User Guide
Page 6
Document Conventions Server Firewall Router Switch Telephone 6 ADSL Router Series User's Guide
Document Conventions Server Firewall Router Switch Telephone 6 ADSL Router Series User's Guide
User Guide
Page 9
... Tutorials ...41 Technical Reference ...77 Internet and Wireless Setup Wizard...79 WAN Setup ...93 LAN Setup ...109 Wireless LAN ...123 Network Address Translation (NAT) ...151 Firewall ...163 Filters ...181 Certificate ...189 Static Route ...193 Port Binding ...199 802.1Q/1P ...203 Quality of Service (QoS) ...209 Dynamic DNS Setup ...217 Remote...
... Tutorials ...41 Technical Reference ...77 Internet and Wireless Setup Wizard...79 WAN Setup ...93 LAN Setup ...109 Wireless LAN ...123 Network Address Translation (NAT) ...151 Firewall ...163 Filters ...181 Certificate ...189 Static Route ...193 Port Binding ...199 802.1Q/1P ...203 Quality of Service (QoS) ...209 Dynamic DNS Setup ...217 Remote...
User Guide
Page 12
...4.4 Setting Up a Secure Wireless Network 45 4.4.1 Configuring the Wireless Network Settings 45 4.4.2 Using WPS ...46 4.4.3 Connecting Wirelessly to your ZyXEL Device 50 4.5 Configuring the MAC Address Filter for Restricting Wireless Internet Access 52 4.6 Multiple Public and Private IP Address Mappings 54 4.6.1 ... NAT + One-to-One Mapping 57 4.7 Setting Up NAT Forwarding for a Game Server 58 4.7.1 Port Forwarding ...58 4.8 Configuring Firewall Rules to Allow a Specified Service 60 4.9 Configuring Static Route for Routing to Another Network 63 4.10 Port BindingConfiguration ...65 4.10...
...4.4 Setting Up a Secure Wireless Network 45 4.4.1 Configuring the Wireless Network Settings 45 4.4.2 Using WPS ...46 4.4.3 Connecting Wirelessly to your ZyXEL Device 50 4.5 Configuring the MAC Address Filter for Restricting Wireless Internet Access 52 4.6 Multiple Public and Private IP Address Mappings 54 4.6.1 ... NAT + One-to-One Mapping 57 4.7 Setting Up NAT Forwarding for a Game Server 58 4.7.1 Port Forwarding ...58 4.8 Configuring Firewall Rules to Allow a Specified Service 60 4.9 Configuring Static Route for Routing to Another Network 63 4.10 Port BindingConfiguration ...65 4.10...
User Guide
Page 15
...9.6.5 NAT Mapping Types ...161 Chapter 10 Firewall ...163 10.1 Overview ...163 10.1.1 What You Can Do in the Firewall Screens 163 10.1.2 What You Need to Know About Firewall 164 10.2 The Firewall Screen ...166 10.3 The Firewall General Screen ...167 10.4 The Default Action...The DoS Screen ...174 10.6.1 The DoS Advanced Screen 174 10.6.2 Configuring Firewall Thresholds 175 10.7 Firewall Technical Reference ...176 10.7.1 Firewall Rules Overview ...176 10.7.2 Guidelines For Enhancing Security With Your Firewall 177 10.7.3 Security Considerations ...178 10.7.4 Triangle Route ...178 Chapter 11 ...
...9.6.5 NAT Mapping Types ...161 Chapter 10 Firewall ...163 10.1 Overview ...163 10.1.1 What You Can Do in the Firewall Screens 163 10.1.2 What You Need to Know About Firewall 164 10.2 The Firewall Screen ...166 10.3 The Firewall General Screen ...167 10.4 The Default Action...The DoS Screen ...174 10.6.1 The DoS Advanced Screen 174 10.6.2 Configuring Firewall Thresholds 175 10.7 Firewall Technical Reference ...176 10.7.1 Firewall Rules Overview ...176 10.7.2 Guidelines For Enhancing Security With Your Firewall 177 10.7.3 Security Considerations ...178 10.7.4 Triangle Route ...178 Chapter 11 ...
User Guide
Page 23
... of installation and high-speed, shared Internet access. This is also a complete security solution with ease of the following description of the ZyXEL Device using a (supported) web browser. • Command Line Interface. Note: Not all models have all of the features shown in... integrating DSL and NAT, you are ADSL2+ routers. The ZyXEL Device is an auto-configuration server used for troubleshooting by service engineers. • FTP for 1 or 3). Models ending in this series are provided with a robust firewall and content filtering. Refer to share files via a USB...
... of installation and high-speed, shared Internet access. This is also a complete security solution with ease of the following description of the ZyXEL Device using a (supported) web browser. • Command Line Interface. Note: Not all models have all of the features shown in... integrating DSL and NAT, you are ADSL2+ routers. The ZyXEL Device is an auto-configuration server used for troubleshooting by service engineers. • FTP for 1 or 3). Models ending in this series are provided with a robust firewall and content filtering. Refer to share files via a USB...
User Guide
Page 24
... could simply restore your last configuration. 1.4 Applications for the ZyXEL Device Here are not allowed, but you can also configure firewall and filtering feature on the ZyXEL Device for secure Internet access. If you forget your network. When the firewall is on a splitter or your network is blocked unless it... in a safe place. • Back up an earlier configuration file, you would not have to reset the ZyXEL Device to its factory default settings. Use the filtering...
... could simply restore your last configuration. 1.4 Applications for the ZyXEL Device Here are not allowed, but you can also configure firewall and filtering feature on the ZyXEL Device for secure Internet access. If you forget your network. When the firewall is on a splitter or your network is blocked unless it... in a safe place. • Back up an earlier configuration file, you would not have to reset the ZyXEL Device to its factory default settings. Use the filtering...
User Guide
Page 32
...NAT General Use this screen to activate/deactivate the firewall and SPI (Security Parameter Index). Security Firewall Firewall Use this screen to enable NAT. Table 2 Navigation Panel Summary LINK TAB FUNCTION Status This screen shows the ZyXEL Device's general device and network status information. IP...to start dropping sessions that do not become fully established (half-open screens to configure ZyXEL Device features. WPS Station Use this screen to select the firewall protection level. IP/MAC Filter Use this screen to access the statistics and client list...
...NAT General Use this screen to activate/deactivate the firewall and SPI (Security Parameter Index). Security Firewall Firewall Use this screen to enable NAT. Table 2 Navigation Panel Summary LINK TAB FUNCTION Status This screen shows the ZyXEL Device's general device and network status information. IP...to start dropping sessions that do not become fully established (half-open screens to configure ZyXEL Device features. WPS Station Use this screen to select the firewall protection level. IP/MAC Filter Use this screen to access the statistics and client list...
User Guide
Page 38
...is the descriptive name used . Status This displays whether WLAN is functioning as a router or a bridge. Security Firewall This displays whether or not the ZyXEL Device's firewall is activated. Usually, this to go to improve anymore. LAN IPv4/IPv6 This is the MTU (Maximum Transmission... You can change it last started up when you plug it . IPv6 Firewall This displays whether or not the ZyXEL Device's IPv6 firewall is activated. WPS This displays whether WPS is activated. The ZyXEL Device starts up . Chapter 3 Status Screens Table 3 Status Screen LABEL ...
...is the descriptive name used . Status This displays whether WLAN is functioning as a router or a bridge. Security Firewall This displays whether or not the ZyXEL Device's firewall is activated. Usually, this to go to improve anymore. LAN IPv4/IPv6 This is the MTU (Maximum Transmission... You can change it last started up when you plug it . IPv6 Firewall This displays whether or not the ZyXEL Device's IPv6 firewall is activated. WPS This displays whether WPS is activated. The ZyXEL Device starts up . Chapter 3 Status Screens Table 3 Status Screen LABEL ...
User Guide
Page 41
... 52 • Multiple Public and Private IP Address Mappings, see page 54 • Setting Up NAT Forwarding for a Game Server, see page 58 • Configuring Firewall Rules to Allow a Specified Service, see page 60 • Configuring Static Route for Routing to Another Network, see page 63 • Port BindingConfiguration, see... page 65 • Configuring QoS to Prioritize Traffic, see page 71 • How to Use File Sharing on and wait for details on the ZyXEL Device's hardware connection. 2 Connect one end of a DSL cable to the DSL port of Ethernet cable to an Ethernet port on the...
... 52 • Multiple Public and Private IP Address Mappings, see page 54 • Setting Up NAT Forwarding for a Game Server, see page 58 • Configuring Firewall Rules to Allow a Specified Service, see page 60 • Configuring Static Route for Routing to Another Network, see page 63 • Port BindingConfiguration, see... page 65 • Configuring QoS to Prioritize Traffic, see page 71 • How to Use File Sharing on and wait for details on the ZyXEL Device's hardware connection. 2 Connect one end of a DSL cable to the DSL port of Ethernet cable to an Ethernet port on the...
User Guide
Page 60
Tutorial: NAT Port Forwarding Setup LAN WAN A 2 1 1 Click Security > Firewall and select Custom. Click Apply to Allow a Specified Service By default the firewall will show how to LAN if it matches a specified port number. Chapter 4 Tutorials 4.8 Configuring Firewall Rules to save your settings. However, if you are running a server or other service, you may need to allow traffic from WAN to allow access from the WAN (1). Tutorial: Advanced > QoS 60 ADSL Router Series User's Guide The following tutorial will block traffic originating from the WAN (2).
Tutorial: NAT Port Forwarding Setup LAN WAN A 2 1 1 Click Security > Firewall and select Custom. Click Apply to Allow a Specified Service By default the firewall will show how to LAN if it matches a specified port number. Chapter 4 Tutorials 4.8 Configuring Firewall Rules to save your settings. However, if you are running a server or other service, you may need to allow traffic from WAN to allow access from the WAN (1). Tutorial: Advanced > QoS 60 ADSL Router Series User's Guide The following tutorial will block traffic originating from the WAN (2).
User Guide
Page 62
Click Apply to save your settings and Back to return to LAN if it matches port 123. 62 ADSL Router Series User's Guide Chapter 4 Tutorials 4 In the Edit Rule screen, select Active. Tutorial: Advanced > QoS > Queue Setup 5 The firewall rule you configured, My_Service. In the Available Services field, select the service you configured appears in the table. The ZyXEL Device allows traffic from the WAN to the previous screen.
Click Apply to save your settings and Back to return to LAN if it matches port 123. 62 ADSL Router Series User's Guide Chapter 4 Tutorials 4 In the Edit Rule screen, select Active. Tutorial: Advanced > QoS > Queue Setup 5 The firewall rule you configured, My_Service. In the Available Services field, select the service you configured appears in the table. The ZyXEL Device allows traffic from the WAN to the previous screen.
User Guide
Page 65
... Connections This example shows an application for multiple WAN connections with different ATM QoS Settings. More than one WAN connection on the ZyXEL Device may need to additionally configure B's firewall settings to allow specific traffic to pass through. 4.10 Port Binding Configuration This tutorial shows you how to record traffic statistics or...
... Connections This example shows an application for multiple WAN connections with different ATM QoS Settings. More than one WAN connection on the ZyXEL Device may need to additionally configure B's firewall settings to allow specific traffic to pass through. 4.10 Port Binding Configuration This tutorial shows you how to record traffic statistics or...
User Guide
Page 82
...in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. Chapter 5 Internet and Wireless Setup Wizard 5.2.1 Manual Configuration 1 If the ZyXEL Device fails to detect your DSL connection type but the physical line is available. If you . Multiplexing Virtual Circuit ID Select the multiplexing method used...-down list box. If you select Bridge, you select in this screen. Choices vary depending on what you cannot use Firewall, DHCP server and NAT on the ZyXEL Device. Select Bridge when your ISP give you one IP address and you want the connected computers to share an Internet...
...in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. Chapter 5 Internet and Wireless Setup Wizard 5.2.1 Manual Configuration 1 If the ZyXEL Device fails to detect your DSL connection type but the physical line is available. If you . Multiplexing Virtual Circuit ID Select the multiplexing method used...-down list box. If you select Bridge, you select in this screen. Choices vary depending on what you cannot use Firewall, DHCP server and NAT on the ZyXEL Device. Select Bridge when your ISP give you one IP address and you want the connected computers to share an Internet...
User Guide
Page 96
... IPv6/IPv4 Dual Stack PPP Authentication If you want multiple computers to 255. Choices are ANNEX A, ANNEX A/L, ANNEX M and ANNEX A/L/M. The ZyXEL Device supports PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol). Select the type supported by your ISP assigned. however, PAP is... RFC 1483, ENET ENCAP or PPPoE. The valid range for local management of your ISP. If you select Bridge, you cannot use Firewall, DHCP server and NAT on the mode you . Enter the VPI assigned to 31 is reserved for the VCI is readily available on ...
... IPv6/IPv4 Dual Stack PPP Authentication If you want multiple computers to 255. Choices are ANNEX A, ANNEX A/L, ANNEX M and ANNEX A/L/M. The ZyXEL Device supports PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol). Select the type supported by your ISP assigned. however, PAP is... RFC 1483, ENET ENCAP or PPPoE. The valid range for local management of your ISP. If you select Bridge, you cannot use Firewall, DHCP server and NAT on the mode you . Enter the VPI assigned to 31 is reserved for the VCI is readily available on ...
User Guide
Page 114
... displays the IP address relative to the ZyXEL Device. This address follows an industry standard that is unique to your computer (six pairs of a computer on your changes. 7.5 The IP Alias Screen IP alias allows you can also configure firewall rules to control access to the LAN's... logical network (subnet). 114 ADSL Router Series User's Guide MAC Address The MAC (Media Access Control) or Ethernet address on a LAN (Local Area Network) is assigned at the factory. The ZyXEL Device supports multiple logical...
... displays the IP address relative to the ZyXEL Device. This address follows an industry standard that is unique to your computer (six pairs of a computer on your changes. 7.5 The IP Alias Screen IP alias allows you can also configure firewall rules to control access to the LAN's... logical network (subnet). 114 ADSL Router Series User's Guide MAC Address The MAC (Media Access Control) or Ethernet address on a LAN (Local Area Network) is assigned at the factory. The ZyXEL Device supports multiple logical...
User Guide
Page 153
... The most often used . Chapter 9 Network Address Translation (NAT) Table 41 Network > NAT > General (continued) LABEL DESCRIPTION Max NAT/Firewall Session Per User When computers use peer to peer applications, such as file sharing applications, they can establish. Note: Many residential broadband ISP ...Servers Behind Port Forwarding (Example) Let's say you to peer applications, you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for example both FTP and web service), it discovers any server processes (such as for servers and may...
... The most often used . Chapter 9 Network Address Translation (NAT) Table 41 Network > NAT > General (continued) LABEL DESCRIPTION Max NAT/Firewall Session Per User When computers use peer to peer applications, such as file sharing applications, they can establish. Note: Many residential broadband ISP ...Servers Behind Port Forwarding (Example) Let's say you to peer applications, you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for example both FTP and web service), it discovers any server processes (such as for servers and may...
User Guide
Page 160
...inside global address) back to the inside local address before forwarding the packet to the WAN side. With no servers defined, your ZyXEL Device filters out all incoming inquiries, thus preventing intruders from a subscriber (the inside local address) to another (the inside global ... The global IP addresses for communication with hosts on other networks. NAT never changes the IP address (either local or global) of firewall protection. Chapter 9 Network Address Translation (NAT) Table 47 NAT Definitions (continued) ITEM DESCRIPTION Local This refers to the packet address (...
...inside global address) back to the inside local address before forwarding the packet to the WAN side. With no servers defined, your ZyXEL Device filters out all incoming inquiries, thus preventing intruders from a subscriber (the inside local address) to another (the inside global ... The global IP addresses for communication with hosts on other networks. NAT never changes the IP address (either local or global) of firewall protection. Chapter 9 Network Address Translation (NAT) Table 47 NAT Definitions (continued) ITEM DESCRIPTION Local This refers to the packet address (...
User Guide
Page 163
...or disabled. The following figure illustrates the firewall action. Figure 70 Default Firewall Action LAN A WAN 1 2 3 4 10.1.1 What You Can Do in the Firewall Screens • Use the Firewall screen (Section 10.3 on page 167) to enable firewall and/or IPv6 firewall on the ZyXEL Device. • Use the General ... networks. • blocks traffic that do not match any of Death attacks whether the firewall is also allowed (2). By default, the ZyXEL Device blocks DDOS, LAND and Ping of the firewall rules. • Use the Rules screen (Section 10.5 on other traffic initiated from ...
...or disabled. The following figure illustrates the firewall action. Figure 70 Default Firewall Action LAN A WAN 1 2 3 4 10.1.1 What You Can Do in the Firewall Screens • Use the Firewall screen (Section 10.3 on page 167) to enable firewall and/or IPv6 firewall on the ZyXEL Device. • Use the General ... networks. • blocks traffic that do not match any of Death attacks whether the firewall is also allowed (2). By default, the ZyXEL Device blocks DDOS, LAND and Ping of the firewall rules. • Use the Rules screen (Section 10.5 on other traffic initiated from ...
User Guide
Page 164
... attack, hackers flood SYN packets into the network with a connection to the Internet. SPI Stateful Packet Inspection (SPI) tracks each connection crossing the firewall and makes sure it is not to steal information, but also context. Each packet causes the targeted system to issue a SYN-ACK response. Once ... ACK comes back or when an internal timer terminates the three-way handshake. Chapter 10 Firewall • Use the DoS screen (Section 10.6 on page 174) to set the thresholds that the ZyXEL Device uses to determine when to start dropping sessions that 164 ADSL Router Series User's ...
... attack, hackers flood SYN packets into the network with a connection to the Internet. SPI Stateful Packet Inspection (SPI) tracks each connection crossing the firewall and makes sure it is not to steal information, but also context. Each packet causes the targeted system to issue a SYN-ACK response. Once ... ACK comes back or when an internal timer terminates the three-way handshake. Chapter 10 Firewall • Use the DoS screen (Section 10.6 on page 174) to set the thresholds that the ZyXEL Device uses to determine when to start dropping sessions that 164 ADSL Router Series User's ...
User Guide
Page 165
... when unsupported ports are critical for establishing and maintaining communications, filtering policy focuses on your ZyXEL Device, an ICMP response packet is a message control and error-reporting protocol between a host server and a gateway to the application user. ...the Internet. ICMP Internet Control Message Protocol (ICMP) is automatically returned. DoS Thresholds For DoS attacks, the ZyXEL Device uses thresholds to determine when to all sessions. Chapter 10 Firewall can change them to values more suitable to your security requirements. Anti-Probing If an outside user to ...
... when unsupported ports are critical for establishing and maintaining communications, filtering policy focuses on your ZyXEL Device, an ICMP response packet is a message control and error-reporting protocol between a host server and a gateway to the application user. ...the Internet. ICMP Internet Control Message Protocol (ICMP) is automatically returned. DoS Thresholds For DoS attacks, the ZyXEL Device uses thresholds to determine when to all sessions. Chapter 10 Firewall can change them to values more suitable to your security requirements. Anti-Probing If an outside user to ...