277 | ZyXEL Communications wireless n gigbit router zyxel specification

				Chapter 21 Logs
	Table 95 TCP Reset Logs (continued)
	LOG MESSAGE	DESCRIPTION
	Firewall session time	The router sent a TCP reset packet when a dynamic
	out, sent TCP RST	firewall session timed out.
		The default timeout values are as follows:
		ICMP idle timeout: 3 minutes
		UDP idle timeout: 3 minutes
		TCP connection (three way handshaking) timeout: 270
		seconds
		TCP FIN-wait timeout: 2 MSL (Maximum Segment
		Lifetime set in the TCP header).
		TCP idle (established) timeout (s): 150 minutes
		TCP reset timeout: 10 seconds

	Exceed MAX incomplete,	The router sent a TCP reset packet when the number of
	sent TCP RST	incomplete connections (TCP and UDP) exceeded the
		user-configured threshold. (Incomplete count is for all
		TCP and UDP connections through the firewall.)Note:
		When the number of incomplete connections (TCP + UDP)
		> “Maximum Incomplete High”, the router sends TCP RST
		packets for TCP connections and destroys TOS (firewall
		dynamic sessions) until incomplete connections <
		“Maximum Incomplete Low”.

	Access block, sent TCP	The router sends a TCP RST packet and generates this log
	RST	if you turn on the firewall TCP reset mechanism (via CI
		command: "sys firewall tcprst").

	Table 96 Packet Filter Logs
	LOG MESSAGE		DESCRIPTION
	[TCP UDP ICMP IGMP		Attempted access matched a configured filter rule
	Generic] packet filter		(denoted by its set and rule number) and was blocked
	matched (set:%d, rule:%d)		or forwarded according to the rule.
	Table 97 ICMP Logs
	LOG MESSAGE			DESCRIPTION
	Firewall default policy: ICMP			ICMP access matched the default policy and was
	<Packet Direction>, <type:%d>,			blocked or forwarded according to the user's
	<code:%d>			setting. For type and code details, see Table 108
				on page 286.

	Firewall rule [NOT] match: ICMP			ICMP access matched (or didn’t match) a firewall
	<Packet Direction>, <rule:%d>,			rule (denoted by its number) and was blocked or
	<type:%d>, <code:%d>			forwarded according to the rule. For type and
				code details, see Table 108 on page 286.

NBG-460N User’s Guide

277

Image 277

ZyXEL Communications wireless n gigbit router zyxel manual 277, Packet Filter Logs

Contents

NBG-460N Page Intended Audience About This Users GuideRelated Documentation User Guide Feedback About This Users Guide Syntax Conventions Document Conventions Icons Used in Figures Telephone Switch Router ModemNBG-460N Computer Server Dslam Safety Warnings Safety Warnings NBG-460N User’s Guide Contents Overview Contents Overview NBG-460N User’s Guide Table of Contents Chapter Connection Wizard Part II Network WAN 177 Part IV Management 235 Part V Maintenance and Troubleshooting 261 Part VI Appendices and Index Table of Contents NBG-460N User’s Guide Part Page Overview Getting to Know Your NBG-460NApplications Router Mode Wireless ApplicationsLAN NBG460N 3 AP + Bridge AP Mode AP + Bridge Application Bridge Bridge Application Bridge Loop Two Bridges Connected to Hub Feature Router AP Mode Bridge Features Available in Router Mode vs. AP ModeWays to Manage the NBG-460N Router vs. AP vs. Bridge Good Habits for Managing the NBG-460N PowerLEDs Front Panel LEDs This feature Off Device is in normal power mode Wireless LAN Off Wireless LAN is not ready or has failedWAN Wlan Getting to Know Your NBG-460N NBG-460N User’s Guide WPS Button WPS Button NBG-460N User’s Guide Web Configurator Overview Introducing the Web ConfiguratorAccessing the Web Configurator Change Password Screen Navigating the Web Configurator Resetting the NBG-460NProcedure to Use the Reset Button Status Screen Icon Key Status Screen in Router ModeIcon Description Dhcp Label DescriptionScheduler When the line is disconnected Wlan is disabledIs enabled and N/A when the Wlan is disabled Memory Usage Screens Summary Navigation PanelLink TAB Function LAN Ddns NATVPN Mgmt Summary Any IP Table Mode As a Router or a Access Point LanguageSummary Bandwidth Management Monitor Logs View Log Summary BW Mgmt Monitor Summary Dhcp Table Host Name field Summary Packet Statistics Intervals field Summary VPN MonitorStop Click Stop to stop refreshing statistics This is the security association index number This is the index number of an associated wireless station Summary Wireless Station StatusAssociation Time NBG-460N’s Wlan network Introducing the Web Configurator NBG-460N User’s Guide Connection Wizard Wizard Setup System Name Connection Wizard System Information Underscores are accepted Domain Name Use the same Ssid in order to access the network Connection Wizard Wireless LANThis option is only available if WPS is not enabled Ssid Wizard Basic WEP Security Basic WEP Security WEP Extend WPA-PSK or WPA2-PSK SecurityAscii HEX Pre-Shared Connection Wizard Internet ConfigurationKey Do this PPPoE Connection Ethernet ConnectionConnection Description Type Pptp Pptp Connection ISP Parameter for Internet Access Wizard Pptp Connection ISP Parameters for Internet Access WAN IP Address Assignment Your IP AddressUse fixed IP address Provided by your ISP Private IP Address Ranges IP Address and Subnet Mask10.0.0.0 172.16.0.0 192.168.0.0 WAN IP and DNS Server Address Assignment DNS Server Address Assignment WAN IP Address Assignment WAN MAC AddressChoose an IP address Wizard WAN MAC Address Connection Wizard Bandwidth management Wizard Bandwidth Management Connection Wizard Complete Connection Wizard Complete Connection Wizard NBG-460N User’s Guide Tutorials How to Connect to the Internet from an APInternet Push Button Configuration NBG460N Example WPS Process PIN Method Channel Security SSIDExample3WPA-PSK Pre-Shared Key ThisismyWPA-PSKpre-sharedkey Tutorial Status AP Mode Configure Your Notebook Connecting a Wireless Client to a Wireless Network Link Status Using AP + Bridge Mode and WDS Configuring Your Bridge Mode Settings Pre-Shared Key ThisismyWPA2-PSKpre-sharedkey WPA2-PSK Setting BOB’S NBG-460N JACK’S NBG-460N Site-To-Site VPN Tunnel SettingsSite-To-Site VPN Tunnel Tutorial Tutorial Property Configuring Bob’s NBG-460N VPN Settings Tutorial Authentication Method Configuring Jack’s NBG-460N VPN Settings Tutorial Property Tutorial Authentication Method Pinging Jack’s Local IP Address Checking the VPN Connection Bandwidth Management for your Network Configuring Bandwidth Management by Application Configuring Bandwidth Allocation by IP or IP Range Configuring Bandwidth Management by Custom Application Fields Services Real Audio Rtsp VDO Live FTP Refer to Appedix F on the Bandwidth Mgnt Setting your NBG-460N to AP Mode AP Mode Status Screen Status AP Mode System Setting Configuration Mode Display Network Wireless LAN WPS screenThis shows the LAN port’s Dhcp role Client or None Schedules Or connected Menu AP Mode Setting Logs View Log Maintenance System GeneralReset the factory defaults to your NBG-460N Mask or to get the LAN IP address from a Dhcp server LAN Settings Configuring Your SettingsSys OP General Table below describes the labels in the screen Wlan and Maintenance Settings Logging in to the Web Configurator in AP Mode Network Page Example of a Wireless Network Wireless LAN What You Can Do Wireless Security OverviewWhat You Should Know Ssid No Authentication Radius Server Types of Encryption for Each Type of Authentication100 Weakest Stronges t Printable 7-bit Ascii characters for the wireless LAN General Wireless LAN Screen101 102 No SecurityWPA-PSK and WPA2-PSK are available in this field Select Static WEP , WPA-PSK , WPA , WPA2-PSK or WPA2 to add 103 WEP Encryption 104 Select 64-bit WEP or 128-bit WEP to enable data encryptionWEP keys and displays them in the Key fields below AP or peer computer 105Correct WEP key Hex Security Mode field Server, the reauthentication timer on the Radius server has106 Priority 107 4 WPA/WPA2 108 Server, the reauthentication timer on the Radius serverHas priority 109 MAC Filter Screen MAC 110 Quality of Service QoS Screen Wireless LAN Advanced Screen111 RTS/CTS On page 123 for more information 112WMM QoS Policy You want to apply WMM QoS Configuration screen Application Priority Configuration113 Mail 114User-Defined 115 WPS Screen Scheduling Screen WPS Station Screen116 Push Button Whole day 117Following times fields Day 118 WDS Screen Between the NBG-460N and any wireless clients Security Mode Static WEP119 ASCII/HEX 120 Technical Reference Security Mode WPA2-PSKRoaming 121 Roaming Example 122 123 Quality of Service IPod Touch Web Configurator WiFi Protected Setup124 WMM QoS Priorities 125 Login Screen 126 System Status WAN connection is not working 127 MBM 128 Port Forwarding WPS in Progress129 Rule is turned on 130Turn the rule OFF Accessing the iPod Touch Web Configurator Accessing the iPod Touch Web Configurator131 132 LAN and WAN 133 What You Need To Know Configuring Your Internet Connection134 135 MulticastWAN MAC Address 136 Iptv STB Port You have one STB 137You have two STBs 192.168.1.20 Auto-Bridge NetBIOS over TCP/IP138 Ethernet Encapsulation Internet Connection139 Address 140Defined changes to None after you click Apply WAN MAC PPPoE Encapsulation Setting or upload a different ROM file141 Select Clone the computers MAC address IP Address and enter 142 All of the LANs computers will have access DNS Servers First DNS 143Computer’s Different ROM file 144 Pptp Encapsulation Pptp connection 145 146 Advanced WAN ScreenSelect Clone the computers MAC address IP Address Select Igmp V-1,IGMP V-2 or None 147 To be in Router Mode for the Iptv STB port to work When the NBG-460N gets a WAN IP address that is notIgmp 148 149 LAN LAN IP Screen IP Pool SetupLAN TCP/IP 150 151 LAN IP AliasLAN TCP/IP Advanced LAN Screen Any IP Setup152 IP address that you assign. Unless you are implementing 153 LANs, WANs and the ZyXEL Device 154 Any IP 155 156 157 Dhcp Dhcp Advanced Screen Dhcp General Screen158 Must have their DNS server addresses manually configured Select the Enable Dhcp Server check box. When you clear159 Client List Screen NBG-460Ns system DNS server configured in the WAN Internet160 Select DNS Relay to have the NBG-460N act as a DNS proxy. This is the index number of the host computer 161Host names. After you click Apply, the MAC address and IP Them 162 163 Network Address Translation NAT Select the check box to enable NAT Enable NetworkDefault Server Setup General NAT Screen 165 NAT Application Screen 166 167 Wake On LAN is enabledFields under Add Application Rule Game List Example Configuring Servers Behind Port Forwarding Example168 169 NAT Advanced Screen 170 Users may not be able to access the InternetCan establish through the NBG-460N Trigger Port Forwarding Example LAN that requested the service171 Traffic to a server on the WAN 172 Two Points To Remember About Trigger Ports DynDNS Wildcard Dynamic DNS173 Dynamic DNS Screen Enable Dynamic Select this check box to use dynamic DNS174 WAN IP address 175 176 177 Part 178 179 Firewall Triangle Routes About the NBG-460N Firewall180 181 Triangle Routes and IP Alias General Firewall Screen Services Screen182 Icmp 183 Add Firewall Rule screen 184 185 Add Firewall Rule ScreenPool Single IP is selected as the Address Type 186 Click Clear All to empty the Blocked ServicesAddress Type 187 188 Content Filtering Profiles Content Filtering189 190 Restrict Web FeaturesKeyword Blocking URL Checking Days and Times 191 Filter Screen Cookies 192Web Proxy Allowed Schedule Screen Which content filtering will be enforced193 Not affected 194 Customizing Keyword Blocking URL CheckingDomain Name or IP Address URL Checking Full Path URL Checking 195 IPSec VPN 196 IKE SA IKE Phase 1 Overview 197 IPSec SA IKE Phase 2 OverviewIP Addresses of the NBG-460N and Remote IPSec Router Local Network and Remote Network 198 General Screen 199 VPN Rule Setup Basic 200 Feature to work 201 EnabledSecure Gateway Address field set to 202 203 Your computer in the Local Content field. The NBG-460NWith dynamic WAN IP addresses Address field refer to the Secure Gateway Address field 204 205 VPN Rule Setup Advanced 206 Security VPN General Rule Setup IKE Advanced 207 Select No to disable it 208 209 210 211 212 213 VPN Rule Setup ManualEach IPSec SA. It is more secure but takes more time 214 Security VPN General Rule Setup Manual 215 216 Secure 217SPI 218 SA Monitor ScreenTrailing spaces are truncated IKE SA Proposal VPN and Remote Management219 220 Diffie-Hellman DH Key Exchange VPN Example Matching ID Type and Content Authentication221 Remote Ipsec Router VPN Example Mismatching ID Type and Content Negotiation Mode222 223 15.6.6 VPN, NAT, and NAT Traversal Encapsulation IPSec Protocol224 Additional IPSec VPN Topics IPSec SA Proposal and Perfect Forward Secrecy225 SA Life Time 226 Encryption and Authentication AlgorithmsPrivate DNS Server Private DNS Server Example 227 228 229 Management 230 231 Static RouteLanwan 232 IP Static Route Screen 233 Static Route Setup Screen 234 235 Bandwidth ManagementFTP Chat, Email 236 General Configuration Screen Management check box 237Mbps 238 Advanced ConfigurationConnected to the WAN port has an upstream speed of 10 Mbps Wlan Bandwidth Low 239 240 Rule Configuration with the Pre-defined ServiceWlan to WAN To Wlan 241 Rule Configuration User Defined Service Rule Configuration 242 Monitor Screen Media Bandwidth Management Setup Services Predefined Bandwidth Management ServicesService Description Technical References Bandwidth Management Priority with Default Classes Default Bandwidth Management Classes and Priorities244 Class Type Priority 245 Bandwidth Management PrioritiesBandwidth Management Priorities 246 247 Remote Management Remote Management Limitations System TimeoutRemote Management and NAT 248 WWW Screen Specify to access the NBG-460N using this service249 Remote management FTP Screen Telnet Screen250 251 DNS Screen You specify to send DNS queries to the NBG-460N 252 NAT Traversal Universal Plug-and-Play UPnP253 254 UPnP Screen 255 Using UPnP in Windows XP Example Network Connections 256 257 Internet Connection Properties Advanced Settings 258 Web Configurator Easy Access Network Connections My Network Places 259 Network Connections My Network Places Properties Example 260 261 Maintenance Troubleshooting 262 System General Screen System263 264 265 Time Setting Screen Select User Defined Time Server Address and enter the IP 266 267 268 269 Logs View Log Screen Log categories that you selected in the Log Settings270 Display 271 Log SettingsTime and date 272 Mail Log Settings Mail ServerMessages will not be sent via e-mail Sent via e-mail 273Smtp Log Descriptions System Maintenance Logs274 LOG Message Description 275 System Error Logs TCP Reset Logs Access Control Logs276 Firewall Attack Alerts screen Packet Filter Logs 277 Icmp Logs 278 279 Content Filtering LogsUPnP packets can pass through the firewall Attack Logs 280 IPSec Logs 281 IKE Logs 282 283 284 PKI Logs 285802.1X Logs 286 ACL Setting NotesPacket Direction Description Type Code Description Icmp Notes 287Syslog Logs RFC-2408 Isakmp Payload Types 288LOG Display Payload Type Firmware Upload Screen Tools289 290 Maintenance Tools Firmware Network Temporarily Disconnected Upload Error Message Backup Configuration Configuration ScreenRestore Configuration Maintenance Restore Configuration 293 Configuration Restore Successful Restart Screen Back to Factory Defaults294 Wake On LAN Indicate either Ready or MAC Address errorGreen 295 296 Maintenance Tools Green 297 Configuration Mode 298 Advanced Configuration OptionsCategory Link TAB 299 Sys Op Mode Router 300 301 Maintenance Sys OP Mode General Firewall or bandwidth management 302 Language Screen Language303 304 Power, Hardware Connections, and LEDs Troubleshooting305 306 NBG-460N Access and Login Advanced Suggestions 307 308 Internet Access Internet connection is slow or intermittent 309 310 Resetting the NBG-460N to Its Factory Defaults 311 Wireless Router/AP Troubleshooting 312 Advanced Features Hardware Features Product Specifications and Wall- Mounting Instructions313 PWR, LAN1-4, WAN, WLAN, WPS Such as microwave ovens, wireless phones Firmware FeaturesBluetooth enabled devices, and other wireless LANs 314 315 Feature Specification Feature Specifications316 Standards Supported 317 Wall-mounting InstructionsProtocol MBM Media Bandwidth Management Masonry Plug and M4 Tap Screw 318 319 Appendices Index 320 Internet Explorer Pop-up Blockers Disable pop-up Blockers321 322 Enable pop-up Blockers with Exceptions 323 Select Settings…to open the Pop-up Blocker Settings screen 324 JavaScripts Internet Options Security 325 326 Java Permissions Java Sun 327 Java Sun 328 Structure Introduction to IP Addresses329 330 Subnet MasksSubnet Mask Identifying Network Number 1ST 2ND 3RD 4TH Octet Network Size 331Subnet Masks Binary 1ST 2ND 3RD 4TH Decimal Octet 332 NotationMaximum Host Numbers Alternative Subnet Mask Notation 333 Subnetting 334 Example Four Subnets IP/SUBNET Mask Network Number Last Octet BIT Value 335 Subnet Planning Example Eight Subnets336 337 Configuring IP Addresses16-bit Network Number Subnet Planning NO. Borrowed Subnet Mask NO. Hosts PER Host Bits Subnets Private IP Addresses 338 339 Setting up Your Computer’s IP Address Windows 95/98/Me Installing Components340 341 Configuring 342 Verifying Settings 343 Windows 2000/NT/XP Windows XP Control Panel 344 Windows XP Local Area Connection Properties 345 Windows XP Internet Protocol TCP/IP Properties 346 Windows XP Advanced TCP/IP Properties 347 348 349 Macintosh OS 8/9 Macintosh OS 8/9 TCP/IP 350 351 Macintosh OS Linux Using the K Desktop Environment KDE352 Red Hat 9.0 KDE Ethernet Device General 353 354 Using Configuration Files Red Hat 9.0 DNS Settings in resolv.conf Red Hat 9.0 Static IP Address Setting in ifconfig-eth0 356 Verifying Settings Ad-hoc Wireless LAN Configuration Wireless LAN Topologies357 358 Basic Service Set 359 Channel RTS/CTS 360 Fragmentation Threshold Ieee 802.11g Wireless LANPreamble Type 361 362 IeeeIeee 802.11g Data Rate Modulation Mbps 363 Types of AuthenticationTypes of Radius Messages EAP-MD5 Message-Digest Algorithm 364 EAP-TTLS Tunneled Transport Layer ServiceEAP-TLS Transport Layer Security Peap Protected EAP WPA2 Comparison of EAP Authentication Types365 Encryption 366 User Authentication 27.0.3 WPA2 with Radius Application Example 27.0.2 WPA2-PSK Application Example367 Authentication Encryptio Enter METHOD/ KEY Wireless Security Relational MatrixSecurity Parameters Summary 368 369 Services 370 Examples of ServicesName Protocol Ports Description 371 372 Certifications Copyright373 Disclaimer FCC Radiation Exposure Statement 374 375 ZyXEL Limited WarrantyViewing Certifications Registration 376 377 IndexClasses and priorities CTS Clear to Send Essid 378Encapsulating Security Payload. See ESP IKE SA 379Ethernet PPPoE. see also PPP over Ethernet Language Link type 40 MAC 380Mbssid 381 QoS QoS priorities Quality of Service QoSRadius 382 Wireless security 98 overview Xbox Live ZyNOS 39 383 384