Home » ZyXEL Manuals » Networking » ZyXEL MAX-306 » Manual Viewer

ZyXEL MAX-306 User Guide - Page 209

Guidelines For Enhancing Security With Your Firewall, 16.4.3 The “Triangle Route” Problem

Get ZyXEL MAX-306 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 209 highlights

Chapter 16 The Firewall Screens 16.4.2 Guidelines For Enhancing Security With Your Firewall 1 Change the default password via web configurator. 2 Think about access control before you connect to the network in any way. 3 Limit who can access your router. 4 Don't enable any local service (such as telnet or FTP) that you don't use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network. 5 For local services that are enabled, protect against misuse. Protect by configuring the services to communicate only with specific peers, and protect by configuring rules to block packets for the services at specific interfaces. 6 Protect against IP spoofing by making sure the firewall is active. 7 Keep the firewall in a secured (locked) room. 16.4.3 The "Triangle Route" Problem A traffic route is a path for sending or receiving data packets between two Ethernet devices. You may have more than one connection to the Internet (through one or more ISPs). If an alternate gateway is on the LAN (and its IP address is in the same subnet as the WiMAX Device's LAN IP address), the "triangle route" (also called asymmetrical route) problem may occur. The steps below describe the "triangle route" problem. 1 A computer on the LAN initiates a connection by sending out a SYN packet to a receiving server on the WAN. 2 The WiMAX Device reroutes the SYN packet through Gateway A on the LAN to the WAN. 3 The reply from the WAN goes directly to the computer on the LAN without going through the WiMAX Device. User's Guide 209

Section	Page
MAX-306HW2 Series	1
About This User's Guide	3
Document Conventions	4
Safety Warnings	6
Contents Overview	9
Table of Contents	11
List of Figures	19
List of Tables	25
Introduction and Wizards	29
Getting Started	31
1.1 Overview	31
1.1.1 Wi-Fi Access Point	32
1.1.2 WiMAX Internet Access	32
1.1.3 Make Calls via Internet Telephony Service Provider	33
1.2 WiMAX Device Hardware	34
1.2.1 LEDs	34
1.3 Good Habits for Managing the WiMAX Device	35
Introducing the Web Configurator	37
2.1 Overview	37
2.1.1 Accessing the Web Configurator	37
2.1.2 The Reset Button	40
2.2 The Main Screen	40
Internet Connection Wizard	47
3.1 Overview	47
3.1.1 Welcome to the ZyXEL Setup Wizard	47
3.1.2 System Information	48
3.1.3 Wireless LAN	49
3.1.4 Authentication Settings	54
3.1.5 IP Address	56
3.1.6 Setup Complete	58
VoIP Connection Wizard	59
4.1 Overview	59
4.2 Welcome to the ZyXEL Setup Wizard	59
4.2.1 First Voice Account Settings	60
4.2.2 Setup Complete	63
Basic Screens	65
The Setup Screens	67
5.1 Overview	67
5.1.1 What You Can Do in This Chapter	67
5.1.2 What You Need to Know	67
5.1.3 Before You Begin	68
5.2 Set IP Address	68
5.3 DHCP Client	69
5.4 Time Setting	70
5.4.1 Pre-Defined NTP Time Servers List	71
5.4.2 Resetting the Time	72
Advanced Screens	73
The LAN Configuration Screens	75
6.1 Overview	75
6.1.1 What You Can Do in This Chapter	75
6.1.2 What You Need to Know	75
6.2 DHCP Setup	76
6.3 Static DHCP	78
6.4 IP Alias	79
6.5 IP Static Route	81
6.5.1 IP Static Route Setup	82
6.6 Other Settings	83
6.7 Technical Reference	84
6.7.1 IP Address and Subnet Mask	84
6.7.2 DHCP Setup	85
6.7.3 LAN TCP/IP	85
6.7.4 DNS Server Address	86
6.7.5 RIP Setup	86
6.7.6 Multicast	87
The WAN Configuration Screens	89
7.1 Overview	89
7.1.1 What You Can Do in This Chapter	89
7.1.2 What You Need to Know	89
7.2 Internet Connection	93
7.3 WiMAX Configuration	95
7.3.1 Frequency Ranges	97
7.3.2 Configuring Frequency Settings	97
7.3.3 Using the WiMAX Frequency Screen	98
7.4 Traffic Redirect	99
7.5 Advanced	101
The Wi-Fi Configuration Screens	103
8.1 Overview	103
8.1.1 What You Can Do in This Chapter	103
8.1.2 What You Need to Know	103
8.2 General	104
8.3 MAC Filter	109
8.4 Advanced	110
The VPN Transport Screens	113
9.1 Overview	113
9.1.1 What You Can Do in This Chapter	114
9.1.2 What You Need to Know	114
9.1.3 Before You Begin	115
9.2 General	116
9.3 Customer Interface	116
9.3.1 Multi-Protocol Label Switching	117
9.3.2 Generic Routing Encapsulation	117
9.3.3 Customer Interface Options	118
9.3.4 Customer Interface Setup	120
9.4 Ethernet Pseudowire	121
9.4.1 Ethernet Pseudowire Setup	123
9.5 Statistics	124
The NAT Configuration Screens	125
10.1 Overview	125
10.1.1 What You Can Do in This Chapter	125
10.2 General	125
10.3 Port Forwarding	126
10.3.1 Port Forwarding Options	127
10.3.2 Port Forwarding Rule Setup	129
10.4 Trigger Port	130
10.4.1 Trigger Port Forwarding Example	131
10.5 ALG	132
The System Configuration Screens	135
11.1 Overview	135
11.1.1 What You Can Do in This Chapter	135
11.1.2 What You Need to Know	135
11.2 General	137
11.3 Dynamic DNS	138
11.4 Firmware	140
11.4.1 The Firmware Upload Process	141
11.5 Configuration	142
11.5.1 The Restore Configuration Process	143
11.6 Restart	143
11.6.1 The Restart Process	144
Voice Screens	145
The Service Configuration Screens	147
12.1 Overview	147
12.1.1 What You Can Do in This Chapter	147
12.1.2 What You Need to Know	147
12.1.3 Before you Begin	149
12.2 SIP Settings	149
12.2.1 Advanced SIP Settings	151
12.3 QoS	158
12.4 Technical Reference	159
12.4.1 SIP Call Progression	159
12.4.2 SIP Client Server	160
12.4.3 SIP User Agent	160
12.4.4 SIP Proxy Server	160
12.4.5 SIP Redirect Server	161
12.4.6 NAT and SIP	162
12.4.7 DiffServ	162
12.4.8 DSCP and Per-Hop Behavior	163
The Phone Screens	165
13.1 Overview	165
13.1.1 What You Can Do in This Chapter	165
13.1.2 What You Need to Know	165
13.2 Analog Phone	166
13.2.1 Advanced Analog Phone Setup	168
13.3 Common	169
13.4 Region	170
13.5 Technical Reference	170
13.5.1 The Flash Key	170
13.5.2 Europe Type Supplementary Phone Services	171
13.5.3 USA Type Supplementary Services	173
The Phone Book Screens	175
14.1 Overview	175
14.1.1 What You Can Do in This Chapter	175
14.1.2 What You Need to Know	175
14.2 Incoming Call Policy	176
14.3 Speed Dial	178
Tools & Status Screens	181
The Certificates Screens	183
15.1 Overview	183
15.1.1 What You Can Do in This Chapter	183
15.1.2 What You Need to Know	183
15.2 My Certificates	184
15.2.1 My Certificates Create	186
15.2.2 My Certificate Edit	189
15.2.3 My Certificate Import	192
15.3 Trusted CAs	193
15.3.1 Trusted CA Edit	195
15.3.2 Trusted CA Import	197
15.4 Technical Reference	198
15.4.1 Certificate Authorities	198
15.4.2 Verifying a Certificate	200
The Firewall Screens	203
16.1 Overview	203
16.1.1 What You Can Do in This Chapter	203
16.1.2 What You Need to Know	203
16.2 Firewall Setting	204
16.2.1 Firewall Rule Directions	204
16.2.2 Triangle Route	205
16.2.3 Firewall Setting Options	206
16.3 Service Setting	207
16.4 Technical Reference	208
16.4.1 Stateful Inspection Firewall.	208
16.4.2 Guidelines For Enhancing Security With Your Firewall	209
16.4.3 The “Triangle Route” Problem	209
Content Filter	213
17.1 Overview	213
17.1.1 What You Can Do in This Chapter	213
17.2 Filter	214
17.3 Schedule	216
The Remote Management Screens	217
18.1 Overview	217
18.1.1 What You Can Do in This Chapter	217
18.1.2 What You Need to Know	218
18.2 WWW	219
18.3 Telnet	220
18.4 FTP	220
18.5 SNMP	221
18.5.1 SNMP Traps	222
18.5.2 SNMP Options	223
18.6 DNS	224
18.7 Security	225
The Logs Screens	227
19.1 Overview	227
19.1.1 What You Can Do in This Chapter	227
19.1.2 What You Need to Know	227
19.2 View Logs	229
19.3 Log Settings	231
19.4 Log Message Descriptions	233
The UPnP Screen	243
20.1 Overview	243
20.1.1 What You Can Do in This Chapter	243
20.1.2 What You Need to Know	243
20.2 UPnP	244
20.3 Technical Reference	245
20.3.1 Installing UPnP in Windows XP	245
20.3.2 Web Configurator Easy Access	249
The Status Screen	253
21.1 Overview	253
21.2 Status Screen	253
21.2.1 Packet Statistics	258
21.2.2 WiMAX Site Information	259
21.2.3 DHCP Table	260
21.2.4 VoIP Statistics	261
21.2.5 WiMAX Profile	263
Troubleshooting and Specifications	265
Troubleshooting	267
22.1 Power, Hardware Connections, and LEDs	267
22.2 WiMAX Device Access and Login	268
22.3 Internet Access	270
22.4 Phone Calls and VoIP	272
22.5 Reset the WiMAX Device to Its Factory Defaults	273
22.5.1 Pop-up Windows, JavaScripts and Java Permissions	273
Product Specifications	275
Appendices and Index	277
WiMAX Security	279
Setting Up Your Computer’s IP Address	283
Wireless LANs	311
Pop-up Windows, JavaScripts and Java Permissions	327
IP Addresses and Subnetting	337
Importing Certificates	349
SIP Passthrough	381
Common Services	383
Legal Information	387
Customer Support	391