Home » ZyXEL Manuals » Networking » ZyXEL P-660HW-T1 v3 » Manual Viewer

ZyXEL P-660HW-T1 v3 User Guide - Page 190

What You Need to Know About Firewall

Get ZyXEL P-660HW-T1 v3 PDF manuals and user guides

View all ZyXEL P-660HW-T1 v3 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 190 highlights

Chapter 10 Firewalls • Use the Threshold screen (Section 10.4 on page 202) to set the thresholds that the ZyXEL Device uses to determine when to start dropping sessions that do not become fully established (half-open sessions). 10.1.2 What You Need to Know About Firewall DoS Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The ZyXEL Device is pre-configured to automatically detect and thwart all known DoS attacks. Anti-Probing If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. The ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent. This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed. ICMP Internet Control Message Protocol (ICMP) is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user. DoS Thresholds For DoS attacks, the ZyXEL Device uses thresholds to determine when to drop sessions that do not become fully established. These thresholds apply globally to all sessions. You can use the default threshold values, or you can change them to values more suitable to your security requirements. Finding Out More • See Section 10.1.3 on page 191 for an example of setting up a firewall. • See Section 10.5 on page 205 for advanced technical information on firewall. 190 P-660HW-Tx v3 Series User's Guide

Section	Page
P-660HW-Tx v3 Series	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
Introduction	21
Introducing the ZyXEL Device	23
1.1 Overview	23
1.2 Ways to Manage the ZyXEL Device	23
1.3 Good Habits for Managing the ZyXEL Device	24
1.4 Applications for the ZyXEL Device	24
1.4.1 Internet Access	25
1.5 LEDs (Lights)	26
1.6 The RESET Button	27
1.6.1 Using the Reset Button	27
1.7 The WPS WLAN Button	27
1.7.1 Turn the Wireless LAN Off or On	28
1.7.2 Activate WPS	28
Introducing the Web Configurator	29
2.1 Overview	29
2.1.1 Accessing the Web Configurator	29
2.2 Web Configurator Main Screen	31
2.2.1 Title Bar	32
2.2.2 Navigation Panel	32
2.2.3 Main Window	34
2.2.4 Status Bar	34
Status Screens	35
3.1 Overview	35
3.2 The Status Screen	35
3.3 Client List	38
3.4 WLAN Status	39
3.5 Any IP Table	39
3.6 Packet Statistics	40
Tutorials	43
4.1 Overview	43
4.2 Setting Up a Secure Wireless Network	43
4.2.1 Configuring the Wireless Network Settings	44
4.2.2 Using WPS	45
4.2.3 Without WPS	50
4.2.4 Setting Up Wireless Network Scheduling	50
4.3 Setting Up Multiple Wireless Groups	52
4.4 Configuring the MAC Address Filter	56
4.5 Setting Up NAT Port Forwarding	58
4.5.1 Default Server	58
4.5.2 Port Forwarding	59
4.6 Access the ZyXEL Device Using DDNS	61
4.6.1 Registering a DDNS Account on www.dyndns.org	62
4.6.2 Configuring DDNS on Your ZyXEL Device	62
4.6.3 Adding a Firewall Rule for Remote Management	63
4.6.4 Testing the DDNS Setting	64
4.7 Configuring Static Route for Routing to Another Network	65
4.8 Multiple Public and Private IP Address Mappings	67
4.8.1 Full Feature NAT + Many-to-Many No Overload Mapping	68
4.8.2 Full Feature NAT + One-to-One Mapping	70
4.9 Multiple WAN Connections Example	71
4.10 Multiple PVCs with QoS	72
4.10.1 Configuring Multiple PVCs and ATM-QoS	73
4.10.2 Configuring Traffic Classifiers	76
Wizard	81
Internet and Wireless Setup Wizard	83
5.1 Overview	83
5.2 Internet Access Wizard Setup	83
5.2.1 Manual Configuration	86
5.3 Wireless Connection Wizard Setup	92
5.3.1 Manually Assign a WPA-PSK key	94
5.3.2 Manually Assign a WEP Key	95
Network	97
WAN Setup	99
6.1 Overview	99
6.1.1 What You Can Do in the WAN Screens	99
6.1.2 What You Need to Know About WAN	99
6.1.3 Before You Begin	100
6.2 The Internet Access Setup Screen	101
6.2.1 Advanced Internet Access Setup	104
6.3 The More Connections Screen	107
6.3.1 More Connections Edit	108
6.3.2 Configuring More Connections Advanced Setup	111
6.4 WAN Technical Reference	113
6.4.1 Encapsulation	113
6.4.2 Multiplexing	114
6.4.3 VPI and VCI	114
6.4.4 IP Address Assignment	115
6.4.5 Nailed-Up Connection (PPP)	115
6.4.6 NAT	115
6.5 Traffic Shaping	116
6.5.1 ATM Traffic Classes	117
LAN Setup	119
7.1 Overview	119
7.1.1 What You Can Do in the LAN Screens	119
7.1.2 What You Need To Know About LAN	120
7.1.3 Before You Begin	121
7.2 The LAN IP Screen	121
7.2.1 The Advanced LAN IP Setup Screen	122
7.3 The DHCP Setup Screen	124
7.4 The Client List Screen	126
7.5 The IP Alias Screen	127
7.5.1 Configuring the LAN IP Alias Screen	128
7.6 LAN Technical Reference	129
7.6.1 LANs, WANs and the ZyXEL Device	129
7.6.2 DHCP Setup	130
7.6.3 DNS Server Addresses	130
7.6.4 LAN TCP/IP	131
7.6.5 RIP Setup	132
7.6.6 Multicast	132
7.6.7 Any IP	133
Wireless LAN	137
8.1 Overview	137
8.1.1 What You Can Do in the Wireless LAN Screens	137
8.1.2 What You Need to Know About Wireless	138
8.1.3 Before You Start	138
8.2 The AP Screen	139
8.2.1 No Security	141
8.2.2 WEP Encryption	142
8.2.3 WPA(2)-PSK	143
8.2.4 WPA(2) Authentication	144
8.2.5 Wireless LAN Advanced Setup	146
8.2.6 MAC Filter	147
8.3 The More AP Screen	148
8.3.1 More AP Edit	149
8.4 The WPS Screen	151
8.5 The WPS Station Screen	152
8.6 The WDS Screen	153
8.7 The Scheduling Screen	155
8.8 Wireless LAN Technical Reference	156
8.8.1 Wireless Network Overview	156
8.8.2 Additional Wireless Terms	158
8.8.3 Wireless Security Overview	158
8.8.4 Signal Problems	161
8.8.5 BSS	161
8.8.6 MBSSID	162
8.8.7 Wireless Distribution System (WDS)	163
8.8.8 WiFi Protected Setup (WPS)	163
Network Address Translation (NAT)	171
9.1 Overview	171
9.1.1 What You Can Do in the NAT Screens	171
9.1.2 What You Need To Know About NAT	171
9.2 The NAT General Setup Screen	173
9.3 The Port Forwarding Screen	174
9.3.1 Configuring the Port Forwarding Screen	175
9.3.2 The Port Forwarding Rule Edit Screen	177
9.4 The Address Mapping Screen	178
9.4.1 The Address Mapping Rule Edit Screen	179
9.5 The SIP ALG Screen	181
9.6 NAT Technical Reference	181
9.6.1 NAT Definitions	181
9.6.2 What NAT Does	182
9.6.3 How NAT Works	183
9.6.4 NAT Application	184
9.6.5 NAT Mapping Types	184
Security	187
Firewalls	189
10.1 Overview	189
10.1.1 What You Can Do in the Firewall Screens	189
10.1.2 What You Need to Know About Firewall	190
10.1.3 Firewall Rule Setup Example	191
10.2 The Firewall General Screen	194
10.3 The Firewall Rule Screen	196
10.3.1 Configuring Firewall Rules	198
10.3.2 Customized Services	200
10.3.3 Configuring a Customized Service	201
10.4 The Firewall Threshold Screen	202
10.4.1 Threshold Values	202
10.4.2 Configuring Firewall Thresholds	203
10.5 Firewall Technical Reference	205
10.5.1 Firewall Rules Overview	205
10.5.2 Guidelines For Enhancing Security With Your Firewall	206
10.5.3 Security Considerations	207
10.5.4 Triangle Route	207
Content Filtering	211
11.1 Overview	211
11.1.1 What You Can Do in the Content Filter Screens	211
11.1.2 What You Need to Know About Content Filtering	211
11.1.3 Before You Begin	211
11.1.4 Content Filtering Example	212
11.2 The Keyword Screen	214
11.3 The Schedule Screen	215
11.4 The Trusted Screen	216
Packet Filter	219
12.1 Overview	219
12.1.1 What You Can Do in the Packet Filter Screen	219
12.1.2 What You Need to Know About the Packet Filter	219
12.2 The Packet Filter Screen	220
12.2.1 Editing Protocol Filters	221
12.2.2 Configuring Protocol Filter Rules	222
12.2.3 Editing Generic Filters	223
12.2.4 Configuring Generic Packet Rules	225
12.3 Packet Filter Technical Reference	226
12.3.1 Filter Types and NAT	226
12.3.2 Firewall Versus Filters	227
Certificates	229
13.1 Overview	229
13.1.1 What You Can Do in the Certificates Screens	229
13.1.2 What You Need to Know About Certificates	229
13.2 The Trusted CAs Screen	230
13.2.1 Trusted CA Import	232
13.2.2 Trusted CA Details	233
13.3 Certificates Technical Reference	235
13.3.1 Certificates Overview	235
13.3.2 Private-Public Certificates	235
Advanced	237
Static Route	239
14.1 Overview	239
14.1.1 What You Can Do in the Static Route Screens	239
14.2 The Static Route Screen	240
14.2.1 Static Route Edit	241
802.1Q/1P	243
15.1 Overview	243
15.1.1 What You Can Do in the 802.1Q/1P Screens	243
15.1.2 What You Need to Know About 802.1Q/1P	243
15.1.3 802.1Q/1P Example	245
15.2 The 802.1Q/1P Group Setting Screen	249
15.2.1 Editing 802.1Q/1P Group Setting	250
15.3 The 802.1Q/1P Port Setting Screen	252
Quality of Service (QoS)	253
16.1 Overview	253
16.1.1 What You Can Do in the QoS Screens	253
16.1.2 What You Need to Know About QoS	254
16.1.3 QoS Class Setup Example	254
16.2 The QoS General Screen	258
16.3 The Class Setup Screen	259
16.3.1 The Class Configuration Screen	261
16.4 The QoS Monitor Screen	265
16.5 QoS Technical Reference	266
16.5.1 IEEE 802.1Q Tag	266
16.5.2 IP Precedence	266
16.5.3 DiffServ	267
16.5.4 Automatic Priority Queue Assignment	267
Dynamic DNS Setup	269
17.1 Overview	269
17.1.1 What You Can Do in the DDNS Screen	269
17.1.2 What You Need To Know About DDNS	269
17.2 The Dynamic DNS Screen	270
Remote Management	273
18.1 Overview	273
18.1.1 What You Can Do in the Remote Management Screens	274
18.1.2 What You Need to Know About Remote Management	274
18.2 The WWW Screen	275
18.2.1 Configuring the WWW Screen	275
18.3 The Telnet Screen	276
18.4 The FTP Screen	277
18.5 The DNS Screen	278
18.6 The ICMP Screen	279
Universal Plug-and-Play (UPnP)	281
19.1 Overview	281
19.1.1 What You Can Do in the UPnP Screen	281
19.1.2 What You Need to Know About UPnP	281
19.2 The UPnP Screen	283
19.3 Installing UPnP in Windows Example	284
19.4 Using UPnP in Windows XP Example	287
Maintenance	293
System Settings	295
20.1 Overview	295
20.1.1 What You Can Do in the System Settings Screens	295
20.1.2 What You Need to Know About System Settings	295
20.2 The General Screen	296
20.3 The Time Setting Screen	298
Logs	301
21.1 Overview	301
21.1.1 What You Can Do in the Log Screens	301
21.1.2 What You Need To Know About Logs	301
21.2 The View Log Screen	302
21.3 The Log Settings Screen	303
21.4 SMTP Error Messages	305
21.4.1 Example E-mail Log	305
21.5 Log Descriptions	306
Tools	315
22.1 Overview	315
22.1.1 What You Can Do in the Tool Screens	315
22.1.2 What You Need To Know About Tools	316
22.1.3 Before You Begin	317
22.1.4 Tool Examples	317
22.2 The Firmware Screen	323
22.3 The Configuration Screen	325
22.4 The Restart Screen	328
Diagnostic	329
23.1 Overview	329
23.1.1 What You Can Do in the Diagnostic Screens	329
23.2 The General Diagnostic Screen	329
23.3 The DSL Line Diagnostic Screen	330
Troubleshooting and Specifications	333
Troubleshooting	335
24.1 Power, Hardware Connections, and LEDs	335
24.2 ZyXEL Device Access and Login	336
24.3 Internet Access	338
Product Specifications	341
25.1 Hardware Specifications	341
25.2 Firmware Specifications	341
25.3 Wireless Features	345
25.4 Power Adaptor Specifications	347
Appendices and Index	349
Setting up Your Computer’s IP Address	351
Pop-up Windows, JavaScript and Java Permissions	375
IP Addresses and Subnetting	385
Wireless LANs	395
Services	411
Legal Information	415