User Guide
Page 14
... 8.5.2 Port Forwarding: Services and Port Numbers 134 8.5.3 Configuring Servers Behind Port Forwarding (Example 135 8.6 Configuring Port Forwarding 135 8.6.1 Port Forwarding Rule Edit 136 8.7 Address Mapping ...137 8.7.1 Address Mapping Rule Edit 139 Part IV: Security 141 Chapter 9 Firewalls...143 9.1 Firewall Overview ...143 9.2 Types of Firewalls ...143 9.2.1 Packet Filtering Firewalls 143 9.2.2 Application-level Firewalls 144 9.2.3 Stateful Inspection Firewalls 144 9.3 Introduction to ZyXEL...
... 8.5.2 Port Forwarding: Services and Port Numbers 134 8.5.3 Configuring Servers Behind Port Forwarding (Example 135 8.6 Configuring Port Forwarding 135 8.6.1 Port Forwarding Rule Edit 136 8.7 Address Mapping ...137 8.7.1 Address Mapping Rule Edit 139 Part IV: Security 141 Chapter 9 Firewalls...143 9.1 Firewall Overview ...143 9.2 Types of Firewalls ...143 9.2.1 Packet Filtering Firewalls 143 9.2.2 Application-level Firewalls 144 9.2.3 Stateful Inspection Firewalls 144 9.3 Introduction to ZyXEL...
User Guide
Page 22
... ...130 Figure 78 NAT Application With IP Alias 131 Figure 79 NAT General ...133 Figure 80 Multiple Servers Behind NAT Example 135 Figure 81 NAT Port Forwarding ...136 22 P-660HW-Dx v2 User's Guide
... ...130 Figure 78 NAT Application With IP Alias 131 Figure 79 NAT General ...133 Figure 80 Multiple Servers Behind NAT Example 135 Figure 81 NAT Port Forwarding ...136 22 P-660HW-Dx v2 User's Guide
User Guide
Page 23
List of Figures Figure 82 Port Forwarding Rule Setup 137 Figure 83 Address Mapping Rules ...138 Figure 84 Edit Address Mapping Rule 139 Figure...: Customized Services 164 Figure 94 Firewall: Configure Customized Services 165 Figure 95 Firewall Example: Rules ...166 Figure 96 Edit Custom Port Example 166 Figure 97 Firewall Example: Edit Rule: Destination Address 167 Figure 98 Firewall Example: Edit Rule: Select Customized Services 168...Management: ICMP 212 Figure 123 Configuring UPnP ...214 Figure 124 Add/Remove Programs: Windows Setup: Communication 215 P-660HW-Dx v2 User's Guide 23
List of Figures Figure 82 Port Forwarding Rule Setup 137 Figure 83 Address Mapping Rules ...138 Figure 84 Edit Address Mapping Rule 139 Figure...: Customized Services 164 Figure 94 Firewall: Configure Customized Services 165 Figure 95 Firewall Example: Rules ...166 Figure 96 Edit Custom Port Example 166 Figure 97 Firewall Example: Edit Rule: Destination Address 167 Figure 98 Firewall Example: Edit Rule: Select Customized Services 168...Management: ICMP 212 Figure 123 Configuring UPnP ...214 Figure 124 Add/Remove Programs: Windows Setup: Communication 215 P-660HW-Dx v2 User's Guide 23
User Guide
Page 28
...NAT Mapping Types ...132 Table 46 NAT General ...133 Table 47 Services and Port Numbers 134 Table 48 NAT Port Forwarding ...136 Table 49 Port Forwarding Rule Setup 137 Table 50 Address Mapping Rules ...138 Table 51 Edit Address... Mapping Rule 140 Table 52 Common IP Ports ...145 Table 53 ICMP Commands That... Management Rule Configuration 195 Table 79 Services and Port Numbers 197 Table 80 Bandwidth Management Monitor 198 Table 81 Dynamic DNS ...200 28...
...NAT Mapping Types ...132 Table 46 NAT General ...133 Table 47 Services and Port Numbers 134 Table 48 NAT Port Forwarding ...136 Table 49 Port Forwarding Rule Setup 137 Table 50 Address Mapping Rules ...138 Table 51 Edit Address... Mapping Rule 140 Table 52 Common IP Ports ...145 Table 53 ICMP Commands That... Management Rule Configuration 195 Table 79 Services and Port Numbers 197 Table 80 Bandwidth Management Monitor 198 Table 81 Dynamic DNS ...200 28...
User Guide
Page 43
... Click this screen to partition your anti-probing settings. IP Alias Use this icon to exit the web configurator. Port Forwarding Use this screen to activate/deactivate the firewall and the direction of users on the LAN from content filtering on ...ZyXEL Device. WAN Backup Setup Use this screen to access the summary statistics tables. Client List Use this screen to configure network address translation mapping rules. Address Mapping Use this screen to view current DHCP client information and to always assign an IP address to a MAC address (and host name). P-660HW-Dx v2...
... Click this screen to partition your anti-probing settings. IP Alias Use this icon to exit the web configurator. Port Forwarding Use this screen to activate/deactivate the firewall and the direction of users on the LAN from content filtering on ...ZyXEL Device. WAN Backup Setup Use this screen to access the summary statistics tables. Client List Use this screen to configure network address translation mapping rules. Address Mapping Use this screen to view current DHCP client information and to always assign an IP address to a MAC address (and host name). P-660HW-Dx v2...
User Guide
Page 87
...-down list. Click Edit to go to the Port Forwarding screen to you select VC, specify separate VPI and VCI numbers for local management of an outgoing packet, used by your Internet Service Provider (ISP). Apply Click Apply to disable NAT. P-660HW-Dx v2 User's Guide 87 Chapter 5 WAN Setup Table ...idle time-out in a packet, for example, the source address of ATM traffic). Subnet Mask Enter a subnet mask in the Mode field. The ZyXEL Device will try to you connect to display the More Connections Advanced screen and edit more details of your ISP assigns you don't want your...
...-down list. Click Edit to go to the Port Forwarding screen to you select VC, specify separate VPI and VCI numbers for local management of an outgoing packet, used by your Internet Service Provider (ISP). Apply Click Apply to disable NAT. P-660HW-Dx v2 User's Guide 87 Chapter 5 WAN Setup Table ...idle time-out in a packet, for example, the source address of ATM traffic). Subnet Mask Enter a subnet mask in the Mode field. The ZyXEL Device will try to you connect to display the More Connections Advanced screen and edit more details of your ISP assigns you don't want your...
User Guide
Page 130
... Figure 77 How NAT Works 8.1.4 NAT Application The following figure illustrates this chapter. 130 P-660HW-Dx v2 User's Guide NAT maps private (local) IP addresses to RFC 1631, The IP Network...LANs (logical LANs using IP Alias) behind the ZyXEL Device can be either local or global) of the original addresses and port numbers so incoming reply packets can designate servers,...NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the Internet. Note that the IP address (either static or dynamically assigned by ...
... Figure 77 How NAT Works 8.1.4 NAT Application The following figure illustrates this chapter. 130 P-660HW-Dx v2 User's Guide NAT maps private (local) IP addresses to RFC 1631, The IP Network...LANs (logical LANs using IP Alias) behind the ZyXEL Device can be either local or global) of the original addresses and port numbers so incoming reply packets can designate servers,...NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the Internet. Note that the IP address (either static or dynamically assigned by ...
User Guide
Page 134
... Server IP address, the ZyXEL Device discards all packets received for ports that corresponds to RFC 1700 for further information about port numbers. If you to the servers for example, web service is a list of ports. The most often used port numbers are not specified in...660HW-Dx v2 User's Guide You can allocate a server IP address that are unsure, refer to your ISP. 8.5.1 Default Server IP Address " In addition to run any active services at your whole inside (behind NAT on your account if it might be forwarded, and the local IP address of port numbers. The port...
... Server IP address, the ZyXEL Device discards all packets received for ports that corresponds to RFC 1700 for further information about port numbers. If you to the servers for example, web service is a list of ports. The most often used port numbers are not specified in...660HW-Dx v2 User's Guide You can allocate a server IP address that are unsure, refer to your ISP. 8.5.1 Default Server IP Address " In addition to run any active services at your whole inside (behind NAT on your account if it might be forwarded, and the local IP address of port numbers. The port...
User Guide
Page 135
..., the ZyXEL Device discards all packets received for particular services. Chapter 8 Network Address Translation (NAT) Screens Table 47 Services and Port Numbers SERVICES SNMP trap PPTP (Point-to-Point Tunneling Protocol) PORT NUMBER 162 1723 8.5.3 Configuring Servers Behind Port Forwarding (Example)...NAT Example 8.6 Configuring Port Forwarding " The Port Forwarding screen is available only when you select SUA Only in the remote management setup. Click Network > NAT > Port Forwarding to a third (C in the example). See Table 47 on the Internet. P-660HW-Dx v2 User's Guide 135...
..., the ZyXEL Device discards all packets received for particular services. Chapter 8 Network Address Translation (NAT) Screens Table 47 Services and Port Numbers SERVICES SNMP trap PPTP (Point-to-Point Tunneling Protocol) PORT NUMBER 162 1723 8.5.3 Configuring Servers Behind Port Forwarding (Example)...NAT Example 8.6 Configuring Port Forwarding " The Port Forwarding screen is available only when you select SUA Only in the remote management setup. Click Network > NAT > Port Forwarding to a third (C in the example). See Table 47 on the Internet. P-660HW-Dx v2 User's Guide 135...
User Guide
Page 136
...ZyXEL Device discards all packets received for ports that are not specified in this screen. Apply Click Apply to save your changes to the table below. # This is the first port number that identifies a service. Note that are not specified here or in the Port Forwarding screen 136 P-660HW-Dx v2... User's Guide Chapter 8 Network Address Translation (NAT) Screens Figure 81 NAT Port Forwarding The following table describes the ...
...ZyXEL Device discards all packets received for ports that are not specified in this screen. Apply Click Apply to save your changes to the table below. # This is the first port number that identifies a service. Note that are not specified here or in the Port Forwarding screen 136 P-660HW-Dx v2... User's Guide Chapter 8 Network Address Translation (NAT) Screens Figure 81 NAT Port Forwarding The following table describes the ...
User Guide
Page 137
... matches the current packet, the ZyXEL Device takes the corresponding action and the remaining rules are any empty rules before your new configured rule, your rules is available only when you specify. To forward a series of empty P-660HW-Dx v2 User's Guide 137 To forward only one port, enter the port number again in this check box...
... matches the current packet, the ZyXEL Device takes the corresponding action and the remaining rules are any empty rules before your new configured rule, your rules is available only when you specify. To forward a series of empty P-660HW-Dx v2 User's Guide 137 To forward only one port, enter the port number again in this check box...
User Guide
Page 140
... that you have a dynamic IP address from the drop-down menu to choose a server mapping set. Edit Details Click this screen afresh. 140 P-660HW-Dx v2 User's Guide Local End IP This is the starting global IP address (IGA). If your rule is the ending global IP address (IGA). Enter ...the Local End IP address. Set Select a number from your changes to the ZyXEL Device. Back Click Back to return to one global IP address. Cancel Click Cancel to begin configuring this link to go to the Port Forwarding screen to edit a server mapping set to Server. Table 51 Edit Address ...
... that you have a dynamic IP address from the drop-down menu to choose a server mapping set. Edit Details Click this screen afresh. 140 P-660HW-Dx v2 User's Guide Local End IP This is the starting global IP address (IGA). If your rule is the ending global IP address (IGA). Enter ...the Local End IP address. Set Select a number from your changes to the ZyXEL Device. Back Click Back to return to one global IP address. Cancel Click Cancel to begin configuring this link to go to the Port Forwarding screen to edit a server mapping set to Server. Table 51 Edit Address ...
User Guide
Page 184
... Route The following table describes the labels in this screen to remove a static route from the ZyXEL Device. Active Select the check box to their destinations. The gateway helps forward packets to activate this route. Subnet Mask This is the name that you want to the screen...( ). Click the Delete icon to configure the required information for a static route. 184 P-660HW-Dx v2 User's Guide Routing is a router or switch on the same network segment as the device's LAN or WAN port. A window displays asking you can set up a static route on network number. Otherwise, clear...
... Route The following table describes the labels in this screen to remove a static route from the ZyXEL Device. Active Select the check box to their destinations. The gateway helps forward packets to activate this route. Subnet Mask This is the name that you want to the screen...( ). Click the Delete icon to configure the required information for a static route. 184 P-660HW-Dx v2 User's Guide Routing is a router or switch on the same network segment as the device's LAN or WAN port. A window displays asking you can set up a static route on network number. Otherwise, clear...
User Guide
Page 185
IP Subnet Mask Enter the IP subnet mask here. Back Click Back to return to the ZyXEL Device. Gateway IP Address Enter the IP address of the final destination. Apply Click Apply to save your changes to the previous screen without saving. ... gateway is always based on the same network segment as the device's LAN or WAN port. The gateway helps forward packets to delete this field blank to their destinations. If you to the host ID. P-660HW-Dx v2 User's Guide 185 Route Name Enter the name of 255.255.255.255 in this screen...
IP Subnet Mask Enter the IP subnet mask here. Back Click Back to return to the ZyXEL Device. Gateway IP Address Enter the IP address of the final destination. Apply Click Apply to save your changes to the previous screen without saving. ... gateway is always based on the same network segment as the device's LAN or WAN port. The gateway helps forward packets to delete this field blank to their destinations. If you to the host ID. P-660HW-Dx v2 User's Guide 185 Route Name Enter the name of 255.255.255.255 in this screen...
User Guide
Page 214
...need to access the web configurator). this is not your intention. You must still enter the password to manually configure port forwarding for the UPnP enabled application. Figure 123 Configuring UPnP 214 The following sections for examples of installing and using NAT traversal,...box to allow UPnP-enabled applications to automatically configure the ZyXEL Device so that anyone could use a UPnP application to communicate with another UPnP enabled device; P-660HW-Dx v2 User's Guide For security reasons, the ZyXEL Device allows multicast messages only on the LAN. All ...
...need to access the web configurator). this is not your intention. You must still enter the password to manually configure port forwarding for the UPnP enabled application. Figure 123 Configuring UPnP 214 The following sections for examples of installing and using NAT traversal,...box to allow UPnP-enabled applications to automatically configure the ZyXEL Device so that anyone could use a UPnP application to communicate with another UPnP enabled device; P-660HW-Dx v2 User's Guide For security reasons, the ZyXEL Device allows multicast messages only on the LAN. All ...
User Guide
Page 237
...via telnet. WEB login failed Someone has failed to log on to get information from the DHCP, PPPoE, PPTP or dial-up server. P-660HW-Dx v2 User's Guide 237 Successful FTP login Someone has logged on information from the time server. The maximum number of example log messages. Time calibration...: Firewall Alert From xxxxx Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 | | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default...
...via telnet. WEB login failed Someone has failed to log on to get information from the DHCP, PPPoE, PPTP or dial-up server. P-660HW-Dx v2 User's Guide 237 Successful FTP login Someone has logged on information from the time server. The maximum number of example log messages. Time calibration...: Firewall Alert From xxxxx Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 | | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default...
User Guide
Page 241
Creating socket failed The ZyXEL Device cannot issue a query because TCP/IP socket creation failed, port:port number. P-660HW-Dx v2 User's Guide 241 Waiting content filter The external content filtering server did not return ... domain. %s When the content filter is not on according to the external content filtering server failed. DNS resolving failed The ZyXEL Device cannot get the IP address of a requested web page matched a user defined keyword. %s: Not in trusted web The...or you didn't select the "Block Matched Web Site" check box, the system forwards the web content.
Creating socket failed The ZyXEL Device cannot issue a query because TCP/IP socket creation failed, port:port number. P-660HW-Dx v2 User's Guide 241 Waiting content filter The external content filtering server did not return ... domain. %s When the content filter is not on according to the external content filtering server failed. DNS resolving failed The ZyXEL Device cannot get the IP address of a requested web page matched a user defined keyword. %s: Not in trusted web The...or you didn't select the "Block Matched Web Site" check box, the system forwards the web content.
User Guide
Page 266
... A UPnP-enabled device can also set the time manually. This means that you specify. Content Filter The ZyXEL Device blocks or allows access to check web sites against an external database. Network Address Translation (NAT) Each... access it is initiated from a computer on a network (LAN or WAN for each subnet. Port Forwarding If you have the ZyXEL Device assign IP addresses, an IP default gateway and DNS servers to join multicast groups (see RFC...to multiple private IP addresses for troubleshooting. You can access the ZyXEL Device. 266 P-660HW-Dx v2 User's Guide
... A UPnP-enabled device can also set the time manually. This means that you specify. Content Filter The ZyXEL Device blocks or allows access to check web sites against an external database. Network Address Translation (NAT) Each... access it is initiated from a computer on a network (LAN or WAN for each subnet. Port Forwarding If you have the ZyXEL Device assign IP addresses, an IP default gateway and DNS servers to join multicast groups (see RFC...to multiple private IP addresses for troubleshooting. You can access the ZyXEL Device. 266 P-660HW-Dx v2 User's Guide
User Guide
Page 327
...Rule 2 Src IP address IP Filter Set 1,Rule 2 Src Subnet Mask IP Filter Set 1,Rule 2 Src Port IP Filter Set 1,Rule 2 Src Port Comp 210102013 = IP Filter Set 1,Rule 2 Act Match 210102014 = IP Filter Set 1,Rule 2 Act Not ...Match = 0 = 0 PVA INPUT = 2 = 1 = 6 = 0.0.0.0 = 0 = 138 = 0.0.0.0 = 0 = 0 Table 144 Menu 21.1 Filer Set #2, / Menu 21.1 filter set #2, FIN FN 210200001 = Filter Set 2, Nam / Menu 21.1.2.1 Filter set #2, rule #1 PVA INPUT = NetBIOS_WAN P-660HW-Dx v2...
...Rule 2 Src IP address IP Filter Set 1,Rule 2 Src Subnet Mask IP Filter Set 1,Rule 2 Src Port IP Filter Set 1,Rule 2 Src Port Comp 210102013 = IP Filter Set 1,Rule 2 Act Match 210102014 = IP Filter Set 1,Rule 2 Act Not ...Match = 0 = 0 PVA INPUT = 2 = 1 = 6 = 0.0.0.0 = 0 = 138 = 0.0.0.0 = 0 = 0 Table 144 Menu 21.1 Filer Set #2, / Menu 21.1 filter set #2, FIN FN 210200001 = Filter Set 2, Nam / Menu 21.1.2.1 Filter set #2, rule #1 PVA INPUT = NetBIOS_WAN P-660HW-Dx v2...
User Guide
Page 329
...Src Subnet = 0 Mask 210202010 = IP Filter Set 2,Rule 2 Src Port = 0 210202011 = IP Filter Set 2, Rule 2 Src Port Comp 210202013 = IP Filter Set 2, Rule 2 Act Match 210202014 = ... IP Address 230200004 = 230200005 = Authentication Server Port Authentication Server Shared Secret 230200006 = 230200007 = 230200008 = Accounting Server Configured Accounting ... Active Accounting Server IP Address 230200009 = Accounting Server Port 230200010 = Accounting Server Shared Secret */ Menu 23.4 System security: IEEE802.1x FIN FN 230400001 = Wireless Port Control PVA PVA PVA INPUT = 1234 INPUT =...
...Src Subnet = 0 Mask 210202010 = IP Filter Set 2,Rule 2 Src Port = 0 210202011 = IP Filter Set 2, Rule 2 Src Port Comp 210202013 = IP Filter Set 2, Rule 2 Act Match 210202014 = ... IP Address 230200004 = 230200005 = Authentication Server Port Authentication Server Shared Secret 230200006 = 230200007 = 230200008 = Accounting Server Configured Accounting ... Active Accounting Server IP Address 230200009 = Accounting Server Port 230200010 = Accounting Server Shared Secret */ Menu 23.4 System security: IEEE802.1x FIN FN 230400001 = Wireless Port Control PVA PVA PVA INPUT = 1234 INPUT =...