Home » ZyXEL Manuals » Wireless » ZyXEL EMG3425 » Manual Viewer

ZyXEL EMG3425 User Guide - Page 118

What is a Firewall?, Stateful Inspection Firewall, About the EMG3425-Q10A Firewall

Add to My Manuals
Save this manual to your list of manuals

Page 118 highlights

Chapter 16 Firewall What is a Firewall? Originally, the term "firewall" referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term "firewall" is a system or group of systems that enforces an access-control policy between two networks. It may also be defined as a mechanism used to protect a trusted network from a network that is not trusted. Of course, firewalls cannot solve every security problem. A firewall is one of the mechanisms used to establish a network security perimeter in support of a network security policy. It should never be the only mechanism or method employed. For a firewall to guard effectively, you must design and deploy it appropriately. This requires integrating the firewall into a broad information-security policy. In addition, specific policies must be implemented within the firewall itself. Stateful Inspection Firewall Stateful inspection firewalls restrict access by screening data packets against defined access rules. They make access control decisions based on IP address and protocol. They also "inspect" the session data to assure the integrity of the connection and to adapt to dynamic protocols. These firewalls generally provide the best speed and transparency; however, they may lack the granular application level access control or caching that some proxies support. Firewalls, of one type or another, have become an integral part of standard security solutions for enterprises. About the EMG3425-Q10A Firewall The EMG3425-Q10A's firewall feature physically separates the LAN and the WAN and acts as a secure gateway for all data passing between the networks. It is a stateful inspection firewall and is designed to protect against Denial of Service attacks when activated (click the General tab under Firewall and then click the Enable Firewall check box). The EMG3425-Q10A's purpose is to allow a private Local Area Network (LAN) to be securely connected to the Internet. The EMG3425-Q10A can be used to prevent theft, destruction and modification of data, as well as log events, which may be important to the security of your network. The EMG3425-Q10A is installed between the LAN and a broadband modem connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN. The EMG3425-Q10A has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet. The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-mail, FTP and the World Wide Web. However, "inbound access" is not allowed (by default) unless the remote host is authorized to use a specific service. Guidelines For Enhancing Security With Your Firewall 1 Change the default password via Web Configurator. 2 Think about access control before you connect to the network in any way, including attaching a modem to the port. EMG3425-Q10A User's Guide 118

Section	Page
EMG3425-Q10A	1
Contents Overview	3
Table of Contents	4
User’s Guide	11
Introduction	12
1.1 Overview	12
1.1.1 Dual-Band	13
1.2 Applications	13
1.3 Ways to Manage the EMG3425-Q10A	13
1.4 Good Habits for Managing the EMG3425-Q10A	14
1.5 Resetting the EMG3425-Q10A	14
1.5.1 How to Use the RESET Button	14
1.6 The WPS Button	14
1.7 LEDs	15
1.8 Wall Mounting	17
Introducing the Web Configurator	19
2.1 Overview	19
2.2 Login Accounts	19
2.3 Accessing the Web Configurator	19
2.3.1 Login Screen	20
2.3.2 Password Screen	21
EMG3425-Q10A Modes	23
3.1 Overview	23
3.1.1 Device Modes	23
Router Mode	24
4.1 Overview	24
4.2 Router Mode Status Screen	24
4.2.1 Navigation Panel	27
Access Point Mode	31
5.1 Overview	31
5.2 What You Can Do	31
5.3 What You Need to Know	31
5.3.1 Setting your EMG3425-Q10A to AP Mode	32
5.3.2 Accessing the Web Configurator in Access Point Mode	32
5.3.3 Configuring your WLAN and Maintenance Settings	33
5.4 AP Mode Status Screen	33
5.4.1 Navigation Panel	35
5.5 LAN Screen	35
Tutorials	38
6.1 Overview	38
6.2 Set Up a Wireless Network Using WPS	38
6.2.1 Push Button Configuration (PBC)	38
6.2.2 PIN Configuration	39
6.3 Connect to EMG3425-Q10A Wireless Network without WPS	40
6.3.1 Configure Your Notebook	42
6.4 Using Multiple SSIDs on the EMG3425-Q10A	44
6.4.1 Configuring Security Settings of Multiple SSIDs	45
Technical Reference	50
Monitor	51
7.1 Overview	51
7.2 What You Can Do	51
7.3 The Log Screen	51
7.3.1 View Log	51
7.4 DHCP Table	52
7.5 Packet Statistics	53
7.6 WLAN Station Status	54
7.7 IGMP Statistics	55
WAN	57
8.1 Overview	57
8.2 What You Can Do	57
8.3 What You Need To Know	57
8.3.1 Configuring Your Internet Connection	57
8.4 Management WAN	59
8.4.1 Add/Edit WAN Connection	60
Wireless LAN	68
9.1 Overview	68
9.1.1 What You Can Do	69
9.1.2 What You Should Know	69
9.2 General Wireless LAN Screen	73
9.3 Wireless Security	75
9.3.1 No Security	75
9.3.2 WPA-PSK/WPA2-PSK	76
9.3.3 WPA/WPA2	77
9.4 More AP Screen	79
9.4.1 More AP Edit	79
9.5 MAC Filter Screen	81
9.6 Wireless LAN Advanced Screen	83
9.7 Quality of Service (QoS) Screen	83
9.8 WPS Screen	84
9.9 WPS Station Screen	86
9.10 Scheduling Screen	86
LAN	88
10.1 Overview	88
10.2 What You Can Do	88
10.3 What You Need To Know	89
10.3.1 IP Pool Setup	89
10.3.2 LAN TCP/IP	89
10.3.3 IP Alias	89
10.4 LAN IP Screen	90
10.5 IP Alias Screen	90
10.6 IPv6 LAN Screen	91
10.7 IGMP Snooping Screen	92
DHCP Server	94
11.1 Overview	94
11.1.1 What You Can Do	94
11.1.2 What You Need To Know	94
11.2 DHCP Server General Screen	94
11.3 DHCP Server Advanced Screen	95
11.4 DHCP Client List Screen	97
NAT	99
12.1 Overview	99
12.1.1 What You Can Do	99
12.1.2 What You Need To Know	100
12.2 General	101
12.3 Port Forwarding Screen	102
12.3.1 Port Forwarding Edit Screen	104
12.4 Port Trigger Screen	105
12.5 Technical Reference	106
12.5.1 NATPort Forwarding: Services and Port Numbers	106
12.5.2 NAT Port Forwarding Example	106
12.5.3 Trigger Port Forwarding	107
12.5.4 Trigger Port Forwarding Example	107
12.5.5 Two Points To Remember About Trigger Ports	108
DDNS	109
13.1 Overview	109
13.1.1 What You Need To Know	109
13.2 General	109
Static Route	111
14.1 Overview	111
14.2 IP Static Route Screen	111
14.2.1 Add/Edit Static Route	112
Interface Group	114
15.1 Overview	114
15.2 The Interface Group Screen	114
15.2.1 Add Interface Group	115
15.2.2 Add Interface Group Criteria	116
Firewall	117
16.1 Overview	117
16.1.1 What You Can Do	117
16.1.2 What You Need To Know	117
16.2 General Screen	119
16.3 Services Screen	119
Content Filtering	122
17.1 Overview	122
17.2 Content Filter	122
IPv6 Firewall	124
18.1 Overview	124
18.2 IPv6 Firewall Screen	124
Parental Control	127
19.1 Overview	127
19.1.1 What You Need To Know	127
19.2 Parental Control Screen	127
19.2.1 Add/Edit a Parental Control Rule	128
19.2.2 Add/Edit a Service	130
19.3 Technical Reference	131
19.3.1 Customizing Keyword Blocking URL Checking	131
Bandwidth Management	133
20.1 Overview	133
20.1.1 What You Can Do in this Chapter	133
20.2 What You Need to Know	133
20.3 Bandwidth MGMT General Screen	135
20.4 The Queue Setup Screen	136
20.4.1 Add/Edit a Queue	137
20.5 The Class Setup Screen	138
20.5.1 Add/Edit a Classifier	139
20.6 Technical Reference	142
Remote Management	147
21.1 Overview	147
21.2 What You Can Do in this Chapter	147
21.3 What You Need to Know	147
21.3.1 Remote Management and NAT	148
21.3.2 System Timeout	148
21.4 WWW Screen	148
21.5 Telnet Screen	151
21.6 SNMP Screen	152
21.7 Wake On LAN Screen	154
21.8 TR069 Screen	155
Universal Plug-and-Play (UPnP)	158
22.1 Overview	158
22.2 What You Need to Know	158
22.2.1 NAT Traversal	158
22.2.2 Cautions with UPnP	158
22.3 UPnP Screen	159
22.4 Technical Reference	159
22.4.1 Using UPnP in Windows XP Example	159
22.4.2 Web Configurator Easy Access	161
USB Media Sharing	164
23.1 Overview	164
23.2 What You Can Do	165
23.3 What You Need To Know	165
23.4 Before You Begin	166
23.5 DLNA Screen	167
23.6 SAMBA Screen	167
23.7 FTP Screen	169
23.8 Example of Accessing Your Shared Files From a Computer	170
23.8.1 Use Windows Explorer to Share Files	170
23.8.2 Use FTP to Share Files	172
Port Configuration	174
24.1 Overview	174
24.2 Port Configuration Screen	174
Maintenance	176
25.1 Overview	176
25.2 What You Can Do	176
25.3 General Screen	176
25.4 Account Screen	177
25.4.1 Account Setup Screen	178
25.5 Time Setting Screen	178
25.6 Firmware Upgrade Screen	180
25.7 Configuration Backup/Restore Screen	181
25.8 Restart Screen	183
25.9 System Operation Mode Overview	183
25.10 Sys OP Mode Screen	184
25.11 Language Screen	185
25.12 Diagnostic Ping Screen	185
Troubleshooting	187
26.1 Overview	187
26.2 Power, Hardware Connections, and LEDs	187
26.3 EMG3425-Q10A Access and Login	188
26.4 Internet Access	189
26.5 Resetting the EMG3425-Q10A to Its Factory Defaults	191
26.6 Wireless Connections	191
26.7 USB Device Problems	193
Pop-up Windows, JavaScript and Java Permissions	194
Setting Up Your Computer’s IP Address	203
Common Services	231
Legal Information	234
Customer Support	241

Match case Limit results 1 per page

Chapter 16 Firewall

EMG3425-Q10A User’s Guide

118

What is a Firewall?

Originally, the term “firewall” referred to a construction technique designed to prevent the spread of

fire from one room to another. The networking term "firewall" is a system or group of systems that

enforces an access-control policy between two networks. It may also be defined as a mechanism

used to protect a trusted network from a network that is not trusted. Of course, firewalls cannot

solve every security problem. A firewall is one of the mechanisms used to establish a network

security perimeter in support of a network security policy. It should never be the only mechanism or

method employed. For a firewall to guard effectively, you must design and deploy it appropriately.

This requires integrating the firewall into a broad information-security policy. In addition, specific

policies must be implemented within the firewall itself.

Stateful Inspection Firewall

Stateful inspection firewalls restrict access by screening data packets against defined access rules.

They make access control decisions based on IP address and protocol. They also "inspect" the

session data to assure the integrity of the connection and to adapt to dynamic protocols. These

firewalls generally provide the best speed and transparency; however, they may lack the granular

application level access control or caching that some proxies support. Firewalls, of one type or

another, have become an integral part of standard security solutions for enterprises.

About the EMG3425-Q10A Firewall

The EMG3425-Q10A’s firewall feature physically separates the LAN and the WAN and acts as a

secure gateway for all data passing between the networks.

It is a stateful inspection firewall and is designed to protect against Denial of Service attacks when

activated (click

the

General

tab under

Firewall

and then click the

Enable

Firewall

check box).

The EMG3425-Q10A's purpose is to allow a private Local Area Network (LAN) to be securely

connected to the Internet. The EMG3425-Q10A can be used to prevent theft, destruction and

modification of data, as well as log events, which may be important to the security of your network.

The EMG3425-Q10A is installed between the LAN and a broadband modem connecting to the

Internet. This allows it to act as a secure gateway for all data passing between the Internet and the

LAN.

The EMG3425-Q10A has one Ethernet WAN port and four Ethernet LAN ports, which are used to

physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the

broadband (cable or DSL) modem to the Internet.

The LAN (Local Area Network) port attaches to a network of computers, which needs security from

the outside world. These computers will have access to Internet services such as e-mail, FTP and

the World Wide Web. However, "inbound access" is not allowed (by default) unless the remote host

is authorized to use a specific service.

Guidelines For Enhancing Security With Your Firewall

Change the default password via Web Configurator.

Think about access control before you connect to the network in any way, including attaching a

modem to the port.