ZyXEL HW-D Series User manual

P-662H/HW-D Series

802.11g ADSL 2+ 4-Port Security Gateway

User’s Guide

Version 3.40

Edition 1

7/2006

P-662H/HW-D Series User’s Guide

Copyright 3

Copyright

The contents of this publication may not be reproduced in any part or as a whole, transcribed,

stored in a retrieval system, translated into any language, or transmitted in any form or by any

means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or

otherwise, without the prior written permission of ZyXEL Communications Corporation.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or

software described herein. Neither does it convey any license under its patent rights nor the

patent rights of others. ZyXEL further reserves the right to make changes in any products

described herein without notice. This publication is subject to change without notice.

Trademarks

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL

Communications, Inc. Other trademarks mentioned in this publication are used for

identification purposes only and may be properties of their respective owners.

P-662H/HW-D Series User’s Guide

4 Certifications

Certifications

Federal Communications Commission (FCC) Interference Statement

This device complies with Part 15 of FCC rules. Operation is subject to the following two

conditions:

• This device may not cause harmful interference.

• This device must accept any interference received, including interference that may cause

undesired operations.

This equipment has been tested and found to comply with the limits for a Class B digital

device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable

protection against harmful interference in a residential installation. This equipment generates,

uses, and can radiate radio frequency energy, and if not installed and used in accordance with

the instructions, may cause harmful interference to radio communications. However, there is

no guarantee that interference will not occur in a particular installation

If this equipment does cause harmful interference to radio/television reception, which can be

determined by turning the equipment off and on, the user is encouraged to try to correct the

interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and the receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver

is connected.

• Consult the dealer or an experienced radio/TV technician for help.

This Class B digital apparatus complies with Canadian ICES-003.

Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.

FCC Caution

Any changes or modifications not expressly approved by the party responsible for compliance

could void the user's authority to operate this equipment.

IMPORTANT NOTE: FCC Radiation Exposure Statement

This equipment complies with FCC radiation exposure limits set forth for an uncontrolled

environment. This equipment should be installed and operated with minimum distance 20cm

between the radiator & your body.

This transmitter must not be co-located or operating in conjunction with any other antenna or

transmitter.

P-662H/HW-D Series User’s Guide

Certifications 5

ZyXEL Communications Corporation declared that P-662H/HW-D is limited in CH1~11 from

2400 to 2483.5 MHz by specified firmware controlled in USA.

Viewing Certifications

1 Go to www.zyxel.com

2 Select your product from the drop-down list box on the ZyXEL home page to go to that

product's page.

3 Select the certification you wish to view from this page.

P-662H/HW-D Series User’s Guide

6 Safety Warnings

Safety Warnings

For your safety, be sure to read and follow all warning notices and instructions.

• To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger

telecommunication line cord.

• Do NOT open the device or unit. Opening or removing covers can expose you to

dangerous high voltage points or other risks. ONLY qualified service personnel can

service the device. Please contact your vendor for further information.

• Use ONLY the dedicated power supply for your device. Connect the power cord or

power adaptor to the right supply voltage (110V AC in North America or 230V AC in

Europe).

• Do NOT use the device if the power supply is damaged as it might cause electrocution.

• If the power supply is damaged, remove it from the power outlet.

• Do NOT attempt to repair the power supply. Contact your local vendor to order a new

power supply.

• Place connecting cables carefully so that no one will step on them or stumble over them.

Do NOT allow anything to rest on the power cord and do NOT locate the product where

anyone can walk on the power cord.

• If you wall mount your device, make sure that no electrical, gas or water pipes will be

damaged.

• Do NOT install nor use your device during a thunderstorm. There may be a remote risk of

electric shock from lightning.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT use this product near water, for example, in a wet basement or near a swimming

pool.

• Make sure to connect the cables to the correct ports.

• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your

device.

• Do NOT store things on the device.

• Connect ONLY suitable accessories to the device.

This product is recyclable. Dispose of it properly.

P-662H/HW-D Series User’s Guide

ZyXEL Limited Warranty 7

ZyXEL Limited Warranty

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects

in materials or workmanship for a period of up to two years from the date of purchase. During

the warranty period, and upon proof of purchase, should the product have indications of failure

due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the

defective products or components without charge for either parts or labor, and to whatever

extent it shall deem necessary to restore the product or components to proper operating

condition. Any replacement will consist of a new or re-manufactured functionally equivalent

product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty

shall not apply if the product has been modified, misused, tampered with, damaged by an act

of God, or subjected to abnormal working conditions.

Note

Repair or replacement, as provided under this warranty, is the exclusive remedy of the

purchaser. This warranty is in lieu of all other warranties, express or implied, including any

implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in

no event be held liable for indirect or consequential damages of any kind to the purchaser.

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return

Material Authorization number (RMA). Products must be returned Postage Prepaid. It is

recommended that the unit be insured when shipped. Any returned products without proof of

purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of

ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products

will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty

gives you specific legal rights, and you may also have other rights that vary from country to

country.

P-662H/HW-D Series User’s Guide

8 Customer Support

Customer Support

Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

METHOD

LOCATION

SUPPORT E-MAIL TELEPHONE WEB SITE

REGULAR MAIL

SALES E-MAIL FAX FTP SITE

CORPORATE

HEADQUARTERS

(WORLDWIDE)

[email protected] +886-3-578-3942 www.zyxel.com

www.europe.zyxel.com

ZyXEL Communications Corp.

6 Innovation Road II

Science Park

Hsinchu 300

Tai wan

[email protected] +886-3-578-2439 ftp.zyxel.com

ftp.europe.zyxel.com

COSTA RICA

[email protected] +506-2017878 www.zyxel.co.cr ZyXEL Costa Rica

Plaza Roble Escazú

Etapa El Patio, Tercer Piso

San José, Costa Rica

[email protected] +506-2015098 ftp.zyxel.co.cr

CZECH REPUBLIC

[email protected] +420-241-091-350 www.zyxel.cz ZyXEL Communications

Czech s.r.o.

Modranská 621

143 01 Praha 4 - Modrany

Ceská Republika

[email protected] +420-241-091-359

DENMARK

[email protected] +45-39-55-07-00 www.zyxel.dk ZyXEL Communications A/S

Columbusvej

2860 Soeborg

Denmark

[email protected] +45-39-55-07-07

FINLAND

[email protected] +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy

Malminkaari 10

00700 Helsinki

Finland

[email protected] +358-9-4780 8448

FRANCE

[email protected] +33-4-72-52-97-97 www.zyxel.fr ZyXEL France

1 rue des Vergers

Bat. 1 / C

69760 Limonest

France

+33-4-72-52-19-20

GERMANY

[email protected] +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH.

Adenauerstr. 20/A2 D-52146

Wuerselen

Germany

[email protected] +49-2405-6909-99

HUNGARY

[email protected] +36-1-3361649 www.zyxel.hu ZyXEL Hungary

48, Zoldlomb Str.

H-1025, Budapest

Hungary

[email protected] +36-1-3259100

KAZAKHSTAN

http://zyxel.kz/support +7-3272-590-698 www.zyxel.kz ZyXEL Kazakhstan

43, Dostyk ave.,Office 414

Dostyk Business Centre

050010, Almaty

Republic of Kazakhstan

[email protected] +7-3272-590-689

NORTH AMERICA

[email protected] 1-800-255-4101

+1-714-632-0882

www.us.zyxel.com ZyXEL Communications Inc.

1130 N. Miller St.

Anaheim

CA 92806-2001

U.S.A.

[email protected] +1-714-632-0858 ftp.us.zyxel.com

P-662H/HW-D Series User’s Guide

Customer Support 9

+” is the (prefix) number you enter to make an international telephone call.

NORWAY

[email protected] +47-22-80-61-80 www.zyxel.no ZyXEL Communications A/S

Nils Hansens vei 13

0667 Oslo

Norway

[email protected] +47-22-80-61-81

POLAND

[email protected] +48 (22) 333 8250 www.pl.zyxel.com ZyXEL Communications

ul. Okrzei 1A

03-715 Warszawa

Poland

+48 (22) 333 8251

RUSSIA

http://zyxel.ru/support +7-095-542-89-29 www.zyxel.ru ZyXEL Russia

Ostrovityanova 37a Str.

Moscow, 117279

Russia

[email protected] +7-095-542-89-25

SPAIN

[email protected] +34-902-195-420 www.zyxel.es ZyXEL Communications

Arte, 21 5ª planta

28033 Madrid

Spain

[email protected] +34-913-005-345

SWEDEN

[email protected] +46-31-744-7700 www.zyxel.se ZyXEL Communications A/S

Sjöporten 4, 41764 Göteborg

Sweden

[email protected] +46-31-744-7701

UKRAINE

[email protected] +380-44-247-69-78 www.ua.zyxel.com ZyXEL Ukraine

13, Pimonenko Str.

Kiev, 04050

Ukraine

[email protected] +380-44-494-49-32

UNITED KINGDOM

[email protected] +44-1344 303044

08707 555779 (UK only)

www.zyxel.co.uk ZyXEL Communications UK

Ltd.,11 The Courtyard,

Eastern Road, Bracknell,

Berkshire, RG12 2XB,

United Kingdom (UK)

[email protected] +44-1344 303034 ftp.zyxel.co.uk

METHOD

LOCATION

SUPPORT E-MAIL TELEPHONE WEB SITE

REGULAR MAIL

SALES E-MAIL FAX FTP SITE

P-662H/HW-D Series User’s Guide

10 Customer Support

P-662H/HW-D Series User’s Guide

Table of Contents 11

Table of Contents

Copyright .................................................................................................................. 3

Certifications ............................................................................................................ 4

Safety Warnings ....................................................................................................... 6

ZyXEL Limited Warranty.......................................................................................... 7

Customer Support.................................................................................................... 8

Table of Contents ................................................................................................... 11

List of Figures ........................................................................................................ 25

List of Tables .......................................................................................................... 33

Preface .................................................................................................................... 39

Chapter 1

Getting To Know Your ZyXEL Device ................................................................... 41

1.1 Introducing the ZyXEL Device ............................................................................41

1.1.1 Features of the ZyXEL Device ..................................................................41

1.1.1.1 P-662HW Wireless Features ...........................................................45

1.1.2 Applications for the ZyXEL Device ...........................................................45

1.1.2.1 Internet Access ...............................................................................46

1.1.2.2 LAN to LAN Application ...................................................................46

1.1.3 Firewall for Secure Broadband Internet Access .......................................46

1.1.4 Front Panel LEDs .....................................................................................47

Chapter 2

Introducing the Web Configurator........................................................................ 49

2.1 Web Configurator Overview ...............................................................................49

2.2 Accessing the Web Configurator ........................................................................49

2.3 Resetting the ZyXEL Device ..............................................................................51

2.3.1 Using the Reset Button .............................................................................52

2.4 Navigating the Web Configurator ......................................................................52

2.4.1 Navigation Panel .......................................................................................52

2.4.2 Status Screen ............................................................................................55

2.4.3 Status: Any IP Table...................................................................................58

2.4.4 Status: WLAN Status .................................................................................58

2.4.5 Status: Bandwidth Status ...........................................................................59

P-662H/HW-D Series User’s Guide

12 Table of Contents

2.4.6 Status: VPN Status ....................................................................................59

2.4.7 Status: Packet Statistics.............................................................................60

2.4.8 Changing Login Password .......................................................................62

Chapter 3

Wizard Setup for Internet Access......................................................................... 65

3.1 Introduction ........................................................................................................65

3.2 Internet Access Wizard Setup ............................................................................65

3.2.1 Automatic Detection ..................................................................................67

3.2.2 Manual Configuration ................................................................................67

3.3 Wireless Connection Wizard Setup ....................................................................72

3.3.1 Automatically assign a WPA key ...............................................................75

3.3.2 Manually assign a WPA-PSK key ..............................................................75

3.3.3 Manually assign a WEP key ......................................................................76

Chapter 4

Bandwidth Management Wizard ........................................................................... 79

4.1 Introduction ........................................................................................................79

4.2 Predefined Media Bandwidth Management Services ........................................79

4.3 Bandwidth Management Wizard Setup ..............................................................80

Chapter 5

WAN Setup.............................................................................................................. 85

5.1 WAN Overview ..................................................................................................85

5.1.1 Encapsulation ...........................................................................................85

5.1.1.1 ENET ENCAP .................................................................................85

5.1.1.2 PPP over Ethernet ..........................................................................85

5.1.1.3 PPPoA .............................................................................................86

5.1.1.4 RFC 1483 ........................................................................................86

5.1.2 Multiplexing ...............................................................................................86

5.1.2.1 VC-based Multiplexing ....................................................................86

5.1.2.2 LLC-based Multiplexing ...................................................................86

5.1.3 VPI and VCI ..............................................................................................86

5.1.4 IP Address Assignment ............................................................................87

5.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation .....................87

5.1.4.2 IP Assignment with RFC 1483 Encapsulation .................................87

5.1.4.3 IP Assignment with ENET ENCAP Encapsulation ..........................87

5.1.5 Nailed-Up Connection (PPP) ....................................................................87

5.1.6 NAT ...........................................................................................................87

5.2 Metric ................................................................................................................88

5.3 Traffic Shaping ...................................................................................................88

5.3.1 ATM Traffic Classes ..................................................................................89

5.3.1.1 Constant Bit Rate (CBR) .................................................................89

P-662H/HW-D Series User’s Guide

Table of Contents 13

5.3.1.2 Variable Bit Rate (VBR) ...................................................................89

5.3.1.3 Unspecified Bit Rate (UBR) .............................................................90

5.4 Zero Configuration Internet Access ....................................................................90

5.5 Internet Connection ...........................................................................................90

5.5.1 Configuring Advanced Internet Connection...............................................92

5.6 Configuring More Connections ...........................................................................94

5.6.1 More Connections Edit .............................................................................95

5.6.2 Configuring More Connections Advanced Setup.......................................98

5.7 Traffic Redirect ...................................................................................................99

5.8 Configuring WAN Backup ................................................................................100

5.9 WAN Backup Advanced Screen ......................................................................102

5.10 Dial Backup Modem Setup ............................................................................105

Chapter 6

LAN Setup............................................................................................................. 109

6.1 LAN Overview .................................................................................................109

6.1.1 LANs, WANs and the ZyXEL Device ......................................................109

6.1.2 DHCP Setup ...........................................................................................110

6.1.2.1 IP Pool Setup ................................................................................110

6.1.3 DNS Server Address ..............................................................................110

6.1.4 DNS Server Address Assignment ........................................................... 111

6.2 LAN TCP/IP ...................................................................................................... 111

6.2.1 IP Address and Subnet Mask ................................................................. 111

6.2.1.1 Private IP Addresses .....................................................................112

6.2.2 RIP Setup ...............................................................................................112

6.2.3 Multicast ..................................................................................................113

6.2.4 Any IP .....................................................................................................113

6.2.4.1 How Any IP Works ........................................................................114

6.3 Configuring LAN IP ..........................................................................................115

6.3.1 Configuring Advanced LAN Setup ...........................................................115

6.4 DHCP Setup .....................................................................................................117

6.5 LAN Client List .................................................................................................118

6.6 LAN IP Alias .....................................................................................................119

Chapter 7

Wireless LAN ........................................................................................................ 123

7.1 Wireless Network Overview .............................................................................123

7.2 Wireless Security Overview .............................................................................124

7.2.1 SSID .......................................................................................................124

7.2.2 MAC Address Filter .................................................................................124

7.2.3 User Authentication ................................................................................124

7.2.4 Encryption ...............................................................................................125

7.2.5 One-Touch Intelligent Security Technology (OTIST) ...............................126

P-662H/HW-D Series User’s Guide

14 Table of Contents

7.3 Wireless Performance Overview ......................................................................126

7.3.1 Quality of Service (QoS) .........................................................................126

7.4 Additional Wireless Terms ................................................................................127

7.5 General Wireless LAN Screen ........................................................................127

7.5.1 No Security .............................................................................................129

7.5.2 WEP Encryption Screen .........................................................................129

7.5.3 WPA(2)-PSK ...........................................................................................130

7.5.4 WPA(2) Authentication Screen ...............................................................132

7.5.5 Wireless LAN Advanced Setup................................................................134

7.6 OTIST ...............................................................................................................135

7.6.1 Enabling OTIST ......................................................................................135

7.6.1.1 AP .................................................................................................136

7.6.1.2 Wireless Client ..............................................................................137

7.6.2 Starting OTIST ........................................................................................138

7.6.3 Notes on OTIST ......................................................................................138

7.7 MAC Filter ...................................................................................................139

7.8 WMM QoS ........................................................................................................141

7.8.1 WMM QoS Example ...............................................................................141

7.8.2 WMM QoS Priorities ...............................................................................141

7.8.3 Services ..................................................................................................142

7.9 QoS Screen ......................................................................................................144

7.9.1 ToS (Type of Service) and WMM QoS ....................................................144

7.9.2 Application Priority Configuration.............................................................146

7.10 Multiple SSID (P-662HW-D Models only) .......................................................147

7.10.1 Multiple SSID Commands .....................................................................148

7.10.2 Multiple SSID Example .........................................................................150

Chapter 8

DMZ ....................................................................................................................... 151

8.1 Introduction ......................................................................................................151

8.2 Configuring DMZ .............................................................................................151

8.3 DMZ Public IP Address Example .....................................................................153

8.4 DMZ Private and Public IP Address Example ..................................................154

Chapter 9

Network Address Translation (NAT) Screens .................................................... 157

9.1 NAT Overview .................................................................................................157

9.1.1 NAT Definitions .......................................................................................157

9.1.2 What NAT Does ......................................................................................158

9.1.3 How NAT Works .....................................................................................158

9.1.4 NAT Application ......................................................................................159

9.1.5 NAT Mapping Types ...............................................................................159

9.2 SUA (Single User Account) Versus NAT ..........................................................160

P-662H/HW-D Series User’s Guide

Table of Contents 15

9.3 NAT General Setup .........................................................................................160

9.4 Port Forwarding ................................................................................................161

9.4.1 Default Server IP Address ......................................................................162

9.4.2 Port Forwarding: Services and Port Numbers ........................................162

9.4.3 Configuring Servers Behind Port Forwarding (Example) ........................163

9.5 Configuring Port Forwarding ...........................................................................163

9.5.1 Port Forwarding Rule Edit .......................................................................164

9.6 Address Mapping ............................................................................................165

9.6.1 Address Mapping Rule Edit ....................................................................167

Chapter 10

Firewalls................................................................................................................ 169

10.1 Firewall Overview ..........................................................................................169

10.2 Types of Firewalls ..........................................................................................169

10.2.1 Packet Filtering Firewalls ......................................................................169

10.2.2 Application-level Firewalls ....................................................................170

10.2.3 Stateful Inspection Firewalls ................................................................170

10.3 Introduction to ZyXEL’s Firewall .....................................................................170

10.3.1 Denial of Service Attacks ......................................................................171

10.4 Denial of Service ............................................................................................171

10.4.1 Basics ...................................................................................................171

10.4.2 Types of DoS Attacks ...........................................................................172

10.4.2.1 ICMP Vulnerability ......................................................................174

10.4.2.2 Illegal Commands (NetBIOS and SMTP) ....................................174

10.4.2.3 Traceroute ...................................................................................175

10.5 Stateful Inspection ..........................................................................................175

10.5.1 Stateful Inspection Process ..................................................................176

10.5.2 Stateful Inspection and the ZyXEL Device ............................................176

10.5.3 TCP Security .........................................................................................177

10.5.4 UDP/ICMP Security ..............................................................................177

10.5.5 Upper Layer Protocols ..........................................................................178

10.6 Guidelines for Enhancing Security with Your Firewall ....................................178

10.6.1 Security In General ...............................................................................179

10.7 Packet Filtering Vs Firewall ............................................................................179

10.7.1 Packet Filtering: ....................................................................................180

10.7.1.1 When To Use Filtering .................................................................180

10.7.2 Firewall .................................................................................................180

10.7.2.1 When To Use The Firewall ..........................................................180

Chapter 11

Firewall Configuration ......................................................................................... 181

11.1 Access Methods .............................................................................................181

11.2 Firewall Policies Overview ..............................................................................181

P-662H/HW-D Series User’s Guide

16 Table of Contents

11.3 Rule Logic Overview ......................................................................................182

11.3.1 Rule Checklist .......................................................................................182

11.3.2 Security Ramifications ..........................................................................182

11.3.3 Key Fields For Configuring Rules .........................................................183

11.3.3.1 Action ...........................................................................................183

11.3.3.2 Service .........................................................................................183

11.3.3.3 Source Address ...........................................................................183

11.3.3.4 Destination Address ....................................................................183

11.4 Connection Direction ......................................................................................183

11.4.1 LAN to WAN Rules ................................................................................184

11.4.2 Alerts .....................................................................................................184

11.5 General Firewall Policy ................................................................................184

11.6 Firewall Rules Summary ...............................................................................185

11.6.1 Configuring Firewall Rules ...................................................................187

11.6.2 Customized Services ............................................................................190

11.6.3 Configuring A Customized Service .......................................................191

11.7 Example Firewall Rule ....................................................................................191

11.8 Predefined Services .......................................................................................195

11.9 Anti-Probing ....................................................................................................197

11.10 DoS Thresholds ...........................................................................................198

11.10.1 Threshold Values ................................................................................198

11.10.2 Half-Open Sessions ............................................................................199

11.10.2.1 TCP Maximum Incomplete and Blocking Time ..........................199

11.10.3 Configuring Firewall Thresholds ..........................................................200

Chapter 12

Anti-Virus Packet Scan........................................................................................ 203

12.1 Overview ........................................................................................................203

12.1.1 Types of Computer Viruses ..................................................................203

12.2 Signature-Based Virus Scan ..........................................................................203

12.2.1 Computer Virus Infection and Prevention .............................................204

12.3 Introduction to the ZyXEL Device Anti-virus Packet Scan .............................204

12.3.1 How the ZyXEL Device Virus Scan Works ..........................................205

12.3.2 Limitations of the ZyXEL Device Packet Scan ......................................205

12.4 Anti-Virus Packet Scan Configuration ...........................................................205

12.5 Registration and Online Update ....................................................................207

12.5.1 Updating the Anti-Virus Packet Scan ....................................................209

Chapter 13

Content Filtering .................................................................................................. 211

13.1 Content Filtering Overview ............................................................................211

13.2 Configuring Keyword Blocking ...................................................................... 211

13.3 Configuring the Schedule ..............................................................................212

P-662H/HW-D Series User’s Guide

Table of Contents 17

13.4 Configuring Trusted Computers ....................................................................213

Chapter 14

Content Access Control ...................................................................................... 215

14.1 Content Access Control Overview .................................................................215

14.1.1 Content Access Control WLAN Application ..........................................215

14.1.2 Configuration Steps ..............................................................................215

14.2 Activating CAC and Creating User Groups ..................................................216

14.2.1 Configuring Time Schedule ..................................................................217

14.2.2 Configuring Services .............................................................................219

14.2.2.1 Available Services .......................................................................220

14.2.3 Configuring Web Site Filters .................................................................222

14.2.4 Testing Web Site Access Privileges ......................................................227

14.3 User Account Setup ......................................................................................228

14.4 User Online Status ........................................................................................229

14.5 Content Access Control Logins ......................................................................230

14.5.1 User Login ............................................................................................230

14.5.2 Administrator Login ...............................................................................231

Chapter 15

Introduction to IPSec ........................................................................................... 233

15.1 VPN Overview ................................................................................................233

15.1.1 IPSec ....................................................................................................233

15.1.2 Security Association .............................................................................233

15.1.3 Other Terminology ................................................................................233

15.1.3.1 Encryption ...................................................................................233

15.1.3.2 Data Confidentiality .....................................................................234

15.1.3.3 Data Integrity ...............................................................................234

15.1.3.4 Data Origin Authentication ..........................................................234

15.1.4 VPN Applications ..................................................................................234

15.2 IPSec Architecture .........................................................................................235

15.2.1 IPSec Algorithms ..................................................................................235

15.2.2 Key Management ..................................................................................235

15.3 Encapsulation .................................................................................................235

15.3.1 Transport Mode ....................................................................................236

15.3.2 Tunnel Mode ........................................................................................236

15.4 IPSec and NAT ...............................................................................................236

Chapter 16

VPN Screens......................................................................................................... 239

16.1 VPN/IPSec Overview .....................................................................................239

16.2 IPSec Algorithms ............................................................................................239

16.2.1 AH (Authentication Header) Protocol ....................................................239

P-662H/HW-D Series User’s Guide

18 Table of Contents

16.2.2 ESP (Encapsulating Security Payload) Protocol ..................................239

16.3 My IP Address ................................................................................................240

16.4 Secure Gateway Address ..............................................................................241

16.4.1 Dynamic Secure Gateway Address ......................................................241

16.5 VPN Setup Screen ........................................................................................241

16.6 Keep Alive ......................................................................................................243

16.7 VPN, NAT, and NAT Traversal .......................................................................244

16.8 Remote DNS Server ......................................................................................245

16.9 ID Type and Content ......................................................................................245

16.9.1 ID Type and Content Examples ............................................................246

16.10 Pre-Shared Key ............................................................................................247

16.11 Editing VPN Policies ....................................................................................247

16.12 IKE Phases .................................................................................................252

16.12.1 Negotiation Mode ................................................................................253

16.12.2 Diffie-Hellman (DH) Key Groups .........................................................254

16.12.3 Perfect Forward Secrecy (PFS) .........................................................254

16.13 Configuring Advanced IKE Settings ............................................................254

16.14 Manual Key Setup ........................................................................................257

16.14.1 Security Parameter Index (SPI) .........................................................257

16.15 Configuring Manual Key ..............................................................................257

16.16 Viewing SA Monitor .....................................................................................260

16.17 Configuring Global Setting ..........................................................................261

16.18 Telecommuter VPN/IPSec Examples ...........................................................262

16.18.1 Telecommuters Sharing One VPN Rule Example ..............................262

16.18.2 Telecommuters Using Unique VPN Rules Example ...........................263

16.19 VPN and Remote Management ...................................................................264

Chapter 17

Certificates............................................................................................................ 265

17.1 Certificates Overview .....................................................................................265

17.1.1 Advantages of Certificates ....................................................................266

17.2 Self-signed Certificates ..................................................................................266

17.3 Configuration Summary .................................................................................266

17.4 My Certificates ..............................................................................................267

17.5 My Certificate Import .....................................................................................269

17.5.1 Certificate File Formats .........................................................................269

17.6 My Certificate Create ....................................................................................270

17.7 My Certificate Details ....................................................................................272

17.8 Trusted CAs .................................................................................................275

17.9 Trusted CA Import ........................................................................................277

17.10 Trusted CA Details .......................................................................................278

17.11 Trusted Remote Hosts ................................................................................280

17.12 Verifying a Trusted Remote Host’s Certificate ..............................................282

P-662H/HW-D Series User’s Guide

Table of Contents 19

17.12.1 Trusted Remote Host Certificate Fingerprints .....................................282

17.13 Trusted Remote Hosts Import ....................................................................283

17.14 Trusted Remote Host Certificate Details ....................................................283

17.15 Directory Servers .........................................................................................286

17.16 Directory Server Add or Edit ......................................................................287

Chapter 18

Static Route .......................................................................................................... 289

18.1 Static Route .................................................................................................289

18.2 Configuring Static Route ...............................................................................289

18.2.1 Static Route Edit ..................................................................................290

Chapter 19

Bandwidth Management ...................................................................................... 293

19.1 Bandwidth Management Overview ...............................................................293

19.2 Application-based Bandwidth Management ...................................................293

19.3 Subnet-based Bandwidth Management .........................................................293

19.4 Application and Subnet-based Bandwidth Management ...............................294

19.5 Scheduler .......................................................................................................294

19.5.1 Priority-based Scheduler ......................................................................294

19.5.2 Fairness-based Scheduler ....................................................................295

19.6 Maximize Bandwidth Usage ...........................................................................295

19.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic ........................295

19.6.2 Maximize Bandwidth Usage Example ..................................................296

19.6.2.1 Priority-based Allotment of Unused and Unbudgeted Bandwidth 296

19.6.2.2 Fairness-based Allotment of Unused and Unbudgeted

Bandwidth ...........................................................................................297

19.6.3 Bandwidth Management Priorities ........................................................297

19.7 Configuring Summary ...................................................................................297

19.8 Bandwidth Management Rule Setup ............................................................299

19.8.1 Rule Configuration .................................................................................300

19.9 Bandwidth Monitor ........................................................................................302

Chapter 20

Dynamic DNS Setup............................................................................................. 305

20.1 Dynamic DNS Overview ................................................................................305

20.1.1 DYNDNS Wildcard ................................................................................305

20.2 Configuring Dynamic DNS ............................................................................305

Chapter 21

Remote Management Configuration .................................................................. 309

21.1 Remote Management Overview ....................................................................309

21.1.1 Remote Management Limitations .........................................................309

P-662H/HW-D Series User’s Guide

20 Table of Contents

21.1.2 Remote Management and NAT ............................................................310

21.1.3 System Timeout ...................................................................................310

21.2 WWW .............................................................................................................310

21.3 Telnet ..............................................................................................................311

21.4 Configuring Telnet ..........................................................................................311

21.5 Configuring FTP ............................................................................................312

21.6 SNMP .............................................................................................................313

21.6.1 Supported MIBs ....................................................................................314

21.6.2 SNMP Traps .........................................................................................315

21.6.3 Configuring SNMP .................................................................................315

21.7 Configuring DNS ...........................................................................................317

21.8 Configuring ICMP ...........................................................................................317

21.9 TR-069 ...........................................................................................................319

Chapter 22

Universal Plug-and-Play (UPnP) ......................................................................... 321

22.1 Introducing Universal Plug and Play .............................................................321

22.1.1 How do I know if I'm using UPnP? ........................................................321

22.1.2 NAT Traversal .......................................................................................321

22.1.3 Cautions with UPnP ..............................................................................322

22.2 UPnP and ZyXEL ...........................................................................................322

22.2.1 Configuring UPnP .................................................................................322

22.3 Installing UPnP in Windows Example ............................................................323

22.4 Using UPnP in Windows XP Example ...........................................................326

Chapter 23

System .................................................................................................................. 333

23.1 General Setup ................................................................................................333

23.1.1 General Setup and System Name ........................................................333

23.1.2 General Setup .......................................................................................333

23.2 Time Setting ..................................................................................................335

Chapter 24

Logs ...................................................................................................................... 339

24.1 Logs Overview ..............................................................................................339

24.1.1 Alerts and Logs .....................................................................................339

24.2 Viewing the Logs ............................................................................................339

24.3 Configuring Log Settings ...............................................................................340

24.4 SMTP Error Messages ...................................................................................343

24.4.1 Example E-mail Log .............................................................................343

Page is loading ...

ZyXEL HW-D Series User manual

ZyXEL HW-D Series User manual

Related papers

Other documents