User Guide
Page 14
P-660HW-T v2 User's Guide 7.1.3 DNS Server Address 112 7.1.4 DNS Server Address Assignment 113 7.2 LAN TCP/IP ...113 7.2.1 IP ...Port Forwarding: Services and Port Numbers 130 8.4.3 Configuring Servers Behind Port Forwarding (Example 131 8.5 Configuring Port Forwarding 131 8.5.1 Port Forwarding Rule Edit 132 8.6 Address Mapping 133 8.6.1 Address Mapping Rule Edit 135 Chapter 9 Firewalls...137 9.1 Firewall Overview 137 9.2 Types of Firewalls 137 9.2.1 Packet Filtering Firewalls 137 9.2.2 Application-level Firewalls 138 9.2.3 Stateful Inspection Firewalls 138 9.3 Introduction to ZyXEL...
P-660HW-T v2 User's Guide 7.1.3 DNS Server Address 112 7.1.4 DNS Server Address Assignment 113 7.2 LAN TCP/IP ...113 7.2.1 IP ...Port Forwarding: Services and Port Numbers 130 8.4.3 Configuring Servers Behind Port Forwarding (Example 131 8.5 Configuring Port Forwarding 131 8.5.1 Port Forwarding Rule Edit 132 8.6 Address Mapping 133 8.6.1 Address Mapping Rule Edit 135 Chapter 9 Firewalls...137 9.1 Firewall Overview 137 9.2 Types of Firewalls 137 9.2.1 Packet Filtering Firewalls 137 9.2.2 Application-level Firewalls 138 9.2.3 Stateful Inspection Firewalls 138 9.3 Introduction to ZyXEL...
User Guide
Page 22
P-660HW-T v2 User's Guide Figure 39 Internet Connection (PPPoE 81 Figure 40 Advanced Internet Connection Setup 83 Figure 41 More Connections 85 Figure 42 More Connections Edit ... 71 NAT Application With IP Alias 127 Figure 72 NAT General ...129 Figure 73 Multiple Servers Behind NAT Example 131 Figure 74 NAT Port Forwarding 131 Figure 75 Port Forwarding Rule Setup 132 Figure 76 Address Mapping Rules 134 Figure 77 Edit Address Mapping Rule 135 Figure 78 Firewall Application 139 Figure 79 Three...
P-660HW-T v2 User's Guide Figure 39 Internet Connection (PPPoE 81 Figure 40 Advanced Internet Connection Setup 83 Figure 41 More Connections 85 Figure 42 More Connections Edit ... 71 NAT Application With IP Alias 127 Figure 72 NAT General ...129 Figure 73 Multiple Servers Behind NAT Example 131 Figure 74 NAT Port Forwarding 131 Figure 75 Port Forwarding Rule Setup 132 Figure 76 Address Mapping Rules 134 Figure 77 Edit Address Mapping Rule 135 Figure 78 Firewall Application 139 Figure 79 Three...
User Guide
Page 28
P-660HW-T v2 User's Guide Table 39 LAN IP Alias ...122 Table 40 NAT Definitions ...125 Table 41 NAT Mapping Types 128 Table 42 NAT General ...129 Table 43 Services and Port Numbers 130 Table 44 NAT Port Forwarding 132 Table 45 Port Forwarding Rule Setup 133 Table 46 Address Mapping Rules 134 Table ...47 Edit Address Mapping Rule 135 Table 48 Common IP Ports 140 Table 49 ICMP Commands That Trigger Alerts 142...
P-660HW-T v2 User's Guide Table 39 LAN IP Alias ...122 Table 40 NAT Definitions ...125 Table 41 NAT Mapping Types 128 Table 42 NAT General ...129 Table 43 Services and Port Numbers 130 Table 44 NAT Port Forwarding 132 Table 45 Port Forwarding Rule Setup 133 Table 46 Address Mapping Rules 134 Table ...47 Edit Address Mapping Rule 135 Table 48 Common IP Ports 140 Table 49 ICMP Commands That Trigger Alerts 142...
User Guide
Page 45
...assign an IP address to define a bandwidth rule. MAC Filter Use this screen to configure the ZyXEL Device to block access to configure servers behind the ZyXEL Device. Port Forwarding Use this screen to devices or block the devices from content filtering on your LAN interface into ...subnets. Use this screen to configure LAN TCP/IP settings, enable Any IP and other advanced properties. P-660HW-T v2 User's Guide Table 3 ...
...assign an IP address to define a bandwidth rule. MAC Filter Use this screen to configure the ZyXEL Device to block access to configure servers behind the ZyXEL Device. Port Forwarding Use this screen to devices or block the devices from content filtering on your LAN interface into ...subnets. Use this screen to configure LAN TCP/IP settings, enable Any IP and other advanced properties. P-660HW-T v2 User's Guide Table 3 ...
User Guide
Page 87
... IP address Specify a gateway IP address (supplied by your PPPoE service here. Otherwise, select None to you. Chapter 5 WAN Setup 87 P-660HW-T v2 User's Guide Table 23 More Connections Edit (continued) LABEL DESCRIPTION User Name (PPPoA and PPPoE encapsulation only) Enter the user name exactly as ...edit a server mapping set of your ISP). Subnet Mask Enter a subnet mask in the Mode field. The ZyXEL Device will not timeout. Click Edit to go to the Port Forwarding screen to you . Apply Click Apply to the previous screen. A static IP address is reserved for the ...
... IP address Specify a gateway IP address (supplied by your PPPoE service here. Otherwise, select None to you. Chapter 5 WAN Setup 87 P-660HW-T v2 User's Guide Table 23 More Connections Edit (continued) LABEL DESCRIPTION User Name (PPPoA and PPPoE encapsulation only) Enter the user name exactly as ...edit a server mapping set of your ISP). Subnet Mask Enter a subnet mask in the Mode field. The ZyXEL Device will not timeout. Click Edit to go to the Port Forwarding screen to you . Apply Click Apply to the previous screen. A static IP address is reserved for the ...
User Guide
Page 126
... intruders from a subscriber (the inside local address) to another (the inside global address) before forwarding it to the Internet. The ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can be either local or global) of firewall protection. see Table ...Works Each packet has two addresses - a source address and a destination address. P-660HW-T v2 User's Guide 8.1.2 What NAT Does In the simplest form, NAT changes the source IP address in each packet and then forwards it to the original inside host. Note that the IP address (either static or...
... intruders from a subscriber (the inside local address) to another (the inside global address) before forwarding it to the Internet. The ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can be either local or global) of firewall protection. see Table ...Works Each packet has two addresses - a source address and a destination address. P-660HW-T v2 User's Guide 8.1.2 What NAT Does In the simplest form, NAT changes the source IP address in each packet and then forwards it to the original inside host. Note that the IP address (either static or...
User Guide
Page 128
P-660HW-T v2 User's Guide Port numbers do NOT change for your ZyXEL Device. 8.3 NAT General Setup You must create a firewall rule in Table 41 on all...on page 128. • Choose SUA Only if you have just one public WAN IP address for your ZyXEL Device. • Choose Full Feature if you have multiple public WAN IP addresses for One-to-One and ...PAT) Many-to-Many Overload Many-to -One and Server. Click Network > NAT to be forwarded through the ZyXEL Device. The ZyXEL Device also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses...
P-660HW-T v2 User's Guide Port numbers do NOT change for your ZyXEL Device. 8.3 NAT General Setup You must create a firewall rule in Table 41 on all...on page 128. • Choose SUA Only if you have just one public WAN IP address for your ZyXEL Device. • Choose Full Feature if you have multiple public WAN IP addresses for One-to-One and ...PAT) Many-to-Many Overload Many-to -One and Server. Click Network > NAT to be forwarded through the ZyXEL Device. The ZyXEL Device also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses...
User Guide
Page 129
...ensure that you do not limit the number of NAT sessions a single client can establish, this can establish. Use this screen. 8.4 Port Forwarding A port forwarding set is a list of inside network appear as file sharing applications, they can result in this screen. Click Cancel to reload the previous... this radio button if you can raise this check box to the ZyXEL Device. In this number to ensure no additional NAT sessions can establish through the ZyXEL Device. Figure 72 NAT General P-660HW-T v2 User's Guide The following table describes the labels in all of NAT...
...ensure that you do not limit the number of NAT sessions a single client can establish, this can establish. Use this screen. 8.4 Port Forwarding A port forwarding set is a list of inside network appear as file sharing applications, they can result in this screen. Click Cancel to reload the previous... this radio button if you can raise this check box to the ZyXEL Device. In this number to ensure no additional NAT sessions can establish through the ZyXEL Device. Figure 72 NAT General P-660HW-T v2 User's Guide The following table describes the labels in all of NAT...
User Guide
Page 130
... on your location. The port number identifies a service; P-660HW-T v2 User's Guide You may suspend your account if it might be forwarded, and the local IP address of ports. If you to a port or a range of the desired server. Many residential broadband ISP accounts do not assign a Default Server IP address, the ZyXEL Device discards all packets...
... on your location. The port number identifies a service; P-660HW-T v2 User's Guide You may suspend your account if it might be forwarded, and the local IP address of ports. If you to a port or a range of the desired server. Many residential broadband ISP accounts do not assign a Default Server IP address, the ZyXEL Device discards all packets...
User Guide
Page 131
... specified here or in the remote management setup. If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for particular services. P-660HW-T v2 User's Guide 8.4.3 Configuring Servers Behind Port Forwarding (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example...
... specified here or in the remote management setup. If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for particular services. P-660HW-T v2 User's Guide 8.4.3 Configuring Servers Behind Port Forwarding (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example...
User Guide
Page 132
... screen where you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the Port Forwarding screen to enable the rule. P-660HW-T v2 User's Guide The following table describes the fields in this screen. Active... Click this action. Click the delete icon to the ZyXEL Device. Note that ...
... screen where you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the Port Forwarding screen to enable the rule. P-660HW-T v2 User's Guide The following table describes the fields in this screen. Active... Click this action. Click the delete icon to the ZyXEL Device. Note that ...
User Guide
Page 133
P-660HW-T v2 User's Guide The following screen. Enter a port number in this field. Enter a port number in this field. Click Back to return to open the following table describes the fields in your changes to 7 will be rule 7, not 9. Click ... rule 4, rules 5 to the ZyXEL Device. Enter the inside IP address of empty rules. If there are ignored. To forward a series of ports, enter the last port number in the Start Port field above . In the set and now you specify. Table 45 Port Forwarding Rule Setup LABEL Active Service Name Start Port End Port Server IP Address Back...
P-660HW-T v2 User's Guide The following screen. Enter a port number in this field. Enter a port number in this field. Click Back to return to open the following table describes the fields in your changes to 7 will be rule 7, not 9. Click ... rule 4, rules 5 to the ZyXEL Device. Enter the inside IP address of empty rules. If there are ignored. To forward a series of ports, enter the last port number in the Start Port field above . In the set and now you specify. Table 45 Port Forwarding Rule Setup LABEL Active Service Name Start Port End Port Server IP Address Back...
User Guide
Page 136
Click Back to return to the ZyXEL Device. Click Cancel to begin configuring this link to go to the Port Forwarding screen to edit a server mapping set that you have selected in the Server Mapping Set field. P-660HW-T v2 User's Guide Table 47 Edit Address Mapping Rule (continued) LABEL Edit Details Back Apply Cancel DESCRIPTION Click this screen afresh. 136 Chapter 8 Network Address Translation (NAT) Screens Click Apply to save your changes to the previous screen.
Click Back to return to the ZyXEL Device. Click Cancel to begin configuring this link to go to the Port Forwarding screen to edit a server mapping set that you have selected in the Server Mapping Set field. P-660HW-T v2 User's Guide Table 47 Edit Address Mapping Rule (continued) LABEL Edit Details Back Apply Cancel DESCRIPTION Click this screen afresh. 136 Chapter 8 Network Address Translation (NAT) Screens Click Apply to save your changes to the previous screen.
User Guide
Page 176
The gateway is the name that describes or identifies this screen to confirm that you can set up a static route on the ZyXEL Device. P-660HW-T v2 User's Guide Figure 99 Static Route The following table describes the labels in this static route. Table 63 Static Route LABEL # Active...Chapter 12 Static Route Otherwise, clear the check box. The gateway helps forward packets to remove a static route from the ZyXEL Device. This is always based on the same network segment as the device's LAN or WAN port. This parameter specifies the IP network address of an individual static route. ...
The gateway is the name that describes or identifies this screen to confirm that you can set up a static route on the ZyXEL Device. P-660HW-T v2 User's Guide Figure 99 Static Route The following table describes the labels in this static route. Table 63 Static Route LABEL # Active...Chapter 12 Static Route Otherwise, clear the check box. The gateway helps forward packets to remove a static route from the ZyXEL Device. This is always based on the same network segment as the device's LAN or WAN port. This parameter specifies the IP network address of an individual static route. ...
User Guide
Page 177
... static route. The gateway is always based on the same network segment as the device's LAN or WAN port. The gateway helps forward packets to the previous screen without saving. This parameter specifies the IP network address of the IP static route... screen. Leave this field blank to the host ID. Chapter 12 Static Route 177 Figure 100 Static Route Edit P-660HW-T v2 User's Guide The following table describes the labels in the subnet mask field to force the network number to be ... Address Back Apply Cancel This field allows you need to specify a route to the ZyXEL Device.
... static route. The gateway is always based on the same network segment as the device's LAN or WAN port. The gateway helps forward packets to the previous screen without saving. This parameter specifies the IP network address of the IP static route... screen. Leave this field blank to the host ID. Chapter 12 Static Route 177 Figure 100 Static Route Edit P-660HW-T v2 User's Guide The following table describes the labels in the subnet mask field to force the network number to be ... Address Back Apply Cancel This field allows you need to specify a route to the ZyXEL Device.
User Guide
Page 209
...activate UPnP. P-660HW-T v2 User's Guide The following table describes the fields in the Components selection box. Be aware that they can communicate through the ZyXEL Device, for example by using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in order to manually configure port forwarding for example, ...UPnP to pass through UPnP Select this check box to allow UPnP-enabled applications to automatically configure the ZyXEL Device so that anyone could use Play (UPnP) Feature a UPnP application to open the web configurator's login screen without entering ...
...activate UPnP. P-660HW-T v2 User's Guide The following table describes the fields in the Components selection box. Be aware that they can communicate through the ZyXEL Device, for example by using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in order to manually configure port forwarding for example, ...UPnP to pass through UPnP Select this check box to allow UPnP-enabled applications to automatically configure the ZyXEL Device so that anyone could use Play (UPnP) Feature a UPnP application to open the web configurator's login screen without entering ...
User Guide
Page 229
P-660HW-T v2 User's Guide • The date format here is successful Time calibration failed WAN interface gets IP:%s DHCP client IP expired DHCP server assigns%s Successful WEB ... Subject: Firewall Alert From xxxxx Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 | | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default policy...
P-660HW-T v2 User's Guide • The date format here is successful Time calibration failed WAN interface gets IP:%s DHCP client IP expired DHCP server assigns%s Successful WEB ... Subject: Firewall Alert From xxxxx Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 | | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default policy...
User Guide
Page 234
... filtering server failed. Creating socket failed The ZyXEL Device cannot issue a query because TCP/IP socket creation failed, port:port number. The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF land attack. DNS resolving failed The ZyXEL Device cannot get the IP address of the... content The connection to the time schedule or you didn't select the "Block Matched Web Site" check box, the system forwards the web content. P-660HW-T v2 User's Guide Table 98 Content Filtering Logs (continued) LOG MESSAGE DESCRIPTION %s: Contains ActiveX The web site contains ActiveX. %s: Contains...
... filtering server failed. Creating socket failed The ZyXEL Device cannot issue a query because TCP/IP socket creation failed, port:port number. The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF land attack. DNS resolving failed The ZyXEL Device cannot get the IP address of the... content The connection to the time schedule or you didn't select the "Block Matched Web Site" check box, the system forwards the web content. P-660HW-T v2 User's Guide Table 98 Content Filtering Logs (continued) LOG MESSAGE DESCRIPTION %s: Contains ActiveX The web site contains ActiveX. %s: Contains...
User Guide
Page 238
... Logs LOG MESSAGE DESCRIPTION Enrollment successful Enrollment failed Failed to using the listed rule. P-660HW-T v2 User's Guide Table 101 IKE Logs (continued) LOG MESSAGE DESCRIPTION Rule [%d] Phase 2...the peer. Rule [%d]> Phase 2 pfs mismatch The listed rule's IKE phase 2 perfect forward secret (pfs) setting did not match between the router and the peer. Swap rule...and the peer. The Destination field records the certification authority server's IP address and port. The SCEP online certificate enrollment failed. Rule [%d] Tunnel built successfully The listed rule's...
... Logs LOG MESSAGE DESCRIPTION Enrollment successful Enrollment failed Failed to using the listed rule. P-660HW-T v2 User's Guide Table 101 IKE Logs (continued) LOG MESSAGE DESCRIPTION Rule [%d] Phase 2...the peer. Rule [%d]> Phase 2 pfs mismatch The listed rule's IKE phase 2 perfect forward secret (pfs) setting did not match between the router and the peer. Swap rule...and the peer. The Destination field records the certification authority server's IP address and port. The SCEP online certificate enrollment failed. Rule [%d] Tunnel built successfully The listed rule's...
User Guide
Page 259
P-660HW-T v2 User's Guide Table 118 Firmware (continued) Firewall NAT/SUA Content Filtering Static Routes Other Features Stateful Packet Inspection. Port Forwarding 1024 NAT sessions Multimedia application PPTP under NAT/SUA IPSec passthrough SIP ALG passthrough VPN passthrough Web page blocking by URL keyword. 16 IP and 4 ...
P-660HW-T v2 User's Guide Table 118 Firmware (continued) Firewall NAT/SUA Content Filtering Static Routes Other Features Stateful Packet Inspection. Port Forwarding 1024 NAT sessions Multimedia application PPTP under NAT/SUA IPSec passthrough SIP ALG passthrough VPN passthrough Web page blocking by URL keyword. 16 IP and 4 ...