Home » ZyXEL Manuals » Networking » ZyXEL P-662HW-61 » Manual Viewer

ZyXEL P-662HW-61 User Guide - Page 267

LABEL, DESCRIPTION, Refresh

Get ZyXEL P-662HW-61 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 267 highlights

Chapter 17 Certificates The following table describes the labels in this screen. Table 109 Trusted Remote Host Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces). Certification Path Click the Refresh button to have this read-only text box display the end entity's own certificate and a list of certification authority certificates in the hierarchy of certification authorities that validate a certificate's issuing certification authority. For a trusted host, the list consists of the end entity's own certificate and the default self-signed certificate that the ZyXEL Device uses to sign remote host certificates. Refresh Click Refresh to display the certification path. Certificate Information These read-only fields display detailed information about the certificate. Type This field displays general information about the certificate. With trusted remote host certificates, this field always displays CA-signed. The ZyXEL Device is the Certification Authority that signed the certificate. X.509 means that this certificate was created and signed according to the ITU-T X.509 recommendation that defines the formats for public-key certificates. Version This field displays the X.509 version number. Serial Number This field displays the certificate's identification number given by the device that created the certificate. Subject This field displays information that identifies the owner of the certificate, such as Common Name (CN), Organizational Unit (OU), Organization (O) and Country (C). Issuer This field displays identifying information about the default self-signed certificate on the ZyXEL Device that the ZyXEL Device uses to sign the trusted remote host certificates. Signature Algorithm This field displays the type of algorithm that the ZyXEL Device used to sign the certificate, which is rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1 hash algorithm). Valid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable. Valid To This field displays the date that the certificate expires. The text displays in red and includes an Expiring! or Expired! message if the certificate is about to expire or has already expired. Key Algorithm This field displays the type of algorithm that was used to generate the certificate's key pair (the ZyXEL Device uses RSA encryption) and the length of the key set in bits (1024 bits for example). Subject Alternative Name This field displays the certificate's owner's IP address (IP), domain name (DNS) or e-mail address (EMAIL). Key Usage This field displays for what functions the certificate's key can be used. For example, "DigitalSignature" means that the key can be used to sign certificates and "KeyEncipherment" means that the key can be used to encrypt text. Basic Constraint This field displays general information about the certificate. For example, Subject Type=CA means that this is a certification authority's certificate and "Path Length Constraint=1" means that there can only be one certification authority in the certificate's path. P-662H/HW-D Series User's Guide 267

Section	Page
User’s Guide	1
About This User's Guide	3
Document Conventions	4
Safety Warnings	6
Contents Overview	9
Table of Contents	11
List of Figures	23
List of Tables	31
Introduction and Wizards	37
Getting To Know Your ZyXEL Device	39
1.1 Introducing the ZyXEL Device	39
1.1.1 Applications of the ZyXEL Device	39
1.1.2 Firewall for Secure Broadband Internet Access	40
1.1.3 Front Panel LEDs	41
Introducing the Web Configurator	43
2.1 Web Configurator Overview	43
2.2 Accessing the Web Configurator	43
2.3 Resetting the ZyXEL Device	46
2.3.1 Using the Reset Button	46
2.4 Navigating the Web Configurator	47
2.4.1 Navigation Panel	47
2.4.2 Status Screen	50
2.4.3 Status: Any IP Table	53
2.4.4 Status: WLAN Status	53
2.4.5 Status: Bandwidth Status	54
2.4.6 Status: VPN Status	54
2.4.7 Status: Packet Statistics	55
2.4.8 Changing Login Password	57
Wizard Setup for Internet Access	59
3.1 Introduction	59
3.2 Internet Access Wizard Setup	59
3.2.1 Automatic Detection	61
3.2.2 Manual Configuration	61
3.3 Wireless Connection Wizard Setup	66
3.3.1 Automatically assign a WPA key	69
3.3.2 Manually assign a WPA-PSK key	69
3.3.3 Manually assign a WEP key	69
Bandwidth Management Wizard	73
4.1 Introduction	73
4.2 Predefined Media Bandwidth Management Services	73
4.3 Bandwidth Management Wizard Setup	74
Network	79
WAN Setup	81
5.1 WAN Overview	81
5.1.1 Encapsulation	81
5.1.2 Multiplexing	82
5.1.3 VPI and VCI	82
5.1.4 IP Address Assignment	82
5.1.5 Nailed-Up Connection (PPP)	83
5.1.6 NAT	83
5.2 Metric	83
5.3 Traffic Shaping	84
5.3.1 ATM Traffic Classes	85
5.4 Zero Configuration Internet Access	85
5.5 Internet Connection	86
5.5.1 Configuring Advanced Internet Connection	87
5.6 Configuring More Connections	89
5.6.1 More Connections Edit	90
5.6.2 Configuring More Connections Advanced Setup	92
5.7 Traffic Redirect	94
5.8 Configuring WAN Backup	94
5.9 WAN Backup Advanced Screen	96
5.10 Dial Backup Modem Setup	99
LAN Setup	101
6.1 LAN Overview	101
6.1.1 LANs, WANs and the ZyXEL Device	101
6.1.2 DHCP Setup	102
6.1.3 DNS Server Address	102
6.1.4 DNS Server Address Assignment	102
6.2 LAN TCP/IP	103
6.2.1 IP Address and Subnet Mask	103
6.2.2 RIP Setup	104
6.2.3 Multicast	104
6.2.4 Any IP	105
6.3 Configuring LAN IP	106
6.3.1 Configuring Advanced LAN Setup	107
6.4 DHCP Setup	108
6.5 LAN Client List	109
6.6 LAN IP Alias	110
Wireless LAN	113
7.1 Wireless Network Overview	113
7.2 Wireless Security Overview	114
7.2.1 SSID	114
7.2.2 MAC Address Filter	114
7.2.3 User Authentication	114
7.2.4 Encryption	115
7.2.5 One-Touch Intelligent Security Technology (OTIST)	116
7.3 Wireless Performance Overview	116
7.3.1 Quality of Service (QoS)	116
7.4 Additional Wireless Terms	116
7.5 General Wireless LAN Screen	117
7.5.1 No Security	118
7.5.2 WEP Encryption Screen	119
7.5.3 WPA(2)-PSK	120
7.5.4 WPA(2) Authentication Screen	122
7.5.5 Wireless LAN Advanced Setup	124
7.6 OTIST	125
7.6.1 Enabling OTIST	125
7.6.2 Starting OTIST	127
7.6.3 Notes on OTIST	128
7.7 MAC Filter	129
7.8 WMM QoS	130
7.8.1 WMM QoS Example	130
7.8.2 WMM QoS Priorities	130
7.8.3 Services	131
7.9 QoS Screen	131
7.9.1 ToS (Type of Service) and WMM QoS	131
7.9.2 Application Priority Configuration	132
7.10 Multiple SSID (P-662HW-D Models only)	133
7.10.1 Multiple SSID Commands	134
7.10.2 Multiple SSID Example	135
DMZ	137
8.1 Introduction	137
8.2 Configuring DMZ	137
8.3 DMZ Public IP Address Example	139
Network Address Translation (NAT) Screens	141
9.1 NAT Overview	141
9.1.1 NAT Definitions	141
9.1.2 What NAT Does	142
9.1.3 How NAT Works	142
9.1.4 NAT Application	142
9.1.5 NAT Mapping Types	143
9.2 SUA (Single User Account) Versus NAT	144
9.3 NAT General Setup	144
9.4 Port Forwarding	145
9.4.1 Default Server IP Address	146
9.4.2 Port Forwarding: Services and Port Numbers	146
9.4.3 Configuring Servers Behind Port Forwarding (Example)	146
9.5 Configuring Port Forwarding	147
9.5.1 Port Forwarding Rule Edit	148
9.6 Address Mapping	149
9.6.1 Address Mapping Rule Edit	150
9.7 Trigger Port	151
9.8 Edit Trigger Port	153
Security	155
Firewalls	157
10.1 Firewall Overview	157
10.2 Types of Firewalls	157
10.2.1 Packet Filtering Firewalls	157
10.2.2 Application-level Firewalls	158
10.2.3 Stateful Inspection Firewalls	158
10.3 Introduction to ZyXEL’s Firewall	158
10.3.1 Denial of Service Attacks	159
10.4 Denial of Service	159
10.4.1 Basics	159
10.4.2 Types of DoS Attacks	160
10.5 Stateful Inspection	162
10.5.1 Stateful Inspection Process	163
10.5.2 Stateful Inspection and the ZyXEL Device	164
10.5.3 TCP Security	164
10.5.4 UDP/ICMP Security	165
10.5.5 Upper Layer Protocols	165
10.6 Guidelines for Enhancing Security with Your Firewall	166
10.6.1 Security In General	166
10.7 Packet Filtering Vs Firewall	167
10.7.1 Packet Filtering:	167
10.7.2 Firewall	167
Firewall Configuration	169
11.1 Access Methods	169
11.2 Firewall Policies Overview	169
11.3 Rule Logic Overview	170
11.3.1 Security Ramifications	170
11.3.2 Key Fields For Configuring Rules	171
11.4 Connection Direction	171
11.4.1 LAN to WAN Rules	172
11.4.2 Alerts	172
11.5 General Firewall Policy	172
11.6 Firewall Rules Summary	173
11.6.1 Configuring Firewall Rules	175
11.6.2 Customized Services	178
11.6.3 Configuring A Customized Service	178
11.7 Example Firewall Rule	179
11.8 Predefined Services	183
11.9 Anti-Probing	185
11.10 DoS Thresholds	186
11.10.1 Threshold Values	186
11.10.2 Half-Open Sessions	187
11.10.3 Configuring Firewall Thresholds	187
Content Filtering	191
12.1 Content Filtering Overview	191
12.2 Configuring Keyword Blocking	191
12.3 Configuring the Schedule	192
12.4 Configuring Trusted Computers	193
Content Access Control	195
13.1 Content Access Control Overview	195
13.1.1 Content Access Control WLAN Application	195
13.1.2 Configuration Steps	195
13.2 Activating CAC and Creating User Groups	196
13.2.1 Configuring Time Schedule	197
13.2.2 Configuring Services	198
13.2.3 Configuring Web Site Filters	200
13.2.4 Testing Web Site Access Privileges	205
13.3 User Account Setup	206
13.4 User Online Status	207
13.5 Trusted Devices	208
13.6 Trusted-external Websites	208
13.7 Content Access Control Logins	209
13.7.1 User Login	209
13.7.2 Administrator Login	210
Register	211
14.1 myZyXEL.com overview	211
14.1.1 Subscription Services Available on the ZyXEL Device	211
14.2 Registration	212
14.3 Service	213
Introduction to IPSec	215
15.1 VPN Overview	215
15.1.1 IPSec	215
15.1.2 Security Association	215
15.1.3 Other Terminology	215
15.1.4 VPN Applications	216
15.2 IPSec Architecture	216
15.2.1 IPSec Algorithms	217
15.2.2 Key Management	217
15.3 Encapsulation	217
15.3.1 Transport Mode	218
15.3.2 Tunnel Mode	218
15.4 IPSec and NAT	218
VPN Screens	221
16.1 VPN/IPSec Overview	221
16.2 IPSec Algorithms	221
16.2.1 AH (Authentication Header) Protocol	221
16.2.2 ESP (Encapsulating Security Payload) Protocol	221
16.3 My IP Address	222
16.4 Secure Gateway Address	222
16.4.1 Dynamic Secure Gateway Address	223
16.5 VPN Setup Screen	223
16.6 Keep Alive	225
16.7 VPN, NAT, and NAT Traversal	225
16.8 Remote DNS Server	226
16.9 ID Type and Content	227
16.9.1 ID Type and Content Examples	228
16.10 Pre-Shared Key	229
16.11 Editing VPN Policies	229
16.12 IKE Phases	233
16.12.1 Negotiation Mode	234
16.12.2 Diffie-Hellman (DH) Key Groups	235
16.12.3 Perfect Forward Secrecy (PFS)	235
16.13 Configuring Advanced IKE Settings	235
16.14 Manual Key Setup	238
16.14.1 Security Parameter Index (SPI)	238
16.15 Configuring Manual Key	238
16.16 Viewing SA Monitor	241
16.17 Configuring Global Setting	242
16.18 Telecommuter VPN/IPSec Examples	243
16.18.1 Telecommuters Sharing One VPN Rule Example	243
16.18.2 Telecommuters Using Unique VPN Rules Example	244
16.19 VPN and Remote Management	245
Certificates	247
17.1 Certificates Overview	247
17.1.1 Advantages of Certificates	248
17.2 Self-signed Certificates	248
17.3 Configuration Summary	248
17.4 My Certificates	248
17.5 My Certificate Import	250
17.5.1 Certificate File Formats	251
17.6 My Certificate Create	252
17.7 My Certificate Details	254
17.8 Trusted CAs	257
17.9 Trusted CA Import	259
17.10 Trusted CA Details	260
17.11 Trusted Remote Hosts	262
17.12 Verifying a Trusted Remote Host’s Certificate	264
17.12.1 Trusted Remote Host Certificate Fingerprints	264
17.13 Trusted Remote Hosts Import	265
17.14 Trusted Remote Host Certificate Details	265
17.15 Directory Servers	268
17.16 Directory Server Add or Edit	269
Advanced	271
Static Route	273
18.1 Static Route Overview	273
18.2 Configuring Static Routes	274
18.2.1 Static Route Edit	275
Bandwidth Management	277
19.1 Bandwidth Management Overview	277
19.2 Application-based Bandwidth Management	277
19.3 Subnet-based Bandwidth Management	277
19.4 Application and Subnet-based Bandwidth Management	278
19.5 Scheduler	278
19.5.1 Priority-based Scheduler	278
19.5.2 Fairness-based Scheduler	279
19.6 Maximize Bandwidth Usage	279
19.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic	279
19.6.2 Maximize Bandwidth Usage Example	279
19.6.3 Bandwidth Management Priorities	281
19.7 Configuring Summary	281
19.8 Bandwidth Management Rule Setup	282
19.8.1 Rule Configuration	283
19.9 Bandwidth Monitor	286
Dynamic DNS Setup	287
20.1 Dynamic DNS Overview	287
20.1.1 DYNDNS Wildcard	287
20.2 Configuring Dynamic DNS	287
Remote Management Configuration	291
21.1 Remote Management Overview	291
21.1.1 Remote Management Limitations	292
21.1.2 Remote Management and NAT	292
21.1.3 System Timeout	292
21.2 WWW	292
21.3 Telnet	294
21.4 Configuring Telnet	294
21.5 Configuring FTP	295
21.6 SNMP	296
21.6.1 Supported MIBs	297
21.6.2 SNMP Traps	297
21.6.3 Configuring SNMP	297
21.7 Configuring DNS	299
21.8 Configuring ICMP	299
21.9 TR-069	300
Universal Plug-and-Play (UPnP)	303
22.1 Introducing Universal Plug and Play	303
22.1.1 How do I know if I'm using UPnP?	303
22.1.2 NAT Traversal	303
22.1.3 Cautions with UPnP	303
22.2 UPnP and ZyXEL	304
22.2.1 Configuring UPnP	304
22.3 Installing UPnP in Windows Example	305
22.4 Using UPnP in Windows XP Example	308
Maintenance, Troubleshooting and Specifications	315
System	317
23.1 General Setup and System Name	317
23.1.1 System Configuration	317
23.2 Time Setting	319
Logs	323
24.1 Logs Overview	323
24.1.1 Alerts and Logs	323
24.2 Viewing the Logs	323
24.3 Configuring Log Settings	324
24.4 SMTP Error Messages	326
24.4.1 Example E-mail Log	327
Tools	329
25.1 Firmware Upgrade	329
25.2 Configuration Screen	331
25.2.1 Backup Configuration	331
25.2.2 Restore Configuration	332
25.2.3 Back to Factory Defaults	333
25.3 Restart	333
Diagnostic	335
26.1 General Diagnostic	335
26.2 DSL Line Diagnostic	336
Troubleshooting	337
27.1 Problems Starting Up the ZyXEL Device	337
27.2 Problems with the LAN	337
27.3 Problems with the WAN	338
27.4 Problems Accessing the ZyXEL Device	338
27.4.1 Pop-up Windows, JavaScripts and Java Permissions	339
27.4.2 ActiveX Controls in Internet Explorer	344
Product Specifications	347
28.1 General ZyXEL Device Specifications	347
28.2 Wall-mounting Instructions	351
Appendices and Index	353
Setting up Your Computer’s IP Address	355
Pop-up Windows, JavaScripts and Java Permissions	377
IP Addresses and Subnetting	385
Wireless LANs	395
Management with Wireless Zero Configuration	409
Common Services	423
Virtual Circuit Topology	427
Importing Certificates	429
NetBIOS Filter Commands	435
Command Interpreter	437
Internal SPTGEN	443
Log Descriptions	459
Legal Information	475
Customer Support	479

Match case Limit results 1 per page

Chapter 17 Certificates

P-662H/HW-D Series User’s Guide

267

The following table describes the labels in this screen.

Table 109

Trusted Remote Host Details

LABEL

DESCRIPTION

Name

This field displays the identifying name of this certificate. If you want to change

the name, type up to 31 characters to identify this key certificate. You may use

any character (not including spaces).

Certification Path

Click the

Refresh

button to have this read-only text box display the end entity’s

own certificate and a list of certification authority certificates in the hierarchy of

certification authorities that validate a certificate’s issuing certification authority.

For a trusted host, the list consists of the end entity’s own certificate and the

default self-signed certificate that the ZyXEL Device uses to sign remote host

certificates.

Refresh

Click

Refresh

to display the certification path.

Certificate

Information

These read-only fields display detailed information about the certificate.

Type

This field displays general information about the certificate. With trusted

remote host certificates, this field always displays CA-signed. The ZyXEL

Device is the Certification Authority that signed the certificate. X.509 means

that this certificate was created and signed according to the ITU-T X.509

recommendation that defines the formats for public-key certificates.

Version

This field displays the X.509 version number.

Serial Number

This field displays the certificate’s identification number given by the device

that created the certificate.

Subject

This field displays information that identifies the owner of the certificate, such

as Common Name (CN), Organizational Unit (OU), Organization (O) and

Country (C).

Issuer

This field displays identifying information about the default self-signed

certificate on the ZyXEL Device that the ZyXEL Device uses to sign the trusted

remote host certificates.

Signature Algorithm

This field displays the type of algorithm that the ZyXEL Device used to sign the

certificate, which is rsa-pkcs1-sha1 (RSA public-private key encryption

algorithm and the SHA1 hash algorithm).

Valid From

This field displays the date that the certificate becomes applicable. The text

displays in red and includes a Not Yet Valid! message if the certificate has not

yet become applicable.

Valid To

This field displays the date that the certificate expires. The text displays in red

and includes an Expiring! or Expired! message if the certificate is about to

expire or has already expired.

Key Algorithm

This field displays the type of algorithm that was used to generate the

certificate’s key pair (the ZyXEL Device uses RSA encryption) and the length

of the key set in bits (1024 bits for example).

Subject Alternative

Name

This field displays the certificate’s owner‘s IP address (IP), domain name

(DNS) or e-mail address (EMAIL).

Key Usage

This field displays for what functions the certificate’s key can be used. For

example, “DigitalSignature” means that the key can be used to sign certificates

and “KeyEncipherment” means that the key can be used to encrypt text.

Basic Constraint

This field displays general information about the certificate. For example,

Subject Type=CA means that this is a certification authority’s certificate and

“Path Length Constraint=1” means that there can only be one certification

authority in the certificate’s path.