Manuals / Brands / Computer Equipment / Network Router / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications P-660RU-Tx Firewall, 13.1 Overview, 13.1.1 What You Can Do in the Firewall Screens, 13.1.2 What You Need to Know About Firewall

1 238

Download 238 pages, 4.47 Mb

13

Firewall

13.1 Overview

This chapter shows you how to enable the P-660RU-Tx firewall. Use the firewall to protect your P-660RU-Tx and network from attacks by hackers on the Internet and control access to it. By default the firewall:

•allows traffic that originates from your LAN computers to go to all other networks.

•blocks traffic that originates on other networks from going to the LAN.

•blocks SYN and port scanner attacks.

By default, the P-660RU-Tx blocks DDOS, LAND and Ping of Death attacks whether the firewall is enabled or disabled.

13.1.1 What You Can Do in the Firewall Screens

Use the Firewall screen (Section 13.2 on page 112) to enable firewall and/or SPI on the P-660RU-Tx.

13.1.2 What You Need to Know About Firewall

SYN Attack

A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYN-ACK, it queues up all outstanding SYN-ACK responses on a backlog queue. SYN-ACKs are moved off the queue only when an ACK comes back or when an internal timer terminates the three-way handshake. Once the queue is full, the system will ignore all incoming SYN requests, making the system unavailable for legitimate users.

DoS

Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a

	111
P-660RU-Tx User’s Guide	111

Contents

Default Login Details www.zyxel.com Page About This User's Guide Page Page Document Conventions Page Safety Warnings Contents Overview Page Table of Contents Part II: Status Page Page Page Page List of Figures Page Page Page List of Tables Page Page Page Introducing the P-660RU-Tx 1.1 Overview 1.2 Ways to Manage the P-660RU-Tx 1.3Good Habits for Managing the P-660RU-Tx 1.4Applications for the P-660RU-Tx 1.4.1 Internet Access 1.5 LEDs (Lights) 1.6 The RESET Button 1.6.1 Using the Reset Button 1.7USB Port 1.7.1 Installing the USB Driver in Windows Page Page Page 1.7.2 Verifying Your USB Installation Page Page Introducing the Web Configurator 2.1 Overview 2.1.1Accessing the Web Configurator 2.2 Web Configurator Main Screen 2.2.1Navigation Panel 2.2.2 Main Window Page Page Device Information 3.1 Overview 3.2 The Device Info Screen Page Page Page System Logs 4.1 Overview 4.2 The System Log Screen Page Traffic Statistics 5.1 Overview 5.2 The Statistics Screen Page Quick Start Wizard 6.1 Overview 6.2Quick Start Wizard Page Page Page Page Page Page Page Internet Setup 7.1 Overview 7.1.1What You Can Do in the Internet Screens 7.1.2What You Need to Know About ADSL Internet Access Page 7.1.3 Before You Begin 7.2 The Internet Screen 7.2.1 Dynamic IP Address Page 7.2.2 Static IP Address Page 7.2.3 PPPoA/PPPoE Page 7.2.4 Bridge Mode 7.2.5 The PVCs Summary Screen 7.3 WAN Technical Reference 7.3.1 Encapsulation 7.3.2 Multiplexing 7.3.3 VPI and VCI 7.3.4 IP Address Assignment 7.3.5 Always-OnConnection (PPP) 7.3.6 ATM QoS 7.3.7 ATM Traffic Classes LAN Setup 8.1 Overview 8.1.1What You Can Do in the LAN Screens 8.1.2What You Need To Know About LAN Page 8.2 The LAN Screen Page 8.2.1 The DHCP IP Pool Summary Screen 8.3 LAN Technical Reference 8.3.2 DHCP Setup 8.3.3 DNS Server Addresses 8.3.4LAN TCP/IP 8.3.5 RIP Setup 8.3.6 Multicast Page Static Route 9.1 Overview 9.1.1What You Can Do in the Static Route Screens 9.2 The Routing Table List Screen 9.2.1 The Static Route Screen Page Network Address Translation (NAT) 10.1 Overview 10.1.1What You Can Do in the NAT Screens 10.1.2What You Need To Know About NAT Page 10.2 The NAT Screen 10.3 The DMZ Screen 10.4 The Virtual Server Screen 10.4.1Configuring Servers Behind Port Forwarding (Example) 10.4.2 Configuring the Virtual Server Screen 10.5 The IP Address Mapping Screen Page 10.6 NAT Technical Reference 10.6.1 NAT Definitions 10.6.2 What NAT Does 10.6.3 How NAT Works Page Quality of Service (QoS) 11.1 Overview 11.1.1What You Can Do in the QoS Screens 11.1.2What You Need to Know About QoS 11.2 The QoS Screen Page 11.2.1 The QoS Settings Summary Screen 11.3 QoS Technical Reference 11.3.1 IEEE 802.1p 11.3.2 IP Precedence 11.3.3 Automatic Priority Queue Assignment Page ADSL 12.1 Overview 12.2 The ADSL Screen Page Firewall 13.1 Overview 13.1.1 What You Can Do in the Firewall Screens 13.1.2 What You Need to Know About Firewall 13.2 The Firewall Screen Page Page Access Control 14.1 Access Control Overview 14.1.1 The Access Control Setup Screen 14.1.2 Access Control Interfaces 14.1.3 System Timeout 14.1.4 Configuring the Access Control Setup Screen Page Page Filters 15.1 Overview 15.1.1What You Can Do in the Filter Screens 15.1.2What You Need to Know About Filtering 15.2 The IP/MAC Filter Screen Page 15.3 The Application Filter Screen 15.4 The URL Filter Screen Page SNMP 16.1 Overview 16.1.1Supported MIBs 16.2 The SNMP Screen Universal Plug-and-Play(UPnP) 17.1 Overview 17.1.1 What You Can Do in the UPnP Screen 17.1.2 What You Need to Know About UPnP 17.2 The UPnP Screen Page 17.3 Installing UPnP in Windows Example Page Page 17.4Using UPnP in Windows XP Example Page Page Page Page Page Page Page Dynamic DNS Setup 18.1 Overview 18.1.1 What You Can Do in the DDNS Screen 18.1.2 What You Need To Know About DDNS 18.2 The Dynamic DNS Screen CWMP 19.1 Overview 19.2 The CWMP Setup Screen Page Page Administrator Settings 20.1 Overview 20.2 The Administrator Screen Page Time Zone 21.1 Overview 21.2 The Time Zone Screen Page Firmware 22.1 Overview 22.1.1 What You Need To Know About Firmware 22.1.2 Before You Begin 22.1.3 Firmware and Configuration Files Examples Page Page Page 22.2 The Firmware Screen Page System Restart 23.1 Overview 23.2 The System Restart Screen Page Diagnostic 24.1 Overview 24.2 The Diagnostic Screen Page Troubleshooting 25.1Power, Hardware Connections, and LEDs 25.2P-660RU-TxAccess and Login Page 25.3 Internet Access Page Page Product Specifications 26.1 Hardware Specifications 26.2 Firmware Specifications Page Page Page 26.3 Power Adaptor Specifications Page Setting up Your Computer’s IP Address Windows 95/98/Me Page Page Windows 2000/NT/XP Page Page Page Windows Vista Page Page Page Page Page Page Macintosh OS 8/9 Page Macintosh OS Linux Page Page Page Page Page Pop-upWindows, JavaScripts and Java Permissions Internet Explorer Pop-upBlockers Page Page JavaScripts Page Java Permissions Page Mozilla Firefox Page Page IP Addresses and Subnetting Introduction to IP Addresses Structure Subnet Masks Page Notation Subnetting Page Example: Four Subnets Example: Eight Subnets Subnet Planning Configuring IP Addresses Page Page Services Page Page Page Legal Information Copyright Certifications ZyXEL Limited Warranty Customer Support Page Page Page Page Page Page Page Index