Home » ZyXEL Manuals » Networking » ZyXEL NBG-460N » Manual Viewer

ZyXEL NBG-460N User Guide - Page 174

Security > Firewall > Services

Get ZyXEL NBG-460N PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 174 highlights

Chapter 13 Firewall Table 60 Security > Firewall > Services LABEL DESCRIPTION Do not respond to requests for unauthorized services Select this option to prevent hackers from finding the NBG-460N by probing for unused ports. If you select this option, the NBG-460N will not respond to port request(s) for unused ports, thus leaving the unused ports and the NBG-460N unseen. By default this option is not selected and the NBG-460N will reply with an ICMP Port Unreachable packet for a port probe on its unused UDP ports, and a TCP Reset packet for a port probe on its unused TCP ports. Firewall Rule # Active Service Name IP Schedule Log Modify Note that the probing packets must first traverse the NBG-460N's firewall mechanism before reaching this anti-probing mechanism. Therefore if the firewall mechanism blocks a probing packet, the NBG460N reacts based on the firewall policy, which by default, is to send a TCP reset packet for a blocked TCP packet. You can use the command "sys firewall tcprst rst [on|off]" to change this policy. When the firewall mechanism blocks a UDP packet, it drops the packet without sending a response packet. This is your firewall rule number. The ordering of your rules is important as rules are applied in turn. Use the Move button to rearrange the order of the rules. This icon is green when the rule is turned on. The icon is grey when the rule is turned off. This field displays the services and port numbers to which this firewall rule applies. This field displays the IP address(es) the rule applies to. This field displays the days the firewall rule is active. This field shows you whether a log will be created when packets match the rule (Match) or not (No). Click the Edit icon to modify an existing rule setting in the fields under the Add Firewall Rule screen. Click the Remove icon to delete a rule. Note that subsequent firewall rules move up by one when you take this action. Add Click the Add button to display the screen where you can configure a new firewall rule. Modify the number in the textbox to add the rule before a specific rule number. Move The Move button moves a rule to a different position. In the first text box enter the number of the rule you wish to move. In the second text box enter the number of the rule you wish to move the first rule to and click the Move button. Misc setting Bypass Triangle Select this check box to have the NBG-460N firewall ignore the use of Route triangle route topology on the network. Max NAT/ Type a number ranging from 1 to 16000 to limit the number of NAT/ Firewall Session firewall sessions that a host can create. Per User Apply Click Apply to save the settings. Reset Click Reset to start configuring this screen again. 174 NBG-460N User's Guide

Section	Page
NBG-460N	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
Introduction	21
Getting to Know Your NBG-460N	23
1.1 Overview	23
1.2 Applications	23
1.3 Wireless Applications	24
1.3.1 Router Mode	24
1.3.2 AP Mode	25
1.3.3 Router vs. AP	26
1.4 Ways to Manage the NBG-460N	26
1.5 Good Habits for Managing the NBG-460N	27
1.6 LEDs	27
The WPS Button	29
2.1 Overview	29
Introducing the Web Configurator	31
3.1 Web Configurator Overview	31
3.2 Accessing the Web Configurator	31
3.3 Resetting the NBG-460N	33
3.3.1 Procedure to Use the Reset Button	33
3.4 Navigating the Web Configurator	33
3.5 The Status Screen in Router Mode	34
3.5.1 Navigation Panel	37
3.5.2 Summary: Any IP Table	39
3.5.3 Summary: Bandwidth Management Monitor	39
3.5.4 Summary: DHCP Table	40
3.5.5 Summary: Packet Statistics	41
3.5.6 Summary: VPN Monitor	42
3.5.7 Summary: Wireless Station Status	43
Connection Wizard	45
4.1 Wizard Setup	45
4.2 Connection Wizard: STEP 1: System Information	46
4.2.1 System Name	46
4.2.2 Domain Name	47
4.3 Connection Wizard: STEP 2: Wireless LAN	48
4.3.1 Basic (WEP) Security	49
4.3.2 Extend (WPA-PSK or WPA2-PSK) Security	50
4.4 Connection Wizard: STEP 3: Internet Configuration	51
4.4.1 Ethernet Connection	52
4.4.2 PPPoE Connection	52
4.4.3 PPTP Connection	53
4.4.4 Your IP Address	55
4.4.5 WAN IP Address Assignment	55
4.4.6 IP Address and Subnet Mask	56
4.4.7 DNS Server Address Assignment	57
4.4.8 WAN IP and DNS Server Address Assignment	57
4.4.9 WAN MAC Address	58
4.5 Connection Wizard: STEP 4: Bandwidth management	59
4.6 Connection Wizard Complete	60
Tutorials	63
5.1 Overview	63
5.2 How to Connect to the Internet from an AP	63
5.2.1 Configure Wireless Security Using WPS on both your NBG-460N and Wireless Client	63
5.2.2 Enable and Configure Wireless Security without WPS on your NBG-460N	67
5.2.3 Configure Your Notebook	68
5.3 Site-To-Site VPN Tunnel Tutorial	70
5.3.1 Configuring Bob’s NBG-460N VPN Settings	71
5.3.2 Configuring Jack’s NBG-460N VPN Settings	73
5.3.3 Checking the VPN Connection	75
5.4 Bandwidth Management for your Network	76
5.4.1 Configuring Bandwidth Management by Application	76
5.4.2 Configuring Bandwidth Management by Custom Application	77
5.4.3 Configuring Bandwidth Allocation by IP or IP Range	78
AP Mode	81
6.1 Overview	81
6.2 Setting your NBG-460N to AP Mode	81
6.3 The Status Screen	82
6.3.1 Navigation Panel	84
6.4 Configuring Your Settings	86
6.4.1 LAN Settings	86
6.4.2 WLAN and Maintenance Settings	87
6.5 Logging in to the Web Configurator in AP Mode	88
Network	89
Wireless LAN	91
7.1 Overview	91
7.2 What You Can Do	92
7.3 What You Should Know	92
7.3.1 Wireless Security Overview	92
7.4 General Wireless LAN Screen	95
7.4.1 No Security	96
7.4.2 WEP Encryption	97
7.4.3 WPA-PSK/WPA2-PSK	100
7.4.4 WPA/WPA2	101
7.5 MAC Filter Screen	103
7.6 Wireless LAN Advanced Screen	105
7.7 Quality of Service (QoS) Screen	105
7.7.1 Application Priority Configuration	107
7.8 WPS Screen	109
7.9 WPS Station Screen	110
7.10 Scheduling Screen	110
7.11 Technical Reference	112
7.11.1 Roaming	112
7.11.2 Quality of Service	114
7.12 WiFi Protected Setup	115
7.12.1 iPod Touch Web Configurator	115
7.12.2 Login Screen	116
7.12.3 System Status	116
7.12.4 WPS in Progress	119
7.12.5 Port Forwarding	119
7.13 Accessing the iPod Touch Web Configurator	121
7.13.1 Accessing the iPod Touch Web Configurator	121
WAN	123
8.1 Overview	123
8.2 What You Can Do	123
8.3 What You Need To Know	124
8.3.1 Configuring Your Internet Connection	124
8.3.2 Multicast	125
8.3.3 IPTV STB Port	126
8.3.4 NetBIOS over TCP/IP	128
8.3.5 Auto-Bridge	128
8.4 Internet Connection	129
8.4.1 Ethernet Encapsulation	129
8.4.2 PPPoE Encapsulation	131
8.4.3 PPTP Encapsulation	134
8.5 Advanced WAN Screen	136
8.6 Technical Reference	138
8.6.1 IGMP	138
LAN	139
9.1 Overview	139
9.2 What You Can Do	139
9.3 What You Need To Know	140
9.3.1 IP Pool Setup	140
9.3.2 LAN TCP/IP	140
9.4 LAN IP Screen	140
9.5 LAN IP Alias	141
9.6 Advanced LAN Screen	142
9.7 Technical Reference	143
9.7.1 LANs, WANs and the ZyXEL Device	143
9.7.2 Any IP	144
DHCP	147
10.1 Overview	147
10.2 What You Can Do	147
10.3 What You Need To Know	147
10.4 DHCP General Screen	148
10.5 DHCP Advanced Screen	148
10.6 Client List Screen	150
Network Address Translation (NAT)	153
11.1 Overview	153
11.2 What You Can Do	154
11.3 General NAT Screen	154
11.4 NAT Application Screen	155
11.4.1 Game List Example	158
11.4.2 Configuring Servers Behind Port Forwarding Example	158
11.5 NAT Advanced Screen	159
11.5.1 Trigger Port Forwarding Example	161
11.5.2 Two Points To Remember About Trigger Ports	162
Dynamic DNS	163
12.1 Overview	163
12.2 What You Can Do	163
12.3 What You Need To Know	163
12.3.1 DynDNS Wildcard	163
12.4 Dynamic DNS Screen	164
Security	167
Firewall	169
13.1 Overview	169
13.2 What You Can Do	169
13.3 What You Need To Know	170
13.3.1 About the NBG-460N Firewall	170
13.3.2 Triangle Routes	170
13.3.3 Triangle Routes and IP Alias	171
13.4 General Firewall Screen	172
13.5 Services Screen	172
13.5.1 The Add Firewall Rule Screen	175
Content Filtering	179
14.1 Overview	179
14.2 What You Can Do	179
14.3 What You Need To Know	179
14.3.1 Content Filtering Profiles	179
14.4 Filter Screen	181
14.5 Schedule Screen	183
14.6 Technical Reference	183
14.6.1 Customizing Keyword Blocking URL Checking	184
IPSec VPN	185
15.1 Overview	185
15.2 What You Can Do	185
15.3 What You Need To Know	186
15.3.1 IKE SA (IKE Phase 1) Overview	186
15.3.2 IPSec SA (IKE Phase 2) Overview	187
15.4 The General Screen	188
15.4.1 VPN Rule Setup (Basic)	189
15.4.2 VPN Rule Setup (Advanced)	194
15.4.3 VPN Rule Setup (Manual)	201
15.5 The SA Monitor Screen	205
15.6 Technical Reference	206
15.6.1 VPN and Remote Management	206
15.6.2 IKE SA Proposal	207
15.6.3 Diffie-Hellman (DH) Key Exchange	208
15.6.4 Authentication	208
15.6.5 Negotiation Mode	209
15.6.6 VPN, NAT, and NAT Traversal	210
15.6.7 IPSec Protocol	211
15.6.8 Encapsulation	211
15.6.9 IPSec SA Proposal and Perfect Forward Secrecy	212
15.6.10 Additional IPSec VPN Topics	212
Management	215
Static Route	217
16.1 Overview	217
16.2 What You Can Do	217
16.3 IP Static Route Screen	218
16.3.1 Static Route Setup Screen	219
Bandwidth Management	221
17.1 Overview	221
17.2 What You Can Do	221
17.3 What You Need To Know	222
17.4 General Configuration Screen	222
17.5 Advanced Configuration	224
17.5.1 Rule Configuration with the Pre-defined Service	226
17.5.2 Rule Configuration: User Defined Service Rule Configuration	227
17.6 Monitor Screen	228
17.7 Technical References	229
17.7.1 Predefined Bandwidth Management Services	229
17.7.2 Default Bandwidth Management Classes and Priorities	230
17.7.3 Bandwidth Management Priorities	231
Remote Management	233
18.1 Overview	233
18.2 What You Can Do	233
18.3 What You Need To Know	234
18.3.1 Remote Management Limitations	234
18.3.2 Remote Management and NAT	234
18.3.3 System Timeout	234
18.4 WWW Screen	235
18.5 Telnet Screen	236
18.6 FTP Screen	236
18.7 DNS Screen	237
Universal Plug-and-Play (UPnP)	239
19.1 Overview	239
19.2 What You Can Do	239
19.3 What You Need to Know	239
19.3.1 NAT Traversal	239
19.3.2 Cautions with UPnP	240
19.4 UPnP Screen	240
19.5 Technical Reference	241
19.5.1 Using UPnP in Windows XP Example	241
19.5.2 Web Configurator Easy Access	244
Maintenance and Troubleshooting	247
System	249
20.1 Overview	249
20.2 What You Can Do	249
20.3 System General Screen	249
20.4 Time Setting Screen	251
Logs	255
21.1 Overview	255
21.2 What You Can Do	255
21.3 What You Need to Know	255
21.4 View Log Screen	256
21.5 Log Settings	257
21.6 Technical Reference	260
21.6.1 Log Descriptions	260
Tools	275
22.1 Overview	275
22.2 What You Can Do	275
22.3 Firmware Upload Screen	275
22.4 Configuration Screen	278
22.4.1 Backup Configuration	278
22.4.2 Restore Configuration	278
22.4.3 Back to Factory Defaults	280
22.5 Restart Screen	280
22.6 Wake On LAN	281
22.7 Green	281
Configuration Mode	283
23.1 Overview	283
23.2 What You Can Do	283
23.3 General Screen	283
Sys Op Mode	285
24.1 Overview	285
24.2 What You Can Do	285
24.3 What You Need to Know	285
24.4 General Screen	287
Language	289
25.1 Language Screen	289
Troubleshooting	291
26.1 Power, Hardware Connections, and LEDs	291
26.2 NBG-460N Access and Login	292
26.3 Internet Access	294
26.4 Resetting the NBG-460N to Its Factory Defaults	296
26.5 Wireless Router/AP Troubleshooting	297
26.6 Advanced Features	297
Product Specifications and Wall- Mounting Instructions	299
Appendices and Index	305
Pop-up Windows, JavaScripts and Java Permissions	307
IP Addresses and Subnetting	315
Setting up Your Computer’s IP Address	325
27.0.1 Verifying Settings	342
Wireless LANs	343
27.0.2 WPA(2)-PSK Application Example	353
27.0.3 WPA(2) with RADIUS Application Example	353
Services	355
Legal Information	359

Match case Limit results 1 per page

Chapter 13 Firewall

NBG-460N User’s Guide

174

Do not respond

to requests for

unauthorized

services

Select this option to prevent hackers from finding the NBG-460N by

probing for unused ports. If you select this option, the NBG-460N will

not respond to port request(s) for unused ports, thus leaving the

unused ports and the NBG-460N unseen. By default this option is not

selected and the NBG-460N will reply with an ICMP Port Unreachable

packet for a port probe on its unused UDP ports, and a TCP Reset

packet for a port probe on its unused TCP ports.

Note that the probing packets must first traverse the NBG-460N's

firewall mechanism before reaching this anti-probing mechanism.

Therefore if the firewall mechanism blocks a probing packet, the NBG-

460N reacts based on the firewall policy, which by default, is to send a

TCP reset packet for a blocked TCP packet. You can use the command

"sys firewall tcprst rst [on|off]" to change this policy. When the firewall

mechanism blocks a UDP packet, it drops the packet without sending a

response packet.

Firewall Rule

This is your firewall rule number. The ordering of your rules is important

as rules are applied in turn. Use the

Move

button to rearrange the

order of the rules.

Active

This icon is green when the rule is turned on. The icon is grey when the

rule is turned off.

Service Name

This field displays the services and port numbers to which this firewall

rule applies.

This field displays the IP address(es) the rule applies to.

Schedule

This field displays the days the firewall rule is active.

Log

This field shows you whether a log will be created when packets match

the rule (

Match

) or not (

Modify

Click the

Edit

icon to modify an existing rule setting in the fields under

the Add Firewall Rule screen

Click the

Remove

icon to delete a rule. Note that subsequent firewall

rules move up by one when you take this action.

Add

Click the

Add

button to display the screen where you can configure a

new firewall rule. Modify the number in the textbox to add the rule

before a specific rule number.

Move

The

Move

button moves a rule to a different position. In the first text

box enter the number of the rule you wish to move. In the second text

box enter the number of the rule you wish to move the first rule to and

click the

Move

button.

Misc setting

Bypass Triangle

Route

Select this check box to have the NBG-460N firewall ignore the use of

triangle route topology on the network.

Max NAT/

Firewall Session

Per User

Type a number ranging from 1 to 16000 to limit the number of NAT/

firewall sessions that a host can create.

Apply

Click

Apply

to save the settings.

Reset

Click

Reset

to start configuring this screen again.

Table 60

Security > Firewall > Services

LABEL

DESCRIPTION