ZyXEL Communications P-2302R Series 188

P-2302R Series User’s Guide

Table 57 Access Control Logs (continued)

LOG MESSAGE	DESCRIPTION

Exceed maximum sessions per host (%d).	The device blocked a session because the host's
	connections exceeded the maximum sessions per host.
Firewall allowed a packet that matched a	A packet from the WAN (TCP or UDP) matched a cone
NAT session: [ TCP UDP ]	NAT session and the device forwarded it to the LAN.

Table 58 TCP Reset Logs

LOG MESSAGE	DESCRIPTION

Under SYN flood attack,	The router sent a TCP reset packet when a host was under a SYN
sent TCP RST	flood attack (the TCP incomplete count is per destination host.)
Exceed TCP MAX	The router sent a TCP reset packet when the number of TCP
incomplete, sent TCP RST	incomplete connections exceeded the user configured threshold.
	(the TCP incomplete count is per destination host.)
Peer TCP state out of	The router sent a TCP reset packet when a TCP connection state
order, sent TCP RST	was out of order.Note: The firewall refers to RFC793 Figure 6 to
	check the TCP state.
Firewall session time	The router sent a TCP reset packet when a dynamic firewall
out, sent TCP RST	session timed out.
	The default timeout values are as follows:
	ICMP idle timeout: 3 minutes
	UDP idle timeout: 3 minutes
	TCP connection (three way handshaking) timeout: 270 seconds
	TCP FIN-wait timeout: 2 MSL (Maximum Segment Lifetime set in
	the TCP header).
	TCP idle (established) timeout (s): 150 minutes
	TCP reset timeout: 10 seconds

Exceed MAX incomplete,	The router sent a TCP reset packet when the number of
sent TCP RST	incomplete connections (TCP and UDP) exceeded the user-
	configured threshold. (Incomplete count is for all TCP and UDP
	connections through the firewall.)Note: When the number of
	incomplete connections (TCP + UDP) > “Maximum Incomplete
	High”, the router sends TCP RST packets for TCP connections
	and destroys TOS (firewall dynamic sessions) until incomplete
	connections < “Maximum Incomplete Low”.
Access block, sent TCP	The router sends a TCP RST packet and generates this log if you
RST	turn on the firewall TCP reset mechanism (via CI command: sys
	firewall tcprst).

Table 59 Packet Filter Logs

LOG MESSAGE		DESCRIPTION

[ TCP UDP ICMP IGMP		Attempted access matched a configured filter rule (denoted by
Generic	] packet filter	its set and rule number) and was blocked or forwarded
matched	(set: %d, rule: %d)	according to the rule.

187	Chapter 18 Logs

Contents

User’s Guide Page Disclaimer Trademarks Notice Certifications Page Page Note Registration Page Page Page Page System Screens Page Phone Phone Book Phone Usage Network Address Translation (NAT) Screens Static Route Content Filtering Remote Management Screens Universal Plug-and-Play(UPnP) Bandwidth Management Maintenance Chapter Introducing the SMT LAN Setup Internet Access Remote Node Configuration Static Route Setup Enabling the Firewall SNMP Configuration System Information and Diagnosis Firmware and Configuration File Maintenance Remote Management Call Scheduling Troubleshooting Page Page Page Page Page Page Page Page Page Page Page About This User's Guide Related Documentation User Guide Feedback Syntax Conventions Graphics Icons Key 1.1 Prestige 2302R VoIP Station Gateway Series Overview 1.2Prestige 2302RL VoIP Analog Telephone Adaptor with Lifeline 1.3 Features Firewall Content Filtering Custom Ring Tones Bandwidth Management SIP ALG Reset Button Multiple Telephones PSTN Lifeline Dynamic Jitter Buffer Multiple SIP Accounts Voice Coding Voice Activity Detection/Silence Suppression Comfort Noise Generation Echo Cancellation QoS (Quality of Service) Network Address Translation (NAT) Universal Plug and Play (UPnP) DHCP (Dynamic Host Configuration Protocol) Port Forwarding Dynamic DNS Support 1.4 LEDs 1.5 Applications 1.5.2 Make Calls via IP-PBX 1.5.3 Make Peer-to-peerCalls Page 2.1 Web Configurator Overview 2.2Accessing the Prestige Web Configurator 2.3 Resetting the Prestige 2.4Navigating the Prestige Web Configurator Page Page 2.5 Common Screen Command Buttons 3.1 Wizard Setup Overview 3.2 Wizard 1: General Setup 3.3 Wizard 2: ISP Parameters for Internet Access 3.3.2 PPPoE Encapsulation Page 3.4 Wizard 3: WAN Setup Page 3.5 Wizard 4: SIP 1 Setup Page SIP Server Address 3.6 Wizard Setup Complete Page Page 4.1 System Overview 4.2 DNS Overview 4.3General Screen 4.4System General Configuration Page 4.5 Dynamic DNS 4.6 Configuring Dynamic DNS Figure 16 DDNS Table 9 DDNS 4.7 Configuring Password 4.8 Pre-definedNTP Time Servers List 4.9 Configuring Time Setting Page 4.9.1 Resetting the Time Page 5.1 LAN Overview 5.2 IP Address and Subnet Mask 5.3 DHCP Setup 5.4 LAN TCP/IP 5.5 DNS Server Address 5.6 RIP Setup 5.7 Multicast 5.8 Any IP 5.8.0.1 How Any IP Works 5.9 Configuring LAN Table 13 LAN IP 5.10 Configuring IP Alias Page Page 6.1 WAN Overview 6.2 Configuring ISP 6.2.2 PPPoE Encapsulation PPP over Ethernet PPPoE 6.3 WAN IP Address Assignment 6.4 Configuring WAN IP Get automatically from ISP (Default Use fixed IP Address Figure 25 WAN: IP Table 18 WAN: IP Page 6.5 Configuring WAN MAC Factory Default 7.1 VoIP Introduction 7.2 Introduction to SIP 7.2.1.1 SIP Number 7.2.1.2 SIP Service Domain 7.2.3.1 SIP User Agent 7.2.3.2 SIP Proxy Server 7.2.3.3 SIP Redirect Server 7.2.3.4 SIP Register Server 7.3 NAT 7.3.2 NAT Types 7.3.2.1 Full Cone NAT 7.3.2.2 Restricted Cone NAT 7.3.2.3 Port Restricted Cone NAT 7.3.2.4 Symmetric NAT 7.4 NAT and SIP 7.5 SIP ALG 7.6 Use NAT 7.7 STUN 7.8 Outbound Proxy 7.9 Voice Coding 7.10 PSTN Call Setup Signaling 7.11 MWI (Message Waiting Indication) 8.1 VoIP Introduction 8.2 VoIP Configuration Figure 37 VoIP Table 21 VoIP 8.3 Custom Tones (IVR) 8.3.0.1 Recording Custom Tones 8.3.0.2Listening to Custom Tones 8.3.0.3Deleting Custom Tones 8.4Advanced VoIP Settings Configuration Page Page Page 8.5 Quality of Service (QoS) 8.5.2.1 DSCP and Per-HopBehavior 8.6 QoS Configuration 9.1 Phone Introduction 9.2 Phone Port Configuration Figure 41 Phone Port 9.3 Supplementary Phone Services Overview 9.3.2 Europe Type Supplementary Phone Services 9.3.2.1 European Call Hold 9.3.2.2 European Call Waiting 9.3.2.3European Call Transfer 9.3.2.4European Three-WayConference 9.3.3USA Type Supplementary Services 9.3.3.1 USA Call Hold 9.3.3.2 USA Call Waiting 9.3.3.3 USA Call Transfer 9.3.3.4USA Three-WayConference 9.4Common Phone Configuration Page Page 10.1 Phone Book Introduction 10.1.1.1 Peer-to-PeerCalls 10.2 Speed Dial Configuration Figure 43 Speed Dial 10.3 Call Forward Page Page 10.4 Lifeline Configuration (Prestige 2302RL) 11.1 Dialing a Telephone Number 11.2 Using Speed Dial to Dial a Telephone Number 11.3 Internal Calls 11.4 Checking the Prestige’s IP Address 11.5 Auto Firmware Upgrade 12.1 NAT Overview 12.1.2 What NAT Does 12.1.3 How NAT Works 12.1.4 NAT Application 12.1.5 NAT Mapping Types Many to One Many-to-Many Overload 12.2 SUA (Single User Account) Versus NAT 12.3 SUA Server 12.3.1 Default Server IP Address 12.3.2 Port Forwarding: Services and Port Numbers 12.4 Configuring SUA Server Page 12.5 Configuring Address Mapping Page 12.5.1 Configuring Address Mapping 12.6 Trigger Port Forwarding 12.7 Configuring Trigger Port Forwarding Page Page 13.1 Static Route Overview 13.2 Configuring IP Static Route 13.2.1 Configuring a Static Route Entry Page Page 14.1 Firewall Introduction 14.2Firewall Settings Screen Page 14.3 The Firewall, NAT and Remote Management 14.4 Services Page Page Page 15.1 Introduction to Content Filtering 15.2 Restrict Web Features 15.3 Days and Times 15.4 Configure Content Filtering Page Page Page 16.1 Remote Management Overview 16.2 Configuring Telnet 16.3 Configuring TELNET 16.4 Configuring FTP 16.5 Configuring WWW 16.6 SNMP Page 16.6.1 Supported MIBs 16.6.2 SNMP Traps 16.6.3 Configuring SNMP SNMP Page 16.7 Configuring DNS 16.8 Configuring Security Table 52 Security 17.1 Introducing Universal Plug and Play 17.2 UPnP and ZyXEL 17.3 Installing UPnP in Windows Example Communications Universal Plug and Play Add/Remove Programs Properties 17.3.2 Installing UPnP in Windows XP 1Click Start and Control Panel 2Double-click Network Connections Network Connections Advanced Page 17.4Using UPnP in Windows XP Example Page Page Page 17.4.2 Web Configurator Easy Access 1Click Start and then Control Panel 3Select My Network Places under Other Places Local Network Invoke Page Page 18.1 Configuring View Log Table 54 View Log 18.1.1 Log Message Descriptions Page Page Table 60 ICMP Logs Table 61 CDR Logs Table 62 PPP Logs Table 63 UPnP Logs Page Page Table 68 SIP Logs Table 69 RTP Logs 18.1.2 Syslog Logs 18.2 Configuring Log Settings Page Page 19.1 Bandwidth Management Overview 19.2 Bandwidth Classes and Filters 19.3 Proportional Bandwidth Allocation 19.4 Application-basedBandwidth Management 19.5 Subnet-basedBandwidth Management 19.6 Application and Subnet-basedBandwidth Management 19.7 Scheduler 19.8 Maximize Bandwidth Usage 19.8.2.1 Priority-basedAllotment of Unused and Unbudgeted Bandwidth 19.8.2.2Fairness-basedAllotment of Unused and Unbudgeted Bandwidth 19.9Bandwidth Borrowing 19.10Configuring Summary Page 19.11 Configuring Class Setup 19.11.1 Bandwidth Manager Class Configuration Sub-Class Page 19.11.2 Bandwidth Management Statistics Bandwidth Management Statistics Statistics 19.12 Configuring Monitor Page Page 20.1 Maintenance Overview 20.2 Status Screen Page 20.2.1 System Statistics Poll Interval(s) 20.3 DHCP Table Screen 20.4 Any IP Table Screen 20.5 F/W Upload Screen Firmware Upload in Process Return F/W Upload 20.6 Configuration Screen 20.6.1Backup Configuration 20.6.2 Restore Configuration Restore Configuration 20.7 Restart Screen Page 21.1 SMT Introduction 21.2 Accessing the SMT via Telnet 21.3 Navigating the SMT Interface Page 21.3.1 System Management Terminal Interface Summary 21.3.2 Prestige SMT Menus Overview 21.4 Changing the System Password New Password Retype to confirm 22.1 General Setup Introduction 22.2 General Setup Configuration 22.2.1 Procedure to Configure Dynamic DNS Edit Dynamic DNS Menu 1.1— Configure Dynamic DNS Page Page 23.1 Introduction to WAN 23.2 WAN Setup Page 24.1 LAN Setup 24.2 TCP/IP Ethernet Setup and DHCP Page 24.2.1 IP Alias Setup Edit IP Alias Menu 3.2.1 - IP Alias Setup Page Page 25.1 Introduction to Internet Access Setup 25.2 Ethernet Encapsulation 25.3 Configuring the PPPoE Client 25.4 Basic Setup Complete Page 26.1 Introduction to Remote Node Setup 26.2 Remote Node Profile Setup Page 26.2.2 PPPoE Encapsulation PPPoE 26.2.2.1 Outgoing Authentication Protocol 26.2.2.2 Nailed-UpConnection 26.3 Edit IP My WAN Addr Gateway IP Addr 26.4 Remote Node Filter 26.4.1 Traffic Redirect Setup Menu 11.6 — Traffic Redirect Setup Page Page 27.1 Static Route Introduction 27.2 IP Static Route Setup Menu 12.1 – Edit IP Static Route Setup 28.1 NAT Introduction 28.2 Applying NAT 28.3 NAT Setup 28.3.1 Address Mapping Sets Enter 1 to bring up Menu 15.1 — Address Mapping Sets 28.3.1.1 User-DefinedAddress Mapping Sets 28.3.1.2 Ordering Your Rules Edit Menu 15.1.1.1 - Address Mapping Rule Local Global Start/End IPs 28.4 Configuring a Server behind NAT 28.5 General NAT Examples Network Address Translation 28.5.2 Example 2: Internet Access with an Inside Server 28.5.3 Example 3: Multiple Public IP Addresses With Inside Servers 1 : Many : Server Menu 15.1 - Address Mapping Sets Network Address Translation Edit Action Start IP 9Enter 2 in Menu 15 - NAT Setup 28.5.4 Example 4: NAT Unfriendly Application Programs Many-to-Many No Overload 28.6 Configuring Trigger Port Forwarding Menu 15.3 — Trigger Port Setup Page 29.1 Remote Management and the Firewall 29.2Access Methods Page 30.1 Introduction to Filters 30.1.1 The Filter Structure of the Prestige 30.2 Configuring a Filter Set Edit Comments Page 30.2.1 Configuring a Filter Rule 30.2.2 Configuring a TCP/IP Filter Rule TCP/IP Filter Rule Filter Type Menu 21.1.x.x - TCP/IP Filter Rule Page Page 30.2.3 Configuring a Generic Filter Rule Offset Length Mask Value Generic Filter Rule Generic Filter Rule 30.3 Example Filter A = Y Type = IP Pr DP 30.4Filter Types and NAT 30.5 Applying a Filter 30.5.1 Applying LAN Filters 30.5.2 Applying Remote Node Filters 31.1 SNMP Introduction 31.2 SNMP Configuration Page 32.1 System Status Page 32.2 System Information 32.2.2 Console Port Speed Menu 24.2.2 – System Maintenance – Console Port Speed 32.3 Log and Trace Page 32.3.1.1 CDR 32.3.1.2 Packet triggered 32.3.1.3 Filter log 32.3.1.4 PPP log 32.4 Diagnostic 32.4.1 WAN DHCP IP Address Assignment Dynamic Encapsulation Ethernet Page Page 33.1 Filename Conventions 33.2 Backup Configuration 33.2.2 Using the FTP Command from the Command Line 33.2.3Example of FTP Commands from the Command Line 33.2.4 GUI-basedFTP Clients 33.2.5 TFTP and FTP over WAN Management Limitations 33.2.6 Backup Configuration Using TFTP 33.2.7 TFTP Command Example 33.2.8 GUI-basedTFTP Clients 33.3 Restore Configuration 33.4 Uploading Firmware and Configuration Files 33.4.2 Configuration File Upload 33.4.3 FTP File Upload Command from the DOS Prompt Example 33.4.4 FTP Session Example of Firmware File Upload 33.4.5 TFTP File Upload 33.4.6 TFTP Upload Command Example 34.1 Command Interpreter Mode 34.2 Call Control Support 34.2.2 Call History 34.3 Time and Date Setting Page Page Disable Enter 11 from menu 24 to bring up Menu 24.11 – Remote Management Control Secure Client IP Menu 11.1 — Remote Node Profile Menu 26 — Schedule Setup Menu 26.1 — Schedule Set Setup Duration Main Menu PPPoA Page 37.1 Problems Starting Up the Prestige 37.2 Problems with the LAN Interface 37.3 Problems with the WAN Interface 37.4 Problems with Internet Access 37.5 Problems with the Password 37.6 Problems with the Web Configurator 37.7 Problems with a Telephone or the Telephone Port 37.8 Problems with Voice Service 37.9 Pop-upWindows, JavaScripts and Java Permissions 37.9.1.1Disable Pop-upBlockers 37.9.1.2Enable Pop-upBlockers with Exceptions Allowed sites Close 37.9.2JavaScripts Custom Level Scripting Active scripting Scripting of Java applets 37.9.3 Java Permissions Microsoft VM Java permissions 37.9.3.1 JAVA (Sun) Figure 199 Java (Sun) Page Specification Tables Page Wall Mounting Specifications Power Adaptor Specifications Page Page Page Windows 95/98/Me Installing Components Adapter Protocol Microsoft manufacturers Configuring Obtain an IP address automatically Specify an IP address Subnet Mask Disable DNS Windows 2000/NT/XP 3Right-click Local Area Connection and then click Properties Internet Protocol (TCP/IP) •Click Advanced IP Settings TCP/IP Address IP address Subnet mask Use the following DNS server addresses Preferred DNS server Alternate DNS server Macintosh OS 8/9 2Select Ethernet built-in from the Connect via list Using DHCP Server Configure: Macintosh OS Apply Now IP Addressing IP Classes Subnet Masks Subnetting Example: Two Subnets Page Example: Four Subnets Example Eight Subnets Subnetting With Class A and Class B Networks Page PPPoE in Action Benefits of PPPoE Traditional Dial-upScenario How PPPoE Works Prestige as a PPPoE Client The Ideal Setup The “Triangle Route” Problem The “Triangle Route” Solutions IP Aliasing Gateways on the WAN Side Configuring Triangle Route via Commands Page Enabling/Disabling the SIP ALG Signaling Session Timeout Audio Session Timeout Page Numerics