Jan 1 | ZyXEL Communications P-312 manual

P312 Broadband Security Gateway

Table 18-1

Log Screen

Field

Description

No.	This is the index number of the firewall log. 128 entries are available
	numbered from 0 to 127. Once they are all used, the log will wrap around
	and the old logs will be lost.
Time	This is the time the log was recorded in this		dd:mm:yy	e.g., Jan 1 0
	format. You must configure Menu 24.10 for		hh:mm:ss	e.g., 00:00:00
	real time; otherwise you get the time shown		hh:mm:ss	e.g., 00:00:00
	real time; otherwise you get the time shown
	in these examples.

Packet Information	This field lists packet information such as:		From and To IP addresses
			protocol and port numbers.

Reason	This field states the reason for	not match
	the log; i.e., was the rule	<1,01> dest IP
	matched, not matched, or was	<1,01> dest IP
	matched, not matched, or was
	there an attack. The set and	This means this packet does not match
	rule coordinates (<X, Y> where	the destination IP address in set 1, rule
	X=1,2; Y=00~10) follow with a	1. Other reasons (instead of dest IP) are
	simple explanation. There are	src IP, dest port, src port and protocol.
	two policy sets; set 1 (X = 1) is	attack
	for LAN to WAN rules and set 2	attack
	(X = 2) for WAN to LAN rules. Y	land
	represents the rule in the set.	land
	represents the rule in the set.	This is a log is for a DoS attack – in this
	You can configure up to 10	This is a log is for a DoS attack – in this
	rules in any set (Y = 01 to 10).	case a land attack. Other attack types
	Rule number 00 is the default	are ip spoofing, icmp echo, icmp
	rule.	vulnerability, NetBIOS, smtp illegal
		command, traceroute, teardrop, or syn
		flood. Please see section 14.1.2 and
		Chapter 13 for a more detailed
		discussion of what these attacks mean.

Action	This field displays whether the packet was blocked (i.e., silently discarded),
	forwarded or neither (block, forward or none). “none” means that no action is
	dictated by this rule.
Previous Page	Click this button to view the previous page in your log.

Refresh	Click this button to renew the log screen.

Clear	Click this button to clear all the logs.

Next Page	Click this button to view the next page in your log.

Help	Click this button for some HTML Help on fields in this screen.

18-2

Logs

Image 200

ZyXEL Communications P-312 manual Jan 1, Src IP, dest port, src port and protocol, Are ip spoofing, icmp echo, icmp

Contents

Prestige Trademarks CopyrightDisclaimer Federal Communications Commission FCC Interference Statement Information for Canadian Users Declaration of Conformity Version P312 Broadband Security Gateway CE Doc ZyXEL Limited Warranty Customer Support Information in Menu 24.2.1 -System Information Table of Contents LAN Port Filter Setup Chapter Advanced Management 12-1 Firewall and Content Filters 13-1 17-1 21-1 Pptp List of Figures Menu 11.1 Remote Node Profile for Ethernet Encapsulation List Of Figures Xvii Xviii List Of Figures Xix Menu 21 Filter and Firewall Setup 14-1 List Of Figures Xxi Page List Of Tables Xxiv List of Tables Xxv Page Structure of this Manual PrefaceAbout Your Router Related Documentation Syntax Conventions Part Page Prestige 312 Broadband Security Gateway Features of The PrestigeGetting to Know Your Prestige Dhcp Dynamic Host Configuration Protocol Time and Date SettingDynamic DNS Support IP Multicast Broadband Internet Access via Cable or xDSL Modem Upgrade Prestige Firmware via LANApplications for Prestige Logging and Tracing Secure Internet Access via DSL Hardware Installation & Initial Setup Front Panel LEDs and Back Panel PortsFront Panel LEDs LED functions Prestige 312 Rear Panel and Connections WAN Additional Installation Requirements Housing Power Up Your PrestigeEntering Password Initial Screen Main Menu Commands Navigating the SMT InterfaceOperation Keystrokes Description Enter Main Menu System Management Terminal Interface SummaryPrestige 312 Main Menu Main Menu Summary Changing the System Password Resetting the Prestige Dyndns Wildcard General SetupDynamic DNS Configuring Dynamic DNS General Setup Menu FieldConfigure Menu 1.1 Configure Dynamic DNS discussed next Field Description Example WAN Setup Configure Dynamic DNS Menu FieldsYes Me.ddns.org LAN Setup WAN Setup Menu Fields LAN Port Filter Setup 10 Menu 3 LAN Setup Internet Access Factory LAN DefaultsTCP/IP and Dhcp for LAN IP Address and Subnet Mask RIP Setup Private IP Addresses Dhcp Configuration IP Pool SetupIP Multicast DNS Server Address Physical Network Partitioned Logical Networks TCP/IP and Dhcp Ethernet SetupIP Alias Menu 3 LAN Setup 10/100 Mbps Ethernet LAN Dhcp Setup Menu Fields LAN TCP/IP Setup Menu Fields IP Alias Setup Menu Fields IP Alias SetupMenu 3.2.1 IP Alias Setup Internet Access Setup Ethernet EncapsulationOnly/Out Only RIP-1 Internet Access Setup Menu Fields Pptp Encapsulation Configuring the Pptp Client PPPoE EncapsulationNew Fields in Menu 4 Pptp screen Prestige automatically disconnects from the Pptp server Internet Access Setup PPPoE Basic Setup Complete New Fields in Menu 4 PPPoE screen Advanced Applications Remote Node Setup Remote Node Profile Fields in Menu Nailed-Up Connection Fields in Menu 11.1 PPPoE Encapsulation Specific Fields in Menu 11.1 Pptp Encapsulation Editing TCP/IP Options with Ethernet Encapsulation Remote Node Network Layer Options Menu Fields Editing TCP/IP Options with Pptp Encapsulation PrivateVersion 2B/RIP-2M and None Multicast Remote Node Network Layer Options Remote Node Filter Editing TCP/IP Options with PPPoE EncapsulationYes/No None/In Only/Out Only and None Remote Node Filter Ethernet Encapsulation IP Static Route Setup Example of Static Routing Topology IP Static Route Setup Menu 12 IP Static Route Setup IP Static Route Menu Fields Field DescriptionPage Network Address Translation NAT IntroductionNAT Definitions What NAT Does How NAT works NAT Mapping Types Type IP Mapping SMT abbreviation SUA Single User Account Versus NATNAT Mapping Types Applying NAT in the SMT Menus SMT MenusNAT Application Applying NAT for Internet Access Configuring NAT Field Options Description Network Full FeatureAddress Mapping Sets and NAT Server Sets Applying NAT in Menus 4 Menu 15.1 Address Mapping Sets Field Description Options/Example Server Ordering Your Rules Menu Menu 15.1.1.1 configuring an individual rule Editing an Individual Rule in a Set NAT Server Sets Multiple Servers behind NAT Configuring a Server behind NAT 10 Multiple Servers Behind NAT Examples Internet Access OnlyServices Port Number 13 Internet Access & NAT Example NAT Example Example 2 Internet Access with an Inside Server Example 3 General Case 16 NAT Example 17 Example 3 Menu 19 Example 3 Final Menu Example 4 -NAT Unfriendly Application Programs 21 NAT Example 22 Example 4- Menu 15.1.1.1 Address Mapping Rule Advanced Management Page Filter Configuration About Filtering Filter Structure of the Prestige Filter Rule Process Rule Forward Drop Configuring a Filter Set Menu 21 Filter and Firewall Setup NetBIOSWAN Filter Rules Summary Filter Rules Summary Menu Abbreviations Used in the Filter Rules Summary MenuAbbreviations Description Display Action Not Matched will be N/A Refers to Action Matched Configuring a Filter Rule 3 TCP/IP Filter RuleAbbreviations Used If Filter Type Is IP Abbreviations Used If Filter Type Is GEN Menu 21.1.1.1 TCP/IP Filter Rule TCP/IP Filter Rule Menu Fields None/Less/Greater Equal/Not EqualYes / No Action Matched Following diagram illustrates the logic flow of an IP filter 10 Executing an IP Filter Generic Filter Rule 11 Menu 21.4.1.1 Generic Filter Rule Generic Filter Rule Menu Fields Example Filter 12 Telnet Filter Example 13 Example Filter Menu Filter Types and NAT 14 Example Filter Rules Summary Menu LAN traffic Applying a Filter and Factory DefaultsFirewall Remote Node Filters 16 Filtering LAN Traffic About Snmp Snmp ConfigurationConfiguring Snmp Snmp Configuration Menu Fields Field Description Default Menu 24 System Maintenance System Information & Diagnosis Menu 24.1 System Maintenance Status System Status System Maintenance Status Menu Fields PPPoE EncapsulationLAN Dhcp System Information and Console Port Speed System Information Console Port Speed Fields in System MaintenanceLog and Trace Viewing Error Log Unix Syslog CDR System Maintenance Menu Syslog ParametersParameter Description CDR PPP log Diagnostic Call-Triggering Packet 10 Menu 24.4 System Maintenance Diagnostic WAN Dhcp Number Field Description System Maintenance Menu DiagnosticInternet Setup in Menu 4 Internet Access Transferring Files Filename conventions Backup Configuration CommandFirmware Development Filename Conventions Uploading the Router Firmware Restore ConfigurationUpload Firmware Uploading Router Configuration File Menu 24.7.1 System Maintenance Upload Router Firmware Tftp File Transfer Example Tftp Command Third Party Tftp Clients -General fields FTP File Transfer Telnet into Menu Using the FTP command from the DOS Prompt Telnet into Menu 24.7.2 System Maintenance Third Party FTP Clients -General fields Page Valid Commands System Maintenance & InformationCommand Interpreter Mode Call Control Call Control SupportBudget Management Call History Call History Call History Fields Time and Date SettingHow often does the Prestige update the time? System Maintenance & Information 11-5 Remote Management Setup Menu 24.11 Remote Management Control Boot Commands Option to Enter Debug Mode Boot Module Commands Telnet Configuration and Capabilities About Telnet ConfigurationSingle Administrator Telnet Under NAT System Timeout Telnet Under the Firewall Firewall and Content Filters What is a Firewall Types of FirewallsPacket Filtering Firewalls Application-level Firewalls Introduction to ZyXEL’s Firewall Stateful Inspection firewalls Denial of Service Basics Types of DoS attacks Common IP Ports SYN Flood Stateful Inspection Smurf Attack Stateful Inspection Process Stateful Inspection Stateful Inspection & the Prestige TCP Security Upper Layer Protocols Guidelines For Enhancing Security With Your Firewall13.4.4 UDP/ICMP Security Security In General What Is a Firewall? 13-11 Page Introducing the Prestige Firewall SMT Main Menu View Firewall Log Attack TypesLand IP Spoofing Icmp Commands That Trigger Alerts Illegal Commands NetBIOS and SmtpLegal NetBIOS Commands Legal Smtp Commands Traceroute Teardrop Big Picture Filtering, Firewall and NAT Packet Filtering Vs Firewall Packet Filtering Firewall When To Use FilteringWhen To Use The Firewall Page Introducing the Prestige Web Configurator Web Configurator Login and Welcome Screens Prestige Web Configurator Welcome Screen Enabling the Firewall Mail What are Alerts? What are Logs? Mail Screen Mail Example E-Mail Log Smtp Error MessagesSmtp Error Messages Attack Alert Mail Log TCP Maximum Incomplete And Blocking Time Threshold ValuesHalf-Open Sessions Attack Alert Field Description Default Values Existing half-open sessions When TCP Maximum Incomplete is Do not set Maximum Incomplete High toPage Rule Checklist Creating Custom RulesRules Overview Rule Logic Overview Key Fields For Configuring Rules Security Ramifications WAN to LAN Rules Connection DirectionLAN to WAN Rules Services Supported WAN to LAN Traffic Services Supported Service Description Rule Summary Firewall Rules Summary First Screen Block Match Creating/Editing Firewall Rules Field Description Option Creating/Editing a Firewall Rule Source & Destination Addresses Adding/Editing Source & Destination Addresses Single AddressRange Address Subnet Address Timeout Factors Influencing Choices for Timeout Values Timeout Screen Hour Timeout MenuField Description Default Value Custom Ports Custom Ports Creating/Editing a Custom Port Creating/Editing a Custom Port Single Range Log Screen LogsLog Screen Vulnerability, NetBIOS, smtp illegal Command, traceroute, teardrop, or synJan 1 Src IP, dest port, src port and protocol Logs 18-3 Page Example Firewall Rules Activate The Firewall Example 1 E-Mail Screen Example 1 Configuring a Rule Example Firewall Rules 19-5 Example 2 Small Office With Mail, FTP and Web Servers Example 1 Rule Summary Screen Send Alerts When Attacked Configuring a POP Custom Port Example 2 Local Network Rule 1 Configuration Example 2 Local Network Rule Summary 10 Example 2 Internet to Local Network Rule Summary 11 Custom Port for Syslog 12 Syslog Rule Configuration 13 Example 3 Rule Summary Content Filtering Restrict Web FeaturesActiveX Java Content Filtering Using the Web Configurator Blocking URLsCookies Web Proxy Block Web URLs Content Filtering FieldsField Description Restrict Web Features Troubleshooting, Appendices, Glossary and Index Page Troubleshooting Problems Starting Up the PrestigeTroubleshooting the Start-Up of your Prestige Problem Corrective Action Problems with the LAN Interface Problems with the WAN interfaceTroubleshooting the LAN Interface Troubleshooting the WAN interface Troubleshooting Internet Access Problems with Internet AccessProblems with the Firewall Page Diagram 1 Single-PC per Modem Hardware Configuration Appendix a PPPoEPPPoE in Action Benefits of PPPoE Prestige as a PPPoE Client Diagram 2 Prestige as a PPPoE ClientHow PPPoE Works What is PPTP? Appendix BPptp and the Prestige Pptp Protocol Overview Control & PPP connections IRD + OTD + Appendix C Hardware SpecificationsMtbf Appendix D Important Safety Instructions Appendix E Firewall CLI Commands Function CLI Syntax Sets Function CLI Syntax Description P312 Broadband Security Gateway Delete Appendix F Power Adapter Specs AC Power Adapter Specifications P312 Broadband Security Gateway CDR Chap Glossary of TermsARP CSU/DSU DCE Dram DSL DslamDTE EMI FAQ FCCFTP Hdlc MAC Ipcp PPP IPXIRC ISP NAT NdisNIC PAP Pstn POPPots PPP PVC RFCRIP SAP Spam STPSUA TCP Tftp VPN Page Index Ddns Encapsulation 2-11, 2-12, 3-4 13-6 15-1 ZyNOS