Home » ZyXEL Manuals » Bridges & Routers » ZyXEL NBG6716 » Manual Viewer

ZyXEL NBG6716 User Guide - Page 144

What is a Firewall?, Stateful Inspection Firewall, About the NBG6716 Firewall, Guidelines

Add to My Manuals
Save this manual to your list of manuals

Page 144 highlights

Chapter 17 Firewall What is a Firewall? Originally, the term "firewall" referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term "firewall" is a system or group of systems that enforces an access-control policy between two networks. It may also be defined as a mechanism used to protect a trusted network from a network that is not trusted. Of course, firewalls cannot solve every security problem. A firewall is one of the mechanisms used to establish a network security perimeter in support of a network security policy. It should never be the only mechanism or method employed. For a firewall to guard effectively, you must design and deploy it appropriately. This requires integrating the firewall into a broad information-security policy. In addition, specific policies must be implemented within the firewall itself. Stateful Inspection Firewall Stateful inspection firewalls restrict access by screening data packets against defined access rules. They make access control decisions based on IP address and protocol. They also "inspect" the session data to assure the integrity of the connection and to adapt to dynamic protocols. These firewalls generally provide the best speed and transparency; however, they may lack the granular application level access control or caching that some proxies support. Firewalls, of one type or another, have become an integral part of standard security solutions for enterprises. About the NBG6716 Firewall The NBG6716's firewall feature physically separates the LAN and the WAN and acts as a secure gateway for all data passing between the networks. It is a stateful inspection firewall and is designed to protect against Denial of Service attacks when activated (click the General tab under Firewall and then click the Enable Firewall check box). The NBG6716's purpose is to allow a private Local Area Network (LAN) to be securely connected to the Internet. The NBG6716 can be used to prevent theft, destruction and modification of data, as well as log events, which may be important to the security of your network. The NBG6716 is installed between the LAN and a broadband modem connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN. The NBG6716 has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet. The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-mail, FTP and the World Wide Web. However, "inbound access" is not allowed (by default) unless the remote host is authorized to use a specific service. Guidelines For Enhancing Security With Your Firewall 1 Change the default password via Web Configurator. 2 Think about access control before you connect to the network in any way, including attaching a modem to the port. 3 Limit who can access your router. 144 NBG6716 User's Guide

Section	Page
NBG6716	1
Contents Overview	3
Table of Contents	5
User’s Guide	13
Introduction	15
1.1 Overview	15
1.1.1 Dual-Band	16
1.2 Applications	16
1.3 Ways to Manage the NBG6716	16
1.4 Good Habits for Managing the NBG6716	17
1.5 Resetting the NBG6716	17
1.5.1 How to Use the RESET Button	17
1.6 The WPS Button	17
1.7 LEDs	18
1.8 Wall Mounting	20
Connection Wizard	21
2.1 Overview	21
2.2 Accessing the Wizard	21
2.3 Connect to Internet	22
2.3.1 Connection Type: IPoE	23
2.3.2 Connection Type: PPPoE	24
2.4 Router Password	26
2.5 Wireless Security	27
2.5.1 Wireless Security: No Security	27
2.5.2 Wireless Security: WPA2-PSK	28
Introducing the Web Configurator	31
3.1 Overview	31
3.2 Accessing the Web Configurator	31
3.2.1 Login Screen	31
3.2.2 Password Screen	32
NBG6716 Modes	35
4.1 Overview	35
4.1.1 Web Configurator Modes	35
4.1.2 Device Modes	35
Easy Mode	37
5.1 Overview	37
5.2 What You Can Do	38
5.3 What You Need to Know	38
5.4 Navigation Panel	39
5.5 Network Map	39
5.6 Control Panel	40
5.6.1 Power Saving	40
5.6.2 Content Filter	41
5.6.3 Firewall	42
5.6.4 Internet Setting	42
5.6.5 Wireless Security	44
5.6.6 WPS	45
5.7 Status Screen in Easy Mode	46
Router Mode	49
6.1 Overview	49
6.2 Router Mode Status Screen	49
6.2.1 Navigation Panel	52
Access Point Mode	57
7.1 Overview	57
7.2 What You Can Do	57
7.3 What You Need to Know	57
7.3.1 Setting your NBG6716 to AP Mode	58
7.3.2 Accessing the Web Configurator in Access Point Mode	58
7.3.3 Configuring your WLAN and Maintenance Settings	59
7.4 AP Mode Status Screen	59
7.4.1 Navigation Panel	61
7.5 LAN Screen	61
Tutorials	65
8.1 Overview	65
8.2 Set Up a Wireless Network with WPS	65
8.2.1 Push Button Configuration (PBC)	65
8.2.2 PIN Configuration	66
8.3 Configure Wireless Security without WPS	67
8.3.1 Configure Your Notebook	69
8.4 Using Multiple SSIDs on the NBG6716	71
8.4.1 Configuring Security Settings of Multiple SSIDs	72
Technical Reference	77
Monitor	79
9.1 Overview	79
9.2 What You Can Do	79
9.3 The Log Screen	79
9.3.1 View Log	79
9.3.2 Log Setting	80
9.4 DHCP Table	80
9.5 Packet Statistics	81
9.6 WLAN Station Status	82
WAN	85
10.1 Overview	85
10.2 What You Can Do	85
10.3 What You Need To Know	85
10.3.1 Configuring Your Internet Connection	86
10.4 Internet Connection	87
10.4.1 IPoE Encapsulation	87
10.4.2 PPPoE Encapsulation	89
10.5 Advanced WAN Screen	91
Wireless LAN	93
11.1 Overview	93
11.1.1 What You Can Do	94
11.1.2 What You Should Know	94
11.2 General Wireless LAN Screen	98
11.3 Wireless Security	100
11.3.1 No Security	100
11.3.2 WEP Encryption	101
11.3.3 WPA-PSK/WPA2-PSK	103
11.3.4 WPA/WPA2	104
11.4 More AP Screen	106
11.4.1 More AP Edit	107
11.5 MAC Filter Screen	109
11.6 Wireless LAN Advanced Screen	111
11.7 Quality of Service (QoS) Screen	111
11.8 WPS Screen	112
11.9 WPS Station Screen	114
11.10 Scheduling Screen	114
LAN	117
12.1 Overview	117
12.2 What You Can Do	117
12.3 What You Need To Know	117
12.3.1 IP Alias	118
12.4 LAN IP Screen	118
12.5 IP Alias Screen	119
DHCP Server	121
13.1 Overview	121
13.1.1 What You Can Do	121
13.1.2 What You Need To Know	121
13.2 DHCP Server General Screen	122
13.3 DHCP Server Advanced Screen	122
13.4 DHCP Client List Screen	124
NAT	127
14.1 Overview	127
14.1.1 What You Can Do	127
14.1.2 What You Need To Know	128
14.2 General	129
14.3 Port Forwarding Screen	130
14.3.1 Port Forwarding Edit Screen	132
14.4 Port Trigger Screen	133
14.5 Technical Reference	134
14.5.1 NATPort Forwarding: Services and Port Numbers	134
14.5.2 NAT Port Forwarding Example	134
14.5.3 Trigger Port Forwarding	135
14.5.4 Trigger Port Forwarding Example	135
14.5.5 Two Points To Remember About Trigger Ports	136
DDNS	137
15.1 Overview	137
15.1.1 What You Need To Know	137
15.2 General	137
Static Route	139
16.1 Overview	139
16.2 IP Static Route Screen	139
16.2.1 Add/Edit Static Route	140
Firewall	143
17.1 Overview	143
17.1.1 What You Can Do	143
17.1.2 What You Need To Know	143
17.2 General Screen	145
17.3 Services Screen	145
Content Filtering	149
18.1 Overview	149
18.1.1 What You Need To Know	149
18.2 Content Filter	149
18.3 Technical Reference	151
18.3.1 Customizing Keyword Blocking URL Checking	151
StreamBoost Management	153
19.1 Overview	153
19.2 What You Can Do	153
19.3 Network Screen	154
19.4 Banwidth Screen	154
19.5 Priorities Screen	156
19.6 Up Time Screen	156
19.7 Downloads Screen	157
19.8 All Events Screen	158
Remote Management	161
20.1 Overview	161
20.2 What You Can Do in this Chapter	161
20.3 What You Need to Know	161
20.3.1 Remote Management and NAT	162
20.3.2 System Timeout	162
20.4 WWW Screen	162
20.5 Telnet Screen	163
20.6 Wake On LAN Screen	163
Universal Plug-and-Play (UPnP)	165
21.1 Overview	165
21.2 What You Need to Know	165
21.2.1 NAT Traversal	165
21.2.2 Cautions with UPnP	165
21.3 UPnP Screen	166
21.4 Technical Reference	166
21.4.1 Using UPnP in Windows XP Example	166
21.4.2 Web Configurator Easy Access	168
USB Media Sharing	171
22.1 Overview	171
22.2 What You Can Do	172
22.3 What You Need To Know	172
22.4 Before You Begin	173
22.5 DLNA Screen	174
22.6 SAMBA Screen	174
22.7 FTP Screen	176
22.8 Example of Accessing Your Shared Files From a Computer	177
22.8.1 Use Windows Explorer to Share Files	177
22.8.2 Use FTP to Share Files	179
Maintenance	181
23.1 Overview	181
23.2 What You Can Do	181
23.3 General Screen	181
23.4 Password Screen	182
23.5 Time Setting Screen	183
23.6 Firmware Upgrade Screen	184
23.7 Configuration Backup/Restore Screen	186
23.8 Restart Screen	187
23.9 Language Screen	187
23.10 System Operation Mode Overview	188
23.11 Sys OP Mode Screen	189
Troubleshooting	191
24.1 Overview	191
24.2 Power, Hardware Connections, and LEDs	191
24.3 NBG6716 Access and Login	192
24.4 Internet Access	193
24.5 Resetting the NBG6716 to Its Factory Defaults	195
24.6 Wireless Connections	195
24.7 USB Device Problems	197
24.8 ZyXEL Share Center Utility Problems	197
Pop-up Windows, JavaScript and Java Permissions	199
Setting Up Your Computer’s IP Address	209
Common Services	237
Legal Information	241

Match case Limit results 1 per page

Chapter 17 Firewall

NBG6716 User’s Guide

144

What is a Firewall?

Originally, the term “firewall” referred to a construction technique designed to prevent the spread of

fire from one room to another. The networking term "firewall" is a system or group of systems that

enforces an access-control policy between two networks. It may also be defined as a mechanism

used to protect a trusted network from a network that is not trusted. Of course, firewalls cannot

solve every security problem. A firewall is one of the mechanisms used to establish a network

security perimeter in support of a network security policy. It should never be the only mechanism or

method employed. For a firewall to guard effectively, you must design and deploy it appropriately.

This requires integrating the firewall into a broad information-security policy. In addition, specific

policies must be implemented within the firewall itself.

Stateful Inspection Firewall

Stateful inspection firewalls restrict access by screening data packets against defined access rules.

They make access control decisions based on IP address and protocol. They also "inspect" the

session data to assure the integrity of the connection and to adapt to dynamic protocols. These

firewalls generally provide the best speed and transparency; however, they may lack the granular

application level access control or caching that some proxies support. Firewalls, of one type or

another, have become an integral part of standard security solutions for enterprises.

About the NBG6716 Firewall

The NBG6716’s firewall feature physically separates the LAN and the WAN and acts as a secure

gateway for all data passing between the networks.

It is a stateful inspection firewall and is designed to protect against Denial of Service attacks when

activated (click

the

General

tab under

Firewall

and then click the

Enable

Firewall

check box).

The NBG6716's purpose is to allow a private Local Area Network (LAN) to be securely connected to

the Internet. The NBG6716 can be used to prevent theft, destruction and modification of data, as

well as log events, which may be important to the security of your network.

The NBG6716 is installed between the LAN and a broadband modem connecting to the Internet.

This allows it to act as a secure gateway for all data passing between the Internet and the LAN.

The NBG6716 has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically

separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband

(cable or DSL) modem to the Internet.

The LAN (Local Area Network) port attaches to a network of computers, which needs security from

the outside world. These computers will have access to Internet services such as e-mail, FTP and

the World Wide Web. However, "inbound access" is not allowed (by default) unless the remote host

is authorized to use a specific service.

Guidelines For Enhancing Security With Your Firewall

Change the default password via Web Configurator.

Think about access control before you connect to the network in any way, including attaching a

modem to the port.

Limit who can access your router.