Page 1 Prestige 794M SHDSL 4-Port Internet Security Gateway User’s Guide Version 1.00 10/2005 Edition 1...
Page 3: Federal Communications Commission (Fcc) Interference Statement
Prestige 794M User’s Guide Federal Communications Commission (FCC) Interference This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
Page 4: Safety Warnings
For your safety, be sure to read and follow all warning notices and instructions. • Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel can service the device.
Page 5: Zyxel Limited Warranty
Prestige 794M User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever...
Page 6: Customer Support
1-800-255-4101 www.us.zyxel.com +1-714-632-0882 +1-714-632-0858 ftp.us.zyxel.com +47-22-80-61-80 www.zyxel.no +47-22-80-61-81 Prestige 794M User’s Guide REGULAR MAIL ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan ZyXEL Communications Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská Republika...
Page 7 Poland ZyXEL Russia Ostrovityanova 37a Str. Moscow, 117279 Russia ZyXEL Communications Alejandro Villegas 33 1º, 28043 Madrid Spain ZyXEL Communications A/S Sjöporten 4, 41764 Göteborg Sweden ZyXEL Ukraine 13, Pimonenko Str. Kiev, 04050 Ukraine ZyXEL Communications UK Ltd.,11 The Courtyard,...
Page 8: Table Of Contents
Copyright ... 2 Federal Communications Commission (FCC) Interference Statement ... 3 Safety Warnings ... 4 ZyXEL Limited Warranty... 5 Customer Support... 6 Table of Contents ... 8 List of Figures ... 14 List of Tables ... 16 Preface ... 18 Chapter 1 Introduction ...
Page 9 Prestige 794M User’s Guide 2.6.1 How ARP Works ...29 2.7 Routing Table ...30 2.7.1 PPTP Status 2.7.2 IPSec Status ...31 2.7.3 L2TP Status ...32 2.7.4 Email Status ...33 2.7.5 Event Log ...33 2.7.6 Error Log ...34 2.7.7 NAT Sessions ...35 2.8 Internet Access Quick Start Setup 2.8.1 Auto Scan ...37 Chapter 3...
Page 10 4.3 DNS ...54 4.4 SHDSL Parameters ...55 Chapter 5 System ... 58 5.1 Overview ...58 5.2 Time Zone ...58 5.3 Remote Access ...59 5.4 Firmware Upgrade ...60 5.5 Backup/Restore ...60 5.6 Restart Router ...61 5.7 User Management ...62 5.7.1 Create a New User Account ...62 Chapter 6 Firewall...
Page 11 Prestige 794M User’s Guide 7.3.4 Pre-Shared Key ...84 7.3.5 IPSec VPN Summary ...84 7.3.6 IPSec VPN Configuration ...85 7.4 L2TP ...87 7.4.1 Creating a New L2TP Rule ...88 7.4.1.1 Remote Access L2TP Connection ...88 7.4.1.2 LAN to LAN L2TP Connection ...90 7.5 VPN Example ...93 7.5.1 Example: Remote PPTP VPN Dial-in Connection ...93 7.5.2 Example: Remote PPTP VPN Dial-out Connection ...94...
Page 12 12.1.2 SNMP ...110 12.1.2.1 SNMPv3 ... 111 12.1.2.2 SNMP Traps and MIBs ...112 12.2 The Device Management Screen ...112 12.3 IGMP ...115 Index... 116 Table of Contents Prestige 794M User’s Guide...
Page 13 Prestige 794M User’s Guide Table of Contents...
Page 14: List Of Figures
Prestige 794M User’s Guide List of Figures Figure 1 Application: Internet Access ... 22 Figure 2 Application: Firewall ... 23 Figure 3 Application: VPN ... 23 Figure 4 Application: LAN-to-LAN ... 24 Figure 5 Front Panel: LEDs ... 24 Figure 6 Rear Panel ... 25 Figure 7 Web Configurator: Login ...
Page 15 Prestige 794M User’s Guide Figure 39 System: Firmware Upgrade: Progress ... 60 Figure 40 System: Firmware Upgrade: Device Configuration Option ... 60 Figure 41 System: Configuration Backup/Restore ... 61 Figure 42 System: Restart ... 61 Figure 43 System: User Management ... 62 Figure 44 System: User Management: Edit Account ...
Page 16: List Of Tables
Prestige 794M User’s Guide List of Tables Table 1 Front Panel: LEDs ... 24 Table 2 Rear Panel ... 25 Table 3 Status ... 28 Table 4 Status: ARP Table ... 30 Table 5 Status: Routing Table ... 30 Table 6 Status: PPTP Status ... 31 Table 7 Status: IPSec Status ...
Page 17 Prestige 794M User’s Guide Table 39 Firewall: Firewall Logs ... 76 Table 40 VPN: PPTP ... 79 Table 41 VPN: PPTP: Remote Access ... 80 Table 42 VPN PPTP: LAN to LAN Connection ... 81 Table 43 ESP and AH ... 83 Table 44 VPN Rules (IKE): Add Policy ...
Page 18: Preface
Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you! Syntax Conventions •...
Page 19: Graphics Icons Key
Prestige 794M User’s Guide • For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for “that is” or “in other words” throughout this manual. • The Prestige 794M may be referred to as “the Prestige” in this user’s guide. Graphics Icons Key Prestige Server...
Page 20: Chapter 1 Introduction
1.1 About Your Prestige Your Prestige integrates high-speed 10/100Mbps auto-negotiating LAN interface(s) and a high-speed SHDSL port into a single package. The Prestige is ideal for high-speed Internet browsing and making LAN-to-LAN connections to remote networks. The Prestige is also an SHDSL router.
Page 21: Content Filtering
Prestige 794M User’s Guide Multiplexing The Prestige supports VC-based and LLC-based multiplexing. Full Network Management The embedded web configurator is an all-platform web-based utility that allows you to easily access the Prestige’s management settings. Most functions of the Prestige are also configurable via the CLI (Command Line Interface) over a telnet/console connection.
Page 22: Applications
Establish a Virtual Private Network (VPN) to connect with business partners and branch offices using data encryption and the Internet to provide secure communications without the expense of leased site-to-site lines. The Prestige VPN is based on the IPSec standard and is fully interoperable with other IPSec-based VPN products.
Page 23: Firewall For Secure Broadband Internet Access
Prestige 794M User’s Guide 1.3.2 Firewall for Secure Broadband Internet Access The Prestige provides protection from attacks by Internet hackers. By default, the firewall blocks all incoming traffic from the WAN. The firewall supports TCP/UDP inspection and DoS (Denial of Services) detection and prevention, as well as real time alerts, reports and logs. Figure 2 Application: Firewall 1.3.3 VPN Application The Prestige’s VPN feature makes it an ideal cost-effective way to connect branch offices and...
Page 24: Hardware Connection
Figure 4 Application: LAN-to-LAN 1.4 Hardware Connection Refer to the Quick Start Guide for more information on hardware connection and initial setup using the Quick Start screen. 1.4.1 Front Panel The following figure shows the front panel LEDs. Figure 5 Front Panel: LEDs The following table describes the LEDs.
Page 25: Rear Panel
Prestige 794M User’s Guide Table 1 Front Panel: LEDs (continued) COLOR LAN 1..4 Orange Green LINE 1, 2 Green 1.5 Rear Panel The following figure shows the rear panel of the Prestige. Figure 6 Rear Panel The following table describes the ports. Table 2 Rear Panel LABEL DESCRIPTION...
Page 26: The Web Configurator
This chapter introduces the web configurator and describes the Quick Start screen. 2.1 Overview The embedded web configurator (eWC) allows you to manage the Prestige from anywhere through a browser such as Microsoft Internet Explorer or Netscape Navigator. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions with JavaScript enabled.
Page 27: Resetting The Prestige
Prestige 794M User’s Guide 2.3 Resetting the Prestige If you forget your password or cannot access the web configurator, you will need to reload the factory-default configuration file or use the RESET button on the Prestige. Uploading this configuration file replaces the current configuration file with the factory-default configuration file.
Page 28: System Status
• Click the RESTART button to reboot the Prestige. • Click the LOGOUT button at any time to exit the web configurator. 2.5 System Status Display the Status screen (see following table describes the labels in this screen. Table 3 Status LABEL DESCRIPTION Device Information...
Page 29: Arp Table
Prestige 794M User’s Guide Table 3 Status (continued) LABEL DESCRIPTION RFC1483 WAN This field displays the VCI and VPI number and the number of packets received/ Link transmitted. Click this label to display detailed information. Ethernet This field displays the number of packets received/transmitted. Click this label to display detailed information.
Page 30: Routing Table
The following table describes the labels in this screen. Table 4 Status: ARP Table LABEL DESCRIPTION IP Address This is the learned IP address of a device connected to a switch port with corresponding MAC address below. MAC Address This is the MAC address of the device with corresponding IP address above. Interface This is the interface name on the Prestige to which a device is connected.
Page 31: Pptp Status
Prestige 794M User’s Guide Table 5 Status: Routing Table (continued) LABEL Gateway Cost 2.7.1 PPTP Status Use the PPTP Status screen to view PPTP VPN connection information. Click Status and PPTP Status in the navigation panel to display the screen as shown next. Figure 11 Status: PPTP Status The following table describes the labels in this screen.
Page 32: L2Tp Status
The following table describes the labels in this screen. Table 7 Status: IPSec Status LABEL DESCRIPTION Name This field displays the name of the VPN rule used for this connection. Active This field indicates whether the VPN rule is activated. Connection State This field displays the connection status (Connected or Disconnected).
Page 33: Email Status
Prestige 794M User’s Guide 2.7.4 Email Status The Email Status screen shows the current E-mail account information (that you configured in the Check Email screen). You can also check your Email account status in this screen. Click Status and Email Status in the navigation panel. Figure 14 Status: Email Status The following table describes the labels in this screen.
Page 34: Error Log
Figure 15 Event Log Click Refresh to update the event log entries. Click Clear to delete all event log entries from the text box. 2.7.6 Error Log Use the Error Log screen to view errors (such as VPN configuration errors). Note: This screen automatically displays when you click Apply and there is an error in the configuration screen.
Page 35: Nat Sessions
Prestige 794M User’s Guide 2.7.7 NAT Sessions ClicK Status and NAT Sessions in the navigation panel to display current NAT sessions. Figure 17 Status: NAT Session The following table describes the fields in the text box. Table 11 Status: NAT Session LABEL DESCRIPTION Prot.
Page 36: Figure 18 Quick Start
Click Quick Start in the navigation panel to display the screen as shown. Figure 18 Quick Start The following table describes the labels in this screen. Table 12 Quick Start LABEL DESCRIPTION Connection Encapsulation Select the connection type from the drop-down list. Click Auto Scan to have the Prestige automatically detect and select the connection type.
Page 37: Auto Scan
Prestige 794M User’s Guide Table 12 Quick Start (continued) LABEL DESCRIPTION Username Enter the Internet access account username. Password Enter the password associated with the username above. Apply Click Apply to save the changes. Cancel Click Cancel to start configuring this screen again. 2.8.1 Auto Scan Use the Auto Scan screen to set the Prestige to automatically detect the Internet connection type.
Page 38: Chapter 3 Lan
This chapter describes how to configure LAN settings. 3.1 Overview Local Area Network (LAN) is a shared communication system to which many computers are attached. The LAN screens can help you configure a LAN DHCP server and manage IP addresses. 3.2 LAN TCP/IP The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability.
Page 39: Rip
Prestige 794M User’s Guide of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network.
Page 40: Ethernet Client Filter
Figure 20 LAN: Ethernet The following table describes the labels in this screen. Table 13 LAN: Ethernet LABEL DESCRIPTION Primary IP Address IP Address Type the IP address of your Prestige in dotted decimal notation. 192.168.1.1 is the factory default. IP Subnet Mask The subnet mask specifies the network number portion of an IP address.
Page 41: Ethernet Client Filter Candidates
Prestige 794M User’s Guide Figure 21 LAN: Ethernet Client Filter The following table describes the labels in this screen. Table 14 LAN: Ethernet Client Filter LABEL DESCRIPTION Ethernet Client Select Disable to deactivate this feature. This allows any computer to access the Filter network through the Prestige.
Page 42: Port Setting
The following table describes the labels in this screen. Table 15 LAN: Ethernet Client Filter: Active PC in LAN LABEL DESCRIPTION IP Address This field displays the IP address of an Ethernet device connected to the Prestige. MAC Address This field displays the MAC address associated with the IP address in the IP Address field.
Page 43: Dhcp
Prestige 794M User’s Guide Table 16 LAN: Port Setting (continued) LABEL DESCRIPTION Set High This field is applicable when you enable TOS priority control. Priority TOS IEEE 802.1p defines up to 8 separate traffic types by inserting a tag into a MAC-layer frame that contains bits to define class of service.
Page 44: Disable Dhcp
Figure 24 LAN: DHCP Server The following table describes the labels in this screen. Table 17 LAN: DHCP Server LABEL DESCRIPTION Configuration DHCP Server Select Disable to disable DHCP on the LAN. Mode Select DHCP Server to set the Prestige as a DHCP server. Select DHCP Relay Agent to set the Prestige to act as a DHCP relay agent.
Page 45: Figure 26 Lan: Dhcp Server: Dhcp
Prestige 794M User’s Guide Figure 26 LAN: DHCP Server: DHCP The follow table describes the labels in this screen. Table 18 LAN: DHCP Server: DHCP LABEL DESCRIPTION DHCP Server Allow Bootp Select Enable to allow BootP (Bootstrap Protocol) clients. Otherwise, select Disable.
Page 46: Dhcp Relay Agent
Table 18 LAN: DHCP Server: DHCP (continued) LABEL DESCRIPTION Reset Click Reset to start configuring this screen again. Fixed Host Click Fixed Host to display a screen where you can assign a static LAN IP address to the specified device MAC address. 3.6.3.2.1 Fixed Host You can set the Prestige to assign one IP address on the LAN to a specific computer based on the MAC address.
Page 47: Figure 28 Lan: Dhcp Server: Dhcp Relay Agent
Prestige 794M User’s Guide In the main DHCP Server screen, select DHCP Relay and click Next to display the configuration screen. Figure 28 LAN: DHCP Server: DHCP Relay Agent The following table describes the labels in this screen. Table 20 LAN: DHCP Server: DHCP Relay Agent LABEL DESCRIPTION DHCP Server IP...
Page 48: Chapter 4 Wan
This chapter describes how to configure WAN settings. 4.1 Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. Use the WAN screens to change your Prestige's WAN settings, click Configuration and WAN in the navigation panel.
Page 49: Pppoa
Prestige 794M User’s Guide Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no specific configuration of the broadband modem at the customer site. By implementing PPPoE directly on the Prestige (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the Prestige does that part of the task.
Page 50: Edit Settings
4.2.1 Edit Settings Click Edit in the main ISP screen to modify the settings. The configuration screen varies depending on the encapsulation type. Figure 30 WAN: ISP: Edit The following table describes the labels in this screen. Table 22 WAN: ISP: Edit (PPPoE) LABEL DESCRIPTION Description...
Page 51: Advanced Ppp Options
Prestige 794M User’s Guide Table 22 WAN: ISP: Edit (PPPoE) (continued) LABEL DESCRIPTION Spanning Bridge Select Enable to activate spanning tree feature on the WAN interface. Interface Select Disable to deactivate this feature. Select Enable to activate NAT (Network Address Translation) to allow more than one computer to access the Internet through the Prestige.
Page 52: Figure 31 Wan: Edit: Advanced Ppp Options
Figure 31 WAN: Edit: Advanced PPP Options The following table describes the labels in his screen. Table 23 WAN: Edit: Advanced PPP Options LABEL DESCRIPTION LLC Header Specify an encapsulation mode in this field. Select true for LLC or false for VC. Create Route Specify whether the Prestige is to add a route after IPCP (Internet Protocol Control Protocol) negotiation is completed.
Page 53: Change Connection Type
Prestige 794M User’s Guide Table 23 WAN: Edit: Advanced PPP Options (continued) LABEL DESCRIPTION Give DNS to Enable this feature to set the Prestige to provide DNS server information to a DHCP Server. DHCP server. Discover Primary/ Enable this feature to set the Prestige to request NBNS (NetBIOS Name Server) Secondary NBNS.
Page 54: Dns
Figure 33 ISP: Change Connection Type Settings (RFC 1483 Routed) 4 Click Apply to save the changes and return to the main ISP screen. 4.3 DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2.
Page 55: Shdsl Parameters
Prestige 794M User’s Guide Figure 34 DNS The following table describes the labels in this screen. Table 24 DNS LABEL DESCRIPTION Primary/ Enter the DNS server IP address(es) in dotted decimal notation. For example, Secondary DNS 192.168.1.1. Apply Click Apply to save the settings. Cancel Click Cancel to discard all changes.
Page 56: Table 25 Shdsl
Table 25 SHDSL LABEL DESCRIPTION 4 Wire Connection Select Enable to activate 4-wire connection. The 4-wire mode is described in ITU- T G.991.2. 4-wire mode can increase the reach of a particular data rate without having to regenerate the signal. It can also give increased bandwidth for LAN-to- LAN applications.
Page 57 Prestige 794M User’s Guide Chapter 4 WAN...
Page 58: Chapter 5 System
This chapter describes the System screens. 5.1 Overview Use the System screens to configure the time server and user account settings, upgrade firmware and backup/restore configuration on the Prestige. 5.2 Time Zone To change your Prestige’s time and date, click Configuration, System and Time Server in the navigation panel.
Page 59: Remote Access
Prestige 794M User’s Guide Table 26 System: Time Zone LABEL DESCRIPTION Time Zone Select Enable to use the time zone settings to set your Prestige system time. Select Disable to deactivate this feature. Time Zone List Specify the order of the Local Time Zone list is to be displayed. Select By City to display the list alphabetically based on the cities for each time zone.
Page 60: Firmware Upgrade
5.4 Firmware Upgrade Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a “.bin” extension, e.g., "prestige.bin". The upload process may take up to two minutes. After a successful upload, the system will reboot. 1 Click Configuration, System and Firmware Upgrade in the navigation panel to display the screen as shown.
Page 61: Restart Router
Prestige 794M User’s Guide Figure 41 System: Configuration Backup/Restore Backup configuration allows you to back up (or save) the Prestige’s current configuration to a file on your computer. Once your Prestige is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
Page 62: User Management
Note: All unsaved configuration settings will be lost. Select Factory Default Settings and click Restart to reboot and reset the Prestige to the factory default. Note: All custom settings will be lost. 5.7 User Management Use the User Management screen to maintain login accounts. Figure 43 System: User Management The following table describes the labels in this screen.
Page 63: Figure 44 System: User Management: Edit Account
Prestige 794M User’s Guide Figure 44 System: User Management: Edit Account The following table describes the labels in this screen. Table 28 System: User Management: Edit Account LABEL DESCRIPTION Username Enter an account username. Password Enter a password associated to the username above. Confirm Enter the password again for confirmation.
Page 64: Chapter 6 Firewall
This chapter gives some background information on firewalls. 6.1 Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term firewall is a system or group of systems that enforces an access-control policy between two networks.
Page 65: Stateful Inspection Firewalls
Prestige 794M User’s Guide 1 Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the application gateway is the only host whose name must be made known to outside systems. 2 Robust authentication and logging pre-authenticates application traffic before it reaches internal hosts and causes it to be logged more effectively than if it were logged with standard host logging.
Page 66: General Settings
6.3 General Settings Enable the firewall in the General Settings screen. Click Configuration, Firewall and General Settings in the navigation panel to display the screen as shown. Figure 45 Firewall: General Settings The following table describes the labels in this screen. Table 29 Firewall: General Settings LABEL DESCRIPTION...
Page 67: Packet Filter
Prestige 794M User’s Guide The following table lists inbound (Internet to LAN) and outbound (LAN to Internet) traffic that is allowed or not allowed for the pre-defined port filters. The Prestige uses the pre-defined port filters when you select a security level in the General Settings screen. Table 30 Pre-defined Port Filter PORT NUMBER...
Page 68: Figure 46 Firewall: Packet Filter
The Prestige comes with pre-configured packet filters as shown in the screen. These filters are for the Policy security levels in the Firewall: General Settings screen (refer to page 66). You can modify or delete the pre-configured packet filters. Figure 46 Firewall: Packet Filter The following table describes the labels in this screen.
Page 69: Add A New Tcp/Udp Packet Filter
Prestige 794M User’s Guide Table 31 Firewall: Packet Filter (continued) LABEL DESCRIPTION Packet Filter Rules Rule Name This field displays the descriptive name for a rule. Time Schedule This field displays the time when this rule is active. Source IP/ This field displays the source IP address and subnet mask.
Page 70: Add A New Raw Packet Filter
Table 32 Firewall: Packet Filters: Add TCP/UDP Filter (continued) LABEL DESCRIPTION Source IP Enter the start source IP address in dotted decimal notation. For example, Address(es) 192.168.1.10. In the Netmask field, enter the source subnet mask address in dotted decimal notation.
Page 71: Intrusion Detection
Prestige 794M User’s Guide Table 33 Firewall: Packet Filters: Add Raw Filter (continued) LABEL DESCRIPTION Apply Click Apply to save the settings and return to the main Packet Filter screen. Return Click Return to discard all changes and go back to the main Packet Filter screen. 6.5 Intrusion Detection The Prestige’s Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion attempts from the Internet.
Page 72: Figure 49 Firewall: Intrusion Detection
Table 34 IDS: Detectable Attacks (continued) NAME PARAMETER SYN/FIN/ TCP, RST/ACK No Existing session Scan And Scan Hosts more than five. Net Bus Scan No Existing session DstPort = Net Bus 12345,12346, 3456 Back Orifice UDP, DstPort = Scan Orifice Port (31337) SYN Flood Max TCP Open Handshaking Count...
Page 73: Url Filter
Prestige 794M User’s Guide The following table describes the labels in this screen. Table 35 Firewall: Intrusion Detection LABEL DESCRIPTION Intrusion Detection Select Enable to activate this feature. Select Disable to deactivate this feature. Victim Protection Specify the time period (in seconds) the Prestige blocks any Smurf attacks when Block Duration detected.
Page 74: Keywords Filtering
Figure 50 Firewall: URL Filter The following table describes the labels in this screen. Table 36 Firewall: URL Filter LABEL DESCRIPTION URL Filter Select Enable to activate this feature. Select Disable to deactivate this feature. Block Mode Select Always Block to apply the filter(s) at all times. Select Block From and specify the time period the Prestige applies the filter(s).
Page 75: Domain Filtering
Prestige 794M User’s Guide Figure 51 Firewall: URL Filter: Keywords Filtering The following table describes the labels in this screen. Table 37 Firewall: URL Filter: Keywords Filtering LABEL DESCRIPTION Create Keyword Enter a keyword in this field. Apply Click Apply to add the keyword to the table below. Block WEB URLs This read-only table lists the keywords in the web site address to which the which contain...
Page 76: Firewall Log
The following table describes the labels in this screen. Table 38 Firewall: URL Filter: Domains Filtering LABEL DESCRIPTION Domain Name Domain Name Enter a domain name in this field. Type Specify whether to allow access (Trusted Domain) or deny access (Forbidden Domain) from the drop-down list box.
Page 77 Prestige 794M User’s Guide Table 39 Firewall: Firewall Logs (continued) LABEL DESCRIPTION Intrusion Log Select Enable to log intrusion detections. Select Disable not to log intrusion detections. URL Blocking Log Select Enable to log URL blocking events. Select Disable not to log URL blocking events. Chapter 6 Firewall...
Page 78: Chapter 7 Vpn
This chapter shows you how to configure the Prestige for VPN connection. 7.1 Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
Page 79: Creating A Pptp Vpn Rule
Prestige 794M User’s Guide The following table describes the labels in this screen. Table 40 VPN: PPTP LABEL DESCRIPTION Enable Select this option to activate this VPN rule. Disable Select this option to deactivate this VPN rule. Name This field displays the descriptive name for the VPN rule. Type This field displays whether the Prestige acts as a client (Dialout) or server (Dialin) for the VPN rule.
Page 80: Table 41 Vpn: Pptp: Remote Access
The following table describes the labels in this screen. Table 41 VPN: PPTP: Remote Access LABEL DESCRIPTION Connection Name Enter a descriptive name for identification purposes. Type Select Dial Out if you want your Prestige to operate as a client (connecting to a remote VPN device).
Page 81: Lan To Lan Connection
Prestige 794M User’s Guide Table 41 VPN: PPTP: Remote Access (continued) LABEL DESCRIPTION Idle Time Specify the time interval in minutes (where there is no traffic between the Prestige and the computer) that can elapse before the Prestige automatically disconnects the connection.
Page 82 Table 42 VPN PPTP: LAN to LAN Connection (continued) LABEL DESCRIPTION Netmask This field is applicable when you select Dial In in the Type field. Enter the subnet mask (in dotted decimal) notation to assign to the remote VPN client that initiates this VPN connection. For example, 255.255.255.0. Peer Network IP Enter the IP address (in dotted decimal notation) of the remote network.
Page 83: Ipsec
Prestige 794M User’s Guide 7.3 IPSec Internet Protocol Security (IPSec) is a standards-based VPN that offers flexible solutions for secure data communications across a public network like the Internet. IPSec is built around a number of standardized cryptographic techniques to provide confidentiality, data integrity and authentication at the IP layer.
Page 84: Perfect Forward Secrecy (Pfs)
Table 43 ESP and AH (continued) Authentication None (default) No authentication MD5 (Message Digest 5) produces a 128-bit digest to authenticate packet data. SHA1 SHA1 (Secure Hash Algorithm) produces a 160-bit digest to authenticate packet data. Select MD5 for minimal security and SHA1 for maximum security. 7.3.3 Perfect Forward Secrecy (PFS) Enabling PFS means that the key is transient.
Page 85: Ipsec Vpn Configuration
Prestige 794M User’s Guide 7.3.6 IPSec VPN Configuration To configure an IPSec VPN connection, click Create in the main IPSec screen. Figure 59 IPSec: Create The following table describes the labels in this screen. Table 44 VPN Rules (IKE): Add Policy LABEL Connection Name Local...
Page 86 Table 44 VPN Rules (IKE): Add Policy (continued) LABEL Single Address Subnet IP Range Proposal Authentication Encryption Authentication Perfect Forward Secret Chapter 7 VPN DESCRIPTION Select Single Address to allow one VPN client with the specified IP address to use the VPN connection. Enter a single IP address in the IP Address field.
Page 87: L2Tp
Prestige 794M User’s Guide Table 44 VPN Rules (IKE): Add Policy (continued) LABEL Pre-Shared Key Apply Cancel 7.4 L2TP L2TP (Layer 2 Tunneling Protocol) is another tunneling protocol to support VPN. L2TP allows a PPP session to travel through the Internet and a user to access a corporate network. Click VPN and L2TP to display the summary screen.
Page 88: Creating A New L2Tp Rule
Table 45 VPN: PPTP (continued) LABEL DESCRIPTION Status This field displays whether the VPN rule is in use or not. Edit Click Edit to modify the settings of the selected rule. Create Click Create to add a new VPN rule. Apply Click Apply to save the changes.
Page 89: Table 46 Vpn: L2Tp: Create: Remote Access Connection
Prestige 794M User’s Guide The following table describes the labels in this screen. Table 46 VPN: L2TP: Create: Remote Access Connection LABEL Connection Name Type Server IP Address (or Domain Name) Private IP Address Assigned to Dial in User Username Password Authentication Type Idle Time...
Page 90: Lan To Lan L2Tp Connection
Table 46 VPN: L2TP: Create: Remote Access Connection (continued) LABEL Encryption Perfect Forward Secrecy Pre-shared Key Remote Host Name Local Host Name Tunnel Authentication Secret Apply 7.4.1.2 LAN to LAN L2TP Connection Use the L2TP LAN to LAN screen to create an L2TP VPN rule to connect to another VPN device on the LAN.
Page 91: Figure 63 L2Tp: Lan To Lan Connection
Prestige 794M User’s Guide Figure 63 L2TP: LAN to LAN Connection The following table describes the labels in this screen. Table 47 VPN: L2TP: Create: LAN to LAN LABEL Connection Name Type Server IP Address (or Domain Name) Private IP Address Assigned to Dial in User Username...
Page 92 Table 47 VPN: L2TP: Create: LAN to LAN (continued) LABEL Active as default route Select this option to set this VPN connection as a default route. IPSec Authentication Encryption Encryption Perfect Forward Secrecy Pre-shared Key Chapter 7 VPN DESCRIPTION Select this option to enable IPSec security for your LT2P VPN connection. Specify the method to authenticate data packet in this field.
Page 93: Vpn Example
Prestige 794M User’s Guide Table 47 VPN: L2TP: Create: LAN to LAN (continued) LABEL Remote Host Name Local Host Name Tunnel Authentication Secret Apply 7.5 VPN Example This section shows some VPN configuration examples. 7.5.1 Example: Remote PPTP VPN Dial-in Connection The following network example shows a remote VPN client connecting to the LAN behind the Prestige from the Internet.
Page 94: Example: Remote Pptp Vpn Dial-Out Connection
Figure 65 Remote PPTP VPN Dial-In Configuration Example The following table describes the configuration steps. Table 48 Remote PPTP VPN Dial-In Configuration Example STEP FIELD Connection Name Dial in Private IP Address Assigned to Dialing User Username Password Auth.Type Data Encryption Key Length Mode Idle Time...
Page 95: Figure 67 Pptp Vpn Example: Configuration For The Office
Prestige 794M User’s Guide On the Prestige, create a dial-out PPTP VPN rule to allow a computer on the LAN to access the public file server securely. Figure 67 PPTP VPN Example: Configuration for the Office The following table describes the configuration steps. Table 49 Remote PPTP VPN Dial-In Configuration Example STEP FIELD...
Page 96: Qos (Quality Of Service)
QoS (Quality of Service) This chapter shows you how to configure QoS on the Prestige. 8.1 Overview QoS function helps you to control your network traffic for each application from LAN to WAN (Internet). It facilitates you to control the different quality and speed of throughput for each application when the system is running with full loading of upstream.
Page 97: Figure 68 Qos: Prioritization
Prestige 794M User’s Guide Figure 68 QoS: Prioritization The following table describes the labels in this screen. Table 50 QoS: Prioritization LABEL DESCRIPTION Application Enter a descriptive name for identification purposes. Time Schedule Specify when this rule is active. Select Always On to activate the rule all the time. Otherwise, select a schedule (that you configure in the Time Schedule screen).
Page 98: Ip Throttling
Table 50 QoS: Prioritization (continued) LABEL DESCRIPTION DSCP Marking DiffServ Code Point (DSCP) marking allows the classification of traffic based on the DSCP value. Select Disabled to deactivate DSCP marking or select a marking scheme. Refer to Table 51 on page 98 Apply Click Apply to save the settings.
Page 99: Figure 69 Qos: Outbound Ip Throttling
Prestige 794M User’s Guide Figure 69 QoS: Outbound IP Throttling The following table describes the labels in this screen. Table 52 QoS: Outbound/Inbound IP Throttling LABEL Application Time Schedule Protocol Source Port Destination Port Source IP Address Range Destination IP address Range DESCRIPTION Enter a descriptive name for identification purposes.
Page 100: Qos Example
Table 52 QoS: Outbound/Inbound IP Throttling (continued) LABEL Upstream Rate Limit Apply 8.3 QoS Example The following figure shows a network example where you want to limit the rates on different traffic types. The total upstream rate and the downstream rate of the Prestige are 928kbps and 8Mbps respectively.
Page 101: Rate Limiting With Ip Throttling Example
Prestige 794M User’s Guide 8.3.2 Rate Limiting with IP Throttling Example With IP throttling you can fine tune bandwidth limits for specific applications. For the example network, you want to give a guaranteed bandwidth for VoIP applications. The following table lists the bandwidth allocated for the type of applications (or users) in this example.
Page 102: Configuring A Time Schedule
Figure 73 Configuration: Time Schedule The following table describes the labels in this screen. Table 54 Configuration: Time Schedule LABEL DESCRIPTION This field displays the index number. Name This field displays the descriptive name for identification purposes. Day in a Week This field displays whether the day of the week (in upper case) the time schedule is active.
Page 103: Table 55 Configuration: Time Schedule: Edit
Prestige 794M User’s Guide The following table describes the labels in this screen. Table 55 Configuration: Time Schedule: Edit LABEL DESCRIPTION This read-only field displays the index number. Name Enter a descriptive name for identification purposes. Select the day of the week this time schedule is active. Start Time Set the beginning of the time range the time schedule is active.
Page 104: Chapter 9 Static Route
This chapter shows you how to set advanced system settings. 9.1 Overview Each remote node specifies only the network to which the gateway is directly connected, and the Prestige has no knowledge of the networks beyond. For instance, the Prestige knows about network N2 in the following figure through remote node router R1.
Page 105: Table 56 Advanced: Static Route
Prestige 794M User’s Guide Table 56 Advanced: Static Route LABEL DESCRIPTION Destination This parameter specifies the IP network address of the final destination. Routing is always based on network number. If you need to specify a route to a single host, use a subnet mask of 255.255.255.255 in the subnet mask field to force the network number to be identical to the host ID.
Page 106: Chapter 10 Dynamic Dns
10.1 Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Page 107: Table 57 Advanced: Dynamic Dns
Prestige 794M User’s Guide The following table describes the labels in this screen. Table 57 Advanced: Dynamic DNS LABEL DESCRIPTION Dynamic DNS Select Enable to activate this feature and configure the fields below. Select Disable to deactivate this feature. Dynamic DNS Select your DDNS service provider from the drop-down list box.
Page 108: Chapter 11 Check Emails
This chapter shows you how to configure the Check Emails screen for POP3 email checking. 11.1 Overview You can configure the Prestige to automatically check the your POP3 mail box for new messages. You can check your mail box status in the Email Status screen (see on page 33 for more information).
Page 109 Prestige 794M User’s Guide Table 58 Advanced: Check Emails (continued) LABEL DESCRIPTION Automatically dial- You can set the Prestige to automatically set up the SHDSL line to connect to the out for checking mail server when the line is down. emails Select the check box to enable automatic line set up.
Page 110: Chapter 12 Device Management
This chapter shows you how to configure device management security and monitoring settings. 12.1 Overview Configure general system settings (such as the system name, web server port numbers, etc.), UPnP and SNMP settings in the Device Management screen. 12.1.1 Universal Plug and Play (UPnP) Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices.
Page 111: Snmpv3
Prestige 794M User’s Guide Figure 79 SNMP Management Model An SNMP managed network consists of two main components: agents and a manager. An agent is a management software module that resides in a managed device. An agent translates the local management information from the managed device into a form compatible with SNMP.
Page 112: Snmp Traps And Mibs
12.1.2.2 SNMP Traps and MIBs Traps supported: Cold Start, Authentication Failure. The following table lists the MIBs and attributes. Table 59 MIBs and Attributes ATTRIBUTE RFC 1213 • (MIB II) • • • • • • • • • RFC1650 dot3Stats (EtherLike-MIB) RFC 1493...
Page 113: Figure 80 Advanced: Device Management
Prestige 794M User’s Guide Figure 80 Advanced: Device Management The following table describes the labels in this screen. Table 60 Advanced: Device Management LABEL Device Host Name Host Name Embedded Web Server HTTP Port Management IP Address DESCRIPTION Enter a name for identification purposes. Specify the port number of the embedded web server on the Prestige for accessing the web configurator.
Page 114 Table 60 Advanced: Device Management (continued) LABEL Expire to auto-logout Universal Plug and Play (UPnP) UPnP Port SNMP Access Control SNMP V1 and V2 Read Community Write Community Trap Community SNMP V3 Username Password Access Right IP Address Apply Chapter 12 Device Management DESCRIPTION Type how many minutes a management web session can be left idle before the session times out.
Page 115: Igmp
Prestige 794M User’s Guide 12.3 IGMP A Prestige can passively snoop on IGMP Query, Report and Leave (IGMP version 2) packets transferred between IP multicast routers/switches and IP multicast hosts to learn the IP multicast group membership. It checks IGMP packets passing through it, picks out the group registration information, and configures multicasting accordingly.
Page 116: Index
Numerics 110V AC 230V AC 4-wire connection About your Prestige Accessories Address Resolution Protocol (ARP) Advanced PPP options AH (Authentication Header) Airflow Application-level Firewalls Applications How it works ATM Adaptation Layer 5 (AAL5) ATM Class Auto scan for Internet access auto-negotiation Bandwidth management Basement...
Page 117 Prestige 794M User’s Guide Europe Event log status Exposure Factory LAN Defaults Features Finland, Contact Information Firewall 21, 64 General settings Predefined port filters Types Firmware upgrade Frame Relay France, Contact Information Front panel Front panel LEDs Full Network Management Gas Pipes Germany, Contact Information High Voltage Points...
Page 118 NAT session status Network Address Translation (NAT) North America North America Contact Information Norway, Contact Information Opening Packet filter Raw packet filter TCP/UDP packet filter Packet filtering Packet Filtering Firewalls Perfect Forward Secrecy PFS (Perfect Forward Secrecy) Pipes Point to Point Protocol over ATM Adaptation Layer 5 (PPPoA) Point-to-Point Tunneling Protocol (PPTP) Pool...
Page 119 Prestige 794M User’s Guide L2TP NAT sessions PPTP Routing table Subnet Mask 38, 40 Supply Voltage Support E-mail Supporting Disk Sweden, Contact Information Swimming Pool Syntax Conventions System Telephone Thunderstorm Time schedule Time zone Universal Plug and Play Universal Plug and Play (UPnP) UPnP 21, 110 URL (Uniform Resource Locator)

This manual is also suitable for:

P-794m

ZyXEL Communications ZyXEL Prestige 794M User Manual

Chapter 1 Introduction

Chapter 2 The Web Configurator

Chapter 3 LAN

Chapter 4 WAN

Chapter 5 System

Chapter 6 Firewall

Chapter 7 VPN

Chapter 8 Qos (Quality of Service)

Chapter 9 Static Route

Chapter 10 Dynamic DNS

Chapter 11 Check Emails

Chapter 12 Device Management

Quick Links

Related Manuals for ZyXEL Communications ZyXEL Prestige 794M

Summary of Contents for ZyXEL Communications ZyXEL Prestige 794M

This manual is also suitable for:

Table of Contents