Home » ZyXEL Manuals » Networking » ZyXEL VMG3927-B50B » Manual Viewer

ZyXEL VMG3927-B50B User Guide - Page 196

Access Control: Add/Edit

Add to My Manuals
Save this manual to your list of manuals

Page 196 highlights

Chapter 16 Firewall The following table describes the labels in this screen. Table 80 Access Control: Add/Edit LABEL DESCRIPTION Filter Name Enter a descriptive name of up to 16 alphanumeric characters, not including spaces, underscores, and dashes. Order Select Source Device Source IP Address Select Destination Device Destination IP Address IP Type Select Service You must enter the filter name to add an ACL rule. This field is read-only if you are editing the ACL rule. Select the order of the ACL rule. Select the source device to which the ACL rule applies. If you select Specific IP Address, enter the source IP address in the field below. Enter the source IP address. Select the destination device to which the ACL rule applies. If you select Specific IP Address, enter the destiniation IP address in the field below. Enter the destination IP address. Select whether your IP type is IPv4 or IPv6. Select the transport layer protocol that defines your customized port from the drop-down list box. Protocol If you want to configure a customized protocol, select Specific Service. This field is displayed only when you select Specific Protocol in Select Protocol. Custom Source Port Custom Destination Port Policy Direction Enable Rate Limit Choose the IP port (TCP/UDP, TCP, UDP, ICMP, or ICMPv6) that defines your customized port from the drop-down list box. This field is displayed only when you select Specific Protocol in Select Protocol. Enter a single port number or the range of port numbers of the source. This field is displayed only when you select Specific Protocol in Select Protocol. Enter a single port number or the range of port numbers of the destination. Use the drop-down list box to select whether to discard (DROP), deny and send an ICMP destination-unreachable message to the sender of (REJECT) or allow the passage of (ACCEPT) packets that match this rule. Use the drop-down list box to select the direction of traffic to which this rule applies. Select this check box to set a limit on the upstream/downstream transmission rate for the specified protocol. Scheduler Rules Apply Cancel Specify how many packets per minute or second the transmission rate is. Select a schedule rule for this ACL rule form the drop-down list box. You can configure a new schedule rule by click Add New Rule. This will bring you to the Security > Scheduler Rules screen. Click Apply to save your changes. Click Cancel to exit this screen without saving. 16.5 DoS DoS (Denial of Service) attacks can flood your Internet connection with invalid packets and connection requests, using so much bandwidth and so many resources that Internet access becomes unavailable. VMG4927-B50A / VMG9827-B50A / VMG3927-B50B User's Guide 196

Section	Page
VMG4927-B50A / VMG9827-B50A/ VMG3927-B50B	1
Document Conventions	3
Contents Overview	4
Table of Contents	6
User’s Guide	15
VMG Introduction	16
1.1 Overview	16
1.1.1 Internet Access	16
1.1.2 Wireless Access	20
1.1.3 VoIP Features	20
1.2 Ways to Manage the VMG	21
1.3 Good Habits for Managing the VMG	21
1.4 Hardware	21
1.4.1 Front Panels	21
1.4.2 WPS Button	24
1.4.3 LEDs (Lights)	25
1.4.4 Rear Panel	28
1.4.5 RESET Button	29
1.4.6 Wall Mounting	29
The Web Configurator	32
2.1 Overview	32
2.1.1 Access the Web Configurator	32
2.2 Web Configurator Layout	34
2.2.1 Title Bar	34
2.2.2 Navigation Panel	35
Quick Start	39
3.1 Overview	39
3.2 Quick Start Setup	39
Tutorials	42
4.1 Overview	42
4.2 Set Up an ADSL PPPoE Connection	42
4.3 Set Up a Secure WiFi Network	45
4.3.1 Configure the WiFi Network Settings	45
4.3.2 Use WPS	47
4.3.3 Connect to the VMG’s WiFi Network Manually (No WPS)	49
4.3.4 Configure Wireless Security on the VMG	49
4.3.5 Configure Your Laptop	51
4.4 Set Up Multiple Wireless Groups	53
4.5 Configure Static Route for Routing to Another Network	56
4.6 Configure QoS Queue and Class Setup	58
4.7 Access the VMG Using DDNS	62
4.7.1 Register a DDNS Account on www.dyndns.org	62
4.7.2 Configure DDNS on Your VMG	63
4.7.3 Test the DDNS Setting	63
4.8 Configure the MAC Address Filter	63
Technical Reference	65
Network Map and Status Screens	66
5.1 Overview	66
5.2 Network Map	66
5.3 Status	68
Broadband	71
6.1 Overview	71
6.1.1 What You Can Do in this Chapter	71
6.1.2 What You Need to Know	72
6.1.3 Before You Begin	74
6.2 Broadband	75
6.2.1 Add/Edit Internet Connection	76
6.3 Advanced Settings	84
6.4 Ethernet WAN	87
6.5 Technical Reference	87
Wireless	93
7.1 Overview	93
7.1.1 What You Can Do in this Chapter	93
7.1.2 What You Need to Know	93
7.2 WiFi	94
7.2.1 WiFi Edit	94
7.3 Guest WiFi	96
7.3.1 Edit Guest WiFi	97
7.4 WPS	98
7.5 Advanced Settings	98
7.6 Channel Status	101
7.7 MESH	103
7.8 Technical Reference	105
7.8.1 Wireless Network Overview	105
7.8.2 Additional Wireless Terms	107
7.8.3 Wireless Security Overview	107
7.8.4 Signal Problems	109
7.8.5 BSS	109
7.8.6 MBSSID	110
7.8.7 Preamble Type	110
7.8.8 WiFi Protected Setup (WPS)	110
Home Networking	116
8.1 Overview	116
8.1.1 What You Can Do in this Chapter	116
8.1.2 What You Need To Know	117
8.1.3 Before You Begin	118
8.2 LAN Setup	118
8.3 Static DHCP	122
8.4 UPnP	123
8.4.1 Turn On UPnP in Windows 7 Example	125
8.5 Additional Subnet	126
8.6 STB Vendor ID	128
8.7 Wake on LAN	128
8.8 TFTP Server Name	129
8.9 Technical Reference	130
8.9.1 LANs, WANs and the VMG	130
8.9.2 DHCP Setup	130
8.9.3 DNS Server Addresses	130
8.9.4 LAN TCP/IP	131
Routing	133
9.1 Overview	133
9.2 Routing	133
9.2.1 Add/Edit Static Route	134
9.3 DNS Route	135
9.3.1 DNS Route Add	136
9.4 Policy Route	137
9.4.1 Add/Edit Policy Route	138
9.5 RIP Overview	139
9.5.1 RIP	139
Quality of Service (QoS)	140
10.1 Overview	140
10.1.1 What You Can Do in this Chapter	140
10.2 What You Need to Know	141
10.3 Quality of Service General Settings	142
10.4 Queue Setup	143
10.4.1 Adding a QoS Queue	145
10.5 Classification Setup	145
10.5.1 Add/Edit QoS Class	146
10.6 QoS Shaper Setup	150
10.6.1 Add/Edit a QoS Shaper	151
10.7 QoS Policer Setup	151
10.7.1 Add/Edit a QoS Policer	152
10.8 QoS Monitor	153
10.9 Technical Reference	154
Network Address Translation (NAT)	159
11.1 Overview	159
11.1.1 What You Can Do in this Chapter	159
11.1.2 What You Need To Know	159
11.2 Port Forwarding	160
11.2.1 Add/Edit Port Forwarding	162
11.3 Applications Settings	163
11.3.1 Add New Application	164
11.4 Port Triggering	165
11.4.1 Add/Edit Port Triggering Rule	166
11.5 DMZ	167
11.6 ALG	168
11.7 Address Mapping	169
11.7.1 Add/Edit Address Mapping Rule	170
11.8 Sessions	171
11.9 Technical Reference	171
11.9.1 NAT Definitions	172
11.9.2 What NAT Does	172
11.9.3 How NAT Works	173
11.9.4 NAT Application	173
Dynamic DNS Setup	176
12.1 Overview	176
12.1.1 What You Can Do in this Chapter	176
12.1.2 What You Need To Know	176
12.2 DNS Entry	177
12.2.1 Add/Edit DNS Entry	177
12.3 Dynamic DNS	178
IGMP/MLD	180
13.1 Overview	180
13.1.1 What You Need To Know	180
13.2 IGMP/MLD	180
VLAN Group	183
14.1 Overview	183
14.1.1 What You Can Do in this Chapter	183
14.2 VLAN Group	183
14.2.1 Add/Edit a VLAN Group	184
Interface Grouping	185
15.1 Overview	185
15.1.1 What You Can Do in this Chapter	185
15.2 Interface Grouping Overview	185
15.2.1 Interface Grouping Configuration	186
15.2.2 Interface Grouping Criteria	188
Firewall	190
16.1 Overview	190
16.1.1 What You Can Do in this Chapter	190
16.1.2 What You Need to Know	191
16.2 Firewall	191
16.3 Protocol	192
16.3.1 Add/Edit a Service	193
16.4 Access Control	194
16.4.1 Add/Edit an ACL Rule	195
16.5 DoS	196
MAC Filter	198
17.1 Overview	198
17.2 MAC Filter	198
Parental Control	200
18.1 Overview	200
18.2 Parental Control	200
18.2.1 Add/Edit a Parental Control Profile	201
Scheduler Rule	204
19.1 Overview	204
19.2 Scheduler Rule	204
19.2.1 Add/Edit a Schedule	204
Certificates	206
20.1 Overview	206
20.1.1 What You Can Do in this Chapter	206
20.2 What You Need to Know	206
20.3 Local Certificates	206
20.3.1 Create Certificate Request	207
20.3.2 View Certificate Request	208
20.4 Trusted CA	209
20.4.1 View Trusted CA Certificate	210
20.4.2 Import Trusted CA Certificate	211
Voice	213
21.1 Overview	213
21.1.1 What You Can Do in this Chapter	213
21.1.2 What You Need to Know About VoIP	213
21.2 Before You Begin	214
21.3 SIP Account	214
21.3.1 SIP Account Add/Edit	215
21.4 SIP Service Provider	219
21.4.1 SIP Service Provider Add/Edit	220
21.5 Phone Device	224
21.5.1 Phone Device Edit	225
21.6 Region	226
21.7 Call Rule	226
21.8 Technical Reference	227
21.8.1 Quality of Service (QoS)	235
21.8.2 Phone Services Overview	235
Log	240
22.1 Overview	240
22.1.1 What You Can Do in this Chapter	240
22.1.2 What You Need To Know	240
22.2 System Log	241
22.3 Security Log	242
Traffic Status	243
23.1 Overview	243
23.1.1 What You Can Do in this Chapter	243
23.2 WAN Status	243
23.3 LAN Status	244
23.4 NAT Status	245
ARP Table	247
24.1 Overview	247
24.1.1 How ARP Works	247
24.2 ARP Table	248
Routing Table	249
25.1 Overview	249
25.2 Routing Table	249
Multicast Status	251
26.1 Overview	251
26.2 IGMP Status	251
26.3 MLD Status	251
xDSL Statistics	253
27.1 xDSL Statistics	253
System	256
28.1 Overview	256
28.2 System	256
User Account	257
29.1 Overview	257
29.2 User Account	257
29.2.1 User Account Add/Edit	258
Remote Management	260
30.1 Overview	260
30.2 MGMT Services	260
30.3 Trust Domain	261
30.3.1 Add Trust Domain	262
SNMP	263
31.1 Overview	263
31.2 SNMP	263
Time Settings	265
32.1 Overview	265
32.2 Time	265
Email Notification	268
33.1 Overview	268
33.2 Email Notification	268
33.2.1 Email Notification Edit	269
Log Setting	270
34.1 Overview	270
34.2 Log Settings	270
34.2.1 Example Email Log	271
Firmware Upgrade	273
35.1 Overview	273
35.2 Firmware	273
Backup/Restore	275
36.1 Overview	275
36.2 Backup/Restore	275
36.3 Reboot	277
Diagnostic	278
37.1 Overview	278
37.1.1 What You Can Do in this Chapter	278
37.2 What You Need to Know	278
37.3 Ping & TraceRoute & NsLookup	279
37.4 802.1ag	279
37.5 802.3ah	281
37.6 OAM Ping	282
Troubleshooting	285
38.1 Power, Hardware Connections, and LEDs	285
38.2 VMG Access and Login	286
38.3 Internet Access	287
38.4 Wireless Internet Access	289
38.5 UPnP	290
38.6 VoIP Call Quality	290
Appendices	292
Customer Support	293
Wireless LANs	299
IPv6	309
Services	317
Legal Information	321

Match case Limit results 1 per page

Chapter 16 Firewall

VMG4927-B50A / VMG9827-B50A / VMG3927-B50B User’s Guide

196

The following table describes the labels in this screen.

16.5

DoS

DoS (Denial of Service) attacks can flood your Internet connection with invalid packets and connection

requests, using so much bandwidth and so many resources that Internet access becomes unavailable.

Table 80

Access Control: Add/Edit

LABEL

DESCRIPTION

Filter Name

Enter a descriptive name of up to 16 alphanumeric characters, not including spaces,

underscores, and dashes.

You must enter the filter name to add an ACL rule. This field is read-only if you are editing the

ACL rule.

Order

Select the order of the ACL rule.

Select Source

Device

Select the source device to which the ACL rule applies. If you select

Specific IP Address

, enter

the source IP address in the field below.

Source IP

Address

Enter the source IP address.

Select

Destination

Device

Select the destination device to which the ACL rule applies. If you select

Specific IP Address

enter the destiniation IP address in the field below.

Destination IP

Address

Enter the destination IP address.

IP Type

Select whether your IP type is

IPv4

IPv6

Select Service

Select the transport layer protocol that defines your customized port from the drop-down list

box.

If you want to configure a customized protocol, select

Specific Service

Protocol

This field is displayed only when you select

Specific Protocol

Select Protocol

Choose the IP port (

TCP/UDP

TCP

UDP

ICMP

, or

ICMPv6

) that defines your customized port from

the drop-down list box.

Custom Source

Port

This field is displayed only when you select

Specific Protocol

Select Protocol

Enter a single port number or the range of port numbers of the source.

Custom

Destination Port

This field is displayed only when you select

Specific Protocol

Select Protocol

Enter a single port number or the range of port numbers of the destination.

Policy

Use the drop-down list box to select whether to discard (

DROP

), deny and send an ICMP

destination-unreachable message to the sender of (

REJECT

) or allow the passage of (

)

packets that match this rule.

Direction

Use the drop-down list box to select the direction of traffic to which this rule applies.

Enable Rate

Limit

Select this check box to set a limit on the upstream/downstream transmission rate for the

specified protocol.

Specify how many packets per minute or second the transmission rate is.

Scheduler Rules

Select a schedule rule for this ACL rule form the drop-down list box. You can configure a new

schedule rule by click

Add New Rule

. This will bring you to the

Security > Scheduler Rules

screen.

Apply

Click

Apply

to save your changes.

Cancel

Click

Cancel

to exit this screen without saving.