Home » ZyXEL Manuals » Networking » ZyXEL P-2802HWL-I1 » Manual Viewer

ZyXEL P-2802HWL-I1 User Guide - Page 231

Certificates, P-2802HWL-I Series User's Guide, Trusted Remote Host Details continued

Get ZyXEL P-2802HWL-I1 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 231 highlights

Chapter 15 Certificates Table 93 Trusted Remote Host Details (continued) LABEL DESCRIPTION Version This field displays the X.509 version number. Serial Number This field displays the certificate's identification number given by the device that created the certificate. Subject This field displays information that identifies the owner of the certificate, such as Common Name (CN), Organizational Unit (OU), Organization (O) and Country (C). Issuer This field displays identifying information about the default self-signed certificate on the ZyXEL Device that the ZyXEL Device uses to sign the trusted remote host certificates. Signature Algorithm This field displays the type of algorithm that the ZyXEL Device used to sign the certificate, which is rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1 hash algorithm). Valid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable. Valid To This field displays the date that the certificate expires. The text displays in red and includes an Expiring! or Expired! message if the certificate is about to expire or has already expired. Key Algorithm This field displays the type of algorithm that was used to generate the certificate's key pair (the ZyXEL Device uses RSA encryption) and the length of the key set in bits (1024 bits for example). Subject Alternative Name This field displays the certificate's owner's IP address (IP), domain name (DNS) or e-mail address (EMAIL). Key Usage This field displays for what functions the certificate's key can be used. For example, "DigitalSignature" means that the key can be used to sign certificates and "KeyEncipherment" means that the key can be used to encrypt text. Basic Constraint This field displays general information about the certificate. For example, Subject Type=CA means that this is a certification authority's certificate and "Path Length Constraint=1" means that there can only be one certification authority in the certificate's path. MD5 Fingerprint This is the certificate's message digest that the ZyXEL Device calculated using the MD5 algorithm. You cannot use this value to verify that this is the remote host's actual certificate because the ZyXEL Device has signed the certificate; thus causing this value to be different from that of the remote hosts actual certificate. See Section 15.12 on page 228 for how to verify a remote host's certificate. SHA1 Fingerprint This is the certificate's message digest that the ZyXEL Device calculated using the SHA1 algorithm. You cannot use this value to verify that this is the remote host's actual certificate because the ZyXEL Device has signed the certificate; thus causing this value to be different from that of the remote hosts actual certificate. See Section 15.12 on page 228 for how to verify a remote host's certificate. Certificate in PEM (Base-64) Encoded Format This read-only text box displays the certificate or certification request in Privacy Enhanced Mail (PEM) format. PEM uses 64 ASCII characters to convert the binary certificate into a printable form. You can copy and paste the certificate into an e-mail to send to friends or colleagues or you can copy and paste the certificate into a text editor and save the file on a management computer for later distribution (via floppy disk for example). Back Click Back to return to the previous screen. Export Click this button and then Save in the File Download screen. The Save As screen opens, browse to the location that you want to use and click Save. P-2802H(W)(L)-I Series User's Guide 231

Section	Page
User's Guide	1
About This User's Guide	3
Document Conventions	4
Safety Warnings	6
Contents Overview	9
Table of Contents	11
List of Figures	21
List of Tables	27
Introduction	33
Introducing the ZyXEL Device	35
1.1 Overview	35
1.2 Ways to Manage the ZyXEL Device	36
1.3 Good Habits for Managing the ZyXEL Device	37
1.4 Applications for the ZyXEL Device	37
1.4.1 Secure Internet Access	37
1.4.2 Wireless LAN Application	38
1.4.3 Making Calls via Internet Telephony Service Provider	38
1.4.4 Making Peer-to-peer Calls	39
1.5 LEDs	40
1.6 The RESET Button	41
1.6.1 Using The Reset Button	41
Introducing the Web Configurator	43
2.1 Web Configurator Overview	43
2.1.1 Accessing the Web Configurator	43
2.2 Web Configurator Main Screen	46
2.2.1 Title Bar	46
2.2.2 Navigation Panel	47
2.2.3 Main Window	49
2.2.4 Status Bar	49
Wizard	51
Internet and Wireless Setup Wizard	53
3.1 Introduction	53
3.2 Internet Access Wizard Setup	53
3.3 Wireless Connection Wizard Setup	58
3.3.1 Manually Assign a WPA-PSK key	61
3.3.2 Manually Assign a WEP Key	61
VoIP Wizard And Example	65
4.1 Introduction	65
4.2 VoIP Wizard Setup	65
Advanced	71
Status Screens	73
5.1 Status Screen	73
5.2 Any IP Table	76
5.3 WLAN Status (“W” models only)	77
5.4 Packet Statistics	77
5.5 VoIP Statistics	79
WAN Setup	83
6.1 WAN Overview	83
6.1.1 PPP over Ethernet	83
6.1.2 IP Address Assignment	83
6.1.3 Nailed-Up Connection (PPP)	84
6.2 Internet Access Setup	84
6.2.1 Advanced Internet Access Setup	86
6.3 WAN Interface Setup	87
LAN Setup	89
7.1 LAN Overview	89
7.1.1 LANs, WANs and the ZyXEL Device	89
7.1.2 DHCP Setup	90
7.2 DNS Server Addresses	90
7.3 LAN TCP/IP	90
7.3.1 IP Address and Subnet Mask	91
7.3.2 RIP Setup	92
7.3.3 Multicast	92
7.3.4 Any IP	93
7.4 Configuring LAN IP	94
7.4.1 Configuring Advanced LAN Setup	95
7.5 DHCP Setup	96
7.6 LAN Client List	97
7.7 LAN IP Alias	99
Wireless LAN	101
8.1 Wireless Network Overview	101
8.2 Wireless Security Overview	102
8.2.1 SSID	102
8.2.2 MAC Address Filter	102
8.2.3 User Authentication	102
8.2.4 Encryption	103
8.2.5 One-Touch Intelligent Security Technology (OTIST)	104
8.3 Additional Wireless Terms	104
8.4 General WLAN Screen	104
8.4.1 No Security	105
8.4.2 WEP Encryption Screen	106
8.4.3 WPA(2)-PSK	107
8.4.4 WPA(2) Authentication Screen	109
8.4.5 Wireless LAN Advanced Setup	110
8.5 OTIST Screen	111
8.5.1 Notes on OTIST	113
8.6 MAC Filter	114
Network Address Translation (NAT) Screens	117
9.1 NAT General Overview	117
9.1.1 NAT Definitions	117
9.1.2 What NAT Does	118
9.1.3 How NAT Works	118
9.1.4 NAT Application	118
9.1.5 NAT Mapping Types	119
9.2 SUA (Single User Account) Versus NAT	120
9.3 NAT General Setup	120
9.4 Port Forwarding	121
9.4.1 Default Server IP Address	122
9.4.2 Port Forwarding: Services and Port Numbers	122
9.4.3 Configuring Servers Behind Port Forwarding (Example)	122
9.5 Configuring Port Forwarding	123
9.5.1 Port Forwarding Rule Edit	124
9.6 Address Mapping	125
9.6.1 Address Mapping Rule Edit	126
9.6.2 SIP ALG	128
Voice	129
10.1 Introduction to VoIP	129
10.2 SIP	129
10.2.1 SIP Identities	129
10.2.2 SIP Call Progression	130
10.2.3 SIP Servers	130
10.2.4 RTP	132
10.2.5 Pulse Code Modulation	132
10.2.6 Voice Coding	132
10.2.7 PSTN Call Setup Signaling	133
10.2.8 MWI (Message Waiting Indication)	133
10.2.9 Custom Tones (IVR)	133
10.3 Quality of Service (QoS)	134
10.3.1 Type of Service (ToS)	134
10.3.2 DiffServ	134
10.3.3 VLAN Tagging	135
10.4 SIP Settings Screen	135
10.5 Advanced SIP Setup Screen	137
10.6 SIP QoS Screen	141
10.7 Phone	141
10.7.1 Voice Activity Detection/Silence Suppression	141
10.7.2 Comfort Noise Generation	142
10.7.3 Echo Cancellation	142
10.8 Analog Phone Screen	142
10.9 Advanced Analog Phone Setup Screen	143
10.10 Common Phone Settings Screen	144
10.11 Phone Services Overview	145
10.11.1 The Flash Key	145
10.11.2 Europe Type Supplementary Phone Services	145
10.11.3 USA Type Supplementary Services	147
10.12 Phone Region Screen	148
10.13 Speed Dial	148
10.14 Incoming Call Policy Screen	150
10.15 PSTN Line (“L” models only)	152
10.16 PSTN Line Screen (“L” models only)	152
Firewalls	155
11.1 Firewall Overview	155
11.1.1 Stateful Inspection Firewall	155
11.1.2 About the ZyXEL Device Firewall	155
11.1.3 Guidelines For Enhancing Security With Your Firewall	156
11.2 General Firewall Policy Overview	156
11.3 Security Considerations	158
11.4 Triangle Route	158
11.4.1 The “Triangle Route” Problem	158
11.4.2 Solving the “Triangle Route” Problem	159
11.5 General Firewall Policy	160
11.6 Firewall Rules Summary	161
11.6.1 Configuring Firewall Rules	163
11.6.2 Customized Services	166
11.6.3 Configuring A Customized Service	166
11.7 Example Firewall Rule	167
11.8 Firewall Thresholds	171
11.8.1 Threshold Values	172
11.8.2 Configuring Firewall Thresholds	172
Content Filtering	175
12.1 Content Filtering Overview	175
12.2 Configuring Keyword Blocking	175
12.3 Configuring the Schedule	176
12.4 Configuring Trusted Computers	177
Introduction to IPSec	179
13.1 VPN Overview	179
13.1.1 IPSec	179
13.1.2 Security Association	179
13.1.3 Other Terminology	179
13.1.4 VPN Applications	180
13.2 IPSec Architecture	180
13.2.1 IPSec Algorithms	181
13.2.2 Key Management	181
13.3 Encapsulation	181
13.3.1 Transport Mode	182
13.3.2 Tunnel Mode	182
13.4 IPSec and NAT	182
VPN Screens	185
14.1 VPN/IPSec Overview	185
14.2 IPSec Algorithms	185
14.2.1 AH (Authentication Header) Protocol	185
14.2.2 ESP (Encapsulating Security Payload) Protocol	185
14.3 My IP Address	186
14.4 Secure Gateway Address	186
14.4.1 Dynamic Secure Gateway Address	187
14.5 VPN Setup Screen	187
14.6 Keep Alive	189
14.7 VPN, NAT, and NAT Traversal	189
14.8 Remote DNS Server	190
14.9 ID Type and Content	191
14.9.1 ID Type and Content Examples	192
14.10 Pre-Shared Key	193
14.11 Editing VPN Policies	193
14.12 IKE Phases	198
14.12.1 Negotiation Mode	199
14.12.2 Diffie-Hellman (DH) Key Groups	199
14.12.3 Perfect Forward Secrecy (PFS)	200
14.13 Configuring Advanced IKE Settings	200
14.14 Manual Key Setup	202
14.14.1 Security Parameter Index (SPI)	202
14.15 Configuring Manual Key	203
14.16 Viewing SA Monitor	205
14.17 Configuring Global Setting	207
14.18 Telecommuter VPN/IPSec Examples	207
14.18.1 Telecommuters Sharing One VPN Rule Example	207
14.18.2 Telecommuters Using Unique VPN Rules Example	208
14.19 VPN and Remote Management	210
Certificates	211
15.1 Certificates Overview	211
15.1.1 Advantages of Certificates	212
15.2 Self-signed Certificates	212
15.3 Configuration Summary	212
15.4 My Certificates	212
15.5 My Certificate Import	214
15.5.1 Certificate File Formats	215
15.6 My Certificate Create	216
15.7 My Certificate Details	218
15.8 Trusted CAs	221
15.9 Trusted CA Import	223
15.10 Trusted CA Details	224
15.11 Trusted Remote Hosts	226
15.12 Verifying a Trusted Remote Host’s Certificate	228
15.12.1 Trusted Remote Host Certificate Fingerprints	228
15.13 Trusted Remote Hosts Import	229
15.14 Trusted Remote Host Certificate Details	229
15.15 Directory Servers	232
15.16 Directory Server Add and Edit	233
Static Route	235
16.1 Static Route	235
16.2 Configuring Static Route	235
16.2.1 Static Route Edit	236
Quality of Service (QoS)	239
17.1 QoS Overview	239
17.1.1 IEEE 802.1Q Tag	239
17.1.2 IP Precedence	240
17.1.3 DiffServ	240
17.1.4 Automatical Priority Queue Assignment	241
17.2 Configuring QoS General Screen	241
17.3 Class Setup	242
17.3.1 Class Configuration	243
17.3.2 QoS Example	246
17.4 QoS Monitor	248
Dynamic DNS Setup	251
18.1 Dynamic DNS Overview	251
18.1.1 DYNDNS Wildcard	251
18.2 Configuring Dynamic DNS	251
Remote Management Configuration	255
19.1 Remote Management Overview	255
19.1.1 Remote Management Limitations	256
19.1.2 Remote Management and NAT	256
19.1.3 System Timeout	256
19.2 WWW (HTTP and HTTPS)	257
19.3 WWW	258
19.4 HTTPS Example	259
19.4.1 Internet Explorer Warning Messages	259
19.4.2 Netscape Navigator Warning Messages	260
19.4.3 Avoiding the Browser Warning Messages	260
19.4.4 Login Screen	261
19.5 Telnet	263
19.6 Configuring Telnet	263
19.7 Configuring FTP	264
19.8 SNMP	265
19.8.1 Supported MIBs	266
19.8.2 SNMP Traps	267
19.8.3 Configuring SNMP	267
19.9 Configuring DNS	268
19.10 Configuring ICMP	269
Universal Plug-and-Play (UPnP)	271
20.1 Introducing Universal Plug and Play	271
20.1.1 How do I know if I'm using UPnP?	271
20.1.2 NAT Traversal	271
20.1.3 Cautions with UPnP	271
20.2 UPnP and ZyXEL	272
20.2.1 Configuring UPnP	272
20.3 Installing UPnP in Windows Example	273
20.4 Using UPnP in Windows XP Example	276
Maintenance, Troubleshooting and Specifications	283
System	285
21.1 General Setup and System Name	285
21.1.1 General Setup	285
21.2 Time Setting	287
Logs	289
22.1 Logs Overview	289
22.1.1 Alerts and Logs	289
22.2 Viewing the Logs	289
22.3 Configuring Log Settings	290
22.4 SMTP Error Messages	292
22.4.1 Example E-mail Log	293
22.5 Log Descriptions	294
Tools	303
23.1 Introduction	303
23.2 Filename Conventions	303
23.3 File Maintenance Over WAN	304
23.4 Firmware Upgrade Screen	305
23.5 Backup and Restore	306
23.5.1 Backup Configuration	307
23.5.2 Restore Configuration	307
23.5.3 Reset to Factory Defaults	308
23.6 Restart	309
23.7 Using FTP or TFTP to Back Up Configuration	309
23.7.1 Using the FTP Commands to Back Up Configuration	309
23.7.2 FTP Command Configuration Backup Example	310
23.7.3 Configuration Backup Using GUI-based FTP Clients	310
23.7.4 Backup Configuration Using TFTP	310
23.7.5 TFTP Command Configuration Backup Example	311
23.7.6 Configuration Backup Using GUI-based TFTP Clients	311
23.8 Using FTP or TFTP to Restore Configuration	312
23.8.1 Restore Using FTP Session Example	312
23.9 FTP and TFTP Firmware and Configuration File Uploads	312
23.9.1 FTP File Upload Command from the DOS Prompt Example	313
23.9.2 FTP Session Example of Firmware File Upload	313
23.9.3 TFTP File Upload	313
23.9.4 TFTP Upload Command Example	314
Diagnostic	315
24.1 General Diagnostic	315
24.2 DSL Line Diagnostic	315
Troubleshooting	317
25.1 Power, Hardware Connections, and LEDs	317
25.2 ZyXEL Device Access and Login	318
25.3 Internet Access	320
25.4 Phone Calls and VoIP	321
25.5 Problems With Multiple SIP Accounts	322
25.5.1 Outgoing Calls	322
25.5.2 Incoming Calls	323
Product Specifications	325
Appendices and Index	335
Setting up Your Computer’s IP Address	337
Pop-up Windows, JavaScripts and Java Permissions	349
IP Addresses and Subnetting	355
Wireless LANs	363
Services	373
Internal SPTGEN	377
Legal Information	401
Customer Support	405

Match case Limit results 1 per page

Chapter 15 Certificates

P-2802H(W)(L)-I Series User’s Guide

231

Version

This field displays the X.509 version number.

Serial Number

This field displays the certificate’s identification number given by the device

that created the certificate.

Subject

This field displays information that identifies the owner of the certificate, such

as Common Name (CN), Organizational Unit (OU), Organization (O) and

Country (C).

Issuer

This field displays identifying information about the default self-signed

certificate on the ZyXEL Device that the ZyXEL Device uses to sign the trusted

remote host certificates.

Signature Algorithm

This field displays the type of algorithm that the ZyXEL Device used to sign the

certificate, which is rsa-pkcs1-sha1 (RSA public-private key encryption

algorithm and the SHA1 hash algorithm).

Valid From

This field displays the date that the certificate becomes applicable. The text

displays in red and includes a Not Yet Valid! message if the certificate has not

yet become applicable.

Valid To

This field displays the date that the certificate expires. The text displays in red

and includes an Expiring! or Expired! message if the certificate is about to

expire or has already expired.

Key Algorithm

This field displays the type of algorithm that was used to generate the

certificate’s key pair (the ZyXEL Device uses RSA encryption) and the length

of the key set in bits (1024 bits for example).

Subject Alternative

Name

This field displays the certificate’s owner‘s IP address (IP), domain name

(DNS) or e-mail address (EMAIL).

Key Usage

This field displays for what functions the certificate’s key can be used. For

example, “DigitalSignature” means that the key can be used to sign certificates

and “KeyEncipherment” means that the key can be used to encrypt text.

Basic Constraint

This field displays general information about the certificate. For example,

Subject Type=CA means that this is a certification authority’s certificate and

“Path Length Constraint=1” means that there can only be one certification

authority in the certificate’s path.

MD5 Fingerprint

This is the certificate’s message digest that the ZyXEL Device calculated using

the MD5 algorithm. You cannot use this value to verify that this is the remote

host’s actual certificate because the ZyXEL Device has signed the certificate;

thus causing this value to be different from that of the remote hosts actual

certificate. See

Section 15.12 on page 228

for how to verify a remote host’s

certificate.

SHA1 Fingerprint

This is the certificate’s message digest that the ZyXEL Device calculated using

the SHA1 algorithm. You cannot use this value to verify that this is the remote

host’s actual certificate because the ZyXEL Device has signed the certificate;

thus causing this value to be different from that of the remote hosts actual

certificate. See

Section 15.12 on page 228

for how to verify a remote host’s

certificate.

Certificate in PEM

(Base-64) Encoded

Format

This read-only text box displays the certificate or certification request in Privacy

Enhanced Mail (PEM) format. PEM uses 64 ASCII characters to convert the

binary certificate into a printable form.

You can copy and paste the certificate into an e-mail to send to friends or

colleagues or you can copy and paste the certificate into a text editor and save

the file on a management computer for later distribution (via floppy disk for

example).

Back

Click

Back

to return to the previous screen.

Export

Click this button and then

Save

in the

File Download

screen. The

Save As

screen opens, browse to the location that you want to use and click

Save

Table 93

Trusted Remote Host Details (continued)

LABEL

DESCRIPTION