User Guide
Page 14
P-660HW-T v2 User's Guide 7.1.3 DNS Server Address 112 7.1.4 DNS Server Address Assignment 113 7.2 LAN TCP/IP ...113 7.2.1 IP ...Port Forwarding: Services and Port Numbers 130 8.4.3 Configuring Servers Behind Port Forwarding (Example 131 8.5 Configuring Port Forwarding 131 8.5.1 Port Forwarding Rule Edit 132 8.6 Address Mapping 133 8.6.1 Address Mapping Rule Edit 135 Chapter 9 Firewalls...137 9.1 Firewall Overview 137 9.2 Types of Firewalls 137 9.2.1 Packet Filtering Firewalls 137 9.2.2 Application-level Firewalls 138 9.2.3 Stateful Inspection Firewalls 138 9.3 Introduction to ZyXEL...
P-660HW-T v2 User's Guide 7.1.3 DNS Server Address 112 7.1.4 DNS Server Address Assignment 113 7.2 LAN TCP/IP ...113 7.2.1 IP ...Port Forwarding: Services and Port Numbers 130 8.4.3 Configuring Servers Behind Port Forwarding (Example 131 8.5 Configuring Port Forwarding 131 8.5.1 Port Forwarding Rule Edit 132 8.6 Address Mapping 133 8.6.1 Address Mapping Rule Edit 135 Chapter 9 Firewalls...137 9.1 Firewall Overview 137 9.2 Types of Firewalls 137 9.2.1 Packet Filtering Firewalls 137 9.2.2 Application-level Firewalls 138 9.2.3 Stateful Inspection Firewalls 138 9.3 Introduction to ZyXEL...
User Guide
Page 22
P-660HW-T v2 User's Guide Figure 39 Internet Connection (PPPoE 81 Figure 40 Advanced Internet Connection Setup 83 Figure 41 More Connections 85 Figure 42 More Connections Edit ... 71 NAT Application With IP Alias 127 Figure 72 NAT General ...129 Figure 73 Multiple Servers Behind NAT Example 131 Figure 74 NAT Port Forwarding 131 Figure 75 Port Forwarding Rule Setup 132 Figure 76 Address Mapping Rules 134 Figure 77 Edit Address Mapping Rule 135 Figure 78 Firewall Application 139 Figure 79 Three...
P-660HW-T v2 User's Guide Figure 39 Internet Connection (PPPoE 81 Figure 40 Advanced Internet Connection Setup 83 Figure 41 More Connections 85 Figure 42 More Connections Edit ... 71 NAT Application With IP Alias 127 Figure 72 NAT General ...129 Figure 73 Multiple Servers Behind NAT Example 131 Figure 74 NAT Port Forwarding 131 Figure 75 Port Forwarding Rule Setup 132 Figure 76 Address Mapping Rules 134 Figure 77 Edit Address Mapping Rule 135 Figure 78 Firewall Application 139 Figure 79 Three...
User Guide
Page 28
P-660HW-T v2 User's Guide Table 39 LAN IP Alias ...122 Table 40 NAT Definitions ...125 Table 41 NAT Mapping Types 128 Table 42 NAT General ...129 Table 43 Services and Port Numbers 130 Table 44 NAT Port Forwarding 132 Table 45 Port Forwarding Rule Setup 133 Table 46 Address Mapping Rules 134 Table ...47 Edit Address Mapping Rule 135 Table 48 Common IP Ports 140 Table 49 ICMP Commands That Trigger Alerts 142...
P-660HW-T v2 User's Guide Table 39 LAN IP Alias ...122 Table 40 NAT Definitions ...125 Table 41 NAT Mapping Types 128 Table 42 NAT General ...129 Table 43 Services and Port Numbers 130 Table 44 NAT Port Forwarding 132 Table 45 Port Forwarding Rule Setup 133 Table 46 Address Mapping Rules 134 Table ...47 Edit Address Mapping Rule 135 Table 48 Common IP Ports 140 Table 49 ICMP Commands That Trigger Alerts 142...
User Guide
Page 45
...this screen to configure servers behind the ZyXEL Device. Use this screen to enable bandwidth management on your ZyXEL Device. Use this screen to set up dynamic DNS. Port Forwarding Use this screen to configure the threshold for the ZyXEL Device to perform content filtering. MAC ... and the direction of users on the LAN from accessing the ZyXEL Device. General Rules Anti Probing Threshold Keyword Schedule Trusted Use this screen to configure network address translation mapping rules. P-660HW-T v2 User's Guide Table 3 Web Configurator Screens Summary (continued) LINK...
...this screen to configure servers behind the ZyXEL Device. Use this screen to enable bandwidth management on your ZyXEL Device. Use this screen to set up dynamic DNS. Port Forwarding Use this screen to configure the threshold for the ZyXEL Device to perform content filtering. MAC ... and the direction of users on the LAN from accessing the ZyXEL Device. General Rules Anti Probing Threshold Keyword Schedule Trusted Use this screen to configure network address translation mapping rules. P-660HW-T v2 User's Guide Table 3 Web Configurator Screens Summary (continued) LINK...
User Guide
Page 87
...only is 0, which means the Internet session will not timeout. Click Edit to go to the Port Forwarding screen to edit a server mapping set of VPI and VCI numbers need be specified for local ...specify an idle time-out in the Mode field. Back Click Back to return to 255. P-660HW-T v2 User's Guide Table 23 More Connections Edit (continued) LABEL DESCRIPTION User Name (PPPoA and PPPoE encapsulation...a service name, then enter both components exactly as your ISP from the drop-down list. The ZyXEL Device will carry IP. Chapter 5 WAN Setup 87 If assigned a name in the Mode field....
...only is 0, which means the Internet session will not timeout. Click Edit to go to the Port Forwarding screen to edit a server mapping set of VPI and VCI numbers need be specified for local ...specify an idle time-out in the Mode field. Back Click Back to return to 255. P-660HW-T v2 User's Guide Table 23 More Connections Edit (continued) LABEL DESCRIPTION User Name (PPPoA and PPPoE encapsulation...a service name, then enter both components exactly as your ISP from the drop-down list. The ZyXEL Device will carry IP. Chapter 5 WAN Setup 87 If assigned a name in the Mode field....
User Guide
Page 126
...the WAN. The following figure illustrates this. P-660HW-T v2 User's Guide 8.1.2 What NAT Does In the simplest form, NAT changes the source IP address in each packet and then forwards it to the original inside host. With no servers defined, your ZyXEL Device filters out all incoming inquiries, thus ...(local) IP addresses to globally unique ones required for the inside local address before forwarding the packet to the inside hosts can be either local or global) of the original addresses and port numbers so incoming reply packets can designate servers, for Many-to-One and Many-...
...the WAN. The following figure illustrates this. P-660HW-T v2 User's Guide 8.1.2 What NAT Does In the simplest form, NAT changes the source IP address in each packet and then forwards it to the original inside host. With no servers defined, your ZyXEL Device filters out all incoming inquiries, thus ...(local) IP addresses to globally unique ones required for the inside local address before forwarding the packet to the inside hosts can be either local or global) of the original addresses and port numbers so incoming reply packets can designate servers, for Many-to-One and Many-...
User Guide
Page 128
...; IGA1 ILA1ÅÆ IGA1 ILA2ÅÆ IGA1 ... P-660HW-T v2 User's Guide Port numbers do NOT change for your ZyXEL Device. • Choose Full Feature if you have multiple public WAN IP addresses for One-to-One and Many-to be forwarded through the ZyXEL Device. ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3...
...; IGA1 ILA1ÅÆ IGA1 ILA2ÅÆ IGA1 ... P-660HW-T v2 User's Guide Port numbers do NOT change for your ZyXEL Device. • Choose Full Feature if you have multiple public WAN IP addresses for One-to-One and Many-to be forwarded through the ZyXEL Device. ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3...
User Guide
Page 129
...you have multiple public WAN IP addresses for your network has a small number of the available NAT sessions. Figure 72 NAT General P-660HW-T v2 User's Guide The following table describes the labels in all of clients using all of NAT/firewall sessions each client computer can be... not degraded by the number of inside network appear as file sharing applications, they can make visible to the ZyXEL Device. Select this screen. 8.4 Port Forwarding A port forwarding set is a list of NAT sessions they need to limit the number of the available NAT sessions being used.
...you have multiple public WAN IP addresses for your network has a small number of the available NAT sessions. Figure 72 NAT General P-660HW-T v2 User's Guide The following table describes the labels in all of clients using all of NAT/firewall sessions each client computer can be... not degraded by the number of inside network appear as file sharing applications, they can make visible to the ZyXEL Device. Select this screen. 8.4 Port Forwarding A port forwarding set is a list of NAT sessions they need to limit the number of the available NAT sessions being used.
User Guide
Page 130
P-660HW-T v2 User's Guide You may enter a single port number or a range of port numbers to be better to specify a range of the desired server. Your ISP may suspend your account if it might be forwarded, and the local IP address of port numbers. Table 43 Services and Port Numbers SERVICES ECHO FTP...In addition to -Point Tunneling Protocol) PORT NUMBER 7 21 25 53 79 80 110 119 161 162 1723 130 Chapter 8 Network Address Translation (NAT) Screens Many residential broadband ISP accounts do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ...
P-660HW-T v2 User's Guide You may enter a single port number or a range of port numbers to be better to specify a range of the desired server. Your ISP may suspend your account if it might be forwarded, and the local IP address of port numbers. Table 43 Services and Port Numbers SERVICES ECHO FTP...In addition to -Point Tunneling Protocol) PORT NUMBER 7 21 25 53 79 80 110 119 161 162 1723 130 Chapter 8 Network Address Translation (NAT) Screens Many residential broadband ISP accounts do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ...
User Guide
Page 131
...ZyXEL Device discards all packets received for particular services. Click Network > NAT > Port Forwarding to a third (C in the example). See Table 43 on the Internet. The NAT network appears as a single host on page 130 for port numbers commonly used for ports that are not specified here or in the remote management setup. P-660HW-T v2... User's Guide 8.4.3 Configuring Servers Behind Port Forwarding (Example) Let's say you want to assign ports 21-25 to...
...ZyXEL Device discards all packets received for particular services. Click Network > NAT > Port Forwarding to a third (C in the example). See Table 43 on the Internet. The NAT network appears as a single host on page 130 for port numbers commonly used for ports that are not specified here or in the remote management setup. P-660HW-T v2... User's Guide 8.4.3 Configuring Servers Behind Port Forwarding (Example) Let's say you want to assign ports 21-25 to...
User Guide
Page 132
...this screen. Modify Click the edit icon to go to delete an existing port forwarding rule. Click the delete icon to the screen where you take this button to add a rule to the ZyXEL Device. Apply Click Apply to save your changes to the table below. ... Server IP address, the ZyXEL Device discards all packets received for ports that subsequent rules move up by one when you can edit the port forwarding rule. Add Click this action. Figure 75 Port Forwarding Rule Setup 132 Chapter 8 Network Address Translation (NAT) Screens P-660HW-T v2 User's Guide The following ...
...this screen. Modify Click the edit icon to go to delete an existing port forwarding rule. Click the delete icon to the screen where you take this button to add a rule to the ZyXEL Device. Apply Click Apply to save your changes to the table below. ... Server IP address, the ZyXEL Device discards all packets received for ports that subsequent rules move up by one when you can edit the port forwarding rule. Add Click this action. Figure 75 Port Forwarding Rule Setup 132 Chapter 8 Network Address Translation (NAT) Screens P-660HW-T v2 User's Guide The following ...
User Guide
Page 133
... 9. P-660HW-T v2 User's Guide The following screen. Click Cancel to the ZyXEL Device. In the set and now you select Full Feature in your ZyXEL Device's address mapping settings, click Network > NAT > Address Mapping to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6. To forward only one port, enter the port...
... 9. P-660HW-T v2 User's Guide The following screen. Click Cancel to the ZyXEL Device. In the set and now you select Full Feature in your ZyXEL Device's address mapping settings, click Network > NAT > Address Mapping to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6. To forward only one port, enter the port...
User Guide
Page 136
Click Back to return to the ZyXEL Device. Click Apply to save your changes to the previous screen. Click Cancel to begin configuring this link to go to the Port Forwarding screen to edit a server mapping set that you have selected in the Server Mapping Set field. P-660HW-T v2 User's Guide Table 47 Edit Address Mapping Rule (continued) LABEL Edit Details Back Apply Cancel DESCRIPTION Click this screen afresh. 136 Chapter 8 Network Address Translation (NAT) Screens
Click Back to return to the ZyXEL Device. Click Apply to save your changes to the previous screen. Click Cancel to begin configuring this link to go to the Port Forwarding screen to edit a server mapping set that you have selected in the Server Mapping Set field. P-660HW-T v2 User's Guide Table 47 Edit Address Mapping Rule (continued) LABEL Edit Details Back Apply Cancel DESCRIPTION Click this screen afresh. 136 Chapter 8 Network Address Translation (NAT) Screens
User Guide
Page 176
...parameter specifies the IP network address of the gateway. This is always based on network number. P-660HW-T v2 User's Guide Figure 99 Static Route The following table describes the labels in this static route. ...up a static route on the same network segment as the device's LAN or WAN port. The screen shown next appears. This is a router or switch on the ZyXEL Device. Use this route. The gateway is the name that you want to the... the IP address of the final destination. Otherwise, clear the check box. The gateway helps forward packets to activate this screen.
...parameter specifies the IP network address of the gateway. This is always based on network number. P-660HW-T v2 User's Guide Figure 99 Static Route The following table describes the labels in this static route. ...up a static route on the same network segment as the device's LAN or WAN port. The screen shown next appears. This is a router or switch on the ZyXEL Device. Use this route. The gateway is the name that you want to the... the IP address of the final destination. Otherwise, clear the check box. The gateway helps forward packets to activate this screen.
User Guide
Page 177
...gateway is always based on the same network segment as the device's LAN or WAN port. Leave this field blank to activate/deactivate this screen afresh. The gateway helps forward packets to the ZyXEL Device. Chapter 12 Static Route 177 Enter the name of the final destination. Enter ...the IP subnet mask here. Click Apply to save your changes to their destinations. Figure 100 Static Route Edit P-660HW-T v2 User's Guide The following ...
...gateway is always based on the same network segment as the device's LAN or WAN port. Leave this field blank to activate/deactivate this screen afresh. The gateway helps forward packets to the ZyXEL Device. Chapter 12 Static Route 177 Enter the name of the final destination. Enter ...the IP subnet mask here. Click Apply to save your changes to their destinations. Figure 100 Static Route Edit P-660HW-T v2 User's Guide The following ...
User Guide
Page 209
...the steps below to the ZyXEL Device. Chapter 16 Universal Plug-and-Play (UPnP) 209 this screen. Double-click Add/Remove Programs. 2 Click on the Windows Setup tab and select Communication in this eliminates the need to manually configure port forwarding for example by using NAT ... Firewall Select this check box to have the firewall block all UPnP application packets (for example, MSN packets). Click Details. P-660HW-T v2 User's Guide The following table describes the fields in the Components selection box. Table 84 Configuring UPnP LABEL DESCRIPTION Active the Universal...
...the steps below to the ZyXEL Device. Chapter 16 Universal Plug-and-Play (UPnP) 209 this screen. Double-click Add/Remove Programs. 2 Click on the Windows Setup tab and select Communication in this eliminates the need to manually configure port forwarding for example by using NAT ... Firewall Select this check box to have the firewall block all UPnP application packets (for example, MSN packets). Click Details. P-660HW-T v2 User's Guide The following table describes the fields in the Components selection box. Table 84 Configuring UPnP LABEL DESCRIPTION Active the Universal...
User Guide
Page 229
... Subject: Firewall Alert From xxxxx Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 | | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default policy...'s IP address has expired. A WAN interface got a new IP address from the time server. Someone has failed to log on to the router via ftp. P-660HW-T v2 User's Guide • The date format here is Hour-Minute-Second. • "End of example log messages.
... Subject: Firewall Alert From xxxxx Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 | | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default policy...'s IP address has expired. A WAN interface got a new IP address from the time server. Someone has failed to log on to the router via ftp. P-660HW-T v2 User's Guide • The date format here is Hour-Minute-Second. • "End of example log messages.
User Guide
Page 234
DNS resolving failed The ZyXEL Device cannot get the IP address of the external content filtering via DNS query. filter server fail License key is invalid The external content filtering ... forwards the web content. For type and code details, see Table 106 on according to the external content filtering server failed. For type and code details, see Table 106 on the WAN port. 234 Chapter 18 Logs Creating socket failed The ZyXEL Device cannot issue a query because TCP/IP socket creation failed, port:port number. P-660HW-T v2...
DNS resolving failed The ZyXEL Device cannot get the IP address of the external content filtering via DNS query. filter server fail License key is invalid The external content filtering ... forwards the web content. For type and code details, see Table 106 on according to the external content filtering server failed. For type and code details, see Table 106 on the WAN port. 234 Chapter 18 Logs Creating socket failed The ZyXEL Device cannot issue a query because TCP/IP socket creation failed, port:port number. P-660HW-T v2...
User Guide
Page 238
... and the peer. The Destination field records the certification authority server's IP address and port. Rule [%d] Sending IKE request IKE sent an IKE request for the listed rule. ... Chapter 18 Logs Rule [%d]> Phase 2 pfs mismatch The listed rule's IKE phase 2 perfect forward secret (pfs) setting did not match between the router and the peer. Swap rule to... PKI Logs LOG MESSAGE DESCRIPTION Enrollment successful Enrollment failed Failed to using the listed rule. P-660HW-T v2 User's Guide Table 101 IKE Logs (continued) LOG MESSAGE DESCRIPTION Rule [%d] Phase 2 authentication...
... and the peer. The Destination field records the certification authority server's IP address and port. Rule [%d] Sending IKE request IKE sent an IKE request for the listed rule. ... Chapter 18 Logs Rule [%d]> Phase 2 pfs mismatch The listed rule's IKE phase 2 perfect forward secret (pfs) setting did not match between the router and the peer. Swap rule to... PKI Logs LOG MESSAGE DESCRIPTION Enrollment successful Enrollment failed Failed to using the listed rule. P-660HW-T v2 User's Guide Table 101 IKE Logs (continued) LOG MESSAGE DESCRIPTION Rule [%d] Phase 2 authentication...
User Guide
Page 259
Port Forwarding 1024 NAT sessions Multimedia application PPTP under NAT/SUA IPSec passthrough SIP ALG passthrough VPN passthrough Web page blocking by URL keyword. 16 IP and 4 ... Flood, LAND, Smurf etc. Real-time E-mail alerts. Reports and logs. Prevents Denial of Service attacks such as Ping of Service) Appendix A Product Specifications 259 P-660HW-T v2 User's Guide Table 118 Firmware (continued) Firewall NAT/SUA Content Filtering Static Routes Other Features Stateful Packet Inspection.
Port Forwarding 1024 NAT sessions Multimedia application PPTP under NAT/SUA IPSec passthrough SIP ALG passthrough VPN passthrough Web page blocking by URL keyword. 16 IP and 4 ... Flood, LAND, Smurf etc. Real-time E-mail alerts. Reports and logs. Prevents Denial of Service attacks such as Ping of Service) Appendix A Product Specifications 259 P-660HW-T v2 User's Guide Table 118 Firmware (continued) Firewall NAT/SUA Content Filtering Static Routes Other Features Stateful Packet Inspection.