ZyXEL Communications HS100/HS100W instruction

UPnP, Parental Control and Firewall

Part IV:

UPnP, Parental Control and Firewall

This part provides information and configuration instructions for configuration of Universal Plug

and Play, parental control, firewall and content filtering.

IV

Image 146

ZyXEL Communications HS100/HS100W manual UPnP, Parental Control and Firewall

Contents

HS-100 / HS-100W Version 10/2005 Trademarks Copyright 2004 by ZyXEL Communications CorporationDisclaimer Certifications Information for Canadian Users ZyXEL Limited Warranty Online Registration Customer Support Table of Contents III 11-1 Viii 27.1 Page List of Figures Xiv List of Figures 10-1 Xvi List of Figures Xvii Xviii List of Figures List of Tables List of Tables 20-3 Xxii List of Tables ¾ ZyXEL Glossary and Web Site Related DocumentationUser’s Guide Feedback Dslam Syntax ConventionsGraphics Icons Key HomeSafe User’s Guide Preface Xxv Part Page Non-Physical Features HomeSafe FeaturesPhysical Features Getting to Know Your HomeSafe 802.11b Wireless LAN Standard HS-100W only Content FilteringBrute-Force Password Guessing Protection Firewall Call Scheduling Packet FilteringUniversal Plug and Play UPnP PPPoE Network Address Translation NAT Dhcp Dynamic Host Configuration ProtocolUpgrade HomeSafe Firmware via LAN Traffic Redirect Applications for the HomeSafe Secure Broadband Internet Access via Cable or DSL ModemWireless Association List HS-100W only HomeSafe Parental Control Gateway Wireless LAN Application Wireless LAN Application Example Accessing the HomeSafe Web Configurator Introducing the Web ConfiguratorWeb Configurator Overview Set up your wireless LAN using the second wizard screen System Administrator Password SetupWlan Setup Following table describes the fields in this screen Essid Wlan Setup Basic SecurityAccess screen WEP Wlan Setup Extended SecurityFollowing table describes the labels in this screen Ascii Internet Configuration Setup Refer to the chapter on wireless LAN for more information Internet Configuration Setup ISP Parameters Internet Access Setup Internet Access Static IP Address Setup Dhcp Internet Configuration Setup Complete Parental Control Wizard Parental Control Time Setup Wizard Parental Control Wizard 10 Wizard Parental Control Time Setup Parental Control Create or Edit a Profile Parental Control Profile Information 11 Wizard Create or Edit a Profile Parental Control User Group 12 Wizard Parental Control Profile Information Parental Control Time Allowance Administrator can decide each group’sAccess rights 13 Wizard Parental Control User Group Parental Control Application Blocking Allowance screen Parental Control Account Summary15 Wizard Parental Control Application Blocking Parental Control Register for Content Filter 16 Wizard Parental Control Summary Content Filtering with an External Server Checking Content Filtering Activation Following screen appears after you click Activate in Figure Content Filter Service ActivationIf you click Register Later you will proceed to Figure Accessing the Internet via the HomeSafe Gateway Content Filter Setup Complete 25 Password Screen HomeSafe Main Menu Resetting the HomeSafeProcedure To Use The Reset Button Navigation Panel 17 Screens Summary Link TAB Function Remote Mgmt Telnet MaintenanceFirewall FTPPage Connection Wizard Overview Connection Wizard General Setup and System NameChapter Connection Wizard Domain Name Connection Wizard General Setup Connection Wizard Screen Connection Wizard Wireless LAN Setup Basic Security Connection Wizard Wireless LAN Setup Extend Security Ethernet PPPoE Encapsulation Connection Wizard Ethernet Encapsulation Connection Wizard PPPoE Encapsulation Pptp Encapsulation Connection Wizard Pptp Encapsulation WAN IP Address Assignment Private IP Address Ranges WAN MAC Address IP Address and Subnet MaskDNS Server Address Assignment Connection Wizard WAN Setup ISP Basic Setup Complete Connection Wizard Finish 10 Connection Wizard Problems HomeSafe User’s Guide Connection Wizard System, LAN, Wlan and WAN System Overview Configuring General SetupChapter System Screens Click System to open the General screen DynDNS Wildcard Configuring Dynamic DNSDynamic DNS System Ddns Configuring Password Configuring Time Setting System Time Setting Daylight Savings LAN Overview Dhcp SetupChapter LAN Screens Any IP Multicast How Any IP Works Any IP Example Application Configuring IP Click LAN to open the IP screen LAN TCP/IP Configuring Static Dhcp LAN Static Dhcp Configuring IP Alias LAN IP Alias LAN IP Alias Ibss Wireless Configuration and RoamingWireless LAN Overview 2 BSS Basic Service set 3 ESS Wireless LAN Basics 1 RTS/CTS Configuring Wireless Fragmentation Threshold Configuring Roaming RTS/CTS Requirements for Roaming Roaming Example Allow roaming Wireless stations must have the same Essid toAll APs on the same subnet Page Chapter Wireless Security Wireless Security Overview WPA-PSK WPA Security Parameters Summary AuthenticationWireless Security Relational Matrix WEP Overview WEP Authentication Steps Preamble Type Configuring WEP Encryption Encryption field Encryption User AuthenticationIntroduction to WPA WPA-PSK Application Example WPA-PSK application looks as follows Using a Radius server, the reauthentication Configuring WPA-PSK AuthenticationIf wireless station authentication is done Timer on the Radius server has priority Wireless Client WPA Supplicants WPA with Radius Application Example Configuring WPA Authentication WPA with Radius Application Example Wlan Wireless WPA 802.1x Overview EAP-MD5 cannot be used with Dynamic WEP Key Exchange Configuring 802.1x and Dynamic WEP Key ExchangeDynamic WEP Key Exchange Configuring 802.1x and Static WEP Key Exchange 10 Wlan Wireless 802.1x and Static WEP Wlan Wireless 802.1x and Static WEP Wlan Wireless 802.1x and Static WEP Configuring Reset MAC Filter MAC Following table describes the labels in this menuWlan MAC Address Filter 10 Wlan Local User Database Configuring Local User DatabaseIntroduction to Local User Database Active Select this option to activate the user profile Introduction to Radius Configuring Radius EAP Authentication Overview 15 Wlan Radius 11 Wlan Radius HomeSafe User’s Guide Page WAN Overview Configuring RouteChapter WAN Screens TCP/IP Priority Metric Screen shown next is for Ethernet encapsulation Configuring WAN ISPEthernet Encapsulation PPPoE Encapsulation WAN ISP PPPoE Encapsulation WAN ISP Pptp Encapsulation Configuring WAN IP WAN IP Address Assignment Server WAN IPSelected Use Fixed IP Address Choose Both, None, In Only or Out Only RIP-1 Configuring WAN MACChoose RIP-1 , RIP-2B or RIP-2M Traffic Redirect WAN Setup Traffic Redirect Configuring Traffic Redirect WAN Traffic Redirect WAN Traffic Redirect SUA/NAT and Static Route Page NAT Definitions Chapter Network Address Translation NAT ScreensNAT Overview What NAT Does How NAT Works NAT Application NAT Mapping Types Following table summarizes these types SUA Single User Account Versus NAT Using NATSUA Server NAT Mapping Types Services and Port Numbers Port Forwarding Services and Port NumbersDefault Server IP Address Services Port Number Configuring SUA Server Configuring Servers Behind SUA Example Configuring Address Mapping SUA/NAT Setup Address Mapping One-to-One and Server mapping types Many-to-One and Server mapping types Configuring Address MappingTrigger Port Forwarding Two Points To Remember About Trigger Ports Configuring Trigger Port ForwardingTrigger Port Forwarding Example Following is an example of trigger port forwarding Only one LAN computer can use a trigger port range at a time Page Static Route Overview Configuring IP Static RouteChapter Static Route Screens Click Static Route to open the screen as shown next Configuring Route Entry Static Route Edit NAT Screens 10-3 UPnP, Parental Control and Firewall Universal Plug and Play Overview How Do I Know If Im Using UPnP?Chapter UPnP UPnP and ZyXEL Click UPnP to display the screen shown next Configuring UPnPInstalling UPnP in Windows Example Follow the steps below to install UPnP in Windows Me Installing UPnP in Windows MeInstalling UPnP in Windows XP Follow the steps below to install UPnP in Windows XP Using UPnP in Windows XP Example Auto-discover Your UPnP-enabled Network Device Internet Connection Properties Web Configurator Easy Access Connections Select My Network Places under Other Places UPnP 11-7 Page Chapter Parental Control Parental Control LoginsInitial Configuration Parental Control Overview Parental Administrator log Parental Control Application Configuring Parental Control HomeSafe Parental Control Wireless Gateway Application Parental Control Web site displays a registration successful For content filtering to be activated. See CheckingContent filtering activation Web page. It may take up to another ten minutes Parental Control Group Edit Filter Content Filtering with an External ServerReset Click Reset to start configuring this screen again Parental Control Group Edit Configuration Parental Control Filter Parental Control 12-9 12-10 Parental Control Parental Control 12-11 Blocking URL Checking section for How to set how much of the URLSee the Customizing Keyword HomeSafe checks Customizing Keyword Blocking URL Checking Parental Control Edit Services Service Description RCMDTCP512 RLOGINTCP513PPTPTUNNELGRE0 REALAUDIOTCP7070 Parental Control Edit If you want to allow twenty-four hour Access, you should select the unrestrictedUser access will be denied after the End Check box Parental Control Bypass List Weekdays or Weekend boxes Parental Control 12-19 Page Guidelines For Enhancing Security With Your Firewall Chapter FirewallIntroduction Firewall Settings Screen Firewall Settings No Log Firewall, NAT and Remote ManagementLAN-to-WAN rules Log All log all LAN to WAN packets Services WAN-to-LAN rules Firewall Service Click Clear All to empty the Blocked Service Remote Management Page Remote Management Overview Only LAN only Neither DisableChapter Remote Management Screens Remote Management Limitations Remote Management and NAT Configuring WWWSystem Timeout Configuring Telnet Telnet Configuration on a TCP/IP Network Configuring FTP Remote Management Telnet Snmp Remote Management FTP Snmp is only available if TCP/IP is configured Snmp Management Model Snmp Traps Configuring SnmpSupported MIBs Snmp Traps Remote Management Snmp Configuring DNS Remote Management DNS Configuring Security Icmp Remote Management Screens 14-11 Page HomeSafe User’s Guide VPN Screens 14-1 Logs and Maintenance Chapter Centralized Logs View Log Log Settings Settings, see section Log Settings Weekly When Log is FullDaily Hourly Status Screen Chapter MaintenanceMaintenance Overview Maintenance System Statistics System Statistics Maintenance Dhcp Table Dhcp Table Screen Any IP Table Association List Maintenance Firmware Upload 16.6 F/W Upload Screen Configuration Screen Upload Warning Maintenance Restore Configuration Backup ConfigurationRestore Configuration Back to Factory Defaults 11 Configuration Restore Successful 14 Factory Defaults Restart Screen SMT General Configuration Page Chapter Introducing the SMT SMT Introduction Operation Keystroke Description Main Menu CommandsNavigating the SMT Interface Enter ? or ChangeMe System Management Terminal Interface SummaryMain Menu Summary Menu Title Description Changing the System Password Menu 23 System Password Procedure To Configure Menu Chapter Menu 1 General SetupGeneral Setup Field Description Example Procedure to Configure Dynamic DNS Select Yes to configure Menu 1.1 Configure Dynamic DNS User YesDynamicDNS Specified IP Address field Introduction to WAN Chapter Menu 2 WAN SetupWAN Setup From the main menu, enter 2 to open menuPage Protocol Dependent Ethernet Setup Chapter Menu 3 LAN SetupLAN Setup 20.3 TCP/IP Ethernet Setup and Dhcp Menu 3.2 TCP/IP and Dhcp Ethernet Setup Menu 3.2 Dhcp Ethernet Setup Fields RIP-1 Menu 3.2 LAN TCP/IP Setup FieldsBoth RIP-1,RIP-2B or RIP-2M IP Alias Setup Physical Network & Partitioned Logical Networks Field Description Example Essid Wireless LAN SetupBoth, In Only, Out Only or None RTS DisableCH06 2437MHz Auto Configuring MAC Address Filter Mixed Configuring Roaming on the HomeSafe Menu 3.5.1 Wlan MAC Address Filter 10 Menu 3.5.2 Roaming Configuration Menu 3.5.2 Roaming ConfigurationPage Menu 4 Internet Access Setup Ethernet Chapter Internet AccessIntroduction to Internet Access Setup Ethernet Encapsulation Configuring the Pptp Client New Fields in Menu 4 Pptp Screen Configuring the PPPoE ClientDefault New Fields in Menu 4 PPPoE screen 21-4 Internet Access Remote Node Profile Setup Chapter Remote Node ConfigurationIntroduction to Remote Node Setup Press Enter to go to Menu 11.3 Remote Node Network EthernetAlias Layer Options Outgoing Authentication Protocol Nailed-Up Connection Fields in Menu 11.1 PPPoE Encapsulation Specific CHAP/PAP Remote Node Network Layer Options Edit IPMenu 11.1 Remote Node Profile for Pptp Encapsulation Dynamic Many-to-One and Server Remote Node FilterSUA Only RIP-1/RIP-2B/RIP-2M or None Traffic Redirect Setup Menu 11.5 Remote Node Filter Ethernet Encapsulation 22-8 Remote Node Configuration Chapter Static Route Setup IP Static Route Setup 23-2 Static Route Setup Chapter Dial-in User Setup Dial-in User SetupPage Menu 4 Applying NAT for Internet Access Applying NAT Applying NAT in Menus 4 NAT SetupFull Feature NAT Following table explains the fields in this menu Address Mapping SetsSUA Address Mapping Set Menu 15.1.255 is read-only SUA Address Mapping Rules User-Defined Address Mapping Sets Ordering Your Rules Edit Menu 15.1.1 First SetField Desription Example Select Rule item One-to-One,Many-to-One and Server types Configuring a Server behind NATFollow these steps to configure a server behind NAT General NAT Examples Example 1 Internet Access OnlyFollowing are some examples of NAT configuration Dynamic Inside Global Address is assigned by the ISP Example 2 Internet Access with an Inside ServerExample 3 Multiple Public IP Addresses With Inside Servers Address Translation field in menu 4 or menu 11.3 Enter 1 to configure the Address Mapping SetsFollowing figures show how to configure the first rule Then enter 15 from the main menu Enter 2 in Menu 15 NAT Setup Example 4 NAT Unfriendly Application Programs Example 3 Menu 20 Example 4 Menu 15.1.1 Address Mapping Rules Menu 15.3 Trigger Port Setup Page Remote Management and the Firewall Access MethodsChapter Enabling the Firewall Enabling the Firewall SMT Advanced Management Filter Structure of the HomeSafe Chapter Filter ConfigurationIntroduction to Filters Execute Configuring a Filter Set Abbreviations Used in the Filter Rules Summary Menu Rule Abbreviations Used Configuring a Filter RuleConfiguring a TCP/IP Filter Rule Abbreviation Description Less TCP/IP Filter RuleField Description Options Equal Following figure illustrates the logic flow of an IP filter Configuring a Generic Filter Rule Executing an IP Filter Generic Filter Rule Menu Fields Example Filter HomeSafe User’s Guide Generic Filter Rule Menu Fields 10 Example Filter Menu Filter Types and NAT Applying LAN Filters Firewall Versus FiltersApplying a Filter Applying Remote Node Filters 14 Filtering Remote Node Traffic Page Chapter Snmp Configuration About Snmp Supported MIBs Snmp ConfigurationFollowing table describes the Snmp configuration parameters Port PVC Permanent Virtual Circuit Snmp TrapsPorts and Permanent Virtual Circuits Page Chapter System Security System PasswordConfiguring External Radius Server System Security 29.1.3 Enter 4 to display Menu 23.4 System Security IEEE802.1x No Access Allowed Menu 23.4 System Security IEEE802.1x Mode PSKGroup Data Privacy field Management Protocol is selected System Information and Diagnosis System Status Menu 24.1 System Maintenance Status System Maintenance Status Menu Fields System Information Menu 1 General SetupSystem Information To get to the System Information Console Port Speed Menu 24.3.2 System Maintenance Syslog and AccountingLog and Trace Syslog Logging System Information and Diagnosis 30-5 Diagnostic Call-Triggering Packet System Maintenance Menu Diagnostic WAN Dhcp 30-8 System Information and Diagnosis Filename Conventions Chapter Firmware and Configuration File MaintenanceFilename Conventions File Type Internal Name External Name Description Example of FTP Commands from the Command Line Backup ConfigurationUsing the FTP Command from the Command Line Follow the instructions as shown in the next screen Command Description Backup Configuration Using TftpGeneral Commands for GUI-based FTP Clients GUI-based FTP Clients Restore Using FTP Restore ConfigurationTftp Command Example Following is an example Tftp command Uploading Firmware and Configuration Files Restore Using FTP Session Example Firmware File Upload Configuration File UploadYou see the following screen when you telnet into menu Tftp File Upload FTP File Upload Command from the DOS Prompt ExampleFTP Session Example of Firmware File Upload Tftp Upload Command Example Command Syntax Chapter System MaintenanceCommand Interpreter Mode Command Usage Call Control Support Budget Management Call History Call History Fields NTP RFC-1305 the default, is similar to Time RFC-868 Time and Date SettingTime and Date Setting Fields Resetting the Time Daylight Saving fieldPage Chapter Remote Management Remote Management LAN Only Chapter Call Scheduling Introduction to Call Scheduling Menu 26.1 Schedule Set Setup Once Applying Schedule Sets to a Remote Node PPPoE Appendices and Index Page Appendix a TroubleshootingProblem Corrective Action Control Group Edit screen Benefits of PPPoE Appendix B PPPoEPPPoE in Action Traditional Dial-up Scenario Diagram B-2 The HomeSafeas a PPPoE Client HomeSafeas a PPPoE Client Appendix C What is PPTP?Diagram C-1 Transport PPP frames over Ethernet Pptp and the HomeSafe Pptp Protocol Overview Diagram C-2 Pptp Protocol OverviewDiagram C-3 Example Message Exchange between PC and an ANT Control & PPP connections Pptp Page Appendix D Log Descriptions Chart 1 System Error LogsChart 2 System Maintenance Logs LOG Message Description ID content Chart 3 UPnP LogsChart 4 Content Filtering Logs Chart 5 Icmp Type and Code Explanations Type Code Description Log Commands Configuring What You Want the HomeSafe to Log Displaying Logs Page If you need TCP/IP Appendix E Setting up Your Computer’s IP AddressWindows 95/98/Me If you need Client for Microsoft Networks Checking/Modifying Your Computer’s IP Address Windows 2000/NT/XP Click Advanced to go to the Advanced TCP/IP HomeSafe User’s Guide Turn on your HomeSafeand restart your computer if prompted Close the TCP/IP Control Panel Macintosh OS 8/9Select Ethernet built-in from the Connect via list Select Built-in Ethernet from the Show list Macintosh OSCheck your TCP/IP properties in the Network window Page Ad-hoc Wireless LAN Configuration Appendix F Wireless LAN and IeeeBenefits of a Wireless LAN Ieee Infrastructure Wireless LAN Configuration Diagram F-1 Peer-to-Peer Communication in an Ad-hoc Network Diagram F-2 ESS Provides Campus-Wide Coverage Page Security Flaws with Ieee Appendix G Wireless LAN With IeeeDeployment Issues with Ieee Advantages of the Ieee Diagram G-1 Sequences for EAP MD5-Challenge Authentication EAP-MD5 Message-Digest Algorithm Appendix H Types of EAP AuthenticationEAP-TTLS Tunneled Transport Layer Service EAP-TLS Transport Layer Security Certificate Server Difficulty Wireless SecurityCertificate Client Dynamic Key Types of Antennas For Wlan Antenna CharacteristicsAppendix Antenna Selection and Positioning Recommendation Positioning Antennas Example Appendix J Brute-Force Password Guessing ProtectionChart 6 Brute-Force Password Guessing Protection Commands Page Triangle Route Solutions Ideal SetupTriangle Route Problem Appendix K Triangle Route Diagram K-4 Gateways on the WAN Side How To Configure Triangle RouteDiagram K-3 IP Alias Gateways on the WAN Side Appendix L Index BSS Ibss See NAT See Ttls Wlan