Page 1 Vantage CNM Centralized Network Management User’s Guide Version 2.2 8/2005...
Page 4: Customer Support
Vantage CNM User’s Guide Note Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser.
Page 5 Vantage CNM User’s Guide info@zyxel.fr +33 (0)4 72 52 97 97 www.zyxel.fr ZyXEL France 1 rue des Vergers +33 (0)4 72 52 19 20 FRANCE Bat. 1 / C 69760 Limonest France support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH. Adenauerstr. 20/A2 D-52146 GERMANY sales@zyxel.de...
Page 6 Vantage CNM User’s Guide Customer Support...
Page 7: Table Of Contents
Vantage CNM User’s Guide Table of Contents Copyright ........................2 ZyXEL Limited Warranty..................2 Customer Support....................3 Preface ........................34 Chapter 1 Introducing Vantage....................36 1.1 Key Features ......................36 1.1.1 Object Tree View ..................36 1.1.2 Flexible Friendly Device Registration ............36 1.1.3 Building Blocks ..................36...
Page 8 3.3.2.2 Minimum Mandatory Device Settings ..........59 3.4 Device – Vantage Data Inconsistency: Synchronize ..........61 3.4.1 Vantage – Device Override Criteria ............61 3.4.1.1 Vantage CNM Override Device ............61 3.4.1.2 Device Override Vantage CNM ............61 3.4.1.3 Synchronizing Device with Vantage ..........62 3.5 Firmware Management ..................62 3.5.1 Add Firmware Screen ................63...
Page 9 Vantage CNM User’s Guide 4.2.3 Time Setting ....................77 4.2.4 Owner Info ....................78 Chapter 5 Configuration > LAN ....................80 5.1 LAN Overview ....................80 5.2 DHCP Setup .......................80 5.2.1 IP Pool Setup ....................80 5.2.2 DNS Servers .....................80 5.2.3 LAN TCP/IP ....................80 5.2.4 Factory LAN Defaults ................80...
Page 10 Vantage CNM User’s Guide 6.7 Configuring Local User Authentication .............107 6.7.1 Configuring Local User Database ............107 6.8 Configuring RADIUS ..................108 Chapter 7 Configuration > DMZ.................... 110 7.1 DMZ Overview ....................110 7.2 DMZ Addresses ....................110 7.3 Configuring DMZ ....................110 Chapter 8 Configuration >...
Page 11 Vantage CNM User’s Guide 9.1.5 SUA (Single User Account) Versus NAT ..........146 9.2 Configuring NAT - ZyWALL ................146 9.3 Configuring NAT - Prestige ................148 9.4 SUA Servers ....................149 9.4.1 Port Forwarding: Services and Port Numbers ........149 9.4.2 NAT and Multiple WAN ................150 9.4.3 Port Translation ..................150...
Page 12 Vantage CNM User’s Guide 11.5.2 ESP (Encapsulating Security Payload) Protocol ........171 11.5.3 Key Management ..................172 11.5.4 Encapsulation ..................172 11.5.4.1 Transport Mode ................172 11.5.4.2 Tunnel Mode ................172 11.5.5 IPSec and NAT ..................172 11.6 My ZyWALL ....................173 11.7 Remote Gateway Address ................173 11.7.1 Dynamic Remote Gateway Address .............174...
Page 13 Vantage CNM User’s Guide 12.1.2 Illegal Commands (NetBIOS and SMTP) ..........215 12.1.3 Traceroute ....................215 12.2 Stateful Inspection ..................215 12.2.1 Stateful Inspection Process ..............216 12.2.2 Stateful Inspection and the ZyWALL .............217 12.2.3 TCP Security ..................217 12.2.4 UDP/ICMP Security ................218 12.2.5 Upper Layer Protocols ................218 12.3 Guidelines For Enhancing Security With Your Firewall ........219...
Page 14 Vantage CNM User’s Guide 16.1.3 Current Alarms Screen .................239 16.1.4 Historical Alarms Screen ..............240 Chapter 17 Configuration > DNS .................... 242 17.1 DNS Overview ....................242 17.2 DNS Server Address Assignment ..............242 17.3 DNS Servers ....................242 17.4 Address Record .....................243 17.4.1 DNS Wildcard ..................243 17.5 Name Server Record ..................243...
Page 15 Vantage CNM User’s Guide Chapter 19 System > Administrators..................274 19.1 Introduction to Administrators ................274 19.1.1 Administrator Types ................274 19.1.1.1 “Root” Administrator ..............274 19.1.1.2 “Super” Administrators ..............275 19.1.1.3 “Normal” Administrators ..............275 19.1.1.4 “Custom” Administrators .............275 19.2 Configuring Administrators ................275 19.3 Creating an Administrator Account ..............276 19.3.1 Administrator Details ................276...
Page 16 Vantage CNM User’s Guide 20.9 About Vantage ....................303 Chapter 21 Monitor > Alarms....................304 21.1 Alarms ......................304 21.1.1 Alarm Types ..................304 21.1.2 Alarm Classifications ................304 21.1.3 Alarm States ..................305 21.1.4 Current Alarms Screen .................305 21.1.5 Historical Alarms ...................307 Chapter 22 Other Monitor Screens ..................
Page 17 Vantage CNM User’s Guide Chapter 25 Service Reports ....................326 25.1 Service Monitor ....................326 25.2 Pre-defined and Custom Services ..............326 25.2.1 Creating a Custom Service ..............327 25.3 Configuring Service Settings ................327 25.4 Service Summary Screens ................329 25.4.1 All Services Summary ................329 25.4.2 Service Summary Settings ..............330...
Page 18 Vantage CNM User’s Guide 27.3 Source of Attacks ...................360 27.3.1 Attack Source Settings .................361 27.4 Attack Errors and Exceptions .................362 Chapter 28 Authentication ...................... 364 28.1 Successful Logins ..................364 28.2 Failed Logins ....................364 Chapter 29 Log Viewer ......................366 29.1 Log Monitor ....................366 29.2 Log Search ....................368...
Page 19 Vantage CNM User’s Guide Internet Explorer Pop-up Blockers ................. 394 Disable pop-up Blockers.................. 394 Enable pop-up Blockers with Exceptions............395 JavaScripts......................397 Java Permissions ....................399 JAVA (Sun) ...................... 400 Appendix D FTP and syslog Server Overview ............... 402 Introduction ......................402 Appendix E Java Console Debug Messages................
Page 20 JAVA Software Technologies.................. 455 Apache License...................... 457 Copyright (c) 2002, 2003 Gargoyle Software Inc. All rights reserved....462 GNU LESSER GENERAL PUBLIC LICENSE ............463 GNU GENERAL PUBLIC LICENSE............... 470 End-User License Agreement for Vantage CNM............ 475 Table of Contents...
Page 21 Vantage CNM User’s Guide List of Figures Figure 1 Main Screen ......................40 Figure 2 Object Tree View Types ..................41 Figure 3 Details Screen ....................... 41 Figure 4 Folder Right-Click Options ..................42 Figure 5 Add Devices ......................42 Figure 6 Remove Folder Warning ..................
Page 22 Vanatge CNM User’s Guide Figure 37 Configuration > General > System - ZyWALL ............. 74 Figure 38 Configuration > General > DDNS ............... 76 Figure 39 Configuration > General > Time Setting .............. 77 Figure 40 Configuration > General > Owner Info ..............79 Figure 41 Any IP Example Application ................
Page 23 Vantage CNM User’s Guide Figure 80 Configuration > NAT > Full Feature > Edit Address Mapping ......157 Figure 81 Configuration > NAT > Full Feature > Trigger Port ..........159 Figure 82 Configuration > NAT > Full Feature > Trigger Port > Edit ........160 Figure 83 Configuration >...
Page 24 Vanatge CNM User’s Guide Figure 123 Configuration > DNS > System > Add Address Record ........247 Figure 124 Configuration > DNS > System > Add Name Server Record ......248 Figure 125 Configuration > DNS > Cache ................249 Figure 126 Configuration >...
Page 25 Vantage CNM User’s Guide Figure 166 System > Address Book ................... 296 Figure 167 System > Address Book Add/Edit ..............297 Figure 168 System > Logs > CNM Server ................298 Figure 169 System > Logging Options ................299 Figure 170 System > Certificate Management > Information ..........301 Figure 171 System >...
Page 26 Vanatge CNM User’s Guide Figure 209 Top Site Service Settings .................. 337 Figure 210 Web Service Top Sites ..................338 Figure 211 FTP Service Top Sites ..................339 Figure 212 Mail Service Top Sites ..................341 Figure 213 VPN Service Top Sites ..................342 Figure 214 Custom Service Top Sites .................
Page 27 Vantage CNM User’s Guide Figure 252 WFTPD Main Screen ..................385 Figure 253 Windows Services ..................... 386 Figure 254 WFTPD Properties .................... 386 Figure 255 WFTPD Pro Log On ..................387 Figure 256 Kiwi Syslog Daemon Installation: License Agreement ........388 Figure 257 Kiwi Installation: Installation Options ..............
Page 28 Vanatge CNM User’s Guide List of Figures...
Page 29: List Of Tables
Vantage CNM User’s Guide List of Tables Table 1 Menus Overview ....................47 Table 2 Object Tree Icons ....................48 Table 3 Pop-up Menus Icons ....................49 Table 4 Content Pane Icons ....................49 Table 5 Device > Status > Main Screen ................53 Table 6 Device >...
Page 30 Vantage CNM User’s Guide Table 37 Configuration > WAN > Dial Backup > Advanced - ZyWALL ....... 128 Table 38 Configuration > WAN > Dial Backup > Edit - ZyWALL ........130 Table 39 Configuration > WAN > Setup - Prestige - Bridge Mode ........133 Table 40 Configuration >...
Page 31 Vantage CNM User’s Guide Table 80 Configuration > Firewall ..................221 Table 81 Configuration > Firewall > DoS Settings .............. 223 Table 82 Configuration >Firewall > Edit ................225 Table 83 Configuration > Firewall > IP Address ..............226 Table 84 Configuration > Firewall > Firewall Custom Port ..........227 Table 85 Configuration >...
Page 32 Vantage CNM User’s Guide Table 123 System > Preferences > Server ................ 288 Table 124 System > Preferences > Notifications ............... 291 Table 125 System > Preferences > Permissions ............... 292 Table 126 System > Preferences > Permissions > Add ............. 293 Table 127 System >...
Page 33 Vantage CNM User’s Guide Table 166 Top Users of Web Services ................346 Table 167 Top Users of FTP Services ................347 Table 168 Top Users of Mail Services ................348 Table 169 Top Users of VPN Tunnels ................350 Table 170 Top Users of Custom Services ................
Page 34 Vantage CNM User’s Guide Table 209 Access Control Logs ..................433 Table 210 TCP Reset Logs ....................434 Table 211 Packet Filter Logs ....................434 Table 212 ICMP Logs ......................435 Table 213 CDR Logs ......................435 Table 214 PPP Logs ......................435 Table 215 UPnP Logs ......................
Page 35: Preface
ZyXEL devices located worldwide. Vantage CNM allows you to effectively separate usage and management of ZyXEL's comprehensive range of broadband security devices. Note: Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com...
Page 36 Vantage CNM User’s Guide • The version number on the title page is the Vantage version that is documented in this User’s Guide. • Enter means for you to type one or more characters and press the carriage return. Select or Choose means for you to use one of the predefined choices.
Page 37: Introducing Vantage
This chapter introduces Vantage key features and Vantage requirements. 1.1 Key Features The following are the key features of Vantage CNM. 1.1.1 Object Tree View The object tree has three defined views letting you view the devices directly as you configure them.
Page 38: Complete Device Configuration
Vantage CNM User’s Guide 1.1.5 Complete Device Configuration Use the Vantage configuration menus to configure its features including LAN, WAN, NAT, firewall, VPN, static routes, wireless etc. You may also directly access any device’s web configurator from the object tree by simply right-clicking on it, giving you total control over any device within Vantage.
Page 39: Monitoring And Notifications
Vantage CNM User’s Guide 1.1.11 Monitoring and Notifications Use the Status Monitor to give real time messages (of who has logged in for example) and the alarm screens to know what is going on in your management domain. Alarms are warnings of hardware failure, security breaches, attacks or illegal Vantage login attempts.
Page 40 Vantage CNM User’s Guide Chapter 1 Introducing Vantage...
Page 41: Chapter 2 Gui Introduction
H A P T E R GUI Introduction 2.1 Overview The following figure displays an overiew of the Vantage CNM graphical user interface. Figure 1 Main Screen 2.2 Main Menu Components The main screen consists of two non-resizable panes; the object pane and the content pane.
Page 42: Object Pane
Vantage CNM User’s Guide 2.2.1 Object Pane The bottom of the object pane consists of an object tree view types list box where you can select a logical view of the devices. The top of the object pane has a Search function where you can search for devices.
Page 43: Folders
Vantage CNM User’s Guide 2.2.1.2 Folders A folder is a logical grouping of devices. There are two types of folders, Account and Group. All devices in an Account folder belong to that account. When you create a folder you are requested to give a name.
Page 44: Figure 6 Remove Folder Warning
Vantage CNM User’s Guide Figure 6 Remove Folder Warning 4 Associate. Links an administrator to this folder. This folder and all sub-folders are in this administrator’s domain. The administrator cannot manage nor see folders or BBs outside this domain. Figure 7 Associate Administrators An administrator icon appears on the folder when you associate an administrator with a folder.
Page 45: Figure 8 Add New Folder Group Name
Figure 9 Account Folder Alarm Right-Click Options 7 Group Config. Click this to open the group configuration screen. Use Vantage CNM group configuration to configure batch devices associated to the same folder. A summary table of devices which can be batch configured is displayed.
Page 46: Devices
Figure 11 Group Configuration > Firewall Example A list of devices are displayed which have already been registered to Vantage CNM. Select the checkbox next to each device that you want to include in the group configuration or select all of the devices.
Page 47: Content Pane
Vantage CNM User’s Guide Delete the device registration from Vantage. Vantage disables CNM in the device. Figure 13 Remove Device Warning 3 To VPN Editor. Create a VPN tunnel for the selected device using the VPN editor. See VPN Editor on page 309.
Page 48: Procedure For Configuring A Device
Vantage CNM User’s Guide • If you click an administrator icon in the object tree, the System > Administrators menus will appear. Note: You can only configure a single device at one time. Table 1 Menus Overview DEVICE CONFIGURATION BUILDING BLOCK...
Page 49: Icon Key
Vantage CNM User’s Guide 1 On the Vantage CNM server, go to Vantage CNM installation directory\utilities (the default installation path is C:\Program Files\ZyXEL\Vantage CNM\utilities) and copy the java.policy file. 2 On the Vantage CNM client computer, go to the Java plug-in installation directory\j2re1.4.1\lib\security\ (the default installation path is C:\Program...
Page 50: Table 3 Pop-Up Menus Icons
Vantage CNM User’s Guide Table 2 Object Tree Icons (continued) Icon Description This is a Prestige device with firmware uploading. Click this icon to refresh the current topology tree. Click this icon to view the topology detail information for the current user.
Page 51 Vantage CNM User’s Guide Table 4 Content Pane Icons (continued) ICON DESCRIPTION This is a checkbox that allows you to make multiple selections from a group. This is a radio button allows you to make one selection from a group.
Page 52 Vantage CNM User’s Guide Chapter 2 GUI Introduction...
Page 53: Chapter 3 Device Menus
Vantage CNM User’s Guide H A P T E R Device Menus 3.1 Device Menus Overview The Device menus allow you to register your device, synchronize devices, and manage firmware and configuration files. 3.1.1 Device Main Screen Device Status is the default first screen you see; the default folder in the Object pane is “root”.
Page 54: Figure 15 Device > Status > Main Screen
Vantage CNM User’s Guide Figure 15 Device > Status > Main Screen The following table describes the fields in this screen. Table 5 Device > Status > Main Screen LABEL DESCRIPTION By Status Select a filter status from the drop-down list box to choose which devices to view within the folder.
Page 55: Device Status
Vantage CNM User’s Guide 3.2 Device Status In the Device menus, select single devices only in the Object pane when you select the Synchronize and Configuration File menu options. You may select both folders and devices for all other Device menu options.
Page 56: Figure 17 Device > Registration Wizard > Account Association
• Import from an XML batch registration file: choose this option if you want to input a batch of devices in one go. Go to the XML folder within the Vantage CNM Installation directory (C:\Program Files\ZyXEL\Vantage CNM\xml by default). Choose the 4- devices or 100-ZyWALL10W templates and modify accordingly.
Page 57: Manual Option
To set the encryption mode on the ZyXEL device, do the following: Log into the device web configurator, click Remote Management from the navigation panel and then click the CNM tab. Select Enable, (enter the Vantage CNM Server (IP) Address) and enter an Encryption Algorithm and Encryption Key.
Page 58: Import From An Xml Registration File
Vantage CNM User’s Guide Figure 20 Device > Registration > Manual Registration The following table describes the fields in this screen Table 7 Device > Registration > Manual Registration LABEL DESCRIPTION MAC (Hex) Enter the LAN MAC address of the ZyXEL device (without colons) in this field.
Page 59: Basic Xml Syntax
Vantage CNM User’s Guide First create an XML file. Some XML templates for each device type supported at the time may be found at “vantage installed path\xml\”. You may combine different templates into one XML file so as to import multiple devices (and of different types) in one go.
Page 60: Minimum Mandatory Device Settings
Vantage CNM User’s Guide 3.3.2.2 Minimum Mandatory Device Settings You must at least fill in the MAC address, name, type, encryption mode and key fields for a device to be successfully imported into Vantage suing an XML file. Below is an example for the ZyWALL 10W.
Page 61: Figure 21 Registration Wizard: Configuration File
Vantage CNM User’s Guide After you have completed the XML file, click Browse to locate it in the next screen and then click Next. Figure 21 Registration Wizard: Configuration File The next screen displays all devices available in the XML file that can be imported.Select the individual devices that you wish to import or select Select All to import all devices that are displayed in this screen.
Page 62: Device - Vantage Data Inconsistency: Synchronize
Vantage. 3.4.1 Vantage – Device Override Criteria 3.4.1.1 Vantage CNM Override Device Vantage pushes all current configurations from Vantage to the device. The current device configuration will then be reset to the configuration settings that Vantage contains.
Page 63: Synchronizing Device With Vantage
Vantage CNM User’s Guide 3.4.1.3 Synchronizing Device with Vantage Select a device and then click Device > Synchronize Settings. A screen displays showing which configuration menus are out-of-synch. Access the device web configurator to view discrepancy details between corresponding configurations. When you understand the discrepancy, you can then decide to allow Vantage to override the device configuration or vice-versa.
Page 64: Add Firmware Screen
Vantage CNM User’s Guide Figure 25 Device > Firmware Management The following table describes the fields in this screen Table 8 Device > Firmware Management TYPE DESCRIPTION Index This is the file list number. FW Alias This is the firmware file name.
Page 65: Firmware Upgrade Select Product Line And Mode
Vantage CNM User’s Guide Click Add in the screen shown in the previous figure to display the next screen. Type the file name and path or browse to where you saved the file. You may create a firmware alias for the selected zip in this screen.
Page 66: Firmware Upgrade Process
Vantage CNM User’s Guide Figure 29 Firmware Upgrade > Select Product Line and Model 3.5.3 Firmware Upgrade Process 1 Select Firmware by picking a node. 2 Select the candidate devices (of that model type for the node selected). 3 Click Apply to begin the device upgrade process.
Page 67: Configuration File
Vantage CNM User’s Guide • You should also notify device owners before you begin the upload. See the System > Preferences > Notifications screen. 3.5.5 Configuration File Use these screens to manage, back up and restore configuration files. Select the device and then click Device > Configuration File.
Page 68: Configuration File Restore
Vantage CNM User’s Guide Once your device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
Page 69: Firmware Upgrade Scheduling
Vantage CNM User’s Guide Figure 33 Device > Configuration File > Restore Table 11 Device > Configuration File > Restore TYPE DESCRIPTION Resource From Server Select this radio button to upload a configuration file From Vantage. File Path and Name Select a file from the drop-down list box.
Page 70: Firmware Upgrade Scheduler List
Vantage CNM User’s Guide Figure 34 Device > Firmware Schedule Upgrade Table 8 on page 63 for field descriptions. 3 Select the Enable Scheduler checkbox. 4 Fill in the Date & Time fields to schedule a firmware upgrade start time. Type a date in yyyy:mm:dd format followed by the time in hh format.
Page 71: Figure 35 Device > Scheduler List
Devices the Vantage CNM upgrade scheduler. Administrator This field displays the administrator who performed a firmware upgrade on a ZyXEL device(s) via the Vantage CNM scheduler. Note This field displays a note relating to the firmware upgrade. Firmware Upgrade Click this hyperlink to go to the Firmware Upgrade Report screen. See the...
Page 72 Vantage CNM User’s Guide Chapter 3 Device Menus...
Page 73: Configuration > Select Device Bb & General
Vantage CNM User’s Guide H A P T E R Configuration > Select Device BB & General This section shows you how to use the select device building block screen and how to configure the General menus. These screens will vary depending on which model you’re configuring.
Page 74: Procedure To Select And Apply A Device Bb
Vantage CNM User’s Guide Figure 36 Prestige 662W-61/63 Device BB This Select Device BB screen allows you to select a device’s device BB and apply it to another device of the same type. Note: You can only apply a device BB to another device of the same type.
Page 75: Configuration General Screens
Vantage CNM User’s Guide Configuration General Screens Click Configuration > General to configure System, DDNS, Time Setting and Owner Info. The System tab is shown next. 4.2.1 System Figure 37 Configuration > General > System - ZyWALL The following table describes the fields in this screen Table 13 Configuration >...
Page 76: Ddns
Vantage CNM User’s Guide Table 13 Configuration > General > System - ZyWALL (continued) FIELD DESCRIPTION Encryption Mode You may choose to encrypt traffic between the ZyXEL device and the Vantage server here. Choose from None (no encryption), DES or 3DES. The ZyXEL device must be set to the same encryption mode (and have the same encryption key) as the Vantage server.
Page 77: Figure 38 Configuration > General > Ddns
Vantage CNM User’s Guide Figure 38 Configuration > General > DDNS The following table describes the fields in this screen Table 14 Configuration > General > DDNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider.
Page 78: Time Setting
Vantage CNM User’s Guide Table 14 Configuration > General > DDNS (continued) LABEL DESCRIPTION IP Address Enter the IP address if you select the User Specify option. E-Mail (Prestige Only) Type the e-mail address here or select from a previously created e-mail component BB.
Page 79: Owner Info
Vantage CNM User’s Guide Table 15 Configuration > General > Time Setting (continued) LABEL DESCRIPTION Time Zone Choose the Time Zone of your location. This will set the time difference between your time zone and Greenwich Mean Time (GMT). Daylight Savings...
Page 80: Figure 40 Configuration > General > Owner Info
Vantage CNM User’s Guide Figure 40 Configuration > General > Owner Info The following table describes the fields in this screen. Table 16 Configuration > General > Owner Info TYPE DESCRIPTION Name Type the full name of the owner of this device.
Page 81: Chapter 5 Configuration > Lan
Vantage CNM User’s Guide H A P T E R Configuration > LAN LAN Overview The Configuration: LAN screen varies depending on the device type shown. Local Area Network (LAN) is a shared communication system to which many computers are attached.
Page 82: Ip Address And Subnet Mask
Vantage CNM User’s Guide • IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits) • DHCP server enabled with 32 client IP addresses starting from 192.168.1.33. These parameters should work for the majority of installations. If your ISP gives you explicit DNS server address(es), read the embedded web configurator help regarding what fields need to be configured.
Page 83: Any Ip
Vantage CNM User’s Guide 224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address 224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP.
Page 84: How Any Ip Works
Vantage CNM User’s Guide Figure 41 Any IP Example Application The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the Prestige’s IP address.
Page 85: Configuring Lan Ip - Zywall
Vantage CNM User’s Guide 5.4 Configuring LAN IP - ZyWALL Select a device and then click Configuration > LAN. IP is the first tab. Figure 42 Configuration > LAN > IP - ZyWALL The following table describes the fields in this screen Table 17 Configuration >...
Page 86 Vantage CNM User’s Guide Table 17 Configuration > LAN > IP - ZyWALL (continued) LABEL DESCRIPTION First DNS Server Domain Name System is for mapping a domain name to its corresponding IP Second DNS address and vice versa. The ZyXEL device passes a DNS (Domain Name Server System) server IP address (in the order you specify here) to the DHCP clients.
Page 87: Configuring Lan Ip - Prestige
Vantage CNM User’s Guide Table 17 Configuration > LAN > IP - ZyWALL (continued) LABEL DESCRIPTION Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
Page 88: Figure 43 Configuration > Lan > Ip - Prestige
Vantage CNM User’s Guide Figure 43 Configuration > LAN > IP - Prestige Table 18 Configuration > LAN > IP - Prestige LABEL DESCRIPTION DHCP Mode DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (computers) to obtain TCP/IP configuration at startup from a server.
Page 89: Configuring Lan Static Dhcp
Vantage CNM User’s Guide Table 18 Configuration > LAN > IP - Prestige (continued) LABEL DESCRIPTION TCP/IP IP Address Type the IP address of the ZyXEL device in dotted decimal notation. 192.168.1.1 is the factory default. IP Subnet Mask The subnet mask specifies the network number portion of an IP address. The ZyXEL device automatically calculates the subnet mask based on the IP address that you assign.
Page 90: Figure 44 Configuration > Lan > Static Dhcp
Vantage CNM User’s Guide Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. Select a device, and then click Configuration > LAN > Static DHCP.
Page 91: Configuring Lan Ip Alias - Zywall
Vantage CNM User’s Guide 5.7 Configuring LAN IP Alias - ZyWALL IP Alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The ZyXEL device lets you configure logical LAN interfaces via its single physical Ethernet interface with the device itself being the gateway for each LAN network.
Page 92 Vantage CNM User’s Guide Table 20 Configuration > LAN > IP Alias - ZyWALL (continued) LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets.
Page 93: Chapter 6 Configuration > Wlan
Vantage CNM User’s Guide H A P T E R Configuration > WLAN This chapter discusses how to configure Wireless LAN. 6.1 Introduction A wireless LAN can be as simple as two computers with wireless LAN adapters communicating in a peer-to-peer network or as complex as a number of computers with wireless LAN adapters communicating through access points which bridge network traffic to the wired LAN.
Page 94: Restricted Access
Vantage CNM User’s Guide • Use the Local User Database if you have less than 32 wireless clients in your network. The Prestige uses MD5 encryption when a client authenticates with the Local User Database 6.2.3 Restricted Access The MAC Filter screen allows you to configure the AP to give exclusive access to devices (Allow Association) or exclude them from accessing the AP (Deny Association).
Page 95: Configuring The Wireless Screen
Vantage CNM User’s Guide Figure 46 Wireless Security Methods Note: You must enable the same wireless security settings on the Prestige and on all wireless clients that you want to associate with it. If you do not enable any wireless security on your Prestige, your network is accessible to any wireless networking device that is within range.
Page 96: Figure 47 Configuration > Wlan > Wireless
Vantage CNM User’s Guide Figure 47 Configuration > WLAN > Wireless The following table describes the fields in this screen Table 21 Configuration > WLAN > Wireless LABEL DESCRIPTION Enable You should configure some wireless security (see Figure 46 on page...
Page 97: Configuring Mac Filters
Vantage CNM User’s Guide Table 21 Configuration > WLAN > Wireless (continued) LABEL DESCRIPTION RTS/CTS The RTS (Request To Send) threshold (number of bytes) is for enabling RTS/CTS. Threshold Data with its frame size larger than this value will perform the RTS/CTS handshake.
Page 98: Introduction To Wpa
Vantage CNM User’s Guide Note: Be careful not to list your computer’s MAC address and set the Action field to Deny Association when managing the Prestige via a wireless connection. This would lock you out. Figure 48 Configuration > WLAN > MAC Filter Table 22 Configuration >...
Page 99: Wpa-Psk Application Example
Vantage CNM User’s Guide If you don’t have an external RADIUS server, you should use WPA-PSK (WPA -Pre-Shared Key). WPA-PSK only requires a single (identical) password entered into each WLAN member. As long as the passwords match, a client will be granted access to a WLAN.
Page 100: Wireless Client Wpa Supplicants
Vantage CNM User’s Guide 3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly...
Page 101: Configuring 802.1X - Zywall
Vantage CNM User’s Guide 6.6.1 Configuring 802.1x - ZyWALL Select a ZyWALL device and then click Configuration > WLAN > 802.1x. The screen appears as shown next. Figure 51 Configuration > WLAN > 802.1x - ZyWALL The following table describes the fields in this screen Table 23 Configuration >...
Page 102: Figure 52 Configuration > Wlan > 802.1X - Prestige
Vantage CNM User’s Guide Figure 52 Configuration > WLAN > 802.1x - Prestige The following table describes the fields in this screen Table 24 Configuration > WLAN > 802.1x - Prestige LABEL DESCRIPTION Authentication Select Authentication Required to authenticate all wireless clients before they Control can access the wired network.
Page 103: Authentication Required > 802.1X
Vantage CNM User’s Guide Table 24 Configuration > WLAN > 802.1x - Prestige (continued) LABEL DESCRIPTION Authentication The authentication database contains wireless station login information. The local Databases user database is the built-in database on the Prestige. The RADIUS is an external server.
Page 104: Figure 53 Wireless Lan > 802.1X/Wpa > 802.1Xl
Vantage CNM User’s Guide Figure 53 Wireless LAN > 802.1x/WPA > 802.1xl The following table describes the labels in this screen. Table 25 Wireless LAN > 802.1x/WPA > 802.1x LABEL DESCRIPTION Authentication To control wireless station access to the wired network, select a control method Control from the drop-down list box.
Page 105: Authentication Required > Wpa
Vantage CNM User’s Guide Table 25 Wireless LAN > 802.1x/WPA > 802.1x (continued) LABEL DESCRIPTION Dynamic WEP Key This field is activated only when you select Authentication Required in the Exchange Wireless Port Control field. Also set the Authentication Databases field to RADIUS Only.
Page 106: Figure 54 Wireless Lan > 802.1X/Wpa > Wpal
Vantage CNM User’s Guide Figure 54 Wireless LAN > 802.1x/WPA > WPAl The following table describes the labels not previously discussed Table 26 Wireless LAN > 802.1x/WPA > WPA LABEL DESCRIPTION Key Management Choose WPA in this field. Protocol WPA Mixed Mode The Prestige can operate in WPA Mixed Mode, which supports both clients running WPA and clients running dynamic WEP key exchange with 802.1x in the...
Page 107: Authentication Required > Wpa-Psk
Vantage CNM User’s Guide 6.6.5 Authentication Required > WPA-PSK Select Authentication Required in the Key Management Protocol field and WPA-PSK in the Key Management Protocol field to display the next screen. Figure 55 Wireless LAN > 802.1x/WPA > WPA-PSKl The following table describes the labels not previously discussed.
Page 108: Configuring Local User Authentication
Vantage CNM User’s Guide 6.7 Configuring Local User Authentication By storing user profiles locally, your Prestige is able to authenticate wireless users without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way.
Page 109: Configuring Radius
Vantage CNM User’s Guide 6.8 Configuring RADIUS Use the RADIUS screen if you want to use an external server to perform authentication. Select a device, then click Configuration > WLAN > RADIUS. The screen appears as shown next. Figure 57 Configuration > WLAN > RADIUS The following table describes the fields in this screen Table 29 Configuration >...
Page 110 Vantage CNM User’s Guide Table 29 Configuration > WLAN > RADIUS (continued) LABEL DESCRIPTION Activate Accounting Enable this feature to do user accounting through an external authentication server. Server IP Enter the IP address of the external accounting server in dotted decimal notation.
Page 111: Chapter 7 Configuration > Dmz
Vantage CNM User’s Guide H A P T E R Configuration > DMZ 7.1 DMZ Overview The DeMilitarized Zone (DMZ) auto-negotiating 10/100 Mbps Ethernet port provides a way for public servers (Web, e-mail, FTP, etc.) to be visible to the outside world (while still being protected from DoS (Denial of Service) attacks such as SYN flooding and Ping of Death).
Page 112: Figure 58 Configuration > Dmz
Vantage CNM User’s Guide Figure 58 Configuration > DMZ The following table describes the labels in this screen. Table 30 Configuration > DMZ LABEL DESCRIPTION DMZ TCP/IP IP Address Type the IP address of your ZyXEL device in dotted decimal notation 192.168.1.1 (factory default).
Page 113 Vantage CNM User’s Guide Table 30 Configuration > DMZ (continued) LABEL DESCRIPTION Windows Networking (NetBIOS over TCP/IP) Allow from DMZ to Click this option to forward NetBIOS packets from the DMZ port to the LAN Allow from DMZ to Click this option to forward NetBIOS packets from the DMZ port to the WAN port.
Page 114 Vantage CNM User’s Guide Chapter 7 Configuration > DMZ...
Page 115: Chapter 8 Configuration > Wan
Vantage CNM User’s Guide H A P T E R Configuration > WAN You will see different WAN screens depending on whether you’re configuring a ZyWALL or Prestige device. Note: Be careful when configuring a device’s WAN as an incorrect configuration could result in the device being inaccessible from Vantage (or by the web configurator from the WAN) and may necessitate a site visit to correct.
Page 116: Tcp/Ip Priority (Metric)
Vantage CNM User’s Guide The ZyWALL's NAT feature allows you to configure sets of rules for one WAN port and separate sets of rules for the other WAN port. You can select through which WAN port you want to send out traffic from UPnP-enabled applications.
Page 117: Figure 59 Configuration > Wan > General - Zywall
Vantage CNM User’s Guide Figure 59 Configuration > WAN > General - ZyWALL The following table describes the fields in this screen Table 31 Configuration > WAN > General - ZyWALL LABEL DESCRIPTION The default WAN connection is "1' as your broadband connection via the WAN port should always be your preferred method of accessing the WAN.
Page 118: Wan Isp - Zywall
Vantage CNM User’s Guide Table 31 Configuration > WAN > General - ZyWALL (continued) LABEL DESCRIPTION Timeout (sec) Type the number of seconds for the ZyXEL device to wait for a ping response from the IP Address in the Check WAN IP Address field before it times out. The WAN connection is considered "down"...
Page 119: Pppoe Encapsulation
Vantage CNM User’s Guide 8.4.1.2 PPPoE Encapsulation The ZyXEL device supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection. The PPPoE option is for a dial-up connection using PPPoE.
Page 120: Figure 61 Configuration > Wan > Isp (Pppoe) - Zywall
Vantage CNM User’s Guide Figure 61 Configuration > WAN > ISP (PPPoE) - ZyWALL The following table describes the labels in the PPPoE screen. Table 33 Configuration > WAN > ISP (PPPoE) - ZyWALL LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation The PPPoE choice is for a dial-up connection using PPPoE.
Page 121: Pptp Encapsulation
Vantage CNM User’s Guide 8.4.1.3 PPTP Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks. PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet.
Page 122 Vantage CNM User’s Guide Table 34 Configuration > WAN > ISP (PPTP) - ZyWALL (continued) LABEL DESCRIPTION Retype to confirm Type your password again to make sure that you have entered it correctly. Password Nailed-up Connection Select Nailed-Up Connection if you do not want the connection to time out.
Page 123: Wan Ip - Zywall
Vantage CNM User’s Guide 8.5 WAN IP - ZyWALL Figure 63 Configuration > WAN > IP - ZyWALL The following table describes the fields in this screen Table 35 Configuration > WAN > IP - ZyWALL LABEL DESCRIPTION WAN IP Address Assignment Get automatically Select this option If your ISP did not assign you a fixed IP address.
Page 124: Dial Backup - Zywall
Vantage CNM User’s Guide Table 35 Configuration > WAN > IP - ZyWALL (continued) LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets.
Page 125: Traffic Redirect
Vantage CNM User’s Guide 8.6.1 Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway when the ZyWALL cannot connect to the Internet through its normal gateway. Connect the backup gateway on the WAN so that the ZyWALL still provides firewall protection. This feature is not available on all models.
Page 126: Figure 66 Configuration > Wan > Dial Backup - Zywall
Vantage CNM User’s Guide Figure 66 Configuration > WAN > Dial Backup - ZyWALL The following table describes the labels in this screen. Table 36 Configuration > WAN > Dial Backup - ZyWALL LABEL DESCRIPTION Enable Dial Backup Select this check box to turn on dial backup.
Page 127 Vantage CNM User’s Guide Table 36 Configuration > WAN > Dial Backup - ZyWALL (continued) LABEL DESCRIPTION Authentication Type Use the drop-down list box to select an authentication protocol for outgoing calls. Options are: CHAP/PAP - The ZyXEL device accepts either CHAP or PAP when requested by this remote node.
Page 128: Advanced Modem Setup - Zywall
Vantage CNM User’s Guide 8.6.3 Advanced Modem Setup - ZyWALL 8.6.3.1 AT Command Strings For regular telephone lines, the default Dial string tells the modem that the line uses tone dialing. ATDT is the command for a switch that requires tone dialing. If your switch requires pulse dialing, change the string to ATDP.
Page 129: Figure 67 Configuration > Wan > Dial Backup > Advanced - Zywall
Vantage CNM User’s Guide Figure 67 Configuration > WAN > Dial Backup > Advanced - ZyWALL The following table describes the labels in this screen. Table 37 Configuration > WAN > Dial Backup > Advanced - ZyWALL LABEL DESCRIPTION EXAMPLE...
Page 130: Edit Dial Backup - Zywall
Vantage CNM User’s Guide Table 37 Configuration > WAN > Dial Backup > Advanced - ZyWALL (continued) LABEL DESCRIPTION EXAMPLE Retry Count Type a number of times for the ZyXEL device to retry a busy or no- answer phone number before blacklisting the number.
Page 131: Figure 68 Configuration > Wan > Dial Backup > Edit - Zywall
Vantage CNM User’s Guide Figure 68 Configuration > WAN > Dial Backup > Edit - ZyWALL The following table describes the fields in this screen Table 38 Configuration > WAN > Dial Backup > Edit - ZyWALL LABEL DESCRIPTION Get IP Address Type the login name assigned by your ISP for this remote node.
Page 132: General Wan - Prestige
Vantage CNM User’s Guide Table 38 Configuration > WAN > Dial Backup > Edit - ZyWALL (continued) LABEL DESCRIPTION Enable SUA Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network to a different IP address known within another network.
Page 133: Traffic Shaping
Vantage CNM User’s Guide 8.7.1 Traffic Shaping Traffic Shaping is an agreement between the carrier and the subscriber to regulate the average rate and fluctuations of data transmission over an ATM network. This agreement helps eliminate congestion, which is important for transmission of real time data such as audio and video connections.
Page 134: Figure 70 Configuration > Wan > Setup - Prestige - Bridge Mode
Vantage CNM User’s Guide Figure 70 Configuration > WAN > Setup - Prestige - Bridge Mode The following table describes the fields in this screen Table 39 Configuration > WAN > Setup - Prestige - Bridge Mode LABEL DESCRIPTION Name Enter the name of your Internet Service Provider, e.g., MyISP.
Page 135 Vantage CNM User’s Guide Table 39 Configuration > WAN > Setup - Prestige - Bridge Mode (continued) LABEL DESCRIPTION The valid range for the VPI is 0 to 255. Enter the VPI assigned to you. The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic).
Page 136: Figure 71 Configuration > Wan > Setup - Prestige - Routing Mode
Vantage CNM User’s Guide Figure 71 Configuration > WAN > Setup - Prestige - Routing Mode The following table describes the fields in this screen. Table 40 Configuration > WAN > Setup - Prestige - Routing Mode LABEL DESCRIPTION Name Enter the name of your Internet Service Provider, e.g., MyISP.
Page 137 Vantage CNM User’s Guide Table 40 Configuration > WAN > Setup - Prestige - Routing Mode (continued) LABEL DESCRIPTION Encapsulation Select the method of encapsulation used by your ISP from the drop-down list box. Choices vary depending on the mode you select in the Mode field.
Page 138: Wan Backup - Prestige
Vantage CNM User’s Guide Table 40 Configuration > WAN > Setup - Prestige - Routing Mode (continued) LABEL DESCRIPTION IP Address This option is available if you select Routing in the Mode field. A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed;...
Page 139: Figure 72 Configuration > Wan > Backup - Prestige
Vantage CNM User’s Guide Figure 72 Configuration > WAN > Backup - Prestige The following table describes the fields in this screen. Table 41 Configuration > WAN > Backup - Prestige LABEL DESCRIPTION Backup Type Select the method that the Prestige uses to check the DSL connection.
Page 140 Vantage CNM User’s Guide Table 41 Configuration > WAN > Backup - Prestige (continued) LABEL DESCRIPTION Fail Tolerance Type the number of times (2 recommended) that your Prestige may ping the IP addresses configured in the Check WAN IP Address field without getting a response before switching to a WAN backup connection (or a different WAN backup connection).
Page 141: Configuring Advanced Wan Backup - Prestige
Vantage CNM User’s Guide Table 41 Configuration > WAN > Backup - Prestige (continued) LABEL DESCRIPTION Advanced Backup Click this button to display the Advanced Backup screen and edit more details of your WAN backup setup. Apply Click Apply to save the changes.
Page 142: Figure 73 Configuration > Wan Backup > Advanced - Prestige
Vantage CNM User’s Guide Figure 73 Configuration > WAN Backup > Advanced - Prestige The following table describes the fields in this screen. Table 42 Configuration > WAN Backup > Advanced - Prestige LABEL DESCRIPTION Basic Authentication Type Use the drop-down list box to select an authentication protocol for outgoing calls.
Page 143 Vantage CNM User’s Guide Table 42 Configuration > WAN Backup > Advanced - Prestige (continued) LABEL DESCRIPTION Primary/ Secondary Type the first (primary) phone number from the ISP for this remote node. If the Phone Number primary phone number is busy or does not answer, your Prestige dials the secondary phone number if available.
Page 144: Advanced Modem Setup - Prestige
Vantage CNM User’s Guide Table 42 Configuration > WAN Backup > Advanced - Prestige (continued) LABEL DESCRIPTION Nailed-Up Connection Select Nailed-Up Connection when you want your connection up all the time. The Prestige will try to bring up the connection automatically if it is disconnected.
Page 145: Chapter 9 Configuration > Nat
Vantage CNM User’s Guide H A P T E R Configuration > NAT 9.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network.
Page 146: What Nat Does
Vantage CNM User’s Guide 9.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Page 147: Sua (Single User Account) Versus Nat
Vantage CNM User’s Guide Note: Port numbers do not change for One-to-One and Many-One-to-One NAT mapping types. The following table summarizes these types. Table 44 NAT Mapping Types TYPE IP MAPPING SMT ABBREVIATION One-to-OneILA1⇓◊ IGA1 1-1 Many-to-One (SUA/PAT) ILA1−> IGA1 ILA2−>IGA1...
Page 148: Figure 74 Configuration > Nat - Zywall
Vantage CNM User’s Guide Figure 74 Configuration > NAT - ZyWALL The following table describes the fields in this screen. Table 45 Configuration > NAT - ZyWALL LABEL DESCRIPTION Global Setting Max. Concurrent This read-only field displays the highest number of NAT sessions that the ZyWALL Sessions will permit at one time.
Page 149: Configuring Nat - Prestige
Vantage CNM User’s Guide Table 45 Configuration > NAT - ZyWALL LABEL DESCRIPTION NAT Trigger Port Click Copy WAN1 to WAN 2 (or Copy WAN2 to WAN 1) to duplicate this WAN Copy port's NAT trigger port rules on the other WAN port.
Page 150: Sua Servers
Vantage CNM User’s Guide Table 46 Configuration > NAT - Prestige LABEL DESCRIPTION Edit Click Edit to advance to the selected feature. Apply Click Apply to begin configuring this screen afresh. 9.4 SUA Servers A SUA server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though SUA makes your whole inside network appear as a single computer to the outside world.
Page 151: Nat And Multiple Wan
Vantage CNM User’s Guide Note: Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location.
Page 152: Configuring Sua Servers - Zywall
Vantage CNM User’s Guide Figure 76 Port Translation Example 9.4.4 Configuring SUA Servers - ZyWALL Select SUA Only in Figure 75 on page 148 and then click Edit to bring up the next screen. Chapter 9 Configuration > NAT...
Page 153: Figure 77 Configuration > Nat > Sua Server - Zywall
Vantage CNM User’s Guide Figure 77 Configuration > NAT > SUA Server - ZyWALL The following table describes the labels in this screen. Table 48 Configuration > NAT > SUA Server - ZyWALL LABEL DESCRIPTION Index This is the number of an individual SUA server entry. You may select a rule to edit or delete it.
Page 154: Configuring Sua Servers - Prestige
Vantage CNM User’s Guide Table 48 Configuration > NAT > SUA Server - ZyWALL LABEL DESCRIPTION Port Translation Enter the port number here to which you want the ZyWALL to translate the incoming port. For a range of ports, you only need to enter the first number of the range to which you want the incoming ports translated, the ZyWALL automatically calculates the last port of the translated port range.
Page 155: Full Feature Address Mapping
Vantage CNM User’s Guide Figure 78 Configuration > NAT > SUA Server - Prestige The following table describes the labels in this screen. Table 49 Configuration > NAT > SUA Server - Prestige LABEL DESCRIPTION Index This is the number of an individual SUA server entry.
Page 156: Figure 79 Configuration > Nat > Full Feature > Address Mapping
Vantage CNM User’s Guide Figure 79 Configuration > NAT > Full Feature > Address Mapping The following table describes the labels in this screen. Table 50 Configuration > NAT > Full Feature > Address Mapping LABEL DESCRIPTION Index This is the number of an individual entry. You may select a rule to edit by going to the Edit Address Mapping screen for that rule.
Page 157: Edit Full Feature Address Mapping
Vantage CNM User’s Guide Table 50 Configuration > NAT > Full Feature > Address Mapping (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL device. Cancel Click Cancel to close this screen without applying any changes.
Page 158: Trigger Port Forwarding - Zywall
Vantage CNM User’s Guide Figure 80 Configuration > NAT > Full Feature > Edit Address Mapping Table 51 Configuration > NAT > Full Feature > Edit Address Mapping LABEL DESCRIPTION Type When you select Type you can choose a server mapping set. Choose the port mapping type from one of the following.
Page 159: Configuring Trigger Port
Vantage CNM User’s Guide Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN).
Page 160: Figure 81 Configuration > Nat > Full Feature > Trigger Port
Vantage CNM User’s Guide Figure 81 Configuration > NAT > Full Feature > Trigger Port The following table describes the labels in this screen. Table 52 Configuration > NAT > Full Feature > Trigger Port LABEL DESCRIPTION Index This is the number of an individual entry. You may select a rule to edit.
Page 161: Edit Trigger Port
Vantage CNM User’s Guide Table 52 Configuration > NAT > Full Feature > Trigger Port (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL device. Cancel This field displays a port number or the ending port number in a range of port numbers.
Page 162 Vantage CNM User’s Guide Chapter 9 Configuration > NAT...
Page 163: Configuration > Static Route
Vantage CNM User’s Guide H A P T E R Configuration > Static Route This chapter shows you how to configure static route. 10.1 Static Route Overview Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL device has no knowledge of the networks beyond 10.1.1 Static Route Summary...
Page 164: Figure 83 Configuration > Static Route
Vantage CNM User’s Guide Figure 83 Configuration > Static Route Table 54 Configuration > Static Route LABEL DESCRIPTION Index This is the number of an individual entry. You may select a rule to edit or delete it. Name This is the name that describes or identifies this route. To delete a static route, erase the name and then click apply.
Page 165: Edit Static Route
Vantage CNM User’s Guide 10.1.2 Edit Static Route Figure 84 Configuration > Static Route > Edit Table 55 Configuration > Static Route > Edit LABEL DESCRIPTION Route Name Enter the name of the IP static route. Leave this field blank to delete this static route.
Page 166 Vantage CNM User’s Guide Chapter 10 Configuration > Static Route...
Page 167: Chapter 11 Configuration > Vpn
Vantage CNM User’s Guide H A P T E R Configuration > VPN This chapter shows you how to configure VPNs using Vantage. Screens relate to VPN version 1.0 or 1.1 depending on the device’s firmware version. 11.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines.
Page 168: Data Confidentiality
Vantage CNM User’s Guide Figure 85 Encryption and Decryption 11.1.3.2 Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. 11.1.3.3 Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.
Page 169: Ipsec Algorithms
Vantage CNM User’s Guide Figure 86 IPSec Architecture 11.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms).
Page 170: Transport Mode
Vantage CNM User’s Guide Figure 87 Transport and Tunnel Mode IPSec Encapsulation 11.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
Page 171: Ipsec Algorithms
Vantage CNM User’s Guide NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet. When using AH protocol, packet contents (the data payload) are not encrypted.
Page 172: Esp (Encapsulating Security Payload) Protocol
Vantage CNM User’s Guide In applications where confidentiality is not required or not sanctioned by government encryption restrictions, an AH can be employed to ensure integrity. This type of implementation does not protect the information from dissemination but will allow for verification of the integrity of the information and authentication of the originator.
Page 173: Key Management
Vantage CNM User’s Guide 11.5.3 Key Management Key management allows you to determine whether to use IKE (ISAKMP) or manual key configuration in order to set up a VPN. 11.5.4 Encapsulation The two modes of operation for IPSec VPNs are Transport mode and Tunnel mode.
Page 174: My Zywall
Vantage CNM User’s Guide A NAT device in between the IPSec endpoints will rewrite either the source or destination address with one of its own choosing. The VPN device at the receiving end will verify the integrity of the incoming packet by computing its own hash value, and complain that the hash value appended to the received packet doesn't match.
Page 175: Dynamic Remote Gateway Address
Vantage CNM User’s Guide You can also enter a remote secure gateway’s domain name in the Remote Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using DDNS. The ZyWALL has to rebuild the VPN tunnel each time the remote secure gateway’s WAN IP address changes (there may be a delay until the DDNS servers are updated with the remote gateway’s new WAN IP address).
Page 176: Nat Traversal Configuration
Vantage CNM User’s Guide Figure 88 NAT Router Between IPSec Routers Normally you cannot set up a VPN connection with a NAT router between the two IPSec routers because the NAT router changes the header of the IPSec packet. In the previous figure, IPSec router A sends an IPSec packet in an attempt to initiate a VPN.
Page 177: Id Type And Content Examples
Vantage CNM User’s Guide With main mode, the ID type and content are encrypted to provide identity protection. In this case the ZyXEL device can only distinguish between up to 12 different incoming SAs that connect from remote IPSec routers that have dynamic WAN IP addresses. The ZyXEL device...
Page 178: Ike Phases
Vantage CNM User’s Guide The two ZyWALLs in this example can complete negotiation and establish a VPN tunnel. Table 61 Matching ID Type and Content Configuration Example ZYWALL A ZYWALL B Local ID type: E-mail Local ID type: IP Local ID content: tom@yourcompany.com Local ID content: 1.1.1.2...
Page 179: Negotiation Mode
Vantage CNM User’s Guide • Choose an encryption algorithm. • Choose an authentication algorithm. • Choose a Diffie-Hellman public-key cryptography key group (DH1 or DH2). • Set the IKE SA lifetime. This field allows you to determine how long an IKE SA should stay up before it times out.
Page 180: Diffie-Hellman (Dh) Key Groups
Vantage CNM User’s Guide 11.9.5 Diffie-Hellman (DH) Key Groups Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel. Diffie-Hellman is used within IKE SA setup to establish session keys. 768-bit (Group 1 - DH1) and 1024-bit (Group 2 –...
Page 181: Vpn Screens
Vantage CNM User’s Guide 11.11 VPN Screens Screens for VPN version 1.0 and VPN version 1.1 are explained in the following sections. The type of VPN configuration screens that display depend on the device you select. 11.12 VPN Tunnel Summary (VPN version 1.0) Select a device and then click Configuration >...
Page 182: Add A Vpn Tunnel
Vantage CNM User’s Guide 11.12.1 Add a VPN Tunnel You can create a single-ended VPN tunnel using Vantage by selecting N/A from the Remote Device field. This allows you to create a VPN tunnel between a ZyXEL device and another IPSec router.
Page 183 Vantage CNM User’s Guide Table 64 Configuration > VPN > Tunnel IPSec Detail (continued) LABEL DESCRIPTION IKE/Manual Select either IKE or Manual to manage encryption keys. If you select the IKE method, you must configure the IKE fields. Manual is useful for troubleshooting if you have problems using IKE key management.
Page 184 Vantage CNM User’s Guide Table 64 Configuration > VPN > Tunnel IPSec Detail (continued) LABEL DESCRIPTION ID Content When you select IP in the Local ID Type field, type the IP address of your computer. The ZyXEL device uses the IP address in the My IP Address field if you configure the local Content field to 0.0.0.0 or leave it blank.
Page 185 Vantage CNM User’s Guide Table 64 Configuration > VPN > Tunnel IPSec Detail (continued) LABEL DESCRIPTION Pre-Shared key A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called pre-shared because you have to share it with another party before you can communicate with them over a secure connection.
Page 186: Manual Vpn Tunnel
Vantage CNM User’s Guide Table 64 Configuration > VPN > Tunnel IPSec Detail (continued) LABEL DESCRIPTION Encapsulation In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
Page 187: Figure 92 Configuration > Vpn > Manual Tunnel Ipsec Detail
Vantage CNM User’s Guide Figure 92 Configuration > VPN > Manual Tunnel IPSec Detail The following table describes the labels in this screen. Table 65 Configuration > VPN >Manual Tunnel IPSec Detail LABEL DESCRIPTION Name Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the ZyXEL device drops trailing spaces.
Page 188 Vantage CNM User’s Guide Table 65 Configuration > VPN >Manual Tunnel IPSec Detail (continued) LABEL DESCRIPTION Peer IP Type the IP address of the computer with which you will make the VPN connection or leave the field blank to have the ZyXEL device automatically use the address in the Secure Gateway field.
Page 189: Vpn And Netbios (Vpn Version 1.0)
Vantage CNM User’s Guide Table 65 Configuration > VPN >Manual Tunnel IPSec Detail (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL device. Cancel Click Cancel to begin configuring this screen afresh. 11.13 VPN and NetBIOS (VPN version 1.0) NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to find other computers.
Page 190: Figure 94 Configuration > Vpn > Vpn Rules (Ike)
Vantage CNM User’s Guide This is a read-only menu of your IPSec rule (tunnel). To add an IPSec rule (or gateway policy), click the Add button in the Modification column. Edit an IPSec rule by clicking the Name hyperlink to configure the associated submenus.
Page 191: Vpn Rules (Ike) > Gateway Policy Add
Vantage CNM User’s Guide Table 68 IPSec Fields Summary LABEL DESCRIPTION Network Policy A network policy identifies the devices behind the IPSec routers at either end of a VPN tunnel and specifies the authentication, encryption and other settings needed to negotiate a phase 2 IPSec SA.
Page 192: Figure 97 Configuration > Vpn > Ike Policy
Vantage CNM User’s Guide Figure 97 Configuration > VPN > IKE Policy The following table describes the labels in this screen.. Table 69 Configuration > VPN > IKE Policy LABEL DESCRIPTION Property Name Type up to 32 characters to identify this VPN gateway policy. You may use any character, including spaces, but the ZyWALL drops trailing spaces.
Page 193 Vantage CNM User’s Guide Table 69 Configuration > VPN > IKE Policy (continued) LABEL DESCRIPTION NAT Traversal Select this check box to enable NAT traversal. NAT traversal allows you to set up a VPN connection when there are NAT routers between the two IPSec routers.
Page 194 Vantage CNM User’s Guide Table 69 Configuration > VPN > IKE Policy (continued) LABEL DESCRIPTION Pre-Shared Key Select the Pre-Shared Key radio button and type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation.
Page 195 Vantage CNM User’s Guide Table 69 Configuration > VPN > IKE Policy (continued) LABEL DESCRIPTION Peer ID Type Select from the following when you set Authentication Key to Pre-shared Key. • Select IP to identify the remote IPSec router by its IP address.
Page 196 Vantage CNM User’s Guide Table 69 Configuration > VPN > IKE Policy (continued) LABEL DESCRIPTION Enable Extended Select this check box to activate extended authentication. Authentication Server Mode Select Server Mode to have this ZyWALL authenticate extended authentication clients that request this VPN connection.
Page 197: Vpn Rules (Ike) > Network Policy Edit
Vantage CNM User’s Guide Table 69 Configuration > VPN > IKE Policy (continued) LABEL DESCRIPTION Enable Multiple Select this check box to allow the ZyWALL to use any of its phase 1 or phase Proposals 2 encryption and authentication algorithms when negotiating an IPSec SA.
Page 198: Figure 98 Configuration > Vpn > Ike Ipsec
Vantage CNM User’s Guide Figure 98 Configuration > VPN > IKE IPSec The following table describes the labels in this screen. Table 70 Configuration > VPN > IKE IPSec LABEL DESCRIPTION Active If the Active check box is selected, packets for the tunnel trigger the ZyWALL to build the tunnel.
Page 199 Vantage CNM User’s Guide Table 70 Configuration > VPN > IKE IPSec (continued) LABEL DESCRIPTION Nailed-Up Select this check box to turn on the nailed up feature for this SA. Turn on nailed up to have the ZyWALL automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic.
Page 200 Vantage CNM User’s Guide Table 70 Configuration > VPN > IKE IPSec (continued) LABEL DESCRIPTION Remote Network Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. Two active SAs cannot have the local and remote IP address(es) both the same.
Page 201: Vpn Rules (Ike) > Network Policy Move
Vantage CNM User’s Guide Table 70 Configuration > VPN > IKE IPSec (continued) LABEL DESCRIPTION Perfect Forward Perfect Forward Secret (PFS) is disabled (NONE) by default in phase 2 IPSec Secret (PFS) SA setup. This allows faster IPSec setup, but is not so secure.
Page 202: Vpn Rules (Manual) (Vpn Version 1.1)
Vantage CNM User’s Guide Table 71 Configuration > VPN > IKE IPSec > Move (continued) LABEL DESCRIPTION Local Network This field displays one or a range of IP address(es) of the computer(s) behind the ZyWALL. Remote Network This field displays one or a range of IP address(es) of the remote network behind the remote IPsec router.
Page 203: Vpn Rules (Manual) > Edit
Vantage CNM User’s Guide Table 72 Configuration > VPN > Manual-Key IPSec (continued) LABEL DESCRIPTION Active This field displays whether the VPN policy is active or not. A true signifies that this VPN policy is active; false signifies that this VPN policy is not active.
Page 204: Figure 101 Configuration > Vpn > Manual-Key Ipsec > Edit
Vantage CNM User’s Guide Note: Current ZyXEL implementation assumes identical outgoing and incoming SPIs. Click a Name hyperlink in the VPN Rules (Manual) screen to edit VPN rules. Figure 101 Configuration > VPN > Manual-Key IPSec > Edit The following table describes the labels in this screen.
Page 205 Vantage CNM User’s Guide Table 73 Configuration > VPN > Manual-Key IPSec > Edit (continued) LABEL DESCRIPTION Local Network Local IP addresses must be static and correspond to the remote IPSec router's configured remote IP addresses. Two active SAs cannot have the local and remote IP address(es) both the same.
Page 206 Vantage CNM User’s Guide Table 73 Configuration > VPN > Manual-Key IPSec > Edit (continued) LABEL DESCRIPTION My ZyWALL Enter the WAN IP address or domain name of your ZyWALL or leave the field set to 0.0.0.0. The VPN tunnel has to be rebuilt if the My ZyWALL IP address changes after setup.
Page 207: Vpn Global Setting (Vpn Version 1.1)
Vantage CNM User’s Guide Table 73 Configuration > VPN > Manual-Key IPSec > Edit (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyWALL. Cancel Click Cancel to exit this screen without saving. 11.16 VPN Global Setting (VPN version 1.1) Select a device, click Configuration >...
Page 208: Telecommuter Vpn/Ipsec Examples
Vantage CNM User’s Guide Table 74 Configuration > VPN > Global Setting (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyWALL. Reset Click Reset to begin configuring this screen afresh. 11.17 Telecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single ZyWALL at headquarters.
Page 209: Telecommuters Using Unique Vpn Rules Example
Vantage CNM User’s Guide Table 75 Telecommuters Sharing One VPN Rule Example FIELDS TELECOMMUTERS HEADQUARTERS Local Network - Single Telecommuter A: 192.168.2.12 192.168.1.10 IP Address: Telecommuter B: 192.168.3.2 Telecommuter C: 192.168.4.15 Remote Network - 192.168.1.10 Not Applicable Single IP Address: 11.17.2 Telecommuters Using Unique VPN Rules Example...
Page 210: Figure 104 Telecommuters Using Unique Vpn Rules Example
Vantage CNM User’s Guide Figure 104 Telecommuters Using Unique VPN Rules Example Table 76 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS HEADQUARTERS All Telecommuter Rules: All Headquarters Rules: My ZyWALL 0.0.0.0 My ZyWALL: bigcompanyhq.com Remote Gateway Address: bigcompanyhq.com Local Network - Single IP Address: 192.168.1.10 Remote Network - Single IP Address: 192.168.1.10 Local ID Type: E-mail...
Page 211: Vpn And Remote Management
Vantage CNM User’s Guide Table 76 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS HEADQUARTERS Local IP Address: 192.168.4.15 Remote Gateway Address: telecommuterc.dydns.org Remote Address 192.168.4.15 11.18 VPN and Remote Management If a VPN tunnel uses Telnet, FTP, WWW, SNMP, DNS or ICMP, then you should configure remote management to allow access for that service.
Page 212 Vantage CNM User’s Guide Chapter 11 Configuration > VPN...
Page 213: Configuration > Firewall
Vantage CNM User’s Guide H A P T E R Configuration > Firewall This chapter shows you how to configure firewall for your devices. 12.1 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation.
Page 214: Figure 105 Three-Way Handshake
Vantage CNM User’s Guide Figure 105 Three-Way Handshake Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment).
Page 215: Icmp Vulnerability
Vantage CNM User’s Guide • A brute-force attack, such as a "Smurf" attack, targets a feature in the IP specification known as directed or subnet broadcasting, to quickly flood the target network with useless data. A Smurf hacker floods a router with Internet Control Message Protocol (ICMP) echo request packets (pings).
Page 216: Illegal Commands (Netbios And Smtp)
Vantage CNM User’s Guide 12.1.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal. Table 78 Legal NetBIOS Commands MESSAGE: REQUEST: POSITIVE: NEGATIVE: RETARGET: KEEPALIVE: All SMTP commands are illegal except for those displayed in the following tables.
Page 217: Stateful Inspection Process
Vantage CNM User’s Guide • Allows all sessions originating from the LAN (local network) to the WAN (Internet). Denies all sessions originating from the WAN to the LAN. Figure 108 Stateful Inspection The previous figure shows the ZyWALL’s default firewall rules in action as well as demonstrates how stateful inspection works.
Page 218: Stateful Inspection And The Zywall
Vantage CNM User’s Guide 7 The packet is inspected by a firewall rule, and the connection's state table entry is updated as necessary. Based on the updated state information, the inbound extended access list temporary entries might be modified, in order to permit only packets that are valid for the current state of the connection.
Page 219: Udp/Icmp Security
Vantage CNM User’s Guide If an initiation packet originates on the LAN, this means that someone is trying to make a connection from the LAN to the Internet. Assuming that this is an acceptable part of the security policy (as is the case with the default policy), the connection will be allowed. A cache entry is added which includes connection information such as IP addresses, TCP ports, sequence numbers, etc.
Page 220: Guidelines For Enhancing Security With Your Firewall
Vantage CNM User’s Guide Any protocol that operates in this way must be supported on a case-by-case basis. You can use the web configurator’s Custom Services feature to do this. 12.3 Guidelines For Enhancing Security With Your Firewall 1 Change the default password via SMT or web configurator.
Page 221: Firewall
Vantage CNM User’s Guide 12.4.2 Firewall • The firewall inspects packet contents as well as their source and destination addresses. Firewalls of this type employ an inspection module, applicable to all protocols, that understands data in the packet is intended for other layers, from the network layer (IP headers) up to the application layer.
Page 222: Figure 109 Configuration >Firewall
Vantage CNM User’s Guide Figure 109 Configuration >Firewall The following table describes the labels in this screen. Table 80 Configuration > Firewall LABEL DESCRIPTION Enable Firewall Select this check box to activate the firewall. The ZyXEL device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.
Page 223: Dos Settings
Vantage CNM User’s Guide Table 80 Configuration > Firewall (continued) LABEL DESCRIPTION Services This field displays the services to which this firewall rule applies. See Figure 111 on page 225 for more information. Action This field displays whether the rule allows (Forward) or discards (Block) packets that match this rule.
Page 224: Figure 110 Configuration > Firewall > Dos Settings
Vantage CNM User’s Guide Figure 110 Configuration > Firewall > DoS Settings The following table describes the labels in this screen. Table 81 Configuration > Firewall > DoS Settings LABEL DESCRIPTION EXAMPLE VALUES One Minute Low This is the rate of new half-open sessions that...
Page 225: Add/Edit A Firewall Rule
Vantage CNM User’s Guide Table 81 Configuration > Firewall > DoS Settings (continued) LABEL DESCRIPTION EXAMPLE VALUES TCP Maximum This is the number of existing half-open TCP 10 existing half-open TCP Incomplete sessions with the same destination host IP sessions...
Page 226: Figure 111 Configuration >Firewall > Edit
Vantage CNM User’s Guide Figure 111 Configuration >Firewall > Edit The following table describes the labels in this screen. Table 82 Configuration >Firewall > Edit LABEL DESCRIPTION Active Check the Active check box to have the ZyXEL device use this rule. Leave it...
Page 227: Add/Edit Source/Destination Ip Addresses
Vantage CNM User’s Guide Table 82 Configuration >Firewall > Edit (continued) LABEL DESCRIPTION Click this button to bring up the screen that you use to configure a new custom service that is not in the predefined list of services. Edit Select a custom service (denoted by an *) from the Available Services list and click this button to edit the service.
Page 228: Custom Ports
Vantage CNM User’s Guide 12.5.5 Custom Ports Configure customized ports for services not predefined by the ZyXEL device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) web site. Click Add or Edit under Custom Port to add or edit a custom port.
Page 229: Configuration > Device Log
Vantage CNM User’s Guide H A P T E R Configuration > Device Log Use these screens to configure device logs. Not all devices have the centralized feature. 13.1 Device Logging Options Use the Logging Options screen to configure to where the ZyXEL device is to send logs; the schedule for when the ZyXEL device is to send the logs and which logs and/or immediate alerts the ZyXEL device is to send.
Page 230: Figure 114 Configuration > Device Log > Log Settings
Vantage CNM User’s Guide Figure 114 Configuration > Device Log > Log Settings Chapter 13 Configuration > Device Log...
Page 231: Table 85 Configuration > Device Log > Log Settings
Vantage CNM User’s Guide The following table describes the labels in this screen. Table 85 Configuration > Device Log > Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 232: Purge Logs
Vantage CNM User’s Guide Table 85 Configuration > Device Log > Log Settings (continued) LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to begin configuring this screen afresh. 13.2 Purge Logs Click Purge to remove logs from the Vantage database.
Page 233: Configuration > Adsl Monitor
Vantage CNM User’s Guide H A P T E R Configuration > ADSL Monitor Use this screen to monitor your ADSL link. 14.1 Introduction The Prestige is an ADSL device compatible with the ADSL/ADSL2/ADSL2+ standards. Maximum data rates attainable by the Prestige for each standard are shown in the next table.
Page 234: Figure 116 Configuration > Adsl Monitor
Vantage CNM User’s Guide Figure 116 Configuration > ADSL Monitor The following table describes the labels in this screen. Table 88 Configuration > ADSL Monitor LABEL DESCRIPTION ADSL Link Status This is the status of your ADSL link. ADSL Standard...
Page 235: Chapter 15 Configuration > X Auth
Vantage CNM User’s Guide H A P T E R Configuration > X Auth This chapter shows you how to configure the authentication server using Vantage. 15.1 Overview A ZyWALL set to be a VPN extended authentication server can use either the local user database internal to the ZyWALL or an external RADIUS server for an unlimited number of users.
Page 236: Configuring Radius
Vantage CNM User’s Guide Figure 117 Configuration > X Auth > Local User Database The following table describes the labels in this screen. Table 89 Configuration > X Auth > Local User Database LABEL DESCRIPTION Active Select this check box to enable the user profile.
Page 237: Figure 118 Configuration > X Auth > Radius
Vantage CNM User’s Guide Figure 118 Configuration > X Auth > RADIUS The following table describes the labels in this screen. Table 90 Configuration > X Auth > RADIUS LABEL DESCRIPTION Activate Select the check box to enable user authentication through an external Authentication authentication server.
Page 238 Vantage CNM User’s Guide Table 90 Configuration > X Auth > RADIUS LABEL DESCRIPTION ZyWALL Apply Click Apply to save your changes back to the Reset Click Reset to begin configuring this screen afresh. Chapter 15 Configuration > X Auth...
Page 239: Configuration > Device Alarms
Vantage CNM User’s Guide H A P T E R Configuration > Device Alarms Use these screens to view and manage device alarms. 16.1 Device Alarms Select a domain in the object tree to view alarms for that domain. Alarms are time-critical information that the ZyXEL device automatically sends out at the time of occurrence.
Page 240: Current Alarms Screen
Vantage CNM User’s Guide 16.1.3 Current Alarms Screen This screen includes filters for time, alarm type, alarm severity type and the administrator who responded to the alarm. You may also configure to have administrators automatically e-mailed when an alarm occurs in the System >...
Page 241: Historical Alarms Screen
Vantage CNM User’s Guide Table 93 Configuration > Device Alarms > Current (continued) LABEL DESCRIPTION Retrieve Click Retrieve to renew the logs displayed for the selected device. Respond Click Respond to create a response to an alarm. Clear Click Clear to erase the logs displayed for the selected device. Only the root administrator can clear logs.
Page 242 Vantage CNM User’s Guide Table 94 Configuration > Device Alarms > Historical (continued) LABEL DESCRIPTION Response Time This field displays the time of response since an administrator first received the alarm. Description This field displays a brief explanation of the administrator’s response.
Page 243: Chapter 17 Configuration > Dns
Vantage CNM User’s Guide H A P T E R Configuration > This chapter shows you how to configure the DNS screens. 17.1 DNS Overview DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa.
Page 244: Address Record
Vantage CNM User’s Guide 17.4 Address Record An address record contains the mapping of a fully qualified domain name (FQDN) to an IP address. An FQDN consists of a host and domain name and includes the top-level domain. For example, www.zyxel.com.tw is a fully qualified domain name, where “www” is the host, “zyxel”...
Page 245: Dns Screens
Vantage CNM User’s Guide Figure 121 Private DNS Server Example Note: If you do not specify an Intranet DNS server on the remote network, then the VPN host must use IP addresses to access the computers on the remote private network.
Page 246: Figure 122 Configuration > Dns > System
Vantage CNM User’s Guide Figure 122 Configuration > DNS > System The following table describes the labels in this screen. Table 95 Configuration > DNS > System LABEL DESCRIPTION Address Record An address record specifies the mapping of a fully qualified domain name (FQDN) to an IP address.
Page 247: Adding An Address Record
Vantage CNM User’s Guide Table 95 Configuration > DNS > System (continued) LABEL DESCRIPTION Name Server Record A name server record contains a DNS server’s IP address. The ZyWALL can query the DNS server to resolve domain names for features like VPN, DDNS and the time server.
Page 248: Adding A Name Server Record
Vantage CNM User’s Guide Figure 123 Configuration > DNS > System > Add Address Record The following table describes the labels in this screen. Table 96 Configuration > DNS > System > Add Address Record LABEL DESCRIPTION FQDN Type a fully qualified domain name (FQDN) of a server. An FQDN starts with a host name and continues all the way up to the top-level domain name.
Page 249: Figure 124 Configuration > Dns > System > Add Name Server Record
Vantage CNM User’s Guide Figure 124 Configuration > DNS > System > Add Name Server Record The following table describes the labels in this screen. Table 97 Configuration > DNS > System > Add Name Server Record LABEL DESCRIPTION Domain Zone This field is optional.
Page 250: Dns Cache
Vantage CNM User’s Guide 17.7 DNS Cache DNS cache is the temporary storage area where a router stores responses from DNS servers. When the ZyWALL receives a positive or negative response for a DNS query, it records the response in the DNS cache. A positive response means that the ZyWALL received the IP address for a domain name that it checked with a DNS server within the five second DNS timeout period.
Page 251: Dynamic Dns
Vantage CNM User’s Guide Table 98 Configuration > DNS > Cache LABEL DESCRIPTION Cache Negative Caching negative DNS resolutions helps speed up the ZyWALL’s processing of DNS Resolutions commonly queried domain names (for which DNS resolution has failed) and reduces the amount of traffic that the ZyWALL sends out to the WAN.
Page 252: Configuring Dynamic Dns
Vantage CNM User’s Guide 17.10 Configuring Dynamic DNS To change a device’s DDNS, click Configuration > DNS > DDNS. The screen appears as shown. Figure 126 Configuration > DNS > DDNS The following table describes the labels in this screen.
Page 253 Vantage CNM User’s Guide Table 99 Configuration > DNS > DDNS (continued) LABEL DESCRIPTION Offline This option is available when Custom is selected in the DDNS Type field. Check with your Dynamic DNS service provider to have traffic redirected to a URL (that you can specify) while you are off line.
Page 254 Vantage CNM User’s Guide Chapter 17 Configuration > DNS...
Page 255: Chapter 18 Building Blocks (Bbs)
Building Blocks (BBs) 18.1 Categories A BB is a building block used to build a device configuration using Vantage CNM. • A device BB is a combination of configuration BBs, which vary by model. A device can have only one Device BB. You can select any device and save its configuration as a BB ready to be applied to another device (of the same model type).
Page 256: Editing An Existing Bb
Vantage CNM User’s Guide Figure 127 Building Block > Device BB The following table describes the fields in this screen Table 100 Building Block > Device BB TYPE DESCRIPTION Index This is the building block list number. Name A building block should have a unique name. Click this hyperlink to go to a BB info screen that allows you to edit the name and add some extra description of the BB.
Page 257: Device Bb Configuration Select
Vantage CNM User’s Guide Table 101 Building Block > Device BB > Edit (continued) TYPE DESCRIPTION Next Click to proceed to the following screen Cancel Click to return to the previous screen. 18.3.2 Device BB Configuration Select Select one of the hyperlink configuration menus to configure your BB Device LAN, WLAN etc.
Page 258: Configuration Bbs
Vantage CNM User’s Guide Figure 130 Building Block > Device BB > Add Table 102 Building Block > Device BB > Add TYPE DESCRIPTION Name Type a unique name for the building block. Device Select the device model. Note Type some extra description of the BB...
Page 259: Adding A Configuration Bb
Vantage CNM User’s Guide Table 103 Building Block > Configuration (continued) TYPE DESCRIPTION Note This field displays some extra description of the BB Click to proceed to the next screen. Delete Click to delete a selected device BB. 18.4.1 Adding a Configuration BB...
Page 260: Editing A Configuration Bb
Vantage CNM User’s Guide Figure 133 Building Block > Configuration BB > Add > Next The completed configuration BB is shown next. You may edit this BB by clicking the Name hyperlink. Figure 134 Building Block > Configuration BB > Added 18.4.2 Editing a Configuration BB...
Page 261: Component Bbs
Vantage CNM User’s Guide Figure 135 Building Block > Configuration BB > Edit The following table describes the fields in this screen Table 105 Building Block > Configuration BB > Edit TYPE DESCRIPTION Name You may change the name for this configuration building block.
Page 262: Adding A Component Bb
Vantage CNM User’s Guide Table 106 Building Block > Component BB (continued) TYPE DESCRIPTION Type This field displays the component type, for example, E-mail. Note This field displays some extra description of the BB Click Add to create a new configuration BB. Alternatively, create new component BBs directly from the configuration menus by using the “save as new BB”...
Page 263: Adding A Component Bb: E-Mail Type
Vantage CNM User’s Guide Figure 138 Building Block > Component BB > Add > IP Address The following table describes the fields in this screen Table 108 Building Block > Component BB > Add > IP Address TYPE DESCRIPTION IP Type Select from Single, Range or Subnet.
Page 264: Adding A Component Bb: Vpn1.1D_Ipsec Type
Vantage CNM User’s Guide 18.5.1.3 Adding a Component BB: VPN1.1d_IPSec Type If you select VPN1.1d_IPSec in the Type field in the BB Info screen and select Next, you will to the next screen, where you must enter VPN information. Figure 140 Building Block > Component BB > Add > VPN1.1d_IPSec The following table describes the fields in this screen Table 110 Building Block >...
Page 265 Vantage CNM User’s Guide Table 110 Building Block > Component BB > Add > VPN1.1d_IPSec TYPE DESCRIPTION Ending IP Address/Subnet When the Address Type field is configured to Single Address, this field Mask is N/A. When the Address Type field is configured to Range Address, enter the end (static) IP address, in a range of computers on the network behind the remote IPSec router.
Page 266: Adding A Component Bb: Vpn1.1D_Ike Type
Vantage CNM User’s Guide Table 110 Building Block > Component BB > Add > VPN1.1d_IPSec TYPE DESCRIPTION Apply Click Apply to create the BB. This BB is then displayed in the component BB summary screen. Reset Click Reset to begin configuring the screen afresh.
Page 267: Figure 141 Building Block > Component Bb > Add > Vpn1.1D_Ike
Vantage CNM User’s Guide Figure 141 Building Block > Component BB > Add > VPN1.1d_IKE The following table describes the fields in this screen Table 111 Building Block > Component BB > Add > VPN1.1d_IKE TYPE DESCRIPTION Authentication Key Pre-Shared Key Select the Pre-Shared Key radio button and type your pre-shared key in this field.
Page 268 Vantage CNM User’s Guide Table 111 Building Block > Component BB > Add > VPN1.1d_IKE TYPE DESCRIPTION Content When you select IP in the Local ID Type field, type the IP address of your computer in the local Content field. The ZyWALL automatically uses the IP address in the My ZyWALL field (refer to the My ZyWALL field description) if you configure the local Content field to 0.0.0.0 or leave it...
Page 269 Vantage CNM User’s Guide Table 111 Building Block > Component BB > Add > VPN1.1d_IKE TYPE DESCRIPTION Content The configuration of the peer content depends on the peer ID type. Do the following when you set Authentication Key to Pre-shared Key.
Page 270: Adding A Component Bb: Vpn1.0 Type
Vantage CNM User’s Guide Table 111 Building Block > Component BB > Add > VPN1.1d_IKE TYPE DESCRIPTION SA Life Time (Seconds) Define the length of time before an IKE SA automatically renegotiates in this field. It may range from 180 to 3,000,000 seconds (almost 35 days).
Page 271: Figure 142 Building Block > Component Bb > Add > Vpn1.0
Vantage CNM User’s Guide Figure 142 Building Block > Component BB > Add > VPN1.0 The following table describes the fields in this screen Table 112 Building Block > Component BB > Add > VPN1.0 TYPE DESCRIPTION Phase 1 There are two phases to every IKE (Internet Key Exchange) negotiation –...
Page 272 Vantage CNM User’s Guide Table 112 Building Block > Component BB > Add > VPN1.0 TYPE DESCRIPTION Key Group Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel. Diffie-Hellman is used within IKE SA setup to establish session keys.
Page 273: Editing A Component Bb
Vantage CNM User’s Guide Table 112 Building Block > Component BB > Add > VPN1.0 TYPE DESCRIPTION Perfect Forward Secrecy Choose whether to enable Perfect Forward Secrecy (PFS) using Diffie- (PFS) Hellman public-key cryptography. Enabling PFS means that the key is transient.
Page 274: Figure 144 Building Block > Component Bb > Edit
Vantage CNM User’s Guide Figure 144 Building Block > Component BB > Edit The following table describes the fields in this screen Table 113 Building Block > Component BB > Edit TYPE DESCRIPTION Name You may change the name for the building block.
Page 275: System > Administrators
Vantage CNM User’s Guide H A P T E R System > Administrators Use these screens to manage Vantage administrators. 19.1 I ntroduction to Administrators An Administrator can only be associated to one management domain. To change an Administrator’s management domain, you must first disassociate him or her from an existing domain before associating to the new domain.
Page 276: Super" Administrators
Vantage CNM User’s Guide 3 Only “root” can see all other Administrators. Other Administrators can only see Administrators within their domain. 19.1.1.1.1 Change the “Root” Administrator Password 1 You should change the “root” password for security resons. 2 If you change the “root” password and cannot remember the new password, you must access the MySQL database directly.
Page 277: Creating An Administrator Account
Vantage CNM User’s Guide Figure 145 System > View Administrator List The following table describes the fields in this screen. Table 114 System > View Administrator List LABEL DESCRIPTION Select the checkbox and enter a valid e-mail address of the person who should receive a report on logs that have been purged.
Page 278: Figure 146 System > Administrator Details
Vantage CNM User’s Guide Figure 146 System > Administrator Details The following table describes the fields in this screen. Table 115 System > Administrator Details LABEL DESCRIPTION Name Type the administrator name used for identification purposes. Login ID Type the administrator login name associated with the password that you log into Vantage with.
Page 279: Administrator Permissions
Vantage CNM User’s Guide 19.3.2 Administrator Permissions You may select which permissions (privileges) an administrator may have from the next screen. Figure 147 System > Administrator Permissions The following table describes the fields in this screen. Table 116 System > Administrator Permissions...
Page 280 Vantage CNM User’s Guide Table 116 System > Administrator Permissions (continued) LABEL DESCRIPTION System System Management is defined as follows: Management Vantage Upgrade License Preference Log option and purge log Maintenance Apply Click Apply to save your settings in Vantage.
Page 281: Chapter 20 Other System Screens
Vantage CNM User’s Guide H A P T E R Other System Screens Only the root administrator can view the System > Upgrade to System > Data Maintenance screens as only the root administrator can perform these duties. 20.1 Status Click System >...
Page 282: Vantage Upgrade
Vantage CNM User’s Guide Table 117 System > Vantage Status (continued) LABEL DESCRIPTION CPU Utilization This field displays the Vantage server CPU processing power usage. Heavy usage may necessitate upgrading to a more powerful CPU. Memory Usage This field displays the Vantage server memory usage. Heavy usage may necessitate installing more RAM.
Page 283: Figure 149 System > Upgrade > Online Administrators
Vantage CNM User’s Guide Figure 149 System > Upgrade > Online Administrators 2 Click Next when all administrators have logged out. If an administrator has not logged out, Vantage will not let you continue. A warning screen will re-appear reminding you to notify them to log out.
Page 284: Version Format
This represents the code for the operating system on which you can install this version of Vantage. This number changes for patch upgrades. The version code of Vantage CNM for Windows XP with reporting menus is 2.2.00.81.00. Chapter 20 Other System Screens...
Page 285: License Management
Vantage CNM User’s Guide 20.3 License Management You need a license key to generate an Activation Key and Server Set Key in order to be able to use Vantage. See the Quick Start Guide for more information on generating keys at www.myZyXEL.com.
Page 286: System >Preferences
Vantage CNM User’s Guide Figure 154 System > License > License Management > Upgrade The following table describes the fields in this screen. Table 120 System > License > License Management > Upgrade LABEL DESCRIPTION Activation Key Copy and paste or type the Activation Key that is generated in the myZyXEL.com website.
Page 287: User Access
Vantage CNM User’s Guide Figure 155 System > Preferences > General System The following table describes the fields in this screen. Table 121 System > Preferences > General System LABEL DESCRIPTION Vantage CNM Root This refers to the root of the object tree.
Page 288: Servers
You can configure these servers as you install Vantage (in the installation wizard) or after you install it in this screen. Configure the Vantage CNM public IP server address, FTP server (for firmware upload), syslog server (for logs) and mail server (for Vantage notifications and reports) in this screen.
Page 289: Figure 157 System > Preferences > Server
Vantage CNM User’s Guide The SMTP server is used for e-mail notifications. The syslog server is used to receive logs. The syslog server you configure for a device and the syslog server you configure for Vantage MUST be the same.
Page 290: Vantage Server Public Ip Address
• Access each device’s command line interface and enter “CNM managerIp x.x.x.x” where “x.x.x.x” is the new Vantage CNM public IP address. 4 Restart Vantage CNM; you don’t have to restart the computer on which Vantage CNM is installed. Right-click the Vantage icon in the system tray and select STOP.
Page 291: Notifications
Figure 159 Figure 2-5 Vantage Icon - Start 5 When you register new devices with Vantage, make sure the new device can ping the Vantage server (the new Vantage CNM Public IP address) and then set the device’s Manager IP address correspondingly.
Page 292: Vantage Permissions: User Group
Vantage CNM User’s Guide Figure 160 System > Preferences > Notifications The following table describes the fields in this screen. Table 124 System > Preferences > Notifications LABEL DESCRIPTION Firmware Upgrade Set who should be notified when you upload firmware to a device.
Page 293: Add User Group
Vantage CNM User’s Guide Figure 161 System > Preferences > User Group The following table describes the fields in this screen. Table 125 System > Preferences > Permissions LABEL DESCRIPTION Index This is the template index number. 1 and 2 are default templates.
Page 294: Figure 162 System > Preferences > Permissions > Add
Vantage CNM User’s Guide Figure 162 System > Preferences > Permissions > Add The following table describes the fields in this screen. Table 126 System > Preferences > Permissions > Add LABEL DESCRIPTION Add User Group User Group ID Enter the new template name (User Group) in this field.
Page 295: System Maintenance
Vantage CNM User’s Guide 20.5 System Maintenance Use the Maintenance screens to manage, back up and restore Vantage system backup files. Data maintenance includes device firmware and configuration files you have uploaded to the Vantage server. You can back up or restore to your computer or Vantage. You can choose what domain to back up by selecting a folder in the object tree.
Page 296: Restore System Maintenance
Select the radio button to give the download destination to server. To Server Select this option to back up the file to the Vantage CNM server. File Name Type in the location of the file you want to upload in this field.
Page 297: Address Book
Destination Select this radio button to upload a configuration file From Server. From Server Select this option to restore the file from the Vantage CNM server. File Name Select a file from the drop-down list box. From Your Computer Select this radio button to upload a configuration file From Your Computer.
Page 298: Address Book Add/Edit
Vantage CNM User’s Guide Table 130 System > Address Book LABEL DESCRIPTION Name This field displays the person’s name. Email This field displays the person’s e-mail address. Description This field displays some extra information about the person. Click Add to create a new customer record.
Page 299: Vantage Logs
Vantage CNM User’s Guide 20.7 Vantage Logs Use these screens to view and configure Vantage system log preferences. 20.7.1 CNM Server You can view system logs for previous day, the last two days or up to one week here. Figure 168 System > Logs > CNM Server The following table describes the labels in this screen.
Page 300: Certificate Management Overview
Figure 169 System > Logging Options 20.8 Certificate Management Overview Vantage CNM can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner's identity and public key. Certificates provide a way to exchange public keys for use in authentication.
Page 301: Advantages Of Certificates
5 Additionally, Jenny uses her own private key to encrypt a message and Tim uses Jenny's public key to decrypt the message. Vantage CNM uses certificates based on public-key cryptology to authenticate users attempting to establish a connection, not to encrypt the data that you send after establishing a connection.
Page 302: Figure 170 System > Certificate Management > Information
Vantage CNM User’s Guide Figure 170 System > Certificate Management > Information The following table describes the labels in this screen. Table 133 System > Certificate Management > Information LABEL DESCRIPTION Current Certificate Information Certificate Name This field displays the name used to identify this certificate. It is recommended that you give each certificate a unique name.
Page 303: Create A Certificate
Vantage CNM User’s Guide 20.8.3 Create a Certificate You can create certificates by entering the requested information into the fields below. Then click Apply. Figure 171 System > Certificate Management > Create CSR The following table describes the labels in this screen.
Page 304: About Vantage
Vantage CNM User’s Guide Figure 172 System > Certificate Management > Import Certificate The following table describes the labels in this screen. Table 135 System > Certificate Management > Import Certificate LABEL DESCRIPTION Input Certificate Input Your Certificate Path Type in the location of the certificate you want to upload in this field or click Browse ...
Page 305: Chapter 21 Monitor > Alarms
Vantage CNM User’s Guide H A P T E R Monitor > Alarms This chapter describes the monitor alarms. 21.1 Alarms Select a domain in the object tree to view alarms for that domain. Alarms are time-critical information that the ZyXEL device automatically sends out at the time of occurrence.
Page 306: Alarm States
Vantage CNM User’s Guide 21.1.3 Alarm States When an alarm is received by Vantage, it can be in one of three states: Table 138 Alarm States STATE DESCRIPTION Active This is the initial state of an alarm, which means this alarm is new and no one has assumed responsibility for handling it yet.
Page 307: Figure 174 Monitor > Current Alarms
Vantage CNM User’s Guide Figure 174 Monitor > Current Alarms Table 139 Monitor > Current Alarms STATE DESCRIPTION Select Time Period Select the time period for which you wish to view alarms. Select Type of Select the type of alarm you wish to view.
Page 308: Historical Alarms
Vantage CNM User’s Guide Table 139 Monitor > Current Alarms STATE DESCRIPTION Checkbox/Select Select a checkbox(es) and then click Clear to erase those alarms. Index This is the alarm index number. Type This is the type of alarm. Severity This is the alarm severity.
Page 309: Chapter 22 Other Monitor Screens
Vantage CNM User’s Guide H A P T E R Other Monitor Screens Firmware Upgrade means that Vantage signals the device to request a firmware FTP upload from Vantage. 22.1 Firmware Upgrade Report Details of firmware uploaded to Vantage are shown as in the next screen.
Page 310: Vpn Editor
Vantage CNM User’s Guide Figure 177 Monitor > Monitor Status 22.3 VPN Editor This is a graphical VPN editor screen where you can click and drag VPN tunnels (single-click VPN) and also view individual tunnel details. The following table lists the icons that are used in the Monitor, VPN Editor screens.
Page 311: Figure 178 Monitor > Vpn Editor > Tunnel Ipsec Detail
Vantage CNM User’s Guide you must fill in the fields with the red asterisks. You can accept (or change) the automatically configured information in the other fields to set up the tunnel. Figure 178 Monitor > VPN Editor > Tunnel IPSec Detail 3 Click Apply to go to a tunnel summary screen.
Page 312: Tunnel Graphical Depictions
Vantage CNM User’s Guide 6 Right-click a ZyXEL device (A-End) and select VPN in the popup menu. Click the ZyXEL device again and drag (you should see a red line) to another ZyXEL device (Z- End), then release the mouse button.
Page 313: Introduction To Reports
H A P T E R Introduction to Reports Vantage CNM can collect and analyze logs from the ZyXEL devices that you select in the object tree. Use the report screens to create graphical representations of data gathered from the logs over a period of time (that you configure) and send scheduled e-mail reports.
Page 314: Web Filter Reports
Vantage CNM User’s Guide Figure 182 Service Reports 23.3 Web Filter Reports Use the web filter reports to view statistics on who attempted to access what blocked sites and when via the selected ZyXEL device(s). Figure 183 Web Filter Reports 23.4 Attack Reports...
Page 315: Authentication Reports
Vantage CNM User’s Guide Figure 184 Attack Reports 23.5 Authentication Reports Use the authentication reports screens to view successful and failed logins to selected ZyXEL devices over the specified period of time. Figure 185 Authentication Reports 23.6 Log Viewer Reports Use these reports to view, purge and search for logs from the selected ZyXEL device(s).
Page 316: System Reports
Vantage CNM User’s Guide Figure 186 Log Viewer Reports 23.7 System Reports Use these screens to configure global reporting parameters such as refresh intervals, syslog retrieval intervals, days to keep logs and default chart types (pie or chart). You can also schedule reports to be sent by e-mail and import a Comma-Separated Value (CSV) text file (of purged logs).
Page 317: Chapter 24 Bandwidth Reports
Vantage CNM User’s Guide H A P T E R Bandwidth Reports 24.1 Introduction The Bandwidth Summary report contains information on the amount of traffic handled by a selected ZyXEL device(s) over the specified time period. To view the Bandwidth Summary report, select ZyXEL device(s) and click Report, Bandwidth, Summary.
Page 318: Figure 189 Bandwidth Summary
Vantage CNM User’s Guide Figure 189 Bandwidth Summary Table 142 Bandwidth Summary LABEL DESCRIPTION Chart Type Select PIE or BAR chart from the Chart Type list box. You can select the default for all screens in the Report, System, General Config screen.
Page 319: Bandwidth Summary Settings
Vantage CNM User’s Guide Table 142 Bandwidth Summary (continued) LABEL DESCRIPTION Events This field displays the number of events that occurred on the selected devices during each hour of the current day or each day for a range of days (up to 31 days).
Page 320: Bandwidth Monitoring
Vantage CNM User’s Guide Table 143 Bandwidth Summary Settings (continued) LABEL DESCRIPTION End Date Click the calendar icon to select an ending year-month-date or manually enter the date in year-month-date format. The end date must come after the start date but not after the current date.
Page 321: Figure 192 Bandwidth Top Users
Vantage CNM User’s Guide To view the Bandwidth Top Users report, select ZyXEL device(s) and click Report, Bandwidth, Top Users. Figure 192 Bandwidth Top Users Table 144 Bandwidth Top Users LABEL DESCRIPTION Chart Type Select PIE or BAR chart from the Chart Type list box. You can select the default for all screens in the Report, System, General Config screen.
Page 322: Bandwidth Top Users Settings
Vantage CNM User’s Guide 24.3.1 Bandwidth Top Users Settings Click Settings in the previous screen to display this screen. You only need to do this: • To view reports for more days (up to 31 days) than the main screen list box allows •...
Page 323: Bandwidth Line Usage Settings
Vantage CNM User’s Guide Figure 194 Bandwidth Line Usage Table 146 Bandwidth Line Usage LABEL DESCRIPTION Last Days The report displays information per hour for one day selected and information per day for more than one day selected. Settings Click Settings to view reports for more MAC addresses, or for more days (up to 31 days) than the previous list box allows or for an earlier time range.
Page 324: Bandwidth Line Interrupt
Vantage CNM User’s Guide Figure 195 Bandwidth Line Usage Settings Table 147 Bandwidth Line Usage Settings LABEL DESCRIPTION Start Date Click the calendar icon to select a beginning year-month-date or manually enter the date in year-month-date format. End Date The End Date selection is optional. Click the calendar icon to select an ending year- month-date or manually enter the date in year-month-date format.
Page 325: Bandwidth Line Interrupt Settings
Vantage CNM User’s Guide Figure 196 Bandwidth Line Interrupt Table 148 Bandwidth Line Interrupt LABEL DESCRIPTION Last Days The report displays information per hour for one day selected and information per day for more than one day selected. Settings Click Settings to view reports for more MAC addresses, or for more days (up to 31 days) than the previous list box allows or for an earlier time range.
Page 326: Figure 197 Bandwidth Line Interrupt Settings
Vantage CNM User’s Guide Figure 197 Bandwidth Line Interrupt Settings Table 149 Bandwidth Line Interrupt Settings LABEL DESCRIPTION Start Date Click the calendar icon to select a beginning year-month-date or manually enter the date in year-month-date format. End Date The End Date selection is optional. Click the calendar icon to select an ending year- month-date or manually enter the date in year-month-date format.
Page 327: Chapter 25 Service Reports
Vantage CNM User’s Guide H A P T E R Service Reports 25.1 Service Monitor The Service Monitor displays service usage (kilobytes transferred) for the selected ZyXEL device(s) within the sampling period. To change the sampling period, go to Report, System, General Config.
Page 328: Creating A Custom Service
Vantage CNM User’s Guide Figure 199 Pre-defined Services 25.2.1 Creating a Custom Service To create a custom service, select Custom Service from the Add a known service field and then fill in the Add a custom service fields. 25.3 Configuring Service Settings To view Service Settings select a ZyXEL device(s) and then click Report, Service, Settings.
Page 329: Figure 200 Service Settings
Vantage CNM User’s Guide Figure 200 Service Settings Table 150 Service Settings LABEL DESCRIPTION Add a known service Select a pre-defined service from the drop-down list box or select Custom Service and then fill in the Add a custom service fields to create a custom service.
Page 330: Service Summary Screens
Vantage CNM User’s Guide 25.4 Service Summary Screens Use these screens to view bandwidth consumed by a service(s), through a ZyXEL device(s) during the specified time. 25.4.1 All Services Summary To view the amount of traffic handled by selected ZyXEL device(s), consumed by services defined in the Service, Settings screen, click Report, Service, Summary, All.
Page 331: Service Summary Settings
Vantage CNM User’s Guide Table 151 All Services Summary (continued) LABEL DESCRIPTION MBytes This field displays the number of megabytes consumed by the service(s).through the selected ZyXEL device(s) in the last hour or day. % of This field shows the percentage of megabytes consumed by the service(s) during this MBytes hour, compared to the whole day when one day is is selected.
Page 332: Ftp Services Summary
Vantage CNM User’s Guide Figure 203 Web Services Summary Table 152 Web Services Summary LABEL DESCRIPTION Chart Type Select PIE or BAR chart from the Chart Type list box. You can select the default for all screens in the Report, System, General Config screen.
Page 333: Mail Services Summary
Vantage CNM User’s Guide time, select a ZyXEL device(s) and then click Report, Service, Summary, FTP. Figure 204 FTP Services Summary Table 153 FTP Services Summary LABEL DESCRIPTION Chart Type Select PIE or BAR chart from the Chart Type list box. You can select the default for all screens in the Report, System, General Config screen.
Page 334: Vpn Services Summary
Vantage CNM User’s Guide Figure 205 Mail Services Summary Table 154 Mail Services Summary LABEL DESCRIPTION Chart Type Select PIE or BAR chart from the Chart Type list box. You can select the default for all screens in the Report, System, General Config screen.
Page 335: Custom Services Summary
Vantage CNM User’s Guide Figure 206 VPN Services Summary Table 155 VPN Services Summary LABEL DESCRIPTION Chart Type Select PIE or BAR chart from the Chart Type list box. You can select the default for all screens in the Report, System, General Config screen.
Page 336: Service Top Sites
Vantage CNM User’s Guide Figure 207 Custom Service Group Table 156 Custom Service Group LABEL DESCRIPTION Chart Type Select PIE or BAR chart from the Chart Type list box. You can select the default for all screens in the Report, System, General Config screen.
Page 337: All Services Top Sites
Vantage CNM User’s Guide device(s) during the specified time. 25.5.1 All Services Top Sites To view web sites visited when using all services defined in the Service, Settings screen, during the specified time, select a ZyXEL device(s) and then click Report, Service, Top Sites, All.
Page 338: Top Site Service Settings
Vantage CNM User’s Guide Table 157 Top Sites for All Services (continued) LABEL DESCRIPTION % of MBytes This field shows the percentage of megabytes consumed by the service(s) during this hour, compared to the whole day when one day is is selected. It shows the percentage of megabytes consumed by the service(s) during this day, compared to the total number of days selected when more than one day is selected.
Page 339: Ftp Service Top Sites
Vantage CNM User’s Guide Figure 210 Web Service Top Sites Table 159 Web Service Top Sites LABEL DESCRIPTION Chart Type Select PIE or BAR chart from the Chart Type list box. You can select the default for all screens in the Report, System, General Config screen.
Page 340: Figure 211 Ftp Service Top Sites
Vantage CNM User’s Guide Figure 211 FTP Service Top Sites Table 160 FTP Service Top Sites LABEL DESCRIPTION Chart Type Select PIE or BAR chart from the Chart Type list box. You can select the default for all screens in the Report, System, General Config screen.
Page 341: Mail Service Top Sites
Vantage CNM User’s Guide 25.5.5 Mail Service Top Sites To view sites visited when using mail services through selected ZyXEL device(s), during the specified time, select a ZyXEL device(s) and then click Report, Service, Top Sites, Mail. Chapter 25 Service Reports...
Page 342: Vpn Traffic Top Sites
Vantage CNM User’s Guide Figure 212 Mail Service Top Sites Table 161 Mail Service Top Sites LABEL DESCRIPTION Chart Type Select PIE or BAR chart from the Chart Type list box. You can select the default for all screens in the Report, System, General Config screen.
Page 343: Figure 213 Vpn Service Top Sites
Vantage CNM User’s Guide Figure 213 VPN Service Top Sites Table 162 VPN Service Top Sites LABEL DESCRIPTION Chart Type Select PIE or BAR chart from the Chart Type list box. You can select the default for all screens in the Report, System, General Config screen.
Page 344: Custom Service Top Sites
Vantage CNM User’s Guide 25.5.7 Custom Service Top Sites To view sites visited when using custom services defined in the Service, Settings screen, through selected ZyXEL device(s), during the specified time, select a ZyXEL device(s) and then click Report, Service, Top Sites, Customized Service Group.
Page 345: Top Users Of Services
Vantage CNM User’s Guide Table 163 Custom Service Top Sites % of MBytes This field shows the percentage of megabytes consumed by the custom services defined in the Service, Settings screen, during this hour, compared to the whole day when one day is is selected. It shows the percentage of megabytes consumed by the service(s) during this day, compared to the total number of days selected when more than one day is selected.
Page 346: Top Site Service Settings
Vantage CNM User’s Guide Table 164 All Services Top Users (continued) List Top 10 Select the number of users to view from the drop-down list box Last Days The report displays information per hour when you select one day and information per day when you select more than one day.
Page 347: Top Users Of Web Services
Vantage CNM User’s Guide 25.6.3 Top Users of Web Services To view top users (source IP addresses) of web services through selected ZyXEL device(s), during the specified time, select a ZyXEL device(s) and then click Report, Service, Top Users, Web.
Page 348: Top Users Of Ftp Services
Vantage CNM User’s Guide Table 166 Top Users of Web Services (continued) % of MBytes This field shows the percentage of megabytes consumed by the service(s) during this hour, compared to the whole day when one day is is selected. It shows the percentage of megabytes consumed by the service(s) during this day, compared to the total number of days selected when more than one day is selected.
Page 349: Top Users Of Mail Services
Vantage CNM User’s Guide Table 167 Top Users of FTP Services (continued) LABEL DESCRIPTION Color You can color code individual items for better graphical representation. Events This field displays the number of events or "hits." MBytes This field displays the number of megabytes consumed by the service(s) through the selected ZyXEL device(s) in the last hour or day.
Page 350: Top Users Of Vpn Tunnels
Vantage CNM User’s Guide Table 168 Top Users of Mail Services (continued) LABEL DESCRIPTION Last Days The report displays information per hour when you select one day and information per day when you select more than one day. Settings Click Settings to view reports for more users, or for days (up to 31 days) than the previous list box allows or for an earlier time range.
Page 351: Top Users Of Custom Services
Vantage CNM User’s Guide Figure 220 Top Users of VPN Tunnels Top Users of VPN Tunnels Table 169 LABEL DESCRIPTION Chart Type Select PIE or BAR chart from the Chart Type list box. You can select the default for all screens in the Report, System, General Config screen.
Page 352: Figure 221 Top Users Of Custom Services
Vantage CNM User’s Guide Figure 221 Top Users of Custom Services Table 170 Top Users of Custom Services LABEL DESCRIPTION Chart Type Select PIE or BAR chart from the Chart Type list box. You can select the default for all screens in the Report, System, General Config screen.
Page 353: Chapter 26 Web Filter
Vantage CNM User’s Guide H A P T E R Web Filter A blocked site is a site blocked by a ZyXEL device(s) content filtering feature. Use these screens to view information on attempts to access a blocked site, through the selected ZyXEL device(s), during the specified timeduring.
Page 354: Web Filter Top Sites
Vantage CNM User’s Guide Table 171 Web Filter Summary (continued) LABEL DESCRIPTION Hour This field displays the time the (blocked) access attempt was made. Color You can color code individual items for better graphical representation. Attempts This field displays the number of attempts to access a blocked site.
Page 355: Web Filter Top Users
Vantage CNM User’s Guide Table 172 Web Filter Top Sites (continued) LABEL DESCRIPTION Settings Click Settings to view reports for days (up to 31 days) than the previous list box allows or for an earlier time range. Site This field displays the blocked sites by attempts to access a blocked site, through the selected ZyXEL device(s).
Page 356: Web Filter By User
Vantage CNM User’s Guide Figure 224 Web Filter Top Users Table 173 Web Filter Top Users LABEL DESCRIPTION Chart Type Select PIE or BAR chart from the Chart Type list box. You can select the default for all screens in the Report, System, General Config screen.
Page 357: Figure 225 Web Filter By User
Vantage CNM User’s Guide Figure 225 Web Filter By User Web Filter By User Table 174 LABEL Last Days The report displays information per hour when you select one day and information per day when you select more than one day.
Page 358 Vantage CNM User’s Guide Chapter 26 Web Filter...
Page 359: Chapter 27 Attack Reports
Vantage CNM User’s Guide H A P T E R Attack Reports Use these screens to create reports on attacks detected by a ZyXEL device’s firewall during the specified time. 27.1 Attack Summary To view the number of attacks on the selected ZyXEL device(s), during the specified time, select a ZyXEL device(s) and then click Report, Attack, Summary.
Page 360: Attack Categories
Vantage CNM User’s Guide Attack Summary Table 175 (continued) LABEL DESCRIPTION Color You can color code individual items for better graphical representation. Attacks This field displays the number of attacks on the selected ZyXEL devices. % of Attacks This field shows the percentage of attacks on the selected ZyXEL devices during this hour, compared to the whole day when one day is is selected.
Page 361: Attack Category Settings
Vantage CNM User’s Guide Attack Categories Table 176 (continued) LABEL DESCRIPTION Settings Click Settings to view reports for more categories, or for more days (up to 31 days) than the previous list box allows or for an earlier time range.
Page 362: Attack Source Settings
Vantage CNM User’s Guide Figure 229 Source of Attacks Source of Attacks Table 177 LABEL DESCRIPTION Chart Type Select PIE or BAR chart from the Chart Type list box. You can select the default for all screens in the Report, System, General Config screen.
Page 363: Attack Errors And Exceptions
Vantage CNM User’s Guide Figure 230 Attack Category Settings 27.4 Attack Errors and Exceptions To view information on the number of dropped packets by the selected ZyXEL device(s), during the specified time, select a ZyXEL device(s) and then click Report, Attack, Errors &...
Page 364 Vantage CNM User’s Guide Table 178 Attack Errors and Exceptions (continued) LABEL DESCRIPTION Color You can color code individual items for better graphical representation. Packets This field displays the number of packets that were dropped by the selected ZyXEL devices.
Page 365: Chapter 28 Authentication
Vantage CNM User’s Guide H A P T E R Authentication Use these screens to view information on who successfully logged into the selected ZyXEL devices (for management or monitoring purposes) and also on those who tried to log in, but failed.
Page 366: Figure 233 Failed Logins
Vantage CNM User’s Guide Figure 233 Failed Logins Table 180 Failed Logins LABEL DESCRIPTION Last Days The report displays information per hour when you select one day and information per day when you select more than one day. Settings Click Settings to view reports for more days (up to 31 days) than the previous list box allows or for an earlier time range.
Page 367: Chapter 29 Log Viewer
Vantage CNM User’s Guide H A P T E R Log Viewer Use these screens to view and purge information on logs that the selected ZyXEL devices generated. 29.1 Log Monitor To view (and purge information) on logs that the selected ZyXEL devices generated during the specified time, select a ZyXEL device(s) and then click Report, Log Viewer, Log Monitor.
Page 368: Figure 234 Log Monitor
Vantage CNM User’s Guide Figure 234 Log Monitor Log Monitor Table 181 LABEL DESCRIPTION Log reserves Type the number of days you want to keep logs in Vantage. Logs older that this are then deleted from Vantage after you click the Purge button. For example, if you type “5”, all logs older than five days will be deleted.
Page 369: Log Search
Vantage CNM User’s Guide Log Monitor Table 181 (continued) LABEL DESCRIPTION This field displays the LAN MAC address of the device that caused the ZyXEL device to generate a log. Time This field displays the time the ZyXEL device generated the log.
Page 370: Figure 235 Log Search
Vantage CNM User’s Guide Figure 235 Log Search Log Search Table 182 LABEL DESCRIPTION Start Date Click the calendar icon to select a beginning year-month-date or manually enter the date in year-month-date format. Start Time Enter the time from which to start searching for logs in hour-minute-second format in this screen.
Page 371: Chapter 30 Report System Screens
Vantage CNM User’s Guide H A P T E R Report System Screens Use these screens to: • Set default reporting parameters such as refresh intervals, syslog retrieval intervals, log storage within Vantage and default chart types. • Schedule daily or weekly reports.
Page 372: Schedule Reports
Vantage CNM User’s Guide Table 183 General System Configuration (continued) LABEL DESCRIPTION Log Store Days Select the checkbox and then type the number of days Vantage should store logs. Default Chart Type Select the checkbox and then choose the default chart type that should display in report screens.
Page 373: Schedule Daily Report
Vantage CNM User’s Guide Table 184 Schedule Reports (continued) LABEL DESCRIPTION To Email Address This is the e-mail address(es) to which a previously created scheduled report sends reports. EMail Subject This is the e-mail subject a previously created scheduled report uses.
Page 374: Schedule Weekly Report
Vantage CNM User’s Guide Schedule Daily Reports Table 185 (continued) LABEL DESCRIPTION Email Subject: Type a meaningful e-mail subject here. Email Attached Files Select this checkbox to have Vantage e-mail the attached reports. Email Body: Type a meaningful message that you want to appear in the e-mail body here.
Page 375: Figure 239 Schedule Weekly Reports
Vantage CNM User’s Guide Figure 239 Schedule Weekly Reports Schedule Daily Reports Table 186 LABEL DESCRIPTION Add Weekly Scheduled Report Destination Email Address (Semicolon Type e-mail addresses to where e-mailed reports should seperated): be sent separated by semicolons. Email Subject: Type a meaningful e-mail subject here.
Page 376: Csv Import
Vantage CNM User’s Guide Schedule Daily Reports Table 186 (continued) LABEL DESCRIPTION Apply Click Apply to save your changes and exit this screen. Reset Click Reset to revert to last-saved screen settings. Cancel Click Cancel to close this screen without saving any setting changes.
Page 377: Chapter 31 Report
Vantage CNM User’s Guide H A P T E R Report Use these screens to configure reports for a single day or multiple days to be e-mailed or saved in Vantage. 31.1 Daily Report Use this screen to configure reports for a single day to be e-mailed or saved in Vantage. Click Report, Report, Daily Report to display the next screen.
Page 378: Figure 242 Daily Reports
Vantage CNM User’s Guide Figure 242 Daily Reports Daily Reports Table 187 LABEL DESCRIPTION Customize One Day Report Destination Email Address (Semicolon Type e-mail addresses to where e-mailed reports seperated): should be sent separated by semicolons. Email Subject: Type a meaningful e-mail subject here.
Page 379: Over Time Report
Vantage CNM User’s Guide Daily Reports Table 187 (continued) LABEL DESCRIPTION Date Click the calendar icon to select a date for the report to be sent or manually enter the date in year-month-date format. Report List Select the report type from this list. Each report type corresponds to a report screen in Vantage.
Page 380: Figure 243 Over Time Report
Vantage CNM User’s Guide Figure 243 Over Time Report Table 188 Over Time Report LABEL DESCRIPTION Customize Over Time Report Destination Email Address Type e-mail addresses to where e-mailed reports should be sent (Semicolon seperated): separated by semicolons. Email Subject: Type a meaningful e-mail subject here.
Page 381 Vantage CNM User’s Guide Table 188 Over Time Report (continued) LABEL DESCRIPTION End Date Click the calendar icon to select an ending year-month-date or manually enter the date in year-month-date format. The end date must come after the start date but not after the current date.
Page 382 Vantage CNM User’s Guide Chapter 31 Report...
Page 383: Ftp Server (Wftpd) Setup Example
Vantage CNM User’s Guide P P E N D I X FTP Server (WFTPD) Setup Example This appendix applies to the Windows version of Vantage CNM. Installing WFTPD 1 Download the WFTPD software from www.wftpd.com to where you want to install it.
Page 384: Figure 246 Information
Vantage CNM User’s Guide Figure 246 Information 5 Select the installation type and click Next. Figure 247 Installation Type 6 Select where to install WFTPD Pro and click Next.
Page 385: Figure 248 Installation Directory
Vantage CNM User’s Guide Figure 248 Installation Directory 7 You are prompted to create the directory if it doesn’t already exist. Click Yes to create a new directory. Figure 249 Create Directory 8 Click Next to begin the installation. Figure 250 Begin Installation...
Page 386: Running Wftpd
Vantage CNM User’s Guide Running WFTPD Figure 251 Run WFTPD 10 Click Start Service form the WFTPD main screen. WFTPD Main Screen Figure 252 WFTPD Main Screen 11 Open Administrative Tools in the Windows Control Panel and then select Services to...
Page 387: Figure 253 Windows Services
Vantage CNM User’s Guide Figure 253 Windows Services 12 Right-click WFTPD Pro service and then click Properties. Figure 254 WFTPD Properties 13 Click the Log On tab to configure a user name and password for this server. This must be the same username and password that you use in Vantage.
Page 388: Figure 255 Wftpd Pro Log On
Vantage CNM User’s Guide Figure 255 WFTPD Pro Log On...
Page 389: Configuring The Kiwi Syslog Daemon
Note: If you already have a Kiwi Syslog Daemon installed, you can modify the “Syslog Daemon Settings.ini” text file before you import it to the Kiwi Syslog Daemon. See the Vantage CNM release notes for information on how to do this. Installing the Kiwi Syslog Daemon Follow the steps below to install the KiWi.
Page 390: Importing The Syslog Configuration File
4 Click Install to install Kiwi to the default directory. Note: Make sure that the directory you install Kiwi is the same as the directory in the System Log Path field in the Vantage CNM System > Preferences > Server screen.
Page 391: Figure 259 Kiwi Syslog Daemon Setup
Vantage CNM User’s Guide 3 Click Defaults/Import/Export under Inputs. 4 Click Import Settings and Rules from INI file. Figure 259 Kiwi Syslog Daemon Setup 5 Locate the “.ini” syslog configuration file you saved to your computer in step 1 and click Open.
Page 392: Starting The Telnet Service
Vantage CNM User’s Guide 7 In the Kiwi Syslog Daemon Setup screen, click Apply and then OK to close the screen. Note: You must start the Telnet service on the computer you install Kiwi. Starting the Telnet Service Follow the steps below to activate Telnet service for syslog logging on the computer you install Kiwi.
Page 393: Setting Up The Syslog Server In Vantage
After you have installed and configure the Kiwi Syslog Daemon and started the Telnet service on the computer, configure the syslog settings in Vantage CNM. Set the syslog server username and password to be the same as the Windows username and password in the Vantage system Server screen.
Page 394: Figure 263 Vantage System Servers
Vantage CNM User’s Guide Figure 263 Vantage System Servers 3 Select Syslog Server and enter the IP address of the computer on which you installed the Syslog server and the user name and password that you configured. 4 Click Apply.
Page 395: Pop-Up Windows, Javascripts And Java Permissions
P P E N D I X Pop-up Windows, JavaScripts and Java Permissions This appendix applies to the Windows version of Vantage CNM. In order to use the web configurator you need to allow: • Web browser pop-up windows from your device.
Page 396: Enable Pop-Up Blockers With Exceptions
Vantage CNM User’s Guide 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 265 Internet Options 3 Click Apply to save this setting.
Page 397: Figure 266 Internet Options
Vantage CNM User’s Guide Figure 266 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites.
Page 398: Javascripts
Vantage CNM User’s Guide Figure 267 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Page 399: Figure 268 Internet Options
Vantage CNM User’s Guide Figure 268 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default).
Page 400: Java Permissions
Vantage CNM User’s Guide Figure 269 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
Page 401: Java (Sun)
Vantage CNM User’s Guide Figure 270 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window.
Page 402: Figure 271 Java (Sun)
Vantage CNM User’s Guide Figure 271 Java (Sun)
Page 403: Ftp And Syslog Server Overview
Table 189 FTP and syslog Server Overview LABEL DESCRIPTION This is the Vantage CNM server. This is any ZyXEL device. This is a syslog server This is an FTP server Vantage sends syslog and FTP information for those servers to the device when you register the device with Vantage.
Page 404 Vantage CNM User’s Guide Table 189 FTP and syslog Server Overview LABEL DESCRIPTION After a successful communication link has been established between Vantage and the syslog server, Vantage instructs the syslog server to send the vantage.log (ZyXEL devices’ logs) from the syslog server to an FTP server for retrieval.
Page 405: Java Console Debug Messages
Vantage CNM User’s Guide P P E N D I X Java Console Debug Messages This appendix applies to the Windows version of Vantage CNM. Introduction If you have problems with Vantage, customer support may ask you to find Java console debug messages.
Page 406: Figure 273 Java Plug-In Control Panel
Vantage CNM User’s Guide Figure 273 Java Plug-in Control Panel 3 Open Internet Explorer and log into Vantage CNM. After successful login a Java plug-in icon should appear in your Windows system tray. If there is no icon present, return to step...
Page 407: Figure 276 Java Console
Vantage CNM User’s Guide Figure 276 Java Console 6 Paste this data into an e-mail and send it to customer support.
Page 408 Vantage CNM User’s Guide...
Page 409: Ip Addressing
Vantage CNM User’s Guide P P E N D I X IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
Page 410: Appendix Fip Subnetting
Vantage CNM User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B”...
Page 411: Example: Two Subnets
Vantage CNM User’s Guide For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with mask 255.255.255.128. The following table shows all possible subnet masks for a class “C” address using both notations. Table 193 Alternative Subnet Mask Notation SUBNET MASK IP ADDRESS SUBNET MASK “1”...
Page 412: Table 195 Subnet 1
Vantage CNM User’s Guide Note: In the following charts, shaded/bolded last octet bit values indicate host ID bits “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after “borrowing”) determines the number of hosts you can have...
Page 413: Example: Four Subnets
Vantage CNM User’s Guide Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11. The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192.
Page 414: Example Eight Subnets
Vantage CNM User’s Guide Table 200 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.193 192.168.1.192 Broadcast Address: Highest Host ID: 192.168.1.254 192.168.1.255...
Page 415: Subnetting With Class A And Class B Networks
Vantage CNM User’s Guide Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID.
Page 416 Vantage CNM User’s Guide...
Page 417: Virtual Circuit Topology
Vantage CNM User’s Guide P P E N D I X Virtual Circuit Topology Introduction ATM is a connection-oriented technology, meaning that it sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows: •...
Page 418 Vantage CNM User’s Guide...
Page 419: Wireless Lans
Vantage CNM User’s Guide P P E N D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C).
Page 420: Ess
Vantage CNM User’s Guide Figure 279 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS).
Page 421: Channel
Vantage CNM User’s Guide Figure 280 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference.
Page 422: Fragmentation Threshold
Vantage CNM User’s Guide Figure 281 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 423: Preamble Type
Vantage CNM User’s Guide A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
Page 424: Ieee 802.1X
Vantage CNM User’s Guide IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are:...
Page 425: Types Of Authentication
Vantage CNM User’s Guide • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: •...
Page 426: Eap-Tls (Transport Layer Security)
Vantage CNM User’s Guide EAP-TLS (Transport Layer Security) With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created.
Page 427: Table 205 Comparison Of Eap Authentication Types
Vantage CNM User’s Guide For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types.
Page 428: Table 206 Wireless Security Relational Matrix
Vantage CNM User’s Guide The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
Page 429: Ieee 802.11
Vantage CNM User’s Guide It provides health care workers like doctors and nurses access to a complete patient’s profile on a handheld or notebook computer upon entering a patient’s room. It allows flexible workgroups a lower total cost of ownership for workspaces that are frequently reconfigured.
Page 430: Infrastructure Wireless Lan Configuration
Vantage CNM User’s Guide Figure 282 Peer-to-Peer Communication in an Ad-hoc Network Infrastructure Wireless LAN Configuration For Infrastructure WLANs, multiple Access Points (APs) link the WLAN to the wired network and allow users to efficiently share network resources. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
Page 431: Figure 283 Ess Provides Campus-Wide Coverage
Vantage CNM User’s Guide Figure 283 ESS Provides Campus-Wide Coverage...
Page 432 Vantage CNM User’s Guide...
Page 433: Table 207 System Maintenance Logs
Vantage CNM User’s Guide P P E N D I X Log Descriptions Introduction This appendix provides descriptions of example device log messages. Table 207 System Maintenance Logs LOG MESSAGE DESCRIPTION The router has adjusted its time based on information from the Time calibration is time server.
Page 434: Table 208 System Error Logs
Vantage CNM User’s Guide Table 207 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION The router dropped an ICMP packet that was too large. Too large ICMP packet has been dropped An SMT management session has started. SMT Session Begin An SMT management session has ended.
Page 435: Table 210 Tcp Reset Logs
Vantage CNM User’s Guide Table 209 Access Control Logs (continued) LOG MESSAGE DESCRIPTION The router blocked a packet that didn't have a Packet without a NAT table entry corresponding NAT table entry. blocked: [TCP | UDP | IGMP | ESP...
Page 436: Table 212 Icmp Logs
Vantage CNM User’s Guide Table 212 ICMP Logs LOG MESSAGE DESCRIPTION ICMP access matched the default policy and was blocked Firewall default policy: ICMP or forwarded according to the user's setting. For type and <Packet Direction>, <type:%d>, code details, see Table 224.
Page 437: Table 215 Upnp Logs
Vantage CNM User’s Guide Table 214 PPP Logs (continued) LOG MESSAGE DESCRIPTION The PPP connection’s Link Control Protocol stage is closing. ppp:LCP Closing The PPP connection’s Internet Protocol Control Protocol stage is closing. ppp:IPCP Closing Table 215 UPnP Logs LOG MESSAGE DESCRIPTION UPnP packets can pass through the firewall.
Page 438: Table 217 Attack Logs
Vantage CNM User’s Guide Table 216 Content Filtering Logs (continued) LOG MESSAGE DESCRIPTION The connection to the external content filtering server failed. Connecting to content filter server fail License key is invalid The external content filtering license key is invalid.
Page 439: Table 218 Ipsec Logs
Vantage CNM User’s Guide Table 218 IPSec Logs LOG MESSAGE DESCRIPTION The router received and discarded a packet with an incorrect Discard REPLAY packet sequence number. The router received a packet that has been altered. A third party may Inbound packet have altered or tampered with the packet.
Page 440 Vantage CNM User’s Guide Table 219 IKE Logs (continued) LOG MESSAGE DESCRIPTION The router couldn’t resolve the IP address from the domain Cannot resolve Secure Gateway name that was used for the secure gateway address. Addr for rule <%d> The displayed ID information did not match between the two Peer ID: <peer id>...
Page 441 Vantage CNM User’s Guide Table 219 IKE Logs (continued) LOG MESSAGE DESCRIPTION The router was not able to use extended authentication to XAUTH fail! Username: authenticate the listed username. <Username> The listed rule’s IKE phase 1 negotiation mode did not match Rule[%d] Phase 1 negotiation between the router and the peer.
Page 442: Table 220 Pki Logs
Vantage CNM User’s Guide Table 219 IKE Logs (continued) LOG MESSAGE DESCRIPTION The listed rule’s IKE phase 2 did not match between the router Rule [%d] phase 2 mismatch and the peer. The listed rule’s IKE phase 2 key lengths (with the AES...
Page 443: Table 221 Certificate Path Verification Failure Reason Codes
Vantage CNM User’s Guide Table 220 PKI Logs (continued) LOG MESSAGE DESCRIPTION The router received directory data that was too large (the size is listed) Rcvd data <size> too from the LDAP server whose address and port are recorded in the large! Max size Source field.
Page 444: Table 222 802.1X Logs
Vantage CNM User’s Guide Table 221 Certificate Path Verification Failure Reason Codes (continued) CODE DESCRIPTION Database method failed. Path was not verified. Maximum path length reached. Table 222 802.1X Logs LOG MESSAGE DESCRIPTION A user was authenticated by the local user database.
Page 445: Table 223 Acl Setting Notes
Vantage CNM User’s Guide Table 223 ACL Setting Notes PACKET DIRECTION DIRECTION DESCRIPTION (L to W) LAN to WAN ACL set for packets traveling from the LAN to the WAN. (W to L) WAN to LAN ACL set for packets traveling from the WAN to the LAN.
Page 446: Table 225 Syslog Logs
Vantage CNM User’s Guide Table 224 ICMP Notes (continued) TYPE CODE DESCRIPTION Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message Information Request...
Page 447 Vantage CNM User’s Guide Table 226 RFC-2408 ISAKMP Payload Types (continued) LOG DISPLAY PAYLOAD TYPE Signature Nonce NONCE Notification NOTFY Delete Vendor ID...
Page 448 Vantage CNM User’s Guide...
Page 449: Notice
No part may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, except the express written permission of ZyXEL Communications Corporation. This Product includes Castor Copyright (C) 1999-2001 Intalio, Inc.
Page 450: Common Public License Version 1.0
Vantage CNM User’s Guide IN NO EVENT SHALL INTALIO, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS...
Page 451 Vantage CNM User’s Guide a) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non- exclusive, worldwide, royalty-free copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, distribute and sublicense the Contribution of such Contributor, if any, and such derivative works, in source code and object code form.
Page 452 Vantage CNM User’s Guide Contributors may not remove or alter any copyright notices contained within the Program. Each Contributor must identify itself as the originator of its Contribution, if any, in a manner that reasonably allows subsequent Recipients to identify the originator of the Contribution.
Page 453 Vantage CNM User’s Guide EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT...
Page 454: Cryptix General License
Vantage CNM User’s Guide This Agreement is governed by the laws of the State of New York and the intellectual property laws of the United States of America. No party to this Agreement will bring a legal action under this Agreement more than one year after the cause of action arose. Each party waives its rights to a jury trial in any resulting litigation.
Page 455: Technology License From Sun Microsystems, Inc. To Doug Lea
Vantage CNM User’s Guide This Product includes software of Java Software technologies. TECHNOLOGY LICENSE FROM SUN MICROSYSTEMS, INC. TO DOUG LEA Whereas Doug Lea desires to utlized certain Java Software technologies in the util.concurrent technology; and Whereas Sun Microsystems, Inc. (Sun) desires that Doug Lea utilize certain Java Software technologies in the util.concurrent technology;...
Page 456: Java Software Technologies
Vantage CNM User’s Guide DISTRIBUTING THE SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN MICROSYSTEMS, INC. OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN MICROSYSTEMS, INC.
Page 457 Vantage CNM User’s Guide the applicable README file), (iv) you do not remove or alter any proprietary legends or notices contained in the Software, (v) you only distribute the Software subject to a license agreement that protects Sun's interests consistent with the terms contained in this Agreement, and (vi) you agree.
Page 458: Apache License
Vantage CNM User’s Guide 7. Distribution by Publishers. This section pertains to your distribution of the Software with your printed book or magazine (as those terms are commonly used in the industry) relating to Java technology ("Publication"). Subject to and conditioned upon your compliance with the...
Page 459 Vantage CNM User’s Guide "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
Page 460 Vantage CNM User’s Guide 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty- free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
Page 461 Vantage CNM User’s Guide 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions.
Page 462 Portions of this software are based upon public domain software originally written at the National Center for Supercomputing Applications, University of Illinois, Urbana-Champaign. NOTE: Some components of the Vantage CNM software incorporate source code covered under the Apache License. To obtain the source code covered under the Apache License,...
Page 463: Copyright (C) 2002, 2003 Gargoyle Software Inc. All Rights Reserved
Vantage CNM User’s Guide Copyright (c) 2002, 2003 Gargoyle Software Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Page 464: Gnu Lesser General Public License
Vantage CNM User’s Guide This Product includes J3SSH under LGPL. Copyright (C) 2002 Lee David Painter. All right reserved. GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
Page 465 Vantage CNM User’s Guide For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code.
Page 466 Vantage CNM User’s Guide Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.
Page 467 Vantage CNM User’s Guide notices stating that you changed the files and the date of any change. c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.
Page 468 Vantage CNM User’s Guide However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.
Page 469 Vantage CNM User’s Guide needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
Page 470 Vantage CNM User’s Guide refrain entirely from distribution of the Library. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims;...
Page 471: Gnu General Public License
Vantage CNM User’s Guide 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,...
Page 472 Vantage CNM User’s Guide To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have.
Page 473 Vantage CNM User’s Guide a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
Page 474 Vantage CNM User’s Guide scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
Page 475 Vantage CNM User’s Guide 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded.
Page 476: End-User License Agreement For Vantage Cnm
Vantage CNM User’s Guide End-User License Agreement for Vantage CNM WARNING: ZyXEL Communications Corp. IS WILLING TO LICENSE THE ENCLOSED SOFTWARE TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS LICENSE AGREEMENT. PLEASE READ THE TERMS CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AS INSTALLING THE SOFTWARE WILL INDICATE YOUR ASSENT TO THEM.
Page 477 Vantage CNM User’s Guide You may not publish, display, disclose, sell, rent, lease, modify, store, loan, distribute, or create derivative works of the Software, or any part thereof. You may not assign, sublicense, convey or otherwise transfer, pledge as security or otherwise encumber the rights and licenses granted hereunder with respect to the Software.
Page 478 Vantage CNM User’s Guide 7.LIMITATION OF LIABILITY. To the maximum extent permitted by applicable law, in no event shall ZyXEL or its suppliers be liable for any special, incidental, indirect, or consequential damages whatsoever (including, without limitation, damages for loss of...
Page 479 Vantage CNM User’s Guide 12.General This License Agreement shall be construed, interpreted and governed by the laws of Republic of China without regard to conflicts of laws provisions thereof. The exclusive forum for any disputes arising out of or relating to this License Agreement shall be an appropriate court or Commercial Arbitration Association sitting in ROC, Taiwan.
Page 480 Vantage CNM User’s Guide...
Page 481 Vantage CNM User’s Guide Destination Address Abnormal Working Conditions DHCP 75, 80, 81, 84, 87, 250 Acts of God Diffie-Hellman (DH) 184, 271 Address Assignment Direct Sequence Spread Spectrum Address Resolution Protocol (ARP) Disclaimer Advanced Encryption Standard (AES) Discretion Distribution System...
Page 482 Vantage CNM User’s Guide Frequency-Hopping Spread Spectrum Many to Many No OverloadSee NAT 80, 149, 250 Many to Many OverloadSee NAT Functionally Equivalent Many to OneSee NAT Materials Maximum Burst Size Maximum Incomplete High Germany, Contact Information Maximum Incomplete Low...
Page 483 Vantage CNM User’s Guide Products Stateful Inspection 215, 216 Process Proof of Purchase 2, 3 ZyWALL Proper Operating Condition Public Servers Subnet Mask 81, 85, 88, 226 Purchase, Proof of Subnet Masks Purchaser Support E-mail Supporting Disk Sustained Cell Rate...
Page 484 Vantage CNM User’s Guide Warranty Period Web Configurator Web Site WEP encryption Wi-Fi Protected Access Wireless Client WPA Supplicants Wireless LAN Configuring Wireless security WLAN Interference Security parameters Workmanship Worldwide Contact Information Supplicants with RADIUS Application Example WPA -Pre-Shared Key...

ZyXEL Communications Vantage CNM User Manual

Chapter 1 Introducing Vantage

Chapter 2 GUI Introduction

Chapter 3 Device Menus

Chapter 4 Configuration > Select Device BB & General

Chapter 5 Configuration > LAN

Chapter 6 Configuration > WLAN

Chapter 7 Configuration > DMZ

Chapter 8 Configuration > WAN

Chapter 9 Configuration > NAT

Chapter 10 Configuration > Static Route

Quick Links

Related Manuals for ZyXEL Communications Vantage CNM

Summary of Contents for ZyXEL Communications Vantage CNM