ZyXEL P-662H-D3 User Guide
ZyXEL P-662H-D3 Manual
 |
View all ZyXEL P-662H-D3 manuals
Add to My Manuals
Save this manual to your list of manuals |
ZyXEL P-662H-D3 manual content summary:
- ZyXEL P-662H-D3 | User Guide - Page 1
P-662H/HW-D Series 802.11g ADSL2+ 4-Port Security Gateway User's Guide Version 3.40 12/2008 Edition 3 DEFAULT LOGIN IP Address http://192.168.1.1 User Password user Admin Password 1234 www.zyxel.com - ZyXEL P-662H-D3 | User Guide - Page 2
- ZyXEL P-662H-D3 | User Guide - Page 3
questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. E-mail: [email protected] P-662H/HW-D Series User's Guide 3 - ZyXEL P-662H-D3 | User Guide - Page 4
recommendations. Syntax Conventions • The P-662H/HW-D may be referred to as the "ZyXEL Device", the "device", the "system" or the "product" in this User's Guide. • Product labels, screen names for "for instance", and "i.e.," means "that is" or "in other words". 4 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 5
Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server DSLAM Firewall Telephone Switch Router P-662H/HW-D Series User's Guide 5 - ZyXEL P-662H-D3 | User Guide - Page 6
be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for stumble over them. • Always disconnect all cables from this device before servicing or disassembling. • Use ONLY an appropriate power adaptor or cord for 6 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 7
This product is recyclable. Dispose of it properly. Safety Warnings P-662H/HW-D Series User's Guide 7 - ZyXEL P-662H-D3 | User Guide - Page 8
Safety Warnings 8 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 9
277 Dynamic DNS Setup ...287 Remote Management Configuration 291 Universal Plug-and-Play (UPnP 303 Maintenance, Troubleshooting and Specifications 315 System ...317 Logs ...323 Tools ...329 Diagnostic ...335 Troubleshooting ...337 Product Specifications ...347 P-662H/HW-D Series User's Guide 9 - ZyXEL P-662H-D3 | User Guide - Page 10
Contents Overview Appendices and Index ...353 10 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 11
Overview 43 2.2 Accessing the Web Configurator 43 2.3 Resetting the ZyXEL Device 46 2.3.1 Using the Reset Button 46 2.4 Navigating the Web Configurator 47 2.4.1 Status: VPN Status ...54 2.4.7 Status: Packet Statistics 55 2.4.8 Changing Login Password 57 P-662H/HW-D Series User's Guide 11 - ZyXEL P-662H-D3 | User Guide - Page 12
Connection 87 5.6 Configuring More Connections 89 5.6.1 More Connections Edit 90 5.6.2 Configuring More Connections Advanced Setup 92 5.7 Traffic Redirect ...94 5.8 Configuring WAN Backup 94 5.9 WAN Backup Advanced Screen 96 5.10 Dial Backup Modem Setup 99 12 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 13
(2)-PSK ...120 7.5.4 WPA(2) Authentication Screen 122 7.5.5 Wireless LAN Advanced Setup 124 7.6 OTIST ...125 7.6.1 Enabling OTIST ...125 7.6.2 Starting OTIST ...127 7.6.3 Notes on OTIST ...128 7.7 MAC Filter ...129 7.8 WMM QoS ...130 7.8.1 WMM QoS Example 130 P-662H/HW-D Series User's Guide 13 - ZyXEL P-662H-D3 | User Guide - Page 14
9.2 SUA (Single User Account) Versus NAT 144 9.3 NAT General Setup ...144 9.4 Port Forwarding ...145 9.4.1 Default Server IP Address 146 9.4.2 Port Forwarding: Services and Port Numbers III: Security 155 Chapter 10 Firewalls...157 10.1 Firewall Overview ...157 14 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 15
Configuring A Customized Service 178 11.7 Example Firewall Rule ...179 11.8 Predefined Services ...183 11.9 Anti-Probing ...185 11.10 DoS Thresholds ...186 11.10.1 Threshold Values 186 11.10.2 Half-Open Sessions 187 11.10.3 Configuring Firewall Thresholds 187 P-662H/HW-D Series User's Guide 15 - ZyXEL P-662H-D3 | User Guide - Page 16
197 13.2.2 Configuring Services 198 13.2.3 Configuring Web Site Filters 200 13.2.4 Testing Web Site Access Privileges 205 13.3 User Account Setup ...206 13.4 User Online Status ...207 IPSec Algorithms ...217 15.2.2 Key Management 217 15.3 Encapsulation ...217 16 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 17
235 16.13 Configuring Advanced IKE Settings 235 16.14 Manual Key Setup ...238 16.14.1 Security Parameter Index (SPI 238 16.15 Configuring Manual Key 238 16.16 Viewing SA Monitor ...241 16 ...248 17.3 Configuration Summary 248 17.4 My Certificates ...248 P-662H/HW-D Series User's Guide 17 - ZyXEL P-662H-D3 | User Guide - Page 18
for Non-Bandwidth Class Traffic 279 19.6.2 Maximize Bandwidth Usage Example 279 19.6.3 Bandwidth Management Priorities 281 19.7 Configuring Summary ...281 19.8 Bandwidth Management Rule Setup 282 19.8.1 Rule Configuration 283 19.9 Bandwidth Monitor ...286 18 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 19
294 21.5 Configuring FTP ...295 21.6 SNMP ...296 21.6.1 Supported MIBs ...297 21.6.2 SNMP Traps ...297 21.6.3 Configuring SNMP Troubleshooting and Specifications 315 Chapter 23 System ...317 23.1 General Setup and System Name 317 23.1.1 System Configuration 317 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 20
27.4.2 ActiveX Controls in Internet Explorer 344 Chapter 28 Product Specifications ...347 28.1 General ZyXEL Device Specifications 347 28.2 Wall-mounting Instructions 351 Part VI: Appendices and Index 353 Appendix A Setting up Your Computer's IP Address 355 20 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 21
Appendix E Management with Wireless Zero Configuration 409 Appendix F Common Services 423 Appendix G Virtual Circuit Topology 427 Appendix H Importing Certificates Descriptions 459 Appendix M Legal Information 475 Appendix N Customer Support 479 Index...485 P-662H/HW-D Series User's Guide 21 - ZyXEL P-662H-D3 | User Guide - Page 22
Table of Contents 22 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 23
LAN Setup Wizard 2 68 Figure 33 Manually assign a WPA key 69 Figure 34 Manually assign a WEP key 70 Figure 35 Wireless LAN Setup 3 ...70 Figure 36 Internet Access and WLAN Wizard Setup Complete 71 Figure 37 Select a Mode ...74 Figure 38 Wizard: Welcome ...75 P-662H/HW-D Series User's Guide 23 - ZyXEL P-662H-D3 | User Guide - Page 24
107 Figure 57 DHCP Setup ...108 Figure 58 LAN Client List ...110 Figure 59 Physical Network & Partitioned Logical Networks 111 Figure 60 LAN IP Alias ...111 Figure 61 Example of a Wireless Network 113 Figure Address Example 139 Figure 81 How NAT Works ...142 24 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 25
Forwarding ...147 Figure 86 Port Forwarding Rule Setup 148 Figure 87 Address Mapping Rules ...149 User Login Screen 210 Figure 122 Content Access Control: User Logout Screen 210 Figure 123 Security > Register ...212 Figure 124 Security > Register > Service 213 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 26
218 Figure 128 IPSec Summary Fields ...223 Figure 129 VPN Setup ...224 Figure 130 NAT Router Between IPSec Routers 225 Figure IPSec SA 233 Figure 134 Advanced VPN Policies ...236 Figure 135 VPN: Manual Key ...239 Figure 136 VPN: SA Monitor ...242 Figure 137 VPN: P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 27
Setup: Communication: Components 306 Figure 176 Network Connections ...306 Figure 177 Windows Optional Networking Components Wizard 307 Figure 178 Networking Services Example ...327 Figure 193 Firmware Upgrade ...329 Figure 194 Firmware Upload In Progress 330 662H/HW-D Series User's Guide 27 - ZyXEL P-662H-D3 | User Guide - Page 28
Internet Options: Privacy ...379 Figure 251 Pop-up Blocker Settings ...379 Figure 252 Internet Options: Security 380 Figure 253 Security Settings - Java Scripting 381 28 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 29
394 Figure 264 Peer-to-Peer Communication in an Ad-hoc Network 395 Figure 265 Basic Service Set ...396 Figure 266 Infrastructure WLAN ...397 Figure 267 RTS/CTS ...398 Figure 268 WPA Store ...432 Figure 296 Certificate General Information after Import 433 P-662H/HW-D Series User's Guide 29 - ZyXEL P-662H-D3 | User Guide - Page 30
Example 445 Figure 305 Internal SPTGEN FTP Upload Example 445 Figure 306 Displaying Log Categories Example 472 Figure 307 Displaying Log Parameters Example 473 30 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 31
System General: Password ...57 Table 9 Internet Access Wizard Setup: ISP Setup Wizard 1 67 Table 15 Wireless LAN Setup Wizard 2 68 Table 16 Manually assign a WPA key ...69 Table 17 Manually assign a WEP key 70 Table 18 Media Bandwidth Management Setup: Services 662H/HW-D Series User's Guide 31 - ZyXEL P-662H-D3 | User Guide - Page 32
54 Port Forwarding Rule Setup 148 Table 55 Address Trigger Alerts 162 Table 61 Legal NetBIOS Commands 162 General: Services 199 Table User Profiles 206 Table 80 Content Access Control: Online Status 207 Table 81 Content Access Control: Trusted Device 208 32 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 33
Service 214 Table 85 VPN and NAT ...219 Table 86 AH and ESP ...222 Table 87 VPN Setup Manual Setup 282 Table 121 Bandwidth Management Rule Configuration 284 Table 122 Dynamic DNS ...288 Table 123 Remote Management: WWW 293 Table 124 Remote Management: Telnet 295 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 34
General Setup ...318 Troubleshooting Starting Up Your ZyXEL Device 337 Table 142 Troubleshooting the LAN ...337 Table 143 Troubleshooting the WAN 338 Table 144 Troubleshooting Accessing the ZyXEL Device 338 Table 145 Hardware Specifications ...347 Table 146 Firmware 662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 35
Properties 419 Table 170 Commonly Used Services 423 Table 171 NetBIOS Filter Default Settings 436 Table 172 Abbreviations Used Error Logs ...460 Table 185 Access Control Logs ...460 Table 186 TCP Reset Logs ...461 Table 187 Packet Filter Logs ...461 Table 188 ICMP 662H/HW-D Series User's Guide 35 - ZyXEL P-662H-D3 | User Guide - Page 36
List of Tables 36 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 37
PART I Introduction and Wizards Getting To Know Your ZyXEL Device (39) Introducing the Web Configurator (43) Wizard Setup for Internet Access (59) Bandwidth Management Wizard (73) 37 - ZyXEL P-662H-D3 | User Guide - Page 38
38 - ZyXEL P-662H-D3 | User Guide - Page 39
a device that works over T-ISDN (UR-2). 1 Only use firmware for your ZyXEL Device's specific model. Refer to the label on the bottom of your ZyXEL Device. 1.1.1 Applications of the ZyXEL Device The following sections describe the features of the ZyXEL Device. P-662H/HW-D Series User's Guide 39 - ZyXEL P-662H-D3 | User Guide - Page 40
provides protection from attacks by Internet hackers. By default, the firewall blocks all incoming traffic from the WAN. The firewall supports TCP/UDP inspection and DoS (Denial of Services) detection and prevention, as well as real time alerts, reports and logs. 40 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 41
) failure or the device has malfunctioned. Off The system is not receiving power. LAN 1-4 Green On The ZyXEL Device has a successful 10/100Mb Ethernet connection. Blinking The ZyXEL Device is sending/receiving data. None Off The LAN is not connected. P-662H/HW-D Series User's Guide 41 - ZyXEL P-662H-D3 | User Guide - Page 42
WLAN (P- Green On 662HW only) The ZyXEL Device is ready, but is not sending/receiving data through the wireless LAN. Blinking The ZyXEL Device is sending/receiving data has failed. Refer to the Quick Start Guide for information on hardware connections. 42 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 43
port for initial configuration. 1 Make sure your ZyXEL Device hardware is properly connected (refer to the Quick Start Guide). 2 Prepare your computer/computer network to connect to the ZyXEL Device (refer to the Quick Start Guide). 3 Launch your web browser. P-662H/HW-D Series User's Guide 43 - ZyXEL P-662H-D3 | User Guide - Page 44
the default admin password 1234 to configure the wizards and the advanced features or the default user password user to password now. " If you do not change the password at least once, the following screen appears every time you log in with the admin password. 44 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 45
the following screen appears every time you log in. Figure 8 Replace Factory Default Certificate 8 Select Go to Wizard setup and click Apply to display the wizard main screen. Otherwise, select Go to Advanced setup and click Apply to display the Status screen. P-662H/HW-D Series User's Guide 45 - ZyXEL P-662H-D3 | User Guide - Page 46
to blink, the defaults have been restored and the ZyXEL Device restarts. You can also use the RESET button to: • Activate/Deactivate the wireless network - by pressing the RESET button for 1 second. • Start OTIST - by pressing the RESET button for 3 seconds. 46 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 47
the Web Configurator 2.4 Navigating the Web Configurator We use the P-662HW-D1 web screens in this guide as an example. Screens vary slightly for different ZyXEL Device models. 2.4.1 Navigation Panel After you enter the admin password, use the sub-menus on the navigation panel to configure - ZyXEL P-662H-D3 | User Guide - Page 48
ICON SUB-LINK FUNCTION Status This screen shows the ZyXEL Device's general device, system and interface status TCP/IP settings, enable Any IP and other advanced properties. DHCP Setup Use this screen to configure LAN DHCP settings. Client List Use this 48 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 49
Use this screen to enable bandwidth management on an interface. Rule Setup Use this screen to define a bandwidth rule. Monitor Use this screen to view the ZyXEL Device's bandwidth usage and allotments. Dynamic DNS Use this screen to set up dynamic DNS. P-662H/HW-D Series User's Guide 49 - ZyXEL P-662H-D3 | User Guide - Page 50
help you identify problems with the DSL line. 2.4.2 Status Screen Use this screen to look at the current status of the ZyXEL Device. Some fields or links are not available if you entered the user password in the login password screen (see Figure 6 on page 44). 50 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 51
Mask This is the WAN port IP subnet mask. Default Gateway This is the IP address of the default gateway, if applicable. VPI/VCI This is the Virtual Path Identifier and Virtual Channel Identifier that you entered in the Wizard or WAN screen. LAN Information P-662H/HW-D Series User's Guide 51 - ZyXEL P-662H-D3 | User Guide - Page 52
of IP addresses and MAC addresses of computers, which are not in the same subnet as the ZyXEL Device. WLAN Status This screen displays the MAC address(es) of the wireless stations that are (wireless devices currently associating with the ZyXEL Device. only) 52 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 53
MAC address) of all network devices that use the Any IP feature to communicate with the ZyXEL Device. Figure 12 Status: Any IP Table The following table describes the labels in this screen the wireless stations that are currently associated to the ZyXEL Device. P-662H/HW-D Series User's Guide 53 - ZyXEL P-662H-D3 | User Guide - Page 54
Association TIme This field displays the time a wireless station first associated with the P-662H/HW-Dx. Refresh Click Refresh to reload this screen. 2.4.5 Status: Bandwidth Status shows the current status of any VPN tunnels the ZyXEL Device has negotiated. 54 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 55
-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. P-662H/HW-D Series User's Guide 55 - ZyXEL P-662H-D3 | User Guide - Page 56
is the elapsed time the system has been up. Current Date/Time This field displays your ZyXEL Device's present date and time. CPU Usage This field specifies the percentage of CPU utilization. field displays the number of bytes transmitted in the last second. 56 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 57
General: Password LABEL DESCRIPTION Old Password Type the default password or the existing password you use to access the system in this field. New Password Type the new password in this field. Retype to Confirm Type the new password again in this field. P-662H/HW-D Series User's Guide 57 - ZyXEL P-662H-D3 | User Guide - Page 58
Chapter 2 Introducing the Web Configurator Table 8 System General: Password LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 58 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 59
Setup 1 After you enter the admin password to access the web configurator, select Go to Wizard setup and click Apply. Otherwise, click the wizard icon ( ) in the top right corner of the web configurator to display the wizard main screen. Figure 18 Select a Mode P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 60
connections and click Restart the Internet/ Wireless Setup Wizard to have the ZyXEL Device detect your connection again. Figure 20 Auto 61), click Next and refer to Section 3.2.2 on page 61 on how to configure the ZyXEL Device for Internet access manually. 60 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 61
22 Auto-Detection: PPPoE 3.2.2 Manual Configuration 1 If the ZyXEL Device fails to detect your DSL connection type, enter the Internet access information given to you by your ISP exactly in the wizard screen. If not given, leave the fields set to the default. P-662H/HW-D Series User's Guide 61 - ZyXEL P-662H-D3 | User Guide - Page 62
screen. Table 9 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers continue. See Section 3.3 on page 66 for wireless connection wizard setup 62 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 63
Password Enter the password associated with the user name above. Service Name Type the name of your PPPoE service here. Back Click Back to go back to the previous wizard screen. Apply Click Apply to save your changes back to the ZyXEL previous wizard screen. P-662H/HW-D Series User's Guide 63 - ZyXEL P-662H-D3 | User Guide - Page 64
Chapter 3 Wizard Setup for Internet Access Table 11 Internet Connection with RFC 1483 (continued) LABEL wizard screen. Apply Click Apply to save your changes back to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. 64 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 65
Password setup to go back to the screen where you can modify them. Figure 28 Connection Test Failed-1 • If the following screen displays, check if your account is activated or click Restart the Internet/Wireless Setup Wizard to verify your Internet access settings. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 66
for Internet Access Figure 29 Connection Test Failed-2. 3.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up Use this screen to activate the wireless LAN and OTIST. Click Next to continue. 66 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 67
OTIST Setup Key on the ZyXEL Device and wireless clients. Click Back to display the previous screen. Click Next to proceed to the next screen. Click Exit to close the wizard screen without saving. 3 Configure your wireless settings in this screen. Click Next. P-662H/HW-D Series User's Guide 67 - ZyXEL P-662H-D3 | User Guide - Page 68
communication. 4 This screen varies depending on the security mode you selected in the previous screen. Fill in the field (if available) and click Next. 68 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 69
Back to display the previous screen. Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 3.3.3 Manually assign a WEP key Choose Manually assign a WEP key to setup WEP Encryption parameters. P-662H/HW-D Series User's Guide 69 - ZyXEL P-662H-D3 | User Guide - Page 70
close the wizard screen without saving. 5 Click Apply to save your wireless LAN settings. Figure 35 Wireless LAN Setup 3 6 Use the read-only summary table to check whether what you have configured is correct. Click Finish to complete and save the wizard setup. 70 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 71
Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. P-662H/HW-D Series User's Guide 71 - ZyXEL P-662H-D3 | User Guide - Page 72
Chapter 3 Wizard Setup for Internet Access 72 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 73
ZyXEL Device's WAN port and prioritize the distribution of the bandwidth according to service bandwidth requirements. This helps keep one service a computer network to specific groups or individuals. Here are some default ports for e-mail: POP3 - port 110 IMAP - port 662H/HW-D Series User's Guide 73 - ZyXEL P-662H-D3 | User Guide - Page 74
Setup: Services (continued) SERVICE over TCP, using the default port number 5060. VoIP Setup 1 After you enter the password to access the web configurator, select Go to Wizard setup SETUP to configure the system for Internet access and wireless connection. 74 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 75
to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 4 Use the second wizard screen to select the services that you want to apply bandwidth management and select the priorities that you want to apply to the services listed. P-662H/HW-D Series User's Guide 75 - ZyXEL P-662H-D3 | User Guide - Page 76
screen. Apply Click Apply to save your changes back to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. 5 Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuration. 76 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 77
Chapter 4 Bandwidth Management Wizard Figure 41 Bandwidth Management Wizard: Complete P-662H/HW-D Series User's Guide 77 - ZyXEL P-662H-D3 | User Guide - Page 78
Chapter 4 Bandwidth Management Wizard 78 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 79
PART II Network WAN Setup (81) LAN Setup (101) Wireless LAN (113) DMZ (137) Network Address Translation (NAT) Screens (141) 79 - ZyXEL P-662H-D3 | User Guide - Page 80
80 - ZyXEL P-662H-D3 | User Guide - Page 81
PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs' computers will have access. P-662H/HW-D Series User's Guide 81 - ZyXEL P-662H-D3 | User Guide - Page 82
ZyXEL Device encapsulates the PPP session based on RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service is not fixed; the ISP assigns you a different one each time. The Single User Account feature can be enabled or disabled if you have either a dynamic or - ZyXEL P-662H-D3 | User Guide - Page 83
-rate service or ZyXEL Device uses the following pre-defined priorities: • Normal route: designated by the ISP (see Section 5.5 on page 86) • Traffic-redirect route (see Section 5.7 on page 94) • WAN-backup route, also called dial-backup (see Section 5.8 on page 94) P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 84
the PCR again. If the PCR, SCR or MBS is set to the default of "0", the system will assign a maximum value that correlates to your upstream line rate. The following figure illustrates the relationship between PCR, SCR and MBS. Figure 42 Example of Traffic Shaping 84 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 85
connect to the ISP, you will be redirected to web screen(s) for information input or troubleshooting. Zero configuration for Internet access is disabled when • the ZyXEL Device is in bridge mode • you set the ZyXEL Device to use a static (fixed) WAN IP address. P-662H/HW-D Series User's Guide 85 - ZyXEL P-662H-D3 | User Guide - Page 86
, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. User Name (PPPoA and PPPoE only) Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. 86 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 87
Setup screen and edit more details of your WAN setup. 5.5.1 Configuring Advanced Internet Connection Use this screen to edit your ZyXEL Device's advanced WAN settings. Click the Advanced Setup button in the Internet Connection screen. The screen appears as shown. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 88
22 Advanced Internet Connection LABEL DESCRIPTION RIP & Multicast Setup RIP Direction RIP (Routing Information Protocol, RFC 1058 and every computer). The ZyXEL Device supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Select None to disable it. ATM QoS 88 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 89
WAN Setup Type the SCR, which must be less than the PCR. Note that system default is 0 cells/sec. Maximum Burst Maximum Burst Size (MBS) refers to to disable this feature. You must manually configure the ZyXEL Device for Internet access. This field is available P-662H/HW-D Series User's Guide 89 - ZyXEL P-662H-D3 | User Guide - Page 90
Chapter 5 WAN Setup Figure 45 More Connections The following table describes the labels in this screen. Table 23 More Connections LABEL DESCRIPTION via the WAN interface. Click the edit icon in the More Connections screen to configure a connection. 90 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 91
Setup Bridge, the ZyXEL Device will service name, then enter both components exactly as given. Password (PPPoA and PPPoE encapsulation only) Enter the password associated with the user name above. Service Name (PPPoE only) Type the name of your PPPoE service here. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 92
on Demand. The default setting is 0, setup. 5.6.2 Configuring More Connections Advanced Setup Use this screen to edit your ZyXEL Device's advanced WAN settings. Click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown. 92 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 93
Advanced Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction establish membership in a multicast group. The ZyXEL Device supports both IGMP version 1 (IGMP-v1) be less than the PCR. Note that system default is 0 cells/sec. Maximum Burst Maximum Burst 662H/HW-D Series User's Guide 93 - ZyXEL P-662H-D3 | User Guide - Page 94
from the protected LAN (Subnet 1) to the backup gateway (Subnet 2). Figure 49 Traffic Redirect LAN Setup 5.8 Configuring WAN Backup Use this screen to change your ZyXEL Device's WAN backup settings, click WAN > WAN Backup Setup. The screen appears as shown. 94 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 95
Setup LABEL DESCRIPTION Backup Type Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL the ZyXEL Device to wait between checks. Allow more time if your destination IP address handles lots of traffic. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 96
115200 or 230400 bps. User Name Enter the user name for this backup connection. Password Enter the password for this backup connection. ZyXEL Device's WAN backup advanced settings, click WAN > WAN Backup Setup > Advanced Setup. The screen appears as shown. 96 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 97
, your ZyXEL Device dials manual of your WAN device connected to your dial backup port for specific AT commands. Advanced Modem Setup Click the Edit button to display the Advanced Modem Setup screen and edit the details of your dial backup setup. TCP/IP Options P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 98
RIP packets that the ZyXEL Device sends (it recognizes both formats when receiving). Choose RIP-1, RIP-2B or RIP-2M. RIP-1 is universally supported; but RIP-2 carries Connect on Demand. The default setting is 0, which means the Internet session will not timeout. 98 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 99
budget should be reset. For example, control and the ZyXEL Device uses the Setup Use this screen to configure the advanced modem settings. Click Edit in the WAN > WAN Backup Setup > Advanced Setup to view the screen as shown. Figure 52 WAN Dial Backup Modem Setup P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 100
in this screen. Table 28 WAN Dial Backup Modem Setup LABEL DESCRIPTION AT Command Strings Dial Type the AT a call. Example: ata Drop DTR When Select this check box to have the ZyXEL Device drop the DTR (Data Terminal Hang Up Ready) signal after the "AT P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 101
Setup ZyXEL Device The actual physical connection determines whether the ZyXEL Device ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next. Figure 53 LAN and WAN IP Addresses P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 102
service off, you must have another DHCP server on your LAN, or else the computer must be manually configured. 6.1.2.1 IP Pool Setup The ZyXEL servers are conveyed through IPCP negotiation. The ZyXEL Device supports the IPCP DNS server extensions through the DNS proxy 662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 103
hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: • 10.0.0.0 - 10.255.255.255 • 172.16.0.0 - 172.31.255.255 • 192.168.0.0 - 192.168.255.255 P-662H/HW-D Series User's Guide 103 - ZyXEL P-662H-D3 | User Guide - Page 104
Guidelines for Management of IP Address Space. 6.2.2 RIP Setup RIP (Routing Information Protocol) allows a router to exchange RIP packets that the ZyXEL Device sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries 104 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 105
of the computer and the ZyXEL Device are not in the same subnet. Figure 54 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the ZyXEL Device's IP address. P-662H/HW-D Series User's Guide 105 - ZyXEL P-662H-D3 | User Guide - Page 106
the Internet as if it is in the same subnet as the ZyXEL Device. 6.3 Configuring LAN IP Use this screen to configure the LAN IP address of the ZyXEL Device. Click LAN to open the IP screen. See Section 6.1 on page 101 for background information. Figure 55 LAN IP 106 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 107
from RIP-1, RIP-2B and RIP-2M. Multicast IGMP (Internet Group Management Protocol) is a network-layer protocol used to establish membership in a multicast group. The ZyXEL Device supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Select None to disable it. P-662H/HW-D Series User's Guide 107 - ZyXEL P-662H-D3 | User Guide - Page 108
enabled with the default policy set to block WAN to LAN traffic, you also need to enable the default WAN to LAN Setup Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Figure 57 DHCP Setup 108 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 109
address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. To change your ZyXEL Device's static DHCP settings, click Network > LAN > Client List. The screen appears as shown. P-662H/HW-D Series User's Guide 109 - ZyXEL P-662H-D3 | User Guide - Page 110
range of IP addresses you specified in the DHCP Setup for the DHCP client. MAC Address Enter the MAC ZyXEL Device supports three logical LAN interfaces via its single physical Ethernet interface with the ZyXEL Device itself as the gateway for each LAN network. 110 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 111
Chapter 6 LAN Setup When you use IP alias, you can also configure firewall rules Physical Network & Partitioned Logical Networks To change your ZyXEL Device's IP alias settings, click Network > LAN > IP Alias. The screen appears as shown. Figure 60 LAN IP Alias P-662H/HW-D Series User's Guide 111 - ZyXEL P-662H-D3 | User Guide - Page 112
then all routers on your network must use multicasting, also. By default, RIP direction is set to Both and the Version set to RIP-1. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 112 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 113
network. It stands for Service Set IDentity. • If two wireless networks overlap, they should use a different channel. Like radio stations or television channels, each wireless network uses a specific channel, or frequency, to send and receive information. P-662H/HW-D Series User's Guide 113 - ZyXEL P-662H-D3 | User Guide - Page 114
ZyXEL Device does not broadcast the SSID. In addition, you should change the default support IEEE 802.1x to do this. For wireless networks, the user names and passwords for each user are usually stored: • In the ZyXEL Device: this feature is called a local user and F. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 115
option (WPA compatible) to support WPA as well. In this case, if some of the devices support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA compatible option in the ZyXEL Device. P-662H/HW-D Series User's Guide 115 - ZyXEL P-662H-D3 | User Guide - Page 116
information to the ZyXEL Device. Preamble A preamble affects the timing in your wireless network. There are two preamble modes: long and short. If a device uses a different preamble mode than the ZyXEL Device does, it cannot communicate with the ZyXEL Device. 116 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 117
must then change the wireless settings of your computer to match the ZyXEL Device's new settings. Use this screen to configure the wireless settings on the ZyXEL Device. Click Network > Wireless LAN to open the General screen. Figure 62 Wireless LAN: General P-662H/HW-D Series User's Guide 117 - ZyXEL P-662H-D3 | User Guide - Page 118
wireless LAN by pressing the RESET button for 1 second. Network Name(SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless on your ZyXEL Device, your network is accessible to any wireless networking device that is within range. 118 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 119
the Wireless Advanced Setup screen and edit more details of your WLAN setup. 7.5.2 WEP Encryption Screen In order to configure and enable WEP encryption; click Network > Wireless LAN to display the General screen. Select Static WEP from the Security Mode list. P-662H/HW-D Series User's Guide 119 - ZyXEL P-662H-D3 | User Guide - Page 120
Advanced Setup screen and edit more details of your WLAN setup. 7.5.3 WPA(2)-PSK In order to configure and enable WPA(2)-PSK authentication; click Network > Wireless LAN to display the General screen. Select WPA-PSK or WPA2-PSK from the Security Mode list. 120 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 121
usernames and passwords in Timer (In order to stay connected. Enter a time interval between 10 and 9999 seconds. The Seconds) default time interval Key Update Timer is also supported in WPA(2)-PSK mode. The ZyXEL Device default is 1800 seconds (30 minutes). P-662H/HW-D Series User's Guide 121 - ZyXEL P-662H-D3 | User Guide - Page 122
of your WLAN setup. 7.5.4 WPA(2) Authentication Screen In order to configure and enable WPA(2) Authentication; click the Wireless LAN link under Network to display the Wireless screen. Select WPA or WPA2 from the Security Mode list. Figure 66 Wireless: WPA(2) 122 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 123
to be shared between the external accounting server and the ZyXEL Device. The key must be the same on the external accounting server and your ZyXEL Device. The key is not sent over the network. Apply Click Apply to save your changes back to the ZyXEL Device. P-662H/HW-D Series User's Guide 123 - ZyXEL P-662H-D3 | User Guide - Page 124
: Advanced LABEL DESCRIPTION Wireless Advanced Setup RTS/CTS Threshold Enter a value , this field is grayed out and the ZyXEL Device uses 4096 automatically. Fragmentation It is default setting is Long. See the section on preamble for more information. 124 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 125
one manually. " OTIST replaces the pre-configured wireless settings on the wireless clients. 7.6.1 Enabling OTIST You must enable OTIST on both the AP and wireless client before you start transferring settings. " The AP and wireless client(s) MUST use the same Setup key. P-662H/HW-D Series User - ZyXEL P-662H-D3 | User Guide - Page 126
to use the same wireless settings as the ZyXEL Device. You must also activate and start OTIST on the wireless station at the same time. The process takes three minutes to complete. Note: You can also start OTIST by pressing the RESET button for 3 seconds. 126 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 127
Chapter 7 Wireless LAN 7.6.1.2 Wireless Client Start the ZyXEL utility and click the Adapter tab. Select the OTIST check box, enter the same Setup Key as your AP's and click Save. Figure 69 transfer. After reviewing the settings, click OK. Figure 70 Security Key P-662H/HW-D Series User's Guide 127 - ZyXEL P-662H-D3 | User Guide - Page 128
them manually in the wireless client(s). 5 If you configure OTIST to generate a WPA-PSK key, this key changes each time you run OTIST. Therefore, if a new wireless client joins your wireless network, you need to run OTIST on the AP and ALL wireless clients again. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 129
in the MAC Address table. Select Deny to block access to the ZyXEL Device, MAC addresses not listed will be allowed to access the ZyXEL Device Select Allow to permit access to the ZyXEL Device, MAC addresses not listed will be denied access to the ZyXEL Device. P-662H/HW-D Series User's Guide 129 - ZyXEL P-662H-D3 | User Guide - Page 130
typically used for non-critical "background" traffic such as bulk transfers and print jobs that are allowed but that should not affect other applications and users. Use low priority for applications that do not have strict latency and throughput requirements. 130 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 131
commonly used services. 7.9 QoS Screen Use this screen to configure QoS settings for the wireless traffic going through the ZyXEL Device. The QoS screen by default allows you to automatically give a service a the check box to enable WMM QoS on the ZyXEL Device. P-662H/HW-D Series User's Guide 131 - ZyXEL P-662H-D3 | User Guide - Page 132
LAN Table 45 Wireless LAN: QoS LABEL DESCRIPTION WMM QoS Policy Select Default to have the ZyXEL Device automatically give a service a priority level according to the ToS value in the IP header Name Type a description of the application priority. 132 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 133
10 Multiple SSID (P-662HW-D Models only) The ZyXEL Device supports multiple SSID which allows user group (A) can have access to the entire network and a second user group (B) can connect to the access point and use the wireless connection to only browse the Internet. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 134
defaultkey wlan mssid guest_autoOff < default> wlan mssid show The following table gives a description of multiple SSID commands. Table 47 your LAN and only allow access to the Internet via the ZyXEL Device. 134 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 135
that the guest wireless network stays active. Enter a number from 0 to 30000. Entering 0 resets the value to the default (60 minutes). show Note: This command is hidden. It doesn't show up when you type to the Internet and cannot access the local network. P-662H/HW-D Series User's Guide 135 - ZyXEL P-662H-D3 | User Guide - Page 136
== Guest SSID = Enable Guest SSID = "guestnetwork" Guest SSID privacy setting is WEP 64 WEP default key ID = 1 WEP key 1 = abcde WEP key 2 = WEP key 3 = WEP key 4 = Intranet Blocking = 1 Guest SSID AutoOff = Disable Guest SSID AutoOff Timeout = 0 (minutes) ras> 136 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 137
protected from DoS (Denial of Service) attacks such as SYN flooding and Ping of Death). These public servers can also still be accessed from the secure LAN. By default the firewall allows traffic between the click Network > DMZ. The screen appears as shown next. P-662H/HW-D Series User's Guide 137 - ZyXEL P-662H-D3 | User Guide - Page 138
default. RIP Version The RIP Version field controls the format and the broadcasting method of the RIP packets that the ZyXEL Device sends (it recognizes both formats when receiving). RIP-1 is universally supported routers on your network must use multicasting, also. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 139
membership in a multicast group. The ZyXEL Device supports both IGMP version 1 (IGMP-v1 the default policy set to block DMZ to LAN traffic, you also need to enable the default DMZ The following figure shows a simple network setup with public IP addresses on the WAN 662H/HW-D Series User's Guide 139 - ZyXEL P-662H-D3 | User Guide - Page 140
Chapter 8 DMZ 140 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 141
another network. 9.1.1 NAT Definitions Inside/outside denotes where a host is located relative to the ZyXEL Device, for example, the computers of your subscribers are the inside hosts, while the web the IP address (either local or global) of an outside host. P-662H/HW-D Series User's Guide 141 - ZyXEL P-662H-D3 | User Guide - Page 142
9.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the ZyXEL Device can communicate with three distinct WAN networks. More examples follow at the end of this chapter. 142 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 143
port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported (the SUA Only services behind the NAT to be accessible to the outside world. Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 144
public WAN IP addresses for your ZyXEL Device. 9.3 NAT General Setup You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the ZyXEL Device. Click Network > NAT to open the following screen. 144 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 145
sending of voice signals over Internet Protocol. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previous configuration. 9.4 Port Forwarding A port forwarding as a single computer to the outside world. P-662H/HW-D Series User's Guide 145 - ZyXEL P-662H-D3 | User Guide - Page 146
and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 84 Multiple Servers Behind NAT Example 146 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 147
here or in the remote management setup. Port Forwarding Service Name Select a service from the drop-down list box. Server IP Address Enter the IP address of the server for the specified service. Add Click this button to add a rule to the table below. P-662H/HW-D Series User's Guide 147 - ZyXEL P-662H-D3 | User Guide - Page 148
your changes back to the ZyXEL Device. Cancel Click Cancel to Setup LABEL DESCRIPTION Active Click this check box to enable the rule. Service series of ports, enter the last port number in a series that begins with the port number in the Start Port field above. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 149
rule 4, rules 5 to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6. To change your ZyXEL Device's address mapping settings, click Network > NAT > Address Mapping to open the following screen. Figure 87 Address Mapping Rules P-662H/HW-D Series User's Guide 149 - ZyXEL P-662H-D3 | User Guide - Page 150
(i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only. M-M Ov (Overload): : This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. Modify 662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 151
that sends traffic to the WAN to request a service with a specific port number and protocol (a "trigger" port). When the ZyXEL Device's WAN port receives a response with a specific port number and protocol ("incoming" port), the ZyXEL Device forwards the traffic P-662H/HW-D Series User's Guide 151 - ZyXEL P-662H-D3 | User Guide - Page 152
or a range of ports) that a server on the WAN uses when it sends out a particular service. The ZyXEL Device forwards the traffic with this port (or range of ports) to the client computer on the LAN that to the table below. # Click this check box to enable the rule. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 153
when it sends out a particular service. The ZyXEL Device forwards the traffic with this port (or range of ports) to the client computer on the LAN that requested the service. Start Port Type a port number or the starting port number in a range of port numbers. P-662H/HW-D Series User's Guide 153 - ZyXEL P-662H-D3 | User Guide - Page 154
trigger port is a port (or a range of ports) that causes (or triggers) the ZyXEL Device to record the IP address of the LAN computer that sent the traffic to a server back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 154 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 155
PART III Security Firewalls (157) Firewall Configuration (169) Content Filtering (191) Content Access Control (195) Register (211) Introduction to IPSec (215) VPN Screens (221) Certificates (247) 155 - ZyXEL P-662H-D3 | User Guide - Page 156
156 - ZyXEL P-662H-D3 | User Guide - Page 157
the ZyXEL Device problem. A firewall is one of the mechanisms used to establish a network security perimeter in support on page 172 to configure default firewall settings. Refer to Section on page 178 to configure a custom service. Refer to Section 11.10.3 on page 662H/HW-D Series User's Guide 157 - ZyXEL P-662H-D3 | User Guide - Page 158
default support the LAN. The ZyXEL Device has one services such as e-mail, FTP, and the World Wide Web. However, "inbound access" will not be allowed unless you configure remote management or create a firewall rule to allow a remote host to use a specific service. 158 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 159
Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The ZyXEL by default uses 662H/HW-D Series User's Guide 159 - ZyXEL P-662H-D3 | User Guide - Page 160
through 400 of the original (non fragmented) IP packet." The Teardrop program creates a series of IP fragments with overlapping offset fields. When these fragments are reassembled at the destination requests, making the system unavailable for legitimate users. 160 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 161
spoofed source IP address, known as the "victim" network. This flood of broadcast traffic consumes all available bandwidth, making communications impossible. Figure 94 Smurf Attack P-662H/HW-D Series User's Guide 161 - ZyXEL P-662H-D3 | User Guide - Page 162
- all others are illegal. Table 61 Legal NetBIOS Commands MESSAGE: REQUEST: allowed through the router or firewall. The ZyXEL Device blocks all IP Spoofing attempts. 10 For example, if you access some outside service, the proxy server remembers things about your 662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 163
inspection to protect the private LAN from hackers and vandals on the Internet. By default, the ZyXEL Device's stateful inspection allows all communications to the Internet that originate from the LAN 5 The outbound packet is forwarded out through the interface. P-662H/HW-D Series User's Guide 163 - ZyXEL P-662H-D3 | User Guide - Page 164
access list entries are deleted. 10.5.2 Stateful Inspection and the ZyXEL Device Additional rules may be defined to extend or override the default rules. For example, a rule may be created which will Protocols" shown next), these packets are dropped and logged. 164 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 165
(as is the case with the default policy), the connection will be allowed. In order to achieve this, the ZyXEL Device inspects the application-level FTP data supported on a case-by-case basis. You can use the web configurator's Custom Ports feature to do this. P-662H/HW-D Series User's Guide 165 - ZyXEL P-662H-D3 | User Guide - Page 166
Your Firewall • Change the default password via CLI (Command Line Interpreter) or the web configurator. • Limit who can telnet into your router. • Don't enable any local service (such as SNMP or sessions, be careful with any information you reveal to strangers. 166 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 167
Filtering Vs Firewall Below are some comparisons between the ZyXEL Device's filtering and firewall functions. 10.7.1 Packet and maintain, especially if you need a chain of rules to filter a service. • Packet filtering only checks the header portion of an IP packet. 662H/HW-D Series User's Guide 167 - ZyXEL P-662H-D3 | User Guide - Page 168
firewall can block specific URL traffic that might occur in the future. The URL can be saved in an Access Control List (ACL) database. 168 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 169
includes both the LAN port and the WLAN. By default, the ZyXEL Device's stateful packet inspection blocks packets traveling in the ZyXEL Device. You may define additional rules and sets or modify existing ones but please exercise extreme caution in doing so. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 170
and override the ZyXEL Device's default rules. 11.3 Rule users that require this service? 3 Is it possible to modify the rule to be more specific? For example, if IRC is blocked for all users, will a rule that blocks just certain users be more effective? 170 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 171
for managing the ZyXEL Device through the LAN interface) and policies for LAN-to-LAN (the policies that control routing between two subnets on the LAN). Similarly, WAN to WAN/ Router and DMZ to DMZ/ Router polices apply in the same way to the WAN and DMZ ports. P-662H/HW-D Series User's Guide 171 - ZyXEL P-662H-D3 | User Guide - Page 172
to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN. WAN to LAN Rules The default rule for WAN to LAN traffic blocks all incoming connections (WAN to page 157 for more information. Figure 96 Firewall: General 172 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 173
> Rules to bring up the following screen. This screen displays a list of the configured firewall rules. Note the order in which the rules are listed. P-662H/HW-D Series User's Guide 173 - ZyXEL P-662H-D3 | User Guide - Page 174
ZyXEL Service This drop-down list box displays the services reset packet or an ICMP destination-unreachable message to the sender (Reject) or allows the passage of packets (Permit). Schedule This field tells you whether a schedule is specified (Yes) or not (No). P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 175
applied in order of their numbering. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 11.6.1 Configuring Firewall Rules Use to the following table for information on the labels. P-662H/HW-D Series User's Guide 175 - ZyXEL P-662H-D3 | User Guide - Page 176
Chapter 11 Firewall Configuration Figure 98 Firewall: Edit Rule 176 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 177
to the Log Settings page and select the Access Control logs category to have the ZyXEL Device record these logs. Alert Send Alert Message to Administrator When Matched Select the check box to have the ZyXEL Device generate an alert when the rule is matched. P-662H/HW-D Series User's Guide 177 - ZyXEL P-662H-D3 | User Guide - Page 178
service. Back Click Back to return the previous screen. 11.6.3 Configuring A Customized Service Click a rule number in the Firewall Customized Services screen to view a screen as shown. Use this screen to create a new custom port or edit an existing one. 178 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 179
service and return to the previous screen. 11.7 Example Firewall Rule The following Internet firewall rule example allows a hypothetical "MyService" connection from the Internet. 1 Click Security > Firewall > Rules. 2 Select WAN to LAN in the Packet Direction field. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 180
Customized Services Config screen and configure the screen as follows and click Apply. Figure 102 Edit Custom Port Example 7 Select Any in the Destination Address box and then click Delete. 8 Configure the destination address screen as follows and click Add. 180 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 181
9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. " Custom services show up with an "*" before their names in the Services list box and the Rules list box. P-662H/HW-D Series User's Guide 181 - ZyXEL P-662H-D3 | User Guide - Page 182
: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a "MyService" connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. 182 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 183
related command that can be used to find out if a user is logged on. FTP(TCP:20.21) File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail. H.323(TCP:1720) Net Meeting uses this protocol. P-662H/HW-D Series User's Guide 183 - ZyXEL P-662H-D3 | User Guide - Page 184
is a client/server distributed file service that provides transparent file-sharing for Service Discovery Protocol (SSDP) is a discovery service searching for Universal Plug and Play devices on your home network or upstream Internet gateways using DUDP port 1900. 184 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 185
the messages are processed by the TCP/IP software and directly apparent to the application user. Refer to Section 10.1 on page 157 for more information. Click Security > Firewall > Anti Probing to display the screen as shown. Figure 106 Firewall: Anti Probing P-662H/HW-D Series User's Guide 185 - ZyXEL P-662H-D3 | User Guide - Page 186
for any of these factors (especially if you have servers that are slow or handle many tasks and are often busy), then the default values should be reduced. You should make any changes to the threshold values before you continue configuring firewall rules. 186 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 187
Denial of Service attack default), then the ZyXEL ZyXEL Device sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold and timeout apply to all TCP connections. Click Firewall, and Threshold to bring up the next screen. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 188
Threshold LABEL DESCRIPTION DEFAULT VALUES Denial of Service Thresholds One Minute ZyXEL Device continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below this number. 80 existing half-open sessions. 188 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 189
Configuration Table 70 Firewall: Threshold (continued) LABEL DESCRIPTION DEFAULT VALUES Maximum Incomplete High This is the number of Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-662H/HW-D Series User's Guide 189 - ZyXEL P-662H-D3 | User Guide - Page 190
Chapter 11 Firewall Configuration 190 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 191
the URL http://www.website.com/bad.html, even if it is not included in the filter list. To have your ZyXEL Device block Web sites containing keywords in their URLs, click Security > Content Filter. The screen appears as shown. Figure 108 Content Filter: Keyword P-662H/HW-D Series User's Guide 191 - ZyXEL P-662H-D3 | User Guide - Page 192
previously saved settings. 12.3 Configuring the Schedule Use this screen to set the days and times for the ZyXEL Device to perform content filtering. Click Security > Content Filter > Schedule. The screen appears as shown. Figure 109 Content Filter: Schedule 192 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 193
from content filtering. Leave this field blank if you want to exclude an individual computer. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings. P-662H/HW-D Series User's Guide 193 - ZyXEL P-662H-D3 | User Guide - Page 194
Chapter 12 Content Filtering 194 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 195
.1.2 Configuration Steps To activate and set up Content Access Control on the ZyXEL Device, you must do the following tasks. 1 Create four user groups with access restrictions and schedule. 2 Create user accounts and associate the user accounts to a user group. P-662H/HW-D Series User's Guide 195 - ZyXEL P-662H-D3 | User Guide - Page 196
of a user group for identification purposes. Restrictions Use the links below to configure the access restrictions for the user group. Time Click the Edit ( )icon to set up the time allowances, start times and end times of the day(s) when access is allowed. 196 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 197
content filtering service now. Click Apply to save your changes back to the ZyXEL Device. Click user group. Click Edit under Time in the Content Access Control-General screen. A screen displays as shown next. Figure 113 Control Access Control: General: Time Scheduling P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 198
to the ZyXEL Device. Click Cancel to return to the previously saved settings. 13.2.2 Configuring Services Use this screen to customize services for each user group. Click Edit under Services for that user group in the Content Access Control > General screen. 198 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 199
Services box. Clear All Click Clear All to empty the Blocked Services box. Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 200
screen to enable content filtering and to configure URL keyword blocking for a user group. Click Edit under Web Browsing in the Content Access Control: General screen. A screen displays as shown next. Figure 115 Content Access Control: General: Web Site Filter 200 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 201
activated the content filtering services. Refer to the User's Guide for more information. Select this option to start using the external content filtering service on the ZyXEL Device. Log Matched Web as those pages do not meet one of the above requirements). P-662H/HW-D Series User's Guide 201 - ZyXEL P-662H-D3 | User Guide - Page 202
television, music and programming guides, books, comics, movie theatres, galleries, artists services). Cult/Occult Selecting this category excludes pages that promote or offer methods, means of instruction, support or host online sweepstakes and giveaways. 202 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 203
or medical services, drugs, alternative and complimentary therapies, medical information about ailments, dentistry, optometry, general psychiatry, selfhelp, and support organizations dedicated (Cult/Occult) or atheist beliefs (Political/Activist Groups). P-662H/HW-D Series User's Guide 203 - ZyXEL P-662H-D3 | User Guide - Page 204
pages that support online purchase services. More/Basic Click more... to see an expanded list of categories, or click basic... to see a smaller list. Keyword Blocking Select the Enable check box to block the URL containing the keywords in the keyword list. 204 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 205
your changes back to the ZyXEL Device. Cancel Click Cancel to service. Click Test to check the access privileges of the specified web site address. Back Click Back to return to the previous screen. Cancel Click Cancel to return to the previously saved settings. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 206
General screen. If you want to add more user profiles, please click here. Click the here link to expand the user profile list. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings. 206 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 207
not on-line. This field displays No if a user is not allowed to access the Internet at the moment and is currently not on-line. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings. P-662H/HW-D Series User's Guide 207 - ZyXEL P-662H-D3 | User Guide - Page 208
From field to specify a single computer. Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings. 13.6 Trusted-external Websites Trusted-external Website to display the screen as shown. 208 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 209
. 13.7.1 User Login 1 Once the initial configuration is complete, a computer on the network cannot gain Internet access without first logging into the ZyXEL Device. 2 When you attempt to access a website, you are directed to the ZyXEL Device's user login screen. P-662H/HW-D Series User's Guide 209 - ZyXEL P-662H-D3 | User Guide - Page 210
. • The administrator opens their browser and is directed to the ZyXEL Device user login page (this is the same as the user login). • The administrator enters "1234" as the username and the system password. • The system administrator main menu screen opens. 210 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 211
access to categories of web sites based on content. Your ZyXEL Device accesses an external database that has millions of web sites categorized based on content. You can have the ZyXEL Device block, block and/or log access to web sites based on these categories. P-662H/HW-D Series User's Guide 211 - ZyXEL P-662H-D3 | User Guide - Page 212
with the myZyXEL.com database to verify the user name you entered has not been used. Password Enter a password of between six and 20 alphanumeric characters (and the underscore). Spaces are not allowed. Confirm Password Enter the password again for confirmation. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 213
as shown next. " If you restore the ZyXEL Device to the default configuration file or upload a different configuration file after you register, click the Service License Refresh button to update license information. Figure 124 Security > Register > Service P-662H/HW-D Series User's Guide 213 - ZyXEL P-662H-D3 | User Guide - Page 214
your ZyXEL Device) and enter the new PIN number to extend the service. Service License Refresh Click this button to renew service license information (such as the license key, registration status and expiration day). Reset Click Reset to clear the License Key field. 214 P-662H/HW-D Series User - ZyXEL P-662H-D3 | User Guide - Page 215
VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the "ciphertext" to plaintext. Decryption also requires a key. P-662H/HW-D Series User's Guide 215 - ZyXEL P-662H-D3 | User Guide - Page 216
A VPN tunnel may be created to add support for unsupported emerging IP applications. See the chapter on Getting to Know Your ZyXEL Device for an example of a VPN application. 15.2 IPSec Architecture The overall IPSec architecture is shown as follows. 216 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 217
2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). manual key configuration in order to set up a VPN. 15.3 Encapsulation The two modes of operation for IPSec VPNs are Transport mode and Tunnel mode. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 218
it securely. A Tunnel mode is required for gateway services to provide access to internal systems. Tunnel mode is section if you are running IPSec on a host computer behind the ZyXEL Device. NAT is incompatible with the AH protocol in both Transport and 218 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 219
ESP with authentication is not compatible with NAT. Table 85 VPN and NAT SECURITY PROTOCOL MODE NAT AH Transport N AH Tunnel N ESP Transport N ESP Tunnel Y P-662H/HW-D Series User's Guide 219 - ZyXEL P-662H-D3 | User Guide - Page 220
Chapter 15 Introduction to IPSec 220 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 221
Security Payload) Protocol The ESP protocol (RFC 2406) provides encryption as well as the services offered by AH. ESP authenticating properties are limited compared to the AH due to the non communications by concealing the size of the packet being transmitted. P-662H/HW-D Series User's Guide 221 - ZyXEL P-662H-D3 | User Guide - Page 222
bit block of data. MD5 (default) MD5 (Message Digest 5) produces ZyXEL Device. The ZyXEL Device has to rebuild the VPN tunnel if the My IP Address changes after setup. The following applies if this field is configured as 0.0.0.0: • The ZyXEL Device uses the current ZyXEL 662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 223
and is using DDNS. The ZyXEL Device has to rebuild the VPN Manual key management. 16.5 VPN Setup Setup screen. This screen consists of a read-only menu of your IPSec rules (tunnels). Edit a VPN by selecting an index number and then configuring its associated submenus. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 224
displayed when the Remote Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Range. A (static) IP address and a subnet mask are displayed when the Remote Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Subnet. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 225
with ESP in transport mode either, but the ZyXEL Device's NAT Traversal feature provides a way to handle this. NAT traversal allows you to set up an IKE SA when there are NAT routers between the two IPSec routers. Figure 130 NAT Router Between IPSec Routers P-662H/HW-D Series User's Guide 225 - ZyXEL P-662H-D3 | User Guide - Page 226
NAT traversal solves the problem by adding a UDP - This is supported in the ZyXEL Device if you enable ZyXEL Device at branch office 1 uses the Intranet DNS server in headquarters. The DNS server feature for VPN does not work with Windows 2000 or Windows XP. 226 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 227
addresses. Telecommuters can use separate passwords to simultaneously connect to the ZyXEL Device from IPSec routers with dynamic ZyXEL Device automatically use its own IP address. DNS Type a domain name (up to 31 characters) by which to identify this ZyXEL Device. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 228
ID Type and Content Configuration Example ZYXEL DEVICE A ZYXEL DEVICE B Local ID type: IP Local ID type: IP Local ID content: 1.1.1.10 Local ID content: 1.1.1.10 Peer ID type: E-mail Peer ID type: IP Peer ID content: [email protected] Peer ID content: N/A 228 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 229
communicate with them over a secure connection. 16.11 Editing VPN Policies Use this screen to edit VPN policies. Click an Edit icon in the VPN Setup screen to view the screen as shown. Figure 132 Edit VPN Policies P-662H/HW-D Series User's Guide 229 - ZyXEL P-662H-D3 | User Guide - Page 230
field is configured to Range, enter the beginning (static) IP address, in a range of computers on your LAN behind your ZyXEL Device. When the Local Address Type field is configured to Subnet, this is a (static) IP address on the LAN behind your ZyXEL Device. 230 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 231
e-mail address by which to identify this ZyXEL Device in the local Content field. Use up to 31 ASCII characters including spaces, although trailing spaces are truncated. The domain name or e-mail address is for identification purposes only and can be any string. P-662H/HW-D Series User's Guide 231 - ZyXEL P-662H-D3 | User Guide - Page 232
. If you configure this field to 0.0.0.0 or leave it blank, the ZyXEL Device will use the address in the Secure Gateway Address field (refer to (RFC 2406) provides encryption as well as some of the services offered by AH. If you select ESP here, you must 232 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 233
My Certificates screen. Click My Certificates to go to the My Certificates screen where you can view the ZyXEL Device's list of certificates. Encryption Algorithm Select DES, 3DES, AES or NULL from the drop-down to Set Up the IPSec SA In phase 1 you must: P-662H/HW-D Series User's Guide 233 - ZyXEL P-662H-D3 | User Guide - Page 234
key cryptography - see Section 16.12.3 on page 235. Select None (the default) to disable PFS. • Choose Tunnel mode or Transport mode. • Set the traffic when the IPSec SA lifetime period expires. The ZyXEL Device also automatically renegotiates the IPSec SA if both P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 235
(None) by default in the ZyXEL Device. Disabling PFS setup (by bypassing the Diffie-Hellman key exchange). 16.13 Configuring Advanced IKE Settings Use this screen to configure advanced IKE settings. Click Advanced in the Edit VPN Policies screen to open this screen. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 236
for UDP, etc. 0 is the default and signifies any protocol. Enable Replay Detection As a VPN setup is processing intensive, the system is vulnerable to Denial of Service (DoS) attacks The IPSec receiver can a secure gateway must have the same negotiation mode. 236 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 237
the VPN tunnel renegotiates, all users accessing remote resources are temporarily disconnected. Key Group You must choose a key group for phase 1 IKE setup. DH1 (default) refers to Diffie-Hellman Group MD5 for minimal security and SHA-1 for maximum security. P-662H/HW-D Series User's Guide 237 - ZyXEL P-662H-D3 | User Guide - Page 238
. Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 16.15 Configuring Manual Key You only configure VPN Manual Key when you select Manual in the IPSec Key Mode field of the VPN IKE screen. This is the VPN Manual Key screen as shown next. 238 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 239
. Manual is a useful option for troubleshooting if you have problems using IKE key management. SPI Type a number (base 10) from 1 to 999999 for the Security Parameter Index. Encapsulation Mode Select Tunnel mode or Transport mode from the drop-down list box. P-662H/HW-D Series User's Guide 239 - ZyXEL P-662H-D3 | User Guide - Page 240
Manual Key (continued) LABEL DESCRIPTION DNS Server (for IPSec VPN) If there is a private DNS server that services the VPN, type its IP address here. The ZyXEL Device assigns this additional DNS server to the ZyXEL remote IPSec router. Address Information 240 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 241
(RFC 2406) provides encryption as well as some of the services offered by AH. If you select ESP here, you must screen. Apply Click Apply to save your changes back to the ZyXEL Device. Reset Click Reset to set the fields to their last saved value. 16.16 P-662H/HW-D Series User's Guide 241 - ZyXEL P-662H-D3 | User Guide - Page 242
Click Refresh to display the current active VPN connection(s). 16.17 Configuring Global Setting Use this screen to change your ZyXEL Device's global VPN settings. Click VPN and then Global Setting. The screen appears as shown. Figure 137 VPN: Global Setting 242 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 243
telecommuters (A, B and C in the figure) to use one VPN rule to simultaneously access a ZyXEL Device at headquarters (HQ in the figure). The telecommuters do not have domain names mapped to the not overlap. Figure 138 Telecommuters Sharing One VPN Rule Example P-662H/HW-D Series User's Guide 243 - ZyXEL P-662H-D3 | User Guide - Page 244
simultaneously access a ZyXEL Device at headquarters. ZyXEL Device at headquarters can also initiate VPN connections to the telecommuters since it can find the telecommuters by resolving their domain names. Figure 139 Telecommuters Using Unique VPN Rules Example 244 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 245
Type: E-mail Local ID Content: [email protected] Local IP Address: 192.168.4.15 Headquarters ZyXEL Device Rule 3: Peer ID Type: E-mail Peer ID Content: [email protected] Secure Gateway remote management (Remote Management) to allow access for that service. P-662H/HW-D Series User's Guide 245 - ZyXEL P-662H-D3 | User Guide - Page 246
Chapter 16 VPN Screens 246 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 247
's public key to verify the certificates. A certification path is the hierarchy of certification authority certificates that validate a certificate. The ZyXEL Device does not trust a certificate if any certificate on its path has expired or been revoked. P-662H/HW-D Series User's Guide 247 - ZyXEL P-662H-D3 | User Guide - Page 248
17.4 My Certificates Click Security > Certificates > My Certificates to open the My Certificates screen. This is the ZyXEL Device's summary list of certificates and certification requests. Certificates display in black and certification requests display in gray. 248 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 249
. SELF represents a self-signed certificate. *SELF represents the default self-signed certificate, which the ZyXEL Device uses to sign imported trusted remote host certificates. CERT signed certificates, this is the same information as in the Subject field. P-662H/HW-D Series User's Guide 249 - ZyXEL P-662H-D3 | User Guide - Page 250
the Default self- ZyXEL Device. " You can only import a certificate that matches a corresponding certification request that was generated by the ZyXEL Device. " The certificate you import replaces the corresponding request in the My Certificates screen. 250 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 251
general syntax for data (including digital signatures) that may be encrypted. The ZyXEL Device currently allows the importation of a PKS#7 file that contains a single on the ZyXEL Device. Cancel Click Cancel to quit and return to the My Certificates screen. P-662H/HW-D Series User's Guide 251 - ZyXEL P-662H-D3 | User Guide - Page 252
> Create to open the My Certificate Create screen. Use this screen to have the ZyXEL Device create a self-signed certificate, enroll a certificate with a certification authority or generate address is for identification purposes only and can be any string. 252 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 253
and save it locally for later manual enrollment Select Create a certification request and save it locally for later manual enrollment to have the ZyXEL Device generate and store a request field if your certification authority uses the SCEP enrollment protocol. P-662H/HW-D Series User's Guide 253 - ZyXEL P-662H-D3 | User Guide - Page 254
screen. If you configured the My Certificate Create screen to have the ZyXEL Device enroll a certificate and the certificate enrollment is not successful, you ZyXEL Device uses to sign the trusted remote host certificates that you import to the ZyXEL Device. 254 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 255
Figure 144 My Certificate Details Chapter 17 Certificates P-662H/HW-D Series User's Guide 255 - ZyXEL P-662H-D3 | User Guide - Page 256
). Property Default self-signed certificate which signs the imported remote host certificates. Select this check box to have the ZyXEL Device use key pair (the ZyXEL Device uses RSA encryption) and the length of the key set in bits (1024 bits for example). 256 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 257
manual ZyXEL Device to accept as trusted. The ZyXEL Device accepts any valid certificate signed by a certification authority on this list as being trustworthy; thus you do not need to import any certificate that is signed by one of these certification authorities. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 258
Table 104 Trusted CAs LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the ZyXEL Device's PKI storage space that is currently in use. The bar turns from green to red when certificates move up by one when you take this action. 258 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 259
CA Import screen. Follow the instructions in this screen to save a trusted certification authority's certificate to the ZyXEL Device. " You must remove any certificate on the ZyXEL Device. Cancel Click Cancel to quit and return to the Trusted CAs screen. P-662H/HW-D Series User's Guide 259 - ZyXEL P-662H-D3 | User Guide - Page 260
's certificate, change the certificate's name and set whether or not you want the ZyXEL Device to check a certification authority's list of revoked certificates before trusting a certificate issued by the certification authority. Figure 147 Trusted CA Details 260 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 261
authority in the list (along with the end entity's own certificate). The ZyXEL Device does not trust the end entity's certificate and displays "Not trusted" pair (the ZyXEL Device uses RSA encryption) and the length of the key set in bits (1024 bits for example). P-662H/HW-D Series User's Guide 261 - ZyXEL P-662H-D3 | User Guide - Page 262
screen. You do not need to add any certificate that is signed by one of the certification authorities on the Trusted CAs screen since the ZyXEL Device automatically accepts any valid certificate signed by a trusted certification authority as being trustworthy. 262 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 263
Default This field displays identifying information about the default self-signed certificate Self-signed on the ZyXEL Device that the ZyXEL computer to the ZyXEL Device. Refresh Click this button to display the current validity status of the certificates. P-662H/HW-D Series User's Guide 263 - ZyXEL P-662H-D3 | User Guide - Page 264
150 Certificate Details 264 Verify (over the phone for example) that the remote host has the same information in the Thumbprint Algorithm and Thumbprint fields. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 265
to open the Trusted Remote Host Import screen. Follow the instructions in this screen to save a trusted host's certificate to the ZyXEL Device. " The trusted remote host certificate must be a remote host's certificate and/or change the certificate's name. P-662H/HW-D Series User's Guide 265 - ZyXEL P-662H-D3 | User Guide - Page 266
Chapter 17 Certificates Figure 152 Trusted Remote Host Details 266 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 267
Issuer This field displays identifying information about the default self-signed certificate on the ZyXEL Device that the ZyXEL Device uses to sign the trusted remote host certificates there can only be one certification authority in the certificate's path. P-662H/HW-D Series User's Guide 267 - ZyXEL P-662H-D3 | User Guide - Page 268
certificates, the ZyXEL Device first checks the server(s) listed in the CRL Distribution Points field of the incoming certificate. If the certificate does not list a server or the listed server is not available, the ZyXEL Device checks the servers listed here. 268 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 269
Servers LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the ZyXEL Device's PKI storage space that is currently in use. The bar turns from green to configure information about a directory server that the ZyXEL Device can access. P-662H/HW-D Series User's Guide 269 - ZyXEL P-662H-D3 | User Guide - Page 270
Directory Service field displays the default server port number of ZyXEL Device. Click Cancel to quit configuring this screen and return to the Directory Servers screen. A. At the time of writing, LDAP is the only choice of directory server access protocol. 270 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 271
PART IV Advanced Static Route (273) Bandwidth Management (277) Dynamic DNS Setup (287) Remote Management Configuration (291) Universal Plug-and-Play (UPnP) (303) 271 - ZyXEL P-662H-D3 | User Guide - Page 272
272 - ZyXEL P-662H-D3 | User Guide - Page 273
to connect to premium services offered by your ISP behind router R2. You create another static route to communicate with a separate network behind a router (R3) connected to the LAN. Figure 155 Example of Static Routing Topology A R1 Internet LAN WAN R3 R2 P-662H/HW-D Series User's Guide 273 - ZyXEL P-662H-D3 | User Guide - Page 274
icon to remove a static route from the ZyXEL Device. A window displays asking you to confirm that you want to delete the route. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 274 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 275
packets to their destinations. Back Click Back to return to the previous screen without saving. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-662H/HW-D Series User's Guide 275 - ZyXEL P-662H-D3 | User Guide - Page 276
Chapter 18 Static Route 276 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 277
traffic's source. Traffic redirect or IP alias may cause LAN-to-LAN traffic to pass through the ZyXEL Device and be managed by bandwidth management. The sum of the bandwidth allotments that apply to any one bandwidth class for subnet A and another for subnet B. P-662H/HW-D Series User's Guide 277 - ZyXEL P-662H-D3 | User Guide - Page 278
19.5 Scheduler The scheduler divides up an interface's bandwidth among the bandwidth classes. The ZyXEL Device has two types of scheduler: fairness-based and priority-based. 19.5.1 Priority-based or video) a higher priority number to provide smoother operation. 278 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 279
Section 19.8 on page 282). 19.6.2 Maximize Bandwidth Usage Example Here is an example of a ZyXEL Device that has maximize bandwidth usage enabled on an interface. The following table shows each bandwidth class : 2048 kbps Marketing: 2048 kbps Research: 2048 kbps P-662H/HW-D Series User's Guide 279 - ZyXEL P-662H-D3 | User Guide - Page 280
more of extra bandwidth, the ZyXEL Device divides the total 3072 ZyXEL Device divides the total 3072 kbps total of unbudgeted and unused bandwidth equally among the other classes. 1024 kbps extra goes to each so the other classes each get a total of 3072 kbps. 280 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 281
, regardless of the traffic's source. Traffic redirect or IP alias may cause LAN-to-LAN traffic to pass through the ZyXEL Device and be managed by bandwidth management. Active Select an interface's check box to enable bandwidth management on that interface. P-662H/HW-D Series User's Guide 281 - ZyXEL P-662H-D3 | User Guide - Page 282
have the ZyXEL Device Setup LABEL DESCRIPTION Direction Select the direction of traffic to which you want to apply bandwidth management. Service Select a service for your rule or you can select User Defined to go to the screen where you can define your own. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 283
have the ZyXEL Device User Defined from the Service drop-down list in the Rule Setup screen to configure a bandwidth management rule. Use bandwidth rules to allocate specific amounts of bandwidth capacity (bandwidth budgets) to specific applications and/or subnets. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 284
Rule Configuration LABEL DESCRIPTION Rule Configuration Active Select this check box to have the ZyXEL Device apply this bandwidth management rule. Enable a bandwidth management rule to give for the traffic that matches this rule. Filter Configuration 284 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 285
Back Click Back to go to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. See Appendix F on page 423 for more information on common services and port numbers. P-662H/HW-D Series User's Guide 285 - ZyXEL P-662H-D3 | User Guide - Page 286
Chapter 19 Bandwidth Management 19.9 Bandwidth Monitor To view the ZyXEL Device's bandwidth usage and allotments, click Advanced > Bandwidth MGMT > Monitor. The screen appears represents the percentage of bandwidth in use. Figure 162 Bandwidth Management: Monitor 286 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 287
DNS service provider will give you a password or instruction. 20.2 Configuring Dynamic DNS Use this screen to change your ZyXEL Device's DDNS settings. Click Advanced > Dynamic DNS. The screen appears as shown. See Section 20.1 on page 287 for more information. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 288
Check with your Dynamic DNS service provider to have traffic redirected to a URL (that you can specify) while you are off line. IP Address Update Policy Use WAN IP Address Select this option to update the IP address of the host name(s) to the WAN IP address. 288 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 289
Setup Table 122 Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS server auto detect IP Address Select this option only when there are one or more NAT routers between the ZyXEL ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-662H/HW-D Series User's Guide 289 - ZyXEL P-662H-D3 | User Guide - Page 290
Chapter 20 Dynamic DNS Setup 290 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 291
a service, select Disable ZyXEL Device automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts. The priorities for the different types of remote management sessions are as follows. 1 Telnet P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 292
• You have disabled that service in one of the remote default system management idle timeout of five minutes (three hundred seconds). The ZyXEL ZyXEL Device's World Wide Web settings or the HTTPS settings. Click Advanced > Remote MGMT to display the WWW screen. 292 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 293
Select the interface(s) through which a computer may access the ZyXEL Device using this service. You can allow only secure web configurator access by setting the WWW Access Status field to Disable and setting the HTTPS Access Status field to an interface(s). P-662H/HW-D Series User's Guide 293 - ZyXEL P-662H-D3 | User Guide - Page 294
ZyXEL Device. Figure 165 Telnet Configuration on a TCP/IP Network 21.4 Configuring Telnet Use this screen to configure remote management via telnet. Click Advanced > Remote MGMT > Telnet tab to display the screen as shown. Figure 166 Remote Management: Telnet 294 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 295
change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service. P-662H/HW-D Series User's Guide 295 - ZyXEL P-662H-D3 | User Guide - Page 296
computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with two main types of component: agents and a manager. 296 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 297
Used by the agent to inform the manager of some events. 21.6.1 Supported MIBs The ZyXEL Device supports MIB II that is defined in RFC-1213 and RFC-1215. The your ZyXEL Device's SNMP settings. Click Advanced > Remote MGMT > SNMP. The screen appears as shown. P-662H/HW-D Series User's Guide 297 - ZyXEL P-662H-D3 | User Guide - Page 298
default is public and allows all requests. Trap Destination Type the IP address of the station to send your SNMP traps to. Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to begin configuring this screen afresh. 298 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 299
returned. This allows the outside user to know the ZyXEL Device exists. Your ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent. This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed. P-662H/HW-D Series User's Guide 299 - ZyXEL P-662H-D3 | User Guide - Page 300
username and password. Follow the procedure below to configure your ZyXEL Device to be managed by CNM Access. See the Command Interpreter appendix for information on the command structure and how to access the CLI (Command Line Interface) on the ZyXEL Device. 300 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 301
RY wan tr069 load active [0:no/ 1:yes] acsUrl username [maxlength:15] password [maxlength:15] periodicEnable [0:Disable/ 1:Enable] informInterval [sec] save DESCRIPTION All TR-069 related 2147483647 seconds. Save the TR-069 settings to your ZyXEL Device. P-662H/HW-D Series User's Guide 301 - ZyXEL P-662H-D3 | User Guide - Page 302
Chapter 21 Remote Management Configuration 302 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 303
page 304 for configuration instructions. 22.1.1 How do that supports NAT services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 304
ZyXEL Device, for example by using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in order to communicate with another UPnP enabled device; this eliminates the need to manually configure port forwarding for the UPnP enabled application. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 305
ZyXEL Device Setup tab and select Communication in the Components selection box. Click Details. Figure 174 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 306
Plug-and-Play (UPnP) Figure 175 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. 306 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 307
177 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 178 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. P-662H/HW-D Series User's Guide 307 - ZyXEL P-662H-D3 | User Guide - Page 308
Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. Auto-discover Your UPnP-enabled to see the port mappings there were automatically created. 308 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 309
Chapter 22 Universal Plug-and-Play (UPnP) Figure 180 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. P-662H/HW-D Series User's Guide 309 - ZyXEL P-662H-D3 | User Guide - Page 310
mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. 310 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 311
first. This comes helpful if you do not know the IP address of the ZyXEL Device. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel. 2 Double-click Network Connections. 3 Select My Network Places under Other Places. P-662H/HW-D Series User's Guide 311 - ZyXEL P-662H-D3 | User Guide - Page 312
) Figure 185 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. 312 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 313
186 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 187 Network Connections: My Network Places: Properties: Example P-662H/HW-D Series User's Guide 313 - ZyXEL P-662H-D3 | User Guide - Page 314
Chapter 22 Universal Plug-and-Play (UPnP) 314 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 315
PART V Maintenance, Troubleshooting and Specifications System (317) Logs (323) Tools (329) Diagnostic (335) Troubleshooting (337) Product Specifications (347) 315 - ZyXEL P-662H-D3 | User Guide - Page 316
316 - ZyXEL P-662H-D3 | User Guide - Page 317
this screen to configure the ZyXEL Device's time and date settings. 23.1 General Setup and System Name General Setup contains administrative and system-related can be assigned from the ZyXEL Device via DHCP. Click Maintenance > System to open the General screen. P-662H/HW-D Series User's Guide 317 - ZyXEL P-662H-D3 | User Guide - Page 318
to access the ZyXEL Device. Retype to Confirm Type the new password again for confirmation. Admin Password In addition to the wizard setup, if you log in with the admin password you can also view and configure the advanced features on the ZyXEL Device. 318 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 319
Device. Cancel Click Cancel to begin configuring this screen afresh. 23.2 Time Setting Use this screen to change your ZyXEL Device's time and date settings. Click Maintenance > System > Time Setting. The screen appears as shown. Figure 189 System Time Setting P-662H/HW-D Series User's Guide 319 - ZyXEL P-662H-D3 | User Guide - Page 320
ZyXEL Device uses the new setting once you click Apply. New Time (hh:mm:ss) New Date (yyyy/mm/dd) Get from Time Server Time Protocol Time Server Address Time Zone Setup Time Zone Note: If you enter time settings manually, they revert to their defaults (GMT). 320 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 321
would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-662H/HW-D Series User's Guide 321 - ZyXEL P-662H-D3 | User Guide - Page 322
Chapter 23 System 322 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 323
you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog entries. A triangle indicates ascending or descending sort order. P-662H/HW-D Series User's Guide 323 - ZyXEL P-662H-D3 | User Guide - Page 324
screen to configure to where the ZyXEL Device is to send logs; the schedule for when the ZyXEL Device is to send the logs and which logs and/or immediate alerts the ZyXEL Device is to record. See especially Access Control) may result in many emails being sent. 324 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 325
in the subject line of the log e-mail message that the ZyXEL Device sends. Not all ZyXEL Device models have this field. Send Log To The ZyXEL Device sends logs to the e-mail address specified in this field blank, alert messages will not be sent via E-mail. P-662H/HW-D Series User's Guide 325 - ZyXEL P-662H-D3 | User Guide - Page 326
User Name Enter the user name (up to 31 characters) (usually the user name of a mail account). Password Enter the password associated with the user the syslog server manual for more ZyXEL Device out of socket -2 means tcp SYN fail -3 means smtp server OK fail 326 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 327
Subject: Firewall Alert From ZyXEL Device Date: Fri, 07 Apr 2000 10:05:42 From: [email protected] To: [email protected] 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09: port:00520 dest port:00520 | | End of Firewall Log P-662H/HW-D Series User's Guide 327 - ZyXEL P-662H-D3 | User Guide - Page 328
Chapter 24 Logs 328 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 329
in this screen. Table 137 Firmware Upgrade LABEL DESCRIPTION Current Firmware Version This is the present Firmware version and the date created. File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. P-662H/HW-D Series User's Guide 329 - ZyXEL P-662H-D3 | User Guide - Page 330
desktop. Figure 195 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear. Click Return to go back to the Firmware screen. 330 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 331
Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. your previous settings. Click Backup to save the ZyXEL Device's current configuration to your computer P-662H/HW-D Series User's Guide 331 - ZyXEL P-662H-D3 | User Guide - Page 332
as that of the default ZyXEL Device IP address (192.168.1.1). See the appendix for details on how to set up your computer's IP address. If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen. 332 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 333
25.3 Restart System restart allows you to reboot the ZyXEL Device without turning the power off. Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration. Figure 201 Restart Screen P-662H/HW-D Series User's Guide 333 - ZyXEL P-662H-D3 | User Guide - Page 334
Chapter 25 Tools 334 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 335
screens display information to help you identify problems with the ZyXEL Device. 26.1 General Diagnostic Use this screen to perform IP connection from the ZyXEL Device to other network devices. Click Click this button to ping the IP address that you entered. P-662H/HW-D Series User's Guide 335 - ZyXEL P-662H-D3 | User Guide - Page 336
. The large text box above then displays the progress and results of this operation, for example: "Start to reset ADSL Loading ADSL modem F/W... Reset ADSL Line Successfully!" Capture All Logs Click this button to display all logs generated with the DSL line. 336 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 337
cables. Make sure your computer's Ethernet Card is working properly. I cannot access the ZyXEL Device from the LAN. If Any IP is disabled, make sure that the IP address and the subnet mask of the ZyXEL Device and your computer(s) are on the same subnet. P-662H/HW-D Series User's Guide 337 - ZyXEL P-662H-D3 | User Guide - Page 338
page 81. Contact your ISP. 27.4 Problems Accessing the ZyXEL Device Table 144 Troubleshooting Accessing the ZyXEL Device PROBLEM CORRECTIVE ACTION I cannot access the ZyXEL Device. The default user password is "user" and admin password is "1234". The Password field is case-sensitive. Make sure - ZyXEL P-662H-D3 | User Guide - Page 339
disable pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device's IP address any web pop-up blockers you may have enabled. P-662H/HW-D Series User's Guide 339 - ZyXEL P-662H-D3 | User Guide - Page 340
Chapter 27 Troubleshooting Figure 205 Internet Options 3 Click Apply to save this setting. 27.4.1.1.2 Enable pop-up Blockers with Exceptions Tools, Internet Options and then the Privacy tab. 2 Select Settings...to open the Pop-up Blocker Settings screen. 340 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 341
Troubleshooting 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix "http://". For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 207 Pop-up Blocker Settings P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 342
Chapter 27 Troubleshooting 5 Click Close to return to the Privacy screen. 6 Click Apply scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window. 342 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 343
Figure 209 Security Settings - Java Scripting Chapter 27 Troubleshooting 27.4.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab is selected. 5 Click OK to close the window. Figure 210 Security Settings - Java P-662H/HW-D Series User's Guide 343 - ZyXEL P-662H-D3 | User Guide - Page 344
Chapter 27 Troubleshooting 27.4.1.3.1 JAVA (Sun) 1 From Internet Explorer, not be able to download ActiveX controls or to use Trend Micro Security Services. Make sure that ActiveX controls are allowed in Internet Explorer. Screen shots window, click Custom Level. 344 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 345
Figure 212 Internet Options Security Chapter 27 Troubleshooting 3 Scroll down to ActiveX controls and plug-ins. 4 Under Download signed ActiveX controls select the button is selected. 6 Then click the OK button. Figure 213 Security Setting ActiveX Controls P-662H/HW-D Series User's Guide 345 - ZyXEL P-662H-D3 | User Guide - Page 346
Chapter 27 Troubleshooting 346 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 347
ZyXEL Device's hardware and firmware features. Table 145 Hardware Specifications Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Pool 192.168.1.32 to 192.168.1.64 Dimensions (180 W) x (128 D) x (36 H) mm Weight P-662HW: 350g; P-662H - ZyXEL P-662H-D3 | User Guide - Page 348
that probes from the outside to your network are not allowed, but you can safely browse the Internet and download files for example. The firewall supports real time E-mail alerts, reports and logs. 348 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 349
ZyXEL Device supports 20 IPSec tunnels. Content Filter The ZyXEL DoS (Denial of Service) attacks such user name and password) is required or the ZyXEL Device cannot connect to the ISP, you will be redirected to web screen(s) for information input or troubleshooting. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 350
The Any IP feature allows a computer to access the Internet and the ZyXEL Device without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the ZyXEL Device are not in the same subnet. 350 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 351
wall. 2 Drill two holes for the screws. 1 Be careful to avoid damaging pipes or cables located inside the wall when drilling holes for the screws. P-662H/HW-D Series User's Guide 351 - ZyXEL P-662H-D3 | User Guide - Page 352
screws on the wall. Hang the ZyXEL Device on the screws. Figure 214 Wall-mounting Example The following are dimensions of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm). Figure 215 Masonry Plug and M4 Tap Screw 352 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 353
The appendices provide general information. Some details may not apply to your ZyXEL Device. Setting up Your Computer's IP Address (355) Pop-up Wireless LANs (395) Management with Wireless Zero Configuration (409) Common Services (423) Virtual Circuit Topology (427) Importing Certificates (429) - ZyXEL P-662H-D3 | User Guide - Page 354
354 - ZyXEL P-662H-D3 | User Guide - Page 355
in order to "communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make ZyXEL Device's LAN port. Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 356
Client for Microsoft Networks from the list of network clients and then click OK. 5 Restart your computer so the changes you made take effect. 356 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 357
you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). P-662H/HW-D Series User's Guide 357 - ZyXEL P-662H-D3 | User Guide - Page 358
CD if prompted. 7 Turn on your ZyXEL Device and restart your computer when prompted. default gateway. Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. 1 Click start (Start in Windows 2000/NT), Settings, Control Panel. 358 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 359
Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 220 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. P-662H/HW-D Series User's Guide 359 - ZyXEL P-662H-D3 | User Guide - Page 360
an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 361
. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. • Click OK when finished. P-662H/HW-D Series User's Guide 361 - ZyXEL P-662H-D3 | User Guide - Page 362
DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. 362 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 363
Dial-up Connections in Windows 2000/NT). 11 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings 1 Support tab. Windows Vista This section shows screens from Windows Vista Enterprise Version 6.0. 1 Click the Start icon, Control Panel. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 364
3 Click Network and Sharing Center. Figure 228 Windows Vista: Network And Internet 4 Click Manage network connections. Figure 229 Windows Vista: Network and Sharing Center 364 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 365
. Figure 230 Windows Vista: Network and Sharing Center 6 Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. Figure 231 Windows Vista: Local Area Connection Properties P-662H/HW-D Series User's Guide 365 - ZyXEL P-662H-D3 | User Guide - Page 366
. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. • Click OK when finished. 366 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 367
Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. P-662H/HW-D Series User's Guide 367 - ZyXEL P-662H-D3 | User Guide - Page 368
. 12 Close the Network Connections window. 13 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings 1 Support tab. Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. 368 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 369
/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. P-662H/HW-D Series User's Guide 369 - ZyXEL P-662H-D3 | User Guide - Page 370
Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, assigned settings, select Using DHCP from the Configure list. 370 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 371
assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type address of your ZyXEL Device in the Router address box. 5 Click Apply Now and close the window. 6 Turn on your ZyXEL Device and 662H/HW-D Series User's Guide 371 - ZyXEL P-662H-D3 | User Guide - Page 372
of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 240 Red Hat 9.0: KDE: Ethernet Device: General 372 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 373
a static IP address, click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields. 3 Click OK to save the changes and close the Ethernet Device General screen. BOOTPROTO= field. The following figure shows an example. P-662H/HW-D Series User's Guide 373 - ZyXEL P-662H-D3 | User Guide - Page 374
Shutting down interface eth0: Shutting down loopback interface: Setting network parameters: Bringing up loopback interface: Bringing up interface eth0: [OK] [OK] [OK] [OK] [OK] 374 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 375
packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]# P-662H/HW-D Series User's Guide 375 - ZyXEL P-662H-D3 | User Guide - Page 376
Appendix A Setting up Your Computer's IP Address 376 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 377
pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device's IP 1 In Internet Explorer, select Tools, Internet Options, Privacy. P-662H/HW-D Series User's Guide 377 - ZyXEL P-662H-D3 | User Guide - Page 378
following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings...to open the Pop-up Blocker Settings screen. 378 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 379
://". For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 251 Pop-up Blocker Settings P-662H/HW-D Series User's Guide 379 - ZyXEL P-662H-D3 | User Guide - Page 380
Security 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window. 380 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 381
down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window. Figure 254 Security Settings - Java P-662H/HW-D Series User's Guide 381 - ZyXEL P-662H-D3 | User Guide - Page 382
versions may vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears. 382 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 383
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 256 Mozilla Firefox: Tools > Options Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 257 Mozilla Firefox Content Security P-662H/HW-D Series User's Guide 383 - ZyXEL P-662H-D3 | User Guide - Page 384
Appendix B Pop-up Windows, JavaScripts and Java Permissions 384 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 385
an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. P-662H/HW-D Series User's Guide 385 - ZyXEL P-662H-D3 | User Guide - Page 386
with a "1" value). For example, an "8-bit mask" means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. 386 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 387
Notation SUBNET MASK ALTERNATIVE NOTATION LAST OCTET (BINARY) LAST OCTET (DECIMAL) 255.255.255.0 /24 0000 0000 0 255.255.255.128 /25 1000 0000 128 P-662H/HW-D Series User's Guide 387 - ZyXEL P-662H-D3 | User Guide - Page 388
subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two subnetworks, A and B. 388 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 389
(Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1 Broadcast Address: 192.168.1.63 Highest Host ID: 192.168.1.62 P-662H/HW-D Series User's Guide 389 - ZyXEL P-662H-D3 | User Guide - Page 390
Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 390 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 391
) 1024 62 11 255.255.255.224 (/27) 2048 30 12 255.255.255.240 (/28) 4096 14 13 255.255.255.248 (/29) 8192 6 P-662H/HW-D Series User's Guide 391 - ZyXEL P-662H-D3 | User Guide - Page 392
that you entered. You don't need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise. Private IP Addresses Every machine on the Internet must have a unique RFC 1466, Guidelines for Management of IP Address Space. 392 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 393
DHCP server assigns to computer B which is a DHCP client. Neither can access the Internet. This problem can be solved by assigning a different static IP address to computer A or setting computer A to networks. Figure 262 Conflicting Computer IP Addresses Example P-662H/HW-D Series User's Guide 393 - ZyXEL P-662H-D3 | User Guide - Page 394
's LAN port both use 192.168.1.1 as the IP address. The computer cannot access the Internet. This problem can be solved by assigning a different IP address to the computer or the router's LAN port. Figure 263 Conflicting Computer and Router IP Addresses Example 394 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 395
an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS). The following diagram shows an example of notebook computers using wireless adapters to the wired network but cannot communicate with each other. P-662H/HW-D Series User's Guide 395 - ZyXEL P-662H-D3 | User Guide - Page 396
Appendix D Wireless LANs Figure 265 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected same ESS must have the same ESSID in order to communicate. 396 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 397
cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. P-662H/HW-D Series User's Guide 397 - ZyXEL P-662H-D3 | User Guide - Page 398
is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. 398 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 399
setting to automatically use short preamble when all wireless devices on the network support it, otherwise the ZyXEL Device uses long preamble. " The wireless devices MUST use the same preamble between wireless clients, access points and the wired network. P-662H/HW-D Series User's Guide 399 - ZyXEL P-662H-D3 | User Guide - Page 400
-server model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks: • Authentication Determines the identity of the users. • Authorization 400 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 401
LANs Determines the network services available to authenticated users once they are connected which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is that supports IEEE 802.1x. . P-662H/HW-D Series User's Guide 401 - ZyXEL P-662H-D3 | User Guide - Page 402
only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. 402 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 403
a default encryption key user name and password support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 404
common password, instead of user-specific credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force password-guessing . These two features are optional and may not be supported in all wireless devices. Key caching allows a wireless client 662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 405
runs on an operating system instructing the wireless client how to use the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA(2) password and allows it to join the network only if the password matches. P-662H/HW-D Series User's Guide 405 - ZyXEL P-662H-D3 | User Guide - Page 406
Table 162 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL ENCRYPTIO N METHOD ENTER MANUAL KEY IEEE 802.1X Open None No Disable Enable without Dynamic WEP Key Open WEP /AES No Enable WPA2-PSK TKIP/AES Yes Disable 406 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 407
. Angles typically range from 20 degrees (very directional) to 120 degrees (less directional). Directional antennas are ideal for hallways and outdoor point-to-point applications. P-662H/HW-D Series User's Guide 407 - ZyXEL P-662H-D3 | User Guide - Page 408
close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. 408 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 409
ZyXEL Device using the Windows XP wireless zero configuration tool. Be sure you have the Windows XP service pack 2 installed on your computer. Otherwise, you should at least have the Windows XP service pack 1 already on your computer and download the support P-662H/HW-D Series User's Guide 409 - ZyXEL P-662H-D3 | User Guide - Page 410
. Make sure the Use Windows to configure my wireless network settings check box is selected. Figure 272 Windows XP SP1: Wireless Network Connection Properties 410 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 411
Available Connecting to a Wireless Network 1 Double-click the network icon for wireless connections in the system tray to open the Wireless Network Connection Status screen. P-662H/HW-D Series User's Guide 411 - ZyXEL P-662H-D3 | User Guide - Page 412
wireless network is limited because the network did not assign a network address to the computer. The ZyXEL Device is not connected to a wireless network. 2 Windows XP SP2: In the Wireless Network tab to open the Wireless Network Connection Properties screen. 412 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 413
transmission range. Select a wireless network in the list and click Connect to join the selected wireless network. Figure 278 Windows XP SP2: Wireless Network Connection P-662H/HW-D Series User's Guide 413 - ZyXEL P-662H-D3 | User Guide - Page 414
this wireless network is your preferred network. Ordering your preferred networks is important because the ZyXEL Device tries to associate to the preferred network first in the order that you specify Click Connect Anyway if wireless security is not your concern. 414 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 415
yet enabled on the ZyXEL Device, you will see different screens according to the authentication and encryption methods used by the selected network. Association Select a network in the Preferred networks list and click Properties to view or configure security. P-662H/HW-D Series User's Guide 415 - ZyXEL P-662H-D3 | User Guide - Page 416
field displays the SSID (Service Set IDentifier) of each for confirmation. key Key index (advanced) Select a default WEP key to use for data encryption. This field check box is selected, the wireless AP assigns the ZyXEL Device a key. This is a computer-tocomputer (ad 662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 417
check box to have the computer access to the network as a guest when a user is not logged on or computer information is not available. OK Click OK to save your changes. Cancel Click Cancel to leave this screen without saving any changes you may have made. P-662H/HW-D Series User's Guide 417 - ZyXEL P-662H-D3 | User Guide - Page 418
certificate authority (CA). Consult your network administrator for more information. Do not prompt user to authorize new server or trusted certification authorities. Select this check box to verify without reauthentication) if the wireless connection goes down. 418 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 419
to verify the selected certificate. Use a different Select the check box to use a different user name when the user name in the user name for the smart card or certificate is not the same as the user name in the domain that you connection: are logged on to. P-662H/HW-D Series User's Guide 419 - ZyXEL P-662H-D3 | User Guide - Page 420
Networks Windows XP SP1: In the Wireless Network Connection Status screen, click Properties and the Wireless Networks tab to open the screen as shown. 420 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 421
Wireless Zero Configuration Figure 287 Windows XP SP1: Wireless Networks: Preferred Networks 2 Whenever the ZyXEL Device tries to connect to a new network, the new network is added in the network. Click Add to add a preferred network into the list manually. P-662H/HW-D Series User's Guide 421 - ZyXEL P-662H-D3 | User Guide - Page 422
Appendix E Management with Wireless Zero Configuration 422 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 423
, a service that matches web names (for example www.zyxel.com) to IP numbers. The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service. Finger is a UNIX or Internet related command that can be used to find out if a user is logged on. P-662H/HW-D Series User's Guide 423 - ZyXEL P-662H-D3 | User Guide - Page 424
channel. PPTP (Point-to-Point Tunneling Protocol) enables secure transfer of data over public networks. This is the data channel. Remote Command Service. A streaming audio service that enables real time sound over the web. Remote Execution Daemon. Remote Login. 424 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 425
is to allow users to log into remote host systems. Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). Another videoconferencing solution. P-662H/HW-D Series User's Guide 425 - ZyXEL P-662H-D3 | User Guide - Page 426
Appendix F Common Services 426 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 427
Logical connections between ATM switches A bundle of virtual channels A series of virtual paths between circuit end point Figure 288 Virtual Circuit that is, termination points between ATM switches. A series of virtual paths make up a virtual circuit. P-662H/HW-D Series User's Guide 427 - ZyXEL P-662H-D3 | User Guide - Page 428
Appendix G Virtual Circuit Topology 428 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 429
authority's certificate into your operating system as a trusted certification authority. The following example procedure shows how to import the ZyXEL Device's (self-signed) server certificate into your operating system as a trusted certification authority. P-662H/HW-D Series User's Guide 429 - ZyXEL P-662H-D3 | User Guide - Page 430
2 Click Install Certificate to open the Install Certificate wizard. Figure 291 Certificate General Information before Import 3 Click Next to begin the Install Certificate wizard. 430 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 431
Figure 292 Certificate Import Wizard 1 Appendix H Importing Certificates 4 Select where you would like to store the certificate and then click Next. Figure 293 Certificate Import Wizard 2 5 Click Finish to complete the Import Certificate wizard. P-662H/HW-D Series User's Guide 431 - ZyXEL P-662H-D3 | User Guide - Page 432
Appendix H Importing Certificates Figure 294 Certificate Import Wizard 3 6 Click Yes to add the ZyXEL Device certificate to the root store. Figure 295 Root Certificate Store 432 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 433
Appendix H Importing Certificates Figure 296 Certificate General Information after Import P-662H/HW-D Series User's Guide 433 - ZyXEL P-662H-D3 | User Guide - Page 434
Appendix H Importing Certificates 434 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 435
communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause ZyXEL Device. NetBIOS Display Filter Settings Command Example =========== NetBIOS Filter Status Between LAN and WAN: Block IPSec Packets: Forward Trigger Dial: Disabled P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 436
I NetBIOS Filter Commands The filter types and their default settings are as follows. Table 171 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE Between LAN This field displays command stops NetBIOS commands from initiating calls. config 4 off 436 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 437
steps to telnet into your ZyXEL Device. 1 Make sure password to login (default password is 1234). Command Usage A list of valid commands can be found by typing help or ? at the command prompt. Always type the full command. Type exit to close the session when finished. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 438
the ZyXEL Device (you must do this in order to record logs). Displaying Logs • Use the sys logs display command to show all of the logs in the ZyXEL Device's log. • Use the sys logs category display command to show the log settings for all of the log categories. 438 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 439
.0.2 |239.255.255.254 BLOCK Firewall default policy: IGMP (W to W/ZW) 3|06/08/2004 05:58:20 |172.21.3.191 |224.0.1.22 BLOCK Firewall default policy: IGMP (W to W/ZW) ZyXEL Device to route traffic that does not match a NAT rule through the LAN interface. P-662H/HW-D Series User's Guide 439 - ZyXEL P-662H-D3 | User Guide - Page 440
a spoofed ARP. An incorrect IP to MAC address mapping in the ZyXEL Device's ARP table could cause the ZyXEL Device to send packets to the wrong device. Commands for Using or on and set to force updates, the ZyXEL Device receives the gratuitous ARP request and 440 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 441
backup gateway. If ackGratuitous is off or not set to force updates, the ZyXEL Device will not update the gateway ARP entry and cannot forward packets through gateway it off because the ZyXEL Device updates the ARP table even when there is an existing entry. P-662H/HW-D Series User's Guide 441 - ZyXEL P-662H-D3 | User Guide - Page 442
Appendix J Command Interpreter 442 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 443
need to navigate and configure individual screens for each ZyXEL Device. You can use FTP to get the Internal Format: Column Descriptions / Menu 1 General Setup 10000000 = Configured 10000001 = System Name = 1 = Your Device = = = 1 = 0 = 0 P-662H/HW-D Series User's Guide 443 - ZyXEL P-662H-D3 | User Guide - Page 444
file. The command "get" transfers files from the ZyXEL Device to your computer. The name "rom-t" is the configuration filename on the ZyXEL Device. 4 Edit the "rom-t" file using a text editor (do not use a word processor). You must leave this FTP screen to edit. 444 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 445
computer but it must be named "rom-t" when you upload it to your ZyXEL Device. Internal SPTGEN FTP Upload Example 1 Launch your FTP application. 2 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> put rom-t ftp>bye P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 446
of what you may enter * Applies to the ZyXEL Device. Table 173 Menu 1 General Setup / Menu 1 General Setup FIN FN 10000000 = Configured 10000001 = System Name 10000002 = 256 = 256 = 256 = 256 = 256 = 256 = 256 = 256 = 256 = 256 = 256 = 256 = 256 446 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 447
12) 30200016 = IP Policies Set 4 (1~12) / Menu 3.2.1 IP Alias Setup FIN FN 30201001 = IP Alias 1 30201002 = 30201003 = 30201004 = IP = 0.0.0.0 = 0.0.0.0 = 172.21.2.200 = 16 = 0 = 0 = 2 = 256 = 256 = 256 = 256 INPUT = 0 = 0.0.0.0 = 0 = 0 = 0 = 256 = 256 P-662H/HW-D Series User's Guide 447 - ZyXEL P-662H-D3 | User Guide - Page 448
= IP Alias #2 Outgoing protocol filters Set 4 */ Menu 3.5 Wireless LAN Setup FIN FN 30500001 = ESSID 30500002 = Hide ESSID 30500003 = Channel ID - ZyXEL P-662H-D3 | User Guide - Page 449
WEP 30500007 = 30500008 = 30500009 = 30500010 = 30500011 = 30500012 = Default Key WEP Key1 WEP Key2 WEP Key3 WEP Key4 Wlan Active 30500013 = Access Setup / Menu 4 Internet Access Setup FIN FN 40000000 = Configured 40000001 = ISP 40000002 = Active P-662H/HW-D Series User's Guide Appendix - ZyXEL P-662H-D3 | User Guide - Page 450
Table 175 Menu 4 Internet Access Setup (continued) 40000003 = ISP's # VCI # Service Name My Login My Password Single User Account IP Address = 0 = 0 = 0 450 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 451
= 0 = 0 Table 177 Menu 15 SUA Server Setup / Menu 15 SUA Server Setup FIN FN 150000001 = SUA Server IP address for default port 150000002 = SUA Server #2 Active 150000003 = SUA = 0 = 0 = 0 = 0.0.0.0 P-662H/HW-D Series User's Guide 451 - ZyXEL P-662H-D3 | User Guide - Page 452
K Internal SPTGEN Table 177 Menu 15 SUA Server Setup (continued) 150000007 = SUA Server #3 Active 150000008 0 = 0 = 0.0.0.0 = 0 = 0 = 0 = 0.0.0.0 = 0 = 0 = 0 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 453
Appendix K Internal SPTGEN Table 177 Menu 15 SUA Server Setup (continued) 150000041 = SUA Server #9 Local IP address 150000042 = SUA Server )> INPUT = 2 = 1 = 6 = 0.0.0.0 = 0 = 137 = 0.0.0.0 = 0 = 0 P-662H/HW-D Series User's Guide 453 - ZyXEL P-662H-D3 | User Guide - Page 454
Set #2 / Menu 21.1 filter set #2, FIN FN 210200001 = Filter Set 2, Nam / Menu 21.1.2.1 Filter set #2, rule #1 FIN FN PVA PVA INPUT = NetBIOS_WAN INPUT 454 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 455
(drop)> PVA = 2 = 1 = 6 = 0.0.0.0 = 0 = 137 = 1 = 0.0.0.0 = 0 = 0 = 0 = 3 = 1 INPUT = 2 = 1 = 6 = 0.0.0.0 = 0 = 138 = 1 = 0.0.0.0 = 0 P-662H/HW-D Series User's Guide 455 - ZyXEL P-662H-D3 | User Guide - Page 456
Table 180 Menu 23 System Menus */ Menu 23.1 System Password Setup FIN FN 230000000 = System Password */ Menu 23.2 System security: radius server FIN FN = 1822 = 111111111111 111 111111111111 1111 = 1 = 1 = 192.168.1.44 = 1823 = 1234 INPUT = 2 = 555 = 999 456 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 457
= 230400007 = 230400008 = 230400009 = 230400010 = Authentication Databases INPUT = 23 = 0 = 0.0.0.0 = 21 = 0 = 0.0.0.0 = 80 = 0 = 0.0.0.0 P-662H/HW-D Series User's Guide 457 - ZyXEL P-662H-D3 | User Guide - Page 458
Command Examples The following are example Internal SPTGEN screens associated with the ZyXEL Device's command interpreter commands. Table 182 Command Examples FIN FN PVA INPUT 990000001 = ADSL OPMD 458 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 459
been dropped The router dropped an ICMP packet that was too large. Configuration Change: PC = 0x%x, Task ID = 0x%x The router is saving configuration changes. P-662H/HW-D Series User's Guide 459 - ZyXEL P-662H-D3 | User Guide - Page 460
cannot access the network through this interface. Table 185 Access Control Logs LOG MESSAGE Firewall default policy: [TCP | UDP | IGMP | ESP | GRE | OSPF] - ZyXEL P-662H-D3 | User Guide - Page 461
to the user's setting. For type and code details, see Table 200 on page 470. ICMP access matched (or didn't match) a firewall rule (denoted by its number) and was blocked or forwarded according to the rule. For type and code details, see Table 200 on page 470. P-662H/HW-D Series User's Guide 461 - ZyXEL P-662H-D3 | User Guide - Page 462
't have a corresponding NAT table entry. The firewall does not support this kind of ICMP packets or the ICMP packets are out of channel%d, call%d,%s C02 Call Terminated DESCRIPTION The router received the setup requirements for a call. "call" is the reference (count) 662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 463
server did not respond within the timeout server timeout period. DNS resolving failed The ZyXEL Device cannot get the IP address of the external content filtering via DNS query. Creating socket land attack. For type and code details, see Table 200 on page 470. P-662H/HW-D Series User's Guide 463 - ZyXEL P-662H-D3 | User Guide - Page 464
no inbound traffic for a certain time period. You can use the "ipsec timer chk_conn" CI command to set the time period. The default value is 2 minutes. The router dropped all connections with the "MyIP" configured as "0.0.0.0" when the WAN IP address changed. 464 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 465
Aggressive> Mode request to The router started negotiation with the peer. Invalid IP / The peer's "Local IP Address" is invalid. P-662H/HW-D Series User's Guide 465 - ZyXEL P-662H-D3 | User Guide - Page 466
packet's ID content is displayed. Unsupported local ID Type: The phase 1 ID type is not supported by the router. Build Phase 1 ID The router has started to build the phase 1 ID. Adjust algorithm mismatch match between the router and the peer. 466 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 467
authority server's address cannot be resolved. The CMP online certificate enrollment was successful. The Destination field records the certification authority server's IP address and port. P-662H/HW-D Series User's Guide 467 - ZyXEL P-662H-D3 | User Guide - Page 468
whose IP address and port are recorded in the Source field. Rcvd user cert: The router received a user certificate, with subject name as recorded, from the LDAP server whose is not valid. 6 Certificate signature was not verified correctly. 468 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 469
the RADIUS Server. The local user database only supports the EAP-MD5 method. A user tried to use another authentication method and was not authenticated. The router logged out a user whose session expired. The router logged out a user who ended the session. P-662H/HW-D Series User's Guide 469 - ZyXEL P-662H-D3 | User Guide - Page 470
WAN to the WAN or the ZyXEL Device. ACL set for packets traveling from the DMZ to the DMZ or the ZyXEL Device. Table 200 ICMP Notes TYPE CODE DESCRIPTION 0 Echo Reply 0 Echo reply message 3 Destination Unreachable 0 Net unreachable 1 Host unreachable 470 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 471
for the Type of Service and Host 8 Echo 0 Echo message 11 Time Exceeded 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 Pointer indicates the . The "cat" is the same as the category in the router's logs. P-662H/HW-D Series User's Guide 471 - ZyXEL P-662H-D3 | User Guide - Page 472
- 2004 ZyXEL Communications Corp. ras>? Valid commands are: sys exit ether aux ip ipsec bridge bm certificates cnm 8021x radius ras> 3 Use sys logs category followed by a log category to display the parameters that are available for the category. 472 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 473
category. 5 Use the sys logs save command to store the settings in the ZyXEL Device (you must do this in order to record logs). Displaying Logs • an individual ZyXEL Device log category. • Use the sys logs clear command to erase all of the ZyXEL Device's logs. P-662H/HW-D Series User's Guide 473 - ZyXEL P-662H-D3 | User Guide - Page 474
example shows how to set the ZyXEL Device to record the access default policy: IGMP (W to W/ZW) 5|06/08/2004 05:58:20 |172.21.4.187:137 |172.21.255.255:137 BLOCK Firewall default policy: UDP (W to W/ZW) notes |ACCESS |ACCESS |ACCESS |ACCESS |ACCESS |ACCESS 474 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 475
uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. P-662H/HW-D Series User's Guide 475 - ZyXEL P-662H-D3 | User Guide - Page 476
antenna or transmitter. • IEEE 802.11b or 802.11g operation of this product in the U.S.A. is firmware-limited to channels 1 through 11. • To comply with FCC RF exposure compliance requirements, a separation la classe B est conforme à la norme NMB-003 du Canada. 476 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 477
kind to the purchaser. To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number ( firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 478
Appendix M Legal Information 478 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 479
: www.zyxel.co.cr • FTP: ftp.zyxel.co.cr • Regular Mail: ZyXEL Costa Rica, Plaza Roble Escazú, Etapa El Patio, Tercer Piso, San José, Costa Rica Czech Republic • E-mail: [email protected] • Telephone: +420-241-091-350 • Fax: +420-241-091-359 • Web: www.zyxel.cz P-662H/HW-D Series User's Guide 479 - ZyXEL P-662H-D3 | User Guide - Page 480
. 20/A2 D-52146, Wuerselen, Germany Hungary • Support E-mail: [email protected] • Sales E-mail: [email protected] • Telephone: +36-1-3361649 • Fax: +36-1-3259100 • Web: www.zyxel.hu • Regular Mail: ZyXEL Hungary, 48, Zoldlomb Str., H-1025, Budapest, Hungary 480 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 481
Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia North America • Support E-mail: [email protected] • Sales E-mail: [email protected] • Telephone: +1-800-255-4101, +1-714-632-0882 • Fax: +1-714-632-0858 • Web: www.us.zyxel.com • FTP: ftp.us.zyxel.com P-662H/HW-D Series User's Guide 481 - ZyXEL P-662H-D3 | User Guide - Page 482
, The Strategry #03-28, Singapore 609930 Spain • Support E-mail: [email protected] • Sales E-mail: [email protected] • Telephone: +34-902-195-420 • Fax: +34-913-005-345 • Web: www.zyxel.es • Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain 482 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 483
@zyxel.co.uk • Telephone: +44-1344-303044, 08707-555779 (UK only) • Fax: +44-1344-303034 • Web: www.zyxel.co.uk • FTP: ftp.zyxel.co.uk • Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road, Bracknell, Berkshire RG12 2XB, United Kingdom (UK) P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 484
Appendix N Customer Support 484 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 485
124 Any IP 105, 350 How it works 106 note 106 Any IP Setup 108 AP (access point) 397 Application-level Firewalls 158 applications Internet access 40 Basic Service Set, See BSS 395 Basic wireless security 69 Blocking Time 187 Brute-force Attack, 161 BSS 395 P-662H/HW-D Series User's Guide Index - ZyXEL P-662H-D3 | User Guide - Page 486
166 Introduction 158 LAN to WAN Rules 172 Policies 169 Rule Logic 170 Rule Security Ramifications 170 Services 183 Types 157 When To Use 167 firmware 329 upgrade 329 upload 329 upload error 330 fragmentation threshold 398 Frame Relay 40 FTP 146, 292, 295 486 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 487
or PPPoE 83 RFC 1483 83 IP Pool 109 IP Pool Setup 102 IP protocol type 183 IP Spoofing 160, 162 IPSec 215 services 211 Maximize Bandwidth Usage 279 Maximum Burst Size (MBS) 84, 89, 93 Max-incomplete High 187 Max-incomplete Low 187 Message Integrity Check (MIC) 404 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 488
the ZyXEL Device 46 Restore 332 RFC 1483 82 RFC 1631 141 RIP See Routing Information Protocol 104 Routing Information Protocol 104 Direction 104 Version 104 RTS (Request To Send) 398 threshold 397, 398 Rules 172 Key Fields 171 LAN to WAN 172 Logic 170 Predefined Services 183 P-662H/HW-D Series User - ZyXEL P-662H-D3 | User Guide - Page 489
Service 171 Service Set 118 Service Type 179, 338 Services 146 services ZyXEL Device 164 Static Route 273 SUA 144 SUA (Single User Account) 144 SUA vs NAT 144 subnet 385 Subnet Mask 103, 177 subnet mask 386 subnetting 388 subscription services 165 URL keyword blocking 200 User Name 288 V VBR (Variable - ZyXEL P-662H-D3 | User Guide - Page 490
security parameters 406 WPA 403 key caching 404 pre-authentication 404 user authentication 404 vs WPA-PSK 404 wireless client supplicant 405 with RADIUS application example 405 system tray icon 412 Z Zero configuration Internet access 85 ZyXEL's Firewall Introduction 158 490 P-662H/HW-D Series User's Guide - ZyXEL P-662H-D3 | User Guide - Page 491
Index P-662H/HW-D Series User's Guide 491 - ZyXEL P-662H-D3 | User Guide - Page 492
Index 492 P-662H/HW-D Series User's Guide
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
 |
 |
www.zyxel.com
P-662H/HW-D Series
802.11g ADSL2+ 4-Port Security Gateway
User’s Guide
Version 3.40
12/2008
Edition 3
DEFAULT LOGIN
IP Address
User Password
user
Admin Password
1234