.2 Web Configurator Layout	23
2.2.1 Settings Icon	23
2.2.2 Widget Icon	27
Quick Start	30
3.1 Overview	30
3.2 Quick Start Setup	30
3.3 Time Zone	30
3.4 The Internet Connection Setup	31
3.4.1 Successful Internet Connection	31
3.4.2 Unsuccessful Internet Connection	32
3.5 Quick Start Setup-Wireless	32
3.6 Quick Start Setup-Finish	33
Tutorials	34
4.1 Overview	34
4.2 Set Up a Wireless Network Using WPS	34
4.2.1 Push Button Configuration (PBC)	35
4.2.2 PIN Configuration	36
4.3 Connect to the Zyxel Device’s WiFi Network	37
4.4 Configure a Firewall Rule	40
4.5 Configure MAC Filter	41
4.6 Upgrade Firmware on the Zyxel Device	42
4.7 Back up a Configuration File	43
4.8 Restore Configuration	43
4.9 Configure DHCP	44
4.9.1 Add Devices to Your Static DHCP List	45
4.10 Configure Static Route for Routing to Another Network	46
4.11 Access the Zyxel Device Using DDNS	48
4.11.1 Register a DDNS Account on www.dyndns.org	49
4.11.2 Configure DDNS on Your Zyxel Device	49
4.11.3 Test the DDNS Settings	50
Technical Reference	51
Connection Status	52
5.1 Connection Status Overview	52
5.1.1 Connectivity	52
5.1.2 System Info	53
5.1.3 Cellular Info	55
5.1.4 WiFi Settings	59
5.1.5 LAN	60
Broadband	63
6.1 Overview	63
6.1.1 What You Can Do in this Chapter	63
6.1.2 What You Need to Know	64
6.1.3 Before You Begin	64
6.2 Broadband	64
6.3 Cellular WAN	65
6.4 Cellular APN	66
6.5 Cellular SIM Configuration	67
6.6 Cellular Band Configuration	68
6.7 Cellular PLMN Configuration	69
6.8 Cellular IP Passthrough	72
6.9 Cellular Lock	73
Home Networking	75
7.1 Overview	75
7.1.1 What You Can Do in this Chapter	75
7.1.2 What You Need To Know	75
7.2 LAN Setup	76
7.3 Static DHCP	80
7.3.1 Before You Begin	80
7.4 UPnP	82
7.5 Technical Reference	83
7.6 Turn on UPnP in Windows 7 Example	84
7.6.1 Auto-discover Your UPnP-enabled Network Device	85
7.7 Turn on UPnP in Windows 10 Example	87
7.7.1 Auto-discover Your UPnP-enabled Network Device	89
7.8 Web Configurator Easy Access in Windows 7	92
7.9 Web Configurator Easy Access in Windows 10	94
Routing	97
8.1 Overview	97
8.2 Configure Static Route	97
8.2.1 Add/Edit Static Route	98
8.3 DNS Route	100
8.3.1 Add/Edit DNS Route	100
8.4 Policy Route	101
8.4.1 Add/Edit Policy Route	103
8.5 RIP Overview	104
8.5.1 RIP	104
Network Address Translation (NAT)	105
9.1 Overview	105
9.1.1 What You Can Do in this Chapter	105
9.1.2 What You Need To Know	105
9.2 Port Forwarding Overview	106
9.2.1 Port Forwarding	107
9.2.2 Add/Edit Port Forwarding	107
9.3 Port Triggering	109
9.3.1 Add/Edit Port Triggering Rule	111
9.4 DMZ	112
9.5 ALG	113
Dynamic DNS Setup	115
10.1 DNS Overview	115
10.1.1 What You Can Do in this Chapter	115
10.1.2 What You Need To Know	115
10.2 DNS Entry	116
10.2.1 Add/Edit DNS Entry	116
10.3 Dynamic DNS	117
Firewall	119
11.1 Overview	119
11.1.1 What You Need to Know About Firewall	119
11.2 Firewall	120
11.2.1 What You Can Do in this Chapter	120
11.3 Firewall General Settings	120
11.4 Protocol (Customized Services)	122
11.4.1 Add Customized Service	122
11.5 Access Control (Rules)	123
11.5.1 Add New ACL Rule Screen	124
11.6 DoS	126
11.7 Firewall Technical Reference	127
11.7.1 Firewall Rules Overview	127
11.7.2 Guidelines For Security Enhancement With Your Firewall	128
11.7.3 Security Considerations	128
MAC Filter	130
12.1 MAC Filter Overview	130
12.2 MAC Filter	130
12.2.1 Add New Rule	131
Certificates	132
13.1 Certificates Overview	132
13.1.1 What You Can Do in this Chapter	132
13.2 Local Certificates	132
13.2.1 Create Certificate Request	133
13.2.2 View Certificate Request	134
13.3 Trusted CA	136
13.4 Import Trusted CA Certificate	137
13.5 View Trusted CA Certificate	137
13.6 Certificates Technical Reference	138
13.6.1 Verify a Certificate	139
Log	141
14.1 Log Overview	141
14.1.1 What You Can Do in this Chapter	141
14.1.2 What You Need To Know	141
14.2 System Log	142
14.3 Security Log	142
Traffic Status	144
15.1 Traffic Status Overview	144
15.1.1 What You Can Do in this Chapter	144
15.2 WAN Status	144
15.3 LAN Status	145
ARP Table	147
16.1 ARP Table Overview	147
16.1.1 How ARP Works	147
16.2 ARP Table	148
Routing Table	149
17.1 Routing Table Overview	149
17.2 Routing Table	149
Cellular WAN Status	152
18.1 Cellular WAN Status Overview	152
18.2 Cellular WAN Status	152
System	157
19.1 System Overview	157
19.2 System	157
User Account	158
20.1 User Account Overview	158
20.2 User Account	158
20.2.1 User Account Add/Edit	159
Remote Management	161
21.1 Overview	161
21.2 MGMT Services	161
21.3 MGMT Services for IP Passthrough	162
21.4 Trust Domain	163
21.5 Add Trust Domain	164
21.6 Trust Domain for IP Passthrough	164
21.7 Add Trust Domain	165
Time Settings	166
22.1 Time Settings Overview	166
22.2 Time	166
E-mail Notification	169
23.1 E-mail Notification Overview	169
23.2 E-mail Notification	169
23.2.1 E-mail Notification Edit	170
Log Setting	172
24.1 Log Setting Overview	172
24.2 Log Setting	172
Firmware Upgrade	175
25.1 Overview	175
25.2 Firmware Upgrade	175
Backup/Restore	177
26.1 Backup/Restore Overview	177
26.2 Backup/Restore	177
26.3 Reboot	178
Diagnostic	180
27.1 Diagnostic Overview	180
27.2 Ping/TraceRoute/Nslookup Test	180
Troubleshooting	182
28.1 Overview	182
28.2 Power and Hardware Connections	182
28.3 Zyxel Device Access and Login	182
28.4 Internet Access	184
28.5 UPnP	185
28.6 SIM Card	186
28.7 Cellular Signal	186
Appendices	188
Customer Support	189
IPv6	195
Legal Information	202

Match case Limit results 1 per page

Chapter 11 Firewall

LTE Series User’s Guide

128

•

WAN to Router

By default the Zyxel Device stops computers on the WAN from managing the Zyxel Device. You could

configure one of these rules to allow a WAN computer to manage the Zyxel Device.

Note: You also need to configure the remote management settings to allow a WAN

computer to manage the Zyxel Device.

You may define additional rules and sets or modify existing ones but please exercise extreme caution in

doing so.

For example, you may create rules to:

•

Block certain types of traffic, such as IRC (Internet Relay Chat), from the LAN to the Internet.

•

Allow certain types of traffic, such as Lotus Notes database synchronization, from specific hosts on the

Internet to specific hosts on the LAN.

•

Allow everyone except your competitors to access a web server.

•

Restrict use of certain protocols, such as Telnet, to authorized users on the LAN.

These custom rules work by comparing the source IP address, destination IP address and IP protocol

type of network traffic to rules set by the administrator. Your customized rules take precedence and

override the Zyxel Device’s default rules.

11.7.2

Guidelines For Security Enhancement With Your Firewall

Change the default password via the Web Configurator.

Think about access control before you connect to the network in any way.

Limit who can access your router.

Don't enable any local service (such as telnet or FTP) that you don't use. Any enabled service could

present a potential security risk. A determined hacker might be able to find creative ways to misuse the

enabled services to access the firewall or the network.

For local services that are enabled, protect against misuse. Protect by configuring the services to

communicate only with specific peers, and protect by configuring rules to block packets for the services

at specific interfaces.

Protect against IP spoofing by making sure the firewall is active.

Keep the firewall in a secured (locked) room.

11.7.3

Security Considerations

Note: Incorrectly configuring the firewall may block valid access or introduce security risks to

the Zyxel Device and your protected network. Use caution when creating or deleting

firewall rules and test your rules after you configure them.

Consider these security ramifications before creating a rule: