ZyXEL Communications NBG4115

Chapter 13 Firewall

User’s Guide

146

Contents

Main NBG4115 Wireless N-lite 3G Router Page About This User's Guide Intended Audience Tips for Reading Users Guides On-Screen Related Documentation Documentation Feedback Need More Help? Customer Support Document Conventions Warnings and Notes Warnings tell you about things that could harm you or your device. Syntax Conventions Icons Used in Figures Safety Warnings Safety Warnings Contents Overview Page Table of Contents Page Page Page Part IV: Management............................................................................ 151 Part V: Maintenance and Troubleshooting........................................ 179 Part VI: Appendices and Index ........................................................... 209 Page PART I Page CHAPTER 1 Introduction WLAN 1.1 Overview 1.2 Applications 1.3 Ways to Manage the NBG4115 1.4 Good Habits for Managing the NBG4115 Figure 2 Front Panel 1.5 LEDs Chapter 1 Introduction Table 1 Front Panel LEDs and WPS Button LED COLOR STATUS DESCRIPTION Page CHAPTER 2 The WPS Button 2.1 Overview Page CHAPTER 3 The Web Configurator 3.1 Overview 3.2 Accessing the Web Configurator Page Figure 4 Selecting the setup mode 3.3 Resetting the NBG4115 3.3.1 Procedure to Use the Reset Button 3.4 Navigating the Web Configurator 3.5 The Status Screen in Router Mode Figure 5 Web Configurator Status Screen Table 2 Status Screen Icon Key Chapter 3 The Web Configurator Users Guide 31 Table 3 Web Configurator Status Screen 3.5.1 Navigation Panel Table 3 Web Configurator Status Screen (continued) Page 3.5.2 Summary: DHCP Table Figure 6 Summary: DHCP Table 3.5.3 Summary: Packet Statistics Figure 7 Summary: Packet Statistics Table 5 Summary: DHCP Table 3.5.4 Summary: WLAN Station Status Figure 8 Summary: Wireless Association List Table 6 Summary: Packet Statistics Table 7 Summary: Wireless Association List Page CHAPTER 4 Connection Wizard Figure 9 Select Wizard or Advanced Mode 4.1 Overview 4.2 Wizard Setup 4.3 STEP 1: System Information 4.3.1 System Name 4.3.2 Domain Name Figure 12 Wizard Step 1: System Information Table 8 Wizard Step 1: System Information Chapter 4 Connection Wizard 4.4 STEP 2: Wireless LAN Set up your wireless LAN using the following screen. Figure 13 Wizard Step 2: Wireless LAN Table 9 Wizard Step 2: Wireless LAN 4.4.1 Extend (WPA-PSK or WPA2-PSK) Security 4.5 STEP 3: Internet Configuration 4.5.1 Ethernet Connection 4.5.2 PPPoE Connection Figure 17 Wizard Step 3: PPPoE Connection Table 12 Wizard Step 3: PPPoE Connection 4.5.3 PPTP Connection Chapter 4 Connection Wizard Users Guide 47 Table 13 Wizard Step 3: PPTP Connection 4.5.4 Mobile 3G Table 14 Wizard Step 3: Mobile 3G Connection 4.5.5 Your IP Address Figure 20 Wizard Step 3: Your IP Address 4.5.6 WAN IP Address Assignment Table 15 Wizard Step 3: Your IP Address Table 16 Private IP Address Ranges 4.5.7 IP Address and Subnet Mask 4.5.8 DNS Server Address Assignment 4.5.9 WAN IP and DNS Server Address Assignment Figure 21 Wizard Step 3: WAN IP and DNS Server Addresses Table 17 Wizard Step 3: WAN IP and DNS Server Addresses 4.5.10 WAN MAC Address Figure 22 Wizard Step 3: WAN MAC Address Table 17 Wizard Step 3: WAN IP and DNS Server Addresses Table 18 Example of Network Properties for LAN Servers with Fixed IP Addresses 4.6 Connection Wizard Complete Figure 23 Connection Wizard Complete Table 19 Wizard Step 3: WAN MAC Address Page CHAPTER 5 AP Mode AB 5.1 Overview 5.2 Setting your NBG4115 to AP Mode 5.3 The Status Screen in AP Mode Chapter 5 AP Mode Users Guide 57 The following table describes the labels shown in the Status screen. Table 20 Web Configurator Status Screen 5.3.1 Navigation Panel Figure 27 Menu: AP Mode Table 20 Web Configurator Status Screen (continued) Table 21 Screens Summary Chapter 5 AP Mode 5.4 LAN Settings Table 21 Screens Summary Table 22 Network > LAN > IP 5.5 WLAN and Maintenance Settings 5.6 Logging in while in AP Mode Page CHAPTER 6 Tutorials 6.1 Overview 6.2 Set Up a 3G Connection Page 6.3 Set Up the NBG4115 for Gaming Page Page 6.4 Set Up a Wireless Network with WPS Note: The wireless client must be a WPS-aware device (for example, a WPS USB adapter or PCI card). 6.4.1 Push Button Configuration (PBC) Wireless Client ZyXEL Device 6.4.2 PIN Configuration Figure 30 Example WPS Process: PIN Method 6.5 Configure Wireless Security without WPS Figure 31 Tutorial: Network > Wireless LAN > General Figure 32 Tutorial: Status Screen 6.5.1 Configure Your Notebook Page Figure 36 Link Status 6.6 Bandwidth Management 6.6.1 Bandwidth Management by Application 6.6.2 Custom Bandwidth Management 6.6.3 Bandwidth Management by IP or IP Range Figure 39 Tutorial: Bandwidth Allocation Example Page Page PART II Page CHAPTER 7 Wireless LAN AP 7.1 Overview Figure 41 Example of a Wireless Network 7.1.1 What You Can Do in this Chapter 7.1.2 What You Should Know Wireless Security Overview SSID MAC Address Filter User Authentication Encryption WPS 7.2 General The following table describes the general wireless LAN labels in this screen. See the rest of this chapter for information on the other labels in this screen. Table 26 Network > Wireless LAN > General 7.2.1 No Security 7.2.2 WEP Encryption Figure 44 Network > Wireless LAN > General: Static WEP Table 28 Network > Wireless LAN > General: Static WEP 7.2.3 WPA-PSK/WPA2-PSK Figure 45 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK Table 28 Network > Wireless LAN > General: Static WEP 7.3 MAC Filter Table 29 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK Figure 46 Network > Wireless LAN > MAC Filter Table 30 Network > Wireless LAN > MAC Filter 7.4 Advanced Click Network > Wireless LAN > Advanced. The screen appears as shown. Figure 47 Network > Wireless LAN > Advanced The following table describes the labels in this screen. Table 31 Network > Wireless LAN > Advanced 7.5 QoS Figure 48 Network > Wireless LAN > QoS Table 32 Network > Wireless LAN > QoS 7.5.1 Application Priority Configuration Figure 49 Network > Wireless LAN > QoS: Application Priority Configuration Table 32 Network > Wireless LAN > QoS (continued) Network > Wireless LAN > QoS: Application Priority Configuration (continued) 7.6 WPS Figure 50 WPS Table 33 WPS 7.7 WPS Station 7.8 Scheduling Figure 52 Scheduling Table 35 Scheduling Note: Entering the same begin time and end time will mean the whole day. Table 35 Scheduling CHAPTER 8 WAN 8.1 Overview Figure 53 LAN and WAN 8.2 What You Can Do in this Chapter 8.2.1 What You Need To Know Encapsulation Method WAN IP Address DNS Server Address Assignment WAN MAC Address Multicast Figure 54 Multicast Example NetBIOS over TCP/IP Auto-Bridge 8.3 Internet Connection 8.3.1 Ethernet Figure 55 Network > WAN > Internet Connection: Ethernet Encapsulation Table 36 Network > WAN > Internet Connection: Ethernet 8.3.2 PPPoE Table 36 Network > WAN > Internet Connection: Ethernet Figure 56 Network > WAN > Internet Connection: PPPoE Table 37 Network > WAN > Internet Connection: PPPoE 8.3.3 PPTP Table 37 Network > WAN > Internet Connection: PPPoE Figure 57 Network > WAN > Internet Connection: PPTP Page 8.3.4 Mobile 3G Table 39 Network > WAN > Internet Connection: Mobile 3G 8.4 Advanced Table 40 WAN > Advanced CHAPTER 9 LAN DSL 9.1 Overview 9.1.1 What You Can Do in this Chapter LAN and WAN IP Addresses Figure 60 LAN and WAN IP Addresses IP Pool Setup LAN TCP/IP 9.3 IP Figure 61 Network > LAN > IP Table 41 Network > LAN > IP Page CHAPTER 10 DHCP Server 10.1 Overview 10.1.1 What You Can Do in this Chapter 10.1.2 What You Need To Know 10.2 General Figure 62 Network > DHCP Server > General Table 42 Network > DHCP Server > General 10.3 Advanced Figure 63 Network > DHCP Server > Advanced Table 43 Network > DHCP Server > Advanced 10.4 Client List Table 43 Network > DHCP Server > Advanced Figure 64 Network > DHCP Server > Client List Table 44 Network > DHCP Server > Client List Page CHAPTER 11 NAT 11.1 Overview A: 192.168.1.33 WANLAN 11.1.1 What You Can Do in this Chapter 11.1.2 What You Need To Know Note: NAT never changes the IP address (either local or global) of an outside host. Inside/Outside Global/Local What NAT Does How NAT Works Figure 66 How NAT Works 11.2 General Figure 67 Network > NAT > General Table 46 Network > NAT > General 11.3 Application Chapter 11 NAT Table 47 NAT Application (continued) 11.4 Advanced Table 48 Network > NAT > Advanced 11.5 Technical Reference 11.5.1 NATPort Forwarding: Services and Port Numbers 11.5.2 NAT Port Forwarding Example Table 48 Network > NAT > Advanced Figure 70 Multiple Servers Behind NAT Example 11.5.3 Trigger Port Forwarding 11.5.4 Trigger Port Forwarding Example Figure 71 Trigger Port Forwarding Process: Example 11.5.5 Two Points To Remember About Trigger Ports CHAPTER 12 DDNS 12.1 Overview 12.1.1 What You Can Do in this Chapter 12.1.2 What You Need To Know 12.2 General Figure 72 Dynamic DNS Table 49 Dynamic DNS Chapter 12 DDNS Users Guide 137 Page Page Page CHAPTER 13 Firewall A 13.1 Overview Figure 73 Default Firewall Action 13.1.2 What You Need To Know What is a Firewall? Stateful Inspection Firewall About the NBG4115 Firewall Guidelines For Enhancing Security With Your Firewall 13.2 General Figure 74 Security > Firewall > General l 13.3 Services Table 50 Security > Firewall > General Chapter 13 Firewall Figure 75 Security > Firewall > Services l Table 51 Security > Firewall > Services Page CHAPTER 14 Content Filtering 14.1 Overview 14.1.1 What You Can Do in this Chapter 14.1.2 What You Need To Know 14.2 Filter Figure 76 Security > Content Filter > Filter 14.3 Technical Reference 14.3.1 Customizing Keyword Blocking URL Checking Domain Name or IP Address URL Checking Table 52 Security > Content Filter > Filter Full Path URL Checking File Name URL Checking Page Page CHAPTER 15 Static Route 15.1 Overview Figure 77 Example of Static Routing Topology 15.1.1 What You Can Do in this Chapter 15.2 IP Static Route Figure 78 Management > Static Route > IP Static Route Table 53 Management > Static Route > IP Static Route 15.2.1 Static Route Setup Screen Figure 79 Management > Static Route > IP Static Route: Static Route Setup Table 54 Management > Static Route > IP Static Route: Static Route Setup Page CHAPTER 16 Bandwidth Management AB 16.1 Overview Figure 80 Bandwidth Management 16.2 General Figure 81 Management > Bandwidth MGMT > General Note: You cannot apply both bandwidth management types at the same time. 16.3 Advanced Table 55 Management > Bandwidth MGMT > General Figure 82 Management > Bandwidth MGMT > Advanced Table 56 Management > Bandwidth MGMT > Advanced Table 56 Management > Bandwidth MGMT > Advanced (continued) 16.3.1 Pre-Configured Gaming Ports 16.3.2 Priority Levels 16.3.3 User Defined Service Rule Configuration Figure 83 Management > Bandwidth MGMT > Advanced: Allocation Setup Table 57 Preconfigured Gaming Ports 16.3.4 Predefined Bandwidth Management Services Table 59 Media Bandwidth Management Setup: Services SERVICE DESCRIPTION 16.3.5 Services and Port Numbers See Appendix F on page 263 for commonly used services and port numbers. Table 59 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION CHAPTER 17 Remote Management 17.1 Overview 17.1.1 What You Can Do in this Chapter 17.1.2 What You Need To Know 17.2 WWW Figure 84 Management > Remote MGMT > WWW Table 60 Note: This only applies on WAN IP. Page CHAPTER 18 UPnP 18.1 Overview 18.1.1 What You Can Do in this Chapter 18.1.2 What You Need to Know 18.2 General Figure 85 Management > UPnP > General 18.3 Technical Reference 18.3.1 Installing UPnP in Windows XP Figure 86 Network Connections Table 61 Management > UPnP > General Figure 87 Windows Optional Networking Components Wizard 18.3.1.1 Using UPnP in Windows XP Example Page Page Page Page Page Page PART V Page CHAPTER 19 System Figure 98 Maintenance > System > General 19.1 Overview 19.1.1 What You Can Do in this Chapter Table 62 Maintenance > System > General 19.3 Time Setting Figure 99 Maintenance > System > Time Setting Page Page Page CHAPTER 20 Logs 20.1 Overview 20.1.1 What You Can Do in this Chapter 20.2 View Log Figure 100 Maintenance > Logs > View Log Table 64 Maintenance > Logs > View Log CHAPTER 21 Tools 21.1 Overview 21.1.1 What You Can Do in this Chapter 21.2 Firmware Figure 101 Maintenance > Tools > Firmware Note: Do not turn off the NBG4115 while firmware upload is in progress! Table 65 Maintenance > Tools > Firmware Page 21.3 Configuration Figure 105 Maintenance > Tools > Configuration 21.3.1 Backup Configuration 21.3.2 Restore Configuration Note: Do not turn off the NBG4115 while configuration file upload is in progress Figure 106 Configuration Restore Successful Figure 107 Temporarily Disconnected Table 66 Maintenance Restore Configuration 21.4 Restart CHAPTER 22 Sys OP Mode 22.1 Overview 22.1.1 What You Can Do in this Chapter 22.1.2 What You Need to Know 22.2 General Figure 114 Maintenance > Sys Op Mode > General: AP Table 67 Maintenance > Sys OP Mode > General Note: If you select the incorrect System Operation Mode you cannot connect to the Internet. Page CHAPTER 23 Language Page CHAPTER 24 Troubleshooting 24.1 Overview 24.2 Power, Hardware Connections, and LEDs The NBG4115 does not turn on. None of the LEDs turn on. 24.3 NBG4115 Access and Login I dont know the IP address of my NBG4115. I forgot the password. I cannot see or access the Login screen in the Web Configurator. I can see the Login screen, but I cannot log in to the NBG4115. 24.4 Internet Access I cannot access the Internet. The Internet connection is slow or intermittent. 24.5 Resetting the NBG4115 to Its Factory Defaults You will lose all of your changes when you push the RESET button. 24.6 Wireless Router/AP Troubleshooting I cannot access the NBG4115 or ping any computer from the WLAN (wireless AP or router). I set up URL keyword blocking, but I can still access a website that should be blocked. I can access the Internet, but I cannot open my network folders. I can access the Web Configurator after I switched to AP mode. Page PART VI Page Users Guide 211 APPENDIX A Product Specifications The following tables summarize the NBG4115s hardware and firmware features. Table 68 Hardware Features Appendix A Product Specifications Table 69 Firmware Features FEATURE DESCRIPTION Note: Only upload firmware for your specific model! Appendix A Product Specifications Users Guide 213 Table 69 Firmware Features FEATURE DESCRIPTION Page APPENDIX B Pop-up Windows, JavaScripts and Java Permissions Internet Explorer Pop-up Blockers Disable pop-up Blockers Figure 117 Internet Options: Privacy Enable pop-up Blockers with Exceptions Page Page Figure 120 Internet Options: Security Page Page Page APPENDIX C IP Addresses and Subnetting Introduction to IP Addresses Structure Figure 124 Network Number and Host ID Subnet Masks Table 70 Subnet Mask - Identifying Network Number Network Size Table 71 Subnet Masks Table 70 Subnet Mask - Identifying Network Number Notation Table 72 Maximum Host Numbers Table 73 Alternative Subnet Mask Notation Subnetting Figure 125 Subnetting Example: Before Subnetting Figure 126 Subnetting Example: After Subnetting Example: Four Subnets Table 74 Subnet 1 Table 75 Subnet 2 Table 76 Subnet 3 Table 77 Subnet 4 Example: Eight Subnets Subnet Planning Table 77 Subnet 4 (continued) Table 78 Eight Subnets Table 79 24-bit Network Number Subnet Planning Configuring IP Addresses Table 80 16-bit Network Number Subnet Planning Private IP Addresses APPENDIX D Setting up Your Computers IP Address Windows 95/98/Me Figure 127 WIndows 95/98/Me: Network: Configuration Installing Components Configuring Figure 128 Windows 95/98/Me: TCP/IP Properties: IP Address Figure 129 Windows 95/98/Me: TCP/IP Properties: DNS Configuration Page Page Figure 133 Windows XP: Local Area Connection Properties Figure 134 Windows XP: Internet Protocol (TCP/IP) Properties Figure 135 Windows XP: Advanced TCP/IP Properties Figure 136 Windows XP: Internet Protocol (TCP/IP) Properties Page Figure 138 Macintosh OS 8/9: TCP/IP Page Linux Note: Make sure you are logged in as the root administrator. Figure 141 Red Hat 9.0: KDE: Network Configuration: Devices Using the K Desktop Environment (KDE) Page Figure 144 Red Hat 9.0: KDE: Network Configuration: Activate Using Configuration Files Figure 145 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 Figure 146 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 Figure 147 Red Hat 9.0: DNS Settings in resolv.conf Figure 148 Red Hat 9.0: Restart Ethernet Card 24.6.1 Verifying Settings Figure 149 Red Hat 9.0: Checking TCP/IP Properties APPENDIX E Wireless LANs Wireless LAN Topologies Ad-hoc Wireless LAN Configuration Figure 150 Peer-to-Peer Communication in an Ad-hoc Network ESS Figure 152 Infrastructure WLAN Channel RTS/CTS Figure 153 RTS/CTS Fragmentation Threshold Preamble Type Note: The AP and the wireless stations MUST use the same preamble mode in order to communicate. IEEE 802.11g Wireless LAN IEEE 802.1x RADIUS Table 81 IEEE 802.11g Types of RADIUS Messages Types of Authentication EAP-MD5 (Message-Digest Algorithm 5) EAP-TLS (Transport Layer Security) EAP-TTLS (Tunneled Transport Layer Service) PEAP (Protected EAP) LEAP Dynamic WEP Key Exchange WPA(2) Encryption Table 82 Comparison of EAP Authentication Types User Authentication 24.6.2 WPA(2)-PSK Application Example Figure 154 WPA(2)-PSK Authentication 24.6.3 WPA(2) with RADIUS Application Example Security Parameters Summary Table 83 Wireless Security Relational Matrix APPENDIX F Services Table 84 Examples of Services Page Page Page APPENDIX G Legal Information Copyright Disclaimer Certifications FCC Radiation Exposure Statement Industry Canada Statement IMPORTANT NOTE: IC Radiation Exposure Statement: ! Notices Viewing Certifications ZyXEL Limited Warranty Note Registration End-User License Agreement Page Page Page Page Index A B C D E F G H I M N O P Q S T U V W X