Zyxel-communications Broadband Security Gateway P-312 Manual de usuario

Prestige 312Broadband Security GatewayUser’s GuideVersion 3.20November 2000

P312 Broadband Security GatewayxTable Of Contents2.10.1 LAN Port Filter Setup ...

P312 Broadband Security GatewayFilters 7-5Figure 7-6 NetBIOS_WAN Filter Rules SummaryFigure 7-7 NetBIOS _LAN Filter Rules SummaryFigure 7-8 TEL_FT

P312 Broadband Security Gateway7-6 Filters7.2.1 Filter Rules Summary MenuThis screen shows the summary of the existing rules in the filter set. The

P312 Broadband Security GatewayFilters 7-7The protocol dependent filter rules abbreviation are listed as follows:! If the filter type is IP, the fol

P312 Broadband Security Gateway7-8 FiltersFigure 7-9 Menu 21.1.1.1 - TCP/IP Filter RuleThe following table describes how to configure your TCP/IP fil

P312 Broadband Security GatewayFilters 7-9Field Description Optiondon’t-care if it is 0.Destination: Port #CompSelect the comparison to apply to the

P312 Broadband Security Gateway7-10 FiltersField Description OptionOnce you have completed filling in Menu 21.1.1.1 - TCP/IP Filter Rule, press [Ente

P312 Broadband Security GatewayFilters 7-11Packetinto IP FilterMatchedMatchedYesAction MatchedAction Not MatchedMore?NoFilter Active?CheckIP Protocol

P312 Broadband Security Gateway7-12 Filters7.2.4 Generic Filter RuleThis section shows you how to configure a generic filter rule. The purpose of g

P312 Broadband Security GatewayFilters 7-13The following table describes the fields in the Generic Filter Rule Menu.Table 7-5 Generic Filter Rule Me

P312 Broadband Security Gateway7-14 FiltersDropOnce you have completed filling in Menu 21.4.1.1 - Generic Filter Rule, press [Enter] at the message[P

P312 Broadband Security GatewayTable Of Contents xi6.1.4 NAT Mapping Types...

P312 Broadband Security GatewayFilters 7-15Figure 7-13 Example Filter – Menu 21.1.1.1When you press [Enter] to confirm, you will see the following s

P312 Broadband Security Gateway7-16 FiltersFigure 7-14 Example Filter Rules Summary – Menu 21.1.3After you’ve created the filter set, you must apply

P312 Broadband Security GatewayFilters 7-17packets and after NAT for incoming packets. On the other hand, the generic, or device filters are applied

P312 Broadband Security Gateway7-18 FiltersFigure 7-16 Filtering LAN Traffic7.6.2 Remote Node FiltersGo to Menu 11.5 (shown below – note that call

P312 Broadband Security GatewaySNMP 8-1Chapter 8SNMP ConfigurationThis chapter discusses SNMP (Simple Network Management Protocol) for network manage

P312 Broadband Security Gateway8-2 SNMPThe following table describes the SNMP configuration parameters.Table 8-1 SNMP Configuration Menu FieldsField

P312 Broadband Security GatewaySystem Information & Diagnosis 9-1Chapter 9System Information & DiagnosisThis chapter talks you through SMT M

P312 Broadband Security Gateway9-2 System Information & Diagnosis9.1 System StatusThe first selection, System Status, gives you information on th

P312 Broadband Security GatewaySystem Information & Diagnosis 9-3The following table describes the fields present in Menu 24.1 - System Maintena

P312 Broadband Security Gateway9-4 System Information & Diagnosis9.2 System Information and Console Port SpeedThis section describes your system

P312 Broadband Security GatewayxiiTable Of Contents9.1 System Status...

P312 Broadband Security GatewaySystem Information & Diagnosis 9-5Table 9-2 Fields in System MaintenanceField DescriptionName This is the Prest

P312 Broadband Security Gateway9-6 System Information & Diagnosis9.3.1 Viewing Error LogThe first place you should look for clues when something

P312 Broadband Security GatewaySystem Information & Diagnosis 9-7Figure 9-8 Menu 24.3.2 - System Maintenance – UNIX SyslogYou need to configure

P312 Broadband Security Gateway9-8 System Information & Diagnosis1. CDRCDR Message FormatSdcmdSyslogSend( SYSLOG_CDR, SYSLOG_INFO, String );Stri

P312 Broadband Security GatewaySystem Information & Diagnosis 9-9Mar 03 10:39:43 202.132.155.97 ZyXEL:GEN[fffffffffffnordff0080] }S05>R01mFMa

P312 Broadband Security Gateway9-10 System Information & Diagnosis9.3.3 Call-Triggering PacketCall-Triggering Packet displays information about t

P312 Broadband Security GatewaySystem Information & Diagnosis 9-11Figure 9-10 Menu 24.4 - System Maintenance - DiagnosticFollow the procedure be

P312 Broadband Security Gateway9-12 System Information & DiagnosisFigure 9-11 WAN & LAN DHCPThe following table describes the diagnostic test

P312 Broadband Security GatewayTransferring Files 10-1Chapter 10Transferring FilesThis chapter tells you how to back up and restore your configurati

P312 Broadband Security Gateway10-2 Transferring FilesTable 10-1 Filename ConventionsFile Type InternalNameExternalNameDescription ATCommandConfigur

P312 Broadband Security GatewayTable Of Contents xiii12.2 Telnet Under NAT...

P312 Broadband Security GatewayTransferring Files 10-310.3 Restore ConfigurationMenu 24.6 -- System Maintenance - Restore Configuration allows you t

P312 Broadband Security Gateway10-4 Transferring FilesStep 4. After successful firmware upload, enter atgo to restart the Prestige.Figure 10-4 Menu

P312 Broadband Security GatewayTransferring Files 10-5Figure 10-5 Menu 24.7.2 - System Maintenance - Upload Router Configuration File10.5 TFTP File

P312 Broadband Security Gateway10-6 Transferring FilesNote: If you upload the firmware to the Prestige, it will reboot automatically when thefile tra

P312 Broadband Security GatewayTransferring Files 10-710.6 FTP File TransferIn addition to uploading the firmware and configuration via the console

P312 Broadband Security Gateway10-8 Transferring FilesFigure 10-7 Telnet into Menu 24.7.2 - System MaintenanceTo transfer the firmware and the config

P312 Broadband Security GatewayTransferring Files 10-9Figure 10-8 FTP Session ExampleThe system reboots after a successful upload.The following tab

P312 Broadband Security GatewaySystem Maintenance & Information 11-1Chapter 11 System Maintenance & InformationThis chapter leads you throug

P312 Broadband Security Gateway11-2 System Maintenance & Information11.2 Call Control SupportThe Prestige provides two call control functions: bu

P312 Broadband Security GatewayxivTable Of Contents15.3 E-Mail ...

P312 Broadband Security GatewaySystem Maintenance & Information 11-3The total budget is the time limit on the accumulated time for outgoing call

P312 Broadband Security Gateway11-4 System Maintenance & InformationTable 11-2 Call History FieldsField DescriptionPhone Number The PPPoE servic

P312 Broadband Security GatewaySystem Maintenance & Information 11-5Figure 11-6 System Maintenance – Time and Date SettingTable 11-3 Time and

P312 Broadband Security Gateway11-6 System Maintenance & Informationzone and Greenwich mean Time (GMT). Be aware if/when daylightsavings time alt

P312 Broadband Security GatewaySystem Maintenance & Information 11-7Table 11-4 Menu 24.11 - Remote Management ControlField Description OptionFT

P312 Broadband Security Gateway11-8 System Maintenance & InformationFigure 11-9 Boot Module Commands======= Debug Command Listing =======AT

P312 Broadband Security GatewayTelnet 12-1Chapter 12Telnet Configuration and CapabilitiesThis chapter covers the Telnet Configuration and Capabiliti

P312 Broadband Security Gateway12-2 Telnet12.3.2 System TimeoutThere is a system timeout of 5 minutes (300 seconds) for either the console port or te

Firewall and Content FiltersIVPart IV: Firewall and Content FiltersChapters 13 – 20 describe types of firewalls, how to configure your Prestige firewa

P312 Broadband Security GatewayWhat Is a Firewall? 13-1Chapter 13What is a FirewallThis chapter gives some background information on firewalls.Origi

P312 Broadband Security GatewayTable Of Contents xv20.1 Restrict Web Features...

P312 Broadband Security Gateway13-2 What Is a Firewall?needed to filter application traffic and direct it to a number of specific systems. The route

P312 Broadband Security GatewayWhat Is a Firewall? 13-3Figure 13-1 Prestige Firewall Application13.3 Denial of ServiceDenials of Service (DoS) att

P312 Broadband Security Gateway13-4 What Is a Firewall?Table 13-1 Common IP Ports21 FTP 53 DNS23 Telnet 80 HTTP25 SMTP 110 POP313.3.2 Types of DoS a

P312 Broadband Security GatewayWhat Is a Firewall? 13-5Under normal circumstances, the application that initiates a session sends a SYN (synchronize

P312 Broadband Security Gateway13-6 What Is a Firewall?Figure 13-4 Smurf Attack4. Often, many DoS attacks also employ a technique known as "IP

P312 Broadband Security GatewayWhat Is a Firewall? 13-7Figure 13-5 Stateful InspectionFigure 13-5 shows the Prestige’s default firewall rules in act

P312 Broadband Security Gateway13-8 What Is a Firewall?7. The packet is inspected by a firewall rule, and the connection's state table entry i

P312 Broadband Security GatewayWhat Is a Firewall? 13-9When any subsequent packet hits the box (from the Internet or from the LAN), its connection i

P312 Broadband Security Gateway13-10 What Is a Firewall?3. Limit who can Telnet into your router.4. Don't enable any local service (such as S

P312 Broadband Security GatewayWhat Is a Firewall? 13-1112. Always shred confidential information, particularly about your computer, before throwin

P312 Broadband Security Gatewayxvi List Of FiguresList of FiguresFigure 1-1 Secure Internet Access via Cable...

P312 Broadband Security GatewayIntroducing the Prestige Firewall 14-1Chapter 14Introducing the Prestige FirewallThis chapter shows you how to get sta

P312 Broadband Security Gateway14-2 Introducing the Prestige FirewallFigure 14-3 Menu 21.2 – Firewall SetupPlease note that you can only configure t

P312 Broadband Security GatewayIntroducing the Prestige Firewall 14-3ICMP EchoA brute-force attack, such as a "Smurf" attack, targets a fea

P312 Broadband Security Gateway14-4 Introducing the Prestige FirewallTracerouteTraceroute is a utility used to determine the path a packet takes bet

P312 Broadband Security GatewayIntroducing the Prestige Firewall 14-5Table 14-4 View Firewall LogField Description# This is the index number of the f

P312 Broadband Security Gateway14-6 Introducing the Prestige FirewallFigure 14-5 Big Picture - Filtering, Firewall and NAT14.3 Packet Filtering Vs

P312 Broadband Security GatewayIntroducing the Prestige Firewall 14-7When To Use Filtering1. To block/allow LAN packets by their MAC address.2. To

P312 Broadband Security GatewayIntroducing the Prestige Web Configurator 15-1Chapter 15Introducing the Prestige Web ConfiguratorThis chapter shows yo

P312 Broadband Security GatewayList Of Figures xviiFigure 4-5 Remote Node Network Layer Options...

P312 Broadband Security Gateway15-2 Introducing the Prestige Web ConfiguratorFigure 15-2 Prestige Web Configurator Welcome Screen15.2 Enabling the

P312 Broadband Security GatewayIntroducing the Prestige Web Configurator 15-3Figure 15-3 Enabling the Firewall15.3 E-MailThis screen allows you to sp

P312 Broadband Security Gateway15-4 Introducing the Prestige Web ConfiguratorTo field and schedule times for sending alerts in the Alert Timer field

P312 Broadband Security GatewayIntroducing the Prestige Web Configurator 15-5Table 15-1 E-MailField Description OptionsAddress InformationMail Server

P312 Broadband Security Gateway15-6 Introducing the Prestige Web Configurator15.3.3 SMTP Error MessagesIf there are difficulties in sending e-mail t

P312 Broadband Security GatewayIntroducing the Prestige Web Configurator 15-7Figure 15-5 E-Mail Log15.4 Attack AlertIn this screen you may choose to

P312 Broadband Security Gateway15-8 Introducing the Prestige Web ConfiguratorYou can use the default threshold values, or you can change them to val

P312 Broadband Security GatewayIntroducing the Prestige Web Configurator 15-9The Prestige deletes the oldest existing half-open session for the host

P312 Broadband Security Gateway15-10 Introducing the Prestige Web ConfiguratorTable 15-3 Attack AlertField Description Default ValuesGenerate alert

P312 Broadband Security GatewayIntroducing the Prestige Web Configurator 15-11Field Description Default Valuesrises above this number, the Prestigede

P312 Broadband Security Gatewayxviii List Of FiguresFigure 6-22 Example 4- Menu 15.1.1.1 - Address Mapping Rule...

P312 Broadband Security GatewayCreating Custom Rules 16-1Chapter 16Creating Custom Rules16.1 Rules OverviewFirewall rules are subdivided into “Local

P312 Broadband Security Gateway16-2 Creating Custom Rules5. What computers on the LAN are to be affected (if any)?6. What computers on the Interne

P312 Broadband Security GatewayCreating Custom Rules 16-316.3 Connection DirectionThis section talks about configuring firewall rules for connections

P312 Broadband Security Gateway16-4 Creating Custom RulesFigure 16-2 WAN to LAN Traffic16.4 Services SupportedThe list box in the Rule Config(uratio

P312 Broadband Security GatewayCreating Custom Rules 16-5Table 16-1 Services SupportedSERVICE DESCRIPTIONBGP(TCP:179) Border Gateway ProtocolBOOTP_CL

P312 Broadband Security Gateway16-6 Creating Custom Rules16.5 Rule SummaryThe fields in the Rule Summary screens are the same for Local Network and

P312 Broadband Security GatewayCreating Custom Rules 16-7Table 16-2 Firewall Rules Summary – First ScreenField Description OptionGeneralName This is

P312 Broadband Security Gateway16-8 Creating Custom RulesField Description Optionsection 16.5.1 for more details.Delete Press this button to delete

P312 Broadband Security GatewayCreating Custom Rules 16-9Figure 16-4 Creating/Editing A Firewall RuleTable 16-3 Creating/Editing A Firewall RuleField

P312 Broadband Security GatewayList Of Figures xixFigure 9-9 Call-Triggering Packet Example ...

P312 Broadband Security Gateway16-10 Creating Custom RulesField Description Optionfrom the Available Services box on the left,then press >> to

P312 Broadband Security GatewayCreating Custom Rules 16-11Figure 16-5 Adding/Editing Source & Destination AddressesTable 16-4 Adding/Editing Sour

P312 Broadband Security Gateway16-12 Creating Custom RulesWhen you have finished, click Apply to save your customized settings and exit this screen,

P312 Broadband Security GatewayCreating Custom Rules 16-13Figure 16-6 Timeout Screen

P312 Broadband Security Gateway16-14 Creating Custom RulesTable 16-5 Timeout MenuField Description Default ValueTCP Timeout ValuesConnection Timeout

P312 Broadband Security GatewayCustom Ports 17-1Chapter 17Custom Ports17.1 IntroductionYou will need to configure customized ports for services not i

P312 Broadband Security Gateway17-2 Custom PortsTable 17-1 Custom PortsField DescriptionCustomized ServicesNo This is the number of your customized

P312 Broadband Security GatewayCustom Ports 17-3Figure 17-2 Creating/Editing A Custom PortThe next table describes the fields in this screen.

P312 Broadband Security Gateway17-4 Custom PortsTable 17-2 Creating/Editing A Custom PortField Description OptionService Name Enter a unique name fo

P312 Broadband Security GatewayLogs 18-1Chapter 18Logs18.1 Log ScreenWhen you configure a new rule you also have the option to log events that match,

P312 Broadband Security Gatewayii CopyrightPrestige 312Broadband Security GatewayCopyrightCopyright © 2000 by ZyXEL Communications Corporation.The co

P312 Broadband Security Gatewayxx List Of FiguresFigure 14-2 Menu 21 - Filter and Firewall Setup ...

P312 Broadband Security Gateway18-2 LogsTable 18-1 Log ScreenField DescriptionNo. This is the index number of the firewall log. 128 entries are avai

P312 Broadband Security GatewayLogs 18-3Field DescriptionWhen you have finished viewing this screen, click another link to exit.

P312 Broadband Security GatewayExample Firewall Rules 19-1Chapter 19 Example Firewall Rules19.1 ExamplesPlease note that whenever you open a hole in

P312 Broadband Security Gateway19-2 Examples Firewall RulesFigure 19-1 Activate The FirewallStep 2. Now we configure our E-mail screen as follows.

P312 Broadband Security GatewayExample Firewall Rules 19-3Figure 19-2 Example 1 – E-Mail ScreenStep 3. Now we configure our firewall rule as shown i

P312 Broadband Security Gateway19-4 Examples Firewall RulesFigure 19-3 Example 1 – Configuring A RuleThis is an Internet toLocal Network rule.Click

P312 Broadband Security GatewayExample Firewall Rules 19-5Figure 19-4 Example 1: Destination Address for Traffic Originating From The Internet10.100.

P312 Broadband Security Gateway19-6 Examples Firewall RulesFigure 19-5 Example 1 - Rule Summary Screen19.1.2 Example 2 – Small Office With Mail, FTP

P312 Broadband Security GatewayExample Firewall Rules 19-7Step 1. First we want to send alerts when there is an attack. Go to the Attack Alert scree

P312 Broadband Security GatewayList Of Figures xxiFigure 19-9 Example 2 - Local Network Rule Summary ...

P312 Broadband Security Gateway19-8 Examples Firewall RulesFigure 19-7 Configuring A POP Custom PortStep 4. Now, we will create rules to block all

P312 Broadband Security GatewayExample Firewall Rules 19-9Figure 19-8 Example 2 - Local Network Rule 1 ConfigurationStep 6. Similarly configure anot

P312 Broadband Security Gateway19-10 Examples Firewall RulesFigure 19-9 Example 2 - Local Network Rule SummaryStep 8. Now we want an FTP server (IP

P312 Broadband Security GatewayExample Firewall Rules 19-11Figure 19-10 Example 2 - Internet to Local Network Rule Summary19.1.3 Example 3: DHCP Nego

P312 Broadband Security Gateway19-12 Examples Firewall RulesFigure 19-11 Custom Port for SyslogStep 2. Follow the procedures outlined in the previo

P312 Broadband Security GatewayExample Firewall Rules 19-13Figure 19-12 Syslog Rule ConfigurationThis is ourSyslogcustom port.Click Applywhen finishe

P312 Broadband Security Gateway19-14 Examples Firewall RulesFigure 19-13 Example 3 Rule SummaryRule 1: Allow DHCP negotiation between the ISP and th

P312 Broadband Security GatewayContent Filtering 20-1Chapter 20Content FilteringThe Prestige can block web features such as ActiveX controls, Java ap

P312 Broadband Security Gateway20-2 Content Filtering20.1.3 CookiesCookies are used by Web servers to track usage. Cookies provide service based on

P312 Broadband Security GatewayContent Filtering 20-3Figure 20-1 Content Filtering ScreenTable 20-1 Content Filtering FieldsField DescriptionRestrict

Troubleshooting, Appendices, Glossary and IndexVPart V: Troubleshooting, Appendices, Glossary and IndexChapter 21 provides information about solving c

P312 Broadband Security GatewayTroubleshooting 21-1Chapter 21TroubleshootingThis chapter covers the potential problems you may run into and the poss

P312 Broadband Security Gateway21-2 Troubleshooting21.2 Problems with the LAN InterfaceTable 21-2 Troubleshooting the LAN InterfaceProblem Correct

P312 Broadband Security GatewayTroubleshooting 21-321.4 Problems with Internet AccessTable 21-4 Troubleshooting Internet AccessProblem Corrective A

P312 Broadband Security GatewayPPPoE EAppendix APPPoEPPPoE in ActionAn ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) f

P312 Broadband Security GatewayPPPoEFHow PPPoE WorksThe PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it

P312 Broadband Security GatewayPPTP GAppendix B PPTPWhat is PPTP?PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary protocol (RFC 26

P312 Broadband Security GatewayPPTPHPNS and the PAC must have IP connectivity; however, the PAC must in addition have dial-up capability.The phone ca

P312 Broadband Security GatewayList of Tables xxiiiList Of TablesTable 2-1 LED functions ...

P312 Broadband Security GatewayHardware Specifications IAppendix CHardware SpecificationsPower Specification I/P AC 120V / 60Hz ; O/P DC 12V 1200 mAM

P312 Broadband Security GatewayJ Safety InstructionsAppendix DImportant Safety InstructionsThe following safety instructions apply to the Prestige:1.

P312 Broadband Security GatewayCLI Commands KAppendix EFirewall CLI CommandsThe following table describes the syntax used to configure your firewall

P312 Broadband Security GatewayL CLI CommandsFunction CLI Syntax Descriptionconfig edit firewall e-mailemail-to<e-mail address>Edits the mail a

P312 Broadband Security GatewayCLI Commands MFunction CLI Syntax Descriptionconfig edit firewall set <set #>default-permit <forward | block&

P312 Broadband Security GatewayN CLI CommandsFunction CLI Syntax Descriptionconfig edit firewall set <set #>rule<rule #> srcaddr-subnet &

P312 Broadband Security GatewayCLI Commands OFunction CLI Syntax DescriptionDDeelleetteeconfig delete firewall e-mailRemoves all the settings for e-m

P312 Broadband Security GatewayP Power Adapter SpecificationsAppendix F Power Adapter SpecsAC Power Adapter SpecificationsNorth AmericaAC Power Adapt

P312 Broadband Security GatewayPower Adapter Specifications QJapanAC Power Adapter model JOD-48-1124Input power: AC100Volts/ 50/60Hz/ 27VAOutput powe

P312 Broadband Security GatewayR GlossaryGlossary of Terms10BaseTThe 10-Mbps baseband Ethernet specification that uses two pairs of twisted-paircabli

P312 Broadband Security Gatewayxxiv List of TablesTable 7-2 Abbreviations Used If Filter Type Is IP ...

P312 Broadband Security GatewayGlossary SCookie A string of characters saved by a web browser on the user's hard disk. Many webpages send cookie

P312 Broadband Security GatewayT GlossaryDigital Signature Digital code that authenticates whomever signed the document or software. Software,message

P312 Broadband Security GatewayGlossary UEvents These are network activities. Some activities are direct attacks on your system, whileothers might be

P312 Broadband Security GatewayV GlossaryIntegrity Proof that the data is the same as originally intended. Unauthorized software or peoplehave not al

P312 Broadband Security GatewayGlossary Was a stream of bits.Name Resolution The allocation of an IP address to a host name. See DNSNATNetwork Addres

P312 Broadband Security GatewayX GlossaryPlain Text The opposite of Cipher Text, Plain Text is readable by anyone.Prestige WebConfiguratorThis is a w

P312 Broadband Security GatewayGlossary Ysystem, meaning that an end-to-end private circuit is established between caller andcallee.Public KeyEncrypt

P312 Broadband Security GatewayZ GlossarySPAM Unwanted e-mail, usually in the form of advertisements.Spoofing To forge something, such as an IP addre

P312 Broadband Security GatewayGlossary AAon a host system. Objects include directories and an assortment of file types, includingtext files, graphic

P312 Broadband Security GatewayList of Tables xxvTable 16-5 Timeout Menu ...

P312 Broadband Security GatewayIndex CCIndexAAction for Matched Packets... 16-10Activate The Firewall ...

P312 Broadband Security GatewayDD IndexEncapsulationPPP over Ethernet...EEthernet Encapsulation3-8,

P312 Broadband Security GatewayIndex EELLAN Setup...2-6, 2-11, 2-12, 3-4, 3-5LAN to WAN Rules...

P312 Broadband Security GatewayFF IndexSSafety Instructions...JSafety Instructions...

P312 Broadband Security GatewayIndex GGWAN Setup...2-6, 2-10, 2-11, 21-2WAN to LAN Rules...

P312 Broadband Security GatewayPreface xxviiPrefaceAbout Your RouterCongratulations on your purchase of the Prestige 312 Broadband Security Gateway.D

P312 Broadband Security Gatewayxxviii PrefaceRegardless of your particular application, it is important that you follow the steps outlined in Chapte

Getting StartedIPart I: Getting StartedChapters 1-3 are structured as a step-by-step guide to help you connect, install and setup yourPrestige to oper

P312 Broadband Security GatewayFCC Statement iiiFederal Communications Commission (FCC) Interference StatementThis device complies with Part 15 of FC

P312 Broadband Security GatewayGetting to Know Your Prestige 1-1Chapter 1Getting to Know Your PrestigeThis chapter introduces the main features and

P312 Broadband Security Gateway1-2 Getting to Know Your PrestigeDynamic DNS SupportWith Dynamic DNS support, you can have a static hostname alias for

P312 Broadband Security GatewayGetting to Know Your Prestige 1-3not choose a time service protocol that your timeserver will send when the Prestige

P312 Broadband Security Gateway1-4 Getting to Know Your Prestige Figure 1-2 Secure Internet Access via DSLYou can also use your xDSL modem in the bri

P312 Broadband Security GatewayHardware Installation & Initial Setup 2-1Chapter 2Hardware Installation & Initial SetupThis chapter shows you

P312 Broadband Security Gateway2-2 Hardware Installation & Initial SetupLEDs Function IndicatorStatusActive DescriptionFlashing The 100M LAN is s

P312 Broadband Security GatewayHardware Installation & Initial Setup 2-3connector on the back of the cable modem. Connect an xDSL Modem to the x

P312 Broadband Security Gateway2-4 Hardware Installation & Initial Setup♦ 9600 Baud.♦ No parity, 8 Data bits, 1 Stop bit, Flow Control set to N

P312 Broadband Security GatewayHardware Installation & Initial Setup 2-5Figure 2-4 Password Screen2.6 Navigating the SMT InterfaceThe SMT (Sys

P312 Broadband Security GatewayivCanadian UsersInformation for Canadian UsersThe Industry Canada label identifies certified equipment. This certifica

P312 Broadband Security Gateway2-6 Hardware Installation & Initial Setup2.6.1 Main MenuAfter you enter the password, the SMT displays the Prestig

P312 Broadband Security GatewayHardware Installation & Initial Setup 2-799 Exit To exit from SMT and return to a blank screen.2.7 Changing the

P312 Broadband Security Gateway2-8 Hardware Installation & Initial Setup2.8 General SetupMenu 1 - General Setup contains administrative and syste

P312 Broadband Security GatewayHardware Installation & Initial Setup 2-9Table 2-4 General Setup Menu FieldField Description ExampleSystem Name

P312 Broadband Security Gateway2-10 Hardware Installation & Initial SetupTable 2-5 Configure Dynamic DNS Menu FieldsField Description ExampleServ

P312 Broadband Security GatewayHardware Installation & Initial Setup 2-11Figure 2-9 Menu 2 – WAN SetupThe MAC address field allows users to con

P312 Broadband Security Gateway2-12 Hardware Installation & Initial SetupFigure 2-10 Menu 3 - LAN Setup2.10.1 LAN Port Filter SetupThis menu all

P312 Broadband Security GatewayInternet Access 3-1Chapter 3Internet AccessThis chapter shows you how to configure the LAN as well as the WAN of your

P312 Broadband Security Gateway3-2 Internet AccessThe subnet mask specifies the network number portion of an IP address. Your Prestige will compute t

P312 Broadband Security GatewayInternet Access 3-33.1.5 DHCP ConfigurationDHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows t

P312 Broadband Security GatewayWarrantyvDeclaration of ConformityWe, the Manufacturer/Importer,ZyXEL Communications Corp.No. 6, Innovation Rd. II,Sci

P312 Broadband Security Gateway3-4 Internet AccessThe address 224.0.0.1 is used for query messages and is assigned to the permanent group of all IP h

P312 Broadband Security GatewayInternet Access 3-5Figure 3-3 Menu 3 - LAN Setup (10/100 Mbps Ethernet)To edit the TCP/IP and DHCP configuration, en

P312 Broadband Security Gateway3-6 Internet AccessFollow the instructions in the following table on how to configure the DHCP fields.Table 3-1 LAN D

P312 Broadband Security GatewayInternet Access 3-7Field Description ExampleEdit IP Alias The Prestige supports three logical LAN interfaces via its

P312 Broadband Security Gateway3-8 Internet AccessRIP DirectionPress the space bar to select the RIP direction from None, Both/InOnly/Out Only.NoneVe

P312 Broadband Security GatewayInternet Access 3-9The following table describes this screen.Table 3-4 Internet Access Setup Menu FieldsField Descri

P312 Broadband Security Gateway3-10 Internet Access3.3.3 Configuring the PPTP ClientTo configure a PPTP client, you must configure the My Login and

P312 Broadband Security GatewayInternet Access 3-11For the service provider, PPPoE offers an access and authentication method that works with existi

P312 Broadband Security Gateway3-12 Internet AccessTable 3-6 New Fields in Menu 4 (PPPoE) screenField Description ExamplesEncapsulation Press the [SP

Advanced ApplicationsIIPart II: Advanced ApplicationsAdvanced Applications (Chapters 4-6) describe the advanced applications of your Prestige, suchas

P312 Broadband Security GatewayviCE Doc

P312 Broadband Security GatewayRemote Node Setup 4-1Chapter 4Remote Node SetupThis chapter shows you how to configure a remote node.A remote node is

P312 Broadband Security Gateway4-2 Remote Node SetupTable 4-1 Fields in Menu 11.1Field Description ExamplesRem Node NameEnter a descriptive name for

P312 Broadband Security GatewayRemote Node Setup 4-34.1.2 PPPoE EncapsulationThe Prestige supports PPPoE (Point-to-Point Protocol over Ethernet). You

P312 Broadband Security Gateway4-4 Remote Node SetupTable 4-2 Fields in Menu 11.1 (PPPoE Encapsulation Specific)Field Description ExamplesAuthen This

P312 Broadband Security GatewayRemote Node Setup 4-5Figure 4-3 Remote Node Profile for PPTP EncapsulationThe next table shows how to configure fields

P312 Broadband Security Gateway4-6 Remote Node Setup4.2 Editing TCP/IP Options (with Ethernet Encapsulation)Move the cursor to the Edit IP field in

P312 Broadband Security GatewayRemote Node Setup 4-7Field Description Examplebetween 1 and 15. In practice, 2 or 3 is usually a good number.PrivateTh

P312 Broadband Security Gateway4-8 Remote Node SetupFigure 4-5 Remote Node Network Layer OptionsThe next table gives you instructions about configur

P312 Broadband Security GatewayRemote Node Setup 4-9between 1 and 15. In practice, 2 or 3 is usually a good number.PrivateThis parameter determines i

P312 Broadband Security Gateway4-10 Remote Node SetupFigure 4-6 Remote Node Filter (Ethernet Encapsulation)Figure 4-7 Remote Node Filter (PPPoE or P

P312 Broadband Security GatewayWarrantyviiZyXEL Limited WarrantyZyXEL warrants to the original end user (purchaser) that this product is free from an

P312 Broadband Security GatewayIP Static Route Setup 5-1Chapter 5IP Static Route SetupThis chapter shows you how to configure static routes with your

P312 Broadband Security Gateway5-2 IP Static Route Setup5.1 IP Static Route SetupYou configure IP static routes in Menu 12. 1, by selecting one of t

P312 Broadband Security GatewayIP Static Route Setup 5-3Table 5-1 IP Static Route Menu FieldsField DescriptionRoute # This is the index number of th

P312 Broadband Security GatewayNAT 6-1Chapter 6Network Address Translation (NAT)This chapter discusses how to configure NAT on the Prestige.6.1 Intro

P312 Broadband Security Gateway6-2 NATthem accessible to the outside world. If you do not define any servers (for Many-to-One and Many-to-ManyOverloa

P312 Broadband Security GatewayNAT 6-32. Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IPaddress. Th

P312 Broadband Security Gateway6-4 NATremote node basis. They are reusable, but only one set is allowed for each remote node. The Prestigesupports 2

P312 Broadband Security GatewayNAT 6-5Figure 6-3 Applying NAT for Internet AccessThis figure shows how you apply NAT to the remote node in Menu 11.1.

P312 Broadband Security Gateway6-6 NATTable 6-3 Applying NAT in Menus 4 & 11.3Field Options DescriptionFull FeatureWhen you select this option th

P312 Broadband Security GatewayviiiCustomer SupportCustomer SupportWhen you contact your customer support representative please have the following in

P312 Broadband Security GatewayNAT 6-7Figure 6-6 Menu 15.1 Address Mapping SetsLet’s look first at Option 255. Option 255 is equivalent to SUA in pre

P312 Broadband Security Gateway6-8 NATTable 6-4 SUA Address Mapping RulesField Description Options/ExampleSet Name This is the name of the set you se

P312 Broadband Security GatewayNAT 6-9Figure 6-8 First Set in Menu 15.1.1The Type, Local and Global Start/End IPs are configured in Menu 15.1.1.1 (de

P312 Broadband Security Gateway6-10 NATmoved down by one rule. Delete means to delete theselected rule and then all the rules after the selectedone w

P312 Broadband Security GatewayNAT 6-11Field Description Option/Exampleexamples.and ServerLocal IPOnly local IP fields are N/A for server;Global IP f

P312 Broadband Security Gateway6-12 NATFigure 6-10 Multiple Servers Behind NAT6.3.2 Configuring a Server behind NATFollow the steps below to configu

P312 Broadband Security GatewayNAT 6-13Figure 6-11 Menu 15.2 – NAT Server SetupTable 6-7 Services & Port numbersServices Port NumberFTP (File Tr

P312 Broadband Security Gateway6-14 NATFigure 6-12 NAT Example 1Figure 6-13 Internet Access & NAT ExampleFrom Menu 4 shown above, simply choose

P312 Broadband Security GatewayNAT 6-156.4.2 Example 2 – Internet Access with an Inside ServerFigure 6-14 NAT Example 2In this case, we do exactly

P312 Broadband Security Gateway6-16 NATserver and the other IGA is used by all. We want to map the FTP servers to the first two of our IGAs andthe ot

P312 Broadband Security GatewayTable Of Contents ixTable of ContentsTable of Contents...

P312 Broadband Security GatewayNAT 6-17Step 5. Select Type= as One-to-One (direct mapping for packets going both ways), and enter the localStart IP

P312 Broadband Security Gateway6-18 NATWhen we have configured all four rules, Menu 15.1.1 should look as follows.Figure 6-19 Example 3 Final Menu 1

P312 Broadband Security GatewayNAT 6-196.4.4 Example 4 –NAT Unfriendly Application ProgramsSome applications do not support NAT Mapping using TCP or

P312 Broadband Security Gateway6-20 NATFigure 6-22 Example 4- Menu 15.1.1.1 - Address Mapping RuleAfter you’ve configured this menu, you should see t

Advanced ManagementIIIPart III: Advanced ManagementChapters 7 - 12 provide information on Prestige filtering, System Information and Diagnosis,Transfe

P312 Broadband Security GatewayFilters 7-1Chapter 7Filter ConfigurationThis chapter shows you how to create and apply filter(s).7.1 About FilteringYo

P312 Broadband Security Gateway7-2 Filters7.1.1 The Filter Structure of the PrestigeA filter set consists of one or more filter rules. Usually, you

P312 Broadband Security GatewayFilters 7-3StartFetch FirstFilter SetFetch FirstFilter RuleActive?ExecuteFilter RuleFetch NextFilter RuleNext filterRu

P312 Broadband Security Gateway7-4 Filters7.2 Configuring a Filter SetTo configure a filter set, follow the procedure below. For more information on