Home » ZyXEL Manuals » Bridges & Routers » ZyXEL ARMOR Z1 » Manual Viewer

ZyXEL ARMOR Z1 User Guide - Page 132

IPv4 Firewall Screen, About the ARMOR Z1 Firewall

Add to My Manuals
Save this manual to your list of manuals

Page 132 highlights

Chapter 14 Security About the ARMOR Z1 Firewall The ARMOR Z1's firewall feature physically separates the LAN and the WAN and acts as a secure gateway for all data passing between the networks. It is a stateful inspection firewall and is designed to protect against Denial of Service attacks when activated (click the IPv4 Firewall or IPv6 Firewall tab under Security and then click the Enable Firewall check box). The ARMOR Z1's purpose is to allow a private Local Area Network (LAN) to be securely connected to the Internet. The ARMOR Z1 can be used to prevent theft, destruction and modification of data, as well as log events, which may be important to the security of your network. The ARMOR Z1 is installed between the LAN and a broadband modem connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN. The ARMOR Z1 has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet. The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-mail, FTP and the World Wide Web. However, "inbound access" is not allowed (by default) unless the remote host is authorized to use a specific service. Guidelines For Enhancing Security With Your Firewall 1 Change the default password via Web Configurator. 2 Think about access control before you connect to the network in any way, including attaching a modem to the port. 3 Limit who can access your router. 4 Don't enable any local service (such as NTP) that you don't use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network. 5 For local services that are enabled, protect against misuse. Protect by configuring the services to communicate only with specific peers, and protect by configuring rules to block packets for the services at specific interfaces. 6 Protect against IP spoofing by making sure the firewall is active. 7 Keep the firewall in a secured (locked) room. 14.2 IPv4 Firewall Screen Use this screen to enable or disable the ARMOR Z1's IPv4 firewall, and set up firewall logs. Click Expert > Security > IPv4 Firewall to open the firewall setup screen. ARMOR Z1 User's Guide 132

Section	Page
ARMOR Z1	1
Contents Overview	3
Table of Contents	4
User’s Guide	9
Introduction	10
1.1 Overview	10
1.2 Applications	10
1.3 Ways to Manage the ARMOR Z1	10
1.4 Good Habits for Managing the ARMOR Z1	11
1.5 Resetting the ARMOR Z1	11
1.5.1 How to Use the RESET Button	11
1.6 The WPS Button	11
1.7 LEDs	12
1.8 Wall Mounting	14
Introducing the Web Configurator	16
2.1 Overview	16
2.2 Accessing the Web Configurator	16
2.2.1 Login Screen	17
2.2.2 Change Default Password Screen	17
eaZy 123 Wizard	19
3.1 Overview	19
3.2 Accessing the eaZy 123 Wizard	19
3.3 Internet Type	20
3.3.1 WAN Selection Type: Automatic - DHCP	21
3.3.2 WAN Selection Type: PPPoE	21
3.3.3 WAN Selection Type: Static	22
3.4 Wireless Network	23
ARMOR Z1 Modes	27
4.1 Overview	27
4.1.1 Web Configurator Modes	27
4.1.2 Device Modes	27
Easy Mode	28
5.1 Overview	28
5.2 What You Can Do	28
5.3 What You Need to Know	29
5.4 Navigation Panel	29
5.5 Network Map	29
5.6 Control Panel	31
5.6.1 Parental Control	32
5.6.2 Guest Wi-Fi	32
5.6.3 Notification	33
5.6.4 Wi-Fi	34
5.6.5 LED	35
Router Mode	36
6.1 Overview	36
6.2 Router Mode Status Screen	36
6.2.1 Navigation Panel	39
Access Point Mode	42
7.1 Overview	42
7.2 What You Can Do	42
7.3 What You Need to Know	42
7.3.1 Setting your ARMOR Z1 to AP Mode	43
7.3.2 Accessing the Web Configurator in Access Point Mode	43
7.3.3 Configuring your WLAN and Maintenance Settings	44
7.4 AP Mode Status Screen	44
7.4.1 Navigation Panel	46
7.5 LAN Screen	46
Tutorials	49
8.1 Overview	49
8.2 Set Up a Wireless Network Using WPS	49
8.2.1 Push Button Configuration (PBC)	49
8.2.2 PIN Configuration	50
8.3 Connect to ARMOR Z1 Wireless Network without WPS	51
8.3.1 Configure Your Notebook	53
8.4 Using Guest SSIDs on the ARMOR Z1	55
8.4.1 Configuring Security Settings of Guest SSIDs	56
Technical Reference	59
Status	60
9.1 Overview	60
9.1.1 What You Can Do	60
9.2 Live Network Monitor Screen	60
9.3 Common Usage Screen	62
9.4 Download Traffic Statistics Screen	63
9.5 DHCP Table Screen	64
9.6 WLAN 2.4G/5G Clients Screen	65
WAN	66
10.1 Overview	66
10.2 What You Can Do	66
10.3 What You Need To Know	66
10.3.1 Configuring Your Internet Connection	67
10.4 Internet Connection Screen	69
10.4.1 IPoE Encapsulation	69
10.4.2 PPPoE Encapsulation	74
10.5 NAT	78
10.5.1 General Screen	78
10.5.2 Port Trigger Screen	80
10.6 Dynamic DNS Screen	81
Wireless LAN	83
11.1 Overview	83
11.1.1 What You Can Do	84
11.1.2 What You Should Know	84
11.2 Wireless Screen	88
11.3 Wireless Security	90
11.3.1 No Security	90
11.3.2 WPA-PSK/WPA2-PSK	91
11.3.3 WPA/WPA2	92
11.4 Guest Wireless Screen	94
11.4.1 Guest Wireless Edit	94
11.5 MAC Filter Screen	96
11.6 Advanced Screen	97
11.7 WPS Screen	98
11.8 Scheduling Screen	100
LAN	102
12.1 Overview	102
12.2 What You Can Do	102
12.3 What You Need To Know	102
12.4 LAN IP Screen	103
12.5 Static DHCP Screen	104
12.6 IPv6 LAN Screen	105
Applications	107
13.1 Overview	107
13.1.1 What You Can Do	107
13.1.2 What You Need To Know	107
13.1.3 Before You Begin	109
13.2 Parental Control	109
13.2.1 General Screen	109
13.2.2 Notification Screen	113
13.3 Bandwidth Management	115
13.3.1 Bandwidth Screen	116
13.3.2 Priorities Screen	117
13.4 USB Media Sharing Screen	118
13.5 UPnP Screen	120
13.6 File Sharing	121
13.6.1 SAMBA Server Screen	121
13.6.2 FTP Server Screen	123
13.6.3 Example of Accessing Your Shared Files From a Computer	124
13.7 One Connect Screen	128
13.8 Technical Reference	128
Security	131
14.1 Overview	131
14.1.1 What You Can Do	131
14.1.2 What You Need To Know	131
14.2 IPv4 Firewall Screen	132
14.3 IPv6 Firewall Screen	134
Maintenance	137
15.1 Overview	137
15.2 What You Can Do	137
15.3 General Screen	137
15.4 Password Screen	138
15.5 Time Screen	139
15.6 Firmware Upgrade Screen	141
15.7 Backup/Restore Screen	142
15.8 Restart Screen	143
15.9 Language Screen	143
15.10 Remote Management Screen	144
15.10.1 Remote Access	144
15.10.2 Wake On LAN	146
15.11 Log Screen	147
15.12 System Operation Mode Overview	148
15.13 Operation Mode Screen	149
Troubleshooting	151
16.1 Overview	151
16.2 Power, Hardware Connections, and LEDs	151
16.3 ARMOR Z1 Access and Login	152
16.4 Internet Access	154
16.5 Resetting the ARMOR Z1 to Its Factory Defaults	155
16.6 Wireless Connections	155
16.7 USB Device Problems	157
Customer Support	158
Pop-up Windows, JavaScript and Java Permissions	164
Setting Up Your Computer’s IP Address	173
Common Services	199
Legal Information	203

Match case Limit results 1 per page

Chapter 14 Security

ARMOR Z1 User’s Guide

132

About the ARMOR Z1 Firewall

The ARMOR Z1’s firewall feature physically separates the LAN and the WAN and acts as a secure

gateway for all data passing between the networks.

It is a stateful inspection firewall and is designed to protect against Denial of Service attacks when

activated (click

the

IPv4 Firewall

IPv6 Firewall

tab under

Security

and then click the

Enable

Firewall

check box). The ARMOR Z1's purpose is to allow a private Local Area Network (LAN) to be

securely connected to the Internet. The ARMOR Z1 can be used to prevent theft, destruction and

modification of data, as well as log events, which may be important to the security of your network.

The ARMOR Z1 is installed between the LAN and a broadband modem connecting to the Internet.

This allows it to act as a secure gateway for all data passing between the Internet and the LAN.

The ARMOR Z1 has one Ethernet WAN port and four Ethernet LAN ports, which are used to

physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the

broadband (cable or DSL) modem to the Internet.

The LAN (Local Area Network) port attaches to a network of computers, which needs security from

the outside world. These computers will have access to Internet services such as e-mail, FTP and

the World Wide Web. However, "inbound access" is not allowed (by default) unless the remote host

is authorized to use a specific service.

Guidelines For Enhancing Security With Your Firewall

Change the default password via Web Configurator.

Think about access control before you connect to the network in any way, including attaching a

modem to the port.

Limit who can access your router.

Don't enable any local service (such as NTP) that you don't use. Any enabled service could present

a potential security risk. A determined hacker might be able to find creative ways to misuse the

enabled services to access the firewall or the network.

For local services that are enabled, protect against misuse. Protect by configuring the services to

communicate only with specific peers, and protect by configuring rules to block packets for the

services at specific interfaces.

Protect against IP spoofing by making sure the firewall is active.

Keep the firewall in a secured (locked) room.

14.2

IPv4 Firewall Screen

Use this screen to enable or disable the ARMOR Z1’s IPv4 firewall, and set up firewall logs. Click

Expert

Security

IPv4

Firewall

to open the firewall setup screen.