Manuel d'utilisation / d'entretien du produit HW-D Series du fabricant ZyXEL Communications
Aller à la page of 496
P-662H/HW -D Series 802.1 1g ADSL 2+ 4-Port Security Gateway User ’ s Guide V ersion 3.40 Edition 1 7/2006.
.
P-662H/HW-D Series User ’s Guide Copyright 3 Copyright Copyright © 2006 by ZyXEL Communications Corpo ration. The contents of this publication may not be reprod uced in any part or as a wh ole, tra.
P-662H/HW-D Series User’s Guide 4 Certifications Certifications Federal Communications Commissi on (FCC) Interference St atement This device complies with Part 15 of FCC rul es. Operation is subject to the following two conditions: • This device may not cause harmful interference.
P-662H/HW-D Series User ’s Guide Certifications 5 ZyXEL Communications Corp ora tion declared that P-662H/HW -D is limited in CH1~1 1 from 2400 to 2483.
P-662H/HW-D Series User’s Guide 6 Safety Warnings Safety W arnings For your safety , be sure to read and fo llow all warning notices and instructions. • T o reduce the risk of fire, use only No. 26 A WG (American W ire Ga uge) or lar ger telecommunication line cord.
P-662H/HW-D Series User ’s Guide ZyXEL Limited Warranty 7 ZyXEL Limited W arranty ZyXEL warrants to the original en d user (purchaser) that this product is free from any defects in materials or workmansh ip for a period of up to two years from the date of purchase.
P-662H/HW-D Series User’s Guide 8 Customer Suppo rt Customer Support Please have the following information r eady when you contact customer support. • Product model and serial number . • W arranty Information. • Date that you received your de vice.
P-662H/HW-D Series User ’s Guide Customer Support 9 +” is the (prefix) number you enter to make an interna tional telephone call. NORWAY support@zyxel.no +47-22-80-61-80 www .zyxel.no ZyXEL Communications A/S Nils Hansens vei 13 0667 Oslo Norway sales@zyxel.
P-662H/HW-D Series User’s Guide 10 Customer Suppo rt.
P-662H/HW-D Series User ’s Guide Table of Contents 11 T able of Content s Copyright .................................................. .......................................... ...................... 3 Certifications ...............................
P-662H/HW-D Series User’s Guide 12 Table of Contents 2.4.6 S tatus: VPN S tatus ........................... ................... .................... .................. 59 2.4.7 S tatus: Packet S tatistics .............. ................... .........
P-662H/HW-D Series User ’s Guide Table of Contents 13 5.3.1.2 V ariable Bit Rate (VBR) .... ................... ................... ....................... ..89 5.3.1.3 Unspecif ied Bit Rate (UBR) ....... ....................... ................... .
P-662H/HW-D Series User’s Guide 14 Table of Contents 7.3 Wireless Performance Overview ............... ....................... ................... .............126 7.3.1 Quality of Service (QoS) ........ .................... ...................... .
P-662H/HW-D Series User ’s Guide Table of Contents 15 9.3 NA T General Setup .................. ....................... ................... ................... ..........160 9.4 Port Forwarding ............... .................... ..................
P-662H/HW-D Series User’s Guide 16 Table of Contents 1 1.3 Rule Logic O verview ............... ................... ....................... ................... ..........182 1 1.3.1 Rule Checklist ...................... ....................... .....
P-662H/HW-D Series User ’s Guide Table of Contents 17 13.4 Configuring T rusted Computers ....... ............. ................... ................... ..........213 Chapter 14 Content Access Control .......................... ......................
P-662H/HW-D Series User’s Guide 18 Table of Contents 16.2.2 ESP (Encapsulating Security Payl oad) Protoc ol ..... ................... ..........239 16.3 My IP Address .................. .................... ................... ......................
P-662H/HW-D Series User ’s Guide Table of Contents 19 17.12.1 T rusted Remote Host Certificate Fingerprints .............. ....................... 282 17.13 T rusted Remote Hosts Import ....... ......... .................... ................... ....
P-662H/HW-D Series User’s Guide 20 Table of Contents 21.1.2 Remote Management and NA T ..... ....................... ...................... ..........310 21.1.3 System Timeout ......... ................... ................... .......................
P-662H/HW-D Series User ’s Guide Table of Contents 21 Chapter 25 T ools ..... .......................................... ..................................................... .................. 345 25.1 Firmware Upgrade .... ................... ....
P-662H/HW-D Series User’s Guide 22 Table of Contents Macintosh OS X ..................... .................... ................... ................... ...................... 383 Linux .................... ................... .................... ...
P-662H/HW-D Series User ’s Guide Table of Contents 23 Appendix J Boot Commands ........................... ........................................... ............................ 425 Appendix K Firewall Commands ....................................
P-662H/HW-D Series User’s Guide 24 Table of Contents.
P-662H/HW-D Series User ’s Guide List of Figure s 25 List of Figures Figure 1 ZyXEL Device Internet Access Applic ation ....... ....................... ................... .......... 46 Figure 2 ZyXEL Device LAN-t o-LAN Applicati on Example .... ...
P-662H/HW-D Series User’s Guide 26 List of Figures Figure 39 Bandwidth Management Wizard: G eneral Information .................... ................... 81 Figure 40 Bandwidth Management Wizard: Conf iguration .. ................... .................
P-662H/HW-D Series User ’s Guide List of Figure s 27 Figure 82 How NA T Works ........ ................... ....................... ................... ................... .......... 158 Figure 83 NA T Application With IP Alias ...... ... ...........
P-662H/HW-D Series User’s Guide 28 List of Figures Figure 125 Encryption and Decryption ............ ............. ................... .................... ................ 234 Figure 126 IPSec Architecture ........ ................... .............
P-662H/HW-D Series User ’s Guide List of Figure s 29 Figure 168 SNMP Management Model ........ ...... .......... ................... .................... ................ 314 Figure 169 Remote Management: SNMP .......... .......... .................
P-662H/HW-D Series User’s Guide 30 List of Figures Figure 21 1 Java (Sun) ........ ....... ................... ................... .................... ................... ............. 361 Figure 212 Internet Options Security ........... ..........
P-662H/HW-D Series User ’s Guide List of Figure s 31 Figure 254 Personal Certificate Import Wizard 3 ...................... ................... .................... ... 416 Figure 255 Personal Certificate Import Wizard 4 ...................... .....
P-662H/HW-D Series User’s Guide 32 List of Figures.
P-662H/HW-D Series User ’s Guide List of Tables 33 List of T ables T able 1 ADSL S tandards .......................... ................... ................... ....................... ............. 42 T able 2 Front Panel LED s . ................... .
P-662H/HW-D Series User’s Guide 34 List of Tables T able 39 Wireless: S tatic WEP Encryption ........ ....................... ................... ....................... 130 T able 40 Wireless: WP A(2)-PSK .............. ............................
P-662H/HW-D Series User ’s Guide List of Tables 35 T able 82 Content Access Control: General: Web Site Filter . ...................... .................... ... 222 T able 83 Content Access Control: General: Diagno se ................... ............
P-662H/HW-D Series User’s Guide 36 List of Tables T able 125 Remote Management: WWW ........... ....................... ....................... ................... 31 1 T able 126 Remote Management: T elnet ............................... ..........
P-662H/HW-D Series User ’s Guide List of Tables 37 T able 168 Net BIOS Filter Default Settings ............... ................... ....................... ................ 434 T able 169 Abbreviations Used in the Example In ternal SPTGEN Screens T able .
P-662H/HW-D Series User’s Guide 38 List of Tables.
P-662H/HW-D Series User ’s Guide Preface 39 Preface Congratulations on your p urchase of the P-662H/HW -D series 802.1 1g W ireless ADSL 2+ 4- port Gateway . P-662H-D has a 4-port switch that allows you t o connect up to 4 computers to the ZyXEL Device without purchasing a switc h/hub.
P-662H/HW-D Series User’s Guide 40 Preface User Guide Feedback Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The T echnical Writi ng T eam, ZyXEL Communications Corp.
P-662H/HW-D Series User ’s Guide Chapter 1 Getting To Know Your ZyXEL Device 41 C HAPTER 1 Getting T o Know Y our ZyXEL Device This chapter describes the key features and applications of your ZyXEL Device .
P-662H/HW-D Series User’s Guide 42 Chapter 1 Getting To Kn ow Your ZyXEL Device High Speed Internet Access The ZyXEL Device is an ADSL router co mpatible with th e ADSL/ADSL2/ADSL2+ standards. Maximum data rates attainable for each standard are shown in the next table.
P-662H/HW-D Series User ’s Guide Chapter 1 Getting To Know Your ZyXEL Device 43 LAN/DMZ Interface The ZyXEL Device provides a LAN port that can function as a virtual DeMilitarized Zone (DMZ) port.
P-662H/HW-D Series User’s Guide 44 Chapter 1 Getting To Kn ow Your ZyXEL Device Dynamic DNS Support W ith Dynamic DNS support, you can have a sta tic hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet.
P-662H/HW-D Series User ’s Guide Chapter 1 Getting To Know Your ZyXEL Device 45 1.1.1.1 P-662HW Wireless Features Wireless LAN The ZyXEL Device supports the IEEE 802.1 1g st andard, which is fully compatible with the IEEE 802.1 1b standard, meanin g that you can have both IEEE 802.
P-662H/HW-D Series User’s Guide 46 Chapter 1 Getting To Kn ow Your ZyXEL Device 1.1.2.1 Internet Access The ZyXEL Device is the ideal high-speed Internet access solution. Y our ZyXEL Device supports the TCP/IP protocol, which the Internet uses exclusively .
P-662H/HW-D Series User ’s Guide Chapter 1 Getting To Know Your ZyXEL Device 47 Figure 3 Firewall Application 1.1.4 Front Panel LEDs Figure 4 P-662H Front Pan el Figure 5 P-662HW Front Panel The following table describes the Lights.
P-662H/HW-D Series User’s Guide 48 Chapter 1 Getting To Kn ow Your ZyXEL Device Refer to the Quick S tart Guide for in formation on hard ware connections. WLAN (P- 662HW only) Green On The Zy XEL Device is ready , but is not sending/recei ving data through the wireless LAN.
P-662H/HW-D Series User ’s Guide Chapter 2 Introducing the Web Configur ator 49 C HAPTER 2 Introducing the W eb Configurator This chapter describes how to access and navigate the web configurator .
P-662H/HW-D Series User’s Guide 50 Chapter 2 Introducing the Web Configurator only . Click Login to proceed to a screen asking you to change your password or click Cancel to revert to the default password. Figure 6 Password Screen 6 If you entered the user password, skip the next two steps and refer to Section 2.
P-662H/HW-D Series User ’s Guide Chapter 2 Introducing the Web Configur ator 51 Note: If you do not replace th e certificate, the following screen appears every time you log in. Figure 8 Replace Factory Default Certificate 8 Select Go to Wizard setup and click Apply to display the wizard main screen.
P-662H/HW-D Series User’s Guide 52 Chapter 2 Introducing the Web Configurator 2.3.1 Using the Reset Button 1 Make sure the POWER LED is on (not blinking). 2 Press the RESET button for 10 seconds or until the POWER LED begins to blink an d then release it.
P-662H/HW-D Series User ’s Guide Chapter 2 Introducing the Web Configur ator 53 Note: Click the icon (located in the top right corner of most screens) to view embedded help.
P-662H/HW-D Series User’s Guide 54 Chapter 2 Introducing the Web Configurator Threshold Use this scre en to configure the th reshold for DoS attacks. Anti Virus Packet Scan Use this screen to change your Packet Scan settings. Registration Use this screen to register , activate or update your anti-virus services.
P-662H/HW-D Series User ’s Guide Chapter 2 Introducing the Web Configur ator 55 2.4.2 St atus Screen The following summarizes how to navigate the web configurator from the St a t u s screen. Some fields or links are not available if yo u entered the user password in the login password screen (see Figure 6 on page 50 ).
P-662H/HW-D Series User’s Guide 56 Chapter 2 Introducing the Web Configurator Figure 1 1 S tatus Screen The following table describes the labels shown in the St a t u s scre en.
P-662H/HW-D Series User ’s Guide Chapter 2 Introducing the Web Configur ator 57 VPI/VCI This is the Virtual Path Identifier and Vi rtual Channel Identifier that you entered in the Wizard or WA N screen. LAN Informatio n IP Address This is the LAN port IP address.
P-662H/HW-D Series User’s Guide 58 Chapter 2 Introducing the Web Configurator 2.4.3 St atus: Any IP T able Click the Any IP T able hyperlink in the St a t u s scree n.
P-662H/HW-D Series User ’s Guide Chapter 2 Introducing the Web Configur ator 59 Figure 13 S tatus: WLAN S tatus The following table describes the labels in this screen. 2.4.5 St atus: Bandwid th S t atus Select the Bandwidth S tatus hyperlink in the St a t u s scre en.
P-662H/HW-D Series User’s Guide 60 Chapter 2 Introducing the Web Configurator Figure 15 S tatus: VPN S tatus The following table describes the labels in this screen. 2.4.7 St atus: Packet St atistics Click the Packet S tatistics hyperlink in the St a t u s screen.
P-662H/HW-D Series User ’s Guide Chapter 2 Introducing the Web Configur ator 61 Figure 16 S tatus: Packet S tati stics The following table describes th e fields in this screen. Table 8 S tatus: Pack et S tatistics LABEL DESCRIPTION System Monitor System up T ime This is the elapsed time the system has been up.
P-662H/HW-D Series User’s Guide 62 Chapter 2 Introducing the Web Configurator 2.4.8 Changing Login Password It is highly recommended that you periodic ally change the password for accessing the ZyXEL Device.
P-662H/HW-D Series User ’s Guide Chapter 2 Introducing the Web Configur ator 63 The following table describes th e fields in this screen. T able 9 System General: Password LABEL DESCRIPTION Old Password T ype the default password or the existing password you us e to access the system in this field.
P-662H/HW-D Series User’s Guide 64 Chapter 2 Introducing the Web Configurator.
P-662H/HW-D Series User ’s Guide Chapter 3 Wizard Setup for Internet Acces s 65 C HAPTER 3 W izard Setup for Internet Access This chapter provides informatio n on the W izard Setup screens for Internet access in the web configurator .
P-662H/HW-D Series User’s Guide 66 Chapter 3 Wiz ard Setup for In ternet Access Figure 19 Wizard: Welcome 3 The wizard attempts to detect whic h W AN connection type you are using. If the wizard detects your connection type and your ISP uses PPPo E or PPPoA, go to Section 3.
P-662H/HW-D Series User ’s Guide Chapter 3 Wizard Setup for Internet Acces s 67 Figure 21 Auto Detection: Failed 3.2.1 Automatic Detection 1 If you have a PPPoE or PPPoA connection, a scr een displays prompting you to enter your Internet account information.
P-662H/HW-D Series User’s Guide 68 Chapter 3 Wiz ard Setup for In ternet Access Figure 23 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen.
P-662H/HW-D Series User ’s Guide Chapter 3 Wizard Setup for Internet Acces s 69 2 The next wizard screen varies depending on wh at mode and encapsulatio n type you use. All screens shown are with routing mode. Configure the fields and click Next to continue.
P-662H/HW-D Series User’s Guide 70 Chapter 3 Wiz ard Setup for In ternet Access The following table describes the fields in this screen. Figure 26 Internet Connection with ENET ENCAP The following table describes the fields in this screen.
P-662H/HW-D Series User ’s Guide Chapter 3 Wizard Setup for Internet Acces s 71 Figure 27 Internet Connection with PPPoA The following table describes the fields in this screen. • If the user name and/or password you ente red for PPPoE or PPPoA connection are not correct, the screen displays as shown next.
P-662H/HW-D Series User’s Guide 72 Chapter 3 Wiz ard Setup for In ternet Access Figure 28 Connection T est Failed-1 • If the following screen displays, check if your account is activated or click Restart the Internet/Wir eless Setup Wizard to verify your In ternet access settings.
P-662H/HW-D Series User ’s Guide Chapter 3 Wizard Setup for Internet Acces s 73 Figure 30 Connection T est Success ful 2 Use this screen to activate the wireless LAN and OTIST .
P-662H/HW-D Series User’s Guide 74 Chapter 3 Wiz ard Setup for In ternet Access The following table describes the labels in this screen. 3 Configure your wireless settin gs in this screen.
P-662H/HW-D Series User ’s Guide Chapter 3 Wizard Setup for Internet Acces s 75 The following table describes the labels in this screen. Note: The wireless stations and ZyXEL Device must use the sa me SSID, channel ID and WEP encryption key (if WEP is enabled), WP A-PSK (if WP A-PSK is enabled) for wireless communicatio n.
P-662H/HW-D Series User’s Guide 76 Chapter 3 Wiz ard Setup for In ternet Access Figure 33 Manually assign a WP A key The following table describes the labels in this screen. 3.3.3 Manually assign a WEP key Choose Manually assign a WEP key to setup WEP Encryption parameters.
P-662H/HW-D Series User ’s Guide Chapter 3 Wizard Setup for Internet Acces s 77 The following table describes the labels in this screen. 5 Click Apply to save your wireless LAN settings. Figure 35 Wireless LAN Setup 3 6 Use the read-only summary table to check whet her what you have configured is correct.
P-662H/HW-D Series User’s Guide 78 Chapter 3 Wiz ard Setup for In ternet Access Figure 36 Internet Access and WLAN Wizard Se tup Complete 7 Launch your web browser and navigate to www .zyxel.com. Internet access is just the beginning. Refer to the rest of this guide for more detailed inform ation on the complete range of ZyXEL Device features.
P-662H/HW-D Series User ’s Guide Chapter 4 Bandwidth Management Wiza rd 79 C HAPTER 4 Bandwid th Management Wizard This chapter shows you how to configure basic bandwidth management using th e wizard screens.
P-662H/HW-D Series User’s Guide 80 Chapter 4 Bandwidth Man agement Wizard 4.3 Bandwid th Management Wizard Setup 1 After you enter the password to access the web configurator , select Go to Wizard setup and click Apply . Otherwise, click the wizard icon ( ) in the top right corner of the web configurator to display the wiza rd main screen.
P-662H/HW-D Series User ’s Guide Chapter 4 Bandwidth Management Wiza rd 81 Figure 38 Wizard: Welcome 3 Activate bandwidth management and select to allocate bandwidth to packets based on the services. Figure 39 Bandwidt h Management Wizard: General In formation The following fields describe the label in this screen.
P-662H/HW-D Series User’s Guide 82 Chapter 4 Bandwidth Man agement Wizard 4 Use the second wizard screen to select the se rvices that you want to apply bandwidth management and select the priorities that you want to apply to the services listed.
P-662H/HW-D Series User ’s Guide Chapter 4 Bandwidth Management Wiza rd 83 5 Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuratio n. Figure 41 Bandwid th Management Wizard: Comple te Apply Click Apply to save your changes back to the ZyXEL Device.
P-662H/HW-D Series User’s Guide 84 Chapter 4 Bandwidth Man agement Wizard.
P-662H/HW-D Series User ’s Guide Chapter 5 WAN Setup 85 C HAPTER 5 W AN Setup This chapter describes how to configure W AN settings. 5.1 W AN Overview A W AN (W ide Area Network) is an outside conn ection to another network or the Intern et. 5.1.1 Encap sulation Be sure to use the encapsulat ion method required by your ISP .
P-662H/HW-D Series User’s Guide 86 Chapter 5 WAN Setup By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task.
P-662H/HW-D Series User ’s Guide Chapter 5 WAN Setup 87 5.1.4 IP Address Assignment A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different one each time. The Si ngle User Account feature can be enabled or disabled if you have either a dynamic or static IP .
P-662H/HW-D Series User’s Guide 88 Chapter 5 WAN Setup 5.2 Metric The metric represents the "cost of transmissi on". A router determines the best route for transmission by choosing a path with the lowest "cost".
P-662H/HW-D Series User ’s Guide Chapter 5 WAN Setup 89 Maximum Burst Size (MBS) is the maximum numb er of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more cells (up to the MBS) can be sent at the PCR again.
P-662H/HW-D Series User’s Guide 90 Chapter 5 WAN Setup The VBR-nR T (non real-time V ariable Bit Rate) ty pe is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for " bursty" traffic typical on LANs.
P-662H/HW-D Series User ’s Guide Chapter 5 WAN Setup 91 Figure 43 Internet Conne ction (PPPoE) The following table describes the labels in this screen. Table 22 Internet Connection LABEL DESCRIPTION General Name Enter the name of your Internet Service Provider , e.
P-662H/HW-D Series User’s Guide 92 Chapter 5 WAN Setup 5.5.1 Configuring Advance d Internet Connection T o edit your ZyXEL Device's ad vanced W AN settings, click the Advanced Setup button in the Internet Connection screen. The screen appears as shown.
P-662H/HW-D Series User ’s Guide Chapter 5 WAN Setup 93 Figure 44 Advanced Internet Connection The following table describes the labels in this screen.
P-662H/HW-D Series User’s Guide 94 Chapter 5 WAN Setup 5.6 Configuring More Connections This section describes the protocol-independent parameters for a remote network. They are required for placing calls to a remote gate way and the network behind it across a W AN connection.
P-662H/HW-D Series User ’s Guide Chapter 5 WAN Setup 95 Figure 45 More Connections The following table describes the labels in this screen. 5.6.1 More Connections Edit Click the edit icon in the More Con nections screen to configure a connection . Table 24 More Connections LABEL DESCRIPTION # This is the index number of a connection.
P-662H/HW-D Series User’s Guide 96 Chapter 5 WAN Setup Figure 46 More Connections Edit The following table describes the labels in this screen. Table 25 More Connections Edit LABEL DESCRIPTION Active Select the check box to activate or clear the check box to deactivate this connection.
P-662H/HW-D Series User ’s Guide Chapter 5 WAN Setup 97 Multiplexing Select the method of multiple xing used by your ISP from the drop-down list. Choices are VC or LLC . By prior agreement, a protocol is assigned a specific vi rtual circuit , for example, VC1 will carry IP .
P-662H/HW-D Series User’s Guide 98 Chapter 5 WAN Setup 5.6.2 Configuring More Connections Advanced Setup T o edit your ZyXEL Device's ad vanced W AN settings, click the Advanced Setup button in the Mor e Connections Edit screen. The screen appears as shown.
P-662H/HW-D Series User ’s Guide Chapter 5 WAN Setup 99 5.7 T raffic Redirect T raffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to the Internet.
P-662H/HW-D Series User’s Guide 100 Chapter 5 WAN Setup Figure 49 T raf fic Redirect LAN Setup 5.8 Configuring W AN Backup T o chang e your ZyXEL Device’ s W AN bac kup settings, click WA N > W AN Backup Setup .
P-662H/HW-D Series User ’s Guide Chapter 5 WAN Setup 101 Figure 50 W A N Backup Setup The following table describes the labels in this screen. Table 27 W AN Backup Setup LABEL DESCRIPTION Backup T ype Select the method that the ZyXEL Device uses to check the DSL connection.
P-662H/HW-D Series User’s Guide 102 Chapter 5 WAN Setup 5.9 W AN Backup Advanced Screen T o change yo ur ZyXEL Device’ s W AN backu p advanced settings, click WA N > W AN Backup Setup > Advanced Setup .
P-662H/HW-D Series User ’s Guide Chapter 5 WAN Setup 103 Figure 51 W A N Backup Advanced Setup The following table describes the labels in this screen. Table 28 W AN Backup Advanced Setup LABEL DESCRIPTION Authentication Ty p e Use the drop-down list box to select an auth entication protocol for outgoin g calls.
P-662H/HW-D Series User’s Guide 104 Chapter 5 WAN Setup Advanced Modem Setup Click the Edit button to display the Advanced Modem Setup screen and edit the details of your dial backup setup. TCP/IP Options Metric This field sets t his route's priority among the three ro utes the ZyXEL Device uses (normal, traffic redirect and dial backup).
P-662H/HW-D Series User ’s Guide Chapter 5 WAN Setup 105 5.10 Dial Backup Modem Setup Click Edit in the WA N > W AN Backup Setup > Advanced Setup screen to configure the advanced modem settings.
P-662H/HW-D Series User’s Guide 106 Chapter 5 WAN Setup Figure 52 W A N Dial Backup Modem Setup The following table describes the labels in this screen. Table 29 W AN Dial Backup Modem Setup LABEL DESCRIPTION A T Command St r i n g s Dial T y pe the A T Command string to make a call.
P-662H/HW-D Series User ’s Guide Chapter 5 WAN Setup 107 Retry Interval T ype a number of seconds for the ZyXEL Device to wait before trying another call after a call has failed.
P-662H/HW-D Series User’s Guide 108 Chapter 5 WAN Setup.
P-662H/HW-D Series User ’s Guide Chapter 6 LAN Setup 109 C HAPTER 6 LAN Setup This chapter describes how to configure LAN settings. 6.1 LAN Overview A Local Area Network (LAN) is a shared comm unication system to which many computers are attached.
P-662H/HW-D Series User’s Guide 110 Chapter 6 LAN Se tup 6.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol , RFC 2131 and RFC 2132) allows indiv idual clients to obtain TCP/IP configuration at start-up from a server . Y ou can configure the ZyXEL Device as a DHCP server or disable it.
P-662H/HW-D Series User ’s Guide Chapter 6 LAN Setup 111 6.1.4 DNS Server Address Assignment Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because wit hout it, you must k now the IP address of a computer before you can access it.
P-662H/HW-D Series User’s Guide 112 Chapter 6 LAN Se tup 6.2.1.1 Private IP Addresses Every machine on the Internet must ha ve a unique address. If your network s are isolated from the Internet, for example, only between your two branch of fices, you can assign any IP addresses to the hosts without problems.
P-662H/HW-D Series User ’s Guide Chapter 6 LAN Setup 113 6.2.3 Multicast T raditionally , IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of host s on the networ k - not everybody and not just 1.
P-662H/HW-D Series User’s Guide 114 Chapter 6 LAN Se tup Figure 54 Any IP Example The Any IP fe ature does n ot apply to a computer using either a dynami c IP address or a static IP address tha t is in the sa me subnet as the ZyXEL De vice’ s IP address.
P-662H/HW-D Series User ’s Guide Chapter 6 LAN Setup 115 After all the routing information is updated, the computer can access the ZyXEL Device and the Internet as if it is in th e same subnet as the ZyXEL Device. 6.3 Configuring LAN IP Click LAN to open the IP screen.
P-662H/HW-D Series User’s Guide 116 Chapter 6 LAN Se tup Figure 56 Advanced LAN Setup The following table describes the labels in this screen. Table 31 Advanced LA N Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Select the RIP direction from None , Both , In Only and Out Only .
P-662H/HW-D Series User ’s Guide Chapter 6 LAN Setup 117 6.4 DHCP Setup Use this screen to configure th e DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Figure 57 DHCP Setup The following table describes the labels in this screen.
P-662H/HW-D Series User’s Guide 118 Chapter 6 LAN Se tup 6.5 LAN Client List This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Med ia Access Control) addre ss.
P-662H/HW-D Series User ’s Guide Chapter 6 LAN Setup 119 The following table describes the labels in this screen. 6.6 LAN IP Alias IP alias allows you to partition a physical network into dif fer ent logical networks over the same Ethernet interface.
P-662H/HW-D Series User’s Guide 120 Chapter 6 LAN Se tup Figure 59 Physical Network & Partitioned Logical Networks T o change your ZyXEL Device ’ s IP alias settings, click Network > LAN > IP Alias . The screen appears as shown. Figure 60 LAN IP Alias The following table describes the labels in this screen.
P-662H/HW-D Series User ’s Guide Chapter 6 LAN Setup 121 RIP Direction RIP (Routing Information Protocol , RFC 1058 and RFC 1389) all ows a router to exchange routing informatio n with other routers. The RIP Direction field cont rols the sending and receiving of RIP packe ts.
P-662H/HW-D Series User’s Guide 122 Chapter 6 LAN Se tup.
P-662H/HW-D Series User ’s Guide Chapter 7 Wireless LAN 123 C HAPTER 7 W ireless LAN This chapter discusses how to configure the wire less network settings in your ZyXEL Device.
P-662H/HW-D Series User’s Guide 124 Chapter 7 Wireless LAN • Every device in the same wireless networ k must use security compatible with the AP . Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network.
P-662H/HW-D Series User ’s Guide Chapter 7 Wireless LAN 125 For wireless networks, there are two typical plac es to store the user names and passwords for each user . • In the ZyXEL Device: this feature is called a local user database or a local database.
P-662H/HW-D Series User’s Guide 126 Chapter 7 Wireless LAN Note: It is recommended that wireless networks u se WP A-PSK , WP A , or stronger encryption. IEEE 802.1x and W EP encryption are better than non e at all, but it is still possible for unauthorized wireless devices to figure out the orig inal information pretty quickly .
P-662H/HW-D Series User ’s Guide Chapter 7 Wireless LAN 127 7.4 Additional Wireless T erms The following table describes wireless networ k terms and acronyms used in the ZyXEL Device.
P-662H/HW-D Series User’s Guide 128 Chapter 7 Wireless LAN Figure 62 Wireless LAN: General The following table describes the general wireless LAN labels in this screen. See the rest of this chapter for informa tion on the other labels in this screen.
P-662H/HW-D Series User ’s Guide Chapter 7 Wireless LAN 129 7.5.1 No Security Select No Security to allow wireless stations to commun icate with the access points without any data encryption. Note: If you do not enable an y wireless security on your ZyXEL Device, your network is accessible to any wireless network ing device tha t is within range.
P-662H/HW-D Series User’s Guide 130 Chapter 7 Wireless LAN Figure 64 Wireless: S tatic WEP Encryption The following table describes the wireless LAN security labels in this screen. 7.5.3 WP A(2)-PSK In order to configure and enable WP A(2)-PSK authentication; click Network > Wir eless LAN to display the Ge neral screen.
P-662H/HW-D Series User ’s Guide Chapter 7 Wireless LAN 131 Figure 65 Wireless: WP A(2)-PSK The following table describes the wireless LAN security labels in this screen. Table 40 Wireless: WPA(2)-PSK LABEL DESCRIPTION Security Mode Choose WP A-PSK or WP A2-PSK from the drop-down list box.
P-662H/HW-D Series User’s Guide 132 Chapter 7 Wireless LAN 7.5.4 WP A(2) Au thentication Screen In order to configure and enable WP A(2) Authentication; click the Wireless LAN link un der Network to display the Wir eless screen. Select WP A or WP A2 from the Security Mode list.
P-662H/HW-D Series User ’s Guide Chapter 7 Wireless LAN 133 The following table describes the wireless LAN security labels in this screen. Table 41 Wireless: WPA(2) LABEL DESCRIPTION WP A Compatible This check box is available only when you select WP A2-PSK or WP A2 i n the Security Mode field.
P-662H/HW-D Series User’s Guide 134 Chapter 7 Wireless LAN 7.5.5 Wireless LAN Advanced Setup T o configure advanced wi reless settings, click the Advanced Setup button in the General screen. The screen appears as shown. Figure 67 Advanced The following table describes the labels in this screen.
P-662H/HW-D Series User ’s Guide Chapter 7 Wireless LAN 135 7.6 OTIST In a wireless network, the wireless clients mu st have the same SSID and security settings as the access point (AP) or wireless router (we wi ll refer to both as “AP” here) in order to associate with it.
P-662H/HW-D Series User’s Guide 136 Chapter 7 Wireless LAN 7.6.1.1 AP Click the Wir eless LAN link under Network and then the OTIST tab. The following screen displays.
P-662H/HW-D Series User ’s Guide Chapter 7 Wireless LAN 137 7.6.1.2 Wireless Client Start the ZyXEL utility and click the Adapter tab. Select the OTIST check box, enter the same Setup Key as your AP’ s and cl ick Save .
P-662H/HW-D Series User’s Guide 138 Chapter 7 Wireless LAN 7.6.2 St arting OTIST Note: Y ou must click Star t in the AP OTIST web configurator screen and in the wireless client(s) Adapter screen all within three minutes (at the time of writing).
P-662H/HW-D Series User ’s Guide Chapter 7 Wireless LAN 139 Figure 74 S tart OTIST? 2 If an OTIST -enabled wireless client los es its wireless connection for more than ten seconds, it will search for an OTIST -enabled AP for up to one minute.
P-662H/HW-D Series User’s Guide 140 Chapter 7 Wireless LAN Figure 75 MAC Addres s Filter The following table describes the labels in this menu. Table 44 MAC Address F ilter LABEL DESCRIPTION Active MAC Filter Select the check box to enable MAC ad dress filtering.
P-662H/HW-D Series User ’s Guide Chapter 7 Wireless LAN 141 7.8 WMM QoS WMM (W i-Fi MultiMedia) QoS (Qua lity of Service) ensures quality of service in wireless networks for multimed ia applications. WMM allows you to prioritize wireless traf fic according to the deliver y requirements of the individual and applications .
P-662H/HW-D Series User’s Guide 142 Chapter 7 Wireless LAN 7.8.3 Services The commonly used services and port numbers ar e shown in the following table. Please refer to RFC 1700 for further information about port numbers. Next to the name of the service, two fields appear in brackets.
P-662H/HW-D Series User ’s Guide Chapter 7 Wireless LAN 143 Table 46 Commonly Used Ser vices SERVICE DESCRIPTION AIM/New-ICQ(TCP:5190) AOL ’s Internet Messenger service, used as a listening port by ICQ. AUTH(TCP:1 13) Authenticati on protocol used by som e servers .
P-662H/HW-D Series User’s Guide 144 Chapter 7 Wireless LAN 7.9 QoS Screen The QoS screen by default allows you to au tomatically give a service a priority level according to the T oS value in the IP header of the packets it sends.
P-662H/HW-D Series User ’s Guide Chapter 7 Wireless LAN 145 Click Network > Wi reless LAN > QoS . The following screen displays. Figure 76 Wireless LAN: QoS The following table describes the fields in this screen. Table 47 Wireless LAN: QoS LABEL DESCRIPTION QoS Enable WMM QoS Select the che ck box to enable W MM QoS on the ZyXEL D evice.
P-662H/HW-D Series User’s Guide 146 Chapter 7 Wireless LAN 7.9.2 Application Pr iority Configuration T o edit a WMM QoS application entry , click the edit icon under Modify . The following screen displays. Figure 77 Application Priority Configuration The following table describes the fields in this screen.
P-662H/HW-D Series User ’s Guide Chapter 7 Wireless LAN 147 7.10 Multiple SSID (P-662HW -D Models only) The ZyXEL Device supports multiple SSID which allows you to configure a second wireless network with its own security pa rameters. This means that you can allow two different user groups to be connected to the same access point.
P-662H/HW-D Series User’s Guide 148 Chapter 7 Wireless LAN Figure 78 Multiple SSID Network Example In this section the second wireless network is referred to as the “guest wireless network” and user ’ s connecting to this network are referred to as “guests”.
P-662H/HW-D Series User ’s Guide Chapter 7 Wireless LAN 149 The following table give s a description of multiple SSID commands. Table 49 Multiple SSID Commands Command Description guestssid <SSID> Use this command to specify the SSID of the guest wireless netw ork.
P-662H/HW-D Series User’s Guide 150 Chapter 7 Wireless LAN 7.10.2 Multiple SSID Example This example shows how to configure a guest wi reless network with the following parameters. In the following script exampl e all typed co mmands and pa rameters have been bolded.
P-662H/HW-D Series User ’s Guide Chapter 8 DMZ 151 C HAPTER 8 DMZ This chapter describes how to configure the ZyXEL Device’ s DMZ. 8.1 Introduction The DeMilitarized Zone (DMZ) auto-negotiating 10/100 Mbps E thernet port provides a way for public servers (W eb, e-mail, FTP , etc.
P-662H/HW-D Series User’s Guide 152 Chapter 8 DMZ Figure 79 DMZ The following table describes the labels in this screen. Table 51 DMZ LABEL DESCRIPTION DMZ TCP/IP IP Address T ype the IP address of your ZyXEL Device’s DMZ port in dotted decimal notation.
P-662H/HW-D Series User ’s Guide Chapter 8 DMZ 153 8.3 DMZ Public IP Address Example The following figure shows a simple network set up with public IP addresses on the W AN and DMZ and private IP addresses on the LAN. Lowe r case letters represent public IP addresses (like a.
P-662H/HW-D Series User’s Guide 154 Chapter 8 DMZ Figure 80 DMZ Public Addr ess Example 8.4 DMZ Private and Public IP Address Example The following figure shows a network setup with bot h private and public IP addresses on the DMZ. Lower case letters represent public IP addresses (like a.
P-662H/HW-D Series User ’s Guide Chapter 8 DMZ 155 Figure 81 DMZ Private and Public Address Example.
P-662H/HW-D Series User’s Guide 156 Chapter 8 DMZ.
P-662H/HW-D Series User ’s Guide Chapter 9 Network Address Translatio n (NAT) Screens 157 C HAPTER 9 Network Address T ranslation (NA T) Screens This chapter discusses how to configure NA T on the ZyXEL Device.
P-662H/HW-D Series User’s Guide 158 Chapt er 9 Network Addre ss Translation (NA T) Screens 9.1.2 What NA T Does In the simplest form, NA T changes the sour ce IP address in a packet received from a subscriber (the inside local address) to anothe r (the inside global address) before forwarding the packet to the W AN side.
P-662H/HW-D Series User ’s Guide Chapter 9 Network Address Translatio n (NAT) Screens 159 9.1.4 NA T Ap plication The following figure illustrates a possible NA T application, wher e three inside LANs (logical LANs using IP Alias) behind the ZyXEL Devi ce can communicate with three distinct W AN networks.
P-662H/HW-D Series User’s Guide 160 Chapt er 9 Network Addre ss Translation (NA T) Screens Port numbers do NOT change for One-to-One and Many-to-Many No Overload NA T mapping types.
P-662H/HW-D Series User ’s Guide Chapter 9 Network Address Translatio n (NAT) Screens 161 Figure 84 NA T General The following table describes the labels in this screen.
P-662H/HW-D Series User’s Guide 162 Chapt er 9 Network Addre ss Translation (NA T) Screens Y ou may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server . The port number identifies a service; for example, web service is on port 80 and FTP on port 21.
P-662H/HW-D Series User ’s Guide Chapter 9 Network Address Translatio n (NAT) Screens 163 9.4.3 Configuring Servers Behi nd Port Forwarding (Example) Let's say you want to assign po rts 21-2 5 to one FTP , T elnet and SMTP server ( A in the example), port 80 to another ( B in the example) and assign a default server IP address of 192.
P-662H/HW-D Series User’s Guide 164 Chapt er 9 Network Addre ss Translation (NA T) Screens The following table describes th e fields in this screen. 9.5.1 Port Forwarding Rule Edit T o edit a port forwarding rule, c lick the rule’ s edit icon in the Port Forwarding screen to display the screen shown next.
P-662H/HW-D Series User ’s Guide Chapter 9 Network Address Translatio n (NAT) Screens 165 The following table describes th e fields in this screen. 9.6 Address Mapping Note: The Address Mapping screen is available only when you select Ful l Feature in the NA T > General screen.
P-662H/HW-D Series User’s Guide 166 Chapt er 9 Network Addre ss Translation (NA T) Screens Figure 88 Address Mapping Rule s The following table describes th e fields in this screen. Table 58 Address Mapp ing Rules LABEL DESCRIPTION # This is the rule index number .
P-662H/HW-D Series User ’s Guide Chapter 9 Network Address Translatio n (NAT) Screens 167 9.6.1 Address Mapping Rule Edit T o edit an address mapping rule, click the rule’ s edit icon in the Addr ess Mapping screen to display the screen shown next.
P-662H/HW-D Series User’s Guide 168 Chapt er 9 Network Addre ss Translation (NA T) Screens Edit Details Click this link to go to the Port Forwarding screen to edit a server mappi ng set that you have selected in the Server Mapping Set field. Back Click Back to retu rn to the previous screen.
P-662H/HW-D Series User ’s Guide Chapter 10 Firewalls 169 C HAPTER 10 Firewalls This chapter gives some back ground information on firewa lls and introduces the ZyXEL Device firewall. 10.1 Firewall Overview Originally , the term firewall referred to a construction techni que designed to prevent the spread of fire from one room to another .
P-662H/HW-D Series User’s Guide 170 Chapter 10 Firewalls 10.2.2 Application-level Firewalls Application-level firewalls restrict access by serv ing as proxies for e xternal servers.
P-662H/HW-D Series User ’s Guide Chapter 10 Firewalls 171 • The LAN (Local Area Network) port attache s to a network of computers, which ne eds security from the outside world. These computer s will have access to Internet services such as e-mail, FTP , and the W orld W ide W e b.
P-662H/HW-D Series User’s Guide 172 Chapter 10 Firewalls 10.4.2 T ypes of DoS Atta cks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data.
P-662H/HW-D Series User ’s Guide Chapter 10 Firewalls 173 Under normal circumstances, the applica tion that initiates a session sends a SYN (synchronize) packet to the receiving server . The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the in itiator responds with an ACK (acknowledgment).
P-662H/HW-D Series User’s Guide 174 Chapter 10 Firewalls Figure 93 Smurf Attack 10.4.2.1 ICMP V ulnerability ICMP is an error -reporting protocol that works in concert with IP . The following ICMP types trigger an alert: 10.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal.
P-662H/HW-D Series User ’s Guide Chapter 10 Firewalls 175 10.4.2.3 T raceroute T raceroute is a utility used to determine th e path a packet takes between two endpoints. Sometimes when a packet filter firewall is conf igured incorrectly an at tacker can traceroute the firewall gaining knowledge of the network topology inside the firewall.
P-662H/HW-D Series User’s Guide 176 Chapter 10 Firewalls The previous figure shows the ZyXEL Device’ s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a T elnet session from within the LAN and responses to this request are allowe d.
P-662H/HW-D Series User ’s Guide Chapter 10 Firewalls 177 • Allow certain types of traffic from the In ternet to specific hosts on the LAN. • Allow access to a W eb server to everyone but competitors. • Restrict use of certain protocols, such as T elnet, to authoriz ed users on the LAN.
P-662H/HW-D Series User’s Guide 178 Chapter 10 Firewalls A similar situation exists for ICMP , except that the ZyXEL Device is even more restrictive.
P-662H/HW-D Series User ’s Guide Chapter 10 Firewalls 179 10.6.1 Security In General Y ou can never be too careful! Factors outside yo ur firewall, filtering or NA T can cause security breaches. Below are some generalizations about what you can do to minimize the m.
P-662H/HW-D Series User’s Guide 180 Chapter 10 Firewalls 10.7.1 Packet Filtering: • The router filters packets as they pass through the router’ s interface according to the filter rules you designed.
P-662H/HW-D Series User ’s Guide Chapter 11 Firewall Configurat ion 181 C HAPTER 11 Firewall Configuration This chapter shows you how to enable and configure t he ZyXEL Device firewall. 1 1.1 Access Methods The web configurator is, by far , the most co mprehensive firewall configuration tool your ZyXEL Device has to offer .
P-662H/HW-D Series User’s Guide 182 Chapter 11 Firewall Configuration Note: If you configure firewall rules wit hout a good underst anding of how they work, you might inadvertently introduce securi ty risks to the f irewall and to the protected network.
P-662H/HW-D Series User ’s Guide Chapter 11 Firewall Configurat ion 183 4 Does a rule that allows Internet users acces s to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are al lowed from the Internet to t he LAN, Internet users may be able to connect to computers with running FTP servers.
P-662H/HW-D Series User’s Guide 184 Chapter 11 Firewall Configuration 1 1.4.1 LAN to W A N Rules The default rule for LAN to W AN traf fic is that all users on the LAN are allowed non- restricted access to the W AN.
P-662H/HW-D Series User ’s Guide Chapter 11 Firewall Configurat ion 185 The following table describes the labels in this screen. 1 1.6 Firewall Rules Summary Note: The ordering of your rule s is very import ant as rules are app lied in turn. Refer to Section 10.
P-662H/HW-D Series User’s Guide 186 Chapter 11 Firewall Configuration Figure 96 Firewall Rules The following table describes the labels in this screen.
P-662H/HW-D Series User ’s Guide Chapter 11 Firewall Configurat ion 187 1 1.6.1 Configuring Firewall Rules Refer to Section 10.1 on page 169 for more information. In the Rules screen, select an index number and click Add or click a rule’ s Edit icon to display this screen and refer to the following table for information on the labels.
P-662H/HW-D Series User’s Guide 188 Chapter 11 Firewall Configuration Figure 97 Firewall: Edit Rule.
P-662H/HW-D Series User ’s Guide Chapter 11 Firewall Configurat ion 189 The following table describes the labels in this screen. Table 66 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to ena ble this firewall rule.
P-662H/HW-D Series User’s Guide 190 Chapter 11 Firewall Configuration 1 1.6.2 Customized Services Configure customized services and port number s not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website.
P-662H/HW-D Series User ’s Guide Chapter 11 Firewall Configurat ion 191 1 1.6.3 Configuring A Customized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one. This actio n displays the following screen.
P-662H/HW-D Series User’s Guide 192 Chapter 11 Firewall Configuration Figure 100 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule b ecomes number 7 and the previous rule 7 (if there is one) becomes rule 8.
P-662H/HW-D Series User ’s Guide Chapter 11 Firewall Configurat ion 193 Figure 102 Firewall Example: Edit Ru le: Destination Address 9 Use the Add >> and Remove buttons between A vailable Services and Selected Services list boxes to configure it as follows.
P-662H/HW-D Series User’s Guide 194 Chapter 11 Firewall Configuration Figure 103 Firewall Example: Edit Rule : Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following.
P-662H/HW-D Series User ’s Guide Chapter 11 Firewall Configurat ion 195 Figure 104 Firewall Example: Rules: MyService 1 1.8 Predefin ed Services The A vailable Services list box in the Edit Rule screen (see Section 1 1.6.1 on page 187 ) displays all predefined services that the ZyXEL Device already supports.
P-662H/HW-D Series User’s Guide 196 Chapter 11 Firewall Configuration H.323(TCP:1720) Net Meeting uses this proto col. HTTP(TCP:80) Hyper T ext Transfer Protocol - a cl ient/server protocol for the wo rld wide web. HTTPS HTTPS is a secured ht tp session of ten used in e-commerce.
P-662H/HW-D Series User ’s Guide Chapter 11 Firewall Configurat ion 197 1 1.9 Anti-Probing If an outside user attempts to probe an unsupp orted port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the ou tside user to know the ZyXEL Device exists.
P-662H/HW-D Series User’s Guide 198 Chapter 11 Firewall Configuration The following table describes the labels in this screen. 1 1.10 DoS Thresholds For DoS attacks, the ZyXEL Device uses threshol ds to determine when to drop sessions that do not become fully established.
P-662H/HW-D Series User ’s Guide Chapter 11 Firewall Configurat ion 199 Y ou should make any chan ges to the threshold values b efore you continue configu ring firewall rules.
P-662H/HW-D Series User’s Guide 200 Chapter 11 Firewall Configuration 1 1.10.3 Configuring Firewall Thresholds The ZyXEL Device also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold an d timeout apply to all TCP connections.
P-662H/HW-D Series User ’s Guide Chapter 11 Firewall Configurat ion 201 Maximum Incomplete Low This is the number of existing half-open sessions that cau ses the firewall to stop deleting half-open sessions.
P-662H/HW-D Series User’s Guide 202 Chapter 11 Firewall Configuration.
P-662H/HW-D Series User ’s Guide Chapter 12 Anti-Virus Packet Scan 203 C HAPTER 12 Anti-V irus Packet Scan This chapter introduces and shows you how to configure the anti- virus packet scan. 12.1 Overview A computer virus is a small program designed to corrupt and/or alter the operati on of other legitimate programs.
P-662H/HW-D Series User’s Guide 204 C hapter 12 Anti -Virus Packet Scan For maximum protection, you must ke ep the pattern file up-to-date. 12.2.1 Computer V irus Infection and Prevention The follow de scribes a sim plistic life cycle of a computer viru s.
P-662H/HW-D Series User ’s Guide Chapter 12 Anti-Virus Packet Scan 205 This is an Internet file transfer service th at operates on the Internet and over TCP/IP networks. A system running the FTP server acc epts commands from a system running an FTP client.
P-662H/HW-D Series User’s Guide 206 C hapter 12 Anti -Virus Packet Scan Click Security > AntiV iru s to display th e configuration screen as shown next.
P-662H/HW-D Series User ’s Guide Chapter 12 Anti-Virus Packet Scan 207 12.5 Registration and Online Up date Use the Registration and V irus Information Update screen to register for and activate the anti-virus packet scan feature on the ZyXEL Devi ce.
P-662H/HW-D Series User’s Guide 208 C hapter 12 Anti -Virus Packet Scan Figure 109 Anti-Virus: Registration an d Virus Information Update The following table describes the labels in this screen.
P-662H/HW-D Series User ’s Guide Chapter 12 Anti-Virus Packet Scan 209 12.5.1 Up dating the Anti-Virus Packet Scan Follow the steps below to update the viru s scan on the ZyXEL Device manually .
P-662H/HW-D Series User’s Guide 210 C hapter 12 Anti -Virus Packet Scan.
P-662H/HW-D Series User ’s Guide Chapter 13 Content Filtering 211 C HAPTER 13 Content Filtering This chapter covers how to configure content filtering. 13.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs.
P-662H/HW-D Series User’s Guide 212 Chapter 13 Content Filtering The following table describes the labels in this screen. 13.3 Configuring the Schedule T o set the days and times for the ZyXEL De vice to perform content filtering, click Security > Content Filter > Schedule .
P-662H/HW-D Series User ’s Guide Chapter 13 Content Filtering 213 The following table describes the labels in this screen. 13.4 Configuring T rusted Computers T o exclude a range of users on the LAN from content filtering on your ZyXEL Device, click Security > Content Filter > Tr u s t e d .
P-662H/HW-D Series User’s Guide 214 Chapter 13 Content Filtering.
P-662H/HW-D Series User ’s Guide Chapter 14 Content Access Control 215 C HAPTER 14 Content Access Control This chapter gives some backgr ound information on Content Ac cess Control and explains how to get started with the ZyXEL Device Content Access Control.
P-662H/HW-D Series User’s Guide 216 Chapter 14 Conten t Access C ontrol 14.2 Activating CAC and Creating User Group s From the main menu click Security > Content Access Control and General to open the configuration screen. Use this screen to activate Content Access Control and set up the four user groups.
P-662H/HW-D Series User ’s Guide Chapter 14 Content Access Control 217 14.2.1 Configuring T ime Schedule T o set up the time schedule for each user group, click Edit under Time in the Content Access Control-General screen. A screen displays as shown next.
P-662H/HW-D Series User’s Guide 218 Chapter 14 Conten t Access C ontrol Figure 1 17 Control Access Control: Gen eral: T ime Scheduling The following table describes the labels in this screen.
P-662H/HW-D Series User ’s Guide Chapter 14 Content Access Control 219 14.2.2 Configuring Services T o customize service s for each user group, click Edit under Services for that user group in the Content Access Control: General screen. Figure 1 18 Content Access Control: General: Services The following table describes the labels in this screen.
P-662H/HW-D Series User’s Guide 220 Chapter 14 Conten t Access C ontrol 14.2.2.1 A vailable Services The A vailable Services list box in the Services screen displays some predefined services tha t the ZyXEL Device supports. The following ta ble shows a list of services that can be configured.
P-662H/HW-D Series User ’s Guide Chapter 14 Content Access Control 221 MUL TICAST(IGMP:0) Internet Group Multicast Pr otocol is used when sending packets to a specific group of hosts. NEW-ICQ(TCP:5190) An Internet chat progra m. NEWS(TCP :144) A protoc ol for news gr oups .
P-662H/HW-D Series User’s Guide 222 Chapter 14 Conten t Access C ontrol 14.2.3 Configuring Web Site Filters T o enable content filtering an d to configure URL keyword blocking for a user g roup, click Edit under We b B r o w s i n g in the Content Access Control: General screen.
P-662H/HW-D Series User ’s Guide Chapter 14 Content Access Control 223 Log Matched Web Site Select this option to re cord attempt s to access prohibited web pages. Select Blocked Categories Use this section to prevent users from accessing web pages that match the categories that yo u select below .
P-662H/HW-D Series User’s Guide 224 Chapter 14 Conten t Access C ontrol Abortion Selecting this category excludes pages that provide info rmation or arguments in favor of or against a bortion, describe abortion procedures, offer help in obtaining or avoiding abortion, or provide information on the ef fects, or lack thereof, of abortion.
P-662H/HW-D Series User ’s Guide Chapter 14 Content Access Control 225 Health Sele cting this category excludes pages that provide advice and information on general health such as fitness and well-b.
P-662H/HW-D Series User’s Guide 226 Chapter 14 Conten t Access C ontrol Society/Lifestyle Selecting this category exclude s p ages providing informati on on matters of daily life. This does n ot include pages relating to entertainment, sport s, jobs, sex or pages promoting alternative lifestyles such a s homosexuality .
P-662H/HW-D Series User ’s Guide Chapter 14 Content Access Control 227 14.2.4 T esting Web Site Access Privileges T o check the acce ss restrictions of a web site, click Diagn ose under W eb Browsing in the Content Access Control: General screen. A screen displays as shown next.
P-662H/HW-D Series User’s Guide 228 Chapter 14 Conten t Access C ontrol 14.3 User Account Setup W ith Content Acces s Control, the ZyXEL Device requires LAN users to login with valid username and password before they are allowed to acce ss the Internet.
P-662H/HW-D Series User ’s Guide Chapter 14 Content Access Control 229 14.4 User Online S t atus T o view the online status of each us er , click Security > Content Acc ess Contro l > Online St a t u s to display the screen as shown. Figure 122 Content Access Control: Online S tatus The following table describes the labels in this screen.
P-662H/HW-D Series User’s Guide 230 Chapter 14 Conten t Access C ontrol 14.5 Content Access Control Logins The following sections describe the user and administrator login experience. 14.5.1 User Login 1 Once the initial configuration is complete, a computer on the network cannot gain Internet access without first lo gging into the ZyXEL Device.
P-662H/HW-D Series User ’s Guide Chapter 14 Content Access Control 231 14.5.2 Administrator Login The administrator can log into the system. • The administrator opens their browser and is directed to the ZyXEL Device user login page (this is the same as the user login).
P-662H/HW-D Series User’s Guide 232 Chapter 14 Conten t Access C ontrol.
P-662H/HW-D Series User ’s Guide Chapter 15 Introduction to IPSec 233 C HAPTER 15 Introduction to IPSec This chapter introduces the basics of IPSec VPNs. 15.1 VPN Overview A VPN (V irtual Private Network) provides sec ure communications between sites without the expense of leased site-to-site lines.
P-662H/HW-D Series User’s Guide 234 Chapter 1 5 Introduction t o IPSec Figure 125 Encryption an d Decryption 15.1.3.2 Dat a Confidentiality The IPSec sender can encrypt packets befo re transmitting them across a network.
P-662H/HW-D Series User ’s Guide Chapter 15 Introduction to IPSec 235 15.2 IPSec Architecture The overall IPSec architect ure is shown as follows. Figure 126 IPSec Architecture 15.
P-662H/HW-D Series User’s Guide 236 Chapter 1 5 Introduction t o IPSec Figure 127 T ransport and T unnel Mode IPSec Encapsulation 15.3.1 T ransport Mode Tr a n s p o r t mode is used to protect upper layer prot ocols and only affects the data in the IP packet.
P-662H/HW-D Series User ’s Guide Chapter 15 Introduction to IPSec 237 NA T is incompatible with the AH protocol in both Tr a n s p o r t and T unnel mode. An IPSec VPN using the AH protocol digitally sig ns the outbound packet, both data payload and headers, with a hash value appe nded to the pack et.
P-662H/HW-D Series User’s Guide 238 Chapter 1 5 Introduction t o IPSec.
P-662H/HW-D Series User ’s Guide Chapter 16 VPN Screens 239 C HAPTER 16 VPN Screens This chapter introduces the VPN screens. See the Logs chapter for in formation on viewing logs and the appendix for IPSec log descriptions.
P-662H/HW-D Series User’s Guide 240 Chapter 16 VP N Screens 16.3 My IP Address My IP Address is the W AN IP address of th e ZyXEL Device. The ZyXEL Device has to rebuild the VPN tunnel if the My IP Address changes after setup. The following applies if this field is configured as 0.
P-662H/HW-D Series User ’s Guide Chapter 16 VPN Screens 241 16.4 Secure Gateway Address Secure Gateway Address is the W AN IP address or domain name of the remote IPSec router (secure gateway). If the remote secure gateway has a static W AN IP address, enter it in the Secure Gateway Address field.
P-662H/HW-D Series User’s Guide 242 Chapter 16 VP N Screens Figure 129 VPN Setup The following table describes the fields in this screen. T able 88 VPN Setup LABEL DESCRIPTION No. This is the VPN policy index number . Click a number to edit VPN policies.
P-662H/HW-D Series User ’s Guide Chapter 16 VPN Screens 243 16.6 Keep Alive When you initiate an IPSec tunnel with keep alive enabled, the ZyX EL Device automatically renegotiates the tunnel wh en the IPSec SA lifetime period expires (see Section 16.
P-662H/HW-D Series User’s Guide 244 Chapter 16 VP N Screens 16.7 VPN, NA T , and NA T T raversal NA T is incompatible with the AH protocol in both transport and tunnel mode.
P-662H/HW-D Series User ’s Guide Chapter 16 VPN Screens 245 Y* - This is supported in the ZyXEL Device if you enable NA T traversal. 16.8 Remote DNS Server In cases where you want to use domain names to access Intranet servers on a remote network that has a DNS server , you must identify that DNS server .
P-662H/HW-D Series User’s Guide 246 Chapter 16 VP N Screens W ith main mode (see Section 16.12. 1 on page 253 ), the ID type and content are encrypted to provide identity protection.
P-662H/HW-D Series User ’s Guide Chapter 16 VPN Screens 247 The two ZyXEL Devices in this example ca n complete negotiation and establish a VPN tunnel. The two ZyXEL Devices in this example cann ot complete their negotiation because ZyXEL Device B’ s Local ID type is IP , but ZyXEL Device A ’ s Pe er ID type is set to E-mail .
P-662H/HW-D Series User’s Guide 248 Chapter 16 VP N Screens Figure 132 Edit VPN Policies The following table describes the fields in this screen. T able 94 Edit VPN Policies LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy .
P-662H/HW-D Series User ’s Guide Chapter 16 VPN Screens 249 NA T T raversal This function is availab le if the VPN protocol is ESP . Select this check box if you want to set up a VPN tunnel when there are NA T routers between the ZyXEL Devi ce and remo te IPSec router .
P-662H/HW-D Series User’s Guide 250 Chapter 16 VP N Screens Remote Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when th e Secure Gateway IP Address field is configured to 0.
P-662H/HW-D Series User ’s Guide Chapter 16 VPN Screens 251 Peer ID T ype Select IP to identify the remote IPSe c router by its IP address. Select DNS to identify the remote IPSec router by a domain name. Select E-mail to identify the remote IPSec router by an e-mail address.
P-662H/HW-D Series User’s Guide 252 Chapter 16 VP N Screens 16.12 IKE Phases There are two phases to every IKE (Internet Key Exchange) ne gotiation – phase 1 (Authentication) and ph ase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and the second one uses that SA to negotiate SAs for IPSe c.
P-662H/HW-D Series User ’s Guide Chapter 16 VPN Screens 253 • Authenticate the connection by entering a pre-shared key . • Choose an encryption algorithm. • Choose an authentication algorithm. • Choose a Dif fie-Hellman public-key cry ptography key grou p ( DH1 or DH2 ) .
P-662H/HW-D Series User’s Guide 254 Chapter 16 VP N Screens 16.12.2 Diffie-Hellman (DH) Key Groups Diffie-Hellman (DH) is a publi c -key cryptography protocol tha t allows two parties to establish a shared secret over an unsecured communications channel.
P-662H/HW-D Series User ’s Guide Chapter 16 VPN Screens 255 Figure 134 Advanced VPN Policies The following table describes the fields in this screen. T able 95 Advanced VPN Policies LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP , 6 for TCP , 1 7 for UDP , etc.
P-662H/HW-D Series User’s Guide 256 Chapter 16 VP N Screens Negotiati on Mode Select Main or Aggressiv e from the drop-down list box. Multiple SAs connecting through a secure gateway must have the same negotiation mode . Pre-Shared Key T ype your pre-shared key in this field.
P-662H/HW-D Series User ’s Guide Chapter 16 VPN Screens 257 16.14 Manual Key Setup Manual key managemen t is useful if you have problems with IKE key mana gement. 16.14.1 Security Parameter Index (SPI) An SPI is used to distinguish dif ferent SAs te rminating at the same de stination and using the same IPSec protocol.
P-662H/HW-D Series User’s Guide 258 Chapter 16 VP N Screens Figure 135 VPN: Manual Key The following table describes the fields in this screen. Table 96 VPN: Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy .
P-662H/HW-D Series User ’s Guide Chapter 16 VPN Screens 259 DNS Server (for IPSec VPN) If there is a private DNS server that se rvices the VPN, type its IP address here. The ZyXEL Device a ssigns this additional DNS server to the Zy XEL Device 's DHCP clients that have IP addresses in this IPSec rule's range of lo cal addresses.
P-662H/HW-D Series User’s Guide 260 Chapter 16 VP N Screens 16.16 V iewing SA Monitor Click Security , VPN and Monitor to open the SA Moni tor screen as shown. Use this screen to display and ma nage active VPN co nnections . A Security Association (SA) is the group of se cu rity settings related to a specific VPN tunnel.
P-662H/HW-D Series User ’s Guide Chapter 16 VPN Screens 261 When there is outbound traffic b ut no inbound tr affic, the SA times out automatically after two minutes. A tunnel with no outb ound or inbound traf fic is "idle" and does not timeo ut until the SA lifetime period expires.
P-662H/HW-D Series User’s Guide 262 Chapter 16 VP N Screens The following table describes the fields in this screen. 16.18 T elecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single ZyXEL D evice at head quarters.
P-662H/HW-D Series User ’s Guide Chapter 16 VPN Screens 263 16.18.2 T elecommuters Usin g Unique VPN Rules Example In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain names that are mapped to their dynamic W AN IP addresses (use Dynamic DNS to do this).
P-662H/HW-D Series User’s Guide 264 Chapter 16 VP N Screens 16.19 VPN and Remote Management If a VPN tunnel uses T elnet, FTP , WWW , then you shou ld configure remote managemen t ( Remote Management ) to allow access for that service.
P-662H/HW-D Series User ’s Guide Chapter 17 Certificates 265 C HAPTER 17 Certificates This chapter gives background in formation about public-key certificates and explains how to use them. 17.1 Certificates Overview The ZyXEL Device can use certificates (also ca lled digital IDs) to authenticate users.
P-662H/HW-D Series User’s Guide 266 Chapter 17 Certificates A certification path is the hierarchy of certif ication authority certificates that validate a certificate. The ZyXEL Device does not trust a ce rtificate if any certificate on its path has expired or been revoked.
P-662H/HW-D Series User ’s Guide Chapter 17 Certificates 267 Use the Directory Servers screen to configure a list of addresses of directory servers (that contain lists of valid and revoked certificates). 17.4 My Certificates Click Security > Certificates > My Certificates to open the My Certificates screen.
P-662H/HW-D Series User’s Guide 268 Chapter 17 Certificates T ype This field displays what kind of certificate this is. REQ represents a certification request an d is not yet a valid certificate. Send a certification request to a certification authority , wh ich then issues a certificate.
P-662H/HW-D Series User ’s Guide Chapter 17 Certificates 269 17.5 My Certificate Import Click Security > Certificates > My Certificates and then Import to open the My Certificate Import screen. Follow the instructions in this sc reen to save an e xis ting certificate to the ZyXEL Device.
P-662H/HW-D Series User’s Guide 270 Chapter 17 Certificates The following table describes the labels in this screen. 17.6 My Certificate Create Click Se curity > Certificates > My Certificates > Cr eate to open the My Certificate Create screen.
P-662H/HW-D Series User ’s Guide Chapter 17 Certificates 271 The following table describes the labels in this screen. T able 103 My Certificate Create LABEL DESCRIPTION Certificate Name T ype up to 31 ASCII characters (not includ ing sp aces ) to identify this certifi cate.
P-662H/HW-D Series User’s Guide 272 Chapter 17 Certificates After you click Apply in the My Certificate Create screen, you see a screen that tells you the ZyXEL Device is generating the self-signe d certificate or certification request.
P-662H/HW-D Series User ’s Guide Chapter 17 Certificates 273 Figure 144 My Certificate Details.
P-662H/HW-D Series User’s Guide 274 Chapter 17 Certificates The following table describes the labels in this screen. Table 104 My Certificate Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this certifica te.
P-662H/HW-D Series User ’s Guide Chapter 17 Certificates 275 17.8 T rusted CAs Click Security > Certificates > T rusted CAs to open the T rusted CAs screen. This screen displays a summary list of certificates of the certification authorities that you ha ve set the ZyXEL Device to accept as trusted.
P-662H/HW-D Series User’s Guide 276 Chapter 17 Certificates Figure 145 T rusted CAs The following table describes the labels in this screen. Table 105 T rusted CAs LABEL DESCRIPTION PKI S torage S pace in Use This bar displays the percentage of the Zy XEL Device’s PKI storage space that is currently in use.
P-662H/HW-D Series User ’s Guide Chapter 17 Certificates 277 17.9 T rusted CA Import Click Security > Certificates > T rusted CAs to open the T rusted CAs screen and then click Import to open the T rusted CA Import screen. Follow the instructions in this screen to save a trusted certification authority’ s certificate to the ZyXEL Device.
P-662H/HW-D Series User’s Guide 278 Chapter 17 Certificates 17.10 T rusted CA Det ails Click Security > Certificates > T rusted CAs to open the T rusted CAs screen.
P-662H/HW-D Series User ’s Guide Chapter 17 Certificates 279 The following table describes the labels in this screen. Table 107 T rusted CA Details LABEL DESCRIPTION Name This field disp lays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key cert ificat e.
P-662H/HW-D Series User’s Guide 280 Chapter 17 Certificates 17.1 1 T rusted Remote Host s Click Security > Certificates > T rusted Remote Hosts to open the T rusted Remote Hosts screen.
P-662H/HW-D Series User ’s Guide Chapter 17 Certificates 281 Figure 148 T rusted Remote Hosts The following table describes the labels in this screen. Table 108 T rusted Remote Hosts LABEL DESCRIPTION PKI S torage S pace in Use This bar displays th e percentage of the Zy XEL Device’s PKI storage space that is currently in use.
P-662H/HW-D Series User’s Guide 282 Chapter 17 Certificates 17.12 V erifying a T rusted Remote Host’ s Certificate Certificates issued by certific ation authorities have the certificat ion authority’ s signature for you to check. Self-sig ned certificates only ha ve th e signature of the host itself.
P-662H/HW-D Series User ’s Guide Chapter 17 Certificates 283 V erify (over the phone for example) that the remote host has the sa me information in the Thumbprint Algorithm and Thumbprint fields.
P-662H/HW-D Series User’s Guide 284 Chapter 17 Certificates Figure 152 T rusted Remote Hos t Det ails.
P-662H/HW-D Series User ’s Guide Chapter 17 Certificates 285 The following table describes the labels in this screen. Table 110 T rusted Remote Host Details LABEL DESCRIPTION Name Th is field displays the identifyin g name of this certificate. If you wan t to change the name, type up to 31 characters to id entify this key certificate.
P-662H/HW-D Series User’s Guide 286 Chapter 17 Certificates 17.15 Directory Servers Click Security > Certificates > Dir ectory Servers to open the Directory Servers screen. This screen display s a summary list of directory se rvers (that contain lists of valid and revoked certificates) that have been save d into the ZyXEL Device.
P-662H/HW-D Series User ’s Guide Chapter 17 Certificates 287 Figure 153 Directory Servers The following table describes the labels in this screen. 17.16 Directory Server Add or Edit Click Security > Certificates > Dir ectory Servers to open the Directory Servers screen.
P-662H/HW-D Series User’s Guide 288 Chapter 17 Certificates Figure 154 Directory Server Add The following table describes the labels in this screen. T able 1 12 Directory Server Add LABEL DESCRIPTION Directory Service Setting Name T ype up to 31 ASCII characters (spaces ar e not permitted) to identify this directory server .
P-662H/HW-D Series User ’s Guide Chapter 18 Static Rout e 289 C HAPTER 18 S t atic Route This chapter shows you how to configure static routes for your ZyXEL Device. 18.1 S t atic Route Each remote node specifies only the network to which the gateway is di rectly connected, and the ZyXEL Device has no know ledge of the networks beyo nd.
P-662H/HW-D Series User’s Guide 290 Chapter 18 Static Route Figure 156 S tatic Route The following table describes the labels in this screen. 18.2.1 S t atic Route Edit Select a static route index numb er and click Edit . The screen shown next appears.
P-662H/HW-D Series User ’s Guide Chapter 18 Static Rout e 291 Figure 157 S tatic Route Edit The following table describes the labels in this screen. T able 1 14 S tatic Route Edit LABEL DESCRIPTION Active This field allows you to activa te/deactivate this st atic route.
P-662H/HW-D Series User’s Guide 292 Chapter 18 Static Route.
P-662H/HW-D Series User ’s Guide Chapter 19 Bandwidth Managemen t 293 C HAPTER 19 Bandwid th Management This chapter contains information about configuri ng bandwidth management, editing rules and viewing the ZyXEL Device’ s band width management logs.
P-662H/HW-D Series User’s Guide 294 Chapter 19 Bandwidth Management Figure 158 Subnet-based Ba ndwidt h Management Example 19.4 Application and Subnet-based Bandwid th Management Y ou could also create bandwidth clas ses based on a combination of a subnet and an application.
P-662H/HW-D Series User ’s Guide Chapter 19 Bandwidth Managemen t 295 19.5.2 Fairness-based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one ba ndwidth class from using all of the interface’ s bandwidth.
P-662H/HW-D Series User’s Guide 296 Chapter 19 Bandwidth Management 19.6.2 Maximize Ba ndwid th Usage Example Here is an example of a ZyXEL Device that has maximize bandwidth usage enabled on an interface. The following table shows each ba nd width class’ s bandwidth budget.
P-662H/HW-D Series User ’s Guide Chapter 19 Bandwidth Managemen t 297 • Research requires more bandwidth but only gets its budgeted 2048 kbps because all of the unbudgeted and unu sed bandwidth goes to the higher priority sales and marketing classes.
P-662H/HW-D Series User’s Guide 298 Chapter 19 Bandwidth Management Figure 159 Bandwidth Ma nagement: Summary The following table describes the labels in this screen. Table 120 Media Bandwid th Management: Su mmary LABEL DESCRIPTION Interface These read -only labels repres ent the physical interfaces.
P-662H/HW-D Series User ’s Guide Chapter 19 Bandwidth Managemen t 299 19.8 Bandwid th Management Rule Setup Y ou must use the Bandwidth Management Summary screen to enable bandwidth management on an interface before yo u can configure rules for that interface.
P-662H/HW-D Series User’s Guide 300 Chapter 19 Bandwidth Management 19.8.1 Rule Configuration Click the Edit icon or select User Defined from the Serv ice drop-down list in the Rule Setup screen to configure a bandwidth management ru le.
P-662H/HW-D Series User ’s Guide Chapter 19 Bandwidth Managemen t 301 The following table describes the labels in this screen. Table 122 Bandwidth Management Rule Configuration LABEL DESCRIPTION Rule Configurati on Active Select this check box to have the ZyXEL Device apply this bandwidth management rule.
P-662H/HW-D Series User’s Guide 302 Chapter 19 Bandwidth Management The following table describes common services with their associated port numbers. 19.9 Bandwid th Monitor T o view the ZyXEL Device’ s ba ndwidth usage and allotments, click Advanced > Bandwidth MGMT > Mon itor .
P-662H/HW-D Series User ’s Guide Chapter 19 Bandwidth Managemen t 303 Figure 162 Bandwidth Ma nagement: Monitor.
P-662H/HW-D Series User’s Guide 304 Chapter 19 Bandwidth Management.
P-662H/HW-D Series User ’s Guide Chapter 20 Dynamic DNS Setup 305 C HAPTER 20 Dynamic DNS Setup This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS.
P-662H/HW-D Series User’s Guide 306 Chapter 2 0 Dynamic DNS Setup Figure 163 Dynamic DNS The following table describes th e fields in this screen. Table 124 Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic DNS Select this check box to use dynamic DNS.
P-662H/HW-D Series User ’s Guide Chapter 20 Dynamic DNS Setup 307 Dynamic DNS server auto detect IP Address Select this option only when there are one or more NA T routers between the ZyXEL Device and the DDNS server . This feat ure has the DDNS server automatically detect and use the IP address of th e NA T router that has a public IP address.
P-662H/HW-D Series User’s Guide 308 Chapter 2 0 Dynamic DNS Setup.
P-662H/HW-D Series User ’s Guide Chapter 21 Remote M anagement Configuratio n 309 C HAPTER 21 Remote Management Configuration This chapter provides information on config uring remote management.
P-662H/HW-D Series User’s Guide 310 Chapter 21 Remote Ma nagement Configuration • The IP address in the Secured Client IP field does not match th e client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately .
P-662H/HW-D Series User ’s Guide Chapter 21 Remote M anagement Configuratio n 311 The following table describes the labels in this screen. 21.3 T elnet Y ou can configure your ZyXEL Device for remote T elne t access as shown next. The administrator uses T elnet from a computer on a remote network to access the ZyXEL Device.
P-662H/HW-D Series User’s Guide 312 Chapter 21 Remote Ma nagement Configuration Figure 166 Remote Mana gement: T elnet The following table describes the labels in this screen.
P-662H/HW-D Series User ’s Guide Chapter 21 Remote M anagement Configuratio n 313 Figure 167 Remote Mana gement: FTP The following table describes the labels in this screen. 21.6 SNMP Simple Network Management Protocol (SNM P) i s a protocol u sed for exch anging management information b etween network devices.
P-662H/HW-D Series User’s Guide 314 Chapter 21 Remote Ma nagement Configuration Figure 168 SNMP Managemen t Model An SNMP managed network consis ts of two main types of comp onent: agen ts and a man ager . An agent is a management software module that resi des in a managed device (the ZyXEL Device).
P-662H/HW-D Series User ’s Guide Chapter 21 Remote M anagement Configuratio n 315 21.6.2 SNMP T raps The ZyXEL Device will send traps to the SNMP manager when any on e of the following events occurs: 21.6.3 Configuring SNMP T o chang e your ZyXEL Device’ s SNMP settin gs, click Advanced > Remote MGMT > SNMP .
P-662H/HW-D Series User’s Guide 316 Chapter 21 Remote Ma nagement Configuration Figure 169 Remote Mana gement: SNMP The following table describes the labels in this screen.
P-662H/HW-D Series User ’s Guide Chapter 21 Remote M anagement Configuratio n 317 21.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to the chapter on LAN for background information.
P-662H/HW-D Series User’s Guide 318 Chapter 21 Remote Ma nagement Configuration If an outside user attempts to probe an unsupp orted port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the ou tside user to know the ZyXEL Device exists.
P-662H/HW-D Series User ’s Guide Chapter 21 Remote M anagement Configuratio n 319 21.9 TR-069 TR-069 is a protocol that de fines how your ZyXEL Device can be managed via a management server such as ZyXEL ’ s V antage CNM Acce ss.
P-662H/HW-D Series User’s Guide 320 Chapter 21 Remote Ma nagement Configuration periodicEnable [0:Disable/ 1:Enable] Whether or not the device must periodical ly send information to CNM Access. It is recommen ded to set this value t o 1 in order for the ZyXEL Device to send information to CNM Access.
P-662H/HW-D Series User ’s Guide Chapter 22 Universa l Plug-and-Play (UPnP) 321 C HAPTER 22 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configura tor .
P-662H/HW-D Series User’s Guide 322 Chapter 22 Univer sal Plug-and-Play (UPnP) 22.1.3 Cautions with UPnP The automated nature of NA T traversal applications in establishing their own services and opening firewall ports ma y present network security issues.
P-662H/HW-D Series User ’s Guide Chapter 22 Universa l Plug-and-Play (UPnP) 323 The following table describes the fields in this screen. 22.3 Inst alling UPnP in Windows Example This section shows ho w to install UPnP in W indows Me and W indows XP .
P-662H/HW-D Series User’s Guide 324 Chapter 22 Univer sal Plug-and-Play (UPnP) Figure 174 Add/Remove Programs: Wind ows Setup: Communication 3 In the Communications window , select the Universal Plug and Play check box in the Components selection box.
P-662H/HW-D Series User ’s Guide Chapter 22 Universa l Plug-and-Play (UPnP) 325 Inst alling UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP .
P-662H/HW-D Series User’s Guide 326 Chapter 22 Univer sal Plug-and-Play (UPnP) Figure 178 Networking Services 6 Click OK to go back to the W indows Optional Networking Component Wizard window and click Next . 22.4 Using UPnP in Windows XP Example This section shows yo u how to use the UPnP feature in W indows XP .
P-662H/HW-D Series User ’s Guide Chapter 22 Universa l Plug-and-Play (UPnP) 327 Figure 179 Network Connections 3 In the Internet Connection Properties window , click Settings to see the port mappings there were automatically created.
P-662H/HW-D Series User’s Guide 328 Chapter 22 Univer sal Plug-and-Play (UPnP) 4 Y ou may edit or delete the port mappings o r click Add to manually add port mappings.
P-662H/HW-D Series User ’s Guide Chapter 22 Universa l Plug-and-Play (UPnP) 329 Figure 183 System T ray Icon 7 Double-click on the icon to display yo ur curr ent Internet co nnection sta tus.
P-662H/HW-D Series User’s Guide 330 Chapter 22 Univer sal Plug-and-Play (UPnP) Figure 185 Network Connections 4 An icon with the description for e ach UPnP-enabled device displays unde r Local Network . 5 Right-click on the icon for your ZyXEL Device an d select Invoke .
P-662H/HW-D Series User ’s Guide Chapter 22 Universa l Plug-and-Play (UPnP) 331 Figure 186 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Pr operties . A properties window displays with basic info rmation about the ZyXEL Device.
P-662H/HW-D Series User’s Guide 332 Chapter 22 Univer sal Plug-and-Play (UPnP).
P-662H/HW-D Series User ’s Guide Chapter 23 System 333 C HAPTER 23 System Use this screen to configure the ZyXEL Device’ s time and date settings. 23.1 General Setup 23.1.1 General Setup and System Name General Setup contains administrative and system-related information.
P-662H/HW-D Series User’s Guide 334 Chapter 23 Syst em Figure 188 System General Setu p The following table describes the labels in this screen. T able 134 System General Setup LABEL DESCRIPTION General Setup System Name Choose a descriptive name for identification purposes.
P-662H/HW-D Series User ’s Guide Chapter 23 System 335 23.2 T ime Setting T o change yo ur ZyXEL Device’ s time and date, click Maintenance > System > Time Setting . The screen appears as shown. Use this screen to configure the ZyXEL Device’ s time based on your local time zone.
P-662H/HW-D Series User’s Guide 336 Chapter 23 Syst em The following table describes th e fields in this screen. Table 135 System T ime Setting LABEL DESCRIPTION Current T ime and Date Current T ime This field displays the ti me of your ZyXEL Device.
P-662H/HW-D Series User ’s Guide Chapter 23 System 337 S tart Date Configu re the day and time when Da ylight Saving Time start s if you selected Enable Daylight Saving . The o'clock field uses the 24 hour fo rmat. Here are a couple of examples: Daylight Saving Time st arts in most p arts of the United S tates on the first Sunday of April.
P-662H/HW-D Series User’s Guide 338 Chapter 23 Syst em.
P-662H/HW-D Series User ’s Guide Chapter 24 Logs 339 C HAPTER 24 Logs This chapter contains inform ation about configuring genera l log settings and viewing the ZyXEL Device’ s logs. Refer to the append ix for example log message explanations. 24.
P-662H/HW-D Series User’s Guide 340 Chapter 24 Logs Figure 190 V iew Log The following table describes th e fields in this screen. 24.3 Configuring Log Settings Use the Log Settings screen to config.
P-662H/HW-D Series User ’s Guide Chapter 24 Logs 341 Alerts are e-mailed as soon as they happen. Logs may be e-ma iled as soon as the log is full. Selecting many alert and/or log categories (especially Access Control ) may result in many e- mails being sent.
P-662H/HW-D Series User’s Guide 342 Chapter 24 Logs Send Log T o The ZyXEL Device sends logs to the e-mail addr ess specified in this field. If this field is left blank, the ZyXEL Device does not send logs via e-mail.
P-662H/HW-D Series User ’s Guide Chapter 24 Logs 343 24.4 SMTP Error Messages The following table lists common SMTP errors. 24.4.1 Example E-mail Log An "End of Log" message displays for each ma il in which a complete log has been sent. The following is an example of a log sent by e-mail.
P-662H/HW-D Series User’s Guide 344 Chapter 24 Logs.
P-662H/HW-D Series User ’s Guide Chapter 25 Tools 345 C HAPTER 25 To o l s This chapter describes how to upload new firm ware, manage configuration and restart your ZyXEL Device. 25.1 Firmware Upgrade Find firmware at www .zyxel.com in a file that (usually) uses the system model name with a.
P-662H/HW-D Series User’s Guide 346 Chapter 25 Tools Note: Do NOT turn off th e ZyXEL Device while firmware upload is in pro gress! After you see the Firmware Upload in Pr ogr ess screen, wait two minutes before logging into the ZyXEL Device again.
P-662H/HW-D Series User ’s Guide Chapter 25 Tools 347 Figure 196 Error Message 25.2 Configuration Screen Click Maintenance > T ools > Configuration . Information related to fact ory defaults, backup configuration, and rest oring configuration appears as sho wn next.
P-662H/HW-D Series User’s Guide 348 Chapter 25 Tools 25.2.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device.
P-662H/HW-D Series User ’s Guide Chapter 25 Tools 349 Figure 200 Configuration Restore Er ror 25.2.3 Back to Factory Default s Pressing the Reset button in this section clears al l user-e ntered configuration information and returns the ZyXEL Device to its factory defaults.
P-662H/HW-D Series User’s Guide 350 Chapter 25 Tools.
P-662H/HW-D Series User ’s Guide Chapter 26 Diagnostic 351 C HAPTER 26 Diagnostic These read-only screens display information to help you identify problems with the ZyXEL Device. 26.1 General Diagnostic Click Maintenance > Diagnostic to open the screen shown next.
P-662H/HW-D Series User’s Guide 352 Chapter 26 Diagnostic 26.2 DSL Line Diagnostic Click Maintenance > Diagnostic > DSL Line to open the screen shown next . Figure 203 Diagnostic: DSL Line The following table describes th e fields in this screen.
P-662H/HW-D Series User ’s Guide Chapter 27 Troubleshooting 353 C HAPTER 27 T roubleshooting This chapter covers potential proble ms and the corresponding remedi es.
P-662H/HW-D Series User’s Guide 354 Chapter 27 Troublesh ooting 27.3 Problems with the W AN Table 145 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL LED is off. Check the telephone wire and connection s between the ZyXEL Device DSL port and the wall jack.
P-662H/HW-D Series User ’s Guide Chapter 27 Troubleshooting 355 27.4 Problems Accessi ng the ZyXEL Device 27.4.1 Pop-up Windows, Ja vaScript s and Java Permissions In order to use the web configurator you need to allow: • W eb browser pop-up windows fro m your device.
P-662H/HW-D Series User’s Guide 356 Chapter 27 Troublesh ooting Figure 204 Pop-up Blocker Y ou can also check if po p-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer , select To o l s , Internet Options , Privacy .
P-662H/HW-D Series User ’s Guide Chapter 27 Troubleshooting 357 Figure 206 Internet Options 3 T ype the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites .
P-662H/HW-D Series User’s Guide 358 Chapter 27 Troublesh ooting Figure 207 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 27.4.1.2 JavaScript s If pages of the web configura tor do not display properly in Intern et Explorer , check that JavaScripts are allowed.
P-662H/HW-D Series User ’s Guide Chapter 27 Troubleshooting 359 Figure 208 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting . 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is sele cted (the default).
P-662H/HW-D Series User’s Guide 360 Chapter 27 Troublesh ooting Figure 209 Security Settings - Java Scripting 27.4.1.3 Java Permissions 1 From Internet Explorer , click To o l s , Internet Options and then the Security tab. 2 Click the Custom Level.
P-662H/HW-D Series User ’s Guide Chapter 27 Troubleshooting 361 Figure 210 Security Settings - Java 27.4.1.3.1 JA V A (Sun) 1 From Internet Explorer , click To o l s , Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for <applet> u nder Java (Sun) is selected.
P-662H/HW-D Series User’s Guide 362 Chapter 27 Troublesh ooting 27.4.2 ActiveX Controls in Internet Explorer If ActiveX is disabled, you will not be able to download ActiveX cont rols or to use T rend Micro Security Services. Make sure that ActiveX controls are allowed in Internet Explorer .
P-662H/HW-D Series User ’s Guide Chapter 27 Troubleshooting 363 Figure 213 Security Setting ActiveX Controls.
P-662H/HW-D Series User’s Guide 364 Chapter 27 Troublesh ooting.
P-662H/HW-D Series User ’s Guide Appendix A Product Specifications 365 A PPENDIX A Product S pecifications See also the Introduction ch apter for a general overv iew of the key features. S pecification T ables Table 147 Device Default IP Address 192.
P-662H/HW-D Series User’s Guide 366 Product Specifications Table 148 Firmware ADSL S tandards Multi-Mode standard (ANSI T1.413,Issu e 2; G .dmt(G .992.
P-662H/HW-D Series User ’s Guide Appendix A Product Specifications 367 Wireless (P-662HW only) IEEE 802.1 1g Compliance Wireless g+ technology Frequency Range: 2.4 GHz Advanced Orthogonal Frequency Divisio n Multiplexing (OFDM) Data Rates: 108Mbps and Auto Fallback Wired Equivalent Privacy (WEP) Data Encryption 64/128/256 bit.
P-662H/HW-D Series User’s Guide 368 Product Specifications.
P-662H/HW-D Series User ’s Guide Appendix B About ADSL 369 A PPENDIX B About ADSL Introduction to DSL DSL (Digital Subscriber Line) te chnology enhances the data ca pacity of the existing twisted- pair wire that runs betwee n the local telephone co mpany switching of fi ces and most homes and offices.
P-662H/HW-D Series User’s Guide 370 Appendix B About ADSL 2 Because your line is dedicated (not shared ), transmission speed s between you and the device to which you con nect at your service provider are not af fected by other users.
P-662H/HW-D Series User ’s Guide Appendix C Wa ll-mounting Instru ctions 371 A PPENDIX C W all-mounting Instructions Do the following to hang your ZyXEL Devic e on a wall. Note: See the product specifications appe ndix for the size of screws to use and how far apart to place them.
P-662H/HW-D Series User’s Guide 372 Appendix C Wall-mountin g Instructions.
P-662H/HW-D Series User ’s Guide Appendix D Setting up Your Computer’s IP Address 373 A PPENDIX D Setting up Y our Computer ’ s IP Address All computers must have a 10M or 100M Et hernet adapter card and TCP/IP installed.
P-662H/HW-D Series User’s Guide 374 Appendix D Setting up Your Computer’s IP Address Figure 215 WIndows 95/98 /Me: Network: Co nfiguration Inst alling Components The Network window Configuration tab displays a list of installed components. Y ou need a network adapter , the TCP/IP protocol and Client for Microso ft Networks.
P-662H/HW-D Series User ’s Guide Appendix D Setting up Your Computer’s IP Address 375 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK . 5 Restart your computer so the changes you made take ef fect.
P-662H/HW-D Series User’s Guide 376 Appendix D Setting up Your Computer’s IP Address Figure 217 Windows 95/98/Me : TCP/IP Pr operties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’ s IP address, remove previously installed gateways.
P-662H/HW-D Series User ’s Guide Appendix D Setting up Your Computer’s IP Address 377 Figure 218 Windows XP: S tart Menu 2 In the Control Panel , double-click Network Connections ( Network and Dial-up Connections in W indows 2000/NT). Figure 219 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Pr oper ties .
P-662H/HW-D Series User’s Guide 378 Appendix D Setting up Your Computer’s IP Address Figure 220 Windows XP: Control Panel: Network Connections: Pro perties 4 Select Internet Protocol (TCP/IP) (under the Genera l tab in W in XP) and then click Properties .
P-662H/HW-D Series User ’s Guide Appendix D Setting up Your Computer’s IP Address 379 • If you have a static IP address click Use the following IP Address and fill in the IP addr ess , Subnet mask , and Default gateway fields. • Click Advanced .
P-662H/HW-D Series User’s Guide 380 Appendix D Setting up Your Computer’s IP Address Figure 223 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Pr operties window (the General tab in W indows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP addre ss(es).
P-662H/HW-D Series User ’s Guide Appendix D Setting up Your Computer’s IP Address 381 Figure 224 Windows XP: Internet Protocol (TCP/IP) Propert ies 8 Click OK to close the Internet Protocol (TCP/IP) Pr operties window . 9 Click Close ( OK in W indows 2000/NT) to close the Local Area Connection Properties window .
P-662H/HW-D Series User’s Guide 382 Appendix D Setting up Your Computer’s IP Address Figure 225 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 226 Macintosh O S 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configur e: list.
P-662H/HW-D Series User ’s Guide Appendix D Setting up Your Computer’s IP Address 383 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address box. • T ype your subnet mask in the Subnet mask box.
P-662H/HW-D Series User’s Guide 384 Appendix D Setting up Your Computer’s IP Address Figure 228 Macintosh O S X: Network 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address box.
P-662H/HW-D Series User ’s Guide Appendix D Setting up Your Computer’s IP Address 385 Note: Make sure you are logged in as the ro ot administrator . Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE.
P-662H/HW-D Series User’s Guide 386 Appendix D Setting up Your Computer’s IP Address • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list.
P-662H/HW-D Series User ’s Guide Appendix D Setting up Your Computer’s IP Address 387 1 Assuming that you have only one network card on the computer , locate the ifconfig- eth0 configuration file (where eth0 is the name of the Ethernet card). Open the configuration file with any plain text editor .
P-662H/HW-D Series User’s Guide 388 Appendix D Setting up Your Computer’s IP Address Figure 236 Red Hat 9.0: Restart Eth ernet Card V erifying Settings Enter ifconfig in a terminal screen to ch eck your TCP/IP properties. Figure 237 Red Hat 9.0: Checking TCP/IP Properties [root@localhost init.
P-662H/HW-D Series User ’s Guide Appendix E IP Addresses an d Subnetting 389 A PPENDIX E IP Addresses and Subnetting This appendix introduces IP addresses, IP address classes and subnet masks. Y ou use subnet masks to subdivid e a network in to smaller logical networks.
P-662H/HW-D Series User’s Guide 390 Appendix E IP Addresses and Su bnetting The following table shows the network number and host ID arrangement for classes A, B and C. An IP address with host IDs of all zeros is the IP address of the n etwork (192.
P-662H/HW-D Series User ’s Guide Appendix E IP Addresses an d Subnetting 391 Subnet Masks A subnet mask is used to dete rmine which bits are part of th e network number , and which bits are part of the host ID (using a logical AND operation). A subnet mask has 32 bits.
P-662H/HW-D Series User’s Guide 392 Appendix E IP Addresses and Su bnetting The first mask shown is the class “C” natural m ask. Normally if no mask is specified it is understood that the natura l mask is being used. Example: T wo Subnet s As an example, you have a class “C” address 1 92.
P-662H/HW-D Series User ’s Guide Appendix E IP Addresses an d Subnetting 393 Host IDs of all zeros represent the subnet itsel f and host IDs of all ones are the broadcast address for that subnet, so the actual number of hosts available on each subnet in the example above is 2 7 – 2 or 126 h osts for each subnet.
P-662H/HW-D Series User’s Guide 394 Appendix E IP Addresses and Su bnetting Example Eight Subnet s Similarly use a 27-bit mask to create eight subnets (000, 001, 010 , 01 1, 100, 101, 1 10 and 111 ) . Subnet Address: 192.1 68.1.0 Lowest Host ID: 192 .
P-662H/HW-D Series User ’s Guide Appendix E IP Addresses an d Subnetting 395 The following table shows class C IP ad dress last octet values for each subnet. The following table is a summary for class “C” subnet planning. Subnetting With Class A and Class B Networks.
P-662H/HW-D Series User’s Guide 396 Appendix E IP Addresses and Su bnetting The following table is a summary for class “B” subnet planning. Table 162 Class B Subnet Planning NO. “BORROWED” HOST BIT S SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.
P-662H/HW-D Series User ’s Guide Appendix F Wireless LANs 397 A PPENDIX F Wireless LANs Wireless LAN T opologies This section discusses ad-hoc and in frastructure w ireless LAN topologies.
P-662H/HW-D Series User’s Guide 398 Appendix F Wireless LA Ns Figure 239 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlappi ng BSSs, each containing an access point, with each access point connected together by a wired network.
P-662H/HW-D Series User ’s Guide Appendix F Wireless LANs 399 Figure 240 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.
P-662H/HW-D Series User’s Guide 400 Appendix F Wireless LA Ns Figure 241 RTS/ CTS When station A sends data to the AP , it might no t know that the station B is already using the channel.
P-662H/HW-D Series User ’s Guide Appendix F Wireless LANs 401 A large Fragmentation Thr eshold is recommended for networks not prone to interference while you should set a smaller thresh old for busy networks or networks tha t are prone to interference.
P-662H/HW-D Series User’s Guide 402 Appendix F Wireless LA Ns IEEE 802.1x In June 2001, the IEEE 802.1x st andard was designed to extend th e features of IEEE 802.1 1 to support extended authentication as well as providing additional accounting and control features.
P-662H/HW-D Series User ’s Guide Appendix F Wireless LANs 403 • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message.
P-662H/HW-D Series User’s Guide 404 Appendix F Wireless LA Ns EAP-TLS (T ransport Layer Security) W ith EAP-TLS, digital certifications are needed by both the server and the wireless st ations for mutual authentication. The server presents a certificate to the client.
P-662H/HW-D Series User ’s Guide Appendix F Wireless LANs 405 For added security , certificate-based authen tications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are ofte n deployed in corp orate environments, but for public deployment, a simp le user name and p assword pair is more practical.
P-662H/HW-D Series User’s Guide 406 Appendix F Wireless LA Ns TKIP uses 128-bit keys that are dyna mically generated and distribu ted by the authentication server . AES (Advanced Encryption S tandard) is a block cipher that uses a 256-bit mathematical algorithm called Rijndael.
P-662H/HW-D Series User ’s Guide Appendix F Wireless LANs 407 Security Parameters Summary Refer to this table to see what other secur ity parameters you should co nfigure for each Authentication Method/ key management prot ocol type. MAC address filters are not dependent on how you config ure these security features.
P-662H/HW-D Series User’s Guide 408 Appendix F Wireless LA Ns.
P-662H/HW-D Series User ’s Guide Appendix G Importing Certificates 409 A PPENDIX G Importing Certificates This appendix shows importing certificat es examples using In ternet Ex plorer 5.
P-662H/HW-D Series User’s Guide 410 Appendix G Im porting Certificates 1 In Internet Explorer , double click th e lock shown in the following screen.
P-662H/HW-D Series User ’s Guide Appendix G Importing Certificates 411 Figure 245 Certificate Import Wizard 1 4 Select where you would like to store the certificate and then click Next . Figure 246 Certificate Import Wizard 2 5 Click Finish to complete the Import Certificate wizard.
P-662H/HW-D Series User’s Guide 412 Appendix G Im porting Certificates Figure 247 Certificate Import Wizard 3 6 Click Ye s to add the ZyXEL Device certificate to the root store.
P-662H/HW-D Series User ’s Guide Appendix G Importing Certificates 413 Figure 249 Certificate General Information af ter Import Enrolling and Importing SSL Client Certificates The SSL client needs a certificate if Authenticate Client Certificates is selected on the ZyXEL Device.
P-662H/HW-D Series User’s Guide 414 Appendix G Im porting Certificates Figure 250 ZyXEL Device Trusted CA Screen The CA sends you a package containing the CA ’ s trusted certificate(s), your persona l certificate(s) and a password to inst all the personal certificate(s).
P-662H/HW-D Series User ’s Guide Appendix G Importing Certificates 415 Inst alling Y our Personal Certificate(s) Y ou need a password in a dvance. The CA may is sue the password or you may have to specify it during the enrollment.
P-662H/HW-D Series User’s Guide 416 Appendix G Im porting Certificates Figure 254 Personal Certificate Import Wizard 3 4 Have the wizard determine where the certificat e should be saved on your computer or select Place all certificates in the following stor e and choose a dif fe rent location.
P-662H/HW-D Series User ’s Guide Appendix G Importing Certificates 417 Figure 256 Personal Certificate Import Wizard 5 6 Y ou should see the following screen when the ce rtificate is correctly installed on your computer .
P-662H/HW-D Series User’s Guide 418 Appendix G Im porting Certificates Figure 259 SSL Client Authentication 3 Y ou next see the ZyXEL Device login screen.
P-662H/HW-D Series User ’s Guide Appendix H Com mand Interpreter 419 A PPENDIX H Command Interpreter The following describes how to use the command interpreter . Note: Use of undocumented comma nds or misconfiguration can damage the unit and possibly render it unusable.
P-662H/HW-D Series User’s Guide 420 Appendix H Command Interpreter.
P-662H/HW-D Series User ’s Guide Appendix I Certificate s Commands 421 A PPENDIX I Certificates Commands The following describes the certificate commands. See Appendix H o n page 419 for information on the command structure. All of these commands start with certificates.
P-662H/HW-D Series User’s Guide 422 Appendix I Certificates Commands create cmp_enroll <name> <CA addr> <CA cert> <auth key> <subject> [key size] Create a certificate request and enroll for a certificate immediately online using CMP protocol.
P-662H/HW-D Series User ’s Guide Appendix I Certificate s Commands 423 replace_fact ory Create a certificate using your device MAC address that will be specific to this device. The factory default certificate is a common default certificate for al l ZyWALL models.
P-662H/HW-D Series User’s Guide 424 Appendix I Certificates Commands delete <name> Delete the specified trusted remote host certificate. <name> sp ecifies the name of the certificate to be dele ted. list List all trusted remote host certificate names and basic info rmation.
P-662H/HW-D Series User ’s Guide Appendix J Boot Commands 425 A PPENDIX J Boot Commands The BootModule A T comman ds execute from wi thin the router ’ s bootup software, when debug mode is selected before the main router firmware is start ed.
P-662H/HW-D Series User’s Guide 426 Appendix J Boot Commands Figure 262 Boot Module Commands AT just answer OK ATHE print help ATBAx change baud rate.
P-662H/HW-D Series User ’s Guide Appendix K Firewall Commands 427 A PPENDIX K Firewall Commands The following describes the firewall commands. Table 167 Firewall Commands FUNCTION COMMAND DESCRIPTION Firewall Se tUp config edit firewall active <yes | no> This command turns the firewall on or off.
P-662H/HW-D Series User’s Guide 428 Appendix K Firewall Commands E-mail config edit firewall e-mail mail-server <ip address of mail server> This command sets the IP address to which the e-mail messages are sent.
P-662H/HW-D Series User ’s Guide Appendix K Firewall Commands 429 config edit firewall attack minute-high <0-255> This command sets the threshold rate of new half-open sessions per minute where the ZyXEL Device starts deleting old half-opened sessions until it gets t hem down to the minute- low threshold.
P-662H/HW-D Series User’s Guide 430 Appendix K Firewall Commands Config edit firewall set <set #> tcp-idle-timeout <seconds> This command sets how long ZyXEL Device lets an inactive TCP connection re main open before considering it closed.
P-662H/HW-D Series User ’s Guide Appendix K Firewall Commands 431 config edit firewall set <set #> rule <rule #> destaddr- single <ip address> This command sets the rule to have the ZyXEL Device check fo r traffic with this individual destination ad dress.
P-662H/HW-D Series User’s Guide 432 Appendix K Firewall Commands config delete firewall set <set #> rule<rule #> This command removes the specified rul e in a firewall configuration set.
P-662H/HW-D Series User ’s Guide Appendix L NetBIOS Filter Commands 433 A PPENDIX L NetBIOS Filter Commands The following describes the Ne tBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System ) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN.
P-662H/HW-D Series User’s Guide 434 Appendix L NetBIOS Filter Commands The filter types and their defa ult settings are as follows. NetBIOS Filter Configuration Syntax:sys filter netbios config <.
P-662H/HW-D Series User ’s Guide Appendix L NetBIOS Filter Commands 435 sys filter netbios config 3 on This command blocks IPSec NetBIOS packets. sys filter netbios config 4 off This command stops NetBIOS commands from initiating calls.
P-662H/HW-D Series User’s Guide 436 Appendix L NetBIOS Filter Commands.
P-662H/HW-D Series User ’s Guide Appendix M Internal SPTGEN 437 A PPENDIX M Internal SPTGEN Internal SPTGEN Overview Internal SP TGEN (System Parame ter T able Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Device.
P-662H/HW-D Series User’s Guide 438 Appendix M Internal SPTGEN Some parameters are dependent on othe rs. For example, if you disable the Configur ed field in menu 1 (see Figure 263 on page 437 ), then you disable every field in this menu .
P-662H/HW-D Series User ’s Guide Appendix M Internal SPTGEN 439 Figure 266 Internal SP TGEN FTP Downl oad Example Note: Y ou can rename your “ rom-t ” file wh en you save it to your computer but it must be named “ rom-t ” when you uplo ad it to your ZyXEL De vice.
P-662H/HW-D Series User’s Guide 440 Appendix M Internal SPTGEN The following are Internal SP TGEN sc reens asso ciated with the SMT screens of your ZyXEL Device. PV A Parameter V alues Allo wed INPUT An example of what you may enter * Applies to the Z yXEL Device.
P-662H/HW-D Series User ’s Guide Appendix M Internal SPTGEN 441 / Menu 3.2 TCP/IP and DHCP Ethernet Setup (SMT Menu 3.2) FIN FN PVA INPUT 30200001 = DHCP <0(None) | 1(Server) | 2(Relay)> = 0 30200002 = Client IP Pool Starting Address = 192.168.
P-662H/HW-D Series User’s Guide 442 Appendix M Internal SPTGEN 30201008 = IP Alias #1 Incoming protocol filters Set 3 = 256 30201009 = IP Alias #1 Incoming protocol filters Set 4 = 256 30201010 = IP.
P-662H/HW-D Series User ’s Guide Appendix M Internal SPTGEN 443 30500004 = RTS Threshold <0 ~ 2432> = 2432 30500005 = FRAG. Threshold <256 ~ 2432> = 2432 30500006 = WEP <0(DISABLE) | .
P-662H/HW-D Series User’s Guide 444 Appendix M Internal SPTGEN 40000002 = Active <0(No) | 1(Yes)> = 1 40000003 = ISP's Name = ChangeMe 40000004 = Encapsulation <2(PPPOE) | 3(RFC 1483)|.
P-662H/HW-D Series User ’s Guide Appendix M Internal SPTGEN 445 40000032= RIP Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> = 0 40000033= Nailed-up Connection <0(No) |1(Yes)> = 0 Table 172 Menu 4 Internet Access Setup ( SMT Menu 4) (continued) Table 173 Menu 12 (SMT Menu 1 2) / Menu 12.
P-662H/HW-D Series User’s Guide 446 Appendix M Internal SPTGEN / Menu 12.1.4 IP Static Route Setup (SMT Menu 12.1.4) FIN FN PVA INPUT 120104001 = IP Static Route set #4, Name <Str> = 120104002 = IP Static Route set #4, Active <0(No) |1(Yes)> = 0 120104003 = IP Static Route set #4, Destination IP address = 0.
P-662H/HW-D Series User ’s Guide Appendix M Internal SPTGEN 447 120107006 = IP Static Route set #7, Metric = 0 120107007 = IP Static Route set #7, Private <0(No) |1(Yes)> = 0 / Menu 12.
P-662H/HW-D Series User’s Guide 448 Appendix M Internal SPTGEN 120111004 = IP Static Route set #11, Destination IP subnetmask = 0 120111005 = IP Static Route set #11, Gateway = 0.0.0.0 120111006 = IP Static Route set #11, Metric = 0 120111007 = IP Static Route set #11, Private <0(No) |1(Yes)> = 0 */ Menu 12.
P-662H/HW-D Series User ’s Guide Appendix M Internal SPTGEN 449 120115002 = IP Static Route set #15, Active <0(No) |1(Yes)> = 0 120115003 = IP Static Route set # 15, Destination IP address = 0.0.0.0 120115004 = IP Static Route set # 15, Destination IP subnetmask = 0 120115005 = IP Static Route set #15, Gateway = 0.
P-662H/HW-D Series User’s Guide 450 Appendix M Internal SPTGEN 150000014 = SUA Server #4 Port Start = 0 150000015 = SUA Server #4 Port End = 0 150000016 = SUA Server #4 Local IP address = 0.
P-662H/HW-D Series User ’s Guide Appendix M Internal SPTGEN 451 150000048 = SUA Server #11 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000049 = SUA Server #11 Port Start = 0 150000050 = SUA Server #11 Port End = 0 150000051 = SUA Server #11 Local IP addr ess = 0.
P-662H/HW-D Series User’s Guide 452 Appendix M Internal SPTGEN / Menu 21.1.1.2 set #1, rule #2 (SMT Menu 21.1.1.2) FIN FN PVA INPUT 210102001 = IP Filter Set 1,Rule 2 Type <2(TCP/IP)> = 2 2101.
P-662H/HW-D Series User ’s Guide Appendix M Internal SPTGEN 453 210103013 = IP Filter Set 1,Rule 3 Act Match <1(check next)|2(forward)| 3(drop) = 3 210103014 = IP Filter Set 1,Rule 3 Act Not Match <1(check next)|2(forward)| 3(drop) = 1 / Menu 21.
P-662H/HW-D Series User’s Guide 454 Appendix M Internal SPTGEN 210105009 = IP Filter Set 1,Rule 5 Src Subnet Mask = 0 210105010 = IP Filter Set 1,Rule 5 Src Port = 0 210105011 = IP Filter Set 1,Rule.
P-662H/HW-D Series User ’s Guide Appendix M Internal SPTGEN 455 / Menu 21.1.2.1 Filter set #2, rule #1 (SMT Menu 21.1.2.1) FIN FN PVA INPUT 210201001 = IP Filter Set 2, Rule 1 Type <0(none)|2(T C.
P-662H/HW-D Series User’s Guide 456 Appendix M Internal SPTGEN 210202009 = IP Filter Se t 2, Rule 2 Src Subne t Mask = 0 210202010 = IP Filter Set 2,Rule 2 Src Port = 0 210202011 = IP Filter Set 2, .
P-662H/HW-D Series User ’s Guide Appendix M Internal SPTGEN 457 210204002 = IP Filter Set 2, Rule 4 Active <0(No)|1(Yes )> = 1 210204003 = IP Filter Set 2, Rule 4 Protocol = 17 210204004 = IP Filter Set 2, Rule 4 Dest IP address = 0.
P-662H/HW-D Series User’s Guide 458 Appendix M Internal SPTGEN 210205011 = IP Filter Set 2, Rule 5 Src Port Comp <0(none)|1(equal)|2 (not equal)|3(less)|4(gr eater)> = 0 210205013 = IP Filter .
P-662H/HW-D Series User ’s Guide Appendix M Internal SPTGEN 459 Table 177 Menu 23 System Menus (SMT Me nu 23) */ Menu 23.1 System Password Setup ( SMT Menu 23.1) FIN FN PVA INPUT 230000000 = System Password = 1234 */ Menu 23.2 System security: radius server (SMT Menu 23.
P-662H/HW-D Series User’s Guide 460 Appendix M Internal SPTGEN Command Examples The following are example Internal SP TGEN screens associated with the ZyXEL Device’ s command interpreter commands.
P-662H/HW-D Series User ’s Guide Appendix M Internal SPTGEN 461 FIN FN PVA INPUT 990000001 = ADSL OPMD <0(etsi)|1(normal) |2(gdmt)|3(multimo de)> = 3 Table 179 Command Examples (continued) FIN.
P-662H/HW-D Series User’s Guide 462 Appendix M Internal SPTGEN.
P-662H/HW-D Series User ’s Guide Appendix N Sp litters and Microf ilters 463 A PPENDIX N S plitters and Microfilters This appendix tells you how to install a POTS splitter or a telephone microfilter . Connecting a POTS S plitter When you use the Full Rate (G .
P-662H/HW-D Series User’s Guide 464 App endix N Splitters and Microfilters 1 Connect a phone cable from the wall jack to the single jack end of the Y - Connector . 2 Connect a cable from the double jack end of the Y -Connector to th e “wall side” of the microfilter .
P-662H/HW-D Series User ’s Guide Appendix O Log Descriptions 465 A PPENDIX O Log Descriptions This appendix provides descrip tions of example log messages. Table 180 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on information from the time server .
P-662H/HW-D Series User’s Guide 466 Appendix O Log Descriptions Successful HTTPS login Someone has logged on to the router's web configu rator interface using HTTPS protocol. HTTPS login failed Someo ne has failed to log on to the router's web configurator interface using HTTPS protocol.
P-662H/HW-D Series User ’s Guide Appendix O Log Descriptions 467 Table 183 TCP Reset Lo gs LOG MESSAGE DESCRIPTION Under SYN flood attack, sent TCP RST The router sent a TCP reset packet when a host was u nder a SYN flood attack (the TCP incomplete count is per destination h ost.
P-662H/HW-D Series User’s Guide 468 Appendix O Log Descriptions Table 185 ICMP Logs LOG MESSAGE DESCRIPTION Firewall default policy: ICMP <Packet Direction>, <type:%d>, <code:%d> ICMP access matched the default policy and was blocked or forwarded according to the user's setting.
P-662H/HW-D Series User ’s Guide Appendix O Log Descriptions 469 ppp:LCP Closing Th e PPP connection’s Link Control Protocol stage is closing. ppp:IPCP Closing The PPP connection’s Internet Protocol Control Protocol stage is closing.
P-662H/HW-D Series User’s Guide 470 Appendix O Log Descriptions Connecting to content filter server fail The connection to the external content fi ltering server failed. License key is invalid The external content filter in g license key is invalid.
P-662H/HW-D Series User ’s Guide Appendix O Log Descriptions 471 Table 191 IPSec Logs LOG MESSAGE DESCRIPTION Discard REPLAY packet The router re ceived and discarded a packet with an incorrect sequence number . Inbound packet authentication failed The router received a packet that has been altered.
P-662H/HW-D Series User’s Guide 472 Appendix O Log Descriptions Cannot resolve Secure Gateway Addr for rule <%d> The router couldn’t resolve t he IP address from the domain name that was used for the secure gateway address.
P-662H/HW-D Series User ’s Guide Appendix O Log Descriptions 473 XAUTH fail! Username: <Username> The router was not able to use extended authentication to authenticate the listed username. Rule[%d] Phase 1 negotiation mode mismatch The listed rule’s IKE phase 1 negotiation mode did not ma tch between the router and the peer .
P-662H/HW-D Series User’s Guide 474 Appendix O Log Descriptions Rule [%d] phase 2 mismatch The l isted rule’s IKE phase 2 di d not match betwe e n the router and the peer . Rule [%d] Phase 2 key length mismatch The listed rule’s IKE phase 2 key lengths (with the AES encryption algorithm) di d not match between the router and the peer .
P-662H/HW-D Series User ’s Guide Appendix O Log Descriptions 475 Rcvd data <size> too large! Max size allowed: <max size> The router received dire ctory data that was too large (the size is listed) from the LDAP server whose address and port are recorded in the Source field.
P-662H/HW-D Series User’s Guide 476 Appendix O Log Descriptions 26 Database method failed. 27 Path was not verified. 28 Maximum path length reached. Table 195 802.1X Logs LOG MESSAGE DESCRIPTION Local User Database accepts user. A user was authenticated by the local user database.
P-662H/HW-D Series User ’s Guide Appendix O Log Descriptions 477 Table 196 ACL Setting Notes P ACKET DIRECTION DIRECTION DESCRIPTION (L to W) LAN to W AN ACL set for packets traveling from the LAN to the W AN. (W to L) W AN to LAN ACL set for packets traveling from the W AN to the LAN.
P-662H/HW-D Series User’s Guide 478 Appendix O Log Descriptions The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type.
P-662H/HW-D Series User ’s Guide Appendix O Log Descriptions 479 Log Commands Go to the command in terpreter interface. Configuring What Y ou W ant the ZyXEL Device to Log 1 Use the sys logs load command to load the log setting buffer that allows you to configure which logs the ZyXEL Device is to record.
P-662H/HW-D Series User’s Guide 480 Appendix O Log Descriptions Use 0 to not record logs for that category , 1 to record only logs fo r that category , 2 to record only alerts for that category , and 3 to record both logs and alerts for that category .
P-662H/HW-D Series User ’s Guide Appendix P Triangle Route 481 A PPENDIX P T riangle Route The Ideal Setup When the firewall is on, your ZyXEL Device acts as a secure gateway between your LAN and the Internet.
P-662H/HW-D Series User’s Guide 482 Appendix P Triangle Route Figure 274 “T riangle Route” Problem The “T riangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface.
P-662H/HW-D Series User ’s Guide Appendix P Triangle Route 483 Figure 275 IP Alias Gateways on the W AN Side A second solution to the “triangle route” problem is to put all of your network gateways on the W AN side as the following figure shows.
P-662H/HW-D Series User’s Guide 484 Appendix P Triangle Route.
P-662H/HW-D Series User ’s Guide Index 485 Index A Address Assignment 111 Address Resolution Protocol (ARP) 11 4 ADSL standards 42 Advanced Encryption S tandard 405 AH 235 AH Protoc ol 239 alternati.
P-662H/HW-D Series User’s Guide 486 Index BSS 397 BW Budget 299 C CA 404 CAC 215 CBR (Continuous Bit Rate) 93 , 98 certificate 251 Certificate Authority 404 change p asswor d at login 50 Channel 399.
P-662H/HW-D Series User ’s Guide Index 487 Content filtering 21 1 content filtering 42 , 222 CTS (Clear to Send) 400 Custom Ports Creating/Editing 191 Customized Services 190 Customized services 190.
P-662H/HW-D Series User’s Guide 488 Index E EAP Authentication 403 ECHO 162 E-mail virus 203 embedded help 53 Encapsulated Routing Link Protocol (ENET ENCAP) 85 Encapsulation 85 , 235 ENET ENCAP 85 .
P-662H/HW-D Series User ’s Guide Index 489 upload 345 upload error 346 Fragmentation Threshold 400 Fragmentation threshold 400 Frame Rel ay 46 FTP 162 , 309 , 312 FTP Restrictio ns 309 Full Rate 463.
P-662H/HW-D Series User’s Guide 490 Index Internet Access 42 , 46 Internet access 65 Internet Access Setup 354 Internet access wizard setup 65 Internet Assigned Nu mb ers AuthoritySee IANA 11 2 Inte.
P-662H/HW-D Series User ’s Guide Index 491 MAC Address Filtering 139 MAC Filter 139 Macro virus 203 Management Information Base (MIB) 314 Manually Update Virus Information 208 Maximize Bandwidth Usa.
P-662H/HW-D Series User’s Guide 492 Index P Packet Filtering 180 Packet filtering When to use 180 Packet Filtering Firewall s 169 Pairwise Master Key (PMK) 406 Parental Control 215 Pattern file 203 .
P-662H/HW-D Series User ’s Guide Index 493 RF (Radio Freque ncy) 45 RFC 1483 86 RFC 1631 157 RFC2516 43 RIPSee Rou ting Informa tion Proto col 11 2 Routing Informatio n Protocol 11 2 Direction 11 2 .
P-662H/HW-D Series User’s Guide 494 Index S tatic Route 289 SUA 160 SUA (Single User Account) 160 SUA vs NA T 160 subnet 389 Subnet Mask 111 , 189 subnet mask 391 subnetting 391 Supporting Disk 39 S.
P-662H/HW-D Series User ’s Guide Index 495 Universal Plug and Pl ay (UPnP) 43 Update Schedule 208 Update the virus scan 209 UPnP 321 Forum 322 security issues 322 Upper Layer Prot ocols 177 , 178 UR.
P-662H/HW-D Series User’s Guide 496 Index WP A2-PSK 405 WP A-PSK 405 Z Zero Configuration Internet Access 42 Zero configuration Internet access 90 ZyXEL Device anti-virus packet s can 204 ZyXEL_s Fi.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté ZyXEL Communications HW-D Series c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du ZyXEL Communications HW-D Series - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation ZyXEL Communications HW-D Series, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le ZyXEL Communications HW-D Series va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le ZyXEL Communications HW-D Series, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du ZyXEL Communications HW-D Series.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le ZyXEL Communications HW-D Series. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei ZyXEL Communications HW-D Series ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.