ZyXEL Communications P-660HW-T1 391

P-660H/HW/W-T Series User’ Guide

Table 138 Firewall Commands (continued)

FUNCTION	COMMAND	DESCRIPTION

	Config edit firewall set <set	This command sets whether or not the
	#> log <yes no>	Prestige creates logs for packets that match
		the firewall’s default rule set.

Rules	Config edit firewall set <set	This command sets whether packets that
	#> rule <rule #> permit	match this rule are dropped or allowed
	<forward block>	through.

	Config edit firewall set <set	This command sets whether a rule is enabled
	#> rule <rule #> active <yes	or not.
	no>

	Config edit firewall set <set	This command sets the protocol specification
	#> rule <rule #> protocol	number made in this rule for ICMP.
	<integer protocol value >

	Config edit firewall set <set	This command sets the Prestige to log traffic
	#> rule <rule #> log <none	that matches the rule, doesn't match, both or
	match not-match both>	neither.

	Config edit firewall set <set	This command sets whether or not the
	#> rule <rule #> alert <yes	Prestige sends an alert e-mail when a DOS
	no>	attack or a violation of a particular rule occurs.

	config edit firewall set <set	This command sets the rule to have the
	#> rule <rule #> srcaddr-	Prestige check for traffic with this individual
	single <ip address>	source address.

	config edit firewall set <set	This command sets a rule to have the Prestige
	#> rule <rule #> srcaddr-	check for traffic from a particular subnet
	subnet <ip address> <subnet	(defined by IP address and subnet mask).
	mask>

	config edit firewall set <set	This command sets a rule to have the Prestige
	#> rule <rule #> srcaddr-range	check for traffic from this range of addresses.
	<start ip address> <end ip
	address>

	config edit firewall set <set	This command sets the rule to have the
	#> rule <rule #> destaddr-	Prestige check for traffic with this individual
	single <ip address>	destination address.

	config edit firewall set <set	This command sets a rule to have the Prestige
	#> rule <rule #> destaddr-	check for traffic with a particular subnet
	subnet <ip address> <subnet	destination (defined by IP address and subnet
	mask>	mask).
	mask>

391	Appendix G

Contents

Page Disclaimer Trademarks FCC Caution IMPORTANT NOTE: FCC Radiation Exposure Statement Certifications Page Note Page Page Page Page Wireless LAN Page Page Firewall Configuration Content Filtering Remote Management Configuration Universal Plug-and-Play(UPnP) Maintenance Introducing the SMT Menu 1 General Setup Menu 2 WAN Backup Setup Menu 3 LAN Setup Wireless LAN Setup Internet Access Remote Node Configuration Static Route Setup Bridging Setup Enabling the Firewall SNMP Configuration System Security System Information and Diagnosis Firmware and Configuration File Maintenance Remote Management Call Scheduling Troubleshooting Appendix A Product Specifications Appendix B Appendix C Appendix G Appendix H Appendix Appendix J Appendix K Appendix M Internal SPTGEN Page Page Page Page Page Figure 250 Red Hat 9.0: KDE: Network Configuration: Activate Page Page Page Page Page Page Page Page About This User's Guide Syntax Conventions Related Documentation User Guide Feedback Graphics Icons Key Introduction to ADSL Page 1.1 Introducing the Prestige 1.2 Features High Speed Internet Access Zero Configuration Internet Access Any IP Firewall Content Filtering Universal Plug and Play (UPnP) PPPoE (RFC2516) Network Address Translation (NAT) Dynamic DNS Support DHCP Packet Filters Housing 4-PortSwitch (P-660H/P-660HW) Wireless LAN Wi-FiProtected Access 1.3 Applications for the Prestige 1.4 Front Panel LEDs 1.5 Hardware Connection 2.1 Web Configurator Overview 2.1.2.1 Using the Reset Button 2.1.3 Navigating the Web Configurator Wizard Setup Advanced Setup Maintenance Site Map Page 2.2 Change Login Password Table 4 Password 3.1 Introduction Next Page Page Page Change LAN Configurations Save Settings Change LAN Configuration Start Diagnose Return to Main Menu Page 4.1 LAN Overview 4.1.1LANs, WANs and the Prestige 4.1.2.1 IP Pool Setup 4.2LAN TCP/IP 4.2.1.1 Private IP Addresses 4.2.3 Multicast IGMP-v1 IGMP-v2 None 4.2.4 Any IP 4.2.4.1 How Any IP Works 4.3 Configuring LAN Page 5.1 Wireless LAN Introduction 5.2 Wireless Security Overview 5.3 The Main Wireless LAN Screen WEP WPA PSK 5.4 Configuring the Wireless Screen Page 5.5 Configuring MAC Filters Action Deny Association Figure 21 MAC Filter 5.6 Introduction to WPA 5.6.2 WPA with RADIUS Application Example 5.7 Configuring IEEE 802.1x and WPA 5.7.1 No Access Allowed or Authentication Select No Access Allowed or No Authentication Required in the Wireless Port Control field 5.7.2 Authentication Required: Page 5.7.3 Authentication Required: WPA Page 5.7.4 Authentication Required: WPA-PSK WPA-PSK 5.8 Configuring Local User Authentication Page 5.9 Configuring RADIUS Page Page 6.1 WAN Overview 6.1.1.1 ENET ENCAP 6.1.1.2 PPP over Ethernet 6.1.1.3PPPoA 6.1.1.4 RFC 6.1.2.1 VC-basedMultiplexing 6.1.2.2 LLC-basedMultiplexing 6.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation 6.1.4.2 IP Assignment with RFC 1483 Encapsulation 6.2 Metric 6.3 PPPoE Encapsulation 6.4 Traffic Shaping 6.5 Zero Configuration Internet Access 6.6 The Main WAN Screen 6.7 Configuring WAN Setup Page Page 6.8 Traffic Redirect 6.9 Configuring WAN Backup Figure 36 WAN Backup Page 7.1 NAT Overview 7.1.2 What NAT Does 7.1.3 How NAT Works 7.1.4 NAT Application 7.1.5 NAT Mapping Types One to One Many to One Many to Many Overload Server 7.2 SUA (Single User Account) Versus NAT 7.3SUA Server 7.4 Selecting the NAT Mode 7.5 Configuring SUA Server Set Page 7.6 Configuring Address Mapping Rules 7.7 Editing an Address Mapping Rule Page Page 8.1 Dynamic DNS Overview 8.2 Configuring Dynamic DNS Page 9.1 Configuring Time and Date Page 10.1 Firewall Overview 10.2 Types of Firewalls 10.3 Introduction to ZyXEL’s Firewall 10.4 Denial of Service 10.4.2 Types of DoS Attacks Ping of Death Teardrop SYN Flood LAND SYN Attack LAND Attack brute-force 10.4.2.1 ICMP Vulnerability 10.4.2.2 Illegal Commands (NetBIOS and SMTP) 10.4.2.3 Traceroute 10.5 Stateful Inspection 10.5.1 Stateful Inspection Process Default Policy 10.5.2Stateful Inspection and the Prestige 10.5.3 TCP Security 10.6Guidelines for Enhancing Security with Your Firewall 10.6.1Security In General 10.7Packet Filtering Vs Firewall 10.7.1.1When To Use Filtering 10.7.2.1When To Use The Firewall Page Page 11.1 Access Methods 11.2 Firewall Policies Overview 11.3 Rule Logic Overview 11.3.3.1 Action 11.3.3.2 Service 11.3.3.3 Source Address 11.3.3.4 Destination Address 11.4 Connection Direction 11.5 Configuring Default Firewall Policy 11.6 Rule Summary Page 11.6.1 Configuring Firewall Rules Insert Page Page 11.7 Customized Services 11.8 Configuring A Customized Service 11.9 Example Firewall Rule Any Destination Address Delete Customized Service -Config Add Remove Available Services Rule Summary 11.10 Predefined Services Page 11.11 Anti-Probing 11.12 DoS Thresholds 11.12.2.1 TCP Maximum Incomplete and Blocking Time TCP Maximum Incomplete Blocking Time 11.12.3Configuring Firewall Thresholds Threshold Page Page 12.1 Content Filtering Overview 12.2 The Main Content Filter Screen 12.3 Configuring Keyword Blocking 12.4 Configuring the Schedule 12.5 Configuring Trusted Computers Page 13.1 Remote Management Overview 13.2 Telnet 13.3 FTP 13.4 Web 13.5 Configuring Remote Management Page 14.1 Introducing Universal Plug and Play 14.2 UPnP and ZyXEL 14.3 Installing UPnP in Windows Example Communications Universal Plug and Play Add/Remove Programs Properties Next Installing UPnP in Windows XP 1Click Start and Control Panel 2Double-click Network Connections Network Connections Advanced Page 14.4Using UPnP in Windows XP Example Page Page Page Web Configurator Easy Access 1Click Start and then Control Panel 3Select My Network Places under Other Places Local Network Invoke Page Page 15.1 Logs Overview 15.2 Configuring Log Settings Page 15.3 Displaying the Logs 15.4 SMTP Error Messages 15.4.1 Example E-mailLog Page 16.1 Media Bandwidth Management Overview 16.2 Bandwidth Classes and Filters 16.3 Proportional Bandwidth Allocation 16.4 Bandwidth Management Usage Examples 16.4.3Application and Subnet-basedBandwidth Management Example 16.5 Scheduler 16.6 Maximize Bandwidth Usage 16.6.2 Maximize Bandwidth Usage Example 16.7 Bandwidth Borrowing 16.8The Main Media Bandwidth Management Screen 16.9 Configuring Summary Page 16.10 Configuring Class Setup Child-Class Page 16.10.2 Media Bandwidth Management Statistics 16.11 Bandwidth Monitor Page 17.1 Maintenance Overview 17.2 System Status Screen Page 17.2.1 System Statistics Show Statistics Poll Interval(s) Page 17.3 DHCP Table Screen 17.4 Any IP Table Screen 17.5 Wireless Screen 17.6 Diagnostic Screens 17.6.2 DSL Line Diagnostic DSL Line Page 17.7 Firmware Upgrade Back Page 18.1 SMT Introduction 18.1.3 Prestige SMT Menus Overview 18.2 Navigating the SMT Interface 18.2.1 System Management Terminal Interface Summary 18.3 Changing the System Password Page 19.1 General Setup 19.2 Procedure To Configure Menu 19.2.1 Procedure to Configure Dynamic DNS Edit Dynamic DNS Menu 1.1— Configure Dynamic DNS Page Page 20.1 Introduction to WAN Backup Setup 20.2 Configuring Dial Backup in Menu 20.2.1 Traffic Redirect Setup Menu 2.1 — Traffic Redirect Setup Page Page 21.1 LAN Setup 21.3TCP/IP Ethernet Setup and DHCP Page Page 22.1 Wireless LAN Overview 22.2 Wireless LAN Setup 22.2.1 Wireless LAN MAC Address Filter Page Page 23.1 Internet Access Overview 23.2 IP Policies 23.3 IP Alias 23.4 IP Alias Setup 23.5 Route IP Setup 23.6 Internet Access Configuration Page Page 24.1 Remote Node Setup Overview 24.2.1Remote Node Profile 24.2.2.1 Scenario 1: One VC, Multiple Protocols 24.2.2.2 Scenario 2: One VC, One Protocol (IP) 24.2.2.3 Scenario 3: Multiple VCs Menu 11.1 – Remote Node Profile 24.2.3 Outgoing Authentication Protocol 24.3 Remote Node Network Layer Options 24.3.1 My WAN Addr Sample IP Addresses My WAN Addr Rem IP Addr 24.4 Remote Node Filter 24.5 Editing ATM Layer Options 24.5.3 Advance Setup Options PPPoE Edit Advance Options Menu 11.8 – Advance Setup Options Page 25.1 IP Static Route Overview 25.2 Configuration Menu 12.1 — IP Static Route Setup Menu 12.1.1 – Edit IP Static Route Setup Page 26.1 Bridging in General 26.2.1Remote Node Bridging Setup Edit IP/Bridge Yes and press [ENTER] to edit Menu 11.3 – Remote Node Network Layer Options 26.2.2 Bridge Static Route Setup Edit Bridge Static Route Page 27.1 Using NAT 27.2Applying NAT Menu 11.3 - Remote Node Network Layer Options 27.3 NAT Setup 27.3.1Address Mapping Sets 27.3.1.1SUA Address Mapping Set 27.3.1.2 User-DefinedAddress Mapping Sets 27.3.1.3 Ordering Your Rules 27.4 Configuring a Server behind NAT 27.5 General NAT Examples 27.5.1 Example 1: Internet Access Only Network Address Translation Many-to-One 27.5.2 Example 2: Internet Access with an Inside Server 27.5.3 Example 3: Multiple Public IP Addresses With Inside Servers 1 : Many : Menu 15.1 - Address Mapping Sets Full Feature Network Address Translation Edit Action Page 2Enter 2 in Menu 15 - NAT Setup 27.5.4 Example 4: NAT Unfriendly Application Programs No Overload One-to-One Page Page 28.1 Remote Management and the Firewall 28.2Access Methods Page 29.1 About Filtering 29.1.1 The Filter Structure of the Prestige 29.2 Configuring a Filter Set for the Prestige 29.3 Filter Rules Summary Menus 29.4 Configuring a Filter Rule 29.4.1 TCP/IP Filter Rule Menu 21.1.x.1 – TCP/IP Filter Rule Page 29.4.2 Generic Filter Rule Offset Length Mask Value Generic Filter Rule 29.5 Filter Types and NAT 29.6 Example Filter 1Enter 1 in the menu 21 to display Menu 21.1 — Filter Set Configuration Menu 21.1.6 — Filter Rules Summary 29.7 Applying Filters and Factory Defaults 29.7.1 Ethernet Traffic protocol filters Input Filter Sets 29.7.2 Remote Node Filters Call Filter Sets Page 30.1 About SNMP 30.2Supported MIBs 30.3 SNMP Configuration 30.4 SNMP Traps Page 31.1 System Security Page 31.1.3 IEEE Menu23 – System Security 2Enter 4 to display Menu 23.4 – System Security – IEEE Page 31.2 Creating User Accounts on the Prestige Page 32.1 Overview 32.2 System Status Menu 24.1 — System Maintenance — Status 32.3 System Information 32.3.2 Console Port Speed Menu 24.2.2 – System Maintenance – Console Port Speed 32.4 Log and Trace 32.4.2 Syslog and Accounting Menu 24.3.2 — System Maintenance — UNIX Syslog Page 32.5 Diagnostic Page Page 33.1 Filename Conventions 33.2 Backup Configuration 33.2.2 Using the FTP Command from the Command Line 33.2.3Example of FTP Commands from the Command Line 33.2.4 GUI-basedFTP Clients 33.2.5 TFTP and FTP over WAN Management Limitations 33.2.6 Backup Configuration Using TFTP 33.2.7 TFTP Command Example 33.2.8 GUI-basedTFTP Clients 33.3 Restore Configuration 33.3.2Restore Using FTP Session Example 33.4 Uploading Firmware and Configuration Files 33.4.3 FTP File Upload Command from the DOS Prompt Example 33.4.4 FTP Session Example of Firmware File Upload 33.4.5 TFTP File Upload 33.4.6 TFTP Upload Command Example Page 34.1 Command Interpreter Mode 34.2 Call Control Support 34.3 Time and Date Setting Page 34.3.1Resetting the Time Page 35.1 Remote Management Overview 35.2 Remote Management 35.2.2 Remote Management Limitations 35.3 Remote Management and NAT 35.4System Timeout Page 36.1 IP Policy Routing Overview 36.2 Benefits of IP Policy Routing 36.3 Routing Policy 36.4 IP Routing Policy Setup Menu 25.1.1 – IP Routing Policy Page 36.5 Applying an IP Policy 36.6 IP Policy Routing Example Menu 25.1.1 — IP Routing Policy Menu 25.1 — IP Routing Policy Setup Page Page 37.1 Introduction Menu 26.1 — Schedule Set Setup Duration Main Menu PPPoA Page 38.1 Problems Starting Up the Prestige 38.2 Problems with the LAN 38.3 Problems with the WAN 38.4 Problems Accessing the Prestige 38.4.1.1 Internet Explorer Pop-upBlockers Privacy Internet Options pop-ups 2Select Settings…to open the Pop-upBlocker Settings screen Allowed sites 38.4.1.2JavaScripts Custom Level Scripting Active scripting Scripting of Java applets 38.4.1.3 Java Permissions 2make sure that Use Java 2 for <applet> under Java (Sun) is selected 38.4.2 ActiveX Controls in Internet Explorer 2In the Internet Options window, click Custom Level Page Page Specification Tables Table 123 Firmware Page Page Page Page Windows 95/98/Me Installing Components Adapter Protocol Microsoft manufacturers Configuring Obtain an IP address automatically Specify an IP address Subnet Mask Disable DNS Windows 2000/NT/XP Page Internet Protocol (TCP/IP) Use the following IP Address Subnet mask Default gateway •Click Advanced IP Settings TCP/IP Address Default gateways TCP/IP Gateway Address Use the following DNS server addresses Preferred DNS server Alternate DNS server Macintosh OS 8/9 2Select Ethernet built-in from the Connect via list Using DHCP Server Configure: Macintosh OS Linux Using the K Desktop Environment (KDE) System Setting Ethernet Device General Automatically obtain IP address settings with dhcp Using Configuration Files Page Page IP Addressing IP Classes Subnet Masks Subnetting Example: Two Subnets Page Example: Four Subnets Example Eight Subnets Subnetting With Class A and Class B Networks Page Firmware and Configuration File Maintenance Page Command Syntax Command Usage Page Page Page Page Page Page Page Introduction Display NetBIOS Filter Settings NetBIOS Filter Configuration Page Page Connecting a POTS Splitter Telephone Microfilters Prestige With ISDN Page Page PPPoE in Action Benefits of PPPoE Traditional Dial-upScenario How PPPoE Works Prestige as a PPPoE Client Page Page Page Table 145 ICMP Logs Table 146 CDR Logs Table 147 PPP Logs Table 148 UPnP Logs Page Table 151 IPSec Logs Table 152 IKE Logs Page Page Table 153 PKI Logs Page Page Page Page Log Commands Log Command Example Wireless LAN Topologies ESS Channel RTS/CTS Fragmentation Threshold Preamble Type IEEE 802.11g Wireless LAN IEEE RADIUS Types of Authentication EAP-TLS(Transport Layer Security) EAP-TTLS(Tunneled Transport Layer Service) PEAP (Protected EAP) LEAP Dynamic WEP Key Exchange WPA Security Parameters Summary Internal SPTGEN Overview The Configuration Text File Format Internal SPTGEN FTP Download Example Internal SPTGEN FTP Upload Example Example Internal SPTGEN Screens Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Command Examples Page Page Numerics