Home » ZyXEL Manuals » Networking » ZyXEL P-320W » Manual Viewer

ZyXEL P-320W User Guide - Page 110

General Firewall Screen - router default password

Get ZyXEL P-320W PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 110 highlights

P-320W User's Guide The Prestige has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet. The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-mail, FTP and the World Wide Web. However, "inbound access" is not allowed (by default) unless the remote host is authorized to use a specific service. 9.1.4 Guidelines For Enhancing Security With Your Firewall 1 Change the default password via web configurator. 2 Think about access control before you connect to the network in any way, including attaching a modem to the port. 3 Limit who can access your router. 4 Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network. 5 For local services that are enabled, protect against misuse. Protect by configuring the services to communicate only with specific peers, and protect by configuring rules to block packets for the services at specific interfaces. 6 Protect against IP spoofing by making sure the firewall is active. 7 Keep the firewall in a secured (locked) room. 9.2 General Firewall Screen Click the Firewall link under Security to open the General screen. Figure 62 Firewall: General 110 Chapter 9 Firewall

Section	Page
P-320W User's Guide	1
Copyright	3
Federal Communications Commission (FCC) Interference Statement	4
Safety Warnings	6
ZyXEL Limited Warranty	7
Customer Support	8
Table of Contents	11
List of Figures	17
List of Tables	21
Preface	25
1. Getting to Know Your Prestige	27
1.1 Prestige Overview	27
1.2 Prestige Features	27
1.2.1 Physical Features	27
1.2.2 Non-Physical Features	28
1.2.3 Wireless Features	30
1.3 Applications for the Prestige	31
1.3.1 Secure Broadband Internet Access via Cable or DSL Modem	31
1.3.2 Wireless LAN Application	32
1.3.3 Front Panel LEDs	32
2. Introducing the Web Configurator	35
2.1 Web Configurator Overview	35
2.2 Accessing the Prestige Web Configurator	35
2.3 Resetting the Prestige	37
2.3.1 Procedure To Use The Reset Button	37
2.4 Navigating the Prestige Web Configurator	37
2.4.1 Navigation Panel	39
2.4.2 Summary: DHCP Table	41
2.4.3 Summary: Association List	42
2.4.4 Summary: Packet Statistics	42
3. Connection Wizard	45
3.1 Wizard Setup	45
3.2 Connection Wizard: STEP 1: System Information	46
3.2.1 System Name	46
3.2.2 Domain Name	46
3.3 Connection Wizard: STEP 2: Wireless LAN	47
3.3.1 Basic(WEP) Security	49
3.3.2 Extend(WPA-PSK) Security	50
3.3.3 OTIST	51
3.4 Connection Wizard: STEP 3: Internet Configuration	52
3.4.1 Ethernet Connection Type	53
3.4.2 PPPoE Connection Type	53
3.4.3 PPTP Connection Type	55
3.4.4 Your IP Address	56
3.4.5 WAN MAC Address	57
3.4.6 Connection Wizard Complete	58
4. Wireless LAN	61
4.1 Introduction	61
4.2 Wireless Security Overview	61
4.2.1 Encryption	61
4.2.2 Authentication	61
4.2.3 Restricted Access	62
4.2.4 Hide Prestige Identity	62
4.2.5 Using OTIST	62
4.3 Configuring Wireless LAN on the Prestige	62
4.4 General Wireless LAN Screen	63
4.4.1 No Security	64
4.4.2 WEP Encryption	65
4.4.3 Introduction to WPA	67
4.4.4 WPA-PSK Application Example	67
4.4.5 WPA-PSK Authentication Screen	68
4.4.6 WPA with RADIUS Application Example	69
4.4.7 Wireless Client WPA Supplicants	69
4.4.8 WPA Authentication Screen	69
4.4.9 IEEE 802.1x Overview	70
4.4.10 IEEE 802.1x and Dynamic WEP Key Exchange Screen	71
4.5 OTIST	72
4.5.1 Enabling OTIST	72
4.5.1.1 AP	72
4.5.1.2 Wireless Client	74
4.5.2 Starting OTIST	75
4.5.3 Notes on OTIST	75
4.6 MAC Filter	76
4.7 Wireless LAN Advanced Screen	78
5. WAN	81
5.1 WAN IP Address Assignment	81
5.2 IP Address and Subnet Mask	81
5.3 DNS Server Address Assignment	82
5.4 TCP/IP Priority (Metric)	82
5.5 WAN MAC Address	83
5.6 Internet Connection	83
5.6.1 Ethernet Encapsulation	83
5.6.2 PPPoE Encapsulation	85
5.6.3 PPTP Encapsulation	87
5.7 Advanced WAN Screen	89
5.8 Traffic Redirect	90
5.9 Traffic Redirect Screen	90
6. LAN	93
6.1 LAN Overview	93
6.1.1 IP Pool Setup	93
6.1.2 System DNS Servers	93
6.2 LAN TCP/IP	93
6.2.1 Factory LAN Defaults	93
6.2.2 IP Address and Subnet Mask	94
6.3 IP Screen	94
7. DHCP Server	95
7.1 DHCP	95
7.2 DHCP Screen	95
7.3 Static DHCP Screen	96
7.4 Client List Screen	97
8. Network Address Translation (NAT)	99
8.1 NAT Overview	99
8.1.1 NAT Definitions	99
8.1.2 What NAT Does	100
8.1.3 How NAT Works	100
8.1.4 NAT Application	101
8.1.5 Default Server IP Address	101
8.1.6 Port Forwarding: Services and Port Numbers	102
8.1.7 Configuring Servers Behind SUA (Example)	103
8.2 General NAT Screen	103
8.3 Port Forwarding Screen	104
8.3.1 Rule Setup Screen	105
8.4 Trigger Port Forwarding	106
8.4.1 Trigger Port Forwarding Example	106
8.4.2 Two Points To Remember About Trigger Ports	107
8.5 Trigger Port Forwarding Screen	107
9. Firewall	109
9.1 Introduction to Firewall	109
9.1.1 What is a Firewall?	109
9.1.2 Stateful Inspection Firewall.	109
9.1.3 About the Prestige Firewall	109
9.1.4 Guidelines For Enhancing Security With Your Firewall	110
9.2 General Firewall Screen	110
9.3 Services Screen	111
9.3.1 Services	113
10. Static Route Screens	115
10.1 Static Route Overview	115
10.2 IP Static Route Screen	115
10.2.1 Static Route Setup Screen	116
11. Remote Management Screens	119
11.1 Remote Management Overview	119
11.1.1 Remote Management Limitations	119
11.1.2 Remote Management and NAT	119
11.1.3 System Timeout	120
11.2 WWW Screen	120
11.3 SNMP	121
11.3.1 Supported MIBs	122
11.3.2 SNMP Traps	122
11.4 SNMP Screen	122
11.5 Security Screen	123
12. UPnP	125
12.1 Universal Plug and Play Overview	125
12.1.1 How Do I Know If I'm Using UPnP?	125
12.1.2 NAT Traversal	125
12.1.3 Cautions with UPnP	125
12.2 UPnP and ZyXEL	126
12.3 UPnP Screen	126
12.4 Installing UPnP in Windows Example	127
12.4.1 Installing UPnP in Windows Me	127
12.4.2 Installing UPnP in Windows XP	128
12.5 Using UPnP in Windows XP Example	129
12.5.1 Auto-discover Your UPnP-enabled Network Device	130
12.5.2 Web Configurator Easy Access	133
13. System	135
13.1 System Overview	135
13.2 General Screen	135
13.3 Dynamic DNS	136
13.3.1 DynDNS Wildcard	136
13.4 Dynamic DNS Screen	137
13.5 Time Setting Screen	137
14. Logs	141
14.1 View Log	141
14.2 Log Settings	142
15. Tools	145
15.1 Firmware Upload Screen	145
15.2 Configuration Screen	146
15.2.1 Backup Configuration	147
15.2.2 Restore Configuration	147
15.2.3 Back to Factory Defaults	148
15.3 Restart Screen	148
16. Troubleshooting	151
16.1 Problems Starting Up the Prestige	151
16.2 Problems with the LAN	151
16.3 Problems with the WAN	152
16.4 Problems with the Password	152
16.5 Problems with Remote Management	153
16.6 Problems Accessing the Prestige	153
16.6.1 Pop-up Windows, JavaScripts and Java Permissions	154
16.6.1.1 Internet Explorer Pop-up Blockers	154
16.6.1.2 JavaScripts	157
16.6.1.3 Java Permissions	159
16.6.2 ActiveX Controls in Internet Explorer	161
A. Product Specifications	163
B. IP Subnetting	165
IP Addressing	165
IP Classes	165
Subnet Masks	166
Subnetting	166
Example: Two Subnets	167
Example: Four Subnets	169
Example Eight Subnets	170
Subnetting With Class A and Class B Networks.	171
C. Setting up Your Computer’s IP Address	173
Windows 95/98/Me	173
Installing Components	174
Configuring	175
Verifying Settings	176
Windows 2000/NT/XP	176
Verifying Settings	181
Macintosh OS 8/9	181
Verifying Settings	183
Macintosh OS X	183
Verifying Settings	184
Linux	184
Using the K Desktop Environment (KDE)	185
Using Configuration Files	186
Verifying Settings	188
D. PPPoE	189
PPPoE in Action	189
Benefits of PPPoE	189
Traditional Dial-up Scenario	189
How PPPoE Works	190
ZyWALL as a PPPoE Client	190
E. PPTP	191
What is PPTP?	191
How can we transport PPP frames from a computer to a broadband modem over Ethernet?	191
PPTP and the ZyWALL	191
PPTP Protocol Overview	192
Control & PPP Connections	192
Call Connection	192
PPP Data Connection	193
F. Wireless LANs	195
Wireless LAN Topologies	195
Ad-hoc Wireless LAN Configuration	195
BSS	195
ESS	196
Channel	197
RTS/CTS	197
Fragmentation Threshold	198
Preamble Type	199
IEEE 802.1x	200
RADIUS	200
Types of RADIUS Messages	200
EAP Authentication	201
Types of Authentication	202
EAP-MD5 (Message-Digest Algorithm 5)	202
EAP-TLS (Transport Layer Security)	202
EAP-TTLS (Tunneled Transport Layer Service)	202
PEAP (Protected EAP)	203
LEAP	203
WEP Encryption	203
WEP Authentication Steps	203
Dynamic WEP Key Exchange	204
WPA	205
User Authentication	205
Encryption	205
Security Parameters Summary	206
Roaming	206
Requirements for Roaming	208
G. Antenna Selection and Positioning Recommendation	209
Antenna Characteristics	209
Frequency	209
Radiation Pattern	209
Antenna Gain	209
Types of Antennas For WLAN	210
Positioning Antennas	210
Index	211
Numerics	211
A	211
B	211
C	211
D	211
E	212
F	212
G	212
H	212
I	212
L	213
M	213
N	213
O	213
P	213
Q	213
R	213
S	214
T	214
U	215
V	215
W	215

Match case Limit results 1 per page

P-320W User’s Guide

110

Chapter 9 Firewall

The Prestige has one Ethernet WAN port and four Ethernet LAN ports, which are used to

physically separate the network into two areas.The WAN (Wide Area Network) port attaches

to the broadband (cable or DSL) modem to the Internet.

The LAN (Local Area Network) port attaches to a network of computers, which needs security

from the outside world. These computers will have access to Internet services such as e-mail,

FTP and the World Wide Web.

However, "inbound access" is not allowed (by default) unless

the remote host is authorized to use a specific service.

9.1.4

Guidelines For Enhancing Security With Your Firewall

Change the default password via web configurator.

Think about access control before you connect to the network in any way, including

attaching a modem to the port.

Limit who can access your router.

Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled

service could present a potential security risk. A determined hacker might be able to find

creative ways to misuse the enabled services to access the firewall or the network.

For local services that are enabled, protect against misuse. Protect by configuring the

services to communicate only with specific peers, and protect by configuring rules to

block packets for the services at specific interfaces.

Protect against IP spoofing by making sure the firewall is active.

Keep the firewall in a secured (locked) room.

9.2

General Firewall Screen

Click the

Firewall

link under

Security

to open the

General

screen.

Figure 62

Firewall: General