Page 1 UAG4100 Unified Access Gateway Version 4.00 Edition 1, 07/2013 Quick Start Guide User’s Guide Default Login Details LAN IP Address http://172.16.0.1 (LAN1) http://172.17.0.1 (LAN2) User Name admin www.zyxel.com Password 1234 Copyright © 2013 ZyXEL Communications Corporation...
Page 2 The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the UAG. Note: It is recommended you use the Web Configurator to configure the UAG. • Web Configurator Online Help Click the help icon in any screen for help in configuring that screen and supplementary information. UAG4100 User’s Guide...
Page 3: Table Of Contents
Billing ..............................237 Printer Manager ............................252 Free Time ..............................259 SMS ..............................263 Bandwidth Management ........................265 User/Group ............................275 AP Profile ..............................289 Addresses .............................304 Services ..............................309 Schedules .............................314 AAA Server ............................318 Authentication Method ..........................322 Certificates ............................325 ISP Accounts ............................341 System ..............................344 UAG4100 User’s Guide...
Page 4 Contents Overview Log and Report .............................385 File Manager ............................400 Diagnostics ............................411 Packet Flow Explore ..........................419 Reboot ..............................427 Shutdown ..............................428 Troubleshooting ............................429 UAG4100 User’s Guide...
Page 5: Table Of Contents
3.1.6 Internet Access - Finish ......................40 3.2 Device Registration .........................41 Chapter 4 Quick Setup Wizards ..........................43 4.1 Quick Setup Overview ........................43 4.2 WAN Interface Quick Setup ......................43 4.2.1 Choose an Ethernet Interface ....................44 4.2.2 Select WAN Type ........................44 UAG4100 User’s Guide...
Page 6 6.15 The Printer Status Screen ......................81 6.16 The VPN 1-1 Mapping Status Screen .....................82 6.16.1 VPN 1-1 Mapping Statistics ....................83 6.17 The Log Screen ..........................83 6.17.1 View AP Log .........................86 6.17.2 Dynamic Users Log .......................88 Chapter 7 Registration............................90 UAG4100 User’s Guide...
Page 7 9.7.1 Virtual Interfaces Add/Edit .....................132 9.8 Interface Technical Reference ......................133 Chapter 10 Trunks ..............................137 10.1 Overview ............................137 10.1.1 What You Can Do in this Chapter ..................137 10.1.2 What You Need to Know ......................137 10.2 The Trunk Summary Screen ......................140 UAG4100 User’s Guide...
Page 8 14.2 The NAT Screen ..........................165 14.2.1 The NAT Add/Edit Screen ....................166 14.3 NAT Technical Reference ......................169 Chapter 15 VPN 1-1 Mapping ..........................171 15.1 VPN 1-1 Mapping Overview ......................171 15.1.1 What You Can Do in this Chapter ..................171 UAG4100 User’s Guide...
Page 9 19.2.1 NAT Traversal ........................186 19.2.2 Cautions with UPnP ......................187 19.3 UPnP Screen ..........................187 19.4 Technical Reference ........................188 19.4.1 Using UPnP in Windows XP Example .................188 19.4.2 Web Configurator Easy Access ...................190 Chapter 20 IP/MAC Binding..........................193 20.1 IP/MAC Binding Overview ......................193 UAG4100 User’s Guide...
Page 10 Firewall ..............................223 24.1 Overview ............................223 24.1.1 What You Can Do in this Chapter ..................223 24.1.2 What You Need to Know ......................223 24.2 The Firewall Screen ........................225 24.2.1 Configuring the Firewall Screen ..................226 24.2.2 The Firewall Add/Edit Screen ....................228 UAG4100 User’s Guide...
Page 11 Free Time ............................259 27.1 Overview ............................259 27.1.1 What You Can Do in this Chapter ..................259 27.2 The Free Time Screen ........................259 Chapter 28 SMS ..............................263 28.1 Overview ............................263 28.1.1 What You Can Do in this Chapter ..................263 UAG4100 User’s Guide...
Page 12 31.3.2 Add/Edit SSID Profile ......................297 31.3.3 Security List .........................298 31.3.4 Add/Edit Security Profile ......................300 31.3.5 MAC Filter List ........................302 31.3.6 Add/Edit MAC Filter Profile ....................303 Chapter 32 Addresses ............................304 32.1 Overview ............................304 32.1.1 What You Can Do in this Chapter ..................304 UAG4100 User’s Guide...
Page 13 Chapter 36 Authentication Method........................322 36.1 Overview ............................322 36.1.1 What You Can Do in this Chapter ..................322 36.1.2 Before You Begin .........................322 36.2 Authentication Method Objects .....................322 36.2.1 Creating an Authentication Method Object ................323 Chapter 37 Certificates ............................325 UAG4100 User’s Guide...
Page 14 39.6.7 Adding a Domain Zone Forwarder ..................354 39.6.8 MX Record ..........................355 39.6.9 Adding a MX Record ......................355 39.6.10 Adding a DNS Service Control Rule ..................356 39.7 WWW Overview ..........................357 39.7.1 Service Access Limitations ....................357 39.7.2 System Timeout ........................357 UAG4100 User’s Guide...
Page 15 41.1.1 What You Can Do in this Chapter ..................400 41.1.2 What you Need to Know ......................400 41.2 The Configuration File Screen ......................402 41.3 The Firmware Package Screen ....................406 41.4 The Shell Script Screen .......................408 Chapter 42 Diagnostics ............................411 UAG4100 User’s Guide...
Page 16 Chapter 45 Shutdown............................428 45.1 Overview ............................428 45.1.1 What You Need To Know .....................428 45.2 The Shutdown Screen ........................428 Chapter 46 Troubleshooting..........................429 46.1 Resetting the UAG ........................435 46.2 Getting More Troubleshooting Help ....................436 Appendix A Legal Information......................437 Index ..............................440 UAG4100 User’s Guide...
Page 17: Introduction
The default configurations for zones, interfaces, and ports are as follows. References to interfaces may be generic rather than the specific name used in your model. For example, this guide may use “the WAN interface” rather than “P1”. UAG4100 User’s Guide...
Page 18: Management Overview
You can manage the UAG in the following ways. Web Configurator The Web Configurator allows easy UAG setup and management using an Internet browser. This User’s Guide provides information about the Web Configurator. Figure 2 Managing the UAG: Web Configurator UAG4100 User’s Guide...
Page 19: Web Configurator
By default, the UAG automatically routes this request to its HTTPS server, and it is recommended to keep this setting. The Login screen appears. Type the user name (default: “admin”) and password (default: “1234”). UAG4100 User’s Guide...
Page 20: Web Configurator Screens Overview
See the Command Reference Guide for information about the commands. Click this to open a popup window that displays the CLI commands sent by the Web Configurator to the UAG. About Click About to display basic information about the UAG. UAG4100 User’s Guide...
Page 21: Site Map
This shows the date (yyyy-mm-dd) and time (hh:mm:ss) when the firmware is released. Click this to close the screen. Site Map Click Site MAP to see an overview of links to the Web Configurator screens. Click a screen’s link to go to that screen. Figure 5 Site Map UAG4100 User’s Guide...
Page 22: Object Reference
Click Cancel to close the screen. CLI Messages Click CLI to look at the CLI commands sent by the Web Configurator. Open the pop-up window and then click some menus in the web configurator to dislay the corresponding commands. UAG4100 User’s Guide...
Page 23: Navigation Panel
The dashboard displays general device information, system status, system resource usage, licensed service status, and interface status in widgets that you can re-arrange to suit your needs. See Chapter 5 on page 49 for details on the dashboard. UAG4100 User’s Guide...
Page 24: Monitor Menu
Table 6 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION Quick Setup Quickly configure WAN interfaces. Licensing Registration Registration Register the device and activate trial services. Service View the licensed service status and upgrade licensed services. UAG4100 User’s Guide...
Page 25 Create walled garden links that display in the login screen. Adverstisement Enable and set advertisement links. Firewall Firewall Create and manage level-3 traffic rules. Session Limit Limit the number of concurrent client NAT/firewall sessions. Billing General Configure the general billing settings, such as the accounting method. UAG4100 User’s Guide...
Page 26 Service Control Configure HTTP, HTTPS, and general authentication. Login Page Configure how the login and access user screens look. Configure SSH server and SSH service settings. TELNET Configure telnet server settings for the UAG. Configure FTP server settings. UAG4100 User’s Guide...
Page 27: Tables And Lists
Click the down arrow next to a column heading for more options about how to display the entries. The options available vary depending on the type of fields in the column. Here are some examples of what you can do: UAG4100 User’s Guide...
Page 28 Figure 12 Moving Columns Use the icons and fields at the bottom of the table to navigate to different pages of entries and control how many entries display at a time. Figure 13 Navigating Pages of Table Entries UAG4100 User’s Guide...
Page 29 In some lists you can also use the [Shift] or [Ctrl] key to select multiple entries, and then use the arrow button to move them to the other list. UAG4100 User’s Guide...
Page 30: Stopping The Uag
Figure 15 Working with Lists 1.5 Stopping the UAG Always use Maintenance > Shutdown > Shutdown or the shutdown command before you turn off the UAG or remove the power. Not doing so can cause the firmware to become corrupt. UAG4100 User’s Guide...
Page 31: Hardware Installation And Connection
Make sure the screws are fastened well enough to hold the weight of the UAG with the connection cables. Align the holes on the back of the UAG with the screws on the wall. Hang the UAG on the screws. UAG4100 User’s Guide...
Page 32: Front Panel
Chapter 2 Hardware Installation and Connection Figure 16 Wall Mounting Example 2.2 Front Panel This section introduces the UAG’s front panel. Figure 17 UAG Front Panel UAG4100 User’s Guide...
Page 33: Front Panel Leds
Orange This port has a successful link to a 1000 Mbps Ethernet network. Blinking The UAG is sending or receiving packets to/from a 1000 Mbps Ethernet network on this port There is no connection on this port. UAG4100 User’s Guide...
Page 34: Rear Panel
• No flow control Connect the male 9-pin end of the RS-232 console cable to the console port of the UAG. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer. UAG4100 User’s Guide...
Page 35: Installation Setup Wizard
The screens vary depending on the encapsulation type. Refer to information provided by your ISP to know what to enter in each field. Leave a field blank if you don’t have that information. Note: Enter the Internet access information exactly as your ISP gave it to you. UAG4100 User’s Guide...
Page 36: Internet Access: Ethernet
This screen is read-only if you set the previous screen’s IP Address Assignment field to Auto. Use this screen to configure your IP address settings. Note: Enter the Internet access information exactly as given to you by your ISP. UAG4100 User’s Guide...
Page 37: Internet Access: Pppoe
DDNS and the time server. Leave the field as 0.0.0.0 if you do not want to configure DNS servers. 3.1.3 Internet Access: PPPoE Note: Enter the Internet access information exactly as given to you by your ISP. UAG4100 User’s Guide...
Page 38 • Zone: This is the security zone to which this interface and Internet connection will belong. • IP Address: Enter your (static) public IP address. Auto displays if you selected Auto as the IP Address Assignment in the previous screen. UAG4100 User’s Guide...
Page 39: Internet Access: Pptp
• CHAP/PAP - Your UAG accepts either CHAP or PAP when requested by the remote node. • CHAP - Your UAG accepts CHAP only. • PAP - Your UAG accepts PAP only. • MSCHAP - Your UAG accepts MSCHAP only. • MSCHAP-V2 - Your UAG accepts MSCHAP-V2 only. UAG4100 User’s Guide...
Page 40: Internet Access - Finish
0.0.0.0 if you do not want to configure DNS servers. 3.1.6 Internet Access - Finish You have set up your UAG to access the Internet. A screen displays with your settings. If they are not correct, click Back. UAG4100 User’s Guide...
Page 41: Device Registration
UAG’s serial number and LAN MAC address to register it if you have not already done so. Note: You must be connected to the Internet to register. Use the Registration > Service screen to update your service subscription status. UAG4100 User’s Guide...
Page 42 Chapter 3 Installation Setup Wizard Figure 25 Registration UAG4100 User’s Guide...
Page 43: Quick Setup Wizards
4.2 WAN Interface Quick Setup Click WAN Interface in the main Quick Setup screen to open the WAN Interface Quick Setup Wizard Welcome screen. Use these screens to configure an interface to connect to the Internet. Click Next. UAG4100 User’s Guide...
Page 44: Choose An Ethernet Interface
WAN Type Selection: Select the type of encapsulation this connection is to use. Choose Ethernet when the WAN port is used as a regular Ethernet. Otherwise, choose PPPoE or PPTP for a dial-up connection according to the information from your ISP. UAG4100 User’s Guide...
Page 45: Configure Wan Settings
Use this screen to configure the ISP and WAN interface settings. This screen is read-only if you set the IP Address Assignment to Auto. Note: Enter the Internet access information exactly as your ISP gave it to you. UAG4100 User’s Guide...
Page 46 Type the password associated with the user name above. Use up to 64 ASCII characters except the [] and ?. This field can be blank. Retype to Type your password again for confirmation. Confirm Nailed-Up Select Nailed-Up if you do not want the connection to time out. UAG4100 User’s Guide...
Page 47: Quick Setup Interface Wizard: Summary
DNS server (in the order you specify here) to resolve domain names for DDNS and the time server. Back Click Back to return to the previous screen. Next Click Next to continue. 4.2.5 Quick Setup Interface Wizard: Summary This screen displays the WAN interface’s settings. UAG4100 User’s Guide...
Page 48 This field only appears for an Ethernet interface. It displays the IP address of the gateway. Address First DNS Server If the IP Address Assignment is Static, these fields display the DNS server IP address(es). Second DNS Server Close Click Close to exit the wizard. UAG4100 User’s Guide...
Page 49: Dashboard
The dashboard displays general device information, system status, system resource usage, licensed service status, and interface status in widgets that you can re-arrange to suit your needs. You can also collapse, refresh, and close individual widgets. UAG4100 User’s Guide...
Page 50 Widget Settings Use this link to open or close widgets by selecting/clearing the associated checkbox. Up Arrow (B) Click this to collapse a widget. It then becomes a down arrow. Click it again to enlarge the widget again. UAG4100 User’s Guide...
Page 51 Number of This field displays the number of users currently logged in to the UAG. Click the icon to Login Users pop-open a list of the users who are currently logged in to the UAG. UAG4100 User’s Guide...
Page 52 Assignment Static - This interface has a static IP address. DHCP Client - This Ethernet interface gets its IP address from a DHCP server. Dynamic - This PPP interface gets its IP address from a DHCP server. UAG4100 User’s Guide...
Page 53 This section displays a summary for all connected wireless APs. Click the link to go to the AP information > AP List screen. Online This displays the number of currently connected management APs. Management Offline This displays the number of currently offline managed APs. Management UAG4100 User’s Guide...
Page 54: The Cpu Usage Screen
This field displays the destination address (if any) in the packet that generated the log. 5.2.1 The CPU Usage Screen Use this screen to look at a chart of the UAG’s recent CPU usage. To access this screen, click CPU Usage in the dashboard. Figure 34 Dashboard > CPU Usage UAG4100 User’s Guide...
Page 55: The Memory Usage Screen
Click this to update the information in the window right away. 5.2.3 The Active Sessions Screen Use this screen to look at a chart of the UAG’s recent traffic session usage. To access this screen, click Show Active Sessions in the dashboard. UAG4100 User’s Guide...
Page 56: The Dhcp Table Screen
Use this screen to look at the IP addresses currently assigned to DHCP clients and the IP addresses reserved for specific MAC addresses. To access this screen, click DHCP Table in System Status in the dashboard. Figure 37 Dashboard > System Status >DHCP Table UAG4100 User’s Guide...
Page 57: The Number Of Login Users Screen
To access this screen, click Number of Login Users in System Status in the dashboard. System Status > Figure 38 Dashboard > Number of Login Users UAG4100 User’s Guide...
Page 58 (external user), this field will show its external-group information when you move your mouse over it. If the external user matches two external-group objects, both external-group object names will be shown. Force Logout Click this icon to end a user’s session. UAG4100 User’s Guide...
Page 59: Monitor
• Use the Station Info > Station List screen (see Section 6.14 on page 80) to view statistics pertaining to the connected stations (or “wireless clients”). • Use the Printer Status screen (see Section 6.15 on page 81) to view information about the connected statement printers. UAG4100 User’s Guide...
Page 60: The Port Statistics Screen
Poll Interval and clicking Set Interval. Switch to Click this to display the port statistics as a line graph. Graphic View This field displays the port’s number in the list. Port This field displays the physical port number. UAG4100 User’s Guide...
Page 61: The Port Statistics Graph Screen
Use this screen to look at a line graph of packet statistics for each physical port. To access this screen, click Port Statistics in the Status screen and then the Switch to Graphic View Button. Figure 40 Monitor > System Status > Port Statistics > Switch to Graphic View UAG4100 User’s Guide...
Page 62: The Interface Status Screen
6.3 The Interface Status Screen This screen lists all of the UAG’s interfaces and gives packet statistics for them. Click Monitor > System Status > Interface Status to access this screen. Figure 41 Monitor > System Status > Interface Status UAG4100 User’s Guide...
Page 63 Ethernet interfaces. Name This field displays the name of each interface. If there is a Expand icon (plus-sign) next to the name, click this to look at the statistics for virtual interfaces on top of this interface. UAG4100 User’s Guide...
Page 64: The Traffic Statistics Screen
You use the Traffic Statistics screen to tell the UAG when to start and when to stop collecting information for these reports. You cannot schedule data collection; you have to start and stop it manually in the Traffic Statistics screen. UAG4100 User’s Guide...
Page 65 This field indicates whether the IP address or user is sending or receiving traffic. RX From- traffic is coming from the IP address or user to the UAG. Tx To - traffic is going from the UAG to the IP address or user. UAG4100 User’s Guide...
Page 66: The Session Monitor Screen
6.5 The Session Monitor Screen The Session Monitor screen displays information about all established sessions that pass through the UAG for debugging or statistical analysis. It is not possible to manage sessions in this screen. The following information is displayed. UAG4100 User’s Guide...
Page 67 The User, Service, Source Address, and Destination Address fields display if you view all sessions. Select your desired filter criteria and click the Search button to filter the list of sessions. UAG4100 User’s Guide...
Page 68: The Ddns Status Screen
This field displays the length of the active session in seconds. 6.6 The DDNS Status Screen The DDNS Status screen shows the status of the UAG’s DDNS domain names. Click Monitor > System Status > DDNS Status to open the following screen. UAG4100 User’s Guide...
Page 69: The Ip/Mac Binding Monitor Screen
MAC binding enabled and have ever established a session with the UAG. Devices that have never established a session with the UAG do not display in the list. Figure 45 Monitor > System Status > IP/MAC Binding UAG4100 User’s Guide...
Page 70: The Login Users Screen
See Chapter 30 on page 275. Type This field displays the way the user logged in to the UAG. IP Address This field displays the IP address of the computer used to log in to the UAG. UAG4100 User’s Guide...
Page 71: The Upnp Port Status Screen
Internal Client. Protocol This field displays the protocol of the NAT mapping rule (TCP or UDP). Internal Port This field displays the port number on the Internal Client to which the UAG should forward incoming connection requests. UAG4100 User’s Guide...
Page 72: The Usb Storage Screen
This field displays what file system the USB storage device is formatted with. This field displays Unknown if the file system of the USB storage device is not supported by the UAG, such as NTFS. Speed This field displays the connection speed the USB storage device supports. UAG4100 User’s Guide...
Page 73: The Dynamic Guest Screen
Use this screen to look at a list of dynamic guest user accounts on the UAG’s local database. To access this screen, click Monitor > System Status > Dynamic Guest. Figure 49 Monitor > System Status > Dynamic Guest UAG4100 User’s Guide...
Page 74 Table 31 Monitor > System Status > Dynamic Guest Icons LABEL DESCRIPTION This guest account is un-used. This guest account is in use and online. This guest account has been used but is offline now. This guest account expired. This guest account has been deleted. UAG4100 User’s Guide...
Page 75: The Ap List Screen
UAG last started up. Last Off-line This displays the most recent time the AP went off-line. N/A displays if the AP has either Time not come on-line or gone off-line since the UAG last started up. UAG4100 User’s Guide...
Page 76: Station Count Of Ap
Use this screen to look at station statistics for the connected AP. To access this screen, select an entry and click the More Information button in the AP List screen. Figure 51 Monitor > Wireless > AP Information > AP List > Station Count of AP UAG4100 User’s Guide...
Page 77: The Radio List Screen
This displays the model of the AP to which the radio belongs. MAC Address This displays the MAC address of the radio. Radio This indicates the radio number on the AP to which it belongs. OP Mode This indicates the radio’s operating mode, such as AP (access point). UAG4100 User’s Guide...
Page 78 This displays the total number of packets transmitted by the radio. Rx FCS Error This indicates the number of received packet errors accrued by the radio. Count Tx Retry Count This indicates the number of times the radio has attempted to re-transmit packets. UAG4100 User’s Guide...
Page 79: Ap Mode Radio Information
24 hours. To access this window, select an entry and click the More Information button in the Radio List screen. Figure 53 Monitor > Wireless > AP Information > Radio List > AP Mode Radio Information UAG4100 User’s Guide...
Page 80: The Station List Screen
6.14 The Station List Screen Use this screen to view statistics pertaining to the associated stations (or “wireless clients”). Click Monitor > Wireless > Station Info to access this screen. Figure 54 Monitor > Wireless > Station List UAG4100 User’s Guide...
Page 81: The Printer Status Screen
IPv4 Address This field displays the IP address of the printer that you configured in the Configuration > Printer Manager screen. Update Time This field displays the date and time the UAG last synchronized with the printer. UAG4100 User’s Guide...
Page 82: The Vpn 1-1 Mapping Status Screen
This field displays the name of the pool profile that you configured for the VPN 1-1 mapping rule. Force Logout Select a user ID and click this icon to end a user’s session. Refresh Click this button to update the information in the screen. UAG4100 User’s Guide...
Page 83: Vpn 1-1 Mapping Statistics
Events that generate an alert (as well as a log message) display in red. Regular logs display in black. Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order. UAG4100 User’s Guide...
Page 84 This displays when you show the filter. Select the service whose log messages you would like to see. The Web Configurator uses the protocol and destination port number(s) of the service to select which log messages you see. UAG4100 User’s Guide...
Page 85 This field displays the destination IP address and the port number of the event that generated the log message. Note This field displays any additional information about the log message. The Web Configurator saves the filter settings if you leave the View Log screen and return to it later. UAG4100 User’s Guide...
Page 86: View Ap Log
Table 42 Monitor > Log > View AP Log LABEL DESCRIPTION Show/Hide Filter Click this to show or hide the AP log filter. Select an AP Select an AP from the list and click Query to view its log messages. UAG4100 User’s Guide...
Page 87 This indicates the time that the log messages was created or recorded on the AP. Priority This indicates the selected log message’s priority. Category This indicates the selected log message’s category. Message This displays content of the selected log message. UAG4100 User’s Guide...
Page 88: Dynamic Users Log
Click this button to update the information in the screen. Clear Log Click this button to delete the log messages for invalid accounts. This is the index number of the dynamic guest account in the list. Status This field displays whether an account expires or not. UAG4100 User’s Guide...
Page 89 Charge This field displays the total cost of the account. Payment Info This field displays the method of payment for each account. Phone Num This field displays the telephone number for the user account. UAG4100 User’s Guide...
Page 90: Registration
NWA5123-NI). You can increase this by subscribing to additional licenses. As of this writing, each license upgrade allows an additional 8 remote managed APs while the maximum number of remote managed APs a single UAG can support is 16. UAG4100 User’s Guide...
Page 91: Registration Screen
The following table describes the labels in this screen. Table 44 Configuration > Licensing > Registration > Service LABEL DESCRIPTION License Status This is the entry’s position in the list. Service This lists the services that available on the UAG. UAG4100 User’s Guide...
Page 92 UAG at the same time or how many managed APs the UAG can support with your current license. Service License Refresh Click this button to renew service license information (such as the registration status and expiration day). UAG4100 User’s Guide...
Page 93: Wireless
UAG. 8.2 Controller Screen Use this screen to set how the UAG allows new APs to connect to the network. Click Configuration > Wireless > Controller to access this screen. Figure 63 Configuration > Wireless > Controller UAG4100 User’s Guide...
Page 94: Ap Management Screen
Select an AP and click this button to force it to restart. This field is a sequential value, and it is not associated with any entry. IP Address This field displays the IP address of the AP. MAC Address This field displays the MAC address of the AP. UAG4100 User’s Guide...
Page 95: Edit Ap List
Table 47 Configuration > Wireless > AP Management > Edit AP List LABEL DESCRIPTION Create new Object Use this menu to create a new Radio Profile object to associate with this AP. This displays the MAC address of the selected AP. UAG4100 User’s Guide...
Page 96 Select this option to treat this VLAN ID as a VLAN created on the UAG and not one assigned to it from outside the network. Click OK to save your changes back to the UAG. Cancel Click Cancel to close the window with changes unsaved. UAG4100 User’s Guide...
Page 97: Interfaces
• An interface is bound to a physical port or another interface. • Many interfaces can share the same physical port. • An interface belongs to at most one zone. • Many interfaces can belong to the same zone. UAG4100 User’s Guide...
Page 98 Ethernet interface wan1 are called wan1:1, wan1:2, and so on. Virtual interfaces created on VLAN interface vlan2 are called vlan2:1, vlan2:2, and so on. You cannot specify the number after the colon(:) in the UAG4100 User’s Guide...
Page 99: Port Role Screen
Role screen to set the UAG’s flexible ports as part of the lan1 or lan2 interfaces. This creates a hardware connection between the physical ports at the layer-2 (data link, MAC address) level. This provides wire-speed throughput but no security. UAG4100 User’s Guide...
Page 100: Ethernet Summary Screen
Unlike other types of interfaces, you cannot create new Ethernet interfaces nor can you delete any of them. If an Ethernet interface does not have any physical ports assigned to it (see Section 9.2 on page 99), the Ethernet interface is effectively removed from the UAG, but you can still configure it. UAG4100 User’s Guide...
Page 101 (STATIC) or dynamically assigned (DHCP). IP addresses are always static in virtual interfaces. Mask This field displays the interface’s subnet mask in dot decimal notation. Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide...
Page 102: Ethernet Edit
UAG automatically updates every rule or setting that uses the object whenever the interface’s IP address settings change. For example, if you change the LAN’s IP address, the UAG automatically updates the corresponding interface- based, LAN subnet address object. UAG4100 User’s Guide...
Page 103 Chapter 9 Interfaces Figure 68 Configuration > Network > Interface > Ethernet > Edit (External Type) UAG4100 User’s Guide...
Page 104 Chapter 9 Interfaces Figure 69 Configuration > Network > Interface > Ethernet > Edit (Internal Type) UAG4100 User’s Guide...
Page 105 Allowed values are 0 - 1048576. Ingress This is reserved for future use. Bandwidth Enter the maximum amount of traffic, in kilobits per second, the UAG can receive from the network through the interface. Allowed values are 0 - 1048576. UAG4100 User’s Guide...
Page 106 If this field is blank, the Pool Size must also be blank. In this case, the UAG can assign every IP address allowed by the interface’s IP address and subnet mask, except for the first address (network address), last address (broadcast address) and the interface’s IP address. UAG4100 User’s Guide...
Page 107 Static DHCP Configure a list of static IP addresses the UAG assigns to computers connected to the Table interface. Otherwise, the UAG assigns an IP address dynamically using the interface’s IP Pool Start Address and Pool Size. UAG4100 User’s Guide...
Page 108: Object References
When a configuration screen includes an Object Reference icon, select a configuration object and click Object Reference to open the Object Reference screen. This screen displays which configuration settings reference the selected object. The fields shown vary with the type of object. Figure 70 Object References UAG4100 User’s Guide...
Page 109: Add/Edit Dhcp Extended Options
16 characters (“a-z”, “A-Z, “0-9”, “-”, and “_”) with no spaces allowed. The first character must be alphabetical (a-z, A-Z). Code This field displays the code number of the selected DHCP option. If you selected User Defined in the Option field, enter a number for the option. This field is mandatory. UAG4100 User’s Guide...
Page 110 Vendor-Identifying Vendor Class option A DHCP client may use this option to unambiguously identify the vendor that manufactured the hardware on which the client is running, the software in use, or an industry consortium to which the vendor belongs. UAG4100 User’s Guide...
Page 111: Ppp Interfaces
255.255.255.255. In addition, the UAG always treats the ISP as a gateway. 9.4.1 PPP Interface Summary This screen lists every PPPoE/PPTP interface. To access this screen, click Configuration > Network > Interface > PPP. UAG4100 User’s Guide...
Page 112 This field displays the interface on the top of which the PPPoE/PPTP interface is. Account Profile This field displays the ISP account used by this PPPoE/PPTP interface. Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide...
Page 113: Ppp Interface Add Or Edit
Note: You have to set up an ISP account before you create a PPPoE/PPTP interface. This screen lets you configure a PPPoE or PPTP interface. To access this screen, click the Add icon or select an entry in the PPP interface summary screen and click the Edit icon. UAG4100 User’s Guide...
Page 114 Chapter 9 Interfaces Figure 74 Configuration > Network > Interface > PPP > Add UAG4100 User’s Guide...
Page 115 Select this if this interface is a DHCP client. In this case, the DHCP server configures the Automatically IP address automatically. The subnet mask and gateway are always defined automatically in PPPoE/PPTP interfaces. Use Fixed IP Select this if you want to specify the IP address manually. Address UAG4100 User’s Guide...
Page 116 Click WAN_TRUNK to go to a screen where you can configure the interface as part of a WAN_TRUNK WAN trunk for load balancing. Policy Route Click Policy Route to go to the screen where you can manually configure a policy route to associate traffic with this interface. UAG4100 User’s Guide...
Page 117: Vlan Interfaces
VLAN also has a unique identification number (ID). The ID is a 12-bit value that is stored in the MAC header. The VLANs are connected to switches, and the switches are connected to the router. (If one switch has enough connections for the entire network, the network does not need switches A and B.) UAG4100 User’s Guide...
Page 118: Vlan Interface Summary Screen
They can provide DHCP services, and they can verify the gateway is available. 9.5.1 VLAN Interface Summary Screen This screen lists every VLAN interface and virtual interface created on top of VLAN interfaces. To access this screen, click Configuration > Network > Interface > VLAN. UAG4100 User’s Guide...
Page 119: Vlan Interface Add/Edit
Click Reset to return the screen to its last-saved settings. 9.5.2 VLAN Interface Add/Edit This screen lets you configure IP address assignment, interface bandwidth parameters, DHCP settings, and connectivity check for each VLAN interface. To access this screen, click the Add icon UAG4100 User’s Guide...
Page 120 Chapter 9 Interfaces or select an entry in the VLAN summary screen and click the Edit icon. The following screen appears. Figure 78 Configuration > Network > Interface > VLAN > Edit UAG4100 User’s Guide...
Page 121 Enter the priority of the gateway (if any) on this interface. The UAG decides which gateway to use based on this priority. The lower the number, the higher the priority. If two or more gateways have the same priority, the UAG uses the one that was configured first. Interface Parameters UAG4100 User’s Guide...
Page 122 Enter the IP address of a DHCP server for the network. Relay Server 2 This field is optional. Enter the IP address of another DHCP server for the network. These fields appear if the UAG is a DHCP Server. UAG4100 User’s Guide...
Page 123 MAC addresses for this VLAN. This stops anyone else from manually using a bound IP address on another device connected to this interface. Use this to make use only the intended users get to use specific IP addresses. UAG4100 User’s Guide...
Page 124: Bridge Interfaces
This section introduces bridges and bridge interfaces and then explains the screens for bridge interfaces. Bridge Overview A bridge creates a connection between two or more network segments at the layer-2 (MAC address) level. In the following example, bridge X connects four network segments. UAG4100 User’s Guide...
Page 125 (250.250.250.0/23) between lan1 and vlan1. Table 61 Example: Routing Table Before and After Bridge Interface br0 Is Created IP ADDRESS(ES) DESTINATION IP ADDRESS(ES) DESTINATION 210.210.210.0/24 lan1 221.221.221.0/24 vlan0 210.211.1.0/24 lan1:1 230.230.230.192/26 wan1 221.221.221.0/24 vlan0 250.250.250.0/23 222.222.222.0/24 vlan1 230.230.230.192/26 wan1 UAG4100 User’s Guide...
Page 126: Bridge Interface Summary
This field displays the Ethernet interfaces and VLAN interfaces in the bridge interface. It is blank for virtual interfaces. Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide...
Page 127: Bridge Interface Add/Edit
To access this screen, click the Add icon, or select an entry in the Bridge summary screen and click the Edit icon. The following screen appears. Figure 80 Configuration > Network > Interface > Bridge > Add UAG4100 User’s Guide...
Page 128 Enter the IP address of the gateway. The UAG sends packets to the gateway when it does not know how to route the packet to its destination. The gateway should be on the same network as the interface. UAG4100 User’s Guide...
Page 129 Custom Defined - enter a static IP address. Server From ISP - select the DNS server that another interface received from its DHCP server. Device - the DHCP clients use the IP address of this interface and the UAG works as a DNS relay. UAG4100 User’s Guide...
Page 130 UAG stops routing to the gateway. The UAG resumes routing to the gateway the first time the gateway passes the connectivity check. UAG4100 User’s Guide...
Page 131: Virtual Interfaces
MTU. The virtual interface uses the same MTU that the underlying interface uses. Unlike other interfaces, virtual interfaces do not provide DHCP services, and they do not verify that the gateway is available. UAG4100 User’s Guide...
Page 132: Virtual Interfaces Add/Edit
UAG uses the one that was configured first. Interface Parameters Egress Enter the maximum amount of traffic, in kilobits per second, the UAG can send through Bandwidth the interface to the network. Allowed values are 0 - 1048576. UAG4100 User’s Guide...
Page 133: Interface Technical Reference
DHCP clients. You have to assign the IP address and subnet mask manually. In general, the IP address and subnet mask of each interface should not overlap, though it is possible for this to happen with DHCP clients. UAG4100 User’s Guide...
Page 134 IP address, subnet mask, gateway, and available network information to the DHCP client. When the DHCP client leaves the network, the DHCP servers can assign its IP address to another DHCP client. At the time of writing, the UAG does not support ingress bandwidth management. UAG4100 User’s Guide...
Page 135 IP address. In this way WINS is similar to DNS, although WINS does not use a hierarchy (unlike DNS). A network can have more than one WINS server. Samba can also serve as a WINS server. UAG4100 User’s Guide...
Page 136 The first one runs on TCP port 1723. It is used to start and manage the second one. The second one uses Generic Routing Encapsulation (GRE, RFC 2890) to transfer information between the computers. PPTP is convenient and easy-to-use, but you have to make sure that firewalls support both PPTP sessions. UAG4100 User’s Guide...
Page 137: Trunks
ISP. The UAG balances the WAN traffic load between the connections. If one interface's connection goes down, the UAG can automatically send its traffic through another interface. You can also use trunks with policy routing to send specific traffic types through the best WAN interface for that type of traffic. UAG4100 User’s Guide...
Page 138 A queue is given an amount of bandwidth irrespective of the incoming traffic on that interface. This queue then moves to the back of the list. The next queue is In the load balancing section, a session may refer to normal connection-oriented, UDP or SNMP2 traffic. UAG4100 User’s Guide...
Page 139 In this example figure, the upper threshold of the first interface is set to 800K. The UAG sends network traffic of new sessions that exceed this limit to the secondary WAN interface. Figure 85 Spillover Algorithm Example UAG4100 User’s Guide...
Page 140: The Trunk Summary Screen
SNAT settings for traffic it routes from internal interfaces to external interfaces. Default Trunk Select whether the UAG is to use the default system WAN trunk or one of the user Selection configured WAN trunks as the default trunk for routing traffic from internal interfaces to external interfaces. UAG4100 User’s Guide...
Page 141: Configuring A User-Defined Trunk
Click Configuration > Network > Interface > Trunk, in the User Configuration table click the Add (or Edit) icon to open the following screen. Use this screen to create or edit a WAN trunk entry. Figure 87 Configuration > Network > Interface > Trunk > Add (or Edit) UAG4100 User’s Guide...
Page 142 This field displays with the least load first load balancing algorithm. It displays the maximum number of kilobits of data the UAG is to allow to come in through the interface per second. Note: You can configure the bandwidth of an interface in the corresponding interface edit screen. UAG4100 User’s Guide...
Page 143: Configuring The System Default Trunk
Note: The available bandwidth is allocated to each member interface equally and is not allowed to be changed for the default trunk. Figure 88 Configuration > Network > Interface > Trunk > Edit (System Default) UAG4100 User’s Guide...
Page 144 The UAG uses the group member interfaces in the order that they are listed. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving. UAG4100 User’s Guide...
Page 145: Policy And Static Routes
Traditionally, routing is based on the destination address only and the UAG takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator. UAG4100 User’s Guide...
Page 146 In addition, applications do not have to request a particular service or give advanced notice of where the traffic is going. UAG4100 User’s Guide...
Page 147: Policy Route Screen
The actions that can be taken include: • Routing the packet to a different gateway, outgoing interface, or trunk. IPPR follows the existing packet filtering facility of RAS in style and in implementation. Figure 90 Configuration > Network > Routing > Policy Route UAG4100 User’s Guide...
Page 148 Next-Hop This is the next hop to which packets are directed. It helps forward packets to their destinations and can be a router, outgoing interface or trunk. UAG4100 User’s Guide...
Page 149: Policy Route Edit Screen
Click Configuration > Network > Routing to open the Policy Route screen. Then click the Add or Edit icon in the Configuration section. The Add Policy Route or Policy Route Edit screen opens. Use this screen to configure or edit a policy route. UAG4100 User’s Guide...
Page 150 Select a user name or user group from which the packets are sent. Incoming Select where the packets are coming from; any, an interface, or the UAG itself (Device). For an interface, you also need to select the individual interface. UAG4100 User’s Guide...
Page 151 UAG send traffic that matches the policy route through the specified interface. Auto-Disable This field displays when you select Interface or Trunk in the Type field. Select this to have the UAG automatically disable this policy route when the next hop’s connection is down. DSCP Marking UAG4100 User’s Guide...
Page 152: Ip Static Route Screen
Click Configuration > Network > Routing > Static Route to open the Static Route screen. This screen displays the configured static routes. Configure static routes to be able to propagate the routing information to other routers. Figure 92 Configuration > Network > Routing > Static Route UAG4100 User’s Guide...
Page 153: Static Route Add/Edit Screen
Select the radio button and enter the IP address of the next-hop gateway. The gateway is a router or switch on the same segment as your UAG's interface(s). The gateway helps forward packets to their destinations. Interface Select the radio button and a predefined interface through which the traffic is sent. UAG4100 User’s Guide...
Page 154: Policy Routing Technical Reference
CLASS 3 CLASS 4 Low Drop Precedence AF11 (10) AF21 (18) AF31 (26) AF41 (34) Medium Drop Precedence AF12 (12) AF22 (20) AF32 (28) AF42 (36) High Drop Precedence AF13 (14) AF23 (22) AF33 (30) AF43 (38) UAG4100 User’s Guide...
Page 155: Zones
156) to manage the UAG’s zones. 12.1.2 What You Need to Know Effects of Zones on Different Types of Traffic Zones effectively divide traffic into three types--intra-zone traffic, inter-zone traffic, and extra-zone traffic--which are affected differently by zone-based security and policy settings. UAG4100 User’s Guide...
Page 156: The Zone Screen
The Zone screen provides a summary of all zones. In addition, this screen allows you to add, edit, and remove zones. To access this screen, click Configuration > Network > Zone. Figure 95 Configuration > Network > Zone UAG4100 User’s Guide...
Page 157: Zone Edit
The Zone Edit screen allows you to add or edit a zone. To access this screen, go to the Zone screen (see Section 12.2 on page 156), and click the Add icon or an Edit icon. Figure 96 Network > Zone > Add UAG4100 User’s Guide...
Page 158 Member lists the interfaces that belong to the zone. Select any interfaces that you want to remove from the zone, and click the left arrow button to remove them. Click OK to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. UAG4100 User’s Guide...
Page 159: Ddns
Note: Record your DDNS account’s user name, password, and domain name to use to configure the UAG. After, you configure the UAG, it automatically sends updated IP addresses to the DDNS service provider, which helps redirect traffic accordingly. UAG4100 User’s Guide...
Page 160: The Ddns Screen
- The IP address comes from the specified interface. auto detected -The DDNS server checks the source IP address of the packets from the UAG for the IP address to use for the domain name. custom - The IP address is static. UAG4100 User’s Guide...
Page 161: The Dynamic Dns Add/Edit Screen
Table 81 Configuration > Network > DDNS > Add LABEL DESCRIPTION Show Advanced Click this button to display a greater or lesser number of configuration fields. Settings / Hide Advanced Settings Enable DDNS Select this check box to use this DDNS entry. Profile UAG4100 User’s Guide...
Page 162 Primary Binding Interface settings is not available. Interface Select the interface to use for updating the IP address mapped to the domain name. Select any to let the domain name be used with any interface. Select None to not use a backup address. UAG4100 User’s Guide...
Page 163 DynDNS server delivers the mail to you. See www.dyndns.org for more information about this service. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving. UAG4100 User’s Guide...
Page 164: Nat
You can also create new NAT rules and edit or delete existing ones. 14.1.2 What You Need to Know NAT is also known as virtual server, port forwarding, or port translation. Finding Out More • See Section 14.3 on page 169 for technical background information related to these screens. UAG4100 User’s Guide...
Page 165: The Nat Screen
Mapped Port This field displays the new destination port(s) for the packet. This field is blank if there is no restriction on the original destination port. UAG4100 User’s Guide...
Page 166: The Nat Add/Edit Screen
Table 83 Configuration > Network > NAT > Add LABEL DESCRIPTION Create new Object Use to configure any new settings objects that you need to use in this screen. Enable Rule Use this option to turn the NAT rule on or off. UAG4100 User’s Guide...
Page 167 This field displays for Many 1:1 NAT. Select to which translated destination IP address Subnet/Range subnet or IP address range this NAT rule forwards packets. The original and mapped IP address subnets or ranges must have the same number of IP addresses. UAG4100 User’s Guide...
Page 168 Click OK to save your changes back to the UAG. Cancel Click Cancel to return to the NAT summary screen without creating the NAT rule (if it is new) or saving any changes (if it already exists). UAG4100 User’s Guide...
Page 169: Nat Technical Reference
The LAN user’s computer then sends traffic to IP address 1.1.1.1. NAT loopback uses the IP address of the UAG’s lan1 interface (172.16.0.1) as the source address of the traffic going from the LAN users to the LAN SMTP server. UAG4100 User’s Guide...
Page 170 NAT, the source would not match the original destination address which would cause the LAN user’s computer to shut down the session. Figure 104 LAN to LAN Return Traffic Source 172.16.0.21 Source 1.1.1.1 SMTP SMTP 172.16.0.89 172.16.0.21 UAG4100 User’s Guide...
Page 171: Vpn 1-1 Mapping
15.1.2 What You Need to Know VPN 1-1 Mapping, Firewall and Policy Route With VPN 1-1 mapping, the relevant packet flow for traffic from the matched user is: UAG4100 User’s Guide...
Page 172: The Vpn 1-1 Mapping General Screen
The following table describes the labels in this screen. Table 84 Configuration > Network > VPN 1-1 Mapping LABEL DESCRIPTION Enable VPN 1-1 Select this option to enable VPN 1-1 mapping on the UAG. Mapping Click this to create a new entry. UAG4100 User’s Guide...
Page 173: The Vpn 1-1 Mapping Edit Screen
Click Network > VPN 1-1 Mapping to open the VPN 1-1 Mapping > General screen. Then click the Add or Edit icon to open the VPN 1-1 Mapping Add/Edit Policy screen where you can configure the rule. Figure 107 Network > VPN 1-1 Mapping > Add UAG4100 User’s Guide...
Page 174: The Vpn 1-1 Mapping Profile Screen
Web Configurator and click Configuration > Network > VPN 1-1 Mapping > Profile. The following screen appears, providing a summary of the existing IP address pool profiles. Figure 108 Configuration > Network > VPN 1-1 Mapping > Profile UAG4100 User’s Guide...
Page 175 This field displays the name of the interface the profile is set to use. Select the interface through which the UAG sends traffic from the matched users. Apply Click this button to save your changes to the UAG. Reset Click this button to return the screen to its last-saved settings. UAG4100 User’s Guide...
Page 176: Http Redirect
A proxy server helps client devices make indirect requests to access the Internet or outside network resources/services. A proxy server can act as a firewall or an ALG (application layer gateway) between the private network and the Internet or other networks. It also keeps hackers from knowing internal IP addresses. UAG4100 User’s Guide...
Page 177: The Http Redirect Screen
To configure redirection of a HTTP request to a proxy server, click Configuration > Network > HTTP Redirect. This screen displays the summary of the HTTP redirect rules. Note: You can configure up to one HTTP redirect rule for each (incoming) interface. UAG4100 User’s Guide...
Page 178: The Http Redirect Edit Screen
Click Network > HTTP Redirect to open the HTTP Redirect screen. Then click the Add or Edit icon to open the HTTP Redirect Edit screen where you can configure the rule. Figure 111 Network > HTTP Redirect > Edit UAG4100 User’s Guide...
Page 179 Enter the IP address of the proxy server. Port Enter the port number that the proxy server uses. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving. UAG4100 User’s Guide...
Page 180: Smtp Redirect
E-mail clients (also called e-mail applications) then use mail server protocols such as POP (Post Office Protocol) or IMAP (Internet Message Access Protocol) to retrieve e-mail. E-mail clients also generally use SMTP to send messages to a mail UAG4100 User’s Guide...
Page 181: The Smtp Redirect Screen
To configure redirection of a SMTP message to a SMTP server, click Configuration > Network > SMTP Redirect. This screen displays the summary of the SMTP redirect rules. Note: You can configure up to one SMTP redirect rule for each (incoming) interface. UAG4100 User’s Guide...
Page 182: The Smtp Redirect Edit Screen
17.2.1 The SMTP Redirect Edit Screen Click Network > SMTP Redirect to open the SMTP Redirect screen. Then click the Add or Edit icon to open the SMTP Redirect Edit screen where you can configure the rule. UAG4100 User’s Guide...
Page 183 Object if you need to configure a new one. Select any if the rule is effective for every source. SMTP Server Enter the IP address of the SMTP server. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving. UAG4100 User’s Guide...
Page 184: Alg
When the active interface’s connection fails, the client needs to re-initialize the connection through the second interface (that was set to passive) in order to have the connection go through the second interface. UAG4100 User’s Guide...
Page 185: Before You Begin
If you are also using FTP on an additional TCP port number, enter it here. Signaling Port for Transformations Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide...
Page 186: Upnp
• Dynamic port mapping • Learning public IP addresses • Assigning lease times to mappings Windows Messenger is an example of an application that supports NAT traversal and UPnP. See the NAT chapter for more information on NAT. UAG4100 User’s Guide...
Page 187: Cautions With Upnp
Disable UPnP if this is not your intention. 19.3 UPnP Screen Use this screen to enable UPnP and NAT-PMP on your UAG. Click Configuration > Network > UPnP to display the screen shown next. Figure 116 Configuration > Network > UPnP UAG4100 User’s Guide...
Page 188: Technical Reference
Make sure the computer is connected to a LAN port of the UAG. Turn on your computer and the UAG. 19.4.1.1 Auto-discover Your UPnP-enabled Network Device Click start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. Right-click the icon and select Properties. UAG4100 User’s Guide...
Page 189 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Figure 118 Internet Connection Properties You may edit or delete the port mappings or click Add to manually add port mappings. Figure 119 Internet Connection Properties: Advanced Settings UAG4100 User’s Guide...
Page 190: Web Configurator Easy Access
UAG first. This comes helpful if you do not know the IP address of the UAG. Follow the steps below to access the web configurator. Click Start and then Control Panel. Double-click Network Connections. UAG4100 User’s Guide...
Page 191 Right-click on the icon for your UAG and select Invoke. The web configurator login screen displays. Figure 124 Network Connections: My Network Places Right-click on the icon for your UAG and select Properties. A properties window displays with basic information about the UAG. UAG4100 User’s Guide...
Page 192 Chapter 19 UPnP Figure 125 Network Connections: My Network Places: Properties: Example UAG4100 User’s Guide...
Page 193: Ip/Mac Binding
(Section 20.3 on page 196) to configure ranges of IP addresses to which the UAG does not apply IP/MAC binding. 20.1.2 What You Need to Know DHCP IP/MAC address bindings are based on the UAG’s dynamic and static DHCP entries. UAG4100 User’s Guide...
Page 194: Ip/Mac Binding Summary
Click Apply to save your changes back to the UAG. 20.2.1 IP/MAC Binding Edit Click Configuration > Network > IP/MAC Binding > Edit to open the IP/MAC Binding Edit screen. Use this screen to configure an interface’s IP to MAC address binding settings. UAG4100 User’s Guide...
Page 195 This is the MAC address of the device to which the UAG assigns the entry’s IP address. Description This helps identify the entry. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving. UAG4100 User’s Guide...
Page 196: Static Dhcp Edit
Click Configuration > Network > IP/MAC Binding > Exempt List to open the IP/MAC Binding Exempt List screen. Use this screen to configure ranges of IP addresses to which the UAG does not apply IP/MAC binding. Figure 130 Configuration > Network > IP/MAC Binding > Exempt List UAG4100 User’s Guide...
Page 197 Enter the first IP address in a range of IP addresses for which the UAG does not apply IP/MAC binding. End IP Enter the last IP address in a range of IP addresses for which the UAG does not apply IP/MAC binding. Apply Click Apply to save your changes back to the UAG. UAG4100 User’s Guide...
Page 198: Layer 2 Isolation
• Use the General screen (Section 21.2 on page 199) to enable layer-2 isolation on the UAG and the internal interface(s). • Use the White List screen (Section 21.3 on page 199) to enable and configures the white list. UAG4100 User’s Guide...
Page 199: Layer-2 Isolation General Screen
Click Reset to return the screen to its last-saved settings. 21.3 White List IP addresses that are not listed in the white list are blocked from communicating with other devices in the layer-2-isolation-enabled internal interface(s) except for broadcast packets. UAG4100 User’s Guide...
Page 200: Add/Edit White List Rule
This screen allows you to create a new rule in the white list or edit an existing one. To access this screen, click the Add button or select an entry from the list and click the Edit button. Note: You can configure up to 20 white list rules on the UAG. UAG4100 User’s Guide...
Page 201 Specify a description for the IP address associated with this rule. Enter up to 60 characters, spaces and underscores allowed. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving your changes. UAG4100 User’s Guide...
Page 202: Ipnp
UAG are not in the same subnet. Figure 135 IPnP Application 22.1.1 What You Can Do in this Chapter Use the IP screen (Section 22.2 on page 203) to enable IPnP on the UAG and the internal interface(s). UAG4100 User’s Guide...
Page 203: Ipnp Screen
Member list. To remove an interface, select the name(s) in the Member list and click the left arrow button. Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide...
Page 204: Web Authentication
(Section 23.3 on page 218) to enable and create walled garden links that display in the login screen. • Use the Configuration > Web Authentication > Advertisement screens (Section 23.4 on page 220) to enable and set advertisement links. UAG4100 User’s Guide...
Page 205: What You Need To Know
The Web Authentication screen displays the web portal settings and web authentication policies you have configured on the UAG. The screen differs depending on what you select in the Authentication field. Click Configuration > Web Authentication to display the screen. UAG4100 User’s Guide...
Page 206 Chapter 23 Web Authentication Figure 138 Configuration > Web Authentication (Web Portal) UAG4100 User’s Guide...
Page 207 Chapter 23 Web Authentication Figure 139 Configuration > Web Authentication (User Agreement) UAG4100 User’s Guide...
Page 208 UAG automatically logs out the access user. Reauthentication Enter the number of minutes the user can be logged into the UAG in one session before Time having to log in again. UAG4100 User’s Guide...
Page 209 If you leave this field blank, the UAG will use the welcome page of internal user agreement file. Download Click this to download an example external user agreement file for your reference. The following fields are available if you set Authentication to Web Portal or User Agreement. UAG4100 User’s Guide...
Page 210 This displays the source address object to which this policy applies. Destination This displays the destination address object to which this policy applies. Schedule This field displays the schedule object that dictates when the policy applies. none means the policy is active at all times if enabled. UAG4100 User’s Guide...
Page 211: Creating/Editing An Authentication Policy
Select this check box to activate the authentication policy. This field is available for user- configured policies. Description Enter a descriptive name of up to 60 printable ASCII characters for the policy. Spaces are allowed. This field is available for user-configured policies. UAG4100 User’s Guide...
Page 212: User-Aware Access Control Example
Click Configuration > Object > User/Group > User. Click the Add icon. Enter the same user name that is used in the RADIUS server, and set the User Type to ext-user because this user account is authenticated by an external server. Click OK. UAG4100 User’s Guide...
Page 213 Member list. This example only has one member in this group, so click OK. Of course you could add more members later. Figure 143 Configuration > Object > User/Group > Group > Add Repeat this process to set up the remaining user groups. UAG4100 User’s Guide...
Page 214 Click Configuration > Object > Auth. Method. Double-click the default entry. Click the Add icon. Select group radius because the UAG should use the specified RADIUS server for authentication. Click OK. Figure 145 Configuration > Object > Auth. method > Edit UAG4100 User’s Guide...
Page 215 Select Enable Policy. Set the Authentication field to required, and make sure Force User Authentication is selected. Keep the rest of the default settings, and click OK. Note: The users must log in at the Web Configurator login screen before they can use HTTP or MSN. UAG4100 User’s Guide...
Page 216 Membership Attribute field to the attribute that the UAG is to check to determine to which group a user belongs. This example uses Class. This attribute’s value is called a group identifier; it determines to which group a user belongs. In this example the values are Finance, Engineer, Sales, and Boss. UAG4100 User’s Guide...
Page 217 Finance, Engineer, Sales, or Boss and set the Associated AAA Server Object to radius. Figure 149 Configuration > Object > User/Group > User > Add Repeat this process to set up the remaining groups of user accounts. UAG4100 User’s Guide...
Page 218: Walled Garden Screen
This field is a sequential value, and it is not associated with any entry. Status This icon is lit when the entry is active and dimmed when the entry is inactive. Name This field displays the descriptive name of web site. This field displays the address of web site. UAG4100 User’s Guide...
Page 219: Adding/Editing A Walled Garden Url
Cancel Click Cancel to exit this screen without saving. 23.3.2 Walled Garden Login Example The following figure shows the user login screen with two walled garden links. The links are named WalledGardenLink1 through 2 for demonstration purposes. UAG4100 User’s Guide...
Page 220: Advertisement Screen
Use this screen to set the UAG to display an advertisement web page as the first web page whenever the user connects to the Internet. Click Configuration > Web Authentication > Advertisement to display the screen. Figure 153 Configuration > Web Authentication > Advertisement UAG4100 User’s Guide...
Page 221: Adding/Editing An Advertisement Url
Note: You can create up to 20 advertisement URL entries. The UAG randomly picks one and open the specified web site in a new frame when an authenticated user is attempts to access the Internet. Figure 154 Configuration > Web Authentication > Advertisement > Add/Edit UAG4100 User’s Guide...
Page 222 Preview Click this button to open the specified web site in a new frame. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving. UAG4100 User’s Guide...
Page 223: Firewall
Zones A zone is a group of interfaces. Group the UAG’s interfaces into different zones based on your needs. You can configure firewall rules for data passing between zones or even between interfaces. UAG4100 User’s Guide...
Page 224 The global firewall rules are the only firewall rules that apply to an interface that is not included in a zone. The from any rules apply to traffic coming from the interface and the to any rules apply to traffic going to the interface. UAG4100 User’s Guide...
Page 225: The Firewall Screen
UAG to the LAN. The following steps and figure describe such a scenario. A computer on the LAN1 initiates a connection by sending a SYN packet to a receiving server on the WAN. The UAG reroutes the packet to gateway A, which is in Subnet 2. UAG4100 User’s Guide...
Page 226: Configuring The Firewall Screen
NAT entry that sends WAN traffic to a LAN IP address, when you configure a corresponding firewall rule to allow the traffic, you need to set the LAN IP address as the destination. • The ordering of your rules is very important as rules are applied in sequence. UAG4100 User’s Guide...
Page 227 To any displays all the firewall rules for traffic coming from the selected From Zone. From any to any displays all of the firewall rules. To Device rules are for traffic that is destined for the UAG and control which computers can manage the UAG. UAG4100 User’s Guide...
Page 228: The Firewall Add/Edit Screen
Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. 24.2.2 The Firewall Add/Edit Screen In the Firewall screen, click the Edit or Add icon to display the Firewall Rule Edit screen. UAG4100 User’s Guide...
Page 229 Select an IPv4 address or address group to apply an IPv4 rule to traffic going to it. Select any to apply an IPv4 rule to all traffic going to IPv4 addresses. Service Select a service or service group from the drop-down list box. UAG4100 User’s Guide...
Page 230: The Session Control Screen
Use this screen to limit the number of concurrent NAT/firewall sessions a client can use. You can apply a default limit for all users and individual limits for specific users, addresses, or both. The individual limit takes priority if you apply both. Figure 159 Configuration > Firewall > Session Limit UAG4100 User’s Guide...
Page 231: The Session Limit Add/Edit Screen
Click Configuration > Firewall > Session Limit and the Add or Edit icon to display the Firewall Session Limit Edit screen. Use this screen to configure rules that define a session limit for specific users or addresses. UAG4100 User’s Guide...
Page 232: Firewall Rule Configuration Example
172.16.1.10 through 172.16.1.15 (Dest_1) on the LAN. Click Configuration > Firewall. In the summary of firewall rules click Add to configure a new first entry. The sequence (priority) of the rules is important since they are applied in order. UAG4100 User’s Guide...
Page 233 Select From WAN and To LAN and enter a name for the firewall rule. Select Dest_1 for the Destination and Doom as the Service. Enter a description and configure the rest of the screen as follows. Click OK when you are done. UAG4100 User’s Guide...
Page 234: Firewall Rule Example Applications
To do this, you would configure a LAN to WAN firewall rule that blocks IRC traffic from any source IP address from going to any destination address. You do not need to specify a schedule since you need the firewall rule to always be in effect. The following figure shows the results of this rule. UAG4100 User’s Guide...
Page 235 CEO’s computer (172.16.1.7 for example) to go to any destination address. You do not need to specify a schedule since you want the firewall rule to always be in effect. The following figure shows the results of your two custom rules. UAG4100 User’s Guide...
Page 236 The rule for the CEO must come before the rule that blocks all LAN1 to WAN IRC traffic. If the rule that blocks all LAN1 to WAN IRC traffic came first, the CEO’s IRC traffic would match that rule and the UAG would drop it and not check any other firewall rules. UAG4100 User’s Guide...
Page 237: Billing
He starts using the Internet for the first 20 minutes and then disconnects his Internet access to go to a 20-minute meeting. After the meeting, he only has 20 minutes left on his account. UAG4100 User’s Guide...
Page 238: The General Screen
Unused account Enter the number and select a time unit from the drop-down list box to specify how long to will be deleted wait before the UAG deletes an account that has not been used. after the time: UAG4100 User’s Guide...
Page 239: The Billing Profile Screen
25.3 The Billing Profile Screen Use this screen to configure the billing profiles that defines the maximum Internet access time and charge per time unit. Click Configuration > Billing > Billing Profile to open the following screen. UAG4100 User’s Guide...
Page 240 This field displays the duration of the billing period. Price This field displays each profile’s price per time unit. Apply Click this button to save your changes to the UAG. Reset Click this button to return the screen to its last-saved settings. UAG4100 User’s Guide...
Page 241: The Account Generator Screen
This is the number of each discount level. The default (first) level cannot be edited or deleted. It is created automatically according to the billing profile of the button you select. Name This field displays the conditions of each discount level. UAG4100 User’s Guide...
Page 242 SMS in the Configuration > SMS screen. You can enter the user’s mobile phone number and click Send SMS to send the account information in an SMS text message to the user’s mobile phone. Close this window when you are finished viewing it. UAG4100 User’s Guide...
Page 243: The Account Redeem Screen
The following figure shows a printout preview example. Close this window when you are finished viewing it. 25.3.2 The Account Redeem Screen The Account Redeem screen allows you to send SMS messages for certain accounts. Click the Account Redeem tab in the Account Generator screen to open this screen. UAG4100 User’s Guide...
Page 244 Charge This field displays the total cost of the account. Payment Info This field displays the method of payment for each account. Phone Num This field displays the mobile phone number for the account. UAG4100 User’s Guide...
Page 245: The Billing Profile Add/Edit Screen
25.4 The Discount Screen Use this screen to configure a custom discount pricing plan. This is useful for providing reduced rates for purchases of longer periods of time. You can charge higher rates per unit at lower levels UAG4100 User’s Guide...
Page 246 Name This field displays the conditions of each discount level. Unit This field displays the duration of the billing period that should be reached before the UAG charges users at this level. UAG4100 User’s Guide...
Page 247: The Discount Add/Edit Screen
Internet. You must register with the supported credit card service before you can configure the UAG to handle credit card transactions. Click Configuration > Billing > Payment Service to open the following screen. UAG4100 User’s Guide...
Page 248 Enter the ID token provided to you by PayPal after successfully applying for your PayPal account. Payment Enter the address of the PayPal gateway provided to you by PayPal after applying for your Gateway PayPal account. Account Delivery Method UAG4100 User’s Guide...
Page 249: The Payment Service Custom Service Screen
Use this screen to customize the online payment service pages that displays after an unauthorized user click the link in the Web Configurator login screen to purchase access time. Click Configuration > Billing > Payment Service > Custom Service to open the following screen. UAG4100 User’s Guide...
Page 250 Chapter 25 Billing Figure 176 Configuration > Billing > Payment Service > Custom Service UAG4100 User’s Guide...
Page 251 Enter a note to display when you set the UAG to send account information via SMS text Message messages. Use up to 1024 printable ASCII characters. Spaces are allowed. Apply Click this button to save your changes to the UAG. Reset Click this button to return the screen to its last-saved settings. UAG4100 User’s Guide...
Page 252: Printer Manager
254) to customize the account printout. 26.2 The General Screen Use this screen to configure a printer list and allow the UAG to monitor the printer status. Click Configuration > Printer Manager > General to open the following screen. UAG4100 User’s Guide...
Page 253 To remove an entry, select it and click Remove. The UAG confirms you want to remove it before doing so. Activate To turn on an entry, select it and click Activate. Inactivate To turn off an entry, select it and click Inactivate. UAG4100 User’s Guide...
Page 254: The Printout Configuration Screen
Use Customized Select this to use a custom account printout format instead of the default one built into the Printout UAG. Once this option is selected, the custom format controls below become active. Configuration UAG4100 User’s Guide...
Page 255: Reports Overview
A B C A A Monthly Account Summary A B C B A Last Month Account Summary A B C B B System Status A B C C A The following sections describe each report printout in detail. UAG4100 User’s Guide...
Page 256: Daily Account Summary
For example, if you press the monthly account key combination on 2013/05/17 at 20:00:00, the monthly account report includes the accounts created from 2013/05/ 01 at 00:00:01 to 2013/05/17 at 19:59:59. Key combination: A B C B A The following figure shows an example. UAG4100 User’s Guide...
Page 257: Account Report Notes
(up to 2000 entries total). 26.3.6 System Status This report shows the current system information such as the host name and WAN IP address. Key combination: A B C C A The following figure shows an example. UAG4100 User’s Guide...
Page 258 This field displays the end of the continuous addresses in the IP address pool. CPUS This field displays the UAG’s recent CPU usage. MEMS This field displays the UAG’s recent memory usage. DKST This field displays what percentage of the UAG’s onboard flash memory is currently being used. UAG4100 User’s Guide...
Page 259: Free Time
Internet surfing during the specified time period. 27.2 The Free Time Screen Use this screen to enable and configure the free time settings. Click Configuration > Free Time to open the following screen. Figure 182 Configuration > Free Time UAG4100 User’s Guide...
Page 260 Click this button to save your changes to the UAG. Reset Click this button to return the screen to its last-saved settings. The following figure shows an example login screen with a link to create a free guest account. UAG4100 User’s Guide...
Page 261 You can still click the link to get a free account. If SMS is enabled on the UAG, you have to enter your mobile phone number before clicking OK to get a free guest account. UAG4100 User’s Guide...
Page 262 Chapter 27 Free Time The guest account information then displays in the screen and/or is sent to the configured mobile phone number. UAG4100 User’s Guide...
Page 263: Sms
Click Configuration > SMS to open the following screen. Figure 183 Configuration > SMS The following table describes the labels in this screen. Table 129 Configuration > SMS LABEL DESCRIPTION General Settings Enable SMS Select the check box to turn on the SMS service. UAG4100 User’s Guide...
Page 264 Type the Password associated with the user name. Retype to Type your password again for confirmation. Confirm Apply Click this button to save your changes to the UAG. Reset Click this button to return the screen to its last-saved settings. UAG4100 User’s Guide...
Page 265: Bandwidth Management
In the following example, you configure a Per-user bandwidth management rule for billing-users to limit outgoing traffic to 300 kbs. Then all billing-users (A, B and C) can send 300 kbps of traffic. UAG4100 User’s Guide...
Page 266 • Outbound traffic goes from a LAN1 device to a WAN device. Bandwidth management is applied before sending the packets out a WAN interface on the UAG. • Inbound traffic comes back from the WAN device to the LAN1 device. Bandwidth management is applied before sending the traffic out a LAN1 interface. UAG4100 User’s Guide...
Page 267 • Then lower-priority traffic gets bandwidth. • The UAG uses a fairness-based (round-robin) scheduler to divide bandwidth among traffic flows with the same priority. • The UAG automatically treats traffic with bandwidth management disabled as priority 7 (the lowest priority). UAG4100 User’s Guide...
Page 268 (800 kbps), leaving only 200 kbps for server B. Table 131 Priority Effect POLICY CONFIGURED RATE MAX. B. U. PRIORITY ACTUAL RATE 800 kbps 800 kbps 1000 kbps 200 kbps UAG4100 User’s Guide...
Page 269: The Bandwidth Management Screen
The default bandwidth management policy is the one with the priority of “default”. It is the last policy the UAG checks if traffic does not match any other bandwidth management policies you have configured. You cannot remove, activate, deactivate or move the default bandwidth management policy. UAG4100 User’s Guide...
Page 270 This is the destination interface of the traffic to which this policy applies. Interface Source This is the source address or address group for whom this policy applies. If any displays, the policy is effective for every source. UAG4100 User’s Guide...
Page 271: The Bandwidth Management Add/Edit Screen
The Configuration > BWM Add/Edit screen allows you to create a new condition or edit an existing one. To access this screen, go to the Configuration > BWM screen (see Section 29.2 on page 269), and click either the Add icon or an Edit icon. UAG4100 User’s Guide...
Page 272 Chapter 29 Bandwidth Management Figure 188 Configuration > BWM > Edit (For the Default Policy) Configuration > BWM > Add/Edit Figure 189 UAG4100 User’s Guide...
Page 273 “af” identifies one of four classes and one of three drop preferences. See Section 11.4 on page 154 for more details. Select preserve to have the UAG keep the packets’ original DSCP value. Select default to have the UAG set the DSCP value of the packets to 0. UAG4100 User’s Guide...
Page 274 Select whether to have the UAG generate a log (log), log and alert (log alert) or not (no) for packets that match the policy. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving your changes. UAG4100 User’s Guide...
Page 275: User/Group
WWW, TELNET, SSH, Console Perform basic diagnostics (CLI) Access Users ext-user External user account ext-group-user External group user account guest-manager Create dynamic guest accounts pre-subscriber Access network services Web Authentication Portal dynamic-guest Access network services Web Authentication Portal UAG4100 User’s Guide...
Page 276 UAG4100 User’s Guide...
Page 277: User Summary Screen
30.2 User Summary Screen The User screen provides a summary of all user accounts. To access this screen, login to the Web Configurator, and click Configuration > Object > User/Group. UAG4100 User’s Guide...
Page 278: User Add/Edit Screen
- this user has access to the UAG’s services but cannot look at the configuration. Description This field displays the description for each user. 30.2.1 User Add/Edit Screen The User Add/Edit screen allows you to create a new user account or edit an existing one. UAG4100 User’s Guide...
Page 279 • zyxel To access this screen, go to the User screen (see Section 30.2 on page 277), and click either the Add icon or an Edit icon. Figure 191 Configuration > User/Group > User > Add UAG4100 User’s Guide...
Page 280 UAG in one session before the user has to log in again. You can specify 1 to 1440 minutes. You can enter 0 to make the number of minutes unlimited. Unlike Lease Time, the user has no opportunity to renew the session without logging out. UAG4100 User’s Guide...
Page 281: User Group Summary Screen
The Group Add/Edit screen allows you to create a new user group or edit an existing one. To access this screen, go to the Group screen (see Section 30.3 on page 281), and click either the Add icon or an Edit icon. UAG4100 User’s Guide...
Page 282: The User/Group Setting Screen
UAG. You can also use this screen to specify when users must log in to the UAG before it routes traffic for them. To access this screen, login to the Web Configurator, and click Configuration > Object > User/ Group > Setting. UAG4100 User’s Guide...
Page 283 Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings. This field is a sequential value, and it is not associated with a specific entry. UAG4100 User’s Guide...
Page 284 IP addresses. Maximum number per This field is effective when Limit number of simultaneous logons for access account access account is checked. Type the maximum number of simultaneous logins by each access user. UAG4100 User’s Guide...
Page 285: Default User Settings Edit Screens
To access this screen, go to the Configuration > Object > User/Group > Setting screen (see Section 30.4 on page 282), and select one of the Default Settings section’s entry and click the Edit icons. Figure 195 Configuration > Object > User/Group > Setting > Edit UAG4100 User’s Guide...
Page 286: User Aware Login Example
30.4.2 User Aware Login Example Access users cannot use the Web Configurator to browse the configuration of the UAG. Instead, after access users log into the UAG, the following screen appears. Figure 196 Web Configurator for Non-Admin Users UAG4100 User’s Guide...
Page 287: User /Group Technical Reference
Lease Time. Possible Values: 1-1440 (minutes). reauthTime Reauthentication Time. Possible Values: 1-1440 (minutes). The following example shows you how you might set up user attributes in RADIUS servers. Figure 197 RADIUS Example: Keywords for User Attributes type=user;leaseTime=222;reauthTime=222 UAG4100 User’s Guide...
Page 288 Web Configurator, to create the accounts. Extract the user names from the RADIUS server, and create a shell script that creates the user accounts. See Chapter 41 on page 400 for more information about shell scripts. UAG4100 User’s Guide...
Page 289: Ap Profile
The SSID (Service Set IDentifier) is the name that identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID. In other words, it is the name of the wireless network that clients use to connect to it. UAG4100 User’s Guide...
Page 290: Radio Screen
Table 145 Configuration > Object > AP Profile > Radio LABEL DESCRIPTION Click this to add a new radio profile. Edit Click this to edit the selected radio profile. Remove Click this to remove the selected radio profile. UAG4100 User’s Guide...
Page 291 Channel ID This field indicates the broadcast channel which this radio profile is configured to use. Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide...
Page 292: Add/Edit Radio Profile
This screen allows you to create a new radio profile or edit an existing one. To access this screen, click the Add button or select a radio profile from the list and click the Edit button. Figure 199 Configuration > Object > AP Profile > Add/Edit Radio Profile UAG4100 User’s Guide...
Page 293 802.11n headers and wraps them in a 802.11n MAC header. This method is useful for increasing bandwidth throughput in environments that are prone to high error rates. A-MPDU Limit Enter the maximum frame size to be aggregated. UAG4100 User’s Guide...
Page 294 Select the check box and set a minimum client signal strength for connecting to the AP. -20 dBm is the strongest signal you can require and -76 is the weakest. Clear the check box to not require wireless clients to have a minimum signal strength to connect to the AP. UAG4100 User’s Guide...
Page 295: Ssid Screen
(such as the WiFi adapter in a laptop), and is displayed as the wireless network name when a person makes a connection to it. To access this screen click Configuration > Object > AP Profile > SSID. UAG4100 User’s Guide...
Page 296 This field indicates the QoS type associated with the SSID profile. MAC Filtering This field indicates which (if any) MAC Filter Profile is associated with the SSID profile. Profile VLAN ID This field indicates the VLAN ID associated with the SSID profile. UAG4100 User’s Guide...
Page 297: Add/Edit Ssid Profile
MAC filtering allows you to limit the wireless clients connecting to your network through a particular SSID by wireless client MAC addresses. Any clients that have MAC addresses not in the MAC filtering profile of allowed addresses are denied connections. The disable setting means no MAC filtering is used. UAG4100 User’s Guide...
Page 298: Security List
This screen allows you to manage wireless security configurations that can be used by your SSIDs. Wireless security is implemented strictly between the AP broadcasting the SSID and the stations that are connected to it. To access this screen click Configuration > Object > AP Profile > SSID > Security List. UAG4100 User’s Guide...
Page 299 This field is a sequential value, and it is not associated with a specific profile. Profile Name This field indicates the name assigned to the security profile. Security Mode This field indicates this profile’s security mode (if any). UAG4100 User’s Guide...
Page 300: Add/Edit Security Profile
Enter up to 31 alphanumeric characters for the profile name. This name is only visible in the Web Configurator and is only for management purposes. Spaces and underscores are allowed. Security Mode Select a security mode from the list: wep, wpa, wpa2, or wpa2-mix. UAG4100 User’s Guide...
Page 301 WEP encryption protocol to further secure. Not all wireless clients may support this. • aes - This is the Advanced Encryption Standard encryption method. It is a more recent development over TKIP and considerably more robust. Not all wireless clients may support this. UAG4100 User’s Guide...
Page 302: Mac Filter List
This field is a sequential value, and it is not associated with a specific profile. Profile Name This field indicates the name assigned to the MAC filtering profile. Filter Action This field indicates this profile’s filter action (if any). UAG4100 User’s Guide...
Page 303: Add/Edit Mac Filter Profile
This field displays a description for the MAC address associated with this profile. You can click the description to make it editable. Enter up to 60 characters, spaces and underscores allowed. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving your changes. UAG4100 User’s Guide...
Page 304: Addresses
The Address screen provides a summary of all addresses in the UAG. To access this screen, click Configuration > Object > Address > Address. Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order. UAG4100 User’s Guide...
Page 305: Address Add/Edit Screen
To access this screen, go to the Address screen (see Section 32.2 on page 304), and click either the Add icon or an Edit icon in the Configuration section. Figure 207 IPv4 Address Configuration > Add/Edit UAG4100 User’s Guide...
Page 306: Address Group Summary Screen
Configuration > Object > Address > Address Group. Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order. Figure 208 Configuration > Object > Address > Address Group UAG4100 User’s Guide...
Page 307: Address Group Add/Edit Screen
To access this screen, go to the Address Group screen (see Section 32.3 on page 306), and click either the Add icon or an Edit icon in the Configuration section. Figure 209 Address Group Configuration > Add UAG4100 User’s Guide...
Page 308 Move any members you do not want included to the Available list. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving your changes. UAG4100 User’s Guide...
Page 309: Services
For example, ICMP is used to send the response if a computer cannot be reached. Another use is ping. ICMP does not guarantee delivery, but networks often treat ICMP messages differently, sometimes looking at the message itself to decide where to send it. UAG4100 User’s Guide...
Page 310: The Service Summary Screen
To access this screen, log in to the Web Configurator, and click Configuration > Object > Service > Service. Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order. Figure 210 Configuration > Object > Service > Service UAG4100 User’s Guide...
Page 311: The Service Add/Edit Screen
Number Enter the number of the next-level protocol (IP protocol). Allowed values are 1 - 255. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving your changes. UAG4100 User’s Guide...
Page 312: The Service Group Summary Screen
The Service Group Add/Edit screen allows you to create a new service group or edit an existing one. To access this screen, go to the Service Group screen (see Section 33.3 on page 312), and click either the Add icon or an Edit icon. UAG4100 User’s Guide...
Page 313 Move any members you do not want included to the Available list. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving your changes. UAG4100 User’s Guide...
Page 314: Schedules
Recurring schedules are useful for defining the workday and off-work hours. Finding Out More • See Section 39.4 on page 346 for information about the UAG’s current date and time. UAG4100 User’s Guide...
Page 315: The Schedule Summary Screen
This field displays the name of the schedule, which is used to refer to the schedule. Start Time This field displays the time at which the schedule begins. Stop Time This field displays the time at which the schedule ends. UAG4100 User’s Guide...
Page 316: The One-Time Schedule Add/Edit Screen
Specify the hour and minute when the schedule ends. • Hour - 0 - 23 • Minute - 0 - 59 Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving your changes. UAG4100 User’s Guide...
Page 317: The Recurring Schedule Add/Edit Screen
Minute - 0 - 59 Weekly Week Days Select each day of the week the recurring schedule is effective. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving your changes. UAG4100 User’s Guide...
Page 318: Aaa Server
The following lists the types of authentication server the UAG supports. • Local user database The UAG uses the built-in local user database to authenticate administrative users logging into the UAG’s Web Configurator or network access users logging into the network through the UAG. UAG4100 User’s Guide...
Page 319: Radius Server Summary
Click Configuration > Object > AAA Server > RADIUS to display the RADIUS screen. Click the Add icon or an Edit icon to display the following screen. Use this screen to create a new RADIUS entry or edit an existing one. UAG4100 User’s Guide...
Page 320 If the RADIUS server requires the UAG to provide the Network Access Server (NAS) IP address attribute with a specific value, enter it here. Case-sensitive Select this if the server checks the case of the usernames. User Names UAG4100 User’s Guide...
Page 321 “management”. Then you could also create a ext-group-user user object for each group. One with “sales” as the group identifier, another for “RD” and a third for “management”. Click OK to save the changes. Cancel Click Cancel to discard the changes. UAG4100 User’s Guide...
Page 322: Authentication Method
36.2 Authentication Method Objects Click Configuration > Object > Auth. Method to display the screen as shown. Note: You can create up to four authentication method objects. Figure 220 Configuration > Object > Auth. Method UAG4100 User’s Guide...
Page 323: Creating An Authentication Method Object
Note: You can NOT select two server objects of the same type. Click OK to save the settings or click Cancel to discard all changes and return to the previous screen. UAG4100 User’s Guide...
Page 324 UAG does not continue the search on the second authentication server when you enter the username and password that doesn’t match the one on the first authentication server. Click OK to save the changes. Cancel Click Cancel to discard the changes. UAG4100 User’s Guide...
Page 325: Certificates
Jenny receives the message and uses Tim’s public key to verify it. Jenny knows that the message is from Tim, and that although other people may have been able to read the message, no-one can have altered it (because they cannot re-sign the message with Tim’s private key). UAG4100 User’s Guide...
Page 326 The UAG currently allows the importation of a PKS#7 file that contains a single certificate. • PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses lowercase letters, uppercase letters and numerals to convert a binary PKCS#7 certificate into a printable form. UAG4100 User’s Guide...
Page 327: Verifying A Certificate
Make sure that the certificate has a “.cer” or “.crt” file name extension. Figure 222 Remote Host Certificates Double-click the certificate’s icon to open the Certificate window. Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields. Figure 223 Certificate Details UAG4100 User’s Guide...
Page 328: The My Certificates Screen
This field displays the certificate index number. The certificates are listed in alphabetical order. Name This field displays the name used to identify this certificate. It is recommended that you give each certificate a unique name. UAG4100 User’s Guide...
Page 329: The My Certificates Add Screen
Click Configuration > Object > Certificate > My Certificates and then the Add icon to open the My Certificates Add screen. Use this screen to have the UAG create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request. UAG4100 User’s Guide...
Page 330 @ symbol, periods and the underscore. Organizational Unit Identify the organizational unit or department to which the certificate owner belongs. You can use up to 31 characters. You can use alphanumeric characters, the hyphen and the underscore. UAG4100 User’s Guide...
Page 331: The My Certificates Edit Screen
37.2.2 The My Certificates Edit Screen Click Configuration > Object > Certificate > My Certificates and then the Edit icon to open the My Certificate Edit screen. You can use this screen to view in-depth certificate information and change the certificate’s name. UAG4100 User’s Guide...
Page 332 The UAG does not trust the certificate and displays “Not trusted” in this field if any certificate on the path has expired or been revoked. Refresh Click Refresh to display the certification path. UAG4100 User’s Guide...
Page 333 You can copy and paste a certificate into an e-mail to send to friends or colleagues or you can copy and paste a certificate into a text editor and save the file on a management computer for later distribution (via floppy disk for example). UAG4100 User’s Guide...
Page 334: The My Certificates Import Screen
The certificate you import replaces the corresponding request in the My Certificates screen. You must remove any spaces from the certificate’s filename before you can import it. Figure 227 Configuration > Object > Certificate > My Certificates > Import UAG4100 User’s Guide...
Page 335: The Trusted Certificates Screen
To remove an entry, select it and click Remove. The UAG confirms you want to remove it before doing so. Subsequent certificates move up by one when you take this action. UAG4100 User’s Guide...
Page 336: The Trusted Certificates Edit Screen
Trusted Certificates Edit screen. Use this screen to view in-depth information about the certificate, change the certificate’s name and set whether or not you want the UAG to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority. UAG4100 User’s Guide...
Page 337 Chapter 37 Certificates Figure 229 Configuration > Object > Certificate > Trusted Certificates > Edit UAG4100 User’s Guide...
Page 338 Key Algorithm This field displays the type of algorithm that was used to generate the certificate’s key pair (the UAG uses RSA encryption) and the length of the key set in bits (1024 bits for example). UAG4100 User’s Guide...
Page 339: The Trusted Certificates Import Screen
Trusted Certificates Import screen. Follow the instructions in this screen to save a trusted certificate to the UAG. Note: You must remove any spaces from the certificate’s filename before you can import the certificate. Figure 230 Configuration > Object > Certificate > Trusted Certificates > Import UAG4100 User’s Guide...
Page 340 You cannot import a certificate with the same name as a certificate that is already in the UAG. Browse Click Browse to find the certificate file you want to upload. Click OK to save the certificate on the UAG. Cancel Click Cancel to quit and return to the previous screen. UAG4100 User’s Guide...
Page 341: Isp Accounts
To remove an entry, select it and click Remove. The UAG confirms you want to remove it before doing so. Object Reference Select an entry and click Object Reference to open a screen that shows which settings use the entry. See Section 9.3.2 on page 108 for an example. UAG4100 User’s Guide...
Page 342: Isp Account Edit
This field is read-only if you are editing an existing account. Select the protocol used by the ISP account. Options are: pppoe - This ISP account uses the PPPoE protocol. pptp - This ISP account uses the PPTP protocol. UAG4100 User’s Guide...
Page 343 ISP Account Edit screen. Cancel Click Cancel to return to the ISP Account screen without creating the profile (if it is new) or saving any changes to the profile (if it already exists). UAG4100 User’s Guide...
Page 344: System
IP addresses the access can come. • The Language screen (Section 39.12 on page 384) sets the user interface language for the UAG’s Web Configurator screens. Note: See each section for related background information and term definitions. UAG4100 User’s Guide...
Page 345: Host Name
Note: Only connect one USB device. It must allow writing (it cannot be read-only) and use the FAT16, FAT32, EXT2, or EXT3 file system. Click Configuration > System > USB Storage to open the screen as shown next. UAG4100 User’s Guide...
Page 346: Date And Time
To change your UAG’s time based on your local time zone and date, click Configuration > System > Date/Time. The screen displays as shown. You can manually set the UAG’s time and date or have the UAG get the date and time from a time server. UAG4100 User’s Guide...
Page 347 This field displays the last updated date from the time server or the last date configured (yyyy-mm-dd) manually. When you set Time and Date Setup to Manual, enter the new date in this field and then click Apply. UAG4100 User’s Guide...
Page 348 For example, if you set this field to 3.5, a log occurred at 6 P.M. in local official time will appear as if it had occurred at 10:30 P.M. Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide...
Page 349: Pre-Defined Ntp Time Servers List
Enter the UAG’s date in the New Date field. Under Time Zone Setup, select your Time Zone from the list. As an option you can select the Enable Daylight Saving check box to adjust the UAG clock for daylight savings. Click Apply. UAG4100 User’s Guide...
Page 350: Console Port Speed
The Console Port Speed applies to a console port connection using terminal emulation software and NOT the Console in the UAG Web Configurator Status screen. Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide...
Page 351: Dns Overview
DDNS and the time server. You can also configure the UAG to accept or discard DNS queries. Use the Network > Interface screens to configure the DNS server information that the UAG sends to the specified DHCP client devices. Figure 238 Configuration > System > DNS UAG4100 User’s Guide...
Page 352 This is the domain name where the mail is destined for. IP/FQDN This is the IP address or Fully-Qualified Domain Name (FQDN) of a mail server that handles the mail for the domain specified in the field above. UAG4100 User’s Guide...
Page 353: Address Record
A PTR (pointer) record is also called a reverse record or a reverse lookup record. It is a mapping of an IP address to a domain name. 39.6.5 Adding an Address/PTR Record Click the Add icon in the Address/PTR Record table to add an address/PTR record. UAG4100 User’s Guide...
Page 354: Domain Zone Forwarder
For example, zyxel.com.tw is the domain zone for the www.zyxel.com.tw fully qualified domain name. 39.6.7 Adding a Domain Zone Forwarder Click the Add icon in the Domain Zone Forwarder table to add a domain zone forwarder record. UAG4100 User’s Guide...
Page 355: Mx Record
Each host or domain can have only one MX record, that is, one domain is mapping to one host. 39.6.9 Adding a MX Record Click the Add icon in the MX Record table to add a MX record. UAG4100 User’s Guide...
Page 356: Adding A Dns Service Control Rule
Select a predefined zone on which a DNS query to the UAG is allowed or denied. Action Select Accept to have the UAG allow the DNS queries from the specified computer. Select Deny to have the UAG reject the DNS queries from the specified computer. UAG4100 User’s Guide...
Page 357: Www Overview
You can change the timeout settings in the User/Group screens. 39.7.3 HTTPS You can set the UAG to use HTTP or HTTPS (HTTPS adds security) for Web Configurator sessions. Specify which zones allow Web Configurator access and from which IP address the access can come. UAG4100 User’s Guide...
Page 358: Configuring Www Service Control
Note: Admin Service Control deals with management access (to the Web Configurator). User Service Control deals with user access to the UAG (logging into a web portal to access the Internet for example). UAG4100 User’s Guide...
Page 359 The HTTPS server listens on port 443 by default. If you change the HTTPS server port to a different number on the UAG, for example 8443, then you must notify people who need to access the UAG Web Configurator to use “https://UAG IP Address:8443” as the URL. UAG4100 User’s Guide...
Page 360 UAG (to log into a web portal to access the Internet for example). You can also specify the IP addresses from which the users can access the UAG. Click this to create a new entry. Select an entry and click Add to create a new entry after the selected entry. UAG4100 User’s Guide...
Page 361: Service Control Rules
39.7.5 Service Control Rules Click Add or Edit in the Service Control table in a WWW, SSH, Telnet, FTP or SNMP screen to add a service control rule. Figure 245 Configuration > System > Service Control Rule > Edit UAG4100 User’s Guide...
Page 362: Customizing The Www Login Page
Web Configurator login screen. You can also customize the page that displays after an access user logs into the Web Configurator to access network services like the Internet. See Chapter 30 on page 275 for more on access user accounts. UAG4100 User’s Guide...
Page 363 Chapter 39 System Figure 246 Configuration > System > WWW > Login Page The following figures identify the parts you can customize in the login and access pages. UAG4100 User’s Guide...
Page 364 • Click Color to display a screen of web-safe colors from which to choose. • Enter the name of the desired color. • Enter a pound sign (#) followed by the six-digit hexadecimal number that represents the desired color. For example, use “#000000” for black. UAG4100 User’s Guide...
Page 365 Browse to locate it. The picture’s size cannot be over 438 x 337 pixels. Note: Use a GIF, JPG, or PNG of 100 kilobytes or less. To use a color, select Color and specify the color. UAG4100 User’s Guide...
Page 366: Https Example
Click Technical Details if you want to verify more information about the certificate from the UAG. Select I Understand the Risks and then click Add Exception to add the UAG to the security exception list. Click Confirm Security Exception. UAG4100 User’s Guide...
Page 367 39.7.7.4 Login Screen After you accept the certificate, the UAG login screen appears. The lock displayed in the bottom of the browser status bar denotes a secure connection. UAG4100 User’s Guide...
Page 368 The CA sends you a package containing the CA’s trusted certificate(s), your personal certificate(s) and a password to install the personal certificate(s). 39.7.7.5.1 Installing the CA’s Certificate Double click the CA’s trusted certificate to produce a screen similar to the one shown next. UAG4100 User’s Guide...
Page 369 You need a password in advance. The CA may issue the password or you may have to specify it during the enrollment. Double-click the personal certificate given to you by the CA to produce a screen similar to the one shown next Click Next to begin the wizard. UAG4100 User’s Guide...
Page 370 The file name and path of the certificate you double-clicked should automatically appear in the File name text box. Click Browse if you wish to import a different certificate. Figure 256 Personal Certificate Import Wizard 2 Enter the password given to you by the CA. UAG4100 User’s Guide...
Page 371 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location. Figure 258 Personal Certificate Import Wizard 4 Click Finish to complete the wizard and begin the import process. UAG4100 User’s Guide...
Page 372 When Authenticate Client Certificates is selected on the UAG, the following screen asks you to select a personal certificate to send to the UAG. This screen displays even if you only have a single certificate as in the example. UAG4100 User’s Guide...
Page 373: Ssh
SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network. In the following figure, computer A on the Internet uses SSH to securely connect to the WAN port of the UAG for a management session. UAG4100 User’s Guide...
Page 374: How Ssh Works
The client automatically saves any new server public keys. In subsequent connections, the server public key is checked against the saved version on the client computer. Encryption Method Once the identification is verified, both the client and server must agree on the type of encryption method to use. UAG4100 User’s Guide...
Page 375: Ssh Implementation On The Uag
IP address(es) in the Service Control table to access the UAG CLI using this service. Version 1 Select the check box to have the UAG use both SSH version 1 and version 2 protocols. If you clear the check box, the UAG uses only SSH version 2 protocol. UAG4100 User’s Guide...
Page 376: Secure Telnet Using Ssh Examples
Launch the SSH client and specify the connection information (IP address, port number) for the UAG. Configure the SSH client to accept connection using SSH version 1. A window displays prompting you to store the host key in you computer. Click Yes to continue. UAG4100 User’s Guide...
Page 377 The authenticity of host '172.16.0.1 (172.16.0.1)' can't be established. RSA1 key fingerprint is 21:6c:07:25:7e:f4:75:80:ec:af:bd:d4:3d:80:53:d1. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.16.0.1' (RSA1) to the list of known hosts. Administrator@172.16.0.1's password: The CLI screen displays next. UAG4100 User’s Guide...
Page 378: Telnet
To change an entry’s position in the numbered list, select the method and click Move to display a field to type a number for where you want to put it and press [ENTER] to move the rule to the number that you typed. UAG4100 User’s Guide...
Page 379: Ftp
Use this screen to specify from which zones FTP can be used to access the UAG. You can also specify from which IP addresses the access can come. Figure 271 Configuration > System > FTP UAG4100 User’s Guide...
Page 380: Snmp
Your UAG supports SNMP agent functionality, which allows a manager station to manage and monitor the UAG through the network. The UAG supports SNMP version one (SNMPv1) and version two (SNMPv2c). The next figure illustrates an SNMP management operation. UAG4100 User’s Guide...
Page 381: Supported Mibs
MIBs (private.mib and enterprise.mib) to collect information about CPU and memory usage. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. You can download the UAG’s MIBs from www.zyxel.com. UAG4100 User’s Guide...
Page 382: Snmp Traps
Use this screen to configure your SNMP settings, including from which zones SNMP can be used to access the UAG. You can also specify from which IP addresses the access can come. Figure 273 Configuration > System > SNMP UAG4100 User’s Guide...
Page 383 This displays whether the computer with the IP address specified above can access the UAG zone(s) configured in the Zone field (Accept) or not (Deny). Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide...
Page 384: Language
Select a display language for the UAG’s Web Configurator screens. You also need to open a new browser session to display the screens in the new language. Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide...
Page 385: Log And Report
Note: Data collection may decrease the UAG’s traffic throughput rate. Click Configuration > Log & Report > Email Daily Report to display the following screen. Configure this screen to have the UAG e-mail you system statistics every day. UAG4100 User’s Guide...
Page 386 Chapter 40 Log and Report Figure 275 Configuration > Log & Report > Email Daily Report UAG4100 User’s Guide...
Page 387: Log Settings Screens
The first Log Settings screen provides a settings summary. Use the Edit screens to configure settings such as log categories, e-mail addresses, and server names for any log. Use the Log UAG4100 User’s Guide...
Page 388: Log Settings Summary
This field displays the format of the log. Format Internal - system log; you can view the log on the View Log tab. VRPT/Syslog - ZyXEL’s Vantage Report, syslog-compatible format. CEF/Syslog - Common Event Format, syslog-compatible format. UAG4100 User’s Guide...
Page 389: Edit System Log Settings
The Log Settings Edit screen controls the detailed settings for each log in the system log (which includes the e-mail profiles). Go to the Log Settings Summary screen (see Section 40.3.1 on page 388), and click the system log Edit icon. UAG4100 User’s Guide...
Page 390 Chapter 40 Log and Report Figure 277 Configuration > Log & Report > Log Settings > Edit (System Log) UAG4100 User’s Guide...
Page 391 Using the System Log drop-down list to disable all logs overrides your e-mail server 1 settings. enable normal logs (green check mark) - e-mail log messages for all categories to e-mail server 1. enable alert logs (red exclamation point) - e-mail alerts for all categories to e-mail server 1. UAG4100 User’s Guide...
Page 392: Edit Log On Usb Storage Setting
The Edit Log on USB Storage Setting screen controls the detailed settings for saving logs to a connected USB storage device. Go to the Log Setting Summary screen (see Section 40.3.1 on page 388), and click the USB storage Edit icon. UAG4100 User’s Guide...
Page 393 (yellow check mark) - send the remote server log messages, alerts, and debugging information for all log categories. This field is a sequential value, and it is not associated with a specific entry. UAG4100 User’s Guide...
Page 394: Edit Remote Server Log Settings
The Log Settings Edit screen controls the detailed settings for each log in the remote server (syslog). Go to the Log Settings Summary screen (see Section 40.3.1 on page 388), and click a remote server Edit icon. UAG4100 User’s Guide...
Page 395 Chapter 40 Log and Report Figure 279 Configuration > Log & Report > Log Settings > Edit (Remote Server) UAG4100 User’s Guide...
Page 396: Log Category Settings Screen
(for example, where and how often log information is e-mailed or remote server names). To access this screen, go to the Log Settings Summary screen (see Section 40.3.1 on page 388), and click the Log Category Settings button. UAG4100 User’s Guide...
Page 397 This screen provides a different view and a different way of indicating which messages are included in each log and each alert. Please see Section 40.3.2 on page 389, where this process is discussed. (The Default category includes debugging messages generated by open source software.) UAG4100 User’s Guide...
Page 398 Log Category This field displays each category of messages. It is the same value used in the Display and Category fields in the View Log tab. The Default category includes debugging messages generated by open source software. UAG4100 User’s Guide...
Page 399 (yellow check mark) - log regular information, alerts, and debugging information from this category Click this to save your changes and return to the previous screen. Cancel Click this to return to the previous screen without saving your changes. UAG4100 User’s Guide...
Page 400: File Manager
When you apply a configuration file, the UAG uses the factory default settings for any features that the configuration file does not include. When you run a shell script, the UAG only applies the commands that it contains. Other settings do not change. UAG4100 User’s Guide...
Page 401 Your configuration files or shell scripts can use “exit” or a command line consisting of a single “!” to have the UAG exit sub command mode. Note: “exit” or “!'” must follow sub commands if it is to make the UAG exit sub command mode. UAG4100 User’s Guide...
Page 402: The Configuration File Screen
Once your UAG is configured and functioning properly, it is highly recommended that you back up your configuration file before making further configuration changes. The backup configuration file will be useful in case you need to return to your previous settings. UAG4100 User’s Guide...
Page 403 The UAG still generates a log for any errors. Figure 282 Maintenance > File Manager > Configuration File Do not turn off the UAG while configuration file upload is in progress. UAG4100 User’s Guide...
Page 404 Specify a name for the duplicate configuration file. Use up to 25 characters (including a-zA- Z0-9;‘~!@#$%^&()_+[]{}’,.=-). Click OK to save the duplicate or click Cancel to close the screen without saving a duplicate of the configuration file. UAG4100 User’s Guide...
Page 405 This column displays the number for each configuration file entry. This field is a sequential value, and it is not associated with a specific address. The total number of configuration files that you can save depends on the sizes of the configuration files and the available flash storage space. UAG4100 User’s Guide...
Page 406: The Firmware Package Screen
Find the firmware package at www.zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, “UAG.bin”. The firmware update can take up to five minutes. Do not turn off or reset the UAG while the firmware update is in progress! UAG4100 User’s Guide...
Page 407 Figure 288 Network Temporarily Disconnected After five minutes, log in again and check your new firmware version in the Dashboard screen. If the upload was not successful, the following message appears in the status bar at the bottom of the screen. UAG4100 User’s Guide...
Page 408: The Shell Script Screen
Note: You should include write commands in your scripts. If you do not use the write command, the changes will be lost when the UAG restarts. You could use multiple write commands in a long script. Figure 290 Maintenance > File Manager > Shell Script UAG4100 User’s Guide...
Page 409 This column displays the label that identifies a shell script file. Size This column displays the size (in KB) of a shell script file. Last This column displays the date and time that the individual shell script files were last changed or Modified saved. UAG4100 User’s Guide...
Page 410 Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click Browse... to find the .zysh file you want to upload. Upload Click Upload to begin the upload process. This process may take up to several minutes. UAG4100 User’s Guide...
Page 411: Diagnostics
The Diagnostic screen provides an easy way for you to generate a file containing the UAG’s configuration and diagnostic information. You may need to send this file to customer support for troubleshooting. Click Maintenance > Diagnostics to open the Diagnostic screen. Figure 293 Maintenance > Diagnostics UAG4100 User’s Guide...
Page 412: The Diagnostics Files Screen
File Name This column displays the label that identifies the file. Size This column displays the size (in bytes) of a file. Last Modified This column displays the date and time that the individual files were saved. UAG4100 User’s Guide...
Page 413: The Packet Capture Screen
Click Maintenance > Diagnostics > Packet Capture to open the packet capture screen. Note: New capture files overwrite existing files of the same name. Change the File Suffix field’s setting to avoid this. Figure 295 Maintenance > Diagnostics > Packet Capture UAG4100 User’s Guide...
Page 414 Set a time limit in seconds for the capture. The UAG stops the capture and generates the capture file when either this period of time has passed or the file reaches the size specified in the File Size field. 0 means there is no time limit. UAG4100 User’s Guide...
Page 415: The Packet Capture Files Screen
You can download the files to your computer where you can study them using a packet analyzer (also known as a network or protocol analyzer) such as Wireshark. Figure 296 Maintenance > Diagnostics > Packet Capture > Files UAG4100 User’s Guide...
Page 416: Core Dump Screen
(if ready) device if the process terminates abnormally (crashes). If you clear this option the UAG only saves Apply Click Apply to save the changes. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide...
Page 417: Core Dump Files Screen
42.5 The System Log Screen Click Maintenance > Diagnostics > System Log to open the system log files screen. This screen lists the files of system logs stored on a connected USB storage device. The files are in comma UAG4100 User’s Guide...
Page 418 File Name This column displays the label that identifies the file. Size This column displays the size (in bytes) of a file. Last Modified This column displays the date and time that the individual files were saved. UAG4100 User’s Guide...
Page 419: Packet Flow Explore
• use policy routes to control 1-1 NAT by using the policy control-virtual-server-rules activate command. Note: Once a packet matches the criteria of a routing rule, the UAG takes the corresponding action and does not perform any further flow checking. UAG4100 User’s Guide...
Page 420 Figure 300 Maintenance > Packet Flow Explore > Routing Status (Direct Route) Figure 301 Maintenance > Packet Flow Explore > Routing Status (Policy Route) Figure 302 Maintenance > Packet Flow Explore > Routing Status (VPN 1-1 Mapping Route) UAG4100 User’s Guide...
Page 421 Figure 303 Maintenance > Packet Flow Explore > Routing Status (1-1 SNAT) Figure 304 Maintenance > Packet Flow Explore > Routing Status (Default WAN Trunk) Figure 305 Maintenance > Packet Flow Explore > Routing Status (Main Route) UAG4100 User’s Guide...
Page 422 This is the original destination IP address(es). any means any IP address. Outgoing This is the name of an interface which transmits packets out of the UAG. Gateway This is the IP address of the gateway in the same network of the outgoing interface. UAG4100 User’s Guide...
Page 423: The Snat Status Screen
• use policy routes to control 1-1 NAT by using the policy control-virtual-server-rules activate command. Note: Once a packet matches the criteria of an SNAT rule, the UAG takes the corresponding action and does not perform any further flow checking. UAG4100 User’s Guide...
Page 424 Figure 306 Maintenance > Packet Flow Explore > SNAT Status (Policy Route SNAT) Figure 307 Maintenance > Packet Flow Explore > SNAT Status (VPN 1-1 Mapping Route) Figure 308 Maintenance > Packet Flow Explore > SNAT Status (1-1 SNAT) UAG4100 User’s Guide...
Page 425 The following fields are available if you click VPN 1-1 Mapping SNAT in the SNAT Flow section. This field is a sequential value, and it is not associated with any entry. Source This is the original source IP address(es). UAG4100 User’s Guide...
Page 426 This indicates which source IP address the SNAT rule uses finally. For example, Outgoing Interface IP means that the UAG uses the IP address of the outgoing interface as the source IP address for the matched packets it sends out through this rule. UAG4100 User’s Guide...
Page 427: Reboot
Click the Reboot button to restart the UAG. Wait a few minutes until the login screen appears. If the login screen does not appear, type the IP address of the device in your Web browser. You can also use the CLI command reboot to restart the UAG. UAG4100 User’s Guide...
Page 428: Shutdown
Click the Shutdown button to shut down the UAG. Wait for the device to shut down before you manually turn off or remove the power. It does not turn off the power. You can also use the CLI command shutdown to shutdown the UAG. UAG4100 User’s Guide...
Page 429: Troubleshooting
VT100 terminal emulation, no parity, 8 data bits, 1 stop bit, no flow control and 115200 bps port speed. I cannot access the Internet. • Check the UAG’s connection to the Ethernet jack with Internet access. Make sure the Internet gateway device (such as a DSL modem) is working properly. UAG4100 User’s Guide...
Page 430 You cannot set up a PPP interface, virtual Ethernet interface or virtual VLAN interface if the underlying interface is a member of a bridge. You also cannot add an Ethernet interface or VLAN interface to a bridge if the member interface has a virtual interface or PPP interface on top of it. UAG4100 User’s Guide...
Page 431 • You may need to configure the DDNS entry’s IP Address setting to Auto if the interface has a dynamic IP address or there are one or more NAT routers between the UAG and the DDNS server. UAG4100 User’s Guide...
Page 432 (This is related to AAA servers and authentication methods, which are discussed in Chapter 35 on page 318 Chapter 36 on page 322, respectively.) UAG4100 User’s Guide...
Page 433 UAG. Note: Be careful not to convert a binary file to text during the transfer process. It is easy for this to occur since many programs use text files by default. UAG4100 User’s Guide...
Page 434 You could use multiple write commands in a long script. Note: “exit” or “!'” must follow sub commands if it is to make the UAG exit sub command mode. Chapter 41 on page 400 for more on configuration files and shell scripts. UAG4100 User’s Guide...
Page 435: Resetting The Uag
Make sure the SYS LED is on and not blinking. Press the RESET button and hold it until the SYS LED begins to blink. (This usually takes about five seconds.) Release the RESET button, and wait for the UAG to restart. UAG4100 User’s Guide...
Page 436: Getting More Troubleshooting Help
Chapter 46 Troubleshooting You should be able to access the UAG using the default settings. 46.2 Getting More Troubleshooting Help Search for support information for your model at www.zyxel.com for more troubleshooting suggestions. UAG4100 User’s Guide...
Page 437: Appendix A Legal Information
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Page 438: Appendix A Legal Information
Lo smaltimento abusivo del prodotto da parte del detentore comporta l’applicazione delle sanzioni amministrative previste dalla normativa vigente." UAG4100 User’s Guide...
Page 439: Appendix A Legal Information
Naam/titel: Raymond Huang / Quality & Customer Namn/Titel: Raymond Huang / Quality & Customer Service Division / Assistant VP. Service Division / Assistant VP. Service Division / Assistant VP. Data (aaaa/mm/gg): 2013/02/01 Datum(jjjj/mm/dd): 2013/02/01 Datum (åååå/mm/dd): 2013/02/01 UAG4100 User’s Guide...
Page 440: Index
53, 55, 66 vs virtual interfaces address groups authentication and firewall server and FTP authentication method objects and SNMP and users and SSH and WWW and Telnet UAG4100 User’s Guide...
Page 441 Certificate Revocation List (CRL) downloading certificates downloading with FTP advantages of editing and CA how applied and FTP lastgood.conf 403, 406 and HTTPS managing and SSH startup-config.conf and WWW startup-config-bad.conf certification path 326, 332, 338 UAG4100 User’s Guide...
Page 442 DHCP 134, 345 virtual and DNS servers exceptional services and domain name and interfaces Extended Service Set IDentification client list ext-user pool troubleshooting static DHCP diagnostics 411, 416 DiffServ Digital Signature Algorithm public-key algorithm, see DSA UAG4100 User’s Guide...
Page 443 406, 407 avoiding warning messages uploading with FTP example firmware upload vs HTTP troubleshooting with Internet Explorer flash usage with Netscape Navigator forcing login HyperText Transfer Protocol over Secure Socket Layer, see HTTPS FQDN free guest account UAG4100 User’s Guide...
Page 444 Internet access layer-2 isolation troubleshooting 429, 432 example Internet Control Message Protocol, see ICMP Internet Explorer LDAP IP policy routing, see policy routes and users IP protocols least load first load balancing and service objects LED troubleshooting UAG4100 User’s Guide...
Page 445 VLAN NAT-PMP Ethernet interface NBNS 107, 123, 130, 135 range NetBIOS management access Name Server, see NBNS. troubleshooting Netscape Navigator Management Information Base (MIB) Network Access Server memory usage 53, 55 Network Address Translation, see NAT messages UAG4100 User’s Guide...
Page 446 ALG PTR record and HTTP redirect Public-Key Infrastructure (PKI) and interfaces public-private key pairs and NAT and schedules 151, 270, 273 and service objects and SMTP redirect UAG4100 User’s Guide...
Page 447 RESET button Service Set service subscription status 1631 (NAT) services 2131 (DHCP) and firewall 2132 (DHCP) session limits 225, 230 2516 (PPPoE) sessions 2637 (PPTP) sessions usage 53, 55 2890 (GRE) shell script UAG4100 User’s Guide...
Page 448 Source Network Address Translation, see SNAT Telnet and address groups spillover (for load balancing) and address objects and zones and address groups with SSH and address objects throughput rate and certificates troubleshooting and zones client requirements time encryption methods time servers (default) UAG4100 User’s Guide...
Page 449 142, 144 and firewall member interfaces 229, 232 142, 144 and LDAP see also load balancing and policy routes 150, 151, 270, 273 Trusted Certificates, see also certificates and RADIUS UAG4100 User’s Guide...
Page 450 223, 227 VoIP pass through and FTP see also ALG and interfaces VPN 1-1 mapping and SNMP and firewall and SSH and policy routes and Telnet example and WWW introduction extra-zone traffic UAG4100 User’s Guide...
Page 451 Index inter-zone traffic intra-zone traffic types of traffic UAG4100 User’s Guide...

ZyXEL Communications UAG4100 User Manual

Contents Overview

Table of Contents

Chapter 1 Introduction

Chapter 2 Hardware Installation and Connection

Chapter 3 Installation Setup Wizard

Chapter 4 Quick Setup Wizards

Chapter 5 Dashboard

Chapter 6 Monitor

Chapter 7 Registration

Chapter 8 Wireless

Chapter 9 Interfaces

Chapter 10 Trunks

Chapter 11 Policy and Static Routes

Chapter 12 Zones

Chapter 13 DDNS

Chapter 14 NAT

Chapter 15 VPN 1-1 Mapping

Chapter 16 HTTP Redirect

Chapter 17 SMTP Redirect

Chapter 18 ALG

Chapter 19 Upnp

Chapter 20 IP/MAC Binding

Chapter 21 Layer 2 Isolation

Chapter 22 Ipnp

Chapter 23 Web Authentication

Chapter 24 Firewall

Chapter 25 Billing

Chapter 26 Printer Manager

Chapter 27 Free Time

Chapter 28 SMS

Chapter 29 Bandwidth Management

Chapter 30 User/Group

Chapter 31 AP Profile

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications UAG4100

Summary of Contents for ZyXEL Communications UAG4100