Home » ZyXEL Manuals » Wireless » ZyXEL SBG3300-N Series » Manual Viewer

ZyXEL SBG3300-N Series User Guide - Page 186

Table 77, Label, Description

View all ZyXEL SBG3300-N Series manuals

Add to My Manuals
Save this manual to your list of manuals

Page 186 highlights

Chapter 14 Firewall The following table describes the labels in this screen. Table 77 Access Control: Add/Edit LABEL Enable Logging Filter Name DESCRIPTION Select this to turn on the ACL rule. Select this to have the Device log when it performs the ACL rule's selected action on the traffic traveling between the two zones. Enter a descriptive name of up to 16 alphanumeric characters, not including spaces, underscores, and dashes. Order Direction You must enter the filter name to add an ACL rule. This field is read-only if you are editing the ACL rule. Select the order of the ACL rule. Use the From and To drop-down list boxes to select the direction of travel of packets to which to apply this ACL rule. Select from which zone the packets come in and to which zone they are destined. For example, From LAN To WAN means packets traveling from a computer or subnet on the LAN zone to the WAN zone. From Any means traffic coming from the WAN, LAN, WLAN, DMZ, and EXTRA zones (but not the ROUTER zone). To Any (excl. Router) means traffic going to the WAN, LAN, WLAN, DMZ, and EXTRA zones (but not the ROUTER zone). EXTRA is a local zone to use as needed depending on your network topology. Select Source Device Source IP address Select Destination Device Destination IP address IP Type Select Service To ROUTER applies to traffic that destined for the Device. Use this to control which computers can manage the Device. Select the source device to which the ACL rule applies. If you select Specific IP Address, enter the source IP address in the field below. Enter the source IP address. Select the destination device to which the ACL rule applies. If you select Specific IP Address, enter the destiniation IP address in the field below. Enter the destination IP address. Select whether your IP type is IPv4 or IPv6. Select the transport layer protocol that defines your customized port from the drop-down list box. The specific protocol rule sets you add in the Security > Firewall > Service > Add screen display in this list. Protocol If you want to configure a customized protocol, select Specific Service. This field is displayed only when you select Specific Protocol in Select Protocol. Choose the IP port (TCP/UDP, TCP, UDP, ICMP, or ICMPv6) that defines your customized port from the drop-down list box. Custom Source This field is displayed only when you select Specific Protocol in Select Protocol. Port Enter a single port number or the range of port numbers of the source. Custom This field is displayed only when you select Specific Protocol in Select Protocol. Destination Port Enter a single port number or the range of port numbers of the destination. Policy Use the drop-down list box to select whether to discard (DROP), deny and send an ICMP destination-unreachable message to the sender of (REJECT) or allow the passage of (ACCEPT) packets that match this rule. 186 SBG3300-N Series User's Guide

Section	Page
SBG3300-N Series	1
Contents Overview	3
Table of Contents	5
User’s Guide	15
Introducing the Device	17
1.1 Overview	17
1.2 Ways to Manage the Device	17
1.3 Good Habits for Managing the Device	17
1.4 Applications for the Device	18
1.4.1 Internet Access	18
1.4.2 Device’s USB Support	19
1.5 LEDs (Lights)	20
1.6 The RESET Button	21
1.7 Wireless Access	21
1.7.1 Using the WLAN Button	22
The Web Configurator	23
2.1 Overview	23
2.1.1 Accessing the Web Configurator	23
2.2 Web Configurator Layout	25
2.2.1 Title Bar	25
2.2.2 Main Window	26
2.2.3 Navigation Panel	26
Quick Start	31
3.1 Overview	31
3.2 Quick Start Setup	31
Technical Reference	35
Status Screens	37
4.1 Overview	37
4.2 The Status Screen	37
Broadband	41
5.1 Overview	41
5.1.1 What You Can Do in this Chapter	41
5.1.2 What You Need to Know	42
5.1.3 Before You Begin	45
5.2 The Broadband Screen	45
5.2.1 Add/Edit Internet Connection	47
5.3 The 3G WAN Screen	55
5.4 The Add New 3G Dongle Screen	58
5.4.1 Add 3G Dongle Information	59
5.5 The Advanced Screen	59
5.6 The 802.1x Screen	60
5.6.1 Edit 802.1x Settings	61
5.7 The multi-WAN Screen	62
5.7.1 Add/Edit multi-WAN	63
5.7.2 How to Configure multi-WAN for Load Balancing and Failover	64
5.8 Technical Reference	65
Wireless	71
6.1 Overview	71
6.1.1 What You Can Do in this Chapter	71
6.1.2 What You Need to Know	72
6.2 The General Screen	72
6.2.1 No Security	75
6.2.2 Basic (WEP Encryption)	75
6.2.3 More Secure (WPA(2)-PSK)	77
6.2.4 WPA(2) Authentication	78
6.3 The More AP Screen	79
6.3.1 Edit More AP	81
6.4 MAC Authentication	83
6.5 The WPS Screen	84
6.6 The WMM Screen	85
6.7 The Others Screen	86
6.8 The Channel Status Screen	88
6.9 The Scheduling Screen	88
6.9.1 Add Schedule	89
6.10 Technical Reference	90
6.10.1 Wireless Network Overview	90
6.10.2 Additional Wireless Terms	92
6.10.3 Wireless Security Overview	92
6.10.4 Signal Problems	94
6.10.5 BSS	95
6.10.6 MBSSID	95
6.10.7 Preamble Type	96
6.10.8 WiFi Protected Setup (WPS)	96
LAN	103
7.1 Overview	103
7.1.1 What You Can Do in this Chapter	103
7.1.2 What You Need To Know	104
7.1.3 Before You Begin	105
7.2 The LAN Setup Screen	105
7.3 The Static DHCP Screen	109
7.4 The UPnP Screen	110
7.5 Installing UPnP in Windows Example	111
7.6 Using UPnP in Windows XP Example	114
7.7 The Additional Subnet Screen	120
7.8 The 5th Ethernet Port Screen	121
7.9 Technical Reference	121
7.9.1 LANs, WANs and the Device	122
7.9.2 DHCP Setup	122
7.9.3 DNS Server Addresses	122
7.9.4 LAN TCP/IP	123
Routing	125
8.1 Overview	125
8.1.1 What You Can Do in this Chapter	125
8.2 The Routing Screen	126
8.2.1 Add/Edit Static Route	127
8.3 The Policy Forwarding Screen	127
8.3.1 Add/Edit Policy Forwarding	129
8.4 The RIP Screen	129
Quality of Service (QoS)	131
9.1 Overview	131
9.1.1 What You Can Do in this Chapter	131
9.2 What You Need to Know	132
9.3 The Quality of Service General Screen	133
9.4 The Queue Setup Screen	134
9.4.1 Adding a QoS Queue	136
9.5 The Class Setup Screen	136
9.5.1 Add/Edit QoS Class	138
9.6 The QoS Policer Setup Screen	141
9.6.1 Add/Edit a QoS Policer	142
9.7 The QoS Monitor Screen	143
9.8 Technical Reference	144
Network Address Translation (NAT)	149
10.1 Overview	149
10.1.1 What You Can Do in this Chapter	149
10.1.2 What You Need To Know	149
10.2 The Port Forwarding Screen	150
10.2.1 Add/Edit Port Forwarding	152
10.3 The Applications Screen	153
10.3.1 Add New Application	154
10.4 The Port Triggering Screen	154
10.4.1 Add/Edit Port Triggering Rule	156
10.5 The Default Server Screen	157
10.6 The ALG Screen	158
10.7 The Address Mapping Screen	158
10.7.1 Add/Edit Address Mapping Rule	159
10.8 Technical Reference	160
10.8.1 NAT Definitions	160
10.8.2 What NAT Does	161
10.8.3 How NAT Works	162
10.8.4 NAT Application	163
Dynamic DNS Setup	165
11.1 Overview	165
11.1.1 What You Can Do in this Chapter	165
11.1.2 What You Need To Know	166
11.2 The DNS Entry Screen	166
11.2.1 Add/Edit DNS Entry	167
11.3 The Dynamic DNS Screen	167
Interface Group/VLAN	169
12.1 Overview	169
12.2 The Interface Group/VLAN Screen	169
12.2.1 Interface Group Configuration	170
12.2.2 Interface Grouping Criteria	172
USB Service	175
13.1 Overview	175
13.1.1 What You Can Do in this Chapter	175
13.1.2 What You Need To Know	175
13.2 The File Sharing Screen	176
13.2.1 Before You Begin	176
Firewall	179
14.1 Overview	179
14.1.1 What You Can Do in this Chapter	179
14.1.2 What You Need to Know	180
14.2 The Firewall Screen	181
14.3 The Service Screen	181
14.3.1 Add/Edit a Service	183
14.4 The Access Control Screen	184
14.4.1 Add/Edit an ACL Rule	185
14.5 The DoS Screen	187
MAC Filter	189
15.1 Overview	189
15.2 The MAC Filter Screen	189
User Access Control	191
16.1 Overview	191
16.2 The User Access Control Screen	191
16.2.1 Add/Edit a User Access Control Rule	192
Scheduler Rules	195
17.1 Overview	195
17.2 The Scheduler Rules Screen	195
17.2.1 Add/Edit a Schedule	196
Certificates	197
18.1 Overview	197
18.1.1 What You Can Do in this Chapter	197
18.2 What You Need to Know	197
18.3 The Local Certificates Screen	198
18.3.1 Create Certificate Request	199
18.3.2 Load Signed Certificate	200
18.4 The Trusted CA Screen	201
18.4.1 View Trusted CA Certificate	202
18.4.2 Import Trusted CA Certificate	203
IPSec VPN	205
19.1 Overview	205
19.2 What You Can Do in this Chapter	205
19.3 What You Need To Know	206
19.4 The Setup Screen	206
19.4.1 Add/Edit VPN Rule	207
19.4.2 The VPN Connection Add/Edit Screen	208
19.4.3 The Default_L2TP_VPN IPSec VPN Rule	214
19.5 The IPSec VPN Monitor Screen	215
19.6 The Radius Screen	215
19.7 Technical Reference	216
19.7.1 IPSec Architecture	217
19.7.2 Encapsulation	218
19.7.3 IKE Phases	219
19.7.4 Negotiation Mode	219
19.7.5 IPSec and NAT	220
19.7.6 VPN, NAT, and NAT Traversal	220
19.7.7 ID Type and Content	221
19.7.8 Pre-Shared Key	222
19.7.9 Diffie-Hellman (DH) Key Groups	223
PPTP VPN	225
20.1 Overview	225
20.2 What You Can Do in this Chapter	225
20.3 PPTP VPN Setup	226
20.4 The PPTP VPN Monitor Screen	227
20.5 PPTP VPN Troubleshooting Tips	227
L2TP VPN	231
21.1 Overview	231
21.1.1 What You Can Do in this Chapter	231
21.2 L2TP VPN Screen	232
21.3 The L2TP VPN Monitor Screen	233
21.4 L2TP VPN Troubleshooting Tips	233
Log	237
22.1 Overview	237
22.1.1 What You Can Do in this Chapter	237
22.1.2 What You Need To Know	237
22.2 The System Log Screen	238
22.3 The Security Log Screen	239
Network Status	241
23.1 Overview	241
23.1.1 What You Can Do in this Chapter	241
23.2 The WAN Status Screen	241
23.3 The LAN Status Screen	242
ARP Table	245
24.1 Overview	245
24.1.1 How ARP Works	245
24.2 ARP Table Screen	245
Routing Table	247
25.1 Overview	247
25.2 The Routing Table Screen	247
IGMP Status	249
26.1 Overview	249
26.2 The IGMP Group Status Screen	249
xDSL Statistics	251
27.1 The xDSL Statistics Screen	251
User Account	255
28.1 Overview	255
28.2 The User Account Screen	255
28.2.1 Add/Edit a Users Account	256
Remote Management	259
29.1 Overview	259
29.2 The Remote MGMT Screen	259
TR-069 Client	261
30.1 Overview	261
30.2 The TR-069 Client Screen	261
SNMP	263
31.1 The SNMP Agent Screen	263
Time	265
32.1 Overview	265
32.2 The Time Screen	265
E-mail Notification	269
33.1 Overview	269
33.2 The Email Notification Screen	269
33.2.1 Email Notification Edit	270
Logs Setting	271
34.1 Overview	271
34.2 The Log Setting Screen	271
34.2.1 Example E-mail Log	272
Firmware and WWAN Package Upgrade	275
35.1 Overview	275
35.2 The Firmware Screen	275
Configuration	279
36.1 Overview	279
36.2 The Configuration Screen	279
36.3 The Reboot Screen	281
Diagnostic	283
37.1 Overview	283
37.1.1 What You Can Do in this Chapter	283
37.2 What You Need to Know	283
37.3 Ping & TraceRoute & NsLookup	284
37.4 802.1ag	285
37.5 OAM Ping Test	286
Troubleshooting	289
38.1 Power, Hardware Connections, and LEDs	289
38.2 Device Access and Login	290
38.3 Internet Access	292
38.4 Wireless Internet Access	293
38.5 USB Device Connection	294
38.6 UPnP	294
Customer Support	297
Legal Information	303

Match case Limit results 1 per page

Chapter 14 Firewall

SBG3300-N Series User’s Guide

186

The following table describes the labels in this screen.

Table 77

Access Control: Add/Edit

LABEL

DESCRIPTION

Enable

Select this to turn on the ACL rule.

Logging

Select this to have the Device log when it performs the ACL rule’s selected action on the

traffic traveling between the two zones.

Filter Name

Enter a descriptive name of up to 16 alphanumeric characters, not including spaces,

underscores, and dashes.

You must enter the filter name to add an ACL rule. This field is read-only if you are editing

the ACL rule.

Order

Select the order of the ACL rule.

Direction

Use the

From

and

drop-down list boxes to select the direction of travel of packets to

which to apply this ACL rule. Select from which zone the packets come in and to which zone

they are destined. For example,

From LAN To WAN

means packets traveling from a

computer or subnet on the LAN zone to the WAN zone.

From Any

means traffic coming from the WAN, LAN, WLAN, DMZ, and EXTRA zones (but

not the

ROUTER

zone).

To Any (excl. Router)

means traffic going to the WAN, LAN, WLAN, DMZ, and EXTRA

zones (but not the

ROUTER

zone).

EXTRA

is a local zone to use as needed depending on your network topology.

To ROUTER

applies to traffic that destined for the Device. Use this to control which

computers can manage the Device.

Select Source

Device

Select the source device to which the ACL rule applies. If you select

Specific IP Address

enter the source IP address in the field below.

Source IP

address

Enter the source IP address.

Select

Destination

Device

Select the destination device to which the ACL rule applies. If you select

Specific IP

Address

, enter the destiniation IP address in the field below.

Destination IP

address

Enter the destination IP address.

IP Type

Select whether your IP type is

IPv4

IPv6

Select Service

Select the transport layer protocol that defines your customized port from the drop-down

list box. The specific protocol rule sets you add in the

Security > Firewall > Service >

Add

screen display in this list.

If you want to configure a customized protocol, select

Specific Service

Protocol

This field is displayed only when you select

Specific Protocol

Select Protocol

Choose the IP port (

TCP/UDP

TCP

UDP

ICMP

, or

ICMPv6

) that defines your customized

port from the drop-down list box.

Custom Source

Port

This field is displayed only when you select

Specific Protocol

Select Protocol

Enter a single port number or the range of port numbers of the source.

Custom

Destination Port

This field is displayed only when you select

Specific Protocol

Select Protocol

Enter a single port number or the range of port numbers of the destination.

Policy

Use the drop-down list box to select whether to discard (

DROP

), deny and send an ICMP

destination-unreachable message to the sender of (

REJECT

) or allow the passage of

(

) packets that match this rule.