Home » ZyXEL Manuals » Networking » ZyXEL P-660H-T1 v2 » Manual Viewer

ZyXEL P-660H-T1 v2 User Guide - Page 291

Table 124

Get ZyXEL P-660H-T1 v2 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 291 highlights

Appendix F Firewall Commands Table 124 Firewall Commands (continued) FUNCTION COMMAND config edit firewall attack minute-high DESCRIPTION This command sets the threshold rate of new half-open sessions per minute where the ZyXEL Device starts deleting old half-opened sessions until it gets them down to the minute-low threshold. config edit firewall attack minute-low This command sets the threshold of half-open sessions where the ZyXEL Device stops deleting half-opened sessions. config edit firewall attack max-incomplete-high This command sets the threshold of half-open sessions where the ZyXEL Device starts deleting old half-opened sessions until it gets them down to the max incomplete low. config edit firewall attack max-incomplete-low This command sets the threshold where the ZyXEL Device stops deleting half-opened sessions. config edit firewall attack tcp-max-incomplete This command sets the threshold of half-open TCP sessions with the same destination where the ZyXEL Device starts dropping halfopen sessions to that destination. Sets config edit firewall set name specified set. Config edit firewall set default-permit This command sets whether a packet is dropped or allowed through, when it does not meet a rule within the set. Config edit firewall set icmp-timeout This command sets the time period to allow an ICMP session to wait for the ICMP response. Config edit firewall set udp-idle-timeout This command sets how long a UDP connection is allowed to remain inactive before the ZyXEL Device considers the connection closed. Config edit firewall set connection-timeout This command sets how long ZyXEL Device waits for a TCP session to be established before dropping the session. Config edit firewall set fin-wait-timeout This command sets how long the ZyXEL Device leaves a TCP session open after the firewall detects a FIN-exchange (indicating the end of the TCP session). P-660H-Tx v2 User's Guide 291

Section	Page
User’s Guide	1
About This User's Guide	3
Document Conventions	4
Safety Warnings	6
Contents Overview	9
Table of Contents	11
List of Figures	19
List of Tables	25
Introduction	29
Introducing the ZyXEL Device	31
1.1 Overview	31
1.2 Ways to Manage the ZyXEL Device	32
1.3 Good Habits for Managing the ZyXEL Device	33
1.4 LEDs	33
1.5 Splitters and Microfilters	34
1.5.1 Connecting a POTS Splitter	34
1.5.2 Telephone Microfilters	35
1.6 Hardware Connections	35
Introducing the Web Configurator	37
2.1 Web Configurator Overview	37
2.2 Accessing the Web Configurator	37
2.2.1 User Access	38
2.2.2 Administrator Access	38
2.3 Resetting the ZyXEL Device	40
2.3.1 Using the Reset Button	40
2.4 Navigating the Web Configurator	40
2.4.1 Navigation Panel	40
2.4.2 Status Screen	43
2.4.3 Status: Any IP Table	45
2.4.4 Status: Bandwidth Status	46
2.4.5 Status: Packet Statistics	47
2.4.6 Changing Login Password	48
Wizards	49
Wizard Setup for Internet Access	51
3.1 Introduction	51
3.2 Internet Access Wizard Setup	51
3.2.1 Automatic Detection	53
3.2.2 Manual Configuration	53
Bandwidth Management Wizard	59
4.1 Introduction	59
4.2 Predefined Media Bandwidth Management Services	59
4.3 Bandwidth Management Wizard Setup	60
Network	65
WAN Setup	67
5.1 WAN Overview	67
5.1.1 Encapsulation	67
5.1.2 Multiplexing	68
5.1.3 Encapsulation and Multiplexing Scenarios	68
5.1.4 VPI and VCI	69
5.1.5 IP Address Assignment	69
5.1.6 Nailed-Up Connection (PPP)	69
5.1.7 NAT	70
5.2 Metric	70
5.3 Traffic Shaping	70
5.3.1 ATM Traffic Classes	71
5.4 Zero Configuration Internet Access	72
5.5 Internet Connection	72
5.5.1 Configuring Advanced Internet Connection Setup	74
5.6 Configuring More Connections	76
5.6.1 More Connections Edit	77
5.6.2 Configuring More Connections Advanced Setup	80
5.7 Traffic Redirect	81
5.8 Configuring WAN Backup	82
LAN Setup	85
6.1 LAN Overview	85
6.1.1 LANs, WANs and the ZyXEL Device	85
6.1.2 DHCP Setup	86
6.1.3 DNS Server Address	86
6.2 LAN TCP/IP	86
6.2.1 IP Address and Subnet Mask	86
6.2.2 RIP Setup	88
6.2.3 Multicast	88
6.2.4 Any IP	89
6.3 Configuring LAN IP	90
6.3.1 Configuring Advanced LAN Setup	91
6.4 DHCP Setup	92
6.5 LAN Client List	93
6.6 LAN IP Alias	94
Network Address Translation (NAT) Screens	97
7.1 NAT Overview	97
7.1.1 NAT Definitions	97
7.1.2 What NAT Does	98
7.1.3 How NAT Works	98
7.1.4 NAT Application	98
7.1.5 NAT Mapping Types	99
7.2 SUA (Single User Account) Versus NAT	100
7.3 SIP ALG	100
7.4 NAT General Setup	101
7.5 Port Forwarding	102
7.5.1 Default Server IP Address	102
7.5.2 Port Forwarding: Services and Port Numbers	102
7.5.3 Configuring Servers Behind Port Forwarding (Example)	103
7.6 Configuring Port Forwarding	103
7.6.1 Port Forwarding Rule Edit	104
7.7 Address Mapping	105
7.7.1 Address Mapping Rule Edit	107
Security	109
Firewalls	111
8.1 Firewall Overview	111
8.2 Types of Firewalls	111
8.2.1 Packet Filtering Firewalls	111
8.2.2 Application-level Firewalls	112
8.2.3 Stateful Inspection Firewalls	112
8.3 Introduction to ZyXEL’s Firewall	112
8.3.1 Denial of Service Attacks	113
8.4 Denial of Service	113
8.4.1 Basics	113
8.4.2 Types of DoS Attacks	114
8.5 Stateful Inspection	116
8.5.1 Stateful Inspection Process	117
8.5.2 Stateful Inspection and the ZyXEL Device	118
8.5.3 TCP Security	118
8.5.4 UDP/ICMP Security	119
8.5.5 Upper Layer Protocols	119
8.6 Guidelines for Enhancing Security with Your Firewall	120
8.6.1 Security In General	120
8.7 Packet Filtering Vs Firewall	121
8.7.1 Packet Filtering:	121
8.7.2 Firewall	121
Firewall Configuration	123
9.1 Access Methods	123
9.2 Firewall Policies Overview	123
9.3 Rule Logic Overview	124
9.3.1 Rule Checklist	124
9.3.2 Security Ramifications	124
9.3.3 Key Fields For Configuring Rules	125
9.4 Connection Direction	125
9.4.1 LAN to WAN Rules	126
9.4.2 Alerts	126
9.5 General Firewall Policy	126
9.6 Firewall Rules Summary	127
9.6.1 Configuring Firewall Rules	129
9.6.2 Customized Services	132
9.6.3 Configuring a Customized Service	132
9.7 Example Firewall Rule	133
9.8 Predefined Services	137
9.9 Anti-Probing	139
9.10 DoS Thresholds	140
9.10.1 Threshold Values	140
9.10.2 Half-Open Sessions	141
9.10.3 Configuring Firewall Thresholds	141
Content Filtering	145
10.1 Content Filtering Overview	145
10.2 Configuring Keyword Blocking	145
10.3 Configuring the Schedule	146
10.4 Configuring Trusted Computers	147
Advanced Setup	149
Static Route	151
11.1 Static Route	151
11.2 Configuring Static Route	151
11.2.1 Static Route Edit	152
Bandwidth Management	155
12.1 Bandwidth Management Overview	155
12.2 Application-based Bandwidth Management	155
12.3 Subnet-based Bandwidth Management	155
12.4 Application and Subnet-based Bandwidth Management	156
12.5 Scheduler	156
12.5.1 Priority-based Scheduler	156
12.5.2 Fairness-based Scheduler	157
12.6 Maximize Bandwidth Usage	157
12.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic	157
12.6.2 Maximize Bandwidth Usage Example	157
12.6.3 Bandwidth Management Priorities	159
12.7 Over Allotment of Bandwidth	159
12.8 Configuring Summary	159
12.9 Bandwidth Management Rule Setup	160
12.9.1 Rule Configuration	162
12.10 Bandwidth Monitor	164
Dynamic DNS Setup	165
13.1 Dynamic DNS Overview	165
13.1.1 DYNDNS Wildcard	165
13.2 Configuring Dynamic DNS	165
Remote Management Configuration	169
14.1 Remote Management Overview	169
14.1.1 Remote Management Limitations	170
14.1.2 Remote Management and NAT	170
14.1.3 System Timeout	170
14.2 WWW	170
14.3 Telnet	171
14.4 Configuring Telnet	171
14.5 Telnet Login	172
14.6 Configuring FTP	173
14.7 SNMP	174
14.7.1 Supported MIBs	175
14.7.2 SNMP Traps	175
14.7.3 Configuring SNMP	175
14.8 Configuring DNS	177
14.9 Configuring ICMP	177
14.10 TR-069	178
Universal Plug-and-Play (UPnP)	181
15.1 Introducing Universal Plug and Play	181
15.1.1 How do I know if I'm using UPnP?	181
15.1.2 NAT Traversal	181
15.1.3 Cautions with UPnP	181
15.2 UPnP and ZyXEL	182
15.2.1 Configuring UPnP	182
15.3 Installing UPnP in Windows Example	183
15.3.1 Installing UPnP in Windows Me	183
15.3.2 Installing UPnP in Windows XP	184
15.4 Using UPnP in Windows XP Example	185
15.4.1 Auto-discover Your UPnP-enabled Network Device	186
15.4.2 Web Configurator Easy Access	189
Maintenance and Troubleshooting	193
System	195
16.1 General Setup	195
16.1.1 General Setup and System Name	195
16.1.2 General Setup	195
16.2 Time Setting	197
Tools	201
17.1 Firmware Upgrade	201
17.2 Configuration Screen	203
17.2.1 Backup Configuration	203
17.2.2 Restore Configuration	204
17.2.3 Back to Factory Defaults	205
17.3 Restart	205
Diagnostic	207
18.1 General Diagnostic	207
18.2 DSL Line Diagnostic	208
Logs	209
19.1 Logs Overview	209
19.1.1 Alerts and Logs	209
19.2 Viewing the Logs	209
19.3 Configuring Log Settings	210
19.3.1 Example E-mail Log	212
19.4 Log Descriptions	213
Troubleshooting	227
20.1 Power, Hardware Connections, and LEDs	227
20.2 ZyXEL Device Access and Login	228
20.3 Internet Access	230
Appendices and Index	231
Product Specifications	233
Internal SPTGEN	241
Setting up Your Computer’s IP Address	257
IP Addresses and Subnetting	273
Pop-up Windows, JavaScripts and Java Permissions	283
Firewall Commands	289
NetBIOS Filter Commands	295
Triangle Route	297
Legal Information	299
Customer Support	303

Match case Limit results 1 per page

Appendix F Firewall Commands

P-660H-Tx v2 User’s Guide

291

config edit firewall attack

minute-high <0-255>

This command sets the threshold rate of new

half-open sessions per minute where the

ZyXEL Device starts deleting old half-opened

sessions until it gets them down to the

minute-low threshold.

config edit firewall attack

minute-low <0-255>

This command sets the threshold of half-open

sessions where the ZyXEL Device stops

deleting half-opened sessions.

config edit firewall attack

max-incomplete-high <0-255>

This command sets the threshold of half-open

sessions where the ZyXEL Device starts

deleting old half-opened sessions until it gets

them down to the max incomplete low.

config edit firewall attack

max-incomplete-low <0-255>

This command sets the threshold where the

ZyXEL Device stops deleting half-opened

sessions.

config edit firewall attack

tcp-max-incomplete <0-255>

This command sets the threshold of half-open

TCP sessions with the same destination

where the ZyXEL Device starts dropping half-

open sessions to that destination.

Sets

config edit firewall set <set

#> name <desired name>

This command sets a name to identify a

specified set.

Config edit firewall set <set

#> default-permit <forward |

block>

This command sets whether a packet is

dropped or allowed through, when it does not

meet a rule within the set.

Config edit firewall set <set

#> icmp-timeout <seconds>

This command sets the time period to allow

an ICMP session to wait for the ICMP

response.

Config edit firewall set <set

#> udp-idle-timeout <seconds>

This command sets how long a UDP

connection is allowed to remain inactive

before the ZyXEL Device considers the

connection closed.

Config edit firewall set <set

#> connection-timeout

This command sets how long ZyXEL Device

waits for a TCP session to be established

before dropping the session.

Config edit firewall set <set

#> fin-wait-timeout <seconds>

This command sets how long the ZyXEL

Device leaves a TCP session open after the

firewall detects a FIN-exchange (indicating

the end of the TCP session).

Table 124

Firewall Commands (continued)

FUNCTION

COMMAND

DESCRIPTION