Home » ZyXEL Manuals » Networking » ZyXEL NBG334W » Manual Viewer

ZyXEL NBG334W User Guide - Page 132

Firewall, NBG334W User's Guide, Security > Firewall > Services

Get ZyXEL NBG334W PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 132 highlights

Chapter 12 Firewall Table 51 Security > Firewall > Services LABEL DESCRIPTION Do not respond to requests for unauthorized services Select this option to prevent hackers from finding the NBG334W by probing for unused ports. If you select this option, the NBG334W will not respond to port request(s) for unused ports, thus leaving the unused ports and the NBG334W unseen. By default this option is not selected and the NBG334W will reply with an ICMP Port Unreachable packet for a port probe on its unused UDP ports, and a TCP Reset packet for a port probe on its unused TCP ports. Note that the probing packets must first traverse the NBG334W's firewall mechanism before reaching this anti-probing mechanism. Therefore if the firewall mechanism blocks a probing packet, the NBG334W reacts based on the firewall policy, which by default, is to send a TCP reset packet for a blocked TCP packet. You can use the command "sys firewall tcprst rst [on|off]" to change this policy. When the firewall mechanism blocks a UDP packet, it drops the packet without sending a response packet. Service Setup Enable Services Select this check box to enable this feature. Blocking Available Services This is a list of pre-defined services (ports) you may prohibit your LAN computers from using. Select the port you want to block using the drop-down list and click Add to add the port to the Blocked Services field. Blocked Services This is a list of services (ports) that will be inaccessible to computers on your LAN once you enable service blocking. Custom Port A custom port is a service that is not available in the pre-defined Available Services list and you must define using the next two fields. Type Choose the IP port (TCP or UDP) that defines your customized port from the drop down list box. Port Number Enter the port number range that defines the service. For example, if you want to define the Gnutella service, then select TCP type and enter a port range from 6345 to 6349. Add Select a service from the Available Services drop-down list and then click Add to add a service to the Blocked Services Delete Select a service from the Blocked Services list and then click Delete to remove this service from the list. Clear All Click Clear All to empty the Blocked Services. Schedule to Block Day to Block: Select a check box to configure which days of the week (or everyday) you want service blocking to be active. Time of Day to Block (24-Hour Format) Select the time of day you want service blocking to take effect. Configure blocking to take effect all day by selecting All Day. You can also configure specific times by selecting From and entering the start time in the Start (hour) and Start (min) fields and the end time in the End (hour) and End (min) fields. Enter times in 24hour format, for example, "3:00pm" should be entered as "15:00". Misc setting Bypass Triangle Select this check box to have the NBG334W firewall ignore the use of triangle Route route topology on the network. Max NAT/Firewall Type a number ranging from 1 to 2048 to limit the number of NAT/firewall sessions Session Per User that a host can create. Apply Click Apply to save the settings. Reset Click Reset to start configuring this screen again. 132 NBG334W User's Guide

Section	Page
User’s Guide	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
List of Figures	19
List of Tables	23
Introduction	27
Getting to Know Your NBG334W	29
1.1 Overview	29
1.2 AP Mode	29
1.3 Router Mode	30
1.4 Router Features vs. AP Features	30
1.5 Ways to Manage the NBG334W	31
1.6 Good Habits for Managing the NBG334W	31
1.7 LEDs	31
Introducing the Web Configurator	33
2.1 Web Configurator Overview	33
2.2 Accessing the Web Configurator	33
2.3 Resetting the NBG334W	35
2.3.1 Procedure to Use the Reset Button	35
2.4 Navigating the Web Configurator	35
2.5 The Status Screen in Router Mode	35
2.5.1 Navigation Panel	38
2.5.2 Summary: Any IP Table	40
2.5.3 Summary: Bandwidth Management Monitor	40
2.5.4 Summary: DHCP Table	41
2.5.5 Summary: Packet Statistics	41
2.5.6 Summary: Wireless Station Status	42
Connection Wizard	45
3.1 Wizard Setup	45
3.2 Connection Wizard: STEP 1: System Information	46
3.2.1 System Name	46
3.2.2 Domain Name	47
3.3 Connection Wizard: STEP 2: Wireless LAN	47
3.3.1 Basic (WEP) Security	49
3.3.2 Extend (WPA-PSK or WPA2-PSK) Security	50
3.4 Connection Wizard: STEP 3: Internet Configuration	50
3.4.1 Ethernet Connection	51
3.4.2 PPPoE Connection	51
3.4.3 PPTP Connection	52
3.4.4 Your IP Address	54
3.4.5 WAN IP Address Assignment	54
3.4.6 IP Address and Subnet Mask	55
3.4.7 DNS Server Address Assignment	55
3.4.8 WAN IP and DNS Server Address Assignment	56
3.4.9 WAN MAC Address	57
3.5 Connection Wizard: STEP 4: Bandwidth management	58
3.6 Connection Wizard Complete	58
AP Mode	61
4.1 AP Mode Overview	61
4.2 Setting your NBG334W to AP Mode	61
4.3 The Status Screen in AP Mode	62
4.3.1 Navigation Panel	64
4.4 Configuring Your Settings	65
4.4.1 LAN Settings	65
4.4.2 WLAN and Maintenance Settings	66
4.5 Logging in to the Web Configurator in AP Mode	66
Network	67
Wireless LAN	69
5.1 Wireless Network Overview	69
5.2 Wireless Security Overview	71
5.2.1 SSID	71
5.2.2 MAC Address Filter	71
5.2.3 User Authentication	72
5.2.4 Encryption	72
5.3 Roaming	73
5.3.1 Requirements for Roaming	74
5.4 Quality of Service	74
5.4.1 WMM QoS	75
5.5 General Wireless LAN Screen	75
5.5.1 No Security	76
5.5.2 WEP Encryption	77
5.5.3 WPA-PSK/WPA2-PSK	79
5.5.4 WPA/WPA2	80
5.6 MAC Filter	82
5.7 Wireless LAN Advanced Screen	83
5.8 Quality of Service (QoS) Screen	84
5.8.1 Application Priority Configuration	86
Wireless Tutorial	89
6.1 How to Connect to the Internet from a Notebook	89
6.1.1 Example Parameters	89
6.2 Enable and Configure Wireless Security on your NBG334W	89
6.3 Configure Your Notebook	91
WAN	93
7.1 WAN Overview	93
7.2 WAN MAC Address	93
7.3 Multicast	93
7.4 Internet Connection	94
7.4.1 Ethernet Encapsulation	94
7.4.2 PPPoE Encapsulation	95
7.4.3 PPTP Encapsulation	98
7.5 Advanced WAN Screen	101
LAN	103
8.1 LAN Overview	103
8.1.1 IP Pool Setup	103
8.1.2 System DNS Servers	103
8.2 LAN TCP/IP	103
8.2.1 Factory LAN Defaults	103
8.2.2 IP Address and Subnet Mask	104
8.2.3 Multicast	104
8.2.4 Any IP	104
8.3 LAN IP Screen	106
8.4 LAN IP Alias	106
8.5 Advanced LAN Screen	107
DHCP	109
9.1 DHCP	109
9.2 DHCP Server General Screen	109
9.3 DHCP Server Advanced Screen	110
9.4 Client List Screen	111
Network Address Translation (NAT)	113
10.1 NAT Overview	113
10.2 Using NAT	113
10.2.1 Port Forwarding: Services and Port Numbers	113
10.2.2 Configuring Servers Behind Port Forwarding Example	114
10.3 General NAT Screen	114
10.4 NAT Application Screen	115
10.4.1 Game List Example	117
10.5 Trigger Port Forwarding	118
10.5.1 Trigger Port Forwarding Example	118
10.5.2 Two Points To Remember About Trigger Ports	119
10.6 NAT Advanced Screen	119
Dynamic DNS	123
11.1 Dynamic DNS Introduction	123
11.1.1 DynDNS Wildcard	123
11.2 Dynamic DNS Screen	123
Security	125
Firewall	127
12.1 Introduction to ZyXEL’s Firewall	127
12.1.1 What is a Firewall?	127
12.1.2 Stateful Inspection Firewall	127
12.1.3 About the NBG334W Firewall	127
12.1.4 Guidelines For Enhancing Security With Your Firewall	128
12.2 Triangle Routes	128
12.2.1 Triangle Routes and IP Alias	128
12.3 General Firewall Screen	129
12.4 Services Screen	130
Content Filtering	133
13.1 Introduction to Content Filtering	133
13.2 Restrict Web Features	133
13.3 Days and Times	133
13.4 Filter Screen	133
13.5 Schedule	135
13.6 Customizing Keyword Blocking URL Checking	136
13.6.1 Domain Name or IP Address URL Checking	136
13.6.2 Full Path URL Checking	136
13.6.3 File Name URL Checking	136
Management	137
Static Route Screens	139
14.1 Static Route Overview	139
14.2 IP Static Route Screen	139
14.2.1 Static Route Setup Screen	140
Bandwidth Management	143
15.1 Bandwidth Management Overview	143
15.2 Application-based Bandwidth Management	143
15.3 Subnet-based Bandwidth Management	143
15.4 Application and Subnet-based Bandwidth Management	144
15.5 Bandwidth Management Priorities	144
15.6 Predefined Bandwidth Management Services	145
15.6.1 Services and Port Numbers	146
15.7 Default Bandwidth Management Classes and Priorities	148
15.8 Bandwidth Management General Configuration	149
15.9 Bandwidth Management Advanced Configuration	149
15.9.1 Rule Configuration	151
15.10 Bandwidth Management Monitor	152
Remote Management	153
16.1 Remote Management Overview	153
16.1.1 Remote Management Limitations	153
16.1.2 Remote Management and NAT	154
16.1.3 System Timeout	154
16.2 WWW Screen	154
16.3 Telnet	155
16.4 Telnet Screen	155
16.5 FTP Screen	156
16.6 DNS Screen	157
Universal Plug-and-Play (UPnP)	159
17.1 Introducing Universal Plug and Play	159
17.1.1 How do I know if I'm using UPnP?	159
17.1.2 NAT Traversal	159
17.1.3 Cautions with UPnP	159
17.2 UPnP and ZyXEL	160
17.3 UPnP Screen	160
17.4 Installing UPnP in Windows Example	161
Maintenance and Troubleshooting	171
System	173
18.1 System Overview	173
18.2 System General Screen	173
18.3 Time Setting Screen	174
Logs	177
19.1 View Log	177
19.2 Log Settings	178
19.3 Log Descriptions	181
Tools	191
20.1 Firmware Upload Screen	191
20.2 Configuration Screen	192
20.2.1 Backup Configuration	193
20.2.2 Restore Configuration	193
20.2.3 Back to Factory Defaults	194
20.3 Restart Screen	194
Configuration Mode	197
Sys Op Mode	199
22.1 Overview	199
22.1.1 Router	199
22.1.2 AP	199
22.2 Selecting System Operation Mode	200
Troubleshooting	203
23.1 Power, Hardware Connections, and LEDs	203
23.2 NBG334W Access and Login	204
23.3 Internet Access	206
23.4 Resetting the NBG334W to Its Factory Defaults	207
23.5 Wireless Router/AP Troubleshooting	207
23.6 Advanced Features	208
Appendices and Index	209
Product Specifications and Wall- Mounting Instructions	211
Pop-up Windows, JavaScripts and Java Permissions	217
IP Addresses and Subnetting	223
Setting up Your Computer’s IP Address	231
23.6.1 Verifying Settings	246
Wireless LANs	247
23.6.2 WPA(2)-PSK Application Example	256
23.6.3 WPA(2) with RADIUS Application Example	256
Services	259
Legal Information	263

Match case Limit results 1 per page

Chapter 12 Firewall

NBG334W User’s Guide

132

Do not respond to

requests for

unauthorized

services

Select this option to prevent hackers from finding the NBG334W by probing for

unused ports. If you select this option, the NBG334W will not respond to port

request(s) for unused ports, thus leaving the unused ports and the NBG334W

unseen. By default this option is not selected and the NBG334W will reply with an

ICMP Port Unreachable packet for a port probe on its unused UDP ports, and a

TCP Reset packet for a port probe on its unused TCP ports.

Note that the probing packets must first traverse the NBG334W's firewall

mechanism before reaching this anti-probing mechanism. Therefore if the firewall

mechanism blocks a probing packet, the NBG334W reacts based on the firewall

policy, which by default, is to send a TCP reset packet for a blocked TCP packet.

You can use the command "sys firewall tcprst rst [on|off]" to change this policy.

When the firewall mechanism blocks a UDP packet, it drops the packet without

sending a response packet.

Service Setup

Enable Services

Blocking

Select this check box to enable this feature.

Available

Services

This is a list of pre-defined services (ports) you may prohibit your LAN computers

from using. Select the port you want to block using the drop-down list and click

Add

to add the port to the

Blocked Services

field.

Blocked Services

This is a list of services (ports) that will be inaccessible to computers on your LAN

once you enable service blocking.

Custom Port

A custom port is a service that is not available in the pre-defined

Available

Services

list and you must define using the next two fields.

Type

Choose the IP port (

TCP

UDP

) that defines your customized port from the drop

down list box.

Port Number

Enter the port number range that defines the service. For example, if you want to

define the Gnutella service, then select

TCP

type and enter a port range from

6345 to 6349.

Add

Select a service from the

Available Services

drop-down list and then click

Add

add a service to the

Blocked Services

Delete

Select a service from the

Blocked Services

list and then click

Delete

to remove

this service from the list.

Clear All

Click

Clear All

to empty the

Blocked Services

Schedule to Block

Day to Block:

Select a check box to configure which days of the week (or everyday) you want

service blocking to be active.

Time of Day to

Block (24-Hour

Format)

Select the time of day you want service blocking to take effect. Configure blocking

to take effect all day by selecting

All Day

. You can also configure specific times by

selecting

From

and entering the start time in the

Start (hour)

and

Start (min)

fields and the end time in the

End (hour)

and

End (min)

fields. Enter times in 24-

hour format, for example, "3:00pm" should be entered as "15:00".

Misc setting

Bypass Triangle

Route

Select this check box to have the NBG334W firewall ignore the use of triangle

route topology on the network.

Max NAT/Firewall

Session Per User

Type a number ranging from 1 to 2048 to limit the number of NAT/firewall sessions

that a host can create.

Apply

Click

Apply

to save the settings.

Reset

Click

Reset

to start configuring this screen again.

Table 51

Security > Firewall > Services

LABEL

DESCRIPTION