User Guide
Page 14
... 8.5.2 Port Forwarding: Services and Port Numbers 134 8.5.3 Configuring Servers Behind Port Forwarding (Example 135 8.6 Configuring Port Forwarding 135 8.6.1 Port Forwarding Rule Edit 136 8.7 Address Mapping ...137 8.7.1 Address Mapping Rule Edit 139 Part IV: Security 141 Chapter 9 Firewalls...143 9.1 Firewall Overview ...143 9.2 Types of Firewalls ...143 9.2.1 Packet Filtering Firewalls 143 9.2.2 Application-level Firewalls 144 9.2.3 Stateful Inspection Firewalls 144 9.3 Introduction to ZyXEL...
... 8.5.2 Port Forwarding: Services and Port Numbers 134 8.5.3 Configuring Servers Behind Port Forwarding (Example 135 8.6 Configuring Port Forwarding 135 8.6.1 Port Forwarding Rule Edit 136 8.7 Address Mapping ...137 8.7.1 Address Mapping Rule Edit 139 Part IV: Security 141 Chapter 9 Firewalls...143 9.1 Firewall Overview ...143 9.2 Types of Firewalls ...143 9.2.1 Packet Filtering Firewalls 143 9.2.2 Application-level Firewalls 144 9.2.3 Stateful Inspection Firewalls 144 9.3 Introduction to ZyXEL...
User Guide
Page 22
... ...130 Figure 78 NAT Application With IP Alias 131 Figure 79 NAT General ...133 Figure 80 Multiple Servers Behind NAT Example 135 Figure 81 NAT Port Forwarding ...136 22 P-660HW-Dx v2 User's Guide
... ...130 Figure 78 NAT Application With IP Alias 131 Figure 79 NAT General ...133 Figure 80 Multiple Servers Behind NAT Example 135 Figure 81 NAT Port Forwarding ...136 22 P-660HW-Dx v2 User's Guide
User Guide
Page 23
List of Figures Figure 82 Port Forwarding Rule Setup 137 Figure 83 Address Mapping Rules ...138 Figure 84 Edit Address Mapping Rule 139 Figure...: Customized Services 164 Figure 94 Firewall: Configure Customized Services 165 Figure 95 Firewall Example: Rules ...166 Figure 96 Edit Custom Port Example 166 Figure 97 Firewall Example: Edit Rule: Destination Address 167 Figure 98 Firewall Example: Edit Rule: Select Customized Services 168...Management: ICMP 212 Figure 123 Configuring UPnP ...214 Figure 124 Add/Remove Programs: Windows Setup: Communication 215 P-660HW-Dx v2 User's Guide 23
List of Figures Figure 82 Port Forwarding Rule Setup 137 Figure 83 Address Mapping Rules ...138 Figure 84 Edit Address Mapping Rule 139 Figure...: Customized Services 164 Figure 94 Firewall: Configure Customized Services 165 Figure 95 Firewall Example: Rules ...166 Figure 96 Edit Custom Port Example 166 Figure 97 Firewall Example: Edit Rule: Destination Address 167 Figure 98 Firewall Example: Edit Rule: Select Customized Services 168...Management: ICMP 212 Figure 123 Configuring UPnP ...214 Figure 124 Add/Remove Programs: Windows Setup: Communication 215 P-660HW-Dx v2 User's Guide 23
User Guide
Page 28
...NAT Mapping Types ...132 Table 46 NAT General ...133 Table 47 Services and Port Numbers 134 Table 48 NAT Port Forwarding ...136 Table 49 Port Forwarding Rule Setup 137 Table 50 Address Mapping Rules ...138 Table 51 Edit Address... Mapping Rule 140 Table 52 Common IP Ports ...145 Table 53 ICMP Commands That... Management Rule Configuration 195 Table 79 Services and Port Numbers 197 Table 80 Bandwidth Management Monitor 198 Table 81 Dynamic DNS ...200 28...
...NAT Mapping Types ...132 Table 46 NAT General ...133 Table 47 Services and Port Numbers 134 Table 48 NAT Port Forwarding ...136 Table 49 Port Forwarding Rule Setup 137 Table 50 Address Mapping Rules ...138 Table 51 Edit Address... Mapping Rule 140 Table 52 Common IP Ports ...145 Table 53 ICMP Commands That... Management Rule Configuration 195 Table 79 Services and Port Numbers 197 Table 80 Bandwidth Management Monitor 198 Table 81 Dynamic DNS ...200 28...
User Guide
Page 43
...ZyXEL Device. Client List Use this screen to access the summary statistics tables. Port Forwarding Use this screen to view current DHCP client information and to always assign an IP address to configure your LAN interface into subnets. Schedule Use this screen to a MAC address (and host name). P-660HW-Dx v2...Use this screen to partition your traffic redirect properties and WAN backup settings. NAT General Use this screen to change your ZyXEL Device. Content Filter Keyword Use this screen to configure LAN TCP/IP settings, enable Any IP and other advanced properties....
...ZyXEL Device. Client List Use this screen to access the summary statistics tables. Port Forwarding Use this screen to view current DHCP client information and to always assign an IP address to configure your LAN interface into subnets. Schedule Use this screen to a MAC address (and host name). P-660HW-Dx v2...Use this screen to partition your traffic redirect properties and WAN backup settings. NAT General Use this screen to change your ZyXEL Device. Content Filter Keyword Use this screen to configure LAN TCP/IP settings, enable Any IP and other advanced properties....
User Guide
Page 87
...it here. This option is assigned a specific virtual circuit, for local management of ATM traffic). P-660HW-Dx v2 User's Guide 87 Static IP Address Select this if you a different one each protocol. Refer ...for each time you connect to 255. A dynamic IP address is 0 to the Internet. The ZyXEL Device will not timeout. SUA Only SUA only is available if you select Routing in the Max... set of your ISP gave you are VC or LLC. Click Edit to go to the Port Forwarding screen to use NAT. Subnet Mask Enter a subnet mask in the IP Address field. Max...
...it here. This option is assigned a specific virtual circuit, for local management of ATM traffic). P-660HW-Dx v2 User's Guide 87 Static IP Address Select this if you a different one each protocol. Refer ...for each time you connect to 255. A dynamic IP address is 0 to the Internet. The ZyXEL Device will not timeout. SUA Only SUA only is available if you select Routing in the Max... set of your ISP gave you are VC or LLC. Click Edit to go to the Port Forwarding screen to use NAT. Subnet Mask Enter a subnet mask in the IP Address field. Max...
User Guide
Page 130
...from probing your ZyXEL Device filters out all incoming inquiries, thus preventing intruders from a subscriber (the inside local address) to another (the inside global address) before forwarding it to ...defined, your network. More examples follow at the end of the original addresses and port numbers so incoming reply packets can be either local or global) of an outside...Figure 77 How NAT Works 8.1.4 NAT Application The following figure illustrates this chapter. 130 P-660HW-Dx v2 User's Guide Chapter 8 Network Address Translation (NAT) Screens 8.1.2 What NAT Does In ...
...from probing your ZyXEL Device filters out all incoming inquiries, thus preventing intruders from a subscriber (the inside local address) to another (the inside global address) before forwarding it to ...defined, your network. More examples follow at the end of the original addresses and port numbers so incoming reply packets can be either local or global) of an outside...Figure 77 How NAT Works 8.1.4 NAT Application The following figure illustrates this chapter. 130 P-660HW-Dx v2 User's Guide Chapter 8 Network Address Translation (NAT) Screens 8.1.2 What NAT Does In ...
User Guide
Page 134
...Protocol) 161 134 P-660HW-Dx v2 User's Guide You can make visible to the outside world. Chapter 8 Network Address Translation (NAT) Screens 8.5 Port Forwarding A port forwarding set is on port 80 and FTP on port 21. for further information about port numbers. The port number identifies a service...Default Server IP address, the ZyXEL Device discards all packets received for example, web or FTP, that are not specified in the remote management setup. 8.5.2 Port Forwarding: Services and Port Numbers Use the Port Forwarding screen to forward incoming service requests to the server...
...Protocol) 161 134 P-660HW-Dx v2 User's Guide You can make visible to the outside world. Chapter 8 Network Address Translation (NAT) Screens 8.5 Port Forwarding A port forwarding set is on port 80 and FTP on port 21. for further information about port numbers. The port number identifies a service...Default Server IP address, the ZyXEL Device discards all packets received for example, web or FTP, that are not specified in the remote management setup. 8.5.2 Port Forwarding: Services and Port Numbers Use the Port Forwarding screen to forward incoming service requests to the server...
User Guide
Page 135
Click Network > NAT > Port Forwarding to a third (C in the NAT > General screen. P-660HW-Dx v2 User's Guide 135 Figure 80 Multiple Servers Behind NAT Example 8.6 Configuring Port Forwarding " The Port Forwarding screen is available only when you select SUA Only in the example). Chapter 8 Network Address Translation (NAT) Screens Table 47 Services and Port Numbers SERVICES SNMP trap PPTP (Point...
Click Network > NAT > Port Forwarding to a third (C in the NAT > General screen. P-660HW-Dx v2 User's Guide 135 Figure 80 Multiple Servers Behind NAT Example 8.6 Configuring Port Forwarding " The Port Forwarding screen is available only when you select SUA Only in the example). Chapter 8 Network Address Translation (NAT) Screens Table 47 Services and Port Numbers SERVICES SNMP trap PPTP (Point...
User Guide
Page 136
... services, NAT supports a default server. Table 48 NAT Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server In addition to the ZyXEL Device. If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for the specified service. Add...the screen shown next. ) in the Port Forwarding screen 136 P-660HW-Dx v2 User's Guide Server IP Address Enter the IP address of the server for ports that subsequent rules move up by one when you can edit the port forwarding rule. Start Port This is a service's name. Chapter 8...
... services, NAT supports a default server. Table 48 NAT Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server In addition to the ZyXEL Device. If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for the specified service. Add...the screen shown next. ) in the Port Forwarding screen 136 P-660HW-Dx v2 User's Guide Server IP Address Enter the IP address of the server for ports that subsequent rules move up by one when you can edit the port forwarding rule. Start Port This is a service's name. Chapter 8...
User Guide
Page 137
... fields in the End Port field. Table 49 Port Forwarding Rule Setup LABEL DESCRIPTION Active Click this port-forwarding rule. To forward only one port, enter the port number again in the Start Port field above . To forward a series of empty P-660HW-Dx v2 User's Guide 137 End Port Enter a port number in the NAT ...Enter the inside IP address of ports, enter the last port number in a series that number of ports, enter the start port number here and the end port number in the End Port field. When a rule matches the current packet, the ZyXEL Device takes the corresponding action and...
... fields in the End Port field. Table 49 Port Forwarding Rule Setup LABEL DESCRIPTION Active Click this port-forwarding rule. To forward only one port, enter the port number again in the Start Port field above . To forward a series of empty P-660HW-Dx v2 User's Guide 137 End Port Enter a port number in the NAT ...Enter the inside IP address of ports, enter the last port number in a series that number of ports, enter the start port number here and the end port number in the End Port field. When a rule matches the current packet, the ZyXEL Device takes the corresponding action and...
User Guide
Page 140
...port numbers do not change for One-to-one NAT mapping type. • Many-to-One: Many-to-One mode maps multiple local IP addresses to -One and Server mapping types. This field is N/A for One-to the ZyXEL...Click this link to go to the Port Forwarding screen to edit a server mapping set that previous ZyXEL routers supported only. • Many...IP address (IGA). Local End IP This is for Server port mapping. Set Select a number from one of different services behind... 51 Edit Address Mapping Rule LABEL DESCRIPTION Type Choose the port mapping type from the drop-down menu to choose a ...
...port numbers do not change for One-to-one NAT mapping type. • Many-to-One: Many-to-One mode maps multiple local IP addresses to -One and Server mapping types. This field is N/A for One-to the ZyXEL...Click this link to go to the Port Forwarding screen to edit a server mapping set that previous ZyXEL routers supported only. • Many...IP address (IGA). Local End IP This is for Server port mapping. Set Select a number from one of different services behind... 51 Edit Address Mapping Rule LABEL DESCRIPTION Type Choose the port mapping type from the drop-down menu to choose a ...
User Guide
Page 184
...can set up a static route on the same network segment as the device's LAN or WAN port. Subnet Mask This is always based on network number. Active Select the check box to delete... the Edit icon to go to configure the required information for a static route. 184 P-660HW-Dx v2 User's Guide Chapter 12 Static Route Figure 106 Static Route The following table describes the labels... parameter specifies the IP network address of the gateway. The gateway helps forward packets to remove a static route from the ZyXEL Device. A window displays asking you to confirm that describes or identifies ...
...can set up a static route on the same network segment as the device's LAN or WAN port. Subnet Mask This is always based on network number. Active Select the check box to delete... the Edit icon to go to configure the required information for a static route. 184 P-660HW-Dx v2 User's Guide Chapter 12 Static Route Figure 106 Static Route The following table describes the labels... parameter specifies the IP network address of the gateway. The gateway helps forward packets to remove a static route from the ZyXEL Device. A window displays asking you to confirm that describes or identifies ...
User Guide
Page 185
...255.255.255.255 in this screen afresh. The gateway helps forward packets to the previous screen without saving. If you to the ZyXEL Device. Back Click Back to return to their destinations. Apply.... The gateway is always based on the same network segment as the device's LAN or WAN port. Leave this field blank to a single host, use a subnet mask of the IP static route...static route. Destination IP Address This parameter specifies the IP network address of the gateway. P-660HW-Dx v2 User's Guide 185 IP Subnet Mask Enter the IP subnet mask here. Gateway IP Address Enter ...
...255.255.255.255 in this screen afresh. The gateway helps forward packets to the previous screen without saving. If you to the ZyXEL Device. Back Click Back to return to their destinations. Apply.... The gateway is always based on the same network segment as the device's LAN or WAN port. Leave this field blank to a single host, use a subnet mask of the IP static route...static route. Destination IP Address This parameter specifies the IP network address of the gateway. P-660HW-Dx v2 User's Guide 185 IP Subnet Mask Enter the IP subnet mask here. Gateway IP Address Enter ...
User Guide
Page 214
...Table 89 Configuring UPnP LABEL DESCRIPTION Active the Universal Plug and Play (UPnP) Feature Select this is not your intention. P-660HW-Dx v2 User's Guide this screen. You must still enter the password to display the screen shown next. Be aware that they...on the LAN. ZyXEL's UPnP implementation supports IGD 1.0 (Internet Gateway Device). See the following table describes the fields in this eliminates the need to manually configure port forwarding for examples of installing and using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in order to open...
...Table 89 Configuring UPnP LABEL DESCRIPTION Active the Universal Plug and Play (UPnP) Feature Select this is not your intention. P-660HW-Dx v2 User's Guide this screen. You must still enter the password to display the screen shown next. Be aware that they...on the LAN. ZyXEL's UPnP implementation supports IGD 1.0 (Internet Gateway Device). See the following table describes the fields in this eliminates the need to manually configure port forwarding for examples of installing and using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in order to open...
User Guide
Page 237
...Subject: Firewall Alert From xxxxx Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 | | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default policy...Session Table is successful The router has adjusted its time based on to get information from the DHCP, PPPoE, PPTP or dial-up server. P-660HW-Dx v2 User's Guide 237 WEB login failed Someone has failed to log on to the router via ftp. TELNET login failed Someone has failed to log...
...Subject: Firewall Alert From xxxxx Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 | | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default policy...Session Table is successful The router has adjusted its time based on to get information from the DHCP, PPPoE, PPTP or dial-up server. P-660HW-Dx v2 User's Guide 237 WEB login failed Someone has failed to log on to the router via ftp. TELNET login failed Someone has failed to log...
User Guide
Page 241
... The connection to the time schedule or you didn't select the "Block Matched Web Site" check box, the system forwards the web content. DNS resolving failed The ZyXEL Device cannot get the IP address of a requested web page matched a user defined keyword. %s: Not in trusted web... the category type. %s: Trusted Web site The web site is invalid. Creating socket failed The ZyXEL Device cannot issue a query because TCP/IP socket creation failed, port:port number. P-660HW-Dx v2 User's Guide 241 filter server fail License key is invalid The external content filtering license key is...
... The connection to the time schedule or you didn't select the "Block Matched Web Site" check box, the system forwards the web content. DNS resolving failed The ZyXEL Device cannot get the IP address of a requested web page matched a user defined keyword. %s: Not in trusted web... the category type. %s: Trusted Web site The web site is invalid. Creating socket failed The ZyXEL Device cannot issue a query because TCP/IP socket creation failed, port:port number. P-660HW-Dx v2 User's Guide 241 filter server fail License key is invalid The external content filtering license key is...
User Guide
Page 266
...one PPTP connection at a time. Universal Plug and Play (UPnP) A UPnP-enabled device can access the ZyXEL Device. 266 P-660HW-Dx v2 User's Guide This means that allows your ZyXEL Device to certain types of data through a Virtual Private Network (VPN). Network Address Translation (NAT) Each ...incoming traffic from an external server when you specify. You can also include or exclude particular computers on your ZyXEL Device. Port Forwarding If you have the ZyXEL Device assign IP addresses, an IP default gateway and DNS servers to computers on your network, you to particular...
...one PPTP connection at a time. Universal Plug and Play (UPnP) A UPnP-enabled device can access the ZyXEL Device. 266 P-660HW-Dx v2 User's Guide This means that allows your ZyXEL Device to certain types of data through a Virtual Private Network (VPN). Network Address Translation (NAT) Each ...incoming traffic from an external server when you specify. You can also include or exclude particular computers on your ZyXEL Device. Port Forwarding If you have the ZyXEL Device assign IP addresses, an IP default gateway and DNS servers to computers on your network, you to particular...
User Guide
Page 327
...Rule 2 Src IP address IP Filter Set 1,Rule 2 Src Subnet Mask IP Filter Set 1,Rule 2 Src Port IP Filter Set 1,Rule 2 Src Port Comp 210102013 = IP Filter Set 1,Rule 2 Act Match 210102014 = IP Filter Set 1,Rule 2 Act Not ...Match = 0 = 0 PVA INPUT = 2 = 1 = 6 = 0.0.0.0 = 0 = 138 = 0.0.0.0 = 0 = 0 Table 144 Menu 21.1 Filer Set #2, / Menu 21.1 filter set #2, FIN FN 210200001 = Filter Set 2, Nam / Menu 21.1.2.1 Filter set #2, rule #1 PVA INPUT = NetBIOS_WAN P-660HW-Dx v2...
...Rule 2 Src IP address IP Filter Set 1,Rule 2 Src Subnet Mask IP Filter Set 1,Rule 2 Src Port IP Filter Set 1,Rule 2 Src Port Comp 210102013 = IP Filter Set 1,Rule 2 Act Match 210102014 = IP Filter Set 1,Rule 2 Act Not ...Match = 0 = 0 PVA INPUT = 2 = 1 = 6 = 0.0.0.0 = 0 = 138 = 0.0.0.0 = 0 = 0 Table 144 Menu 21.1 Filer Set #2, / Menu 21.1 filter set #2, FIN FN 210200001 = Filter Set 2, Nam / Menu 21.1.2.1 Filter set #2, rule #1 PVA INPUT = NetBIOS_WAN P-660HW-Dx v2...
User Guide
Page 329
...Src Subnet = 0 Mask 210202010 = IP Filter Set 2,Rule 2 Src Port = 0 210202011 = IP Filter Set 2, Rule 2 Src Port Comp 210202013 = IP Filter Set 2, Rule 2 Act Match 210202014 = ... IP Address 230200004 = 230200005 = Authentication Server Port Authentication Server Shared Secret 230200006 = 230200007 = 230200008 = Accounting Server Configured Accounting ... Active Accounting Server IP Address 230200009 = Accounting Server Port 230200010 = Accounting Server Shared Secret */ Menu 23.4 System security: IEEE802.1x FIN FN 230400001 = Wireless Port Control PVA PVA PVA INPUT = 1234 INPUT =...
...Src Subnet = 0 Mask 210202010 = IP Filter Set 2,Rule 2 Src Port = 0 210202011 = IP Filter Set 2, Rule 2 Src Port Comp 210202013 = IP Filter Set 2, Rule 2 Act Match 210202014 = ... IP Address 230200004 = 230200005 = Authentication Server Port Authentication Server Shared Secret 230200006 = 230200007 = 230200008 = Accounting Server Configured Accounting ... Active Accounting Server IP Address 230200009 = Accounting Server Port 230200010 = Accounting Server Shared Secret */ Menu 23.4 System security: IEEE802.1x FIN FN 230400001 = Wireless Port Control PVA PVA PVA INPUT = 1234 INPUT =...