ZyXEL P-662H-67 User Guide
ZyXEL P-662H-67 Manual
 |
View all ZyXEL P-662H-67 manuals
Add to My Manuals
Save this manual to your list of manuals |
ZyXEL P-662H-67 manual content summary:
- ZyXEL P-662H-67 | User Guide - Page 1
P-662H/HW-D Series 802.11g ADSL2+ 4-Port Security Gateway User's Guide Version 3.40 12/2008 Edition 3 DEFAULT LOGIN IP Address http://192.168.1.1 User Password user Admin Password 1234 www.zyxel.com - ZyXEL P-662H-67 | User Guide - Page 2
- ZyXEL P-662H-67 | User Guide - Page 3
you use the web configurator to configure the ZyXEL Device. • Supporting Disk Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. User Guide Feedback Help us help you. Send all User - ZyXEL P-662H-67 | User Guide - Page 4
• The P-662H/HW-D may be referred to as the "ZyXEL Device", the "device", the "system" or the "product" in this User's Guide. • Product labels, screen names, field labels and field choices are for "for instance", and "i.e.," means "that is" or "in other words". 4 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 5
Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server DSLAM Firewall Telephone Switch Router P-662H/HW-D Series User's Guide 5 - ZyXEL P-662H-67 | User Guide - Page 6
, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example stumble over them. • Always disconnect all cables from this device before servicing or disassembling. • Use ONLY an appropriate power adaptor or cord for 662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 7
This product is recyclable. Dispose of it properly. Safety Warnings P-662H/HW-D Series User's Guide 7 - ZyXEL P-662H-67 | User Guide - Page 8
Safety Warnings 8 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 9
Introduction and Wizards ...37 Getting To Know Your ZyXEL Device 39 Introducing the Web Configurator 43 Wizard Setup Troubleshooting and Specifications 315 System ...317 Logs ...323 Tools ...329 Diagnostic ...335 Troubleshooting ...337 Product Specifications ...347 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 10
Contents Overview Appendices and Index ...353 10 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 11
37 Chapter 1 Getting To Know Your ZyXEL Device 39 1.1 Introducing the ZyXEL Device 39 1.1.1 Applications of the ZyXEL Device 39 1.1.2 Firewall for Secure Broadband Status: VPN Status ...54 2.4.7 Status: Packet Statistics 55 2.4.8 Changing Login Password 57 P-662H/HW-D Series User's Guide 11 - ZyXEL P-662H-67 | User Guide - Page 12
Manual Configuration 61 3.3 Wireless Connection Wizard Setup 66 3.3.1 Automatically assign a WPA key 69 3.3.2 Manually assign a WPA-PSK key 69 3.3.3 Manually assign a WEP key 69 Chapter 4 Bandwidth Management Wizard 73 4.1 Introduction ...73 4.2 Predefined Media Bandwidth Management Services - ZyXEL P-662H-67 | User Guide - Page 13
101 6.1 LAN Overview ...101 6.1.1 LANs, WANs and the ZyXEL Device 101 6.1.2 DHCP Setup ...102 6.1.3 DNS Server Address 102 7.3 Wireless Performance Overview 116 7.3.1 Quality of Service (QoS 116 7.4 Additional Wireless Terms 116 130 7.8.1 WMM QoS Example 130 P-662H/HW-D Series User's Guide 13 - ZyXEL P-662H-67 | User Guide - Page 14
Services ...131 7.9 QoS Screen ...131 7.9.1 ToS (Type of Service) and WMM QoS 131 7.9.2 Application Priority Configuration 132 7.10 Multiple SSID (P-662HW Port Forwarding ...145 9.4.1 Default Server IP Address 146 9.4.2 Port Forwarding: Services and Port Numbers 146 9.4.3 HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 15
Configuring A Customized Service 178 11.7 Example Firewall Rule ...179 11.8 Predefined Services ...183 11.9 Anti-Probing ...185 11.10 DoS Thresholds ...186 11.10.1 Threshold Values 186 11.10.2 Half-Open Sessions 187 11.10.3 Configuring Firewall Thresholds 187 P-662H/HW-D Series User's Guide 15 - ZyXEL P-662H-67 | User Guide - Page 16
Register...211 14.1 myZyXEL.com overview 211 14.1.1 Subscription Services Available on the ZyXEL Device 211 14.2 Registration ...212 14.3 Service ...213 Chapter 15 Introduction to IPSec...215 15.1 VPN ...217 15.2.2 Key Management 217 15.3 Encapsulation ...217 16 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 17
235 16.13 Configuring Advanced IKE Settings 235 16.14 Manual Key Setup ...238 16.14.1 Security Parameter Index (SPI 238 16.15 Configuring Manual Key 238 16.16 Viewing SA Monitor ...241 16.17 ...248 17.3 Configuration Summary 248 17.4 My Certificates ...248 P-662H/HW-D Series User's Guide 17 - ZyXEL P-662H-67 | User Guide - Page 18
.6.3 Bandwidth Management Priorities 281 19.7 Configuring Summary ...281 19.8 Bandwidth Management Rule Setup 282 19.8.1 Rule Configuration 283 19.9 Bandwidth Monitor ...286 18 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 19
294 21.5 Configuring FTP ...295 21.6 SNMP ...296 21.6.1 Supported MIBs ...297 21.6.2 SNMP Traps ...297 21.6.3 Configuring SNMP Troubleshooting and Specifications 315 Chapter 23 System ...317 23.1 General Setup and System Name 317 23.1.1 System Configuration 317 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 20
25.2.3 Back to Factory Defaults 333 25.3 Restart ...333 Chapter 26 Diagnostic...335 26.1 General Diagnostic ...335 26.2 DSL Line Diagnostic ...336 Chapter 27 Troubleshooting...337 27.1 Problems Starting Up the ZyXEL Device 337 27.2 Problems with the LAN ...337 27.3 Problems with the WAN 338 27 - ZyXEL P-662H-67 | User Guide - Page 21
Appendix E Management with Wireless Zero Configuration 409 Appendix F Common Services 423 Appendix G Virtual Circuit Topology 427 Appendix H Importing Certificates Descriptions 459 Appendix M Legal Information 475 Appendix N Customer Support 479 Index...485 P-662H/HW-D Series User's Guide 21 - ZyXEL P-662H-67 | User Guide - Page 22
Table of Contents 22 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 23
40 Figure 2 ZyXEL Device LAN-to-LAN Application Example 40 Figure 3 Firewall Application ...41 Figure 4 P-662H Front Panel ...41 Figure 5 P-662HW Front Panel ...41 Figure 6 Password Screen ...44 Figure 7 Change Password at Login ...45 Figure 8 Replace Factory Default Certificate 45 Figure - ZyXEL P-662H-67 | User Guide - Page 24
List ...110 Figure 59 Physical Network & Partitioned Logical Networks 111 Figure 60 LAN IP Alias ...111 Figure 61 Example of a Wireless Network 113 Figure 62 Wireless LAN: General ...117 Figure 63 Wireless: No Security Example 139 Figure 81 How NAT Works ...142 24 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 25
Access Control: General: Time Scheduling 197 Figure 114 Content Access Control: General: Services 199 Figure 115 Content Access Control: General: Web Site Filter 200 Figure 116 123 Security > Register ...212 Figure 124 Security > Register > Service 213 P-662H/HW-D Series User's Guide 25 - ZyXEL P-662H-67 | User Guide - Page 26
Two Phases to Set Up the IPSec SA 233 Figure 134 Advanced VPN Policies ...236 Figure 135 VPN: Manual Key ...239 Figure 136 VPN: SA Monitor ...242 Figure 137 VPN: Global Setting ...242 Figure 138 Telecommuters : Telnet 294 Figure 167 Remote Management: FTP 295 26 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 27
Networking Components Wizard 307 Figure 178 Networking Services ...307 Figure 179 Network Connections ...308 Figure 192 E-mail Log Example ...327 Figure 193 Firmware Upgrade ...329 Figure 194 Firmware Upload In Progress 330 Figure 195 Network Temporarily ...343 P-662H/HW-D Series User's Guide 27 - ZyXEL P-662H-67 | User Guide - Page 28
: Privacy ...379 Figure 251 Pop-up Blocker Settings ...379 Figure 252 Internet Options: Security 380 Figure 253 Security Settings - Java Scripting 381 28 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 29
Example 394 Figure 264 Peer-to-Peer Communication in an Ad-hoc Network 395 Figure 265 Basic Service Set ...396 Figure 266 Infrastructure WLAN ...397 Figure 267 RTS/CTS ...398 Figure 268 WPA ...432 Figure 296 Certificate General Information after Import 433 P-662H/HW-D Series User's Guide 29 - ZyXEL P-662H-67 | User Guide - Page 30
Figure 305 Internal SPTGEN FTP Upload Example 445 Figure 306 Displaying Log Categories Example 472 Figure 307 Displaying Log Parameters Example 473 30 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 31
55 Table 7 Status: Packet Statistics ...56 Table 8 System General: Password ...57 Table 9 Internet Access Wizard Setup: ISP Parameters 62 Table 16 Manually assign a WPA key ...69 Table 17 Manually assign a WEP key 70 Table 18 Media Bandwidth Management Setup: Services 73 -D Series User's Guide 31 - ZyXEL P-662H-67 | User Guide - Page 32
IP Ports ...159 Table 60 ICMP Commands That Trigger Alerts 162 Table 61 Legal NetBIOS Commands 162 Table 62 Legal SMTP Commands ...162 Table 63 Time Scheduling 198 Table 76 Content Access Control: General: Services 199 Table 77 Content Access Control: General: Web Site -D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 33
209 Table 83 Security > Register ...212 Table 84 Security > Register > Service 214 Table 85 VPN and NAT ...219 Table 86 AH and ESP VPN Policies ...230 Table 94 Advanced VPN Policies ...236 Table 95 VPN: Manual Key ...239 Table 96 VPN: SA Monitor ...242 Table 97 VPN: 662H/HW-D Series User's Guide 33 - ZyXEL P-662H-67 | User Guide - Page 34
Troubleshooting Starting Up Your ZyXEL Device 337 Table 142 Troubleshooting the LAN ...337 Table 143 Troubleshooting the WAN 338 Table 144 Troubleshooting Accessing the ZyXEL Device 338 Table 145 Hardware Specifications ...347 Table 146 Firmware 417 34 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 35
XP: Smart Card or other Certificate Properties 419 Table 170 Commonly Used Services 423 Table 171 NetBIOS Filter Default Settings 436 Table 172 Abbreviations Used in the Example Internal SPTGEN Screens Table ...471 Table 202 RFC-2408 ISAKMP Payload Types 472 P-662H/HW-D Series User's Guide 35 - ZyXEL P-662H-67 | User Guide - Page 36
List of Tables 36 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 37
PART I Introduction and Wizards Getting To Know Your ZyXEL Device (39) Introducing the Web Configurator (43) Wizard Setup for Internet Access (59) Bandwidth Management Wizard (73) 37 - ZyXEL P-662H-67 | User Guide - Page 38
38 - ZyXEL P-662H-67 | User Guide - Page 39
Wireless LAN connectivity. " All wireless features in this guide pertain to the P-662HW-Dx series only. Models ending in "1", for example P-662HW-D1, denote a device that works over the analog telephone system, POTS (Plain Old Telephone Service). Models ending in "3" denote a device that works over - ZyXEL P-662H-67 | User Guide - Page 40
ZyXEL Device provides protection from attacks by Internet hackers. By default, the firewall blocks all incoming traffic from the WAN. The firewall supports TCP/UDP inspection and DoS (Denial of Services) detection and prevention, as well as real time alerts, reports and logs. 40 P-662H/HW-D Series - ZyXEL P-662H-67 | User Guide - Page 41
) failure or the device has malfunctioned. Off The system is not receiving power. LAN 1-4 Green On The ZyXEL Device has a successful 10/100Mb Ethernet connection. Blinking The ZyXEL Device is sending/receiving data. None Off The LAN is not connected. P-662H/HW-D Series User's Guide 41 - ZyXEL P-662H-67 | User Guide - Page 42
WLAN (P- Green On 662HW only) The ZyXEL Device is ready, but is not sending/receiving data through the wireless LAN. Blinking The ZyXEL Device is sending/receiving data has failed. Refer to the Quick Start Guide for information on hardware connections. 42 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 43
XP SP (Service Pack) 2. • JavaScripts (enabled by default). • Java permissions (enabled by default). See the chapter on troubleshooting if you need to make sure these functions are allowed in Internet Explorer. 2.2 Accessing the Web Configurator " Even though you can connect to the ZyXEL Device - ZyXEL P-662H-67 | User Guide - Page 44
entered the admin password, it is highly recommended you change the default admin password! Enter a new password between password now. " If you do not change the password at least once, the following screen appears every time you log in with the admin password. 44 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 45
Password at Login Chapter 2 Introducing the Web Configurator 7 It is highly recommended you replace the factory default certificate by creating your own unique certificate based on your ZyXEL every time you log in. Figure 8 Replace Factory Default Certificate 8 Select Go to Wizard setup and click - ZyXEL P-662H-67 | User Guide - Page 46
to blink, the defaults have been restored and the ZyXEL Device restarts. You can also use the RESET button to: • Activate/Deactivate the wireless network - by pressing the RESET button for 1 second. • Start OTIST - by pressing the RESET button for 3 seconds. 46 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 47
Configurator We use the P-662HW-D1 web screens in this guide as an example. Screens vary slightly for different ZyXEL Device models. 2.4.1 Navigation Panel After you enter the admin password, use the sub- . Logout Click this icon to exit the web configurator. P-662H/HW-D Series User's Guide 47 - ZyXEL P-662H-67 | User Guide - Page 48
Configurator Screens Summary (continued) LINK/ICON SUB-LINK FUNCTION Status This screen shows the ZyXEL Device's general device, system and interface status information. Use this screen to access the Use this screen to configure the threshold for DoS attacks. 48 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 49
and times for the ZyXEL Device to perform content filtering. content filtering on your ZyXEL Device. Content Access General services on the ZyXEL Device. Service ZyXEL Device's CAsigned certificates. Trusted CAs Use this screen to save CA certificates to the ZyXEL the ZyXEL Device's bandwidth usage and allotments - ZyXEL P-662H-67 | User Guide - Page 50
help you identify problems with the DSL line. 2.4.2 Status Screen Use this screen to look at the current status of the ZyXEL Device. Some fields or links are not available if you entered the user password in the login password screen (see Figure 6 on page 44). 50 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 51
Version This is the DSL firmware version associated with your ZyXEL Device. WAN Information DSL Mode This is the standard that your ZyXEL Device is using. IP Address This is the WAN port IP address. IP Subnet Mask This is the WAN port IP subnet mask. Default Gateway This is the IP address - ZyXEL P-662H-67 | User Guide - Page 52
ZyXEL Device in the wireless LAN. Channel This is the channel number used by the ZyXEL ZyXEL Device is using. Heap memory refers to the memory that is not used by ZyNOS (ZyXEL ZyXEL Device's total heap memory (in kilobytes). The bar displays what percent of the ZyXEL ZyXEL ZyXEL Device. WLAN - ZyXEL P-662H-67 | User Guide - Page 53
MAC address) of all network devices that use the Any IP feature to communicate with the ZyXEL Device. Figure 12 Status: Any IP Table The following table describes the labels in this screen the wireless stations that are currently associated to the ZyXEL Device. P-662H/HW-D Series User's Guide 53 - ZyXEL P-662H-67 | User Guide - Page 54
Status 2.4.6 Status: VPN Status Click the VPN Status hyperlink in the Status screen. The VPN Status shows the current status of any VPN tunnels the ZyXEL Device has negotiated. 54 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 55
here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. P-662H/HW-D Series User's Guide 55 - ZyXEL P-662H-67 | User Guide - Page 56
This is the elapsed time the system has been up. Current Date/Time This field displays your ZyXEL Device's present date and time. CPU Usage This field specifies the percentage of CPU utilization. displays the number of bytes transmitted in the last second. 56 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 57
General: Password LABEL DESCRIPTION Old Password Type the default password or the existing password you use to access the system in this field. New Password Type the new password in this field. Retype to Confirm Type the new password again in this field. P-662H/HW-D Series User's Guide 57 - ZyXEL P-662H-67 | User Guide - Page 58
Chapter 2 Introducing the Web Configurator Table 8 System General: Password LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 58 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 59
you by your ISP. " See the advanced menu chapters for background information on these fields. 3.2 Internet Access Wizard Setup 1 After you enter the admin password to access the web configurator, select Go to Wizard setup and click Apply. Otherwise, click the wizard icon ( ) in the top right corner - ZyXEL P-662H-67 | User Guide - Page 60
Auto Detection: No DSL Connection If the wizard still cannot detect a connection type and the following screen appears (see Figure 21 on page 61), click Next and refer to Section 3.2.2 on page 61 on how to configure the ZyXEL Device for Internet access manually. 60 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 61
22 Auto-Detection: PPPoE 3.2.2 Manual Configuration 1 If the ZyXEL Device fails to detect your DSL connection type, enter the Internet access information given to you by your ISP exactly in the wizard screen. If not given, leave the fields set to the default. P-662H/HW-D Series User's Guide 61 - ZyXEL P-662H-67 | User Guide - Page 62
Setup: ISP Parameters LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge. Section 3.3 on page 66 for wireless connection wizard setup 62 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 63
Password Enter the password associated with the user name above. Service Name Type the name of your PPPoE service here. Back Click Back to go back to the previous wizard screen. Apply Click Apply to save your changes back to the ZyXEL previous wizard screen. P-662H/HW-D Series User's Guide 63 - ZyXEL P-662H-67 | User Guide - Page 64
DNS As above. Server Back Click Back to go back to the previous wizard screen. Apply Click Apply to save your changes back to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. 64 P-662H/HW - ZyXEL P-662H-67 | User Guide - Page 65
Apply to save your changes back to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. • If the user name and/or password you entered for PPPoE or PPPoA connection are Setup Wizard to verify your Internet access settings. P-662H/HW-D Series User's Guide 65 - ZyXEL P-662H-67 | User Guide - Page 66
skip to Step 6. Figure 30 Connection Test Successful 2 Use this screen to activate the wireless LAN and OTIST. Click Next to continue. 66 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 67
if you want to transfer your ZyXEL Device's SSID and WEP or WPA-PSK security settings to wireless clients that support OTIST and are within transmission range in length. Be sure to use the same OTIST Setup Key on the ZyXEL Device and wireless clients. Click Back to display the previous screen. Click - ZyXEL P-662H-67 | User Guide - Page 68
option only if your wireless clients support WPA. See Section 3.3.2 on page 69 for more information. Select Manually assign a WEP key to close the wizard screen without saving. " The wireless stations and ZyXEL Device must use the same SSID, channel ID and WEP encryption Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 69
Automatically assign a WPA key Choose Manually assign a WPA key in the Wireless LAN setup screen to allow the ZyXEL Device to configure a PSK key for you based on the setup key you entered on the previous Wireless LAN setup screen. This key acts like a password to ensure only those Wireless LAN - ZyXEL P-662H-67 | User Guide - Page 70
following table describes the labels in this screen. Table 17 Manually assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP to complete and save the wizard setup. 70 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 71
Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. P-662H/HW-D Series User's Guide 71 - ZyXEL P-662H-67 | User Guide - Page 72
Chapter 3 Wizard Setup for Internet Access 72 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 73
ZyXEL Device's WAN port and prioritize the distribution of the bandwidth according to service bandwidth requirements. This helps keep one service a computer network to specific groups or individuals. Here are some default ports for e-mail: POP3 - port 110 IMAP - port 143 Series User's Guide 73 - ZyXEL P-662H-67 | User Guide - Page 74
Management Setup: Services (continued) SERVICE DESCRIPTION VoIP ( also be transported over TCP, using the default port number 5060. VoIP (H.323) H.323 4.3 Bandwidth Management Wizard Setup 1 After you enter the password to access the web configurator, select Go to Wizard Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 75
to packets based on the services. Figure 39 Bandwidth Management ZyXEL Device apply bandwidth management to traffic going out through the ZyXEL Device's WAN, LAN or WLAN port. Select Services Setup to allocate bandwidth based on the service the services that you want to apply bandwidth management and select - ZyXEL P-662H-67 | User Guide - Page 76
> Rule Setup, then the service priority radio button will be set ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. 5 Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuration. 76 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 77
Chapter 4 Bandwidth Management Wizard Figure 41 Bandwidth Management Wizard: Complete P-662H/HW-D Series User's Guide 77 - ZyXEL P-662H-67 | User Guide - Page 78
Chapter 4 Bandwidth Management Wizard 78 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 79
PART II Network WAN Setup (81) LAN Setup (101) Wireless LAN (113) DMZ (137) Network Address Translation (NAT) Screens (141) 79 - ZyXEL P-662H-67 | User Guide - Page 80
80 - ZyXEL P-662H-67 | User Guide - Page 81
ZyXEL Device supports the service ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs' computers will have access. P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 82
PPPoA connection functions like a dial-up Internet connection. The ZyXEL Device encapsulates the PPP session based on RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service Provider's (ISP) DSLAM (digital access multiplexer). Please refer to Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 83
-rate service or ZyXEL Device uses the following pre-defined priorities: • Normal route: designated by the ISP (see Section 5.5 on page 86) • Traffic-redirect route (see Section 5.7 on page 94) • WAN-backup route, also called dial-backup (see Section 5.8 on page 94) P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 84
default route. If the normal route fails to connect to the Internet, the ZyXEL Device tries the traffic-redirect route next. In the same manner, the ZyXEL IP Policy Routing overrides the default routing behavior and takes priority over SCR or MBS is set to the default of "0", the system will assign a - ZyXEL P-662H-67 | User Guide - Page 85
connect to the ISP, you will be redirected to web screen(s) for information input or troubleshooting. Zero configuration for Internet access is disabled when • the ZyXEL Device is in bridge mode • you set the ZyXEL Device to use a static (fixed) WAN IP address. P-662H/HW-D Series User's Guide 85 - ZyXEL P-662H-67 | User Guide - Page 86
Use this screen to change your ZyXEL Device's WAN remote node settings. Internet Service Provider, e.g., MyISP. This information is for identification purposes only. Mode Select Routing (default) service name, then enter both components exactly as given. 86 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 87
Password (PPPoA and PPPoE only) Enter the password associated with the user name above. Service Name (PPPoE only) Type the name of your PPPoE service all the time. The ZyXEL Device will try to select Connect on Demand. The default setting is 0, which means to edit your ZyXEL Device's advanced WAN - ZyXEL P-662H-67 | User Guide - Page 88
. When set to Both or Out Only, the ZyXEL Device will broadcast its routing table periodically. When set the ZyXEL Device sends (it recognizes both formats when receiving). RIP-1 is universally supported but to every computer). The ZyXEL Device supports both IGMP version 1 (IGMP-v1) and IGMP-v2. - ZyXEL P-662H-67 | User Guide - Page 89
Type the SCR, which must be less than the PCR. Note that system default is 0 cells/sec. Maximum Burst Maximum Burst Size (MBS) refers to the No to disable this feature. You must manually configure the ZyXEL Device for Internet access. This field is available when P-662H/HW-D Series User's Guide 89 - ZyXEL P-662H-67 | User Guide - Page 90
this screen to configure additional connections via the WAN interface. Click the edit icon in the More Connections screen to configure a connection. 90 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 91
Bridge, the ZyXEL Device will service name, then enter both components exactly as given. Password (PPPoA and PPPoE encapsulation only) Enter the password associated with the user name above. Service Name (PPPoE only) Type the name of your PPPoE service here. P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 92
want your connection up all the time. The ZyXEL Device will try to bring up the connection Timeout field when you select Connect on Demand. The default setting is 0, which means the Internet session will not Setup Use this screen to edit your ZyXEL Device's advanced WAN settings. Click the - ZyXEL P-662H-67 | User Guide - Page 93
-layer protocol used to establish membership in a multicast group. The ZyXEL Device supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Select the SCR, which must be less than the PCR. Note that system default is 0 cells/sec. Maximum Burst Maximum Burst Size (MBS) refers to Series User's Guide 93 - ZyXEL P-662H-67 | User Guide - Page 94
to a backup gateway when the ZyXEL Device cannot connect to the Internet configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network. Put the Backup Use this screen to change your ZyXEL Device's WAN backup settings, click WAN > WAN Backup Setup - ZyXEL P-662H-67 | User Guide - Page 95
ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up. Select ICMP to have the ZyXEL test your ZyXEL Device's WAN the ZyXEL Device periodically that your ZyXEL Device may ping When the ZyXEL Device the ZyXEL Device to wait - ZyXEL P-662H-67 | User Guide - Page 96
ZyXEL after the ZyXEL Device times ZyXEL Device cannot connect to the Internet. Active Traffic Redirect Select this check box to have the ZyXEL ZyXEL ZyXEL Device automatically forwards traffic to this IP address if the ZyXEL routes the ZyXEL Device uses Password Enter the password your ZyXEL Device - ZyXEL P-662H-67 | User Guide - Page 97
ZyXEL Device accepts either CHAP or PAP when requested by this remote node. CHAP - Your ZyXEL Device accepts CHAP only. PAP - Your ZyXEL is busy or does not answer, your ZyXEL Device dials the secondary phone number if initialize the WAN device. Consult the manual of your WAN device connected to your - ZyXEL P-662H-67 | User Guide - Page 98
RIP packets that the ZyXEL Device sends (it recognizes both formats when receiving). Choose RIP-1, RIP-2B or RIP-2M. RIP-1 is universally supported; but RIP-2 carries Connect on Demand. The default setting is 0, which means the Internet session will not timeout. 98 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 99
the Period to 1 (hour). If you set the Period to 0, there is no budget control and the ZyXEL Device uses the Connection settings. Back Click Back to return to the previous screen. Apply Click Apply to save screen as shown. Figure 52 WAN Dial Backup Modem Setup P-662H/HW-D Series User's Guide 99 - ZyXEL P-662H-67 | User Guide - Page 100
AT Command string to answer a call. Example: ata Drop DTR When Select this check box to have the ZyXEL Device drop the DTR (Data Terminal Hang Up Ready) signal after the "AT Command String: Drop" is sent Click Cancel to begin configuring this screen afresh. 100 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 101
DHCP server and manage IP addresses. See Section 6.3 on page 106 to configure the LAN screens. 6.1.1 LANs, WANs and the ZyXEL Device The actual physical connection determines whether the ZyXEL Device ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the - ZyXEL P-662H-67 | User Guide - Page 102
service off, you must have another DHCP server on your LAN, or else the computer must be manually configured. 6.1.2.1 IP Pool Setup The ZyXEL the DNS servers are conveyed through IPCP negotiation. The ZyXEL Device supports the IPCP DNS server extensions through the DNS proxy Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 103
hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: • 10.0.0.0 - 10.255.255.255 • 172.16.0.0 - 172.31.255.255 • 192.168.0.0 - 192.168.255.255 P-662H/HW-D Series User's Guide 103 - ZyXEL P-662H-67 | User Guide - Page 104
and the broadcasting method of the RIP packets that the ZyXEL Device sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate range 224.0.0.0 to 239.255.255.255. The address 104 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 105
ZyXEL Device supports IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the ZyXEL ZyXEL Device). In cases where your computer is required to use a static IP address in another network, you may need to manually and the ZyXEL Device are to the ZyXEL Device and ZyXEL the ZyXEL Device - ZyXEL P-662H-67 | User Guide - Page 106
Internet as if it is in the same subnet as the ZyXEL Device. 6.3 Configuring LAN IP Use this screen to configure the LAN IP address of the ZyXEL Device. Click LAN to open the IP screen. See Section 6.1 on page 101 for background information. Figure 55 LAN IP 106 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 107
Address Enter the IP address of your ZyXEL Device in dotted decimal notation, for example, 192.168.1.1 (factory default). IP Subnet Mask Type the subnet mask group. The ZyXEL Device supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Select None to disable it. P-662H/HW-D Series User's Guide 107 - ZyXEL P-662H-67 | User Guide - Page 108
ZyXEL Device. Windows Networking (NetBIOS over TCP/IP) NetBIOS (Network Basic Input/Output System) are TCP or UDP packets that enable a computer to connect to and communicate with a LAN. For some dial-up services default policy set to block WAN to LAN traffic, you also need to enable the default - ZyXEL P-662H-67 | User Guide - Page 109
ZyXEL Device can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support DHCP Server The ZyXEL Device passes a as 0.0.0.0, the ZyXEL Device acts as back to the ZyXEL Device. Reset ZyXEL Device's static DHCP settings, click Network > LAN > - ZyXEL P-662H-67 | User Guide - Page 110
to partition a physical network into different logical networks over the same Ethernet interface. The ZyXEL Device supports three logical LAN interfaces via its single physical Ethernet interface with the ZyXEL Device itself as the gateway for each LAN network. 110 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 111
networks do not overlap. The following figure shows a LAN divided into subnets A, B, and C. Figure 59 Physical Network & Partitioned Logical Networks To change your ZyXEL Device's IP alias settings, click Network > LAN > IP Alias. The screen appears as shown. Figure 60 LAN IP Alias P-662H/HW - ZyXEL P-662H-67 | User Guide - Page 112
ZyXEL Device. IP Address Enter the IP address of your ZyXEL Mask Your ZyXEL Device will computed by the ZyXEL Device. RIP or Out Only, the ZyXEL Device will broadcast its ZyXEL Device sends (it recognizes both formats when receiving). RIP-1 is universally supported By default, RIP direction is set - ZyXEL P-662H-67 | User Guide - Page 113
network. It stands for Service Set IDentity. • If two wireless networks overlap, they should use a different channel. Like radio stations or television channels, each wireless network uses a specific channel, or frequency, to send and receive information. P-662H/HW-D Series User's Guide 113 - ZyXEL P-662H-67 | User Guide - Page 114
which case the ZyXEL Device does not broadcast the SSID. In addition, you should change the default SSID to something support IEEE 802.1x to do this. For wireless networks, the user names and passwords for each user are usually stored: • In the ZyXEL B, C, D, E, and F. P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 115
option (WPA compatible) to support WPA as well. In this case, if some of the devices support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA compatible option in the ZyXEL Device. P-662H/HW-D Series User's Guide 115 - ZyXEL P-662H-67 | User Guide - Page 116
The devices in the wireless network have to support OTIST, and they have to be in range of the ZyXEL Device when you activate it. See Section 7.6 this value lower than the default value, the wireless devices must sometimes get permission to send information to the ZyXEL Device. The lower the value - ZyXEL P-662H-67 | User Guide - Page 117
maximum time that the ZyXEL Device transmits IEEE 802. If you have two or more ZyXEL Devices (or other wireless access the ZyXEL Device from a computer connected to the wireless LAN and you change the ZyXEL ZyXEL Device's new settings. Use this screen to configure the wireless settings on the ZyXEL - ZyXEL P-662H-67 | User Guide - Page 118
SSID) (Service Set IDentity) The SSID identifies the Service Set with ZyXEL Device from a computer connected to the wireless LAN and you change the ZyXEL your computer to match the ZyXEL Device's new settings. Select your changes back to the ZyXEL Device. Click Cancel to ZyXEL Device, your network is - ZyXEL P-662H-67 | User Guide - Page 119
from the drop-down list box. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. Advanced Setup Click the General screen. Select Static WEP from the Security Mode list. P-662H/HW-D Series User's Guide 119 - ZyXEL P-662H-67 | User Guide - Page 120
Key The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission. If you want to manually set the WEP key, enter any 5, 13 or 29 characters WPA-PSK or WPA2-PSK from the Security Mode list. 120 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 121
usernames and passwords in Timer (In order to stay connected. Enter a time interval between 10 and 9999 seconds. The Seconds) default time interval Key Update Timer is also supported in WPA(2)-PSK mode. The ZyXEL Device default is 1800 seconds (30 minutes). P-662H/HW-D Series User's Guide 121 - ZyXEL P-662H-67 | User Guide - Page 122
39 Wireless: WPA(2)-PSK LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. Advanced Setup Click the Security Mode list. Figure 66 Wireless: WPA(2) 122 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 123
Group Key Update Timer is also supported in WPA(2)-PSK mode. The ZyXEL Device default is 1800 seconds (30 minutes). default port number is 1813. You need not change this value unless your network administrator instructs you to do so with additional information. Shared Secret Enter a password - ZyXEL P-662H-67 | User Guide - Page 124
the Enable 802.11g+ mode checkbox, this field is grayed out and the ZyXEL Device uses 4096 automatically. Fragmentation It is the maximum data fragment size that can or Dynamic. The default setting is Long. See the section on preamble for more information. 124 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 125
any ZyXEL WLAN devices that support this feature to associate with the ZyXEL Device at higher transmission speeds. This permits the ZyXEL Device you had to configure the settings on the AP and then manually configure the exact same settings on each wireless client. OTIST ( Series User's Guide 125 - ZyXEL P-662H-67 | User Guide - Page 126
in length. The default OTIST setup key is ZyXEL Device. You must also activate and start OTIST on the wireless station at the same time. The process takes three minutes to complete. Note: You can also start OTIST by pressing the RESET button for 3 seconds. 126 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 127
Chapter 7 Wireless LAN 7.6.1.2 Wireless Client Start the ZyXEL utility and click the Adapter tab. Select the OTIST check box, enter the same Setup Key as your you the security settings to transfer. After reviewing the settings, click OK. Figure 70 Security Key P-662H/HW-D Series User's Guide 127 - ZyXEL P-662H-67 | User Guide - Page 128
Setup key). Click OK to go back to the ZyXEL utility main screen. Figure 73 No AP with OTIST for up to one minute. (If you manually have the wireless client search for an OTIST-enabled OTIST, you need to run OTIST again or enter them manually in the wireless client(s). 5 If you configure OTIST to - ZyXEL P-662H-67 | User Guide - Page 129
in the MAC Address table. Select Deny to block access to the ZyXEL Device, MAC addresses not listed will be allowed to access the ZyXEL Device Select Allow to permit access to the ZyXEL Device, MAC addresses not listed will be denied access to the ZyXEL Device. P-662H/HW-D Series User's Guide 129 - ZyXEL P-662H-67 | User Guide - Page 130
back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. 7.8 WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Service) ensures quality of service in wireless not have strict latency and throughput requirements. 130 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 131
commonly used services. 7.9 QoS Screen Use this screen to configure QoS settings for the wireless traffic going through the ZyXEL Device. The QoS screen by default allows you to automatically give a service a the check box to enable WMM QoS on the ZyXEL Device. P-662H/HW-D Series User's Guide 131 - ZyXEL P-662H-67 | User Guide - Page 132
Wireless LAN Table 45 Wireless LAN: QoS LABEL DESCRIPTION WMM QoS Policy Select Default to have the ZyXEL Device automatically give a service a priority level according to the ToS value in the IP header of Type a description of the application priority. 132 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 133
port the selected service uses. Type a port number in the field provided if you want to use a different port to the default port. See saving your changes. 7.10 Multiple SSID (P-662HW-D Models only) The ZyXEL Device supports multiple SSID which allows you to configure a /HW-D Series User's Guide 133 - ZyXEL P-662H-67 | User Guide - Page 134
defaultkey wlan mssid guest_autoOff < default> wlan mssid show The following table gives a description of multiple SSID commands. Table 47 your LAN and only allow access to the Internet via the ZyXEL Device. 134 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 135
guest wireless network stays active. Enter a number from 0 to 30000. Entering 0 resets the value to the default (60 minutes). show Note: This command is hidden. It doesn't show up when you type the wlan mssid to the Internet and cannot access the local network. P-662H/HW-D Series User's Guide 135 - ZyXEL P-662H-67 | User Guide - Page 136
" Major SSID privacy setting is WPA ==Guest SSID Settings == Guest SSID = Enable Guest SSID = "guestnetwork" Guest SSID privacy setting is WEP 64 WEP default key ID = 1 WEP key 1 = abcde WEP key 2 = WEP key 3 = WEP key 4 = Intranet Blocking = 1 Guest SSID AutoOff = Disable Guest SSID AutoOff Timeout - ZyXEL P-662H-67 | User Guide - Page 137
being protected from DoS (Denial of Service) attacks such as SYN flooding and Ping of Death). These public servers can also still be accessed from the secure LAN. By default the firewall allows traffic between the Network > DMZ. The screen appears as shown next. P-662H/HW-D Series User's Guide 137 - ZyXEL P-662H-67 | User Guide - Page 138
default. RIP Version The RIP Version field controls the format and the broadcasting method of the RIP packets that the ZyXEL Device sends (it recognizes both formats when receiving). RIP-1 is universally supported routers on your network must use multicasting, also. P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 139
layer protocol used to establish membership in a multicast group. The ZyXEL Device supports both IGMP version 1 (IGMP-v1) and IGMP-v2. firewall is enabled with the default policy set to block DMZ to LAN traffic, you also need to enable the default DMZ to LAN firewall rule -D Series User's Guide 139 - ZyXEL P-662H-67 | User Guide - Page 140
Chapter 8 DMZ 140 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 141
within another network. 9.1.1 NAT Definitions Inside/outside denotes where a host is located relative to the ZyXEL Device, for example, the computers of your subscribers are the inside hosts, while the web address (either local or global) of an outside host. P-662H/HW-D Series User's Guide 141 - ZyXEL P-662H-67 | User Guide - Page 142
protection. With no servers defined, your ZyXEL Device filters out all incoming inquiries, thus and then forwards it to the Internet. The ZyXEL Device keeps track of the original addresses and port (logical LANs using IP Alias) behind the ZyXEL Device can communicate with three distinct WAN networks - ZyXEL P-662H-67 | User Guide - Page 143
port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported (the SUA Only services behind the NAT to be accessible to the outside world. Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types. P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 144
public WAN IP addresses for your ZyXEL Device. 9.3 NAT General Setup You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the ZyXEL Device. Click Network > NAT to open the following screen. 144 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 145
sending of voice signals over Internet Protocol. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previous configuration. 9.4 Port Forwarding A port forwarding set single computer to the outside world. P-662H/HW-D Series User's Guide 145 - ZyXEL P-662H-67 | User Guide - Page 146
services, NAT supports a default server IP address. A default server receives packets from ports that are not specified in this screen. " If you do not assign a Default Server IP address, the ZyXEL 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third - ZyXEL P-662H-67 | User Guide - Page 147
Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen. If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not - ZyXEL P-662H-67 | User Guide - Page 148
Service Name This is a service's name. Start Port This is the first port number that identifies a service. End Port This is the last port number that identifies a service ZyXEL Service Name forward a series of ports, series of ports, enter the last port number in a series that begins with - ZyXEL P-662H-67 | User Guide - Page 149
save your changes back to the ZyXEL Device. Cancel Click Cancel to ZyXEL Device applies the rules in the order that you specify. When a rule matches the current packet, the ZyXEL 7 become new rules 4, 5 and 6. To change your ZyXEL Device's address mapping settings, click Network > NAT > Address - ZyXEL P-662H-67 | User Guide - Page 150
(i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only. M-M Ov (Overload): Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. Modify Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 151
LAN computer, you have to manually replace the LAN computer's IP address in the forwarding port with another LAN computer's IP address. Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically take turns using the service. The ZyXEL Device records the IP address - ZyXEL P-662H-67 | User Guide - Page 152
(or a range of ports) that a server on the WAN uses when it sends out a particular service. The ZyXEL Device forwards the traffic with this port (or range of ports) to the client computer on the LAN that the table below. # Click this check box to enable the rule. P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 153
the ZyXEL Device. Service Name This service. The ZyXEL Device forwards the service. Trigger Port This is a port (or a range of ports) that causes (or triggers) the ZyXEL back to the ZyXEL Device. Cancel change your ZyXEL Device's . Service Name a particular service. The ZyXEL Device forwards the - ZyXEL P-662H-67 | User Guide - Page 154
trigger port is a port (or a range of ports) that causes (or triggers) the ZyXEL Device to record the IP address of the LAN computer that sent the traffic to a server back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 154 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 155
PART III Security Firewalls (157) Firewall Configuration (169) Content Filtering (191) Content Access Control (195) Register (211) Introduction to IPSec (215) VPN Screens (221) Certificates (247) 155 - ZyXEL P-662H-67 | User Guide - Page 156
156 - ZyXEL P-662H-67 | User Guide - Page 157
the ZyXEL Device problem. A firewall is one of the mechanisms used to establish a network security perimeter in support .5 on page 172 to configure default firewall settings. Refer to Section 11.6.2 on page 178 to configure a custom service. Refer to Section 11.10.3 on page Series User's Guide 157 - ZyXEL P-662H-67 | User Guide - Page 158
services default support Service attacks when activated. The ZyXEL Device's purpose is to allow a private Local Area Network (LAN) to be securely connected to the Internet. The ZyXEL ZyXEL Device also has packet filtering capabilities. The ZyXEL LAN. The ZyXEL Device has one to Internet services such as - ZyXEL P-662H-67 | User Guide - Page 159
Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The ZyXEL traffic by default uses TCP Series User's Guide 159 - ZyXEL P-662H-67 | User Guide - Page 160
200 through 400 of the original (non fragmented) IP packet." The Teardrop program creates a series of IP fragments with overlapping offset fields. When these fragments are reassembled at the destination, some , making the system unavailable for legitimate users. 160 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 161
IP address, known as the "victim" network. This flood of broadcast traffic consumes all available bandwidth, making communications impossible. Figure 94 Smurf Attack P-662H/HW-D Series User's Guide 161 - ZyXEL P-662H-67 | User Guide - Page 162
- all others are illegal. Table 61 Legal NetBIOS Commands MESSAGE: REQUEST: POSITIVE allowed through the router or firewall. The ZyXEL Device blocks all IP Spoofing attempts. 10.5 For example, if you access some outside service, the proxy server remembers things about your Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 163
from the WAN to the LAN. Figure 95 Stateful Inspection The previous figure shows the ZyXEL Device's default firewall rules in action as well as demonstrates how stateful inspection works. User A can outbound packet is forwarded out through the interface. P-662H/HW-D Series User's Guide 163 - ZyXEL P-662H-67 | User Guide - Page 164
inbound access list entries are deleted. 10.5.2 Stateful Inspection and the ZyXEL Device Additional rules may be defined to extend or override the default rules. For example, a rule may be created which will: shown next), these packets are dropped and logged. 164 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 165
(as is the case with the default policy), the connection will be allowed. , etc. When the ZyXEL Device receives any subsequent packet except that the ZyXEL Device is even more In order to achieve this, the ZyXEL Device inspects the application-level FTP be supported on a case-by-case basis. You - ZyXEL P-662H-67 | User Guide - Page 166
with Your Firewall • Change the default password via CLI (Command Line Interpreter) or the web configurator. • Limit who can telnet into your router. • Don't enable any local service (such as SNMP or NTP) be careful with any information you reveal to strangers. 166 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 167
Filtering Vs Firewall Below are some comparisons between the ZyXEL Device's filtering and firewall functions. 10.7.1 Packet and maintain, especially if you need a chain of rules to filter a service. • Packet filtering only checks the header portion of an IP packet. 10 Series User's Guide 167 - ZyXEL P-662H-67 | User Guide - Page 168
block specific URL traffic that might occur in the future. The URL can be saved in an Access Control List (ACL) database. 168 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 169
tool your ZyXEL Device has to both the LAN port and the WLAN. By default, the ZyXEL Device's stateful packet inspection blocks packets traveling in ZyXEL Device as a gateway to communicate with other computers on the WAN and/or managing the ZyXEL or managing the ZyXEL Device. You may define additional - ZyXEL P-662H-67 | User Guide - Page 170
take precedence and override the ZyXEL Device's default rules. 11.3 Rule Logic Overview of traffic does the rule apply to? 3 What IP services will be affected? 4 What computers on the LAN are to if IRC is blocked, are there users that require this service? 3 Is it possible to modify the rule to be - ZyXEL P-662H-67 | User Guide - Page 171
managing the ZyXEL Device through the LAN interface) and policies for LAN-to-LAN (the policies that control routing between two subnets on the LAN). Similarly, WAN to WAN/ Router and DMZ to DMZ/ Router polices apply in the same way to the WAN and DMZ ports. P-662H/HW-D Series User's Guide 171 - ZyXEL P-662H-67 | User Guide - Page 172
WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN. WAN to LAN Rules The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN). If 157 for more information. Figure 96 Firewall: General 172 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 173
activate the firewall. The ZyXEL Device performs access control and protects against Denial of Service (DoS) attacks when the interface of the ZyXEL Device or the ZyXEL Device itself. Default Action Use the drop-down list boxes to select the default action that the -D Series User's Guide 173 - ZyXEL P-662H-67 | User Guide - Page 174
Firewall Rules This read-only bar shows how much of the ZyXEL Device's memory for recording Storage Space firewall rules it is destination address is equivalent to Any. Service This drop-down list box displays the services to which this firewall rule applies. 662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 175
applied in order of their numbering. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 11.6.1 Configuring Firewall Rules Use this the following table for information on the labels. P-662H/HW-D Series User's Guide 175 - ZyXEL P-662H-67 | User Guide - Page 176
Chapter 11 Firewall Configuration Figure 98 Firewall: Edit Rule 176 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 177
it. Services Available/ Selected Services Please see Section 11.8 on page 183 for more information on services available. Highlight a service from the Available Services box on Access Control logs category to have the ZyXEL Device record these logs. Alert Send Alert Message to Administrator When Matched Select - ZyXEL P-662H-67 | User Guide - Page 178
service. Back Click Back to return the previous screen. 11.6.3 Configuring A Customized Service Click a rule number in the Firewall Customized Services screen to view a screen as shown. Use this screen to create a new custom port or edit an existing one. 178 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 179
the screen to the previously saved values. Delete Click Delete to remove this customized service and return to the previous screen. 11.7 Example Firewall Rule The following Internet firewall Firewall > Rules. 2 Select WAN to LAN in the Packet Direction field. P-662H/HW-D Series User's Guide 179 - ZyXEL P-662H-67 | User Guide - Page 180
Customized Services Config screen and configure the screen as follows and click Apply. Figure 102 Edit Custom Port Example 7 Select Any in the Destination Address box and then click Delete. 8 Configure the destination address screen as follows and click Add. 180 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 181
9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. " Custom services show up with an "*" before their names in the Services list box and the Rules list box. P-662H/HW-D Series User's Guide 181 - ZyXEL P-662H-67 | User Guide - Page 182
: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a "MyService" connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. 182 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 183
Rule screen (see Section 11.6.1 on page 175) displays all predefined services that the ZyXEL Device already supports. Next to the name of the service, two fields appear in brackets. The first field indicates the IP 323(TCP:1720) Net Meeting uses this protocol. P-662H/HW-D Series User's Guide 183 - ZyXEL P-662H-67 | User Guide - Page 184
Services (continued) SERVICE service. IPSEC_TUNNEL(ESP:0) The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service service uses file service that service. Service. REAL_AUDIO(TCP:7070) A streaming audio service Service Discovery Protocol (SSDP) is a discovery service - ZyXEL P-662H-67 | User Guide - Page 185
Configuration Table 68 Predefined Services (continued) SERVICE DESCRIPTION SSH(TCP/UDP:22 ZyXEL Device, an ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. The ZyXEL Device supports Anti Probing P-662H/HW-D Series User's Guide 185 - ZyXEL P-662H-67 | User Guide - Page 186
ZyXEL Device Services. Select this option to prevent hackers from finding the ZyXEL Device by probing for unused ports. If you select this option, the ZyXEL ZyXEL Device unseen. By default this option is not selected and the ZyXEL ZyXEL ZyXEL Device. Cancel Click Cancel default default values should be - ZyXEL P-662H-67 | User Guide - Page 187
a Denial of Service attack is occurring return traffic. The ZyXEL Device measures both the ZyXEL Device starts deleting half-open sessions as required to accommodate new connection requests. The ZyXEL Service attack (the default), then the ZyXEL Device ZyXEL Device blocks all new connection ZyXEL - ZyXEL P-662H-67 | User Guide - Page 188
DEFAULT VALUES Denial of Service Thresholds One Minute Low This is the rate of new half-open sessions that causes the firewall to stop deleting halfopen sessions. The ZyXEL number, the ZyXEL Device deletes numbers cause the ZyXEL Device to start open sessions. The ZyXEL Device continues to - ZyXEL P-662H-67 | User Guide - Page 189
Configuration Table 70 Firewall: Threshold (continued) LABEL DESCRIPTION DEFAULT VALUES Maximum Incomplete High This is the number of Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-662H/HW-D Series User's Guide 189 - ZyXEL P-662H-67 | User Guide - Page 190
Chapter 11 Firewall Configuration 190 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 191
ZyXEL Device performs content filtering. You can also specify trusted IP addresses on the LAN for which the ZyXEL you enable the keyword "bad", the ZyXEL Device blocks all sites containing this keyword including in the filter list. To have your ZyXEL Device block Web sites containing keywords in - ZyXEL P-662H-67 | User Guide - Page 192
that you have configured the contain these keywords in ZyXEL Device to block. the URL: Delete Highlight a Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the to set the days and times for the ZyXEL Device to perform content filtering. Click Security > - ZyXEL P-662H-67 | User Guide - Page 193
to exclude a range of users on the LAN from content filtering on your ZyXEL Device. Click Security > Content Filter > Trusted, the screen appears as shown. your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings. P-662H/HW-D Series User's Guide 193 - ZyXEL P-662H-67 | User Guide - Page 194
Chapter 12 Content Filtering 194 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 195
with the ZyXEL Device Content services that you specify. The administrator can create user groups with access restrictions and set up user accounts (with a login name and password Control on the ZyXEL Device. The administrator accounts. The ZyXEL Device enforces Control on the ZyXEL Device, you - ZyXEL P-662H-67 | User Guide - Page 196
access. Idle Timeout Type the time in minutes that elapses before the ZyXEL Device automatically terminates the Internet session. The default time is 10 minutes. Group List These groups are used in conjunction end times of the day(s) when access is allowed. 196 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 197
activated. Apply Cancel Click Activate to begin the content filtering service now. Click Apply to save your changes back to the ZyXEL Device. Click Cancel to return to the previously saved settings . Figure 113 Control Access Control: General: Time Scheduling P-662H/HW-D Series User's Guide 197 - ZyXEL P-662H-67 | User Guide - Page 198
to the ZyXEL Device. Click Cancel to return to the previously saved settings. 13.2.2 Configuring Services Use this screen to customize services for each user group. Click Edit under Services for that user group in the Content Access Control > General screen. 198 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 199
Services box. Clear All Click Clear All to empty the Blocked Services box. Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings. P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 200
Services The Available Services list box in the Services screen displays some predefined services that the ZyXEL Device supports. The following table shows a list of services that can be configured. Next to the name of the service : General: Web Site Filter 200 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 201
and activated the content filtering services. Refer to the User's Guide for more information. Select this option to start using the external content filtering service on the ZyXEL Device. Log Matched Web those pages do not meet one of the above requirements). P-662H/HW-D Series User's Guide 201 - ZyXEL P-662H-67 | User Guide - Page 202
or companies that sell travel services). Cult/Occult Selecting this category excludes pages that promote or offer methods, means of instruction, or other resources to affect game playing. It includes pages that support or host online sweepstakes and giveaways. 202 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 203
health or medical services, drugs, alternative and complimentary therapies, medical information about ailments, dentistry, optometry, general psychiatry, selfhelp, and support organizations dedicated (Cult/Occult) or atheist beliefs (Political/Activist Groups). P-662H/HW-D Series User's Guide 203 - ZyXEL P-662H-67 | User Guide - Page 204
means to obtain goods or services. It does not include pages excludes pages that support the offering and , catering, dining services, cooking and recipes or aircraft, including pages that support online purchase of vehicles or as web communities or hosting services. More/Basic Click more... to - ZyXEL P-662H-67 | User Guide - Page 205
save your changes back to the ZyXEL Device. Cancel Click Cancel to screen displays as shown next. The ZyXEL Device first checks the web site any blocking keywords, the ZyXEL Device then checks the for and activated this service) and block or activated the content filtering service. Click Test to - ZyXEL P-662H-67 | User Guide - Page 206
the index number. Username Enter the user name for this account. Password Enter a password associated to the user name above. Category Select a user group your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings. 206 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 207
Time Left This field displays the amount of time that you have before the ZyXEL Device logs you out and terminates your Internet access. This time depends on the back to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings. P-662H/HW-D Series User's Guide 207 - ZyXEL P-662H-67 | User Guide - Page 208
the From field to specify a single computer. Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings. 13.6 Trusted-external Websites Use -external Website to display the screen as shown. 208 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 209
. 13.7.1 User Login 1 Once the initial configuration is complete, a computer on the network cannot gain Internet access without first logging into the ZyXEL Device. 2 When you attempt to access a website, you are directed to the ZyXEL Device's user login screen. P-662H/HW-D Series User's Guide 209 - ZyXEL P-662H-67 | User Guide - Page 210
idle timeout triggers the logout (the default is ten minutes). • The ZyXEL Device user login page (this is the same as the user login). • The administrator enters "1234" as the username and the system password. • The system administrator main menu screen opens. 210 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 211
access to categories of web sites based on content. Your ZyXEL Device accesses an external database that has millions of web sites categorized based on content. You can have the ZyXEL Device block, block and/or log access to web sites based on these categories. P-662H/HW-D Series User's Guide 211 - ZyXEL P-662H-67 | User Guide - Page 212
with the myZyXEL.com database to verify the user name you entered has not been used. Password Enter a password of between six and 20 alphanumeric characters (and the underscore). Spaces are not allowed. Confirm Password Enter the password again for confirmation. P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 213
as shown next. " If you restore the ZyXEL Device to the default configuration file or upload a different configuration file after you register, click the Service License Refresh button to update license information. Figure 124 Security > Register > Service P-662H/HW-D Series User's Guide 213 - ZyXEL P-662H-67 | User Guide - Page 214
Device) and enter the new PIN number to extend the service. Service License Refresh Click this button to renew service license information (such as the license key, registration status and expiration day). Reset Click Reset to clear the License Key field. 214 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 215
VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP "ciphertext" to plaintext. Decryption also requires a key. P-662H/HW-D Series User's Guide 215 - ZyXEL P-662H-67 | User Guide - Page 216
IPSec packets. This service depends on the data integrity service. 15.1.4 VPN Applications The ZyXEL Device supports the following VPN applications tunnel may be created to add support for unsupported emerging IP applications. See the chapter on Getting to Know Your ZyXEL Device for an example of a - ZyXEL P-662H-67 | User Guide - Page 217
(RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Key Management Key management allows you to determine whether to use IKE (ISAKMP) or manual key configuration in order to set up a VPN. 15.3 Encapsulation The two - ZyXEL P-662H-67 | User Guide - Page 218
it securely. A Tunnel mode is required for gateway services to provide access to internal systems. Tunnel mode is fundamentally section if you are running IPSec on a host computer behind the ZyXEL Device. NAT is incompatible with the AH protocol in both Transport and 662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 219
authentication is not compatible with NAT. Table 85 VPN and NAT SECURITY PROTOCOL MODE NAT AH Transport N AH Tunnel N ESP Transport N ESP Tunnel Y P-662H/HW-D Series User's Guide 219 - ZyXEL P-662H-67 | User Guide - Page 220
Chapter 15 Introduction to IPSec 220 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 221
(Encapsulating Security Payload) Protocol The ESP protocol (RFC 2406) provides encryption as well as the services offered by AH. ESP authenticating properties are limited compared to the AH due to the non- by concealing the size of the packet being transmitted. P-662H/HW-D Series User's Guide 221 - ZyXEL P-662H-67 | User Guide - Page 222
. DES applies a 56-bit key to each 64-bit block of data. MD5 (default) MD5 (Message Digest 5) produces a 128-bit digest to authenticate packet data. 3DES Address My IP Address is the WAN IP address of the ZyXEL Device. The ZyXEL Device has to rebuild the VPN tunnel if the My IP Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 223
gateway has a dynamic WAN IP address and is using DDNS. The ZyXEL Device has to rebuild the VPN tunnel each time the remote secure gateway configured as 0.0.0.0 only when using IKE key management and not Manual key management. 16.5 VPN Setup Screen The following figure HW-D Series User's Guide 223 - ZyXEL P-662H-67 | User Guide - Page 224
ZyXEL Device. The same (static) IP address is displayed twice when the Local Address Type field in the VPN-IKE (or VPN-Manual VPN-IKE (or VPN-Manual Key) screen is configured -IKE (or VPN-Manual Key) screen is IKE (or VPN-Manual Key) screen is VPN-IKE (or VPN-Manual Key) screen is configured - ZyXEL P-662H-67 | User Guide - Page 225
default selection). IPSec Algorithm This field displays the security protocols used for an SA. Both AH and ESP increase ZyXEL ZyXEL ZyXEL Device ZyXEL Device-compatible keep alive feature enabled in order for this feature to work. If the ZyXEL ZyXEL Device because the ZyXEL ZyXEL but the ZyXEL Device's - ZyXEL P-662H-67 | User Guide - Page 226
IPSec packet. NAT traversal solves the problem by adding a UDP port 500 header Tunnel Y Y* - This is supported in the ZyXEL Device if you enable NAT traversal. VPN tunnels are created from ZyXEL Device A; one to branch the headquarters (HQ) network, the ZyXEL Device at branch office 1 uses the - ZyXEL P-662H-67 | User Guide - Page 227
the ZyXEL Device identifies incoming SAs passwords to simultaneously connect to the ZyXEL and content configuration, the ZyXEL Device does not allow you . In this case the ZyXEL Device can only distinguish between addresses. The ZyXEL Device can distinguish ZyXEL Device automatically use its own IP - ZyXEL P-662H-67 | User Guide - Page 228
identify this ZyXEL Device. The have the ZyXEL Device automatically ZyXEL Devices in ZYXEL DEVICE A ZYXEL ZyXEL Devices in this example cannot complete their negotiation because ZyXEL Device B's Local ID type is IP, but ZyXEL Content Configuration Example ZYXEL DEVICE A ZYXEL DEVICE B - ZyXEL P-662H-67 | User Guide - Page 229
edit VPN policies. Click an Edit icon in the VPN Setup screen to view the screen as shown. Figure 132 Edit VPN Policies P-662H/HW-D Series User's Guide 229 - ZyXEL P-662H-67 | User Guide - Page 230
, including spaces, but the ZyXEL Device drops trailing spaces. IPSec Key Mode Select IKE or Manual from the drop-down list box. IKE provides more protection so it is generally recommended. Manual is a useful option for troubleshooting if you have problems using IKE key management. Negotiation - ZyXEL P-662H-67 | User Guide - Page 231
ZyXEL Device. When the Local Address behind your ZyXEL Device. ZyXEL Device by its IP address. Select DNS to identify this ZyXEL Device by a domain name. Select E-mail to identify this ZyXEL Content field. The ZyXEL Device automatically uses the by which to identify this ZyXEL Device in the local Content - ZyXEL P-662H-67 | User Guide - Page 232
connection. If you configure this field to 0.0.0.0 or leave it blank, the ZyXEL Device will use the address in the Secure Gateway Address field (refer to (RFC 2406) provides encryption as well as some of the services offered by AH. If you select ESP here, you must P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 233
My Certificates screen. Click My Certificates to go to the My Certificates screen where you can view the ZyXEL Device's list of certificates. Encryption Algorithm Select DES, 3DES, AES or NULL from the drop-down list to Set Up the IPSec SA In phase 1 you must: P-662H/HW-D Series User's Guide 233 - ZyXEL P-662H-67 | User Guide - Page 234
key cryptography - see Section 16.12.3 on page 235. Select None (the default) to disable PFS. • Choose Tunnel mode or Transport mode. • Set the IPSec traffic when the IPSec SA lifetime period expires. The ZyXEL Device also automatically renegotiates the IPSec SA if both IPSec HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 235
DH1) and 1024-bit (Group 2 - DH2) Diffie-Hellman groups are supported. Upon completion of the Diffie-Hellman exchange, the two peers have a such security, so PFS is disabled (None) by default in the ZyXEL Device. Disabling PFS means new authentication and encryption keys Series User's Guide 235 - ZyXEL P-662H-67 | User Guide - Page 236
17 for UDP, etc. 0 is the default and signifies any protocol. Enable Replay Detection As a VPN setup is processing intensive, the system is vulnerable to Denial of Service (DoS) attacks The IPSec receiver can detect gateway must have the same negotiation mode. 236 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 237
are temporarily disconnected. Key Group You must choose a key group for phase 1 IKE setup. DH1 (default) refers to Diffie-Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman Group 2 MD5 for minimal security and SHA-1 for maximum security. P-662H/HW-D Series User's Guide 237 - ZyXEL P-662H-67 | User Guide - Page 238
default ZyXEL implementation assumes identical outgoing and incoming SPIs. 16.15 Configuring Manual Key You only configure VPN Manual Key when you select Manual in the IPSec Key Mode field of the VPN IKE screen. This is the VPN Manual Key screen as shown next. 238 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 239
. Manual is a useful option for troubleshooting if you have problems using IKE key management. SPI Type a number (base 10) from 1 to 999999 for the Security Parameter Index. Encapsulation Mode Select Tunnel mode or Transport mode from the drop-down list box. P-662H/HW-D Series User's Guide 239 - ZyXEL P-662H-67 | User Guide - Page 240
Manual Key (continued) LABEL DESCRIPTION DNS Server (for IPSec VPN) If there is a private DNS server that services the VPN, type its IP address here. The ZyXEL Device assigns this additional DNS server to the ZyXEL remote IPSec router. Address Information 240 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 241
Manual Key (continued) LABEL DESCRIPTION My IP Address Enter the WAN IP address of your ZyXEL Device. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this field is configured as 0.0.0.0: The ZyXEL Device uses the current ZyXEL services Series User's Guide 241 - ZyXEL P-662H-67 | User Guide - Page 242
period expires. See Section 16.6 on page 225on keep alive to have the ZyXEL Device renegotiate an IPSec SA when the SA lifetime expires, even if there is (s). 16.17 Configuring Global Setting Use this screen to change your ZyXEL Device's global VPN settings. Click VPN and then Global Setting. - ZyXEL P-662H-67 | User Guide - Page 243
multiple telecommuters (A, B and C in the figure) to use one VPN rule to simultaneously access a ZyXEL Device at headquarters (HQ in the figure). The telecommuters do not have domain names mapped to the . Figure 138 Telecommuters Sharing One VPN Rule Example P-662H/HW-D Series User's Guide 243 - ZyXEL P-662H-67 | User Guide - Page 244
.1 on page 234), the ZyXEL Device can use the ID types rule to simultaneously access a ZyXEL Device at headquarters. They rules configured on the ZyXEL Device at headquarters can with a ZyXEL Device located at headquarters. The ZyXEL Device at VPN connection. The ZyXEL Device at headquarters can - ZyXEL P-662H-67 | User Guide - Page 245
Type: E-mail Local ID Content: [email protected] Local IP Address: 192.168.4.15 Headquarters ZyXEL Device Rule 3: Peer ID Type: E-mail Peer ID Content: [email protected] Secure Gateway remote management (Remote Management) to allow access for that service. P-662H/HW-D Series User's Guide 245 - ZyXEL P-662H-67 | User Guide - Page 246
Chapter 16 VPN Screens 246 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 247
them. 17.1 Certificates Overview The ZyXEL Device can use certificates (also use the ZyXEL Device to Jenny's public key to decrypt the message. The ZyXEL Device uses certificates based on public-key cryptology to certificates that validate a certificate. The ZyXEL Device does not trust a certificate - ZyXEL P-662H-67 | User Guide - Page 248
List). The ZyXEL Device can check following benefits. • The ZyXEL Device only has to You can have the ZyXEL Device act as a certification the ZyXEL Device. ZyXEL Device's CA-signed certificates. Use the Trusted CAs screens to save CA certificates to the ZyXEL This is the ZyXEL Device's summary - ZyXEL P-662H-67 | User Guide - Page 249
the request. SELF represents a self-signed certificate. *SELF represents the default self-signed certificate, which the ZyXEL Device uses to sign imported trusted remote host certificates. CERT represents , this is the same information as in the Subject field. P-662H/HW-D Series User's Guide 249 - ZyXEL P-662H-67 | User Guide - Page 250
the Default self- ZyXEL Device. " You can only import a certificate that matches a corresponding certification request that was generated by the ZyXEL Device. " The certificate you import replaces the corresponding request in the My Certificates screen. 250 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 251
general syntax for data (including digital signatures) that may be encrypted. The ZyXEL Device currently allows the importation of a PKS#7 file that contains a single on the ZyXEL Device. Cancel Click Cancel to quit and return to the My Certificates screen. P-662H/HW-D Series User's Guide 251 - ZyXEL P-662H-67 | User Guide - Page 252
Certificates > Create to open the My Certificate Create screen. Use this screen to have the ZyXEL Device create a self-signed certificate, enroll a certificate with a certification authority or generate a is for identification purposes only and can be any string. 252 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 253
request and save it locally for later manual enrollment Select Create a certification request and save it locally for later manual enrollment to have the ZyXEL Device generate and store a request your certification authority uses the SCEP enrollment protocol. P-662H/HW-D Series User's Guide 253 - ZyXEL P-662H-67 | User Guide - Page 254
screen. If you configured the My Certificate Create screen to have the ZyXEL Device enroll a certificate and the certificate enrollment is not successful, you ZyXEL Device uses to sign the trusted remote host certificates that you import to the ZyXEL Device. 254 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 255
Figure 144 My Certificate Details Chapter 17 Certificates P-662H/HW-D Series User's Guide 255 - ZyXEL P-662H-67 | User Guide - Page 256
Default self-signed certificate which signs the imported remote host certificates. Select this check box to have the ZyXEL Device use this certificate to sign the trusted remote host certificates that you import to the ZyXEL list. The ZyXEL Device does ZyXEL ZyXEL ZyXEL Device uses RSA encryption) - ZyXEL P-662H-67 | User Guide - Page 257
the ZyXEL Device calculated the ZyXEL Device file on a management computer for later manual enrollment. You can copy and paste a changes back to the ZyXEL Device. You can only change the can also set to be the default self-signed certificate that signs the the ZyXEL Device to accept as trusted. The ZyXEL Device - ZyXEL P-662H-67 | User Guide - Page 258
screen. Table 104 Trusted CAs LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the ZyXEL Device's PKI storage space that is currently in use. The bar turns from green to red when the move up by one when you take this action. 258 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 259
CA Import screen. Follow the instructions in this screen to save a trusted certification authority's certificate to the ZyXEL Device. " You must remove any certificate on the ZyXEL Device. Cancel Click Cancel to quit and return to the Trusted CAs screen. P-662H/HW-D Series User's Guide 259 - ZyXEL P-662H-67 | User Guide - Page 260
view in-depth information about the certification authority's certificate, change the certificate's name and set whether or not you want the ZyXEL Device to check a certification authority's list of revoked certificates before trusting a certificate issued by the certification authority. Figure 147 - ZyXEL P-662H-67 | User Guide - Page 261
this check box to have the ZyXEL Device check incoming certificates that are box to have the ZyXEL Device not check incoming along with the end entity's own certificate). The ZyXEL Device does not trust the end entity's certificate key pair (the ZyXEL Device uses RSA encryption) and the length of the - ZyXEL P-662H-67 | User Guide - Page 262
certificate's message digest that the ZyXEL Device calculated using the MD5 algorithm certificate's message digest that the ZyXEL Device calculated using the SHA1 algorithm ZyXEL Device. You can only change the name and/or set whether or not you want the ZyXEL the ZyXEL Device automatically accepts any valid - ZyXEL P-662H-67 | User Guide - Page 263
Use This bar displays the percentage of the ZyXEL Device's PKI storage space that is currently in Default This field displays identifying information about the default self-signed certificate Self-signed on the ZyXEL Device that the ZyXEL to the ZyXEL Device. Refresh Click this button to display the - ZyXEL P-662H-67 | User Guide - Page 264
Details 264 Verify (over the phone for example) that the remote host has the same information in the Thumbprint Algorithm and Thumbprint fields. P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 265
Import to open the Trusted Remote Host Import screen. Follow the instructions in this screen to save a trusted host's certificate to the ZyXEL Device. " The trusted remote host certificate must be a self- host's certificate and/or change the certificate's name. P-662H/HW-D Series User's Guide 265 - ZyXEL P-662H-67 | User Guide - Page 266
Chapter 17 Certificates Figure 152 Trusted Remote Host Details 266 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 267
(C). Issuer This field displays identifying information about the default self-signed certificate on the ZyXEL Device that the ZyXEL Device uses to sign the trusted remote host certificates. can only be one certification authority in the certificate's path. P-662H/HW-D Series User's Guide 267 - ZyXEL P-662H-67 | User Guide - Page 268
certificates, the ZyXEL Device first checks the server(s) listed in the CRL Distribution Points field of the incoming certificate. If the certificate does not list a server or the listed server is not available, the ZyXEL Device checks the servers listed here. 268 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 269
Servers LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the ZyXEL Device's PKI storage space that is currently in use. The bar turns from green to configure information about a directory server that the ZyXEL Device can access. P-662H/HW-D Series User's Guide 269 - ZyXEL P-662H-67 | User Guide - Page 270
Directory Service field displays the default server port number of ZyXEL Device. Click Cancel to quit configuring this screen and return to the Directory Servers screen. A. At the time of writing, LDAP is the only choice of directory server access protocol. 270 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 271
PART IV Advanced Static Route (273) Bandwidth Management (277) Dynamic DNS Setup (287) Remote Management Configuration (291) Universal Plug-and-Play (UPnP) (303) 271 - ZyXEL P-662H-67 | User Guide - Page 272
272 - ZyXEL P-662H-67 | User Guide - Page 273
. For example, the next figure shows a computer (A) connected to the ZyXEL Device's LAN. The ZyXEL Device routes most traffic from A to the Internet through the default gateway (R1). You create one static route to connect to premium services offered by your ISP behind router R2. You create another - ZyXEL P-662H-67 | User Guide - Page 274
icon to remove a static route from the ZyXEL Device. A window displays asking you to confirm that you want to delete the route. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 274 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 275
packets to their destinations. Back Click Back to return to the previous screen without saving. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-662H/HW-D Series User's Guide 275 - ZyXEL P-662H-67 | User Guide - Page 276
Chapter 18 Static Route 276 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 277
traffic's source. Traffic redirect or IP alias may cause LAN-to-LAN traffic to pass through the ZyXEL Device and be managed by bandwidth management. The sum of the bandwidth allotments that apply to any bandwidth class for subnet A and another for subnet B. P-662H/HW-D Series User's Guide 277 - ZyXEL P-662H-67 | User Guide - Page 278
Kbps 19.5 Scheduler The scheduler divides up an interface's bandwidth among the bandwidth classes. The ZyXEL Device has two types of scheduler: fairness-based and priority-based. 19.5.1 Priority-based ) a higher priority number to provide smoother operation. 278 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 279
Section 19.8 on page 282). 19.6.2 Maximize Bandwidth Usage Example Here is an example of a ZyXEL Device that has maximize bandwidth usage enabled on an interface. The following table shows each bandwidth class's 2048 kbps Marketing: 2048 kbps Research: 2048 kbps P-662H/HW-D Series User's Guide 279 - ZyXEL P-662H-67 | User Guide - Page 280
ZyXEL Device also divides the remaining 1024 kbps among the classes that require more bandwidth. Therefore, the ZyXEL kbps or more of extra bandwidth, the ZyXEL Device divides the total 3072 kbps total kbps of its budgeted 2048 kbps. • The ZyXEL Device divides the total 3072 kbps total of unbudgeted - ZyXEL P-662H-67 | User Guide - Page 281
the priorities that you can apply to traffic that the ZyXEL Device forwards out through an interface. Table 118 Bandwidth Management redirect or IP alias may cause LAN-to-LAN traffic to pass through the ZyXEL Device and be managed by bandwidth management. Active Select an interface's check box - ZyXEL P-662H-67 | User Guide - Page 282
Usage Select this check box to have the ZyXEL Device divide up all of the interface's Apply to save your settings back to the ZyXEL Device. Cancel Click Cancel to begin configuring this to which you want to apply bandwidth management. Service Select a service for your rule or you can select User - ZyXEL P-662H-67 | User Guide - Page 283
enabled. Select this check box to have the ZyXEL Device apply this bandwidth management rule. Enable Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh Edit icon or select User Defined from the Service drop-down list in the Rule Setup screen - ZyXEL P-662H-67 | User Guide - Page 284
Rule Configuration LABEL DESCRIPTION Rule Configuration Active Select this check box to have the ZyXEL Device apply this bandwidth management rule. Enable a bandwidth management rule to give traffic the traffic that matches this rule. Filter Configuration 284 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 285
Back Click Back to go to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. See Appendix F on page 423 for more information on common services and port numbers. P-662H/HW-D Series User's Guide 285 - ZyXEL P-662H-67 | User Guide - Page 286
Chapter 19 Bandwidth Management 19.9 Bandwidth Monitor To view the ZyXEL Device's bandwidth usage and allotments, click Advanced > Bandwidth MGMT > Monitor. The screen appears as shown the percentage of bandwidth in use. Figure 162 Bandwidth Management: Monitor 286 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 287
ZyXEL Device to use Dynamic DNS. 20.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services Dynamic DNS service provider will give you a password or key instruction. 20.2 Configuring Dynamic DNS Use this screen to change your ZyXEL - ZyXEL P-662H-67 | User Guide - Page 288
from your Dynamic DNS service provider. Host Name Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider. You can specify up to two host names in the field separated by a comma (","). User Name Type your user name. Password Type the password assigned to you. Enable - ZyXEL P-662H-67 | User Guide - Page 289
to detect the proper IP address if there is an HTTP proxy server between the ZyXEL Device and the DDNS server. Use specified IP Type the IP address of the host your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-662H/HW-D Series User's Guide 289 - ZyXEL P-662H-67 | User Guide - Page 290
Chapter 20 Dynamic DNS Setup 290 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 291
services/protocols can access which ZyXEL a firewall rule to allow access. You may manage your ZyXEL Device from a remote location via: • Internet (WAN) To disable remote management of a service, select Disable in the corresponding Access Status field time. The ZyXEL Device automatically disconnects - ZyXEL P-662H-67 | User Guide - Page 292
service ZyXEL Device ZyXEL Device's WAN IP address when configuring from the WAN. • Use the ZyXEL Device's LAN IP address when configuring from the LAN. 21.1.3 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The ZyXEL ZyXEL Device's - ZyXEL P-662H-67 | User Guide - Page 293
ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service ZyXEL Device by sending the ZyXEL ZyXEL Device. Port The HTTPS proxy server listens on port 443 by default. If you change the HTTPS proxy server port to a different number on the ZyXEL - ZyXEL P-662H-67 | User Guide - Page 294
ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service ZyXEL Device using this service. Apply Click Apply to save your settings back to the ZyXEL computer on a remote network to access the ZyXEL Device. Figure 165 Telnet Configuration on a - ZyXEL P-662H-67 | User Guide - Page 295
change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service. P-662H/HW-D Series User's Guide 295 - ZyXEL P-662H-67 | User Guide - Page 296
the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. ZyXEL Device supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyXEL Device through the network. The ZyXEL Device supports Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 297
Used by the agent to inform the manager of some events. 21.6.1 Supported MIBs The ZyXEL Device supports MIB II that is defined in RFC-1213 and RFC-1215. The your ZyXEL Device's SNMP settings. Click Advanced > Remote MGMT > SNMP. The screen appears as shown. P-662H/HW-D Series User's Guide 297 - ZyXEL P-662H-67 | User Guide - Page 298
with the IP address that you specify to access the ZyXEL Device using this service. SNMP Configuration Get Community Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station. The default is public and allows all requests. Set Community - ZyXEL P-662H-67 | User Guide - Page 299
returned. This allows the outside user to know the ZyXEL Device exists. Your ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent. This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed. P-662H/HW-D Series User's Guide 299 - ZyXEL P-662H-67 | User Guide - Page 300
username and password. Follow the procedure below to configure your ZyXEL Device to be managed by CNM Access. See the Command Interpreter appendix for information on the command structure and how to access the CLI (Command Line Interface) on the ZyXEL Device. 300 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 301
RY wan tr069 load active [0:no/ 1:yes] acsUrl username [maxlength:15] password [maxlength:15] periodicEnable [0:Disable/ 1:Enable] informInterval [sec] save DESCRIPTION All TR-069 related 2147483647 seconds. Save the TR-069 settings to your ZyXEL Device. P-662H/HW-D Series User's Guide 301 - ZyXEL P-662H-67 | User Guide - Page 302
Chapter 21 Remote Management Configuration 302 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 303
. See Section 22.2.1 on page 304 for configuration instructions. 22.1.1 How do I know if I'm using UPnP of simple product and service descriptions. NAT traversal is an example of an application that supports NAT traversal and UPnP. See the in establishing their own services and opening firewall ports - ZyXEL P-662H-67 | User Guide - Page 304
ZyXEL Device, for example by using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in order to communicate with another UPnP enabled device; this eliminates the need to manually configure port forwarding for the UPnP enabled application. P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 305
application packets (for example, MSN packets). Apply Click Apply to save the setting to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings. 22.3 Installing UPnP in Windows and Play check box in the Components selection box. P-662H/HW-D Series User's Guide 305 - ZyXEL P-662H-67 | User Guide - Page 306
, click Advanced in the main menu and select Optional Networking Components .... Figure 176 Network Connections 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. 306 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 307
177 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 178 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. P-662H/HW-D Series User's Guide 307 - ZyXEL P-662H-67 | User Guide - Page 308
Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. Auto-discover Your UPnP-enabled Network see the port mappings there were automatically created. 308 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 309
Chapter 22 Universal Plug-and-Play (UPnP) Figure 180 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. P-662H/HW-D Series User's Guide 309 - ZyXEL P-662H-67 | User Guide - Page 310
be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. 310 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 311
first. This comes helpful if you do not know the IP address of the ZyXEL Device. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel. 2 Double-click Network Connections. 3 Select My Network Places under Other Places. P-662H/HW-D Series User's Guide 311 - ZyXEL P-662H-67 | User Guide - Page 312
) Figure 185 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. 312 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 313
186 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 187 Network Connections: My Network Places: Properties: Example P-662H/HW-D Series User's Guide 313 - ZyXEL P-662H-67 | User Guide - Page 314
Chapter 22 Universal Plug-and-Play (UPnP) 314 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 315
PART V Maintenance, Troubleshooting and Specifications System (317) Logs (323) Tools (329) Diagnostic (335) Troubleshooting (337) Product Specifications (347) 315 - ZyXEL P-662H-67 | User Guide - Page 316
316 - ZyXEL P-662H-67 | User Guide - Page 317
Note the entry in the Full computer name field and enter it as the ZyXEL Device System Name. 23.1.1 System Configuration The Domain Name entry is what is propagated assigned from the ZyXEL Device via DHCP. Click Maintenance > System to open the General screen. P-662H/HW-D Series User's Guide 317 - ZyXEL P-662H-67 | User Guide - Page 318
to access the ZyXEL Device. Retype to Confirm Type the new password again for confirmation. Admin Password In addition to the wizard setup, if you log in with the admin password you can also view and configure the advanced features on the ZyXEL Device. 318 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 319
Device. Cancel Click Cancel to begin configuring this screen afresh. 23.2 Time Setting Use this screen to change your ZyXEL Device's time and date settings. Click Maintenance > System > Time Setting. The screen appears as shown. Figure 189 System Time Setting P-662H/HW-D Series User's Guide 319 - ZyXEL P-662H-67 | User Guide - Page 320
server under the following circumstances. • When the ZyXEL Device starts up. • When you click Apply in the Time Setting screen. • 24-hour intervals after starting up. Select the time service protocol that your time server uses. Not all time servers support all protocols, so you may have to check - ZyXEL P-662H-67 | User Guide - Page 321
would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-662H/HW-D Series User's Guide 321 - ZyXEL P-662H-67 | User Guide - Page 322
Chapter 23 System 322 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 323
allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog . A triangle indicates ascending or descending sort order. P-662H/HW-D Series User's Guide 323 - ZyXEL P-662H-67 | User Guide - Page 324
screen to configure to where the ZyXEL Device is to send logs; the schedule for when the ZyXEL Device is to send the logs and which logs and/or immediate alerts the ZyXEL Device is to record. See Section Access Control) may result in many emails being sent. 324 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 325
be in the subject line of the log e-mail message that the ZyXEL Device sends. Not all ZyXEL Device models have this field. Send Log To The ZyXEL Device sends logs to the e-mail address specified in this field. blank, alert messages will not be sent via E-mail. P-662H/HW-D Series User's Guide 325 - ZyXEL P-662H-67 | User Guide - Page 326
of a mail account). Password Enter the password associated with the user name ZyXEL Device sends an E-mail of sending mail the logs. Syslog Logging The ZyXEL Refer to the syslog server manual for more information. Active which you want the ZyXEL Device to send ZyXEL Device out of socket -2 means - ZyXEL P-662H-67 | User Guide - Page 327
Example Subject: Firewall Alert From ZyXEL Device Date: Fri, 07 Apr 2000 10:05:42 From: [email protected] To: [email protected] 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54: dest port:00520 | | End of Firewall Log P-662H/HW-D Series User's Guide 327 - ZyXEL P-662H-67 | User Guide - Page 328
Chapter 24 Logs 328 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 329
's specific model. Refer to the label on the bottom of your device. Click Maintenance > Tools to open the Firmware screen. Follow the instructions in this screen to upload firmware to your ZyXEL Device. Figure 193 Firmware Upgrade The following table describes the labels in this screen. Table 137 - ZyXEL P-662H-67 | User Guide - Page 330
desktop. Figure 195 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear. Click Return to go back to the Firmware screen. 330 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 331
Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. your previous settings. Click Backup to save the ZyXEL Device's current configuration to your computer P-662H/HW-D Series User's Guide 331 - ZyXEL P-662H-67 | User Guide - Page 332
from your computer to your ZyXEL Device. Table 138 Maintenance process. 1 Do not turn off the ZyXEL Device while configuration file upload is in ZyXEL Device again. Figure 198 Configuration Restore Successful The ZyXEL the same subnet as that of the default ZyXEL Device IP address (192.168.1.1). See - ZyXEL P-662H-67 | User Guide - Page 333
25.3 Restart System restart allows you to reboot the ZyXEL Device without turning the power off. Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration. Figure 201 Restart Screen P-662H/HW-D Series User's Guide 333 - ZyXEL P-662H-67 | User Guide - Page 334
Chapter 25 Tools 334 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 335
screens display information to help you identify problems with the ZyXEL Device. 26.1 General Diagnostic Use this screen to perform IP connection from the ZyXEL Device to other network devices. Click this button to ping the IP address that you entered. P-662H/HW-D Series User's Guide 335 - ZyXEL P-662H-67 | User Guide - Page 336
to the DSLAM/ATM switch and then returns it (loops it back) to the ZyXEL Device. The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM network. DSL Line Status Click this button to view display all logs generated with the DSL line. 336 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 337
142 Troubleshooting the LAN PROBLEM CORRECTIVE ACTION The LAN LEDs Check your Ethernet cable connections (refer to the Quick Start Guide for details). do not turn on. Check for faulty Ethernet cables. Make sure your computer's Ethernet Card is working properly. I cannot access the ZyXEL Device - ZyXEL P-662H-67 | User Guide - Page 338
page 81. Contact your ISP. 27.4 Problems Accessing the ZyXEL Device Table 144 Troubleshooting Accessing the ZyXEL Device PROBLEM CORRECTIVE ACTION I cannot access the ZyXEL Device. The default user password is "user" and admin password is "1234". The Password field is case-sensitive. Make sure - ZyXEL P-662H-67 | User Guide - Page 339
to disable pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device's IP address. any web pop-up blockers you may have enabled. P-662H/HW-D Series User's Guide 339 - ZyXEL P-662H-67 | User Guide - Page 340
Chapter 27 Troubleshooting Figure 205 Internet Options 3 Click Apply to save this setting. 27.4.1.1.2 Enable pop-up Blockers with Exceptions Alternatively Internet Options and then the Privacy tab. 2 Select Settings...to open the Pop-up Blocker Settings screen. 340 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 341
Troubleshooting 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix "http://". For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 207 Pop-up Blocker Settings P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 342
Chapter 27 Troubleshooting 5 Click Close to return to the Privacy screen. 6 Click Apply scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window. 342 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 343
Figure 209 Security Settings - Java Scripting Chapter 27 Troubleshooting 27.4.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 selected. 5 Click OK to close the window. Figure 210 Security Settings - Java P-662H/HW-D Series User's Guide 343 - ZyXEL P-662H-67 | User Guide - Page 344
Chapter 27 Troubleshooting 27.4.1.3.1 JAVA (Sun) 1 From Internet Explorer, click not be able to download ActiveX controls or to use Trend Micro Security Services. Make sure that ActiveX controls are allowed in Internet Explorer. Screen shots click Custom Level. 344 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 345
Figure 212 Internet Options Security Chapter 27 Troubleshooting 3 Scroll down to ActiveX controls and plug-ins. 4 Under Download signed ActiveX controls select the Prompt is selected. 6 Then click the OK button. Figure 213 Security Setting ActiveX Controls P-662H/HW-D Series User's Guide 345 - ZyXEL P-662H-67 | User Guide - Page 346
Chapter 27 Troubleshooting 346 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 347
the ZyXEL Device's hardware and firmware features. Table 145 Hardware Specifications Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Pool 192.168.1.32 to 192.168.1.64 Dimensions (180 W) x (128 D) x (36 H) mm Weight P-662HW: 350g - ZyXEL P-662H-67 | User Guide - Page 348
large rom file support (112K). Note: Only upload firmware for your specific model! Firewall Built-in Diagnostic Tools for FLASH memory, ADSL circuitry, RAM and LAN port You can configure firewall on the ZyXEL Device for secure Internet access. When the firewall is on, by default, all incoming - ZyXEL P-662H-67 | User Guide - Page 349
ZyXEL Device supports 20 IPSec tunnels. Content Filter The ZyXEL from DoS (Denial of Service) attacks such as SYN password) is required or the ZyXEL Device cannot connect to the ISP, you will be redirected to web screen(s) for information input or troubleshooting. P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 350
addresses, an IP default Configuration Protocol) gateway and DNS servers to computers on your network. Dynamic DNS Support With Dynamic DNS (Domain Name System) support, you can use a fixed URL, www.zyxel.com for example, with a dynamic IP address. You must register for this service with a Dynamic - ZyXEL P-662H-67 | User Guide - Page 351
do not support Annex M. The standard your ISP supports determines the maximum upstream and downstream speeds attainable. Actual speeds attained also depend on the distance from your ISP, line quality, etc. 28.2 Wall-mounting Instructions Complete the following steps to hang your ZyXEL Device on - ZyXEL P-662H-67 | User Guide - Page 352
screws on the wall. Hang the ZyXEL Device on the screws. Figure 214 Wall-mounting Example The following are dimensions of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm). Figure 215 Masonry Plug and M4 Tap Screw 352 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 353
The appendices provide general information. Some details may not apply to your ZyXEL Device. Setting up Your Computer's IP Address (355) Pop-up Wireless LANs (395) Management with Wireless Zero Configuration (409) Common Services (423) Virtual Circuit Topology (427) Importing Certificates (429) - ZyXEL P-662H-67 | User Guide - Page 354
354 - ZyXEL P-662H-67 | User Guide - Page 355
IP settings in order to "communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyXEL Device's LAN port. Windows 95/98/Me Click Start, Settings, Control Panel - ZyXEL P-662H-67 | User Guide - Page 356
Microsoft Networks from the list of network clients and then click OK. 5 Restart your computer so the changes you made take effect. 356 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 357
your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). P-662H/HW-D Series User's Guide 357 - ZyXEL P-662H-67 | User Guide - Page 358
the Network window. Insert the Windows CD if prompted. 7 Turn on your ZyXEL Device and restart your computer when prompted. Verifying Settings 1 Click Start and then IP address, subnet mask and default gateway. Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. 1 - ZyXEL P-662H-67 | User Guide - Page 359
and Dial-up Connections in Windows 2000/NT). Figure 220 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. P-662H/HW-D Series User's Guide 359 - ZyXEL P-662H-67 | User Guide - Page 360
an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 361
. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. • Click OK when finished. P-662H/HW-D Series User's Guide 361 - ZyXEL P-662H-67 | User Guide - Page 362
and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. 362 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 363
Dial-up Connections in Windows 2000/NT). 11 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings 1 , right-click a network connection, click Status and then click the Support tab. Windows Vista This section shows screens from Windows Vista Enterprise Version - ZyXEL P-662H-67 | User Guide - Page 364
and Sharing Center. Figure 228 Windows Vista: Network And Internet 4 Click Manage network connections. Figure 229 Windows Vista: Network and Sharing Center 364 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 365
Windows Vista: Network and Sharing Center 6 Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. Figure 231 Windows Vista: Local Area Connection Properties P-662H/HW-D Series User's Guide 365 - ZyXEL P-662H-67 | User Guide - Page 366
. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. • Click OK when finished. 366 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 367
server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. P-662H/HW-D Series User's Guide 367 - ZyXEL P-662H-67 | User Guide - Page 368
. 12 Close the Network Connections window. 13 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings 1 Network Connections, right-click a network connection, click Status and then click the Support tab. Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double- - ZyXEL P-662H-67 | User Guide - Page 369
/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. P-662H/HW-D Series User's Guide 369 - ZyXEL P-662H-67 | User Guide - Page 370
IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save assigned settings, select Using DHCP from the Configure list. 370 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 371
statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type address of your ZyXEL Device in the Router address box. 5 Click Apply Now and close the window. 6 Turn on your ZyXEL Device and Series User's Guide 371 - ZyXEL P-662H-67 | User Guide - Page 372
network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 240 Red Hat 9.0: KDE: Ethernet Device: General 372 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 373
have a static IP address, click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields. 3 Click OK to save the changes and close the Ethernet Device General screen. 4 = field. The following figure shows an example. P-662H/HW-D Series User's Guide 373 - ZyXEL P-662H-67 | User Guide - Page 374
interface eth0: Shutting down loopback interface: Setting network parameters: Bringing up loopback interface: Bringing up interface eth0: [OK] [OK] [OK] [OK] [OK] 374 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 375
errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]# P-662H/HW-D Series User's Guide 375 - ZyXEL P-662H-67 | User Guide - Page 376
Appendix A Setting up Your Computer's IP Address 376 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 377
pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device's IP Internet Explorer, select Tools, Internet Options, Privacy. P-662H/HW-D Series User's Guide 377 - ZyXEL P-662H-67 | User Guide - Page 378
. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings...to open the Pop-up Blocker Settings screen. 378 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 379
, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 251 Pop-up Blocker Settings P-662H/HW-D Series User's Guide 379 - ZyXEL P-662H-67 | User Guide - Page 380
Security 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window. 380 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 381
Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window. Figure 254 Security Settings - Java P-662H/HW-D Series User's Guide 381 - ZyXEL P-662H-67 | User Guide - Page 382
vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears. 382 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 383
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 256 Mozilla Firefox: Tools > Options Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 257 Mozilla Firefox Content Security P-662H/HW-D Series User's Guide 383 - ZyXEL P-662H-67 | User Guide - Page 384
Appendix B Pop-up Windows, JavaScripts and Java Permissions 384 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 385
IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. P-662H/HW-D Series User's Guide 385 - ZyXEL P-662H-67 | User Guide - Page 386
). For example, an "8-bit mask" means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. 386 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 387
MASK ALTERNATIVE NOTATION LAST OCTET (BINARY) LAST OCTET (DECIMAL) 255.255.255.0 /24 0000 0000 0 255.255.255.128 /25 1000 0000 128 P-662H/HW-D Series User's Guide 387 - ZyXEL P-662H-67 | User Guide - Page 388
.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two subnetworks, A and B. 388 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 389
.11111111.11111111. 11000000 Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1 Broadcast Address: 192.168.1.63 Highest Host ID: 192.168.1.62 P-662H/HW-D Series User's Guide 389 - ZyXEL P-662H-67 | User Guide - Page 390
SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 390 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 391
11 255.255.255.224 (/27) 2048 30 12 255.255.255.240 (/28) 4096 14 13 255.255.255.248 (/29) 8192 6 P-662H/HW-D Series User's Guide 391 - ZyXEL P-662H-67 | User Guide - Page 392
address that you entered. You don't need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise. Private IP Addresses Every machine on the Internet must have a unique 1466, Guidelines for Management of IP Address Space. 392 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 393
a DHCP server assigns to computer B which is a DHCP client. Neither can access the Internet. This problem can be solved by assigning a different static IP address to computer A or setting computer A to obtain . Figure 262 Conflicting Computer IP Addresses Example P-662H/HW-D Series User's Guide 393 - ZyXEL P-662H-67 | User Guide - Page 394
following example, the computer and the router's LAN port both use 192.168.1.1 as the IP address. The computer cannot access the Internet. This problem can be solved by assigning a different IP address to the computer or the router's LAN port. Figure 263 Conflicting Computer and Router IP Addresses - ZyXEL P-662H-67 | User Guide - Page 395
an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS). The following diagram shows an example of notebook computers using wireless adapters to form wired network but cannot communicate with each other. P-662H/HW-D Series User's Guide 395 - ZyXEL P-662H-67 | User Guide - Page 396
Appendix D Wireless LANs Figure 265 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by ESS must have the same ESSID in order to communicate. 396 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 397
" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. P-662H/HW-D Series User's Guide 397 - ZyXEL P-662H-67 | User Guide - Page 398
for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. 398 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 399
dynamic setting to automatically use short preamble when all wireless devices on the network support it, otherwise the ZyXEL Device uses long preamble. " The wireless devices MUST use the same preamble mode wireless clients, access points and the wired network. P-662H/HW-D Series User's Guide 399 - ZyXEL P-662H-67 | User Guide - Page 400
ZyXEL Device. Table 160 Wireless Security Levels SECURITY LEVEL SECURITY TYPE Least Secure Unique SSID (Default support extended authentication as well as providing additional accounting and control features. It is supported Support for RADIUS (Remote Authentication Dial In User Service supports - ZyXEL P-662H-67 | User Guide - Page 401
LANs Determines the network services available to authenticated users once , which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also AP(s) that supports IEEE 802.1x. . P-662H/HW-D Series User's Guide 401 - ZyXEL P-662H-67 | User Guide - Page 402
only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. 402 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 403
configure a default encryption key in password support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 404
common password, instead of user-specific credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force password-guessing authentication. These two features are optional and may not be supported in all wireless devices. Key caching allows a wireless client Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 405
runs on an operating system instructing the wireless client how to use the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA(2) password and allows it to join the network only if the password matches. P-662H/HW-D Series User's Guide 405 - ZyXEL P-662H-67 | User Guide - Page 406
Table 162 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL ENCRYPTIO N METHOD ENTER MANUAL KEY IEEE 802.1X Open None No Disable Enable without Dynamic WEP Key Open WEP No No Enable WPA2-PSK TKIP/AES Yes Disable 406 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 407
range from 20 degrees (very directional) to 120 degrees (less directional). Directional antennas are ideal for hallways and outdoor point-to-point applications. P-662H/HW-D Series User's Guide 407 - ZyXEL P-662H-67 | User Guide - Page 408
the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. 408 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 409
ZyXEL Device using the Windows XP wireless zero configuration tool. Be sure you have the Windows XP service pack 2 installed on your computer. Otherwise, you should at least have the Windows XP service pack 1 already on your computer and download the support P-662H/HW-D Series User's Guide 409 - ZyXEL P-662H-67 | User Guide - Page 410
the Use Windows to configure my wireless network settings check box is selected. Figure 272 Windows XP SP1: Wireless Network Connection Properties 410 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 411
to a Wireless Network 1 Double-click the network icon for wireless connections in the system tray to open the Wireless Network Connection Status screen. P-662H/HW-D Series User's Guide 411 - ZyXEL P-662H-67 | User Guide - Page 412
wireless network is limited because the network did not assign a network address to the computer. The ZyXEL Device is not connected to a wireless network. 2 Windows XP SP2: In the Wireless Network open the Wireless Network Connection Properties screen. 412 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 413
. Select a wireless network in the list and click Connect to join the selected wireless network. Figure 278 Windows XP SP2: Wireless Network Connection P-662H/HW-D Series User's Guide 413 - ZyXEL P-662H-67 | User Guide - Page 414
this wireless network is your preferred network. Ordering your preferred networks is important because the ZyXEL Device tries to associate to the preferred network first in the order that you specify. Connect Anyway if wireless security is not your concern. 414 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 415
yet enabled on the ZyXEL Device, you will see different screens according to the authentication and encryption methods used by the selected network. Association Select a network in the Preferred networks list and click Properties to view or configure security. P-662H/HW-D Series User's Guide 415 - ZyXEL P-662H-67 | User Guide - Page 416
field displays the SSID (Service Set IDentifier) of each wireless for confirmation. key Key index (advanced) Select a default WEP key to use for data encryption. This field check box is selected, the wireless AP assigns the ZyXEL Device a key. This is a computer-tocomputer (ad Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 417
available. OK Click OK to save your changes. Cancel Click Cancel to leave this screen without saving any changes you may have made. P-662H/HW-D Series User's Guide 417 - ZyXEL P-662H-67 | User Guide - Page 418
settings. Enable Fast Reconnect Select the check box to automatically reconnect to the network (without reauthentication) if the wireless connection goes down. 418 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 419
the smart card or certificate is not the same as the user name in the domain that you connection: are logged on to. P-662H/HW-D Series User's Guide 419 - ZyXEL P-662H-67 | User Guide - Page 420
XP SP1: In the Wireless Network Connection Status screen, click Properties and the Wireless Networks tab to open the screen as shown. 420 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 421
Wireless Zero Configuration Figure 287 Windows XP SP1: Wireless Networks: Preferred Networks 2 Whenever the ZyXEL Device tries to connect to a new network, the new network is added in the network. Click Add to add a preferred network into the list manually. P-662H/HW-D Series User's Guide 421 - ZyXEL P-662H-67 | User Guide - Page 422
Appendix E Management with Wireless Zero Configuration 422 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 423
, a service that matches web names (for example www.zyxel.com) to IP numbers. The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service. Finger is a UNIX or Internet related command that can be used to find out if a user is logged on. P-662H/HW-D Series User's Guide 423 - ZyXEL P-662H-67 | User Guide - Page 424
Services Internet chat program. Microsoft Networks' messenger service uses this protocol. An Internet chat delivery mechanism for the USENET newsgroup service. Packet INternet Groper is a protocol the data channel. Remote Command Service. A streaming audio service that enables real time sound over - ZyXEL P-662H-67 | User Guide - Page 425
Appendix F Common Services Table 170 Commonly Used Services (continued) NAME RTELNET RTSP SFTP SMTP PROTOCOL TCP TCP/UDP TCP TCP SNMP SNMP-TRAPS UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). Another videoconferencing solution. P-662H/HW-D Series User's Guide 425 - ZyXEL P-662H-67 | User Guide - Page 426
Appendix F Common Services 426 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 427
Logical connections between ATM switches A bundle of virtual channels A series of virtual paths between circuit end point Figure 288 Virtual Circuit that is, termination points between ATM switches. A series of virtual paths make up a virtual circuit. P-662H/HW-D Series User's Guide 427 - ZyXEL P-662H-67 | User Guide - Page 428
Appendix G Virtual Circuit Topology 428 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 429
authority's certificate into your operating system as a trusted certification authority. The following example procedure shows how to import the ZyXEL Device's (self-signed) server certificate into your operating system as a trusted certification authority. P-662H/HW-D Series User's Guide 429 - ZyXEL P-662H-67 | User Guide - Page 430
Certificate to open the Install Certificate wizard. Figure 291 Certificate General Information before Import 3 Click Next to begin the Install Certificate wizard. 430 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 431
Figure 292 Certificate Import Wizard 1 Appendix H Importing Certificates 4 Select where you would like to store the certificate and then click Next. Figure 293 Certificate Import Wizard 2 5 Click Finish to complete the Import Certificate wizard. P-662H/HW-D Series User's Guide 431 - ZyXEL P-662H-67 | User Guide - Page 432
Appendix H Importing Certificates Figure 294 Certificate Import Wizard 3 6 Click Yes to add the ZyXEL Device certificate to the root store. Figure 295 Root Certificate Store 432 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 433
Appendix H Importing Certificates Figure 296 Certificate General Information after Import P-662H/HW-D Series User's Guide 433 - ZyXEL P-662H-67 | User Guide - Page 434
Appendix H Importing Certificates 434 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 435
computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. You can configure only list of the current NetBIOS filter modes for The ZyXEL Device. NetBIOS Display Filter Settings Command Example =========== NetBIOS Filter - ZyXEL P-662H-67 | User Guide - Page 436
I NetBIOS Filter Commands The filter types and their default settings are as follows. Table 171 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE Between LAN This field displays whether stops NetBIOS commands from initiating calls. config 4 off 436 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 437
steps to telnet into your ZyXEL Device. 1 Make sure password to login (default password is 1234). Command Usage A list of valid commands can be found by typing help or ? at the command prompt. Always type the full command. Type exit to close the session when finished. P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 438
ZyXEL Device. This list is intended as a general reference of examples. The commands available in your ZyXEL Device may differ from the examples given here. See the other appendices for more examples. Configuring What You Want the ZyXEL logs the ZyXEL Device is settings in the ZyXEL Device (you - ZyXEL P-662H-67 | User Guide - Page 439
default policy: IGMP (W to W/ZW) 3|06/08/2004 05:58:20 |172.21.3.191 |224.0.1.22 BLOCK Firewall default default policy: UDP (W to W/ZW) notes |ACCESS |ACCESS |ACCESS |ACCESS |ACCESS |ACCESS Routing Command Syntax: ip nat routing [0:LAN] [0:no|1:yes] Use this command to set the ZyXEL - ZyXEL P-662H-67 | User Guide - Page 440
a spoofed ARP. An incorrect IP to MAC address mapping in the ZyXEL Device's ARP table could cause the ZyXEL Device to send packets to the wrong device. Commands for Using or on and set to force updates, the ZyXEL Device receives the gratuitous ARP request and 440 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 441
backup gateway. If ackGratuitous is off or not set to force updates, the ZyXEL Device will not update the gateway ARP entry and cannot forward packets through gateway it off because the ZyXEL Device updates the ARP table even when there is an existing entry. P-662H/HW-D Series User's Guide 441 - ZyXEL P-662H-67 | User Guide - Page 442
Appendix J Command Interpreter 442 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 443
configuration text file - eliminating the need to navigate and configure individual screens for each ZyXEL Device. You can use FTP to get the Internal SPTGEN file. Then edit the > = 1 = Your Device = = = 1 = 0 = 0 P-662H/HW-D Series User's Guide 443 - ZyXEL P-662H-67 | User Guide - Page 444
in the Input column, the ZyXEL Device will not save the configuration is an example of what the ZyXEL Device displays if you enter a FLASH: Intel 8M *2 The ZyXEL Device will display the following if the ZyXEL Device to your computer. The name "rom-t" is the configuration filename on the ZyXEL Device. - ZyXEL P-662H-67 | User Guide - Page 445
it to your computer but it must be named "rom-t" when you upload it to your ZyXEL Device. Internal SPTGEN FTP Upload Example 1 Launch your FTP application. 2 Enter "bin". The Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> put rom-t ftp>bye P-662H/HW-D Series User's Guide 445 - ZyXEL P-662H-67 | User Guide - Page 446
PVA Parameter Values Allowed INPUT An example of what you may enter * Applies to the ZyXEL Device. Table 173 Menu 1 General Setup / Menu 1 General Setup FIN FN 10000000 = 256 = 256 = 256 = 256 = 256 = 256 = 256 = 256 = 256 = 256 = 256 = 256 = 256 = 256 446 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 447
) | 3(Out Only)> INPUT = 0 = 192.168.1.33 = 32 = 0.0.0.0 = 0.0.0.0 = 0.0.0.0 = 172.21.2.200 = 16 = 0 = 0 = 2 = 256 = 256 = 256 = 256 INPUT = 0 = 0.0.0.0 = 0 = 0 = 0 = 256 = 256 P-662H/HW-D Series User's Guide 447 - ZyXEL P-662H-67 | User Guide - Page 448
)> PVA = 256 = 256 = 256 = 256 = 256 = 256 = 0 = 0.0.0.0 = 0 = 0 = 0 = 256 = 256 = 256 = 256 = 256 = 256 = 256 = 256 INPUT Wireless = 0 = 1 448 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 449
30500007 = 30500008 = 30500009 = 30500010 = 30500011 = 30500012 = Default Key WEP Key1 WEP Key2 WEP Key3 WEP Key4 Wlan Active 30500013 FIN FN 40000000 = Configured 40000001 = ISP 40000002 = Active P-662H/HW-D Series User's Guide Appendix K Internal SPTGEN = 2432 - ZyXEL P-662H-67 | User Guide - Page 450
= 40000031= Multiplexing VPI # VCI # Service Name My Login My Password Single User Account IP Address Assignment IP Address ) | = 1 1(Yes)> = 0 = 0 = 0 450 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 451
Setup / Menu 15 SUA Server Setup FIN FN 150000001 = SUA Server IP address for default port 150000002 = SUA Server #2 Active 150000003 = SUA Server #2 Protocol 150000004 = 150000005 = 0 = 0 = 0 = 0.0.0.0 P-662H/HW-D Series User's Guide 451 - ZyXEL P-662H-67 | User Guide - Page 452
= 0 = 0 = 0.0.0.0 = 0 = 0 = 0 = 0.0.0.0 = 0 = 0 = 0 = 0.0.0.0 = 0 = 0 = 0 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 453
Mask IP Filter Set 1,Rule 1 Src Port PVA INPUT = PVA INPUT = 2 = 1 = 6 = 0.0.0.0 = 0 = 137 = 0.0.0.0 = 0 = 0 P-662H/HW-D Series User's Guide 453 - ZyXEL P-662H-67 | User Guide - Page 454
21.1 filter set #2, FIN FN 210200001 = Filter Set 2, Nam / Menu 21.1.2.1 Filter set #2, rule #1 FIN FN PVA PVA INPUT = NetBIOS_WAN INPUT 454 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 455
(drop)> PVA = 2 = 1 = 6 = 0.0.0.0 = 0 = 137 = 1 = 0.0.0.0 = 0 = 0 = 0 = 3 = 1 INPUT = 2 = 1 = 6 = 0.0.0.0 = 0 = 138 = 1 = 0.0.0.0 = 0 P-662H/HW-D Series User's Guide 455 - ZyXEL P-662H-67 | User Guide - Page 456
Table 180 Menu 23 System Menus */ Menu 23.1 System Password Setup FIN FN 230000000 = System Password */ Menu 23.2 System security: radius server FIN FN 230200001 111111111111 111 111111111111 1111 = 1 = 1 = 192.168.1.44 = 1823 = 1234 INPUT = 2 = 555 = 999 456 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 457
241100009 = WEB Server Secured IP address PVA INPUT = 23 = 0 = 0.0.0.0 = 21 = 0 = 0.0.0.0 = 80 = 0 = 0.0.0.0 P-662H/HW-D Series User's Guide 457 - ZyXEL P-662H-67 | User Guide - Page 458
SPTGEN Command Examples The following are example Internal SPTGEN screens associated with the ZyXEL Device's command interpreter commands. Table 182 Command Examples FIN FN PVA INPUT 990000001 = ADSL OPMD 458 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 459
The router dropped an ICMP packet that was too large. Configuration Change: PC = 0x%x, Task ID = 0x%x The router is saving configuration changes. P-662H/HW-D Series User's Guide 459 - ZyXEL P-662H-67 | User Guide - Page 460
WAN connection is down. You cannot access the network through this interface. Table 185 Access Control Logs LOG MESSAGE Firewall default policy: [TCP | UDP | IGMP | ESP | GRE | OSPF] Firewall rule [NOT] to a web site that the user requested. 460 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 461
the TCP state. The router sent a TCP reset packet when a dynamic firewall session timed out. The default timeout values are as follows: ICMP idle timeout: 3 minutes UDP idle timeout: 3 minutes TCP connection ( type and code details, see Table 200 on page 470. P-662H/HW-D Series User's Guide 461 - ZyXEL P-662H-67 | User Guide - Page 462
through. The router blocked a packet that didn't have a corresponding NAT table entry. The firewall does not support this kind of ICMP packets or the ICMP packets are out of order. The router sent an ICMP reply UPnP packets can pass through the firewall. 462 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 463
filtering server did not respond within the timeout server timeout period. DNS resolving failed The ZyXEL Device cannot get the IP address of the external content filtering via DNS query. Creating socket . For type and code details, see Table 200 on page 470. P-662H/HW-D Series User's Guide 463 - ZyXEL P-662H-67 | User Guide - Page 464
outbound traffic and no inbound traffic for a certain time period. You can use the "ipsec timer chk_conn" CI command to set the time period. The default value is 2 minutes. The router dropped all connections with the "MyIP" configured as "0.0.0.0" when the WAN IP address changed. 464 P-662H/HW - ZyXEL P-662H-67 | User Guide - Page 465
request to The router started negotiation with the peer. Invalid IP / The peer's "Local IP Address" is invalid. P-662H/HW-D Series User's Guide 465 - ZyXEL P-662H-67 | User Guide - Page 466
incoming packet's ID content is displayed. Unsupported local ID Type: The phase 1 ID type is not supported by the router. Build Phase 1 ID The router has started to build the phase 1 ID. Adjust TCP mismatch match between the router and the peer. 466 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 467
's address cannot be resolved. The CMP online certificate enrollment was successful. The Destination field records the certification authority server's IP address and port. P-662H/HW-D Series User's Guide 467 - ZyXEL P-662H-67 | User Guide - Page 468
search constraints. 3 Certificate was not valid in the time interval. 4 (Not used) 5 Certificate is not valid. 6 Certificate signature was not verified correctly. 468 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 469
Server. Local User Database does not support authentication method. User logout because of the local user database because of an incorrect user password. A user was not authenticated by the local user check the RADIUS Server. The local user database only supports the EAP-MD5 method. A user tried to - ZyXEL P-662H-67 | User Guide - Page 470
WAN to the WAN or the ZyXEL Device. ACL set for packets traveling from the DMZ to the DMZ or the ZyXEL Device. Table 200 ICMP Notes TYPE CODE DESCRIPTION 0 Echo Reply 0 Echo reply message 3 Destination Unreachable 0 Net unreachable 1 Host unreachable 470 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 471
for the Type of Service and Host 8 Echo 0 Echo message 11 Time Exceeded 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 Pointer indicates the The "cat" is the same as the category in the router's logs. P-662H/HW-D Series User's Guide 471 - ZyXEL P-662H-67 | User Guide - Page 472
Go to the command interpreter interface. Configuring What You Want the ZyXEL Device to Log 1 Use the sys logs load command to load categories. Figure 306 Displaying Log Categories Example Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras>? Valid commands are: sys exit ether aux ip - ZyXEL P-662H-67 | User Guide - Page 473
category. 5 Use the sys logs save command to store the settings in the ZyXEL Device (you must do this in order to record logs). Displaying Logs • an individual ZyXEL Device log category. • Use the sys logs clear command to erase all of the ZyXEL Device's logs. P-662H/HW-D Series User's Guide 473 - ZyXEL P-662H-67 | User Guide - Page 474
example shows how to set the ZyXEL Device to record the access default policy: IGMP (W to W/ZW) 5|06/08/2004 05:58:20 |172.21.4.187:137 |172.21.255.255:137 BLOCK Firewall default policy: UDP (W to W/ZW) notes |ACCESS |ACCESS |ACCESS |ACCESS |ACCESS |ACCESS 474 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 475
ZyXEL manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL others. ZyXEL further reserves ZyXEL Network Operating System) is a registered trademark of ZyXEL the instructions, - ZyXEL P-662H-67 | User Guide - Page 476
antenna or transmitter. • IEEE 802.11b or 802.11g operation of this product in the U.S.A. is firmware-limited to channels 1 through 11. • To comply with FCC RF exposure compliance requirements, a separation distance B est conforme à la norme NMB-003 du Canada. 476 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 477
kind to the purchaser. To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number ( firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 478
Appendix M Legal Information 478 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 479
your device. • Brief description of the problem and the steps you took to solve it. "+" is the (prefix) number you dial to make an international telephone call. Corporate Headquarters (Worldwide) • Support E-mail: [email protected] • Sales E-mail: [email protected] • Telephone: +886-3-578-3942 - ZyXEL P-662H-67 | User Guide - Page 480
. 20/A2 D-52146, Wuerselen, Germany Hungary • Support E-mail: [email protected] • Sales E-mail: [email protected] • Telephone: +36-1-3361649 • Fax: +36-1-3259100 • Web: www.zyxel.hu • Regular Mail: ZyXEL Hungary, 48, Zoldlomb Str., H-1025, Budapest, Hungary 480 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 481
Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia North America • Support E-mail: [email protected] • Sales E-mail: [email protected] • Telephone: +1-800-255-4101, +1-714-632-0882 • Fax: +1-714-632-0858 • Web: www.us.zyxel.com • FTP: ftp.us.zyxel.com P-662H/HW-D Series User's Guide 481 - ZyXEL P-662H-67 | User Guide - Page 482
, The Strategry #03-28, Singapore 609930 Spain • Support E-mail: [email protected] • Sales E-mail: [email protected] • Telephone: +34-902-195-420 • Fax: +34-913-005-345 • Web: www.zyxel.es • Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain 482 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 483
@zyxel.co.uk • Telephone: +44-1344-303044, 08707-555779 (UK only) • Fax: +44-1344-303034 • Web: www.zyxel.co.uk • FTP: ftp.zyxel.co.uk • Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road, Bracknell, Berkshire RG12 2XB, United Kingdom (UK) P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 484
Appendix N Customer Support 484 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 485
281 Basic Service Set, See BSS 395 Basic wireless security 69 Blocking Time 187 Brute-force Attack, 161 BSS 395 P-662H/HW-D Series User's Guide Index Index BW 476 viewing 477 change password at login 45 channel 397 interference 397 Channel ID 118 compact guide 43 Configuration 102 contact - ZyXEL P-662H-67 | User Guide - Page 486
support 479 Customized Services 178 Customized services 178 D Data Confidentiality 216 Data Integrity 216 Data Origin Authentication 216 Default 333 default LAN IP address 44 Denial of Service of Service) Service Set IDentification 118 Extended Service Services 183 Types 157 When To Use 167 firmware - ZyXEL P-662H-67 | User Guide - Page 487
Architecture 216 IPSec standard 349 ISDN (Integrated Services Digital Network) 39 I IANA 103, Independent Basic Service Set See IBSS 395 initialization vector ( Windows XP 306 Integrated Services Digital Network 39 Internal Base (MIB) 297 managing subscription services 211 Maximize Bandwidth Usage 279 - ZyXEL P-662H-67 | User Guide - Page 488
Remote Management and NAT 292 Remote Management Limitations 292 Reset button, the 46 resetting the ZyXEL Device 46 Restore 332 RFC 1483 82 RFC 1631 141 RIP See Routing Information Protocol 104 Rules 172 Key Fields 171 LAN to WAN 172 Logic 170 Predefined Services 183 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 489
162, 163 Process 163 ZyXEL Device 164 Static Route 273 SUA 144 SUA (Single User Account) 144 SUA vs NAT 144 subnet 385 Subnet Mask 103, 177 subnet mask 386 subnetting 388 subscription services 211 Sustain Cell Rate ( 349 VPI & VCI 82 VPN 215 VPN Applications 216 P-662H/HW-D Series User's Guide 489 - ZyXEL P-662H-67 | User Guide - Page 490
405 WZC activating 409 network connection 411 not available 411 preferred network 420 security setting 415 system tray icon 412 Z Zero configuration Internet access 85 ZyXEL's Firewall Introduction 158 490 P-662H/HW-D Series User's Guide - ZyXEL P-662H-67 | User Guide - Page 491
Index P-662H/HW-D Series User's Guide 491 - ZyXEL P-662H-67 | User Guide - Page 492
Index 492 P-662H/HW-D Series User's Guide
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
 |
 |
www.zyxel.com
P-662H/HW-D Series
802.11g ADSL2+ 4-Port Security Gateway
User’s Guide
Version 3.40
12/2008
Edition 3
DEFAULT LOGIN
IP Address
User Password
user
Admin Password
1234