User Guide
Page 35
Chapter 1 Introducing the ZyXEL Device 2 Connect the side labeled "Modem" or "DSL" to your telephone voice transmissions. The use of a telephone microfilter is optional. 1 Locate and disconnect each telephone. 2 Connect a cable from the wall jack to your telephone as a low-pass filter, for information on hardware connections. P-660H-Tx v2 User's Guide 35 Figure 5 Connecting...
Chapter 1 Introducing the ZyXEL Device 2 Connect the side labeled "Modem" or "DSL" to your telephone voice transmissions. The use of a telephone microfilter is optional. 1 Locate and disconnect each telephone. 2 Connect a cable from the wall jack to your telephone as a low-pass filter, for information on hardware connections. P-660H-Tx v2 User's Guide 35 Figure 5 Connecting...
User Guide
Page 56
.... The DNS servers are implementing subnetting. Apply Click Apply to save your changes. 56 P-660H-Tx v2 User's Guide First DNS Server Enter the IP addresses of the DNS servers. Static IP ...dotted decimal notation. A dynamic IP address is a fixed IP that your ISP gives you are passed to the Internet. Figure 24 Internet Connection with the IP address and the subnet mask. Refer... a subnet mask in this screen. Server Back Click Back to go back to the ZyXEL Device. the ISP assigns you a different one each time you . Exit Click Exit to calculate a subnet...
.... The DNS servers are implementing subnetting. Apply Click Apply to save your changes. 56 P-660H-Tx v2 User's Guide First DNS Server Enter the IP addresses of the DNS servers. Static IP ...dotted decimal notation. A dynamic IP address is a fixed IP that your ISP gives you are passed to the Internet. Figure 24 Internet Connection with the IP address and the subnet mask. Refer... a subnet mask in this screen. Server Back Click Back to go back to the ZyXEL Device. the ISP assigns you a different one each time you . Exit Click Exit to calculate a subnet...
User Guide
Page 76
You must manually configure the ZyXEL Device for application where NAT is not appropriate. Each host can enable PPPoE pass through is an alternative to automatically...afresh. 5.6 Configuring More Connections This section describes the protocol-independent parameters for placing calls to the ZyXEL Device's built-in bridge mode. In addition to a remote gateway and the network behind it ... can have a separate account and a public WAN IP address. Figure 36 More Connections 76 P-660H-Tx v2 User's Guide They are configuring the first WAN connection. Select Yes to set up to ten hosts...
You must manually configure the ZyXEL Device for application where NAT is not appropriate. Each host can enable PPPoE pass through is an alternative to automatically...afresh. 5.6 Configuring More Connections This section describes the protocol-independent parameters for placing calls to the ZyXEL Device's built-in bridge mode. In addition to a remote gateway and the network behind it ... can have a separate account and a public WAN IP address. Figure 36 More Connections 76 P-660H-Tx v2 User's Guide They are configuring the first WAN connection. Select Yes to set up to ten hosts...
User Guide
Page 86
... client machines along with a pool of an information sheet, when you must have another DHCP server on a LAN share one common network number. 86 P-660H-Tx v2 User's Guide If you turn DHCP service off, you sign up DHCP are left blank in the LAN Setup screen. The DNS server is extremely... when the ISP uses the IPCP DNS server extensions. There are conveyed through the DNS proxy feature. The ZyXEL Device acts as a DNS proxy when the Primary and Secondary DNS Server fields are passed to its corresponding IP address and vice versa. It does not mean you enter their IP addresses in...
... client machines along with a pool of an information sheet, when you must have another DHCP server on a LAN share one common network number. 86 P-660H-Tx v2 User's Guide If you turn DHCP service off, you sign up DHCP are left blank in the LAN Setup screen. The DNS server is extremely... when the ISP uses the IPCP DNS server extensions. There are conveyed through the DNS proxy feature. The ZyXEL Device acts as a DNS proxy when the Primary and Secondary DNS Server fields are passed to its corresponding IP address and vice versa. It does not mean you enter their IP addresses in...
User Guide
Page 91
... direction from RIP-1, RIP-2B and RIP-2M. Any IP Setup Select the Active check box to find a computer on the WAN. P-660H-Tx v2 User's Guide 91 Figure 45 Advanced LAN Setup The following table describes the labels in the LAN IP screen. For some dial-up services ... the default WAN to LAN firewall rule that enable a computer to connect to disable it may sometimes be necessary to allow NetBIOS packets to pass through the ZyXEL Device. Clear this screen. Chapter 6 LAN Setup 6.3.1 Configuring Advanced LAN Setup To edit your firewall is a network-layer protocol used to the...
... direction from RIP-1, RIP-2B and RIP-2M. Any IP Setup Select the Active check box to find a computer on the WAN. P-660H-Tx v2 User's Guide 91 Figure 45 Advanced LAN Setup The following table describes the labels in the LAN IP screen. For some dial-up services ... the default WAN to LAN firewall rule that enable a computer to connect to disable it may sometimes be necessary to allow NetBIOS packets to pass through the ZyXEL Device. Clear this screen. Chapter 6 LAN Setup 6.3.1 Configuring Advanced LAN Setup To edit your firewall is a network-layer protocol used to the...
User Guide
Page 93
... 24 LAN Client List LABEL DESCRIPTION IP Address Enter the IP address that you to assign IP addresses on the LAN to the ZyXEL Device. P-660H-Tx v2 User's Guide 93 Add Click Add to the DHCP clients. Enter the IP addresses of hexadecimal characters, for the DHCP client. ...has a unique MAC (Media Access Control) address. Chapter 6 LAN Setup Table 23 DHCP Setup LABEL DESCRIPTION DNS Servers Assigned by DHCP Server The ZyXEL Device passes a DNS (Domain Name System) server IP address to add a static DHCP entry. Figure 47 LAN Client List The following table describes the ...
... 24 LAN Client List LABEL DESCRIPTION IP Address Enter the IP address that you to assign IP addresses on the LAN to the ZyXEL Device. P-660H-Tx v2 User's Guide 93 Add Click Add to the DHCP clients. Enter the IP addresses of hexadecimal characters, for the DHCP client. ...has a unique MAC (Media Access Control) address. Chapter 6 LAN Setup Table 23 DHCP Setup LABEL DESCRIPTION DNS Servers Assigned by DHCP Server The ZyXEL Device passes a DNS (Domain Name System) server IP address to add a static DHCP entry. Figure 47 LAN Client List The following table describes the ...
User Guide
Page 100
...pass through NAT (are NAT un-friendly) because they embed IP addresses and port numbers in the data stream. Server Server 1 IPÅÆ IGA1 Server 2 IPÅÆ IGA1 Server 3 IPÅÆ IGA1 7.2 SUA (Single User Account) Versus NAT SUA (Single User Account) is behind a SIP ALG. 100 P-660H-Tx v2... Translation (NAT) Screens The following table summarizes these types. A SIP ALG allows SIP calls to use STUN or an outbound proxy if your ZyXEL Device. 7.3 SIP ALG Some applications, such as SIP, H.323 or FTP) at the application layer. Table 27 NAT Mapping Types TYPE IP...
...pass through NAT (are NAT un-friendly) because they embed IP addresses and port numbers in the data stream. Server Server 1 IPÅÆ IGA1 Server 2 IPÅÆ IGA1 Server 3 IPÅÆ IGA1 7.2 SUA (Single User Account) Versus NAT SUA (Single User Account) is behind a SIP ALG. 100 P-660H-Tx v2... Translation (NAT) Screens The following table summarizes these types. A SIP ALG allows SIP calls to use STUN or an outbound proxy if your ZyXEL Device. 7.3 SIP ALG Some applications, such as SIP, H.323 or FTP) at the application layer. Table 27 NAT Mapping Types TYPE IP...
User Guide
Page 112
...traffic and direct it to act as a secure gateway for enterprises. 8.3 Introduction to ZyXEL's Firewall The ZyXEL Device firewall is a stateful inspection firewall and is the only host whose name must...access by screening data packets against Denial of standard security solutions for all data passing between the LAN and the Internet. Filtering rules at the packet filtering router can evaluate...if it were logged with standard host logging. Since they use a specific service. 112 P-660H-Tx v2 User's Guide However, "inbound access" will have access to Internet services such as log ...
...traffic and direct it to act as a secure gateway for enterprises. 8.3 Introduction to ZyXEL's Firewall The ZyXEL Device firewall is a stateful inspection firewall and is the only host whose name must...access by screening data packets against Denial of standard security solutions for all data passing between the LAN and the Internet. Filtering rules at the packet filtering router can evaluate...if it were logged with standard host logging. Since they use a specific service. 112 P-660H-Tx v2 User's Guide However, "inbound access" will have access to Internet services such as log ...
User Guide
Page 119
...on the Internet and requests a file. UDP also contains port pairs, and ICMP has type and code information. A packet is only allowed to pass through if it corresponds to a valid connection (that is, if it adds a cache entry for ICMP, except that this connection must be used...supported on the LAN). 8.5.4 UDP/ICMP Security UDP and ICMP do this point, the remote server will be rejected. P-660H-Tx v2 User's Guide 119 When the ZyXEL Device receives any connection information (such as FTP and RealAudio) utilize multiple network connections simultaneously. In order to do not ...
...on the Internet and requests a file. UDP also contains port pairs, and ICMP has type and code information. A packet is only allowed to pass through if it corresponds to a valid connection (that is, if it adds a cache entry for ICMP, except that this connection must be used...supported on the LAN). 8.5.4 UDP/ICMP Security UDP and ICMP do this point, the remote server will be rejected. P-660H-Tx v2 User's Guide 119 When the ZyXEL Device receives any connection information (such as FTP and RealAudio) utilize multiple network connections simultaneously. In order to do not ...
User Guide
Page 121
...block/allow both inbound (WAN to LAN) and outbound (LAN to WAN) traffic between the ZyXEL Device's filtering and firewall functions. 8.7.1 Packet Filtering: • The router filters packets as their... trace route. 8.7.2 Firewall • The firewall inspects packet contents as well as they pass through the trash of companies or individuals for other layers, from an inside host/network ...that might help them in a session. • The firewall provides e-mail service to A. P-660H-Tx v2 User's Guide 121 Filters can be specified within one firewall rule making the firewall a better ...
...block/allow both inbound (WAN to LAN) and outbound (LAN to WAN) traffic between the ZyXEL Device's filtering and firewall functions. 8.7.1 Packet Filtering: • The router filters packets as their... trace route. 8.7.2 Firewall • The firewall inspects packet contents as well as they pass through the trash of companies or individuals for other layers, from an inside host/network ...that might help them in a session. • The firewall provides e-mail service to A. P-660H-Tx v2 User's Guide 121 Filters can be specified within one firewall rule making the firewall a better ...
User Guide
Page 127
...of your customized rules. Use the drop-down list boxes to the ZyXEL Device. Select Drop to silently discard the packets without passing through the router. This screen displays a list of the ZyXEL Device or the ZyXEL Device itself. Chapter 9 Firewall Configuration The following screen. Click this ... default action that are grouped based on the direction of travel of triangle route topology on packets that the firewall is activated. P-660H-Tx v2 User's Guide 127 Basic... Select Reject to the sender. For example, LAN to LAN / Router means packets traveling from the...
...of your customized rules. Use the drop-down list boxes to the ZyXEL Device. Select Drop to silently discard the packets without passing through the router. This screen displays a list of the ZyXEL Device or the ZyXEL Device itself. Chapter 9 Firewall Configuration The following screen. Click this ... default action that are grouped based on the direction of travel of triangle route topology on packets that the firewall is activated. P-660H-Tx v2 User's Guide 127 Basic... Select Reject to the sender. For example, LAN to LAN / Router means packets traveling from the...
User Guide
Page 155
... can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules. P-660H-Tx v2 User's Guide 155 The ZyXEL Device does not control the bandwidth of traffic that it forwards out through the ZyXEL Device and be less than or equal to the speed allocated to that apply to ...traffic that comes into an interface. Traffic redirect or IP alias may cause LAN-to-LAN traffic to pass through an interface. Bandwidth management applies to...
... can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules. P-660H-Tx v2 User's Guide 155 The ZyXEL Device does not control the bandwidth of traffic that it forwards out through the ZyXEL Device and be less than or equal to the speed allocated to that apply to ...traffic that comes into an interface. Traffic redirect or IP alias may cause LAN-to-LAN traffic to pass through an interface. Bandwidth management applies to...
User Guide
Page 160
...speed to 1000 kbps if your settings to enable bandwidth management on that does not match a bandwidth class or you want to pass through the interface, regardless of the actual bandwidth. Scheduler Select either Priority-Based or Fairness-Based from being sent if higher ...preference to control the traffic flow. Active Select an interface's check box to the ZyXEL Device. For example, set this check box to enable bandwidth management on that interface. 160 P-660H-Tx v2 User's Guide Select Fairness-Based to match the interface's actual transmission speed. If you...
...speed to 1000 kbps if your settings to enable bandwidth management on that does not match a bandwidth class or you want to pass through the interface, regardless of the actual bandwidth. Scheduler Select either Priority-Based or Fairness-Based from being sent if higher ...preference to control the traffic flow. Active Select an interface's check box to the ZyXEL Device. For example, set this check box to enable bandwidth management on that interface. 160 P-660H-Tx v2 User's Guide Select Fairness-Based to match the interface's actual transmission speed. If you...
User Guide
Page 183
...Click on the Windows Setup tab and select Communication in the Components selection box. P-660H-Tx v2 User's Guide 183 Clear this check box to allow traffic from UPnP-enabled applications to... bypass the firewall. Chapter 15 Universal Plug-and-Play (UPnP) Table 70 Configuring UPnP LABEL DESCRIPTION Allow UPnP to pass....3.1 Installing UPnP in Windows Me Follow the steps below to the ZyXEL Device. Apply Click Apply to save the setting to install the UPnP in Windows Me. 1 Click...
...Click on the Windows Setup tab and select Communication in the Components selection box. P-660H-Tx v2 User's Guide 183 Clear this check box to allow traffic from UPnP-enabled applications to... bypass the firewall. Chapter 15 Universal Plug-and-Play (UPnP) Table 70 Configuring UPnP LABEL DESCRIPTION Allow UPnP to pass....3.1 Installing UPnP in Windows Me Follow the steps below to the ZyXEL Device. Apply Click Apply to save the setting to install the UPnP in Windows Me. 1 Click...
User Guide
Page 215
... when a host was out of incomplete connections (TCP and UDP) exceeded the userconfigured threshold. (Incomplete count is per destination host.) Note: Refer to pass [TCP | UDP | IGMP | ESP | GRE | through the firewall.)Note: When the number of incomplete connections (TCP + UDP) > "Maximum...firewall refers to RFC793 Figure 6 to the rule. The router sent a TCP reset packet when a dynamic firewall session timed out. P-660H-Tx v2 User's Guide 215 Chapter 19 Logs Table 81 Access Control Logs (continued) LOG MESSAGE DESCRIPTION Triangle route packet forwarded: The firewall allowed...
... when a host was out of incomplete connections (TCP and UDP) exceeded the userconfigured threshold. (Incomplete count is per destination host.) Note: Refer to pass [TCP | UDP | IGMP | ESP | GRE | through the firewall.)Note: When the number of incomplete connections (TCP + UDP) > "Maximum...firewall refers to RFC793 Figure 6 to the rule. The router sent a TCP reset packet when a dynamic firewall session timed out. P-660H-Tx v2 User's Guide 215 Chapter 19 Logs Table 81 Access Control Logs (continued) LOG MESSAGE DESCRIPTION Triangle route packet forwarded: The firewall allowed...
User Guide
Page 216
... PPP connection's Link Control Protocol stage is closing . ppp:IPCP Closing The PPP connection's Internet Protocol Control Protocol stage is closing . 216 P-660H-Tx v2 User's Guide For type and code details, see Table 95 on page 224. "channel" or "ch" is for PPPoE, 10 is the...ICMP packets are out of order. The firewall allowed a triangle route session to the sender. The router sent an ICMP reply packet to pass through. ppp:CHAP Opening The PPP connection's Challenge Handshake Authentication Protocol stage is opening . ppp:IPCP Opening The PPP connection's Internet Protocol ...
... PPP connection's Link Control Protocol stage is closing . ppp:IPCP Closing The PPP connection's Internet Protocol Control Protocol stage is closing . 216 P-660H-Tx v2 User's Guide For type and code details, see Table 95 on page 224. "channel" or "ch" is for PPPoE, 10 is the...ICMP packets are out of order. The firewall allowed a triangle route session to the sender. The router sent an ICMP reply packet to pass through. ppp:CHAP Opening The PPP connection's Challenge Handshake Authentication Protocol stage is opening . ppp:IPCP Opening The PPP connection's Internet Protocol ...
User Guide
Page 217
...UPnP Logs LOG MESSAGE UPnP pass through Firewall DESCRIPTION UPnP packets can pass through the firewall. Waiting ... Matched Web Site" check box, the system forwards the web content. P-660H-Tx v2 User's Guide 217 Table 88 Content Filtering Logs LOG MESSAGE DESCRIPTION %s: Keyword... blocking The content of the external content filtering via DNS query. Creating socket failed The ZyXEL Device cannot issue a query because TCP/IP socket creation failed, port:port number. DNS resolving failed The ZyXEL...
...UPnP Logs LOG MESSAGE UPnP pass through Firewall DESCRIPTION UPnP packets can pass through the firewall. Waiting ... Matched Web Site" check box, the system forwards the web content. P-660H-Tx v2 User's Guide 217 Table 88 Content Filtering Logs LOG MESSAGE DESCRIPTION %s: Keyword... blocking The content of the external content filtering via DNS query. Creating socket failed The ZyXEL Device cannot issue a query because TCP/IP socket creation failed, port:port number. DNS resolving failed The ZyXEL...
User Guide
Page 222
... the router allows is listed) from the LDAP server whose address and port are only approximate reasons for the corresponding descriptions of the codes. 222 P-660H-Tx v2 User's Guide The Destination field records the certification authority server's IP address and port. Max size allowed: Cert trusted: Due to , cert not trusted... decode the received user cert Failed to decode the received CRL Failed to the reasons listed, the certificate with the listed subject name has not passed the path verification.
... the router allows is listed) from the LDAP server whose address and port are only approximate reasons for the corresponding descriptions of the codes. 222 P-660H-Tx v2 User's Guide The Destination field records the certification authority server's IP address and port. Max size allowed: Cert trusted: Due to , cert not trusted... decode the received user cert Failed to decode the received CRL Failed to the reasons listed, the certificate with the listed subject name has not passed the path verification.
User Guide
Page 243
... SPTGEN FTP Upload Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> get rom-t ftp>bye c:\edit rom-t (edit the rom-t text file by a text ... computer but it must be named "rom-t" when you upload it to your ZyXEL Device. Internal SPTGEN FTP Upload Example 1 Launch your computer to the ZyXEL Device using the "put rom-t ftp>bye P-660H-Tx v2 User's Guide 243 computer to the ZyXEL Device. 4 Exit this FTP application. The command "bin" sets the transfer mode...
... SPTGEN FTP Upload Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> get rom-t ftp>bye c:\edit rom-t (edit the rom-t text file by a text ... computer but it must be named "rom-t" when you upload it to your ZyXEL Device. Internal SPTGEN FTP Upload Example 1 Launch your computer to the ZyXEL Device using the "put rom-t ftp>bye P-660H-Tx v2 User's Guide 243 computer to the ZyXEL Device. 4 Exit this FTP application. The command "bin" sets the transfer mode...
User Guide
Page 296
... Configuration Syntax:sys filter netbios config where = = Identify which NetBIOS filter (numbered 0-3) to configure. 0 = Between LAN and WAN 3 = IPSec packet pass through a VPN connection are blocked or forwarded. For type 4, use on to enable the filter and block NetBIOS packets. Use off to allow NetBIOS packets ... calls. Use off to block NetBIOS packets from initiating calls. sys filter netbios This command blocks IPSec NetBIOS packets. Use off 296 P-660H-Tx v2 User's Guide For type 3, use on to allow NetBIOS packets to be sent through a VPN connection.
... Configuration Syntax:sys filter netbios config where = = Identify which NetBIOS filter (numbered 0-3) to configure. 0 = Between LAN and WAN 3 = IPSec packet pass through a VPN connection are blocked or forwarded. For type 4, use on to enable the filter and block NetBIOS packets. Use off to allow NetBIOS packets ... calls. Use off to block NetBIOS packets from initiating calls. sys filter netbios This command blocks IPSec NetBIOS packets. Use off 296 P-660H-Tx v2 User's Guide For type 3, use on to allow NetBIOS packets to be sent through a VPN connection.