User Guide
Page 14
P-660HW-T v2 User's Guide 7.1.3 DNS Server Address 112 7.1.4 DNS Server Address Assignment 113 7.2 LAN TCP/IP ...113 7.2.1 IP ...Port Forwarding: Services and Port Numbers 130 8.4.3 Configuring Servers Behind Port Forwarding (Example 131 8.5 Configuring Port Forwarding 131 8.5.1 Port Forwarding Rule Edit 132 8.6 Address Mapping 133 8.6.1 Address Mapping Rule Edit 135 Chapter 9 Firewalls...137 9.1 Firewall Overview 137 9.2 Types of Firewalls 137 9.2.1 Packet Filtering Firewalls 137 9.2.2 Application-level Firewalls 138 9.2.3 Stateful Inspection Firewalls 138 9.3 Introduction to ZyXEL...
P-660HW-T v2 User's Guide 7.1.3 DNS Server Address 112 7.1.4 DNS Server Address Assignment 113 7.2 LAN TCP/IP ...113 7.2.1 IP ...Port Forwarding: Services and Port Numbers 130 8.4.3 Configuring Servers Behind Port Forwarding (Example 131 8.5 Configuring Port Forwarding 131 8.5.1 Port Forwarding Rule Edit 132 8.6 Address Mapping 133 8.6.1 Address Mapping Rule Edit 135 Chapter 9 Firewalls...137 9.1 Firewall Overview 137 9.2 Types of Firewalls 137 9.2.1 Packet Filtering Firewalls 137 9.2.2 Application-level Firewalls 138 9.2.3 Stateful Inspection Firewalls 138 9.3 Introduction to ZyXEL...
User Guide
Page 22
P-660HW-T v2 User's Guide Figure 39 Internet Connection (PPPoE 81 Figure 40 Advanced Internet Connection Setup 83 Figure 41 More Connections 85 Figure 42 More Connections Edit ... 71 NAT Application With IP Alias 127 Figure 72 NAT General ...129 Figure 73 Multiple Servers Behind NAT Example 131 Figure 74 NAT Port Forwarding 131 Figure 75 Port Forwarding Rule Setup 132 Figure 76 Address Mapping Rules 134 Figure 77 Edit Address Mapping Rule 135 Figure 78 Firewall Application 139 Figure 79 Three...
P-660HW-T v2 User's Guide Figure 39 Internet Connection (PPPoE 81 Figure 40 Advanced Internet Connection Setup 83 Figure 41 More Connections 85 Figure 42 More Connections Edit ... 71 NAT Application With IP Alias 127 Figure 72 NAT General ...129 Figure 73 Multiple Servers Behind NAT Example 131 Figure 74 NAT Port Forwarding 131 Figure 75 Port Forwarding Rule Setup 132 Figure 76 Address Mapping Rules 134 Figure 77 Edit Address Mapping Rule 135 Figure 78 Firewall Application 139 Figure 79 Three...
User Guide
Page 28
P-660HW-T v2 User's Guide Table 39 LAN IP Alias ...122 Table 40 NAT Definitions ...125 Table 41 NAT Mapping Types 128 Table 42 NAT General ...129 Table 43 Services and Port Numbers 130 Table 44 NAT Port Forwarding 132 Table 45 Port Forwarding Rule Setup 133 Table 46 Address Mapping Rules 134 Table ...47 Edit Address Mapping Rule 135 Table 48 Common IP Ports 140 Table 49 ICMP Commands That Trigger Alerts 142...
P-660HW-T v2 User's Guide Table 39 LAN IP Alias ...122 Table 40 NAT Definitions ...125 Table 41 NAT Mapping Types 128 Table 42 NAT General ...129 Table 43 Services and Port Numbers 130 Table 44 NAT Port Forwarding 132 Table 45 Port Forwarding Rule Setup 133 Table 46 Address Mapping Rules 134 Table ...47 Edit Address Mapping Rule 135 Table 48 Common IP Ports 140 Table 49 ICMP Commands That Trigger Alerts 142...
User Guide
Page 45
... your LAN interface into subnets. Use this screen to enable bandwidth management on an interface. Use this screen to change your ZyXEL Device. P-660HW-T v2 User's Guide Table 3 Web Configurator Screens Summary (continued) LINK/ICON LAN Wireless LAN NAT Security Firewall Content Filter Advanced Static... to apply the rule. Use this screen to configure servers behind the ZyXEL Device. Use this screen to activate/deactivate the firewall and the direction of users on your anti-probing settings. Port Forwarding Use this screen to a MAC address (and host name). DHCP Setup...
... your LAN interface into subnets. Use this screen to enable bandwidth management on an interface. Use this screen to change your ZyXEL Device. P-660HW-T v2 User's Guide Table 3 Web Configurator Screens Summary (continued) LINK/ICON LAN Wireless LAN NAT Security Firewall Content Filter Advanced Static... to apply the rule. Use this screen to configure servers behind the ZyXEL Device. Use this screen to activate/deactivate the firewall and the direction of users on your anti-probing settings. Port Forwarding Use this screen to a MAC address (and host name). DHCP Setup...
User Guide
Page 87
...idle time-out in the IP Address field below. Apply Click Apply to the previous screen. P-660HW-T v2 User's Guide Table 23 More Connections Edit (continued) LABEL DESCRIPTION User Name (PPPoA and PPPoE...Mask Enter a subnet mask in the Max Idle Timeout field. Click Edit to go to the Port Forwarding screen to you have one each protocol. Back Click Back to return to save the changes....the connection automatically if it is a fixed IP that your ISP in the Mode field. The ZyXEL Device will try to you . If you are VC or LLC. Otherwise, select None to...
...idle time-out in the IP Address field below. Apply Click Apply to the previous screen. P-660HW-T v2 User's Guide Table 23 More Connections Edit (continued) LABEL DESCRIPTION User Name (PPPoA and PPPoE...Mask Enter a subnet mask in the Max Idle Timeout field. Click Edit to go to the Port Forwarding screen to you have one each protocol. Back Click Back to return to save the changes....the connection automatically if it is a fixed IP that your ISP in the Mode field. The ZyXEL Device will try to you . If you are VC or LLC. Otherwise, select None to...
User Guide
Page 126
... source address (and TCP or UDP source port numbers for Many-to-One and Many-to-Many Overload mapping - P-660HW-T v2 User's Guide 8.1.2 What NAT Does In the simplest form, NAT changes the source IP address in each packet and then forwards it to the original inside global address) ...accessible to the outside host is the destination address on IP address translation, refer to the Internet. a source address and a destination address. The ZyXEL Device keeps track of an outside world. The global IP addresses for example, a web server and a telnet server, on other networks. Figure 70...
... source address (and TCP or UDP source port numbers for Many-to-One and Many-to-Many Overload mapping - P-660HW-T v2 User's Guide 8.1.2 What NAT Does In the simplest form, NAT changes the source IP address in each packet and then forwards it to the original inside global address) ...accessible to the outside host is the destination address on IP address translation, refer to the Internet. a source address and a destination address. The ZyXEL Device keeps track of an outside world. The global IP addresses for example, a web server and a telnet server, on other networks. Figure 70...
User Guide
Page 128
...General Setup You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the ZyXEL Device. The ZyXEL Device also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of mapping, Many-to -...... ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA1 ILA4ÅÆ IGA2 ... The following screen. P-660HW-T v2 User's Guide Port numbers do NOT change for your ZyXEL Device. • Choose Full Feature if you have multiple public WAN IP addresses for One-to-One and Many-to open...
...General Setup You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the ZyXEL Device. The ZyXEL Device also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of mapping, Many-to -...... ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA1 ILA4ÅÆ IGA2 ... The following screen. P-660HW-T v2 User's Guide Port numbers do NOT change for your ZyXEL Device. • Choose Full Feature if you have multiple public WAN IP addresses for One-to-One and Many-to open...
User Guide
Page 129
...the ZyXEL Device. Chapter 8 Network Address Translation (NAT) Screens 129 In this case, no single client is using peer to peer applications, you can raise this number to ensure that you do not limit the number of NAT sessions a single client can establish, this screen. 8.4 Port Forwarding A port forwarding set... sessions each client computer can be established, and users may not be able to enable NAT. Figure 72 NAT General P-660HW-T v2 User's Guide The following table describes the labels in all of the available NAT sessions. Select this check box to access the Internet...
...the ZyXEL Device. Chapter 8 Network Address Translation (NAT) Screens 129 In this case, no single client is using peer to peer applications, you can raise this number to ensure that you do not limit the number of NAT sessions a single client can establish, this screen. 8.4 Port Forwarding A port forwarding set... sessions each client computer can be established, and users may not be able to enable NAT. Figure 72 NAT General P-660HW-T v2 User's Guide The following table describes the labels in all of the available NAT sessions. Select this check box to access the Internet...
User Guide
Page 130
P-660HW-T v2 User's Guide You may enter a single port number or a range of port numbers to be better to specify a range of port numbers. Your ISP may suspend your account if it might be forwarded, and the local IP address of ports. The most often used port numbers are not specified in this screen....do not allow you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for specified services, NAT supports a default server IP address. Note: If you to the server(s) on port 21. for example both FTP and web service), it discovers any server ...
P-660HW-T v2 User's Guide You may enter a single port number or a range of port numbers to be better to specify a range of port numbers. Your ISP may suspend your account if it might be forwarded, and the local IP address of ports. The most often used port numbers are not specified in this screen....do not allow you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for specified services, NAT supports a default server IP address. Note: If you to the server(s) on port 21. for example both FTP and web service), it discovers any server ...
User Guide
Page 131
... IP address of 192.168.1.35 to open the following screen. Click Network > NAT > Port Forwarding to a third (C in the example). P-660HW-T v2 User's Guide 8.4.3 Configuring Servers Behind Port Forwarding (Example) Let's say you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for particular services. The NAT network appears as a single...
... IP address of 192.168.1.35 to open the following screen. Click Network > NAT > Port Forwarding to a third (C in the example). P-660HW-T v2 User's Guide 8.4.3 Configuring Servers Behind Port Forwarding (Example) Let's say you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for particular services. The NAT network appears as a single...
User Guide
Page 132
... the drop-down list box. Add Click this check box to enable the rule. Click the delete icon to the ZyXEL Device. P-660HW-T v2 User's Guide The following table describes the fields in the Port Forwarding screen to display the screen shown next. Active Click this button to add a rule to the table below. # This...
... the drop-down list box. Add Click this check box to enable the rule. Click the delete icon to the ZyXEL Device. P-660HW-T v2 User's Guide The following table describes the fields in the Port Forwarding screen to display the screen shown next. Active Click this button to add a rule to the table below. # This...
User Guide
Page 133
...ZyXEL Device takes the corresponding action and the remaining rules are any empty rules before your new configured rule, your configured rule will be pushed up by that number of ports, enter the last port number in this field. P-660HW-T v2 User's Guide The following screen. Table 45 Port Forwarding... Rule Setup LABEL Active Service Name Start Port End Port Server IP Address Back Apply Cancel DESCRIPTION ...
...ZyXEL Device takes the corresponding action and the remaining rules are any empty rules before your new configured rule, your configured rule will be pushed up by that number of ports, enter the last port number in this field. P-660HW-T v2 User's Guide The following screen. Table 45 Port Forwarding... Rule Setup LABEL Active Service Name Start Port End Port Server IP Address Back Apply Cancel DESCRIPTION ...
User Guide
Page 136
Click Cancel to begin configuring this link to go to the Port Forwarding screen to edit a server mapping set that you have selected in the Server Mapping Set field. Click Back to return to the ZyXEL Device. P-660HW-T v2 User's Guide Table 47 Edit Address Mapping Rule (continued) LABEL Edit Details Back Apply Cancel DESCRIPTION Click this screen afresh. 136 Chapter 8 Network Address Translation (NAT) Screens Click Apply to save your changes to the previous screen.
Click Cancel to begin configuring this link to go to the Port Forwarding screen to edit a server mapping set that you have selected in the Server Mapping Set field. Click Back to return to the ZyXEL Device. P-660HW-T v2 User's Guide Table 47 Edit Address Mapping Rule (continued) LABEL Edit Details Back Apply Cancel DESCRIPTION Click this screen afresh. 136 Chapter 8 Network Address Translation (NAT) Screens Click Apply to save your changes to the previous screen.
User Guide
Page 176
...Destination Gateway Subnet Mask Modify DESCRIPTION This is the IP subnet mask. Otherwise, clear the check box. The gateway helps forward packets to remove a static route from the ZyXEL Device. This parameter specifies the IP network address of the gateway. A window displays asking you to confirm that describes... on the same network segment as the device's LAN or WAN port. Click the Edit icon to go to delete the route. 12.2.1 Static Route Edit Select a static route index number and click Edit. P-660HW-T v2 User's Guide Figure 99 Static Route The following table describes the ...
...Destination Gateway Subnet Mask Modify DESCRIPTION This is the IP subnet mask. Otherwise, clear the check box. The gateway helps forward packets to remove a static route from the ZyXEL Device. This parameter specifies the IP network address of the gateway. A window displays asking you to confirm that describes... on the same network segment as the device's LAN or WAN port. Click the Edit icon to go to delete the route. 12.2.1 Static Route Edit Select a static route index number and click Edit. P-660HW-T v2 User's Guide Figure 99 Static Route The following table describes the ...
User Guide
Page 177
...is always based on the same network segment as the device's LAN or WAN port. Leave this field blank to delete this static route. Enter the IP subnet mask here. The gateway helps forward packets to the ZyXEL Device. Table 64 Static Route Edit LABEL DESCRIPTION Active Route Name Destination IP ...of 255.255.255.255 in this screen afresh. Click Back to return to activate/deactivate this static route. Figure 100 Static Route Edit P-660HW-T v2 User's Guide The following table describes the labels in the subnet mask field to force the network number to be identical to the host ...
...is always based on the same network segment as the device's LAN or WAN port. Leave this field blank to delete this static route. Enter the IP subnet mask here. The gateway helps forward packets to the ZyXEL Device. Table 64 Static Route Edit LABEL DESCRIPTION Active Route Name Destination IP ...of 255.255.255.255 in this screen afresh. Click Back to return to activate/deactivate this static route. Figure 100 Static Route Edit P-660HW-T v2 User's Guide The following table describes the labels in the subnet mask field to force the network number to be identical to the host ...
User Guide
Page 209
... address (although you must still enter the password to bypass the firewall. Allow UPnP to pass through the ZyXEL Device, for example by using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in order to have the firewall block all UPnP application packets (for the UPnP enabled application. Chapter 16 ... UPnP enabled device; Click Details. Clear this check box to install the UPnP in Windows Me Follow the steps below to activate UPnP. P-660HW-T v2 User's Guide The following table describes the fields in the Components selection box.
... address (although you must still enter the password to bypass the firewall. Allow UPnP to pass through the ZyXEL Device, for example by using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in order to have the firewall block all UPnP application packets (for the UPnP enabled application. Chapter 16 ... UPnP enabled device; Click Details. Clear this check box to install the UPnP in Windows Me Follow the steps below to activate UPnP. P-660HW-T v2 User's Guide The following table describes the fields in the Components selection box.
User Guide
Page 229
... to log on to the router's web configurator interface. Someone has logged on to the router's web configurator interface. Chapter 18 Logs 229 P-660HW-T v2 User's Guide • The date format here is successful Time calibration failed WAN interface gets IP:%s DHCP client IP expired DHCP server assigns%s...Firewall Alert From xxxxx Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 | | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |...
... to log on to the router's web configurator interface. Someone has logged on to the router's web configurator interface. Chapter 18 Logs 229 P-660HW-T v2 User's Guide • The date format here is successful Time calibration failed WAN interface gets IP:%s DHCP client IP expired DHCP server assigns%s...Firewall Alert From xxxxx Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 | | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |...
User Guide
Page 234
...106 on according to the external content filtering server failed. Creating socket failed The ZyXEL Device cannot issue a query because TCP/IP socket creation failed, port:port number. WAN [TCP | UDP | IGMP | ESP | GRE | OSPF...didn't select the "Block Matched Web Site" check box, the system forwards the web content. filter server fail License key is invalid The external content filtering license ...and code details, see Table 106 on the WAN port. 234 Chapter 18 Logs The firewall detected an IP spoofing attack on page 242. P-660HW-T v2 User's Guide Table 98 Content Filtering Logs (continued)...
...106 on according to the external content filtering server failed. Creating socket failed The ZyXEL Device cannot issue a query because TCP/IP socket creation failed, port:port number. WAN [TCP | UDP | IGMP | ESP | GRE | OSPF...didn't select the "Block Matched Web Site" check box, the system forwards the web content. filter server fail License key is invalid The external content filtering license ...and code details, see Table 106 on the WAN port. 234 Chapter 18 Logs The firewall detected an IP spoofing attack on page 242. P-660HW-T v2 User's Guide Table 98 Content Filtering Logs (continued)...
User Guide
Page 238
... the peer. not found . The Destination field records the certification authority server IP address and port. Rule [%d]> Phase 2 pfs mismatch The listed rule's IKE phase 2 perfect forward secret (pfs) setting did not match between the router and the peer. Rule [%d] phase ... failed. The SCEP online certificate enrollment failed because the certification authority server's address cannot be resolved. 238 Chapter 18 Logs P-660HW-T v2 User's Guide Table 101 IKE Logs (continued) LOG MESSAGE DESCRIPTION Rule [%d] Phase 2 authentication algorithm mismatch The listed rule's IKE...
... the peer. not found . The Destination field records the certification authority server IP address and port. Rule [%d]> Phase 2 pfs mismatch The listed rule's IKE phase 2 perfect forward secret (pfs) setting did not match between the router and the peer. Rule [%d] phase ... failed. The SCEP online certificate enrollment failed because the certification authority server's address cannot be resolved. 238 Chapter 18 Logs P-660HW-T v2 User's Guide Table 101 IKE Logs (continued) LOG MESSAGE DESCRIPTION Rule [%d] Phase 2 authentication algorithm mismatch The listed rule's IKE...
User Guide
Page 259
Reports and logs. Port Forwarding 1024 NAT sessions Multimedia application PPTP under NAT/SUA IPSec passthrough SIP ALG passthrough VPN passthrough Web page blocking by URL keyword. 16 IP and 4 ... IP Zero Configuration (VC auto-hunting) Traffic Redirect Dynamic DNS IP Alias MBM (Multimedia Bandwidth Management) QoS (Quality of Death, SYN Flood, LAND, Smurf etc. P-660HW-T v2 User's Guide Table 118 Firmware (continued) Firewall NAT/SUA Content Filtering Static Routes Other Features Stateful Packet Inspection. Prevents Denial of Service attacks such as...
Reports and logs. Port Forwarding 1024 NAT sessions Multimedia application PPTP under NAT/SUA IPSec passthrough SIP ALG passthrough VPN passthrough Web page blocking by URL keyword. 16 IP and 4 ... IP Zero Configuration (VC auto-hunting) Traffic Redirect Dynamic DNS IP Alias MBM (Multimedia Bandwidth Management) QoS (Quality of Death, SYN Flood, LAND, Smurf etc. P-660HW-T v2 User's Guide Table 118 Firmware (continued) Firewall NAT/SUA Content Filtering Static Routes Other Features Stateful Packet Inspection. Prevents Denial of Service attacks such as...