User Guide
Page 14
P-660HW-T v2 User's Guide 7.1.3 DNS Server Address 112 7.1.4 DNS Server Address Assignment 113 7.2 LAN TCP/IP ...113 7.2.1 IP ...Port Forwarding: Services and Port Numbers 130 8.4.3 Configuring Servers Behind Port Forwarding (Example 131 8.5 Configuring Port Forwarding 131 8.5.1 Port Forwarding Rule Edit 132 8.6 Address Mapping 133 8.6.1 Address Mapping Rule Edit 135 Chapter 9 Firewalls...137 9.1 Firewall Overview 137 9.2 Types of Firewalls 137 9.2.1 Packet Filtering Firewalls 137 9.2.2 Application-level Firewalls 138 9.2.3 Stateful Inspection Firewalls 138 9.3 Introduction to ZyXEL...
P-660HW-T v2 User's Guide 7.1.3 DNS Server Address 112 7.1.4 DNS Server Address Assignment 113 7.2 LAN TCP/IP ...113 7.2.1 IP ...Port Forwarding: Services and Port Numbers 130 8.4.3 Configuring Servers Behind Port Forwarding (Example 131 8.5 Configuring Port Forwarding 131 8.5.1 Port Forwarding Rule Edit 132 8.6 Address Mapping 133 8.6.1 Address Mapping Rule Edit 135 Chapter 9 Firewalls...137 9.1 Firewall Overview 137 9.2 Types of Firewalls 137 9.2.1 Packet Filtering Firewalls 137 9.2.2 Application-level Firewalls 138 9.2.3 Stateful Inspection Firewalls 138 9.3 Introduction to ZyXEL...
User Guide
Page 22
P-660HW-T v2 User's Guide Figure 39 Internet Connection (PPPoE 81 Figure 40 Advanced Internet Connection Setup 83 Figure 41 More Connections 85 Figure 42 More Connections Edit ... 71 NAT Application With IP Alias 127 Figure 72 NAT General ...129 Figure 73 Multiple Servers Behind NAT Example 131 Figure 74 NAT Port Forwarding 131 Figure 75 Port Forwarding Rule Setup 132 Figure 76 Address Mapping Rules 134 Figure 77 Edit Address Mapping Rule 135 Figure 78 Firewall Application 139 Figure 79 Three...
P-660HW-T v2 User's Guide Figure 39 Internet Connection (PPPoE 81 Figure 40 Advanced Internet Connection Setup 83 Figure 41 More Connections 85 Figure 42 More Connections Edit ... 71 NAT Application With IP Alias 127 Figure 72 NAT General ...129 Figure 73 Multiple Servers Behind NAT Example 131 Figure 74 NAT Port Forwarding 131 Figure 75 Port Forwarding Rule Setup 132 Figure 76 Address Mapping Rules 134 Figure 77 Edit Address Mapping Rule 135 Figure 78 Firewall Application 139 Figure 79 Three...
User Guide
Page 28
P-660HW-T v2 User's Guide Table 39 LAN IP Alias ...122 Table 40 NAT Definitions ...125 Table 41 NAT Mapping Types 128 Table 42 NAT General ...129 Table 43 Services and Port Numbers 130 Table 44 NAT Port Forwarding 132 Table 45 Port Forwarding Rule Setup 133 Table 46 Address Mapping Rules 134 Table ...47 Edit Address Mapping Rule 135 Table 48 Common IP Ports 140 Table 49 ICMP Commands That Trigger Alerts 142...
P-660HW-T v2 User's Guide Table 39 LAN IP Alias ...122 Table 40 NAT Definitions ...125 Table 41 NAT Mapping Types 128 Table 42 NAT General ...129 Table 43 Services and Port Numbers 130 Table 44 NAT Port Forwarding 132 Table 45 Port Forwarding Rule Setup 133 Table 46 Address Mapping Rules 134 Table ...47 Edit Address Mapping Rule 135 Table 48 Common IP Ports 140 Table 49 ICMP Commands That Trigger Alerts 142...
User Guide
Page 45
P-660HW-T v2 User's Guide Table 3 Web Configurator Screens Summary (continued) LINK/ICON LAN Wireless LAN NAT Security Firewall Content Filter Advanced Static Route Bandwidth MGMT Dynamic DNS ... this screen to configure LAN DHCP settings. OTIST This screen allows you to configure servers behind the ZyXEL Device. MAC Filter Use this screen to edit/add a firewall rule. Port Forwarding Use this screen to configure the ZyXEL Device to block access to set up dynamic DNS. Use this screen to devices or block...
P-660HW-T v2 User's Guide Table 3 Web Configurator Screens Summary (continued) LINK/ICON LAN Wireless LAN NAT Security Firewall Content Filter Advanced Static Route Bandwidth MGMT Dynamic DNS ... this screen to configure LAN DHCP settings. OTIST This screen allows you to configure servers behind the ZyXEL Device. MAC Filter Use this screen to edit/add a firewall rule. Port Forwarding Use this screen to configure the ZyXEL Device to block access to set up dynamic DNS. Use this screen to devices or block...
User Guide
Page 87
.... Refer to the appendices to you . Select SUA Only if you select Routing in the Mode field. Click Edit to go to the Port Forwarding screen to 31 is available if you have a dynamic IP address; In this case, only one public IP address and want your connection ... in the Mode field. NAT SUA only is not fixed; Multiplexing Select the method of your ISP in each protocol. The ZyXEL Device will try to you . P-660HW-T v2 User's Guide Table 23 More Connections Edit (continued) LABEL DESCRIPTION User Name (PPPoA and PPPoE encapsulation only) Enter the user ...
.... Refer to the appendices to you . Select SUA Only if you select Routing in the Mode field. Click Edit to go to the Port Forwarding screen to 31 is available if you have a dynamic IP address; In this case, only one public IP address and want your connection ... in the Mode field. NAT SUA only is not fixed; Multiplexing Select the method of your ISP in each protocol. The ZyXEL Device will try to you . P-660HW-T v2 User's Guide Table 23 More Connections Edit (continued) LABEL DESCRIPTION User Name (PPPoA and PPPoE encapsulation only) Enter the user ...
User Guide
Page 126
P-660HW-T v2 User's Guide 8.1.2 What NAT Does In the simplest form, NAT changes the source IP address in each packet and then forwards it to the WAN side. see Table... the destination address on page 128), NAT offers the additional benefit of the original addresses and port numbers so incoming reply packets can designate servers, for Many-to-One and Many-to the Internet... define any servers (for example, a web server and a telnet server, on the WAN. The ZyXEL Device keeps track of firewall protection. When the response comes back, NAT translates the destination address (the...
P-660HW-T v2 User's Guide 8.1.2 What NAT Does In the simplest form, NAT changes the source IP address in each packet and then forwards it to the WAN side. see Table... the destination address on page 128), NAT offers the additional benefit of the original addresses and port numbers so incoming reply packets can designate servers, for Many-to-One and Many-to the Internet... define any servers (for example, a web server and a telnet server, on the WAN. The ZyXEL Device keeps track of firewall protection. When the response comes back, NAT translates the destination address (the...
User Guide
Page 128
... all models. 128 Chapter 8 Network Address Translation (NAT) Screens ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA3 ... The ZyXEL Device also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of mapping, Many-to-One and Server...if you have multiple public WAN IP addresses for One-to-One and Many-to-Many No Overload NAT mapping types. P-660HW-T v2 User's Guide Port numbers do NOT change for your ZyXEL Device. 8.3 NAT General Setup You must create a firewall rule in addition to setting up SUA/NAT, to allow ...
... all models. 128 Chapter 8 Network Address Translation (NAT) Screens ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA3 ... The ZyXEL Device also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of mapping, Many-to-One and Server...if you have multiple public WAN IP addresses for One-to-One and Many-to-Many No Overload NAT mapping types. P-660HW-T v2 User's Guide Port numbers do NOT change for your ZyXEL Device. 8.3 NAT General Setup You must create a firewall rule in addition to setting up SUA/NAT, to allow ...
User Guide
Page 129
...as file sharing applications, they can make visible to peer applications, you have multiple public WAN IP addresses for this screen. 8.4 Port Forwarding A port forwarding set is not degraded by the number of NAT sessions a single client can establish, this number to ensure no additional NAT ...reload the previous configuration for your whole inside (behind NAT on the LAN) servers, for your ZyXEL Device. If your changes to enable NAT. Figure 72 NAT General P-660HW-T v2 User's Guide The following table describes the labels in all of the available NAT sessions being used....
...as file sharing applications, they can make visible to peer applications, you have multiple public WAN IP addresses for this screen. 8.4 Port Forwarding A port forwarding set is not degraded by the number of NAT sessions a single client can establish, this number to ensure no additional NAT ...reload the previous configuration for your whole inside (behind NAT on the LAN) servers, for your ZyXEL Device. If your changes to enable NAT. Figure 72 NAT General P-660HW-T v2 User's Guide The following table describes the labels in all of the available NAT sessions being used....
User Guide
Page 130
... Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. 8.4.2 Port Forwarding: Services and Port Numbers Use the Port Forwarding screen to forward incoming service requests to the server(s) on port 21. Please refer to your ...a range of port numbers. If you to -Point Tunneling Protocol) PORT NUMBER 7 21 25 53 79 80 110 119 161 162 1723 130 Chapter 8 Network Address Translation (NAT) Screens P-660HW-T v2 User's Guide You may suspend your account if it might be forwarded, and the local...
... Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. 8.4.2 Port Forwarding: Services and Port Numbers Use the Port Forwarding screen to forward incoming service requests to the server(s) on port 21. Please refer to your ...a range of port numbers. If you to -Point Tunneling Protocol) PORT NUMBER 7 21 25 53 79 80 110 119 161 162 1723 130 Chapter 8 Network Address Translation (NAT) Screens P-660HW-T v2 User's Guide You may suspend your account if it might be forwarded, and the local...
User Guide
Page 131
... screen. If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for particular services. P-660HW-T v2 User's Guide 8.4.3 Configuring Servers Behind Port Forwarding (Example) Let's say you select SUA Only in the NAT > General screen. Figure 74 NAT Port Forwarding Chapter 8 Network Address Translation (NAT) Screens 131 You assign the LAN...
... screen. If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for particular services. P-660HW-T v2 User's Guide 8.4.3 Configuring Servers Behind Port Forwarding (Example) Let's say you select SUA Only in the NAT > General screen. Figure 74 NAT Port Forwarding Chapter 8 Network Address Translation (NAT) Screens 131 You assign the LAN...
User Guide
Page 132
..., the ZyXEL Device discards all packets received for the specified service. Figure 75 Port Forwarding Rule Setup 132 Chapter 8 Network Address Translation (NAT) Screens Active Click this check box to delete an existing port forwarding rule. End Port This is the first port number that identifies a service. Click the delete icon to enable the rule. P-660HW-T v2 User's Guide...
..., the ZyXEL Device discards all packets received for the specified service. Figure 75 Port Forwarding Rule Setup 132 Chapter 8 Network Address Translation (NAT) Screens Active Click this check box to delete an existing port forwarding rule. End Port This is the first port number that identifies a service. Click the delete icon to enable the rule. P-660HW-T v2 User's Guide...
User Guide
Page 133
..., the ZyXEL Device takes the corresponding action and the remaining rules are any empty rules before your new configured rule, your changes to the previous screen. Chapter 8 Network Address Translation (NAT) Screens 133 Enter a port number in the End Port field. P-660HW-T v2 User's Guide The following screen. To forward only one port, enter the port number again...
..., the ZyXEL Device takes the corresponding action and the remaining rules are any empty rules before your new configured rule, your changes to the previous screen. Chapter 8 Network Address Translation (NAT) Screens 133 Enter a port number in the End Port field. P-660HW-T v2 User's Guide The following screen. To forward only one port, enter the port number again...
User Guide
Page 136
P-660HW-T v2 User's Guide Table 47 Edit Address Mapping Rule (continued) LABEL Edit Details Back Apply Cancel DESCRIPTION Click this screen afresh. 136 Chapter 8 Network Address Translation (NAT) Screens Click Cancel to begin configuring this link to go to the Port Forwarding screen to edit a server mapping set that you have selected in the Server Mapping Set field. Click Back to return to the ZyXEL Device. Click Apply to save your changes to the previous screen.
P-660HW-T v2 User's Guide Table 47 Edit Address Mapping Rule (continued) LABEL Edit Details Back Apply Cancel DESCRIPTION Click this screen afresh. 136 Chapter 8 Network Address Translation (NAT) Screens Click Cancel to begin configuring this link to go to the Port Forwarding screen to edit a server mapping set that you have selected in the Server Mapping Set field. Click Back to return to the ZyXEL Device. Click Apply to save your changes to the previous screen.
User Guide
Page 176
.... Click the Edit icon to go to activate this screen to remove a static route from the ZyXEL Device. This is always based on the same network segment as the device's LAN or WAN port. The gateway is the IP address of the gateway. Otherwise, clear the check box. This is...asking you to confirm that describes or identifies this screen. The gateway helps forward packets to delete the route. 12.2.1 Static Route Edit Select a static route index number and click Edit. The screen shown next appears. P-660HW-T v2 User's Guide Figure 99 Static Route The following table describes the labels in...
.... Click the Edit icon to go to activate this screen to remove a static route from the ZyXEL Device. This is always based on the same network segment as the device's LAN or WAN port. The gateway is the IP address of the gateway. Otherwise, clear the check box. This is...asking you to confirm that describes or identifies this screen. The gateway helps forward packets to delete the route. 12.2.1 Static Route Edit Select a static route index number and click Edit. The screen shown next appears. P-660HW-T v2 User's Guide Figure 99 Static Route The following table describes the labels in...
User Guide
Page 177
...Click Cancel to activate/deactivate this screen afresh. The gateway is always based on the same network segment as the device's LAN or WAN port. Click Apply to save your changes to their destinations. Chapter 12 Static Route 177 This parameter specifies the IP network address of the ... field allows you need to specify a route to the host ID. The gateway helps forward packets to the ZyXEL Device. Click Back to return to delete this screen. Figure 100 Static Route Edit P-660HW-T v2 User's Guide The following table describes the labels in the subnet mask field to force ...
...Click Cancel to activate/deactivate this screen afresh. The gateway is always based on the same network segment as the device's LAN or WAN port. Click Apply to save your changes to their destinations. Chapter 12 Static Route 177 This parameter specifies the IP network address of the ... field allows you need to specify a route to the host ID. The gateway helps forward packets to the ZyXEL Device. Click Back to return to delete this screen. Figure 100 Static Route Edit P-660HW-T v2 User's Guide The following table describes the labels in the subnet mask field to force ...
User Guide
Page 209
... UPnP in Windows Me and Windows XP. 16.3.1 Installing UPnP in Windows Me Follow the steps below to bypass the firewall. P-660HW-T v2 User's Guide The following table describes the fields in Windows Me. 1 Click Start and Control Panel. Allow users to make configuration... configurator's login screen without entering the ZyXEL Device's IP address (although you must still enter the password to have the firewall block all UPnP application packets (for example by using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in the Components selection box. Double-...
... UPnP in Windows Me and Windows XP. 16.3.1 Installing UPnP in Windows Me Follow the steps below to bypass the firewall. P-660HW-T v2 User's Guide The following table describes the fields in Windows Me. 1 Click Start and Control Panel. Allow users to make configuration... configurator's login screen without entering the ZyXEL Device's IP address (although you must still enter the password to have the firewall block all UPnP application packets (for example by using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in the Components selection box. Double-...
User Guide
Page 229
... Firewall Alert From xxxxx Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 | | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |... 00 |From:192.168.1.1 To:192.168.1.255 |match |forward | 10:05:30 |UDP src port:00520 dest port:00520 | | End of Firewall Log 18.4 Log Descriptions This section provides descriptions of Log" message shows that a complete log has been sent. P-660HW-T v2 User's Guide • The date format here is Month-Day...
... Firewall Alert From xxxxx Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 | | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |... 00 |From:192.168.1.1 To:192.168.1.255 |match |forward | 10:05:30 |UDP src port:00520 dest port:00520 | | End of Firewall Log 18.4 Log Descriptions This section provides descriptions of Log" message shows that a complete log has been sent. P-660HW-T v2 User's Guide • The date format here is Month-Day...
User Guide
Page 234
..., port:port number. Connecting to content The connection to the time schedule or you didn't select the "Block Matched Web Site" check box, the system forwards the web content. The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF land attack. The firewall detected an ICMP land attack. P-660HW-T v2 User... site The web site is in the blocked category list, but it did not respond within the timeout server timeout period. DNS resolving failed The ZyXEL Device cannot get the IP address of the external content filtering via DNS query. WAN [TCP | UDP | IGMP | ESP | GRE | OSPF...
..., port:port number. Connecting to content The connection to the time schedule or you didn't select the "Block Matched Web Site" check box, the system forwards the web content. The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF land attack. The firewall detected an ICMP land attack. P-660HW-T v2 User... site The web site is in the blocked category list, but it did not respond within the timeout server timeout period. DNS resolving failed The ZyXEL Device cannot get the IP address of the external content filtering via DNS query. WAN [TCP | UDP | IGMP | ESP | GRE | OSPF...
User Guide
Page 238
...'s signature failed The listed rule's IKE phase 1verification of the peer's signature failed. P-660HW-T v2 User's Guide Table 101 IKE Logs (continued) LOG MESSAGE DESCRIPTION Rule [%d] Phase 2 authentication... for the listed rule. The Destination field records the certification authority server IP address and port. Rule [%d] Phase 2 encapsulation mismatch The listed rule's IKE phase 2 encapsulation did not...and the peer. Rule [%d]> Phase 2 pfs mismatch The listed rule's IKE phase 2 perfect forward secret (pfs) setting did not match between the router and the peer. Rule [%d] Tunnel...
...'s signature failed The listed rule's IKE phase 1verification of the peer's signature failed. P-660HW-T v2 User's Guide Table 101 IKE Logs (continued) LOG MESSAGE DESCRIPTION Rule [%d] Phase 2 authentication... for the listed rule. The Destination field records the certification authority server IP address and port. Rule [%d] Phase 2 encapsulation mismatch The listed rule's IKE phase 2 encapsulation did not...and the peer. Rule [%d]> Phase 2 pfs mismatch The listed rule's IKE phase 2 perfect forward secret (pfs) setting did not match between the router and the peer. Rule [%d] Tunnel...
User Guide
Page 259
Real-time E-mail alerts. Prevents Denial of Service attacks such as Ping of Service) Appendix A Product Specifications 259 Port Forwarding 1024 NAT sessions Multimedia application PPTP under NAT/SUA IPSec passthrough SIP ALG passthrough VPN passthrough Web page blocking by URL keyword. 16...) Traffic Redirect Dynamic DNS IP Alias MBM (Multimedia Bandwidth Management) QoS (Quality of Death, SYN Flood, LAND, Smurf etc. Reports and logs. P-660HW-T v2 User's Guide Table 118 Firmware (continued) Firewall NAT/SUA Content Filtering Static Routes Other Features Stateful Packet Inspection.
Real-time E-mail alerts. Prevents Denial of Service attacks such as Ping of Service) Appendix A Product Specifications 259 Port Forwarding 1024 NAT sessions Multimedia application PPTP under NAT/SUA IPSec passthrough SIP ALG passthrough VPN passthrough Web page blocking by URL keyword. 16...) Traffic Redirect Dynamic DNS IP Alias MBM (Multimedia Bandwidth Management) QoS (Quality of Death, SYN Flood, LAND, Smurf etc. Reports and logs. P-660HW-T v2 User's Guide Table 118 Firmware (continued) Firewall NAT/SUA Content Filtering Static Routes Other Features Stateful Packet Inspection.