Home » ZyXEL Manuals » Bridges & Routers » ZyXEL NBG6616 » Manual Viewer

ZyXEL NBG6616 User Guide - Page 130

General Screen, About the NBG6616 Firewall, Guidelines For Enhancing Security With Your Firewall

Add to My Manuals
Save this manual to your list of manuals

Page 130 highlights

Chapter 17 Firewall About the NBG6616 Firewall The NBG6616's firewall feature physically separates the LAN and the WAN and acts as a secure gateway for all data passing between the networks. It is a stateful inspection firewall and is designed to protect against Denial of Service attacks when activated (click the General tab under Firewall and then click the Enable Firewall check box). The NBG6616's purpose is to allow a private Local Area Network (LAN) to be securely connected to the Internet. The NBG6616 can be used to prevent theft, destruction and modification of data, as well as log events, which may be important to the security of your network. The NBG6616 is installed between the LAN and a broadband modem connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN. The NBG6616 has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet. The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-mail, FTP and the World Wide Web. However, "inbound access" is not allowed (by default) unless the remote host is authorized to use a specific service. Guidelines For Enhancing Security With Your Firewall 1 Change the default password via Web Configurator. 2 Think about access control before you connect to the network in any way, including attaching a modem to the port. 3 Limit who can access your router. 4 Don't enable any local service (such as NTP) that you don't use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network. 5 For local services that are enabled, protect against misuse. Protect by configuring the services to communicate only with specific peers, and protect by configuring rules to block packets for the services at specific interfaces. 6 Protect against IP spoofing by making sure the firewall is active. 7 Keep the firewall in a secured (locked) room. 17.2 General Screen Use this screen to enable or disable the NBG6616's firewall, and set up firewall logs. Click Security > Firewall to open the General screen. NBG6616 User's Guide 130

Section	Page
NBG6616	1
Contents Overview	3
Table of Contents	4
User’s Guide	11
Introduction	12
1.1 Overview	12
1.2 Applications	12
1.3 Ways to Manage the NBG6616	12
1.4 Good Habits for Managing the NBG6616	13
1.5 Resetting the NBG6616	13
1.5.1 How to Use the RESET Button	13
1.6 The WPS Button	13
1.7 LEDs	14
1.8 Wall Mounting	15
Introducing the Web Configurator	17
2.1 Overview	17
2.2 Accessing the Web Configurator	17
2.2.1 Login Screen	17
2.2.2 Password Screen	18
Connection Wizard	20
3.1 Overview	20
3.2 Accessing the Wizard	20
3.3 Connect to Internet	21
3.3.1 Connection Type: IPoE	22
3.3.2 Connection Type: PPPoE	24
3.4 Router Password	25
3.5 Wireless Security	26
3.5.1 Wireless Security: No Security	26
3.5.2 Wireless Security: WPA2-PSK	27
NBG6616 Modes	30
4.1 Overview	30
4.1.1 Web Configurator Modes	30
4.1.2 Device Modes	30
Easy Mode	31
5.1 Overview	31
5.2 What You Can Do	32
5.3 What You Need to Know	32
5.4 Navigation Panel	32
5.5 Network Map	33
5.6 Control Panel	34
5.6.1 Game Engine	35
5.6.2 Power Saving	35
5.6.3 Parental Control	36
5.6.4 Bandwidth MGMT	37
5.6.5 Firewall	38
5.6.6 Wireless Security	38
5.6.7 WPS	39
5.7 Status Screen in Easy Mode	40
Router Mode	42
6.1 Overview	42
6.2 Router Mode Status Screen	42
6.2.1 Navigation Panel	45
Access Point Mode	49
7.1 Overview	49
7.2 What You Can Do	49
7.3 What You Need to Know	49
7.3.1 Setting your NBG6616 to AP Mode	50
7.3.2 Accessing the Web Configurator in Access Point Mode	50
7.3.3 Configuring your WLAN and Maintenance Settings	51
7.4 AP Mode Status Screen	51
7.4.1 Navigation Panel	53
7.5 LAN Screen	53
Tutorials	56
8.1 Overview	56
8.2 Set Up a Wireless Network Using WPS	56
8.2.1 Push Button Configuration (PBC)	56
8.2.2 PIN Configuration	57
8.3 Connect to NBG6616 Wireless Network without WPS	58
8.3.1 Configure Your Notebook	60
8.4 Using Multiple SSIDs on the NBG6616	62
8.4.1 Configuring Security Settings of Multiple SSIDs	63
Technical Reference	68
Monitor	69
9.1 Overview	69
9.2 What You Can Do	69
9.3 The Log Screen	69
9.3.1 View Log	69
9.4 DHCP Table	70
9.5 Packet Statistics	71
9.6 WLAN Station Status	72
WAN	74
10.1 Overview	74
10.2 What You Can Do	74
10.3 What You Need To Know	74
10.3.1 Configuring Your Internet Connection	75
10.4 Internet Connection	76
10.4.1 IPoE Encapsulation	76
10.4.2 PPPoE Encapsulation	79
10.5 Advanced WAN Screen	82
Wireless LAN	84
11.1 Overview	84
11.1.1 What You Can Do	85
11.1.2 What You Should Know	85
11.2 General Wireless LAN Screen	89
11.3 Wireless Security	91
11.3.1 No Security	91
11.3.2 WEP Encryption	92
11.3.3 WPA-PSK/WPA2-PSK	94
11.3.4 WPA/WPA2	95
11.4 More AP Screen	97
11.4.1 More AP Edit	98
11.5 MAC Filter Screen	100
11.6 Wireless LAN Advanced Screen	102
11.7 Quality of Service (QoS) Screen	102
11.8 WPS Screen	103
11.9 WPS Station Screen	105
11.10 Scheduling Screen	105
LAN	107
12.1 Overview	107
12.2 What You Can Do	107
12.3 What You Need To Know	107
12.3.1 IP Alias	108
12.4 LAN IP Screen	108
12.5 IP Alias Screen	109
12.6 IPv6 LAN Screen	110
DHCP Server	111
13.1 Overview	111
13.1.1 What You Can Do	111
13.1.2 What You Need To Know	111
13.2 DHCP Server General Screen	111
13.3 DHCP Server Advanced Screen	112
13.4 DHCP Client List Screen	114
NAT	116
14.1 Overview	116
14.1.1 What You Can Do	116
14.2 General	117
14.3 Port Forwarding Screen	117
14.3.1 Port Forwarding Edit Screen	119
14.4 Port Trigger Screen	120
14.5 Technical Reference	121
14.5.1 NATPort Forwarding: Services and Port Numbers	121
14.5.2 NAT Port Forwarding Example	121
14.5.3 Trigger Port Forwarding	122
14.5.4 Trigger Port Forwarding Example	122
14.5.5 Two Points To Remember About Trigger Ports	123
DDNS	124
15.1 Overview	124
15.1.1 What You Need To Know	124
15.2 General	124
Static Route	126
16.1 Overview	126
16.2 IP Static Route Screen	126
16.2.1 Add/Edit Static Route	127
Firewall	129
17.1 Overview	129
17.1.1 What You Can Do	129
17.1.2 What You Need To Know	129
17.2 General Screen	130
17.3 Services Screen	131
Content Filtering	134
18.1 Overview	134
18.2 Content Filter	134
Parental Control	136
19.1 Overview	136
19.1.1 What You Need To Know	136
19.2 Parental Control Screen	136
19.2.1 Add/Edit a Parental Control Rule	137
19.2.2 Add/Edit a Service	139
19.3 Technical Reference	140
19.3.1 Customizing Keyword Blocking URL Checking	140
IPv6 Firewall	142
20.1 Overview	142
20.2 IPv6 Firewall Screen	142
Bandwidth Management	145
21.1 Overview	145
21.2 What You Can Do	145
21.3 What You Need To Know	146
21.4 General Screen	146
21.5 Advanced Screen	146
21.5.1 Rule Configuration: Application Rule Configuration	148
21.5.2 Rule Configuration: User Defined Service Rule Configuration	149
21.5.3 Predefined Bandwidth Management Services	151
Remote Management	152
22.1 Overview	152
22.2 What You Can Do in this Chapter	152
22.3 What You Need to Know	152
22.3.1 Remote Management and NAT	153
22.3.2 System Timeout	153
22.4 WWW Screen	153
22.5 Telnet Screen	154
22.6 Wake On LAN Screen	154
Universal Plug-and-Play (UPnP)	156
23.1 Overview	156
23.2 What You Need to Know	156
23.2.1 NAT Traversal	156
23.2.2 Cautions with UPnP	156
23.3 UPnP Screen	157
23.4 Technical Reference	157
23.4.1 Using UPnP in Windows XP Example	157
23.4.2 Web Configurator Easy Access	159
USB Media Sharing	162
24.1 Overview	162
24.2 What You Can Do	163
24.3 What You Need To Know	163
24.4 Before You Begin	164
24.5 DLNA Screen	165
24.6 SAMBA Screen	165
24.7 FTP Screen	167
24.8 Example of Accessing Your Shared Files From a Computer	168
24.8.1 Use Windows Explorer to Share Files	168
24.8.2 Use FTP to Share Files	170
Maintenance	172
25.1 Overview	172
25.2 What You Can Do	172
25.3 General Screen	172
25.4 Password Screen	173
25.5 Time Setting Screen	174
25.6 Firmware Upgrade Screen	175
25.7 Configuration Backup/Restore Screen	177
25.8 Restart Screen	178
25.9 Language Screen	178
25.10 System Operation Mode Overview	179
25.11 Sys OP Mode Screen	180
Troubleshooting	182
26.1 Overview	182
26.2 Power, Hardware Connections, and LEDs	182
26.3 NBG6616 Access and Login	183
26.4 Internet Access	184
26.5 Resetting the NBG6616 to Its Factory Defaults	186
26.6 Wireless Connections	186
26.7 USB Device Problems	188
Pop-up Windows, JavaScript and Java Permissions	189
Setting Up Your Computer’s IP Address	198
Common Services	224
Legal Information	227
Customer Support	232

Match case Limit results 1 per page

Chapter 17 Firewall

NBG6616 User’s Guide

130

About the NBG6616 Firewall

The NBG6616’s firewall feature physically separates the LAN and the WAN and acts as a secure

gateway for all data passing between the networks.

It is a stateful inspection firewall and is designed to protect against Denial of Service attacks when

activated (click

the

General

tab under

Firewall

and then click the

Enable

Firewall

check box).

The NBG6616's purpose is to allow a private Local Area Network (LAN) to be securely connected to

the Internet. The NBG6616 can be used to prevent theft, destruction and modification of data, as

well as log events, which may be important to the security of your network.

The NBG6616 is installed between the LAN and a broadband modem connecting to the Internet.

This allows it to act as a secure gateway for all data passing between the Internet and the LAN.

The NBG6616 has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically

separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband

(cable or DSL) modem to the Internet.

The LAN (Local Area Network) port attaches to a network of computers, which needs security from

the outside world. These computers will have access to Internet services such as e-mail, FTP and

the World Wide Web. However, "inbound access" is not allowed (by default) unless the remote host

is authorized to use a specific service.

Guidelines For Enhancing Security With Your Firewall

Change the default password via Web Configurator.

Think about access control before you connect to the network in any way, including attaching a

modem to the port.

Limit who can access your router.

Don't enable any local service (such as NTP) that you don't use. Any enabled service could present

a potential security risk. A determined hacker might be able to find creative ways to misuse the

enabled services to access the firewall or the network.

For local services that are enabled, protect against misuse. Protect by configuring the services to

communicate only with specific peers, and protect by configuring rules to block packets for the

services at specific interfaces.

Protect against IP spoofing by making sure the firewall is active.

Keep the firewall in a secured (locked) room.

17.2

General Screen

Use this screen to enable or disable the NBG6616’s firewall, and set up firewall logs. Click

Security

Firewall

to open the

General

screen.