Block, Match | ZyXEL Communications P-312 specification

P312 Broadband Security Gateway

Table 16-2 Firewall Rules Summary – First Screen

Field

Description

General

Option

Name	This is the name of the firewall rule set.
Default Permit Log	Check this box to log all matched rules in the ACL
	default set.
The default action for packets	Should packets that do not match the following rules	Block
not matching following rules.	be blocked or forwarded? Make your choice from	Forward
	the drop down list box. Note that “block” means the	Forward
	the drop down list box. Note that “block” means the
	firewall silently discards the packet.

Firewall Rule Summary	The following fields summarize the rules you have
	created. Note that these fields are read only. Click
	the tab at the top of the box to order the rules
	according to that tab.
No	This is your firewall rule number. The ordering of
	your rules is important as rules are applied in turn.
	The Move field below allows you to reorder your
	rules.
Source IP	This is the source address of the packet.
Destination IP	This is the destination address of the packet.
Service	This is the service to which the rule applies. See
	Table 16-1for more information.
Action	This is the specified action for that rule. Note that	Block
	“block” means the firewall silently discards the	Forward
	packet.	Forward
	packet.
Log	This field shows you if a log is created for packets	Match
	that match the rule, don’t match the rule, both or no	Not Match
	log is created.	Not Match
	log is created.	Both
		Both
		None
Alert	This field tells you whether this rule generates an	Yes
	alert or not when the rule is matched.	No
		No

Apply	Press this button to create a new firewall rule. New
	firewall rules are added at the end after existing
	firewall rules. See section 16.5.1 for more details.

Edit	Press this button to edit an existing filter rule. See

Creating Custom Rules

16-7

Image 187

ZyXEL Communications P-312 manual Block, Match

Contents

Prestige Disclaimer CopyrightTrademarks Federal Communications Commission FCC Interference Statement Information for Canadian Users Version Declaration of Conformity P312 Broadband Security Gateway CE Doc ZyXEL Limited Warranty Information in Menu 24.2.1 -System Information Customer Support Table of Contents LAN Port Filter Setup Chapter Advanced Management 12-1 13-1 Firewall and Content Filters 17-1 Pptp 21-1 Menu 11.1 Remote Node Profile for Ethernet Encapsulation List of Figures List Of Figures Xvii Xviii List Of Figures Xix Menu 21 Filter and Firewall Setup 14-1 List Of Figures Xxi Page List Of Tables Xxiv List of Tables Xxv Page About Your Router PrefaceStructure of this Manual Syntax Conventions Related Documentation Part Page Getting to Know Your Prestige Features of The PrestigePrestige 312 Broadband Security Gateway IP Multicast Dhcp Dynamic Host Configuration ProtocolTime and Date Setting Dynamic DNS Support Logging and Tracing Broadband Internet Access via Cable or xDSL ModemUpgrade Prestige Firmware via LAN Applications for Prestige Secure Internet Access via DSL LED functions Hardware Installation & Initial SetupFront Panel LEDs and Back Panel Ports Front Panel LEDs WAN Prestige 312 Rear Panel and Connections Additional Installation Requirements Initial Screen HousingPower Up Your Prestige Entering Password Enter Main Menu CommandsNavigating the SMT Interface Operation Keystrokes Description Main Menu Summary Main MenuSystem Management Terminal Interface Summary Prestige 312 Main Menu Resetting the Prestige Changing the System Password Dynamic DNS General SetupDyndns Wildcard Field Description Example Configuring Dynamic DNSGeneral Setup Menu Field Configure Menu 1.1 Configure Dynamic DNS discussed next Me.ddns.org WAN SetupConfigure Dynamic DNS Menu Fields Yes WAN Setup Menu Fields LAN Setup 10 Menu 3 LAN Setup LAN Port Filter Setup IP Address and Subnet Mask Internet AccessFactory LAN Defaults TCP/IP and Dhcp for LAN Private IP Addresses RIP Setup DNS Server Address Dhcp ConfigurationIP Pool Setup IP Multicast IP Alias TCP/IP and Dhcp Ethernet SetupPhysical Network Partitioned Logical Networks Menu 3 LAN Setup 10/100 Mbps Ethernet LAN TCP/IP Setup Menu Fields LAN Dhcp Setup Menu Fields Menu 3.2.1 IP Alias Setup IP Alias SetupIP Alias Setup Menu Fields RIP-1 Internet Access SetupEthernet Encapsulation Only/Out Only Pptp Encapsulation Internet Access Setup Menu Fields Prestige automatically disconnects from the Pptp server Configuring the Pptp ClientPPPoE Encapsulation New Fields in Menu 4 Pptp screen Internet Access Setup PPPoE New Fields in Menu 4 PPPoE screen Basic Setup Complete Advanced Applications Remote Node Profile Remote Node Setup Fields in Menu Nailed-Up Connection Fields in Menu 11.1 PPPoE Encapsulation Specific Fields in Menu 11.1 Pptp Encapsulation Remote Node Network Layer Options Menu Fields Editing TCP/IP Options with Ethernet Encapsulation 2B/RIP-2M and None Multicast Editing TCP/IP Options with Pptp EncapsulationPrivate Version Remote Node Network Layer Options None/In Only/Out Only and None Remote Node FilterEditing TCP/IP Options with PPPoE Encapsulation Yes/No Remote Node Filter Ethernet Encapsulation Example of Static Routing Topology IP Static Route Setup Menu 12 IP Static Route Setup IP Static Route Setup Field Description IP Static Route Menu FieldsPage What NAT Does Network Address Translation NATIntroduction NAT Definitions NAT Mapping Types How NAT works NAT Mapping Types SUA Single User Account Versus NATType IP Mapping SMT abbreviation NAT Application SMT MenusApplying NAT in the SMT Menus Applying NAT for Internet Access Applying NAT in Menus 4 Configuring NATField Options Description Network Full Feature Address Mapping Sets and NAT Server Sets Menu 15.1 Address Mapping Sets Server Field Description Options/Example Menu Ordering Your Rules Editing an Individual Rule in a Set Menu 15.1.1.1 configuring an individual rule Multiple Servers behind NAT NAT Server Sets 10 Multiple Servers Behind NAT Configuring a Server behind NAT Services Port Number Internet Access OnlyExamples NAT Example 13 Internet Access & NAT Example Example 3 General Case Example 2 Internet Access with an Inside Server 16 NAT Example 17 Example 3 Menu 19 Example 3 Final Menu 21 NAT Example Example 4 -NAT Unfriendly Application Programs 22 Example 4- Menu 15.1.1.1 Address Mapping Rule Advanced Management Page About Filtering Filter Configuration Filter Structure of the Prestige Rule Forward Drop Filter Rule Process Menu 21 Filter and Firewall Setup Configuring a Filter Set NetBIOSWAN Filter Rules Summary Action Not Matched will be N/A Refers to Action Matched Filter Rules Summary MenuAbbreviations Used in the Filter Rules Summary Menu Abbreviations Description Display Abbreviations Used If Filter Type Is GEN Configuring a Filter Rule3 TCP/IP Filter Rule Abbreviations Used If Filter Type Is IP TCP/IP Filter Rule Menu Fields Menu 21.1.1.1 TCP/IP Filter Rule Action Matched None/Less/GreaterEqual/Not Equal Yes / No Following diagram illustrates the logic flow of an IP filter 10 Executing an IP Filter 11 Menu 21.4.1.1 Generic Filter Rule Generic Filter Rule Generic Filter Rule Menu Fields 12 Telnet Filter Example Example Filter 13 Example Filter Menu 14 Example Filter Rules Summary Menu Filter Types and NAT Firewall Applying a Filter and Factory DefaultsLAN traffic 16 Filtering LAN Traffic Remote Node Filters Configuring Snmp Snmp ConfigurationAbout Snmp Field Description Default Snmp Configuration Menu Fields System Information & Diagnosis Menu 24 System Maintenance System Status Menu 24.1 System Maintenance Status Dhcp System Maintenance Status Menu FieldsPPPoE Encapsulation LAN System Information System Information and Console Port Speed Log and Trace Fields in System MaintenanceConsole Port Speed Unix Syslog Viewing Error Log Parameter Description System Maintenance Menu Syslog ParametersCDR CDR PPP log Call-Triggering Packet Diagnostic WAN Dhcp 10 Menu 24.4 System Maintenance Diagnostic Internet Setup in Menu 4 Internet Access System Maintenance Menu DiagnosticNumber Field Description Filename conventions Transferring Files Filename Conventions Backup ConfigurationCommand Firmware Development Upload Firmware Restore ConfigurationUploading the Router Firmware Menu 24.7.1 System Maintenance Upload Router Firmware Uploading Router Configuration File Tftp File Transfer Third Party Tftp Clients -General fields Example Tftp Command Telnet into Menu FTP File Transfer Telnet into Menu 24.7.2 System Maintenance Using the FTP command from the DOS Prompt Third Party FTP Clients -General fields Page Command Interpreter Mode System Maintenance & InformationValid Commands Budget Management Call Control SupportCall Control Call History Call History How often does the Prestige update the time? Time and Date SettingCall History Fields System Maintenance & Information 11-5 Menu 24.11 Remote Management Control Remote Management Setup Option to Enter Debug Mode Boot Commands Boot Module Commands Telnet Under NAT Telnet Configuration and CapabilitiesAbout Telnet Configuration Single Administrator Telnet Under the Firewall System Timeout Firewall and Content Filters Application-level Firewalls What is a FirewallTypes of Firewalls Packet Filtering Firewalls Stateful Inspection firewalls Introduction to ZyXEL’s Firewall Basics Denial of Service Common IP Ports Types of DoS attacks SYN Flood Smurf Attack Stateful Inspection Stateful Inspection Stateful Inspection Process TCP Security Stateful Inspection & the Prestige 13.4.4 UDP/ICMP Security Guidelines For Enhancing Security With Your FirewallUpper Layer Protocols Security In General What Is a Firewall? 13-11 Page SMT Main Menu Introducing the Prestige Firewall IP Spoofing View Firewall LogAttack Types Land Legal Smtp Commands Icmp Commands That Trigger AlertsIllegal Commands NetBIOS and Smtp Legal NetBIOS Commands Teardrop Traceroute Big Picture Filtering, Firewall and NAT Packet Filtering Packet Filtering Vs Firewall When To Use The Firewall When To Use FilteringFirewall Page Web Configurator Login and Welcome Screens Introducing the Prestige Web Configurator Enabling the Firewall Prestige Web Configurator Welcome Screen What are Alerts? Mail Mail Screen What are Logs? Mail Smtp Error Messages Smtp Error MessagesExample E-Mail Log Mail Log Attack Alert Half-Open Sessions Threshold ValuesTCP Maximum Incomplete And Blocking Time Attack Alert Existing half-open sessions Field Description Default Values Do not set Maximum Incomplete High to When TCP Maximum Incomplete isPage Rule Logic Overview Rule ChecklistCreating Custom Rules Rules Overview Security Ramifications Key Fields For Configuring Rules LAN to WAN Rules Connection DirectionWAN to LAN Rules WAN to LAN Traffic Services Supported Service Description Services Supported Firewall Rules Summary First Screen Rule Summary Match Block Field Description Option Creating/Editing Firewall Rules Creating/Editing a Firewall Rule Source & Destination Addresses Subnet Address Adding/Editing Source & Destination AddressesSingle Address Range Address Factors Influencing Choices for Timeout Values Timeout Timeout Screen Field Description Default Value Timeout MenuHour Custom Ports Custom Ports Creating/Editing a Custom Port Creating/Editing a Custom Port Range Single Log Screen LogsLog Screen Src IP, dest port, src port and protocol Vulnerability, NetBIOS, smtp illegalCommand, traceroute, teardrop, or syn Jan 1 Logs 18-3 Page Example Firewall Rules Activate The Firewall Example 1 E-Mail Screen Example 1 Configuring a Rule Example Firewall Rules 19-5 Example 1 Rule Summary Screen Example 2 Small Office With Mail, FTP and Web Servers Send Alerts When Attacked Configuring a POP Custom Port Example 2 Local Network Rule 1 Configuration Example 2 Local Network Rule Summary 10 Example 2 Internet to Local Network Rule Summary 11 Custom Port for Syslog 12 Syslog Rule Configuration 13 Example 3 Rule Summary Java Content FilteringRestrict Web Features ActiveX Web Proxy Content Filtering Using the Web ConfiguratorBlocking URLs Cookies Field Description Restrict Web Features Content Filtering FieldsBlock Web URLs Troubleshooting, Appendices, Glossary and Index Page Problem Corrective Action TroubleshootingProblems Starting Up the Prestige Troubleshooting the Start-Up of your Prestige Troubleshooting the WAN interface Problems with the LAN InterfaceProblems with the WAN interface Troubleshooting the LAN Interface Problems with the Firewall Problems with Internet AccessTroubleshooting Internet Access Page Benefits of PPPoE Diagram 1 Single-PC per Modem Hardware ConfigurationAppendix a PPPoE PPPoE in Action How PPPoE Works Diagram 2 Prestige as a PPPoE ClientPrestige as a PPPoE Client Pptp Protocol Overview What is PPTP?Appendix B Pptp and the Prestige Control & PPP connections Mtbf Appendix C Hardware SpecificationsIRD + OTD + Appendix D Important Safety Instructions Function CLI Syntax Appendix E Firewall CLI Commands Sets Function CLI Syntax Description P312 Broadband Security Gateway Delete AC Power Adapter Specifications Appendix F Power Adapter Specs P312 Broadband Security Gateway ARP Glossary of TermsCDR Chap CSU/DSU DCE EMI Dram DSLDslam DTE Hdlc FAQFCC FTP IRC ISP Ipcp PPP IPXMAC PAP NATNdis NIC Pots PPP POPPstn SAP PVCRFC RIP Tftp SpamSTP SUA TCP VPN Page Ddns Index Encapsulation 2-11, 2-12, 3-4 13-6 15-1 ZyNOS