User Guide
Page 3
...want to help for more information about the device, its features, and its configuration. • ZyXEL Web Site Please refer to manage. Intended Audience This manual is designed to configure Vantage CNM using the web configurator. Note: It is recommended you are unable to find a specific screen... or field in this User's Guide use the web configurator to : techwriters@zyxel.com.tw Thank you! If ...
...want to help for more information about the device, its features, and its configuration. • ZyXEL Web Site Please refer to manage. Intended Audience This manual is designed to configure Vantage CNM using the web configurator. Note: It is recommended you are unable to find a specific screen... or field in this User's Guide use the web configurator to : techwriters@zyxel.com.tw Thank you! If ...
User Guide
Page 10
...) ...138 6.3.2 Add/Edit an IKE Gateway Policy 139 6.3.3 Add/Edit an IKE Network Policy 148 6.3.4 Move an IKE Network Policy 154 6.3.5 VPN Rules (Manual 154 6.3.6 Add/Edit an Manual VPN Rule 157 6.3.7 VPN Global Setting 160 6.4 Anti-Virus ...162 6.4.1 General Anti-Virus Setup 162 6.5 Anti-Spam ...164 6.5.1 Anti-Spam General Screen 164...
...) ...138 6.3.2 Add/Edit an IKE Gateway Policy 139 6.3.3 Add/Edit an IKE Network Policy 148 6.3.4 Move an IKE Network Policy 154 6.3.5 VPN Rules (Manual 154 6.3.6 Add/Edit an Manual VPN Rule 157 6.3.7 VPN Global Setting 160 6.4 Anti-Virus ...162 6.4.1 General Anti-Virus Setup 162 6.5 Anti-Spam ...164 6.5.1 Anti-Spam General Screen 164...
User Guide
Page 13
... IPSec VPN...323 11.1 The IPSec VPN Connection Screen 323 11.1.1 The IPSec VPN Connection Add/Edit Screen 325 11.1.2 IPSec VPN Connection Add/Edit (Manual Key 331 11.2 The VPN Gateway Screen 335 11.2.1 The VPN Gateway Add/Edit Screen 336 11.3 The VPN Concentrator Screen 343 11.3.1 The VPN...
... IPSec VPN...323 11.1 The IPSec VPN Connection Screen 323 11.1.1 The IPSec VPN Connection Add/Edit Screen 325 11.1.2 IPSec VPN Connection Add/Edit (Manual Key 331 11.2 The VPN Gateway Screen 335 11.2.1 The VPN Gateway Add/Edit Screen 336 11.3 The VPN Concentrator Screen 343 11.3.1 The VPN...
User Guide
Page 53
... States on the last Sunday of seconds since 1970/1/1 at 0:0:0. The default, NTP (RFC-1305), is similar to enter the time and date manually. Enter the IP address or domain name of April. Here are unsure of the server. The main difference between your location. Time (RFC-868...may have to find a protocol that your timeserver sends when you turn on your ISP/network administrator if you would select Last, Sunday, March. Vantage CNM User's Guide 53 Time Server Address Time Zone Daylight Savings Select None to Time (RFC 868). The o'clock field uses the 24 hour format...
... States on the last Sunday of seconds since 1970/1/1 at 0:0:0. The default, NTP (RFC-1305), is similar to enter the time and date manually. Enter the IP address or domain name of April. Here are unsure of the server. The main difference between your location. Time (RFC-868...may have to find a protocol that your timeserver sends when you turn on your ISP/network administrator if you would select Last, Sunday, March. Vantage CNM User's Guide 53 Time Server Address Time Zone Daylight Savings Select None to Time (RFC 868). The o'clock field uses the 24 hour format...
User Guide
Page 57
...mask based on your network and the IP addresses that they are enabled if the DHCP Mode is 255.255.255.0. Unless you must be manually configured. Both is the factory default. Table 13 Device Operation > Device Configuration > LAN > LAN (ZyNOS ZyWALL) LABEL DESCRIPTION DHCP Mode ...broadcasts its routing table periodically. When set to use the specific DNS server. The WINS server keeps a mapping table of an IP address. Vantage CNM User's Guide 57 Use dotted decimal notation. when set as a server, fill in the DHCP Server IP field. Third DNS Server Select User...
...mask based on your network and the IP addresses that they are enabled if the DHCP Mode is 255.255.255.0. Unless you must be manually configured. Both is the factory default. Table 13 Device Operation > Device Configuration > LAN > LAN (ZyNOS ZyWALL) LABEL DESCRIPTION DHCP Mode ...broadcasts its routing table periodically. When set to use the specific DNS server. The WINS server keeps a mapping table of an IP address. Vantage CNM User's Guide 57 Use dotted decimal notation. when set as a server, fill in the DHCP Server IP field. Third DNS Server Select User...
User Guide
Page 58
... Dynamic IP/ MAC binding Select this to allow traffic only from WAN port 1 to the LAN. This is done by the the selected device or manually set to block WAN port 1 to LAN traffic, you would like to read more information. These IP addresses are TCP or UDP broadcast packets that... address and so will not receive the RIP packets. However it may sometimes be necessary to allow packets from WAN port 1 to the LAN. 58 Vantage CNM User's Guide Clear this check box to forward NetBIOS packets from the LAN to WAN port 1and from devices on non-router machines since they...
... Dynamic IP/ MAC binding Select this to allow traffic only from WAN port 1 to the LAN. This is done by the the selected device or manually set to block WAN port 1 to LAN traffic, you would like to read more information. These IP addresses are TCP or UDP broadcast packets that... address and so will not receive the RIP packets. However it may sometimes be necessary to allow packets from WAN port 1 to the LAN. 58 Vantage CNM User's Guide Clear this check box to forward NetBIOS packets from the LAN to WAN port 1and from devices on non-router machines since they...
User Guide
Page 97
... TCP/IP Options Budget PAP - If the Primary Phone number is less than the time period configured in the Period field. Consult the manual of your WAN device connected to wait before the phone number for how often the budget should be used during the time that you set...as required. Options are : 9600, 19200, 38400, 57600, 115200 or 230400 bps. Type the number of seconds of time (in hours) for local calls. Vantage CNM User's Guide 97 The device accepts either CHAP or PAP when requested by this screen afresh. Type the time period (in minutes) that is busy...
... TCP/IP Options Budget PAP - If the Primary Phone number is less than the time period configured in the Period field. Consult the manual of your WAN device connected to wait before the phone number for how often the budget should be used during the time that you set...as required. Options are : 9600, 19200, 38400, 57600, 115200 or 230400 bps. Type the number of seconds of time (in hours) for local calls. Vantage CNM User's Guide 97 The device accepts either CHAP or PAP when requested by this screen afresh. Type the time period (in minutes) that is busy...
User Guide
Page 99
... for CLID authentication. Speed Type the keyword preceding the connection speed. Chapter 5 Device Network Settings Note: Consult the manual of your WAN device connected to your modem has a slow response time. ~~+++~~ ath Answer Type the AT Command string to answer a call. CONNECT Call Control Vantage CNM User's Guide 99 CLID is sent out.
... for CLID authentication. Speed Type the keyword preceding the connection speed. Chapter 5 Device Network Settings Note: Consult the manual of your WAN device connected to your modem has a slow response time. ~~+++~~ ath Answer Type the AT Command string to answer a call. CONNECT Call Control Vantage CNM User's Guide 99 CLID is sent out.
User Guide
Page 110
...Multicasting can reduce the load on RIP (Routing Information Protocol), which allows a router to exchange routing information with other routers. Consult the manual of NAT that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. The RIP Direction field controls the sending and receiving of the ... the beginning of RIP packets. Enable RIP RIP Direction SUA (Single User Account) is a network-layer protocol used to carry user data. 110 Vantage CNM User's Guide Select this remote node. IGMP is a subset of your WAN device connected to initialize the WAN device.
...Multicasting can reduce the load on RIP (Routing Information Protocol), which allows a router to exchange routing information with other routers. Consult the manual of NAT that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. The RIP Direction field controls the sending and receiving of the ... the beginning of RIP packets. Enable RIP RIP Direction SUA (Single User Account) is a network-layer protocol used to carry user data. 110 Vantage CNM User's Guide Select this remote node. IGMP is a subset of your WAN device connected to initialize the WAN device.
User Guide
Page 141
... the IP address (static or dynamic) of the primary (highest priority) WAN port to set to a specified domain name. Enter the domain name associated with manual key management. You may use any character, including spaces, but not with AH protocol nor with the device in the VPN tunnel. Domain Name: The... address (static or dynamic) of the WAN port that is in this field is configured as the corresponding WAN1 or WAN2 connection is IP Address. Vantage CNM User's Guide 141 You can use . • When the WAN port operation mode is specified.
... the IP address (static or dynamic) of the primary (highest priority) WAN port to set to a specified domain name. Enter the domain name associated with manual key management. You may use any character, including spaces, but not with AH protocol nor with the device in the VPN tunnel. Domain Name: The... address (static or dynamic) of the WAN port that is in this field is configured as the corresponding WAN1 or WAN2 connection is IP Address. Vantage CNM User's Guide 141 You can use . • When the WAN port operation mode is specified.
User Guide
Page 154
... The following table describes the labels in the menu bar and then click Device Configuration > Security > VPN > VPN Rules (Manual) tab to open the VPN 154 Vantage CNM User's Guide Local Network This field displays one or a range of IP address(es) of a VPN rule (or gateway policy...to any network policy(ies) without an associated gateway policy. Gateway Policy Information Gateway Policy Select the name of the remote network behind the Vantage CNM. Click this to save the changes. Chapter 6 Device Security Settings 6.3.4 Move an IKE Network Policy In the VPN Rule (IKE) screen,...
... The following table describes the labels in the menu bar and then click Device Configuration > Security > VPN > VPN Rules (Manual) tab to open the VPN 154 Vantage CNM User's Guide Local Network This field displays one or a range of IP address(es) of a VPN rule (or gateway policy...to any network policy(ies) without an associated gateway policy. Gateway Policy Information Gateway Policy Select the name of the remote network behind the Vantage CNM. Click this to save the changes. Chapter 6 Device Security Settings 6.3.4 Move an IKE Network Policy In the VPN Rule (IKE) screen,...
User Guide
Page 155
... Security Settings Rules screen. Table 53 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) LABEL DESCRIPTION # This is active or not. Active This field displays whether the VPN policy is the VPN policy index number. Vantage CNM User's Guide 155 Local IP Address This is not active. Name This field displays the...
... Security Settings Rules screen. Table 53 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) LABEL DESCRIPTION # This is active or not. Active This field displays whether the VPN policy is the VPN policy index number. Vantage CNM User's Guide 155 Local IP Address This is not active. Name This field displays the...
User Guide
Page 156
...the Remote Network Address Type field in the page list. 156 Vantage CNM User's Guide This field displays Tunnel or Transport mode (Tunnel is deleted, subsequent policies move up in the VPN - When a VPN policy is the default selection). Manual Key - Edit screen is the IP address(es) of ...the remote IPSec router. Click Add to delete the VPN rule. This field displays N/A when the Remote Gateway Address field displays 0.0.0.0. Manual Key - Manual Key - Select a policy and click Remove to delete the VPN policy. In this to modify an existing VPN policy. Both AH and ESP...
...the Remote Network Address Type field in the page list. 156 Vantage CNM User's Guide This field displays Tunnel or Transport mode (Tunnel is deleted, subsequent policies move up in the VPN - When a VPN policy is the default selection). Manual Key - Edit screen is the IP address(es) of ...the remote IPSec router. Click Add to delete the VPN rule. This field displays N/A when the Remote Gateway Address field displays 0.0.0.0. Manual Key - Manual Key - Select a policy and click Remove to delete the VPN policy. In this to modify an existing VPN policy. Both AH and ESP...
User Guide
Page 157
...this check box to activate this screen to configure a new or an existing manual VPN rule. Use this VPN policy. Figure 62 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) > Add/Edit The following table describes the labels in this screen, ...click Add or Edit in the Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) screen. Chapter 6 Device Security Settings 6.3.6 Add/Edit an Manual VPN Rule To open this screen. Vantage CNM User's Guide 157...
...this check box to activate this screen to configure a new or an existing manual VPN rule. Use this VPN policy. Figure 62 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) > Add/Edit The following table describes the labels in this screen, ...click Add or Edit in the Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) screen. Chapter 6 Device Security Settings 6.3.6 Add/Edit an Manual VPN Rule To open this screen. Vantage CNM User's Guide 157...
User Guide
Page 158
...IP addresses must be necessary to allow local computers to find other computers. You can have the same local or remote IP address, but the Vantage CNM drops trailing spaces. When the Address Type field is configured to Subnet, this is a (static) IP address on the LAN behind the device... and vice versa. Remote Gateway Address Type the IP address of computers on the LAN behind the device. Manual Proposal SPI Type a number (base 10) from the drop-down list box. 158 Vantage CNM User's Guide Local / Remote Network Select this is a subnet mask on the LAN behind the device....
...IP addresses must be necessary to allow local computers to find other computers. You can have the same local or remote IP address, but the Vantage CNM drops trailing spaces. When the Address Type field is configured to Subnet, this is a (static) IP address on the LAN behind the device... and vice versa. Remote Gateway Address Type the IP address of computers on the LAN behind the device. Manual Proposal SPI Type a number (base 10) from the drop-down list box. 158 Vantage CNM User's Guide Local / Remote Network Select this is a subnet mask on the LAN behind the device....
User Guide
Page 159
... the messages. Click this screen afresh. Chapter 6 Device Security Settings Table 54 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) > Add/Edit (continued) LABEL DESCRIPTION Active Protocol Select ESP if you want to use AH (Authentication Header Protocol). The ESP protocol (RFC 2406...which the ESP was designed for which can be used, including spaces, but trailing spaces are hash algorithms used to the device. Vantage CNM User's Guide 159 With 3DES, type a unique key 24 ASCII characters long. Click this to begin configuring this to save your ...
... the messages. Click this screen afresh. Chapter 6 Device Security Settings Table 54 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) > Add/Edit (continued) LABEL DESCRIPTION Active Protocol Select ESP if you want to use AH (Authentication Header Protocol). The ESP protocol (RFC 2406...which the ESP was designed for which can be used, including spaces, but trailing spaces are hash algorithms used to the device. Vantage CNM User's Guide 159 With 3DES, type a unique key 24 ASCII characters long. Click this to begin configuring this to save your ...
User Guide
Page 161
...by VPN based on your LAN because the device automatically triggers a VPN tunnel to make sure that are affecting your throughput performance, you can manually set to configure a VPN policy with the same IP address. Specify a size from 0~1460 bytes. 0 has the device use the auto ...is enabled if Adjust TCP Maximum Segment Size is User Define. Click this screen afresh. Specify the Maximum Segment Size (MSS) for VPN. Vantage CNM User's Guide 161 The device fragments packets that are larger than a connection's MTU (Maximum Transmit Unit). The device rebuilds the VPN tunnel if...
...by VPN based on your LAN because the device automatically triggers a VPN tunnel to make sure that are affecting your throughput performance, you can manually set to configure a VPN policy with the same IP address. Specify a size from 0~1460 bytes. 0 has the device use the auto ...is enabled if Adjust TCP Maximum Segment Size is User Define. Click this screen afresh. Specify the Maximum Segment Size (MSS) for VPN. Vantage CNM User's Guide 161 The device fragments packets that are larger than a connection's MTU (Maximum Transmit Unit). The device rebuilds the VPN tunnel if...
User Guide
Page 236
Select User-Defined if you have their DNS server addresses manually configured. Select DNS Relay to None after you select DNS Relay for a second or third DNS server, that choice changes to have another DHCP sever ... ISP assigns in the field to configure the Remote MGMT screens. The device's LAN, DMZ or WLAN IP address displays in the navigation panel. 236 Vantage CNM User's Guide Chapter 7 Device Advanced Settings Table 93 Device Operation > Device Configuration > Advanced > DNS > DHCP LABEL DESCRIPTION IP Select From ISP if your changes back...
Select User-Defined if you have their DNS server addresses manually configured. Select DNS Relay to None after you select DNS Relay for a second or third DNS server, that choice changes to have another DHCP sever ... ISP assigns in the field to configure the Remote MGMT screens. The device's LAN, DMZ or WLAN IP address displays in the navigation panel. 236 Vantage CNM User's Guide Chapter 7 Device Advanced Settings Table 93 Device Operation > Device Configuration > Advanced > DNS > DHCP LABEL DESCRIPTION IP Select From ISP if your changes back...
User Guide
Page 251
... address for all computers in dot decimal notation. The gateway should be up to 60 characters long. The lower the number, the higher the priority. Vantage CNM User's Guide 251 See Chapter 36 on this priority. This field is enabled if you select Use Fixed IP Address. Metric Enter the priority of... traffic, in this if you select Use Fixed IP Address. This is enabled if you want to specify the IP address, subnet mask, and gateway manually. Interface Parameters Upstream Bandwidth Enter the maximum amount of the Ethernet interface.
... address for all computers in dot decimal notation. The gateway should be up to 60 characters long. The lower the number, the higher the priority. Vantage CNM User's Guide 251 See Chapter 36 on this priority. This field is enabled if you select Use Fixed IP Address. Metric Enter the priority of... traffic, in this if you select Use Fixed IP Address. This is enabled if you want to specify the IP address, subnet mask, and gateway manually. Interface Parameters Upstream Bandwidth Enter the maximum amount of the Ethernet interface.
User Guide
Page 259
...an interface, click the Active icon next to it . Click this to begin configuring this icon to test the interface or to manually establish the connection. To create an interface, click the Add icon at the top of WPA). With WPA or WPA2, users have... that every wireless client in the wireless network supports. Apply Reset To connect or disconnect an interface, click the Connect icon next to it . Vantage CNM User's Guide 259 WPA and WPA2 are also called user authentication. Chapter 9 Device Network Settings Table 99 Device Operation > Device Configuration > Network ...
...an interface, click the Active icon next to it . Click this to begin configuring this icon to test the interface or to manually establish the connection. To create an interface, click the Add icon at the top of WPA). With WPA or WPA2, users have... that every wireless client in the wireless network supports. Apply Reset To connect or disconnect an interface, click the Connect icon next to it . Vantage CNM User's Guide 259 WPA and WPA2 are also called user authentication. Chapter 9 Device Network Settings Table 99 Device Operation > Device Configuration > Network ...