ZyXEL Communications P-2602HW-63C Guía de usuario Pagina 203
- Pagina / 465
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Chapter 14 Firewalls
P-2602H(W)(L)-DxA User’s Guide
203
If an initiation packet originates on the LAN, this means that someone is trying to make a
connection from the LAN to the Internet. Assuming that this is an acceptable part of the
security policy (as is the case with the default policy), the connection will be allowed. A cache
entry is added which includes connection information such as IP addresses, TCP ports,
sequence numbers, etc.
When the ZyXEL Device receives any subsequent packet (from the Internet or from the LAN),
its connection information is extracted and checked against the cache. A packet is only
allowed to pass through if it corresponds to a valid connection (that is, if it is a response to a
connection which originated on the LAN).
14.5.4 UDP/ICMP Security
UDP and ICMP do not themselves contain any connection information (such as sequence
numbers). However, at the very minimum, they contain an IP address pair (source and
destination). UDP also contains port pairs, and ICMP has type and code information. All of
this data can be analyzed in order to build "virtual connections" in the cache.
For instance, any UDP packet that originates on the LAN will create a cache entry. Its IP
address and port pairs will be stored. For a short period of time, UDP packets from the WAN
that have matching IP and UDP information will be allowed back in through the firewall.
A similar situation exists for ICMP, except that the ZyXEL Device is even more restrictive.
Specifically, only outgoing echoes will allow incoming echo replies, outgoing address mask
requests will allow incoming address mask replies, and outgoing timestamp requests will
allow incoming timestamp replies. No other ICMP packets are allowed in through the firewall,
simply because they are too dangerous and contain too little tracking information. For
instance, ICMP redirect packets are never allowed in, since they could be used to reroute
traffic through attacking machines.
14.5.5 Upper Layer Protocols
Some higher layer protocols (such as FTP and RealAudio) utilize multiple network
connections simultaneously. In general terms, they usually have a "control connection" which
is used for sending commands between endpoints, and then "data connections" which are used
for transmitting bulk information.
Consider the FTP protocol. A user on the LAN opens a control connection to a server on the
Internet and requests a file. At this point, the remote server will open a data connection from
the Internet. For FTP to work properly, this connection must be allowed to pass through even
though a connection from the Internet would normally be rejected.
In order to achieve this, the ZyXEL Device inspects the application-level FTP data.
Specifically, it searches for outgoing "PORT" commands, and when it sees these, it adds a
cache entry for the anticipated data connection. This can be done safely, since the PORT
command contains address and port information, which can be used to uniquely identify the
connection.
Any protocol that operates in this way must be supported on a case-by-case basis. You can use
the web configurator’s Custom Ports feature to do this.
- P-2602HW(L) Series 1
- P-2602H Series 1
- About This User's Guide 3
- Document Conventions 4
- Icons Used in Figures 5
- Safety Warnings 6
- Safety Warnings 7
- Contents Overview 10
- Table of Contents 11
- Chapter 8 13
- Chapter 9 13
- Chapter 10 14
- Chapter 11 14
- Chapter 12 15
- Chapter 16 17
- Chapter 17 17
- Chapter 18 18
- Chapter 19 18
- Chapter 28 21
- Chapter 29 21
- List of Figures 23
- List of Tables 31
- Introduction 37
- CHAPTER 1 39
- 1.4.1 Internet Access 41
- 1.4.5 LAN to LAN Application 43
- 1.5 LEDs 44
- 1.6 The RESET Button 45
- CHAPTER 2 47
- Figure 7 Password Screen 48
- 2.2.1 Title Bar 50
- 2.2.2 Navigation Panel 51
- 2.2.3 Main Window 53
- 2.2.4 Status Bar 53
- VoIP Wizard And Example (71) 55
- CHAPTER 3 57
- Figure 12 Select a Mode 58
- Figure 13 Wizard Welcome 58
- 3.2.1 Manual Configuration 60
- Figure 26 Wireless LAN 67
- Shared Key 68
- CHAPTER 4 71
- Figure 32 Select a Mode 72
- Figure 33 Wizard: Welcome 72
- Figure 36 VoIP Wizard Fail 74
- CHAPTER 5 77
- Figure 39 Wizard: Welcome 78
- PART III 81
- CHAPTER 6 83
- Chapter 6 Status Screens 84
- Table 17 Status Screen 84
- Chapter 6 Status Screens 85
- 6.2 Any IP Table 86
- 6.4 Packet Statistics 87
- Figure 45 Packet Statistics 88
- Table 20 Packet Statistics 88
- 6.5 VoIP Statistics 89
- Table 21 VoIP Statistics 90
- CHAPTER 7 93
- 7.1.2 Multiplexing 94
- 7.1.3 VPI and VCI 94
- 7.1.4 IP Address Assignment 94
- 7.2 Metric 95
- 7.3 Traffic Shaping 96
- 7.3.1 ATM Traffic Classes 97
- 7.5 Internet Access Setup 98
- Chapter 7 WAN Setup 99
- Chapter 7 WAN Setup 100
- 7.6 WAN More Connections 101
- 7.7 Traffic Redirect 102
- 7.8 WAN Backup Setup 103
- Check WAN IP Address 104
- CHAPTER 8 105
- 8.2 DNS Server Addresses 106
- 8.3 LAN TCP/IP 106
- Chapter 8 LAN Setup 107
- 8.3.2 RIP Setup 108
- 8.3.3 Multicast 108
- 8.3.4 Any IP 109
- 8.4 Configuring LAN IP 110
- Table 26 LAN IP (continued) 111
- Table 27 Advanced LAN Setup 111
- 8.5 DHCP Setup 112
- 8.6 LAN Client List 113
- 8.7 LAN IP Alias 114
- Figure 60 LAN IP Alias 115
- Chapter 8 LAN Setup 116
- Table 30 LAN IP Alias 116
- CHAPTER 9 117
- 9.2.1 SSID 118
- 9.2.2 MAC Address Filter 118
- 9.2.3 User Authentication 118
- 9.2.4 Encryption 119
- Chapter 9 Wireless LAN 120
- 9.5 General WLAN Screen 121
- 9.5.1 No Security 122
- 9.5.2 WEP Encryption Screen 123
- 9.5.3 WPA(2)-PSK 124
- Chapter 9 Wireless LAN 125
- Figure 66 Wireless: WPA(2) 126
- Table 37 Wireless: WPA(2) 126
- Figure 67 Advanced 127
- 9.6 OTIST Screen 128
- 9.6.1 Notes on OTIST 130
- 9.7 MAC Filter 131
- Table 40 MAC Address Filter 132
- 9.8 QoS Screen 133
- Table 41 Wireless LAN: QoS 134
- CHAPTER 10 137
- 10.1.2 What NAT Does 138
- 10.1.3 How NAT Works 138
- 10.1.4 NAT Application 138
- 10.1.5 NAT Mapping Types 139
- 10.3 NAT General Setup 140
- 10.4 Port Forwarding 141
- Figure 81 Port Forwarding 143
- Table 46 Port Forwarding 143
- 10.6 Address Mapping 145
- 10.6.2 SIP ALG 148
- CHAPTER 11 149
- 11.2.2 SIP Call Progression 150
- 11.2.3 SIP Servers 150
- Chapter 11 Voice 151
- Figure 86 SIP User Agent 151
- Figure 87 SIP Proxy Server 151
- 11.2.4 RTP 152
- 11.2.5 Pulse Code Modulation 152
- 11.2.6 Voice Coding 152
- 11.2.9 Custom Tones (IVR) 153
- 11.3.1 Type of Service (ToS) 154
- 11.3.2 DiffServ 154
- 11.4 SIP Settings Screen 155
- Chapter 11 Voice 156
- 11.6 SIP QoS Screen 160
- 11.7 Phone 160
- 11.8 Analog Phone Screen 161
- Figure 95 Phone > Common 164
- Table 58 Phone > Common 164
- 11.11.1 The Flash Key 165
- 11.12 Phone Region Screen 168
- 11.13 Speed Dial 168
- CHAPTER 12 175
- Chapter 12 VoIP Trunking 176
- 12.3 Call Rules 177
- 12.4 VoIP Trunking Scenarios 177
- 12.5 Trunking General Screen 178
- Chapter 12 VoIP Trunking 179
- 12.8.4 Call Progression 185
- 12.9.4 Call Progression 188
- CHAPTER 13 191
- 13.7 Phone Functions Summary 192
- Chapter 13 Phone Usage 193
- Chapter 13 Phone Usage 194
- CHAPTER 14 195
- Chapter 14 Firewalls 196
- 14.4 Denial of Service 197
- 14.4.2 Types of DoS Attacks 198
- Chapter 14 Firewalls 199
- Figure 119 SYN Flood 199
- Figure 120 Smurf Attack 199
- 14.5 Stateful Inspection 200
- 14.5.3 TCP Security 202
- 14.5.4 UDP/ICMP Security 203
- 14.5.5 Upper Layer Protocols 203
- 14.6.1 Security In General 204
- 14.7.1 Packet Filtering: 205
- 14.7.2 Firewall 205
- CHAPTER 15 207
- 15.3 Rule Logic Overview 208
- 15.4 Connection Direction 209
- 15.4.1 LAN to WAN Rules 210
- 15.4.2 Alerts 210
- 15.6 Firewall Rules Summary 211
- Figure 123 Firewall Rules 212
- Table 79 Firewall Rules 212
- Address 215
- 15.7 Example Firewall Rule 217
- 10.0.0.15 on the LAN 220
- 15.8 DoS Thresholds 221
- 15.8.2 Half-Open Sessions 222
- 15.9 Firewall Commands 224
- CHAPTER 16 227
- Chapter 16 Content Filtering 228
- Chapter 16 Content Filtering 229
- CHAPTER 17 231
- 17.2 IPSec Architecture 232
- 17.3 Encapsulation 233
- 17.4 IPSec and NAT 234
- Table 88 VPN and NAT 235
- CHAPTER 18 237
- 18.3 My IP Address 238
- 18.4 Secure Gateway Address 238
- 18.5 VPN Setup Screen 239
- Chapter 18 VPN Screens 240
- Figure 140 VPN Setup 240
- Table 90 VPN Setup 240
- 18.6 Keep Alive 241
- 18.8 Remote DNS Server 242
- 18.9 ID Type and Content 243
- VPN tunnel 244
- 18.10 Pre-Shared Key 245
- 18.11 Editing VPN Policies 245
- Table 96 Edit VPN Policies 246
- Chapter 18 VPN Screens 247
- 18.12 IKE Phases 250
- 18.12.1 Negotiation Mode 251
- 18.14 Manual Key Setup 254
- Figure 146 VPN: Manual Key 255
- Table 98 VPN: Manual Key 255
- 18.16 Viewing SA Monitor 257
- Figure 147 VPN: SA Monitor 258
- Table 99 VPN: SA Monitor 258
- CHAPTER 19 263
- 19.3 Configuration Summary 264
- 19.4 My Certificates 265
- 19.5 My Certificate Import 266
- Chapter 19 Certificates 267
- 19.6 My Certificate Create 268
- 19.7 My Certificate Details 270
- Chapter 19 Certificates 272
- 19.8 Trusted CAs 273
- Figure 156 Trusted CAs 274
- Table 107 Trusted CAs 274
- 19.9 Trusted CA Import 275
- 19.10 Trusted CA Details 276
- 19.15 Directory Servers 284
- Table 113 Directory Servers 285
- CHAPTER 20 287
- 20.2.1 Static Route Edit 288
- Chapter 20 Static Route 289
- Table 116 Static Route Edit 289
- Chapter 20 Static Route 290
- CHAPTER 21 291
- 21.7.1 Rule Configuration 295
- 21.8 Bandwidth Monitor 297
- CHAPTER 22 299
- Chapter 22 Dynamic DNS Setup 300
- Figure 174 Dynamic DNS 300
- Table 124 Dynamic DNS 300
- Device and the DDNS server 301
- CHAPTER 23 303
- 23.2 WWW 304
- 23.3 Telnet 305
- 23.4 Configuring Telnet 306
- 23.5 Configuring FTP 306
- 23.6 SNMP 307
- 23.6.1 Supported MIBs 308
- 23.6.2 SNMP Traps 309
- 23.6.3 Configuring SNMP 309
- 23.7 Configuring DNS 310
- 23.8 Configuring ICMP 311
- CHAPTER 24 313
- 24.2 UPnP and ZyXEL 314
- Table 132 Configuring UPnP 315
- Figure 194 System Tray Icon 321
- Network 322
- Maintenance and 325
- Troubleshooting 325
- CHAPTER 25 327
- Chapter 25 System 328
- 25.2 Time Setting 329
- CHAPTER 26 331
- Chapter 26 Logs 332
- Figure 201 View Log 332
- Table 135 View Log 332
- Chapter 26 Logs 333
- Figure 202 Log Settings 333
- Table 136 Log Settings 333
- 26.4 SMTP Error Messages 334
- 26.4.1 Example E-mail Log 335
- 26.5 Log Descriptions 336
- Table 139 System Error Logs 337
- Table 141 TCP Reset Logs 337
- Table 149 802.1X Logs 340
- Table 150 ACL Setting Notes 341
- Table 151 ICMP Notes 341
- Table 152 Syslog Logs 342
- Table 153 SIP Logs 342
- CHAPTER 27 345
- Chapter 27 Tools 346
- Chapter 27 Tools 347
- Figure 204 Firmware Upgrade 347
- Table 160 Firmware Upgrade 347
- 27.5 Backup and Restore 348
- 27.5.1 Backup Configuration 349
- 27.6 Restart 351
- DAMAGE your device 354
- 27.9.3 TFTP File Upload 355
- CHAPTER 28 357
- Chapter 28 Diagnostic 358
- Chapter 28 Diagnostic 359
- CHAPTER 29 361
- V I forgot the password 362
- FTP to upload new firmware 363
- 29.3 Internet Access 364
- 29.4 Phone Calls and VoIP 365
- 29.5.1 Outgoing Calls 366
- 29.5.2 Incoming Calls 367
- Chapter 29 Troubleshooting 368
- Appendices and 369
- APPENDIX A 371
- Voice Specifications 375
- Table 168 Voice Features 376
- Table 169 Wireless Features 378
- IEEE 802.11g Wireless LAN 379
- Power Adaptor Specifications 380
- APPENDIX B 381
- Installing Components 382
- Configuring 383
- Windows 2000/NT/XP 384
- Macintosh OS 8/9 388
- Macintosh OS X 390
- Verifying Settings 391
- APPENDIX C 393
- JavaScripts 396
- Java Permissions 397
- JAVA (Sun) 398
- APPENDIX D 399
- Subnet Masks 400
- Notation 401
- Subnetting 402
- Example: Four Subnets 403
- Example: Eight Subnets 404
- Subnet Planning 405
- Configuring IP Addresses 406
- APPENDIX E 407
- Appendix E Wireless LANs 408
- Appendix E Wireless LANs 409
- Fragmentation Threshold 410
- Preamble Type 411
- IEEE 802.1x 411
- Types of RADIUS Messages 412
- Types of Authentication 413
- PEAP (Protected EAP) 414
- Dynamic WEP Key Exchange 414
- User Authentication 414
- Security Parameters Summary 415
- APPENDIX F 417
- Appendix F Services 418
- Appendix F Services 419
- APPENDIX G 421
- Displaying Logs 422
- Log Command Example 423
- APPENDIX H 425
- Appendix H Internal SPTGEN 428
- Table 189 Menu 3 428
- Appendix H Internal SPTGEN 429
- Table 191 Menu 12 433
- Command Examples 448
- APPENDIX I 449
- ZyXEL Limited Warranty 451
- Appendix I Legal Information 452
- APPENDIX J 453
- Appendix J Customer Support 454
- Appendix J Customer Support 455
Relacionado con productos y manuales para Redes ZyXEL Communications P-2602HW-63C
Redes ZyXEL Communications Prestige 642 Guía de usuario
(134 paginas)
(134 paginas)
Redes ZyXEL Communications ZyWALL 70 Información técnica
(298 paginas)
(298 paginas)
Redes ZyXEL Communications G-102 Guía de usuario
(198 paginas)
(198 paginas)
Redes ZyXEL Communications IES-1248-51 Guía de usuario
(654 paginas)
(654 paginas)
Redes ZyXEL Communications ES-305 Guía de usuario
(118 paginas)
(118 paginas)
Redes ZyXEL Communications P-871M Manual de usuario
(23 paginas)
(23 paginas)
(25 paginas)
Redes ZyXEL Communications P-2900-4HB Guía de usuario
(126 paginas)
(126 paginas)
Husqvarna 324LDX-Series manuals
Owner’s manuals and user’s guides for Petrol tool Husqvarna 324LDX-Series.
We providing 1 pdf manuals Husqvarna 324LDX-Series for download free by document types: User Manual
Comentarios a estos manuales