Page 2
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system.
Document Conventions Warnings and Notes These are how warnings and notes are shown in this guide. Warnings tell you about things that could harm you or your device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Table of Contents Table of Contents Document Conventions ........................3 Contents Overview ..........................4 Table of Contents ..........................5 Part I: User’s Guide..................12 Chapter 1 Introducing the SBG...........................13 1.1 Overview ............................13 1.2 Ways to Manage the SBG ......................14 1.3 Good Habits for Managing the SBG .................... 14 1.4 Applications for the SBG ........................
Page 6
Table of Contents Part II: Technical Reference................45 Chapter 4 Dashboard ............................46 4.1 Overview ............................46 4.2 The Dashboard Screen ........................46 Chapter 5 WAN/Internet............................49 5.1 Overview ............................49 5.1.1 What You Can Do in this Chapter ..................50 5.1.2 What You Need to Know ..................... 50 5.1.3 Before You Begin ........................
Page 7
Table of Contents 6.7 The VLAN / Interface Group Screen .................... 99 6.7.1 VLAN / Interface Group: Add/Edit ..................100 6.8 The DNS Entry Screen ........................104 6.9 The DNS Forwarder Screen ......................104 6.9.1 DNS Forwarder: Add/Edit ....................105 6.10 Technical Reference ........................
Page 8
Table of Contents 9.1 Overview ............................139 9.1.1 What You Can Do in this Chapter ..................139 9.1.2 What You Need to Know ....................140 9.2 The Firewall Overview Screen ..................... 141 9.3 The DoS Screen ..........................141 9.4 The Firewall Rules Screen ......................142 9.4.1 Firewall Rule: Add/Edit ......................
Page 9
Table of Contents 10.9.3 IKE Phases .......................... 188 10.9.4 Negotiation Mode ......................189 10.9.5 IPsec and NAT ........................190 10.9.6 VPN, NAT, and NAT Traversal ................... 190 10.9.7 ID Type and Content ......................191 10.9.8 Pre-Shared Key ........................192 10.9.9 Diffie-Hellman (DH) Key Groups ..................192 Chapter 11 Bandwidth Management ........................194 11.1 Overview .............................
Page 10
Table of Contents 14.1 Overview ............................. 227 14.2 The License Screen ........................227 Chapter 15 Device Name ...........................229 15.1 Overview ............................. 229 15.2 The Device Name Screen ......................229 Chapter 16 Host Name List ..........................231 16.1 Overview ............................. 231 16.2 The Host Name List Screen ......................231 16.2.1 Add Host Name .........................
Page 11
Table of Contents 21.1 Overview ............................. 247 21.2 The Firmware Screen ........................247 21.3 The Mobile Profile Screen ......................249 Chapter 22 Backup / Restore ..........................251 22.1 Overview ............................. 251 22.2 The Backup / Restore Screen ....................251 Chapter 23 Language ............................253 23.1 Overview .............................
H A P T E R Introducing the SBG 1.1 Overview This chapter introduces the main features and applications of the SBG. The SBG5500/3310 Series consists of the following models: • SBG5500-A • SBG5500-B • SBG3310-A The SBG is a VDSL router and Gigabit Ethernet (GbE) gateway. It has one DSL port and Gigabit Ethernet for super-fast Internet access over telephone lines.
Chapter 1 Introducing the SBG 1.2 Ways to Manage the SBG Use any of the following methods to manage the SBG. • Web Configurator. This is recommended for everyday management of the SBG using a (supported) web browser. 1.3 Good Habits for Managing the SBG Do the following things regularly to make the SBG more secure and to manage the SBG more effectively.
Page 15
Chapter 1 Introducing the SBG Computers can connect to the SBG’s LAN ports. Figure 1 SBG’s Internet Access Application: ADSL/VDSL Figure 2 SBG’s Internet Access Application: ADSL Figure 3 SBG5500’s Internet Access Application: 3G/4G WAN Backup You can also configure IP filtering on the SBG for secure Internet access. When the IP filter is on, all incoming traffic from the Internet to your network is blocked by default unless it is initiated from your network.
Chapter 1 Introducing the SBG 1.4.2 SBG’s USB Support Use the USB port for file sharing or insert a 3G/4G dongle for cellular backup WAN (Internet) connections. File Sharing Use the USB port (built-in USB 2.0) to share files on USB memory sticks or USB hard drives (B). Use FTP to access the files on the USB device.
Page 17
Figure 6 SBG5500-B Front and Rear Panels None of the LEDs are on if the SBG is not receiving power. The location of the LEDs are highlighted in the figures above. The following table describes the LED behavior of the SBG5500 Series. Table 2 LED Descriptions...
Page 18
Chapter 1 Introducing the SBG Table 2 LED Descriptions (continued) COLOR STATUS DESCRIPTION ETHERNET Green The SBG has a successful Ethernet connection with a device on the Local LAN 1-4 (On Area Network (LAN). (Left LED) Connector) Blinking The SBG is sending or receiving data to/from the LAN. The SBG does not have an Ethernet connection with the LAN.
Chapter 1 Introducing the SBG Table 3 LED Descriptions (continued) COLOR STATUS DESCRIPTION Green The VPN2S has a successful Ethernet connection on the WAN. Blinking The VPN2S is sending or receiving data to/from the WAN. There is no Ethernet connection on the WAN. INTERNET Green The SBG has an IP connection but no traffic.
H A P T E R The Web Configurator 2.1 Overview The web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 10.0 and later versions, Mozilla Firefox, Google Chrome, and Safari latest versions. The recommended screen resolution is 1024 by 768 pixels. In order to use the web configurator you need to allow: •...
Page 21
Chapter 2 The Web Configurator The following screen displays if you have not yet changed your password from the default. Enter a new password, retype it to confirm and click Apply. After changing the password your SBG will log out automatically.
Chapter 2 The Web Configurator 2.2 Web Configurator Layout Figure 11 Screen Layout The main screen is divided into these parts: • A - title bar • B - navigation panel • C - main window 2.2.1 Title Bar The title bar provides some icons in the upper right corner. The icons provide the following functions.
Statistics Use this screen to view detailed DSL traffic statistics. SFP Status Use this screen to view details about the SFP connection. (SBG5500 Series only) WAN Setup Use this screen to view and configure ISP parameters, WAN IP address assignment, and other advanced properties.
Page 24
Chapter 2 The Web Configurator Table 5 Navigation Panel Summary (continued) LINK FUNCTION Use this screen to view and configure domain zone forwarder on the SBG. Forwarder Routing Routing Use this screen to view the IPv4 and IPv6 routing flow. Status Policy Route Use this screen to view and set up policy routes on the SBG.
Chapter 2 The Web Configurator Table 5 Navigation Panel Summary (continued) LINK FUNCTION General Use this screen to enable QoS and traffic prioritizing. You can also configure the QoS rules and actions. Queue Setup Use this screen to configure QoS queues. Classification Use this screen to define a classifier.
Page 26
Chapter 2 The Web Configurator Figure 12 Dashboard Screen SBG5500/3310 Series User’s Guide...
H A P T E R Wizard 3.1 Overview The Web Configurator's quick setup Wizard helps you configure Internet and VPN connection settings. This chapter provides information on configuring the Wizard screens in the Web Configurator. See the feature-specific chapters in this User’s Guide for background information. Before you begin configuring your SBG register your device at myZyxel portal and check your current license status.
Chapter 3 Wizard 3.2 Wizard Basic Setup The Wizard appears automatically after you log in the first time. Or you can go to the Wizard tab in the navigation panel. Click the Welcome to Basic Setup down arrow to configure an interface to connect to the Internet.
Page 29
Chapter 3 Wizard Figure 15 Connect to the Internet If you select the ADSL over ATM connection type, enter the VPI and VCI assigned to you and the method of multiplexing used by your ISP. Figure 16 ATM PVC Configuration SBG5500/3310 Series User’s Guide...
Page 30
Chapter 3 Wizard If you select PPPoE or PPPoA as your encapsulation, type the Username given to you by your ISP and type the Password associated with the user name. Figure 17 PPP information Use this screen to specify which IPv4 address the SBG uses to connect to the Internet. If your ISP gave you this information, enter it here.
Page 31
Chapter 3 Wizard Figure 19 DNS Server Choose the time zone for your device’s location. Click Save. Figure 20 Date and Time The SBG saves your settings and attempts to connect to the Internet. If the SBG failed to connect to the Internet or if you want to modify any of the settings you previously configured you can click Back or go to the Configuration >...
Page 32
Chapter 3 Wizard Figure 21 Basic Setup Completed You can register your device and manage subscription services available for your SBG at myZyxel portal for online services. Figure 22 Register Device and Services Once you completed the basic setup a summary of your settings displays. Click Finish to continue with the Wizard setup.
Chapter 3 Wizard Figure 23 Summary 3.3 Wizard IPsec VPN Setup Click the IPsec VPN Setup down arrow to configure a VPN (Virtual Private Network) rule for a secure connection to another computer or network. Figure 24 Wizard IPsec VPN Setup There are two types of VPN policies you can configure in the SBG.
Chapter 3 Wizard • Advanced - Select Advanced to change default settings an/or use certificates instead of a pre- shared key in the VPN rule. See Section 3.3.2 on page Figure 25 VPN Policy Type 3.3.1 VPN Express Settings The following screens will display if you select Express in the previous screen. Type the Rule Name used to identify this VPN connection (and VPN gateway).
Page 35
Chapter 3 Wizard Figure 26 VPN Express Settings In My Interface select the type of encapsulation this connection is to use. Configure a Secure Gateway IP as the peer SBG’s WAN IP address. Type a secure Pre-Shared Key. Set Local Policy to be the IP address range of the network connected to the SBG and Remote Policy to be the IP address range of the network connected to the peer SBG.
Chapter 3 Wizard This screen shows a read-only summary of the VPN tunnel’s configuration. Click Save to apply your changes. Figure 28 Summary Your SBG saves your settings. Now the VPN rule is configured on the SBG. Figure 29 VPN Express Settings Completed 3.3.2 VPN Advanced Settings The following screens will display if you select Advanced in the VPN Policy screen.
Page 37
Chapter 3 Wizard Figure 30 VPN Advanced Settings Use the following screen to setup Phase 1 Settings. Select an Encryption, Authentication Algorithm, and Key Group, and define how often the SBG renegotiates the IKE SA in the Life Time field. For more information on each label see Section 10.5 on page 164.
Page 38
Chapter 3 Wizard Figure 31 Phase 1 Settings Use the following screen to setup Phase 2 Settings. Phase 2 in an IKE uses the SA that was established in phase1 to negotiate Security Associations (SAs) for IPsec. For more information on each label on this screen see Section 10.5 on page 164.
Page 39
Chapter 3 Wizard Figure 32 Phase 2 Settings A read-only summary of the VPN tunnel’s configuration will display. If you want to save your changes click Save; otherwise go Back to modify any previous configurations. SBG5500/3310 Series User’s Guide...
Page 40
Chapter 3 Wizard Figure 33 Summary Your SBG saves your settings. Now the rule is configured on the SBG. Click Finish to exit the VPN Setup Wizard. SBG5500/3310 Series User’s Guide...
Chapter 3 Wizard Figure 34 VPN Advanced Settings Completed 3.4 Wizard IPv6 Setup Click the IPv6 Setup down arrow to configure the IPv6 settings on the SBG. Click Next to continue the Wizard, Back to return to the previous screen. SBG5500/3310 Series User’s Guide...
Page 42
Chapter 3 Wizard Figure 35 Wizard IPv6 Setup Select the WAN interface on which you want to have an IPv6 connection. Select Auto Detection for the SBG to automatically detect the IPv6 Internet connection type, and the Wizard IPv6 setup is completed. If you want to enter a static IPv6 address or obtain it from a DHCP server click Next.
Page 43
Chapter 3 Wizard Figure 37 WAN Setup Use this screen to configure the LAN IPv6 settings of the SBG. Select Delegate Prefix From WAN to automatically obtain an IPv6 network prefix from the previously selected interface. Or select Static to configure a static IPv6 address for the SBG’s LAN IPv6 address.
Page 44
Chapter 3 Wizard A read-only summary of the IPv6 settings will display. Click Finish to exit the Wizard IPv6 Setup. Figure 39 Summary SBG5500/3310 Series User’s Guide...
H A P T E R Dashboard 4.1 Overview After you log into the Web Configurator, the Dashboard screen appears. This shows the network connection status of the SBG and clients connected to it. You can use the Dashboard screen to look at the current status of the SBG, system resources, and interfaces (LAN and WAN).
Page 47
Chapter 4 Dashboard Figure 41 Dashboard List View Screen Each field is described in the following table. Table 6 Dashboard List View Screen LABEL DESCRIPTION Device Information Host Name This field displays the name used to identify the SBG on any network. Serial Number This field displays the serial number of this SBG.
Page 48
Chapter 4 Dashboard Table 6 Dashboard List View Screen LABEL DESCRIPTION Failover This field displays the passive interfaces used for failover in the SBG. VPN Status This field displays the SBG’s VPN connections and if the IP Sec SA is connected or disconnected.
H A P T E R WAN/Internet 5.1 Overview This chapter discusses the SBG’s WAN/Internet screens. Use these screens to configure your SBG for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks, such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Chapter 5 WAN/Internet 5.1.1 What You Can Do in this Chapter • Use the WAN Status screen to view the WAN traffic statistics (Section 5.3 on page 57). • Use the WAN Setup screen to view, remove or add a WAN interface. You can also configure the WAN settings on the SBG for Internet access (Section 5.3 on page 57).
Page 51
Chapter 5 WAN/Internet (Internet Service Provider). If your ISP offers a dial-up Internet connection using PPPoE (PPP over Ethernet), they should also provide a username and password (and service name) for user authentication. WAN IP Address The WAN IP address is an IP address for the SBG, which makes it accessible from an outside network. It is used by the SBG to communicate with other devices in other networks.
Page 52
Chapter 5 WAN/Internet • Any number of consecutive blocks of zeros can be replaced by a double colon. A double colon can only appear once in an IPv6 address. So 2001:0db8:0000:0000:1a2f:0000:0000:0015 can be written as 2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015, 2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15. IPv6 Prefix and Prefix Length Similar to an IPv4 subnet mask, IPv6 uses an address prefix to represent the network address.
Chapter 5 WAN/Internet Dual Stack Lite Use Dual Stack Lite when local network computers use IPv4 and the ISP has an IPv6 network. When the SBG has an IPv6 WAN address and you set IPv4/IPv6 Mode to IPv6 Only, you can enable Dual Stack Lite to use IPv4 computers and services.
Chapter 5 WAN/Internet The following table describes the labels in this screen. Table 8 Configuration > WAN / Internet > WAN Status LABEL DESCRIPTION Name This displays the name of the WAN interface. Status This shows Up if the connection to this interface is up, otherwise it will display Down. Tx Bytes This indicates the number of bytes transmitted on this interface.
Page 55
Chapter 5 WAN/Internet The following table describes the labels in this screen. Table 9 Configuration > WAN / Internet > WAN Status > xDSL Statistics LABEL DESCRIPTION Refresh Click this to refresh the statistics. xDSL Training Status This displays the current state of setting up the DSL connection. Mode This displays the ITU standard used for this connection.
View operating parameters within the fiber link. Click Configuration > WAN / Internet > WAN Status and click on the SFP Status tab. Note: This screen is only available in the SBG5500 Series. Figure 48 Configuration > WAN / Internet > WAN Status > SFP Status...
Chapter 5 WAN/Internet The following table describes the labels in this screen. Table 10 Configuration > WAN / Internet > WAN Status > SFP Status LABEL DESCRIPTION Refresh Click Refresh to update this screen. Transceiver Information Status This field displays the status of the SFP transceiver. Vendor This field displays the SFP transceiver’s vendor name.
Chapter 5 WAN/Internet Table 11 Configuration > WAN / Internet > WAN Setup (continued) LABEL DESCRIPTION Multiple Entries Select one or more WAN connections and click this to enable them. Turn On Use the [Shift] or [Ctrl] key to select multiple entries. Multiple Entries Select one or more WAN connections and click this to disable them.
Page 59
Chapter 5 WAN/Internet Figure 50 WAN / Internet > WAN Setup > Add/Edit: Routing Mode SBG5500/3310 Series User’s Guide...
Page 60
Chapter 5 WAN/Internet The following table describes the labels in this screen. Table 12 WAN Internet > WAN Setup > Add/Edit: Routing Mode LABEL DESCRIPTION General Interface Select this to activate the WAN configuration settings. Enable Name Specify a descriptive name for this connection. Type Select whether it is ADSL/VDSL over PTM, ADSL over ATM, or Ethernet connection.
Page 61
Chapter 5 WAN/Internet Table 12 WAN Internet > WAN Setup > Add/Edit: Routing Mode (continued) LABEL DESCRIPTION The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic). Enter the VCI assigned to you. Encapsulation Select the method of multiplexing used by your ISP from the drop-down list box.
Page 62
Chapter 5 WAN/Internet Table 12 WAN Internet > WAN Setup > Add/Edit: Routing Mode (continued) LABEL DESCRIPTION DNS Server This is available only when you select IPv4 Only or IPv4 IPv6 Dualstack in the IPv4 / IPv6 Mode field. Obtain DNS Select this if you want the SBG to use the DNS server addresses assigned by your ISP.
Page 63
Chapter 5 WAN/Internet Table 12 WAN Internet > WAN Setup > Add/Edit: Routing Mode (continued) LABEL DESCRIPTION Automatically Select this to have the SBG detect IPv4 address automatically through DHCP. configured by This option is configurable only when you set the method of encapsulation to IPoE. DHCPC Manual Select this to manually configure an IPv4 address of the relay server.
Page 64
Chapter 5 WAN/Internet Table 12 WAN Internet > WAN Setup > Add/Edit: Routing Mode (continued) LABEL DESCRIPTION Check Default Select this to use the default gateway for the connectivity check. Gateway Check This Select this to specify a domain name or IP address for the connectivity check. Enter that domain Address name or IP address in the field next to it.
Page 65
Chapter 5 WAN/Internet The following table describes the fields in this screen. Table 13 WAN / Internet > WAN Setup > Add/Edit: Bridge Mode (ADSL/VDSL over PTM or Ethernet) LABEL DESCRIPTION General Interface Enable Select this to activate the WAN configuration settings. Name Enter a service name of the connection.
Page 66
Chapter 5 WAN/Internet Figure 52 WAN / Internet > WAN Setup > Add/Edit: Bridge Mode (ADSL over ATM) The following table describes the fields in this screen. Table 14 WAN / Internet > WAN Setup > Add/Edit: Bridge Mode (ADSL over ATM) LABEL DESCRIPTION General...
Page 67
Chapter 5 WAN/Internet Table 14 WAN / Internet > WAN Setup > Add/Edit: Bridge Mode (ADSL over ATM) (continued) LABEL DESCRIPTION Encapsulation Select the method of multiplexing used by your ISP from the drop-down list box. Choices are: • LLC/SNAP-BRIDGING: In LCC encapsulation, bridged PDUs are encapsulated by identifying the type of the bridged media in the SNAP header.
Page 68
Chapter 5 WAN/Internet Figure 53 WAN / Internet > WAN Setup > IPv6 The following table describes the labels in this screen. Table 15 WAN / Internet > WAN Setup > IPv6 LABEL DESCRIPTION IPv6 Address Obtain an IPv6 Address Select this if you want to have the SBG use the IPv6 prefix from the connected Automatically router’s Router Advertisement (RA) to generate an IPv6 address.
Chapter 5 WAN/Internet Table 15 WAN / Internet > WAN Setup > IPv6 LABEL DESCRIPTION DNS Server 1 Enter the first IPv6 DNS server address assigned by the ISP. DNS Server 2 Enter the second IPv6 DNS server address assigned by the ISP. Tunnel (This is available only when you select IPv6 Only in the IPv4 / IPv6 Mode field.) Enable DS-Lite...
Page 70
Chapter 5 WAN/Internet Figure 54 Configuration > WAN / Internet > Mobile SBG5500/3310 Series User’s Guide...
Page 71
Chapter 5 WAN/Internet The following table describes the labels in this screen. Table 16 Configuration > WAN / Internet > Mobile LABEL DESCRIPTION 3G Connection Settings Card This field displays the manufacturer and model name of your 3G/4G card if you inserted one in Description the SBG.
Page 72
Chapter 5 WAN/Internet Table 16 Configuration > WAN / Internet > Mobile (continued) LABEL DESCRIPTION Connectivity The interface can regularly check the connection to the gateway you specified to make sure it Check is still available. You specify how often the interface checks the connection, how long to wait for a response before the attempt is a failure, and how many consecutive failures are required before the SBG stops routing to the gateway.
Chapter 5 WAN/Internet Table 16 Configuration > WAN / Internet > Mobile (continued) LABEL DESCRIPTION Enable Log Select this to activate the logging function at the interval you set in the Interval field. Interval Enter the time interval (in minutes) at which the SBG creates log messages. When Over Specify the actions the SBG takes when the time or data limit is exceeded.
Chapter 5 WAN/Internet Click Apply to save your changes and apply them to the SBG. Click Reset to change the port groups to their current configuration (last-saved values). 5.6 The Multi-WAN Screen Use the Multi-WAN screen to configure the multiple WAN load balance and failover rules to distribute traffic among different interfaces.
Chapter 5 WAN/Internet 5.6.1 Multi-WAN: Edit Select an existing multi-WAN and click Edit in the Multi-WAN screen to configure it. Figure 57 Multi-WAN: Edit The following table describes the labels in this screen. Table 18 Multi-WAN: Edit LABEL DESCRIPTION Name This field displays the label to identify the trunk.
Chapter 5 WAN/Internet Table 18 Multi-WAN: Edit (continued) LABEL DESCRIPTION Move To move an interface to a different number in the list, click the Move icon. In the field that appears, specify the number to which you want to move the interface. This column displays the priorities of the group’s interfaces.
Chapter 5 WAN/Internet 5.6.2.1 Configuring Multi-WAN Click Configuration > WAN / Internet > Multi-WAN > Edit. By default, all available WAN connections on the SBG are in active mode with a weight of 1, except for the mobile WAN connection which is set to passive mode.
Chapter 5 WAN/Internet Figure 58 Configuration > WAN / Internet > Dynamic DNS The following table describes the labels in this screen. Table 19 Configuration > WAN / Internet > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Click this to add a dynamic DNS. Edit Select an entry and click Edit to modify the dynamic DNS’s settings.
Page 79
Chapter 5 WAN/Internet Figure 59 Dynamic DNS: Add/Edit The following table describes the labels on this screen. Table 20 Dynamic DNS: Add/Edit LABEL DESCRIPTION Enable Select Enable to use this dynamic DNS. General Profile Name When you are adding a dynamic DNS entry, type a descriptive name for this DDNS entry in the SBG.
Chapter 5 WAN/Internet Table 20 Dynamic DNS: Add/Edit LABEL DESCRIPTION Click OK to save your changes back to the SBG and exit this screen. Cancel Click Cancel to exit this screen without saving. 5.8 The xDSL Advanced screen Use the xDSL Advanced screen to enable or disable PTM over ADSL, Annex M, and DSL PhyR functions. The SBG supports the PhyR retransmission scheme.
Page 81
US0, 30a, 35b The SBG must comply with at least one profile specified in G.993.2. but compliance with more than one profile is allowed. Note: 30a and 35b are only supported by the SBG5500 Series. SBG5500/3310 Series User’s Guide...
Chapter 5 WAN/Internet Table 21 Configuration > WAN / Internet > xDSL Advanced (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the SBG. Reset Click this button to return the screen to its last-saved settings. 5.9 Technical Reference The following section contains additional technical information about the SBG features described in this chapter.
Page 83
Chapter 5 WAN/Internet ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent. CBR traffic is generally time-sensitive (doesn't tolerate delay).
Page 84
Chapter 5 WAN/Internet VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain. In traditional switched environments, all broadcast packets go to each and every individual port. With VLAN, all broadcasts are confined to a specific broadcast domain. Introduction to IEEE 802.1Q Tagged VLAN A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges - they are not confined to the switch on which they were created.
Page 85
Chapter 5 WAN/Internet The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, manually enter them in the DNS server fields. If your ISP dynamically assigns the DNS server IP addresses (along with the SBG’s WAN IP address), set the DNS server fields to get the DNS server address from the ISP.
H A P T E R 6.1 Overview A Local Area Network (LAN) is a shared communication system to which many networking devices are connected. It is usually located in one immediate area such as a building or floor of a building. Use the LAN screens to help you configure a LAN DHCP server and manage IP addresses.
Chapter 6 LAN 6.1.2 What You Need To Know 6.1.2.1 About LAN IP Address IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts.
Chapter 6 LAN 6.1.3 Before You Begin Find out the MAC addresses of your network devices if you intend to add them to the DHCP Client List screen. 6.2 The LAN Status Screen Use the LAN Status Screen to view the status of all interfaces connected to the SBG, details about DHCP clients.
Chapter 6 LAN Table 22 Configuration > LAN / Home Network > LAN Status LABEL DESCRIPTION IP Address This field displays the DHCP client’s IP address. MAC Address This field displays the MAC address to which the IP address is currently assigned or for which the IP address is reserved.
Chapter 6 LAN Table 23 Configuration > LAN / Home Network > LAN Setup LABEL DESCRIPTION DHCP This shows whether the SBG acts as DHCP Server or DHCP Relay agent. It shows Disable if the DHCP server has been stopped in the SBG. IPv6 This shows the IPv6 prefix and prefix length you configured when you enable IPv6 on the LAN interface and set...
Page 91
Chapter 6 LAN The following table describes the fields in this screen. Table 24 LAN Setup: Edit > General / IPv4 LABEL DESCRIPTION General Group Name Select the interface group name for which you want to configure LAN settings. See Section 6.7 on page 99 for how to create a new interface group/VLAN.
Chapter 6 LAN Table 24 LAN Setup: Edit > General / IPv4 (continued) LABEL DESCRIPTION DNS Server 2 Specify the IP address of the secondary DNS server for the DHCP clients to use. Use one of the following ways to specify the IP address. DNS Proxy - the clients use the IP address of the SBG LAN interface.
Page 93
Chapter 6 LAN Figure 64 LAN Setup: Edit > IPv6 The following table describes the labels in this screen. Table 25 Configuration > LAN / Home Network > LAN Setup: Edit > IPv6 LABEL DESCRIPTION Link Local Address Static IPv6 Address Prefix This shows the static IPv6 address prefix used to represent the SBG network address.
Page 94
Chapter 6 LAN Table 25 Configuration > LAN / Home Network > LAN Setup: Edit > IPv6 LABEL DESCRIPTION Static Select this option to configure a fixed IPv6 address for the SBG’s LAN interface. Note: This fixed address is for local hosts to access the Web Configurator only as the global LAN IPv6 address might be changed by your ISP any time.
Chapter 6 LAN 6.4 The Static DHCP Screen This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Page 96
Chapter 6 LAN Figure 66 Static DHCP: Add/Edit The following table describes the labels in this screen. Table 27 Static DHCP: Add/Edit LABEL DESCRIPTION Static DHCP Configuration Enable Select this to activate the rule. Group Name Select the interface group name for which you want to configure static DHCP settings. See Section 6.7 on page 99 for how to create a new interface group.
Chapter 6 LAN 6.5 The Additional Subnet Screen Use the Additional Subnet screen to configure IP alias. IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The SBG supports multiple logical LAN interfaces via its physical Ethernet interface with the SBG itself as the gateway for the LAN network.
Chapter 6 LAN You need to know the MAC address of the LAN device. It may be on a label on the device or in its documentation. Figure 68 Configuration > LAN / Home Network > Wake on LAN The following table describes the labels in this screen. Table 29 Configuration >...
Chapter 6 LAN The following table describes the labels in this screen. Table 30 Configuration > LAN / Home Network > Wake on LAN LABEL DESCRIPTION Wake From Manual Type MAC Select this to enter the MAC address of the device to turn it on remotely. Host Name List Select this to look at the list of hosts connected to the SBG.
Chapter 6 LAN Table 31 Configuration > LAN / Home Network > VLAN / Interface Group LABEL DESCRIPTION This shows the index number of the interface group. Mode This shows VLAN when this is a VLAN group. This shows Interface Group when this is an interface group. Group Name This shows the descriptive name of the group.
Page 101
Chapter 6 LAN Figure 72 VLAN / Interface Group: Add/Edit (Interface Group) The following table describes the labels in this screen. Table 32 VLAN / Interface Group > Add/Edit LABEL DESCRIPTION VLAN / Interface Group Group Name Enter the descriptive name of the VLAN or Interface Group. You can enter up to 65 characters.
Page 102
Chapter 6 LAN Table 32 VLAN / Interface Group > Add/Edit LABEL DESCRIPTION This shows the index number of the interface. Interface This shows the SBG LAN interfaces. Member Select this check box to add the LAN interface to the group. Clear the Tagged check box to add the LAN interface as an untagged member port.
Page 103
Chapter 6 LAN Figure 73 WAN Interface Use In This Group: Add The following table describes the labels in this screen. Table 33 LABEL DESCRIPTION WAN Type Select the current WAN connection type. WAN Interface Select the current WAN interface. Click OK to save your changes.
Chapter 6 LAN Table 34 Clients With The Following DHCP Vendor IDs: Add LABEL DESCRIPTION DHCP Option 61 Click this to enter the Identity Association IDentifier (IAD Option 61) of the matched traffic such as the MAC address of the device. Type the DHCP Unique Identifier (DUID) you want the SBG to add in the DHCP Discovery packets that go to the DHCP server.
Chapter 6 LAN Figure 76 Configuration > LAN / Home Network > DNS Forwarder The following table describes the labels in this screen. Table 36 Configuration > LAN / Home Network > DNS Forwarder LABEL DESCRIPTION Click this to add a domain zone forwarder record. Edit Select an existing domain zone forwarder record and click Edit to modify it.
Chapter 6 LAN The following table describes the labels in this screen. Table 37 Configuration > LAN / Home Network > DNS Forwarder LABEL DESCRIPTION Domain Name Enter the domain zone in this field. A domain zone is a fully qualified domain name without the host.
Chapter 6 LAN When configured as a server, the SBG provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured. IP Pool Setup The SBG is pre-configured with a pool of IP addresses for the DHCP clients (DHCP Pool).
Page 108
Chapter 6 LAN other words, the first three numbers specify the network number while the last number identifies an individual computer on that network. Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for your SBG, but make sure that no other device on your network is using that IP address.
H A P T E R Routing 7.1 Overview The SBG usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the SBG send data to devices not reachable through the default gateway, use static routes.
Chapter 7 Routing 7.2 The Routing Status Screen The Routing Status screen allows you to view the current routing flow and quickly link to specific routing settings. Click a function box in the Routing Flow section, the related routes (activated) will display in the Routing Table section.
Page 111
Chapter 7 Routing Figure 82 Configuration > Routing > Routing Status (Policy Route) Figure 83 Configuration > Routing > Routing Status (L2TP Server) Figure 84 Configuration > Routing > Routing Status (PPTP Route) SBG5500/3310 Series User’s Guide...
Page 112
Chapter 7 Routing Figure 85 Configuration > Routing > Routing Status (Static Route) Figure 86 Configuration > Routing > Routing Status (Dynamic Route (RIP)) SBG5500/3310 Series User’s Guide...
Page 113
Chapter 7 Routing Figure 87 Configuration > Routing > Routing Status (Multi-WAN) Figure 88 Configuration > Routing > Routing Status (Main Table) SBG5500/3310 Series User’s Guide...
Page 114
Chapter 7 Routing Figure 89 Configuration > Routing > Routing Status (Address Mapping (1-1 SNAT)) The following table describes the labels in this screen. Table 38 Configuration > Routing > Routing Status LABEL DESCRIPTION Routing Flow This section shows you the flow of how the SBG determines where to route a packet. Click a function box to display the related settings in the next section.
Page 115
Chapter 7 Routing Table 38 Configuration > Routing > Routing Status LABEL DESCRIPTION Destination This is the original destination IP address(es) to which the packets are transmitted. Username This field displays the client’s login name for this connection. Host Name This is the client's host name of this connection.
Chapter 7 Routing Table 38 Configuration > Routing > Routing Status LABEL DESCRIPTION Flag This indicates the route status. U-Up: The route is up. UC-Up Cache: The route is up and it is a cache entry. !-Reject: The route is blocked and will force a route lookup to fail. G-Gateway: The route uses a gateway to forward traffic.
Chapter 7 Routing Figure 90 Configuration > Routing > Policy Route The following table describes the labels in this screen. Table 39 Configuration > Routing > Policy Route LABEL DESCRIPTION IPv4 / IPv6 Routing Table Click this to create a new entry. Select an entry and click Add to create a new entry after the selected entry.
Page 118
Chapter 7 Routing Figure 91 Policy Route: Add/Edit The following table describes the labels in this screen. Table 40 Policy Route: Add/Edit (Sheet 1 of 2) LABEL DESCRIPTION Configuration Enable Select this to activate the policy route. Policy Name Enter a descriptive name for the policy. It should begin with a letter and cannot exceed 31 characters [0-9][A-Z] [a-z][_-].
Chapter 7 Routing Table 40 Policy Route: Add/Edit (Sheet 2 of 2) LABEL DESCRIPTION Address Select Any if the policy route packets will go to all IP addresses. Otherwise select IP Address to specify the destination IP address, or select Subnet to specify the destination subnet mask. IP Address Enter a source IP address object to which the packets go.
Chapter 7 Routing The following table describes the labels in this screen. Table 41 Configuration > Routing > Static Route LABEL DESCRIPTION IPv4 / IPv6 Routing Table Click this to configure a new static route. Edit Double-click an entry or select it and click Edit to open a screen where you can modify the static route’s settings.
Chapter 7 Routing The following table describes the labels in this screen. Table 42 Routing: Add/Edit LABEL DESCRIPTION Enable This field allows you to activate/deactivate this static route. Select this to enable the static route. Clear this to disable this static route without having to delete the entry.
Page 122
Chapter 7 Routing Figure 94 Configuration > Routing > RIP The following table describes the labels in this screen. Table 43 Configuration > Routing > RIP LABEL DESCRIPTION This is the index number of the entry. Interface This is the name of the interface in which the RIP setting is used. Version The RIP version controls the format and the broadcasting method of the RIP packets that the SBG sends (it recognizes both formats when receiving).
H A P T E R Network Address Translation (NAT) 8.1 Overview This chapter discusses how to configure NAT on the SBG. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Chapter 8 Network Address Translation (NAT) Port Forwarding A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world.
Page 125
Chapter 8 Network Address Translation (NAT) Figure 95 Multiple Servers Behind NAT Example Click Configuration > NAT > Port Forwarding to open the following screen. Figure 96 Configuration > NAT > Port Forwarding The following table describes the fields in this screen. Table 44 Configuration >...
Chapter 8 Network Address Translation (NAT) Table 44 Configuration > NAT > Port Forwarding (continued) LABEL DESCRIPTION Ending Port This is the last external port number that identifies a service. LAN IP Address This is the service’s internal IP address. Translation Start This is the first internal port number that identifies a service.
Chapter 8 Network Address Translation (NAT) Table 45 Port Forwarding: Add/Edit (continued) LABEL DESCRIPTION WAN IP Enter the WAN IP address for which the incoming service is destined. If the packet’s destination IP address doesn’t match the one specified here, the port forwarding rule will not be applied. Port Mapping Select Port if you only want to enter the starting port.
Page 128
Chapter 8 Network Address Translation (NAT) Figure 98 Trigger Port Forwarding Process: Example Jane requests a file from the Real Audio server (port 7070). Port 7070 is a “trigger” port and causes the SBG to record Jane’s computer IP address. The SBG associates Jane's computer IP address with the “open”...
Chapter 8 Network Address Translation (NAT) Table 46 Network Setting > NAT > Port Triggering (continued) LABEL DESCRIPTION Status This field displays whether the rule is active or not. A green ON button signifies that this rule is active. A gray OFF button signifies that this rule is not active. Click the slide button to turn on or turn off the rule.
Chapter 8 Network Address Translation (NAT) The following table describes the labels in this screen. Table 47 Port Triggering: Configuration Add/Edit LABEL DESCRIPTION Enable Select the check box to activate this rule. Service Name Enter a name to identify this rule. It should begin with a letter and cannot exceed 20 characters [0-9][A-Z] [a-z][_-].
Chapter 8 Network Address Translation (NAT) The following table describes the fields in this screen. Table 48 Configuration > NAT > Address Mapping LABEL DESCRIPTION Click this to create a new address mapping rule. Edit Double-click an address mapping rule or select it and click Edit to open a screen where you can modify the rule’s settings.
Chapter 8 Network Address Translation (NAT) The following table describes the fields in this screen. Table 49 Address Mapping: Add/Edit LABEL DESCRIPTION Type Choose the IP/port mapping type from one of the following. One-to-One: This mode maps one internal IP address to one external IP address. Note that port numbers do not change for the One-to-one NAT mapping type.
Chapter 8 Network Address Translation (NAT) The following table describes the labels in this screen. Table 50 Configuration > NAT > Default Server LABEL DESCRIPTION Edit Double-click an entry or select it and click Edit to open a screen where you can modify the default server’s IP address.
Chapter 8 Network Address Translation (NAT) 8.6 The ALG Screen Some NAT routers may include a SIP Application Layer Gateway (ALG). A SIP ALG allows SIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream. When the SBG registers with the SIP register server, the SIP ALG translates the SBG’s private IP address inside the SIP data stream to a public IP address.
Chapter 8 Network Address Translation (NAT) 8.7 Technical Reference This part contains more information regarding NAT. 8.7.1 NAT Definitions Inside/outside denotes where a host is located relative to the SBG, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts. Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side.
Chapter 8 Network Address Translation (NAT) 8.7.3 How NAT Works Each packet has two addresses – a source address and a destination address. For outgoing packets, the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source address on the WAN.
Page 137
Chapter 8 Network Address Translation (NAT) Figure 107 NAT Application With IP Alias Port Forwarding: Services and Port Numbers The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Please also refer to the Supporting CD for more examples and details on port forwarding and NAT.
Page 138
Chapter 8 Network Address Translation (NAT) example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 108 Multiple Servers Behind NAT Example SBG5500/3310 Series User’s Guide...
H A P T E R Firewall 9.1 Overview This chapter shows you how to enable and configure the SBG’s security settings. Use the firewall to protect your SBG and network from attacks by hackers on the Internet and control access to it. By default the firewall: •...
Chapter 9 Firewall • Use the Zone Control screen to set the firewall’s default actions based on the direction of travel of packets (Section 9.6 on page 148). • Use the Scheduler Rule screen to view, add or edit time schedule rules (Section 9.7 on page 149).
Chapter 9 Firewall Certification Authority A Certification Authority (CA) issues certificates and guarantees the identity of each certificate owner. There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities. The certification authority uses its private key to sign certificates. Anyone can then use the certification authority's public key to verify the certificates.
Chapter 9 Firewall Click Configuration > Firewall / Security > DoS to display the following screen. Click the DoS Protection Blocking check box to activate protection against DoS attacks. Then click Apply to save your settings. Figure 111 Configuration > Firewall / Security > DoS 9.4 The Firewall Rules Screen This screen displays a list of the configured firewall rules.
Chapter 9 Firewall Table 55 Configuration > Firewall / Security > Firewall Rules LABEL DESCRIPTION Rules Storage Space This bar shows the percentage of the SBG’s space that has been used. If the usage is Usage almost full, you may need to remove an existing filter rule before you create a new one. Firewall Rules Status Select Enable to view all active firewall rules, or Disable to view all inactivate firewall rules.
Page 144
Chapter 9 Firewall Figure 113 Firewall Rules: Add/Edit The following table describes the labels in this screen. Table 56 Firewall Rules: Add/Edit LABEL DESCRIPTION Enable Select this to turn on the firewall rule. Logging Select this to have the SBG log when it performs the firewall rule’s selected action on the traffic traveling between the two zones.
Chapter 9 Firewall Table 56 Firewall Rules: Add/Edit LABEL DESCRIPTION Source IP Enter the source IP address, or select Any to apply firewall rule to any source IP addresses. Select Destination Device Select the destination device to which the firewall rule applies. If you select Specific Address IP, enter the source IP address in the field below.
Page 146
Chapter 9 Firewall Figure 114 Configuration > Firewall / Security > Device Service The following table describes the labels in this screen. Table 57 Configuration > Firewall / Security > Device Service LABEL DESCRIPTION Service List Edit Select a service control and click Edit to modify it. Service This is the service you may use to access the SBG.
Chapter 9 Firewall Table 57 Configuration > Firewall / Security > Device Service LABEL DESCRIPTION Apply Click Apply to save your changes. Reset Click Reset to restore your previously saved settings. 9.5.1 Device Service: Edit Double click a Service or select one and click Edit to open the following screen. Figure 115 Device Service: Edit The following table describes the labels in this screen.
Chapter 9 Firewall Figure 116 Trust Domain: Add/Edit The following table describes the labels in this screen. Table 59 Trust Domain: Add/Edit LABEL DESCRIPTION IP Address [/Prefix Length Enter a public IPv4 IP address which is allowed to access the service on the SBG from (optional)] the WAN.
Chapter 9 Firewall The following table describes the labels in this screen. Table 60 Configuration > Firewall / Security > Zone Control LABEL DESCRIPTION Status Firewall Status This shows IPv4 Enable, IPv6 Enable when the firewall is enabled, otherwise it shows Disable. You can change this in the Firewall Overview screen (Section 9.2 on page 141).
Chapter 9 Firewall Table 61 Configuration > Firewall / Security > Scheduler Rule LABEL DESCRIPTION Remove To remove an existing scheduler rule, select it and click Remove. Note: You cannot delete a scheduler rule once it is applied to a certain feature. This is the index number of the rule.
Chapter 9 Firewall Figure 120 Configuration > Firewall / Security > Service The following table describes the labels in this screen. Table 63 Configuration > Firewall / Security > Service LABEL DESCRIPTION Click this to add a new service. Edit Click this to modify an existing service, Remove Click this to remove a service,...
Chapter 9 Firewall The following table describes the labels in this screen. Table 64 Service: Add/Edit LABEL DESCRIPTION Name Enter a unique name (up to 32 printable English keyboard characters, including spaces) for your customized port. Description Enter a description for your customized port. Protocol Choose the IP protocol (TCP, UDP, ICMP, Other, or ICMPv6) that defines your customized port from the drop-down list box.
Chapter 9 Firewall The following table describes the labels in this screen. Table 65 Configuration > Firewall / Security > MAC Filter LABEL DESCRIPTION General Enable Select Enable to activate the MAC filter function. MAC Address List Click this to create a new MAC filter rule. Select a rule and click Add to create a new rule after the selected entry.
Chapter 9 Firewall Table 66 MAC Filter: Add/Edit LABEL DESCRIPTION Click OK to save your changes. Cancel Click Cancel to exit this screen without saving. 9.10 The Certificate Screen The SBG can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs.
Chapter 9 Firewall Table 67 Configuration > Firewall / Security > Certificate LABEL DESCRIPTION Type This field displays general information about the certificate. It displays Self when the certificate is self-signed. It displays Import when the certificate used is imported. Issuer This field displays identifying information about the certificate’s issuing certification authority, such as a common name, organizational unit or department, organization or company and...
Chapter 9 Firewall Configuration > Firewall / Security > AAA Server LABEL DESCRIPTION RADIUS Server Summary Click this to create a new server. Select a rule and click Add to create a new server after the selected entry. Edit Double-click a server or select it and click Edit to open a screen where you can modify the server’s settings.
Page 157
Chapter 9 Firewall The following table describes the labels in this screen. Table 68 LDAP Server: Add/Edit LABEL DESCRIPTION General Settings Name Enter a descriptive name for identification purposes. It cannot exceed 64 characters [0-9][A-Z] [a-z][_-]. Description Enter the description of each server, if any. You can use up to 128 printable ASCII characters.
Chapter 9 Firewall 9.11.2 RADIUS Server: Add/Edit Click Add icon or select a server and click Edit to display the following screen. Use this screen to create a new RADIUS entry or edit an existing one. Figure 127 RADIUS Server: Add/Edit The following table describes the labels in this screen.
Page 159
Chapter 9 Firewall Table 69 RADIUS Server: Add/Edit LABEL DESCRIPTION NAS IP Address If the RADIUS server requires the SBG to provide the Network Access Server IP address attribute with a specific value, enter it here. Case-sensitive User Names Select this if the server checks the case of the user names. Server Authentication Enter a password (up to 32 characters) as the key to be shared between the external authentication server and the SBG.
H A P T E R 10.1 Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
Page 161
Chapter 10 VPN Figure 128 IPsec VPN: Overview The VPN tunnel connects the SBG (X) and the remote IPsec router (Y). These routers then connect the local network (A) and remote network (B). A VPN tunnel is usually established in two phases. Each phase establishes a security association (SA), a contract indicating what security parameters the SBG and the remote IPsec router will use.
Page 162
Chapter 10 VPN PPTP sets up two sessions and uses Generic Routing Encapsulation (GRE, RFC 2890) to transfer information between the computers. It is convenient and easy-to-use, but you have to make sure that firewalls support both PPTP sessions. PPTP works on a client-server model and is suitable for remote access applications. For example, an employee (A) can connect to the PPTP VPN gateway (X) as a PPTP client to gain access to the company network resources from outside the office.
Chapter 10 VPN 10.4 The VPN Status Screen Use this screen to look at the VPN tunnels that are currently established. To access this screen, click Configuration > VPN > VPN Status. Figure 132 Configuration > VPN > VPN Status The following table describes the labels in this screen.
Chapter 10 VPN 10.5 The IPsec VPN Screen Click Configuration > VPN > IPsec VPN to open the following screen. Use Gateway Configuration to manage the SBG’s VPN gateway policies. A VPN gateway specifies the IPsec routers at either end of a VPN tunnel and the IKE SA settings (phase 1 settings). You can also activate and deactivate each VPN gateway.
Page 165
Chapter 10 VPN Table 71 Configuration > VPN > IPsec VPN LABEL DESCRIPTION Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings. Remove To remove an existing entry, select it and click Remove. This field displays the VPN gateway index number.
Chapter 10 VPN 10.5.1 VPN Gateway: Add/Edit Click Add to create a new VPN gateway policy. You can also double click a VPN gateway policy or select one and click Edit to go to the following screen. Figure 134 VPN Gateway: Add/Edit SBG5500/3310 Series User’s Guide...
Page 167
Chapter 10 VPN The following table describes the labels in this screen. Table 72 VPN Gateway: Add/Edit LABEL DESCRIPTION Show Advanced Settings / Click this button to display a greater or lesser number of configuration fields. Hide Advanced Settings General Settings Enable Select the check box to activate this VPN gateway policy.
Page 168
Chapter 10 VPN Table 72 VPN Gateway: Add/Edit LABEL DESCRIPTION Pre-Shared Key Select this to have the SBG and remote IPsec router use a pre-shared key (password) to identify each other when they negotiate the IKE SA. Type the pre-shared key in the field to the right.
Page 169
Chapter 10 VPN Table 72 VPN Gateway: Add/Edit LABEL DESCRIPTION Content This field is read-only if the SBG and remote IPsec router use certificates to identify each other. Type the identity of the SBG during authentication. The identity depends on the Local ID Type. IPv4 - type an IP address.
Page 170
Chapter 10 VPN Table 72 VPN Gateway: Add/Edit LABEL DESCRIPTION SA Life Time Define the length of time before an IKE or IPsec SA automatically renegotiates in this field. It may range from 1 to 99,999 seconds. A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys.
Chapter 10 VPN Table 72 VPN Gateway: Add/Edit LABEL DESCRIPTION NAT Traversal Select this if any of these conditions are satisfied. • This IKE SA might be used to negotiate IPsec SAs that use ESP as the active protocol. • There are one or more NAT routers between the SBG and remote IPsec router, and these routers do not support IPsec pass-thru or a similar feature.
Page 172
Chapter 10 VPN Figure 135 VPN Connection: Add/Edit The following table describes the labels in this screen. Table 73 VPN Connection: Add/Edit LABEL DESCRIPTION General Settings Enable Select the check box to activate this VPN connection. Connection Name Type the name used to identify this IPsec SA. You may use 1-48 alphanumeric characters, underscores (_), or dashes (-), but the first character cannot be a number.
Page 173
Chapter 10 VPN Table 73 VPN Connection: Add/Edit LABEL DESCRIPTION Application Scenario Select the scenario that best describes your intended VPN connection. Site-to-site - Choose this if the remote IPsec router has a static IP address or a domain name. This SBG can initiate the VPN tunnel. Site-to-site with Dynamic Peer - Choose this if the remote IPsec router has a dynamic IP address.
Chapter 10 VPN Table 73 VPN Connection: Add/Edit LABEL DESCRIPTION Encryption This field is applicable when the Active Protocol is ESP. Select which key size and encryption algorithm to use in the IPsec SA. Choices are: None - no encryption key or algorithm 3DES - a 168-bit key with the DES encryption algorithm AES128 - a 128-bit key with the AES encryption algorithm AES192 - a 192-bit key with the AES encryption algorithm...
Chapter 10 VPN Action: From the SBG’s GUI, click Maintenance > User Account. The client should use one of the accounts to make the connection. g. The SBG has already reached the maximum number of concurrent PPTP VPN connections. Action: There are too many clients connected. Wait a while and then retry. A PPTP client is disconnected unexpectedly.
Page 177
Chapter 10 VPN Figure 136 Configuration > VPN > PPTP VPN The following table describes the labels in this screen. Table 75 Configuration > VPN > PPTP VPN LABEL DESCRIPTION PPTP Setup Enable Use this field to turn the SBG’s PPTP VPN function on or off. IP Address Pool Enter the pool of IP addresses that the SBG uses to assign to the PPTP VPN clients.
Chapter 10 VPN Table 75 Configuration > VPN > PPTP VPN LABEL DESCRIPTION WINS Server (Optional) The WINS (Windows Internet Naming Service) server keeps a mapping table of the computer names on your network and the IP addresses that they are currently using. Type the IP addresses of up to two WINS servers to assign to the remote users.
Chapter 10 VPN a. The client has no activity for a period of time. b. The client loses connectivity to the SBG for a period of time. c. PPTP VPN is disabled on the SBG. d. When any one of these configuration changes is applied on the SBG: WAN interface used for PPTP VPN, IP address pool, access group.
Page 180
Chapter 10 VPN Figure 137 Configuration > VPN > L2TP VPN > Server The following table describes the fields in this screen. Table 76 Configuration > VPN > L2TP VPN > Server LABEL DESCRIPTION L2TP Setup Type Select Server to have the SBG Series act as a L2TP VPN server . Also, the screen varies depending on which option you select here.
Chapter 10 VPN Table 76 Configuration > VPN > L2TP VPN > Server LABEL DESCRIPTION Apply Click Apply to save your changes back to the SBG. Reset Click Reset to restore your previous settings. 10.7.2 L2TP Setup - Client This screen displays when you select Client in the Type field. Figure 138 Configuration >...
Chapter 10 VPN Table 77 Configuration > VPN > L2TP VPN > Client LABEL DESCRIPTION Management IP Address Enter the SBG's public routable IP address for management purposes, and an administrator will be able to reach the SBG via L2TP VPN connection and the address input here.
Page 183
Chapter 10 VPN b. Incorrect server address configured on the client device. Action: From the SBG’s GUI, click VPN > IPsec VPN. (1) If the Local Gateway Address for Default_L2TP_VPN_GW is set to “Any”: (2) If the Local Gateway Address for Default_L2TP_VPN_GW is an IP address: Use that IP address for the client device to connect.
Page 184
Chapter 10 VPN (2) Client loses connectivity to the SBG for a period of time. (3) Any IPsec VPN configuration change is applied on the SBG. (4) Either Default_L2TP_VPN_GW IPsec configuration or L2TP VPN is disabled on the SBG. (5) When any one of these configuration changes is applied on the SBG: WAN Interface used for L2TP VPN, IP Address Pool, Access Group.
Chapter 10 VPN Table 78 Phase 1 IPsec proposals provided by the built-in L2TP client in popular operating systems (Encryption/Authentication/Key Group) WINDOWS XP WINDOWS VISTA WINDOWS 7 IOS 5.1 ANDROID 4.1 DES/MD5/DH1 DES/SHA1/DH2 DES/MD5/DH2 After phase 1 tunnel is established, IPsec phase 2 negotiations begin. Table 79 on page 185 lists the IPsec phase 2 proposals provided by a built-in L2TP client in the popular operating systems.
Chapter 10 VPN Figure 139 Configuration > VPN > L2TP Client Status The following table describes the labels in this screen. Table 80 Configuration > VPN > L2TP Client Status LABEL DESCRIPTION L2TP Status Status This field displays whether the L2TP VPN is active or not. A yellow bulb signifies that this VPN is active.
Chapter 10 VPN Figure 140 IPsec Architecture IPsec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
Chapter 10 VPN Figure 141 Transport and Tunnel Mode IPsec Encapsulation Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
Chapter 10 VPN Figure 142 Two Phases to Set Up the IPsec SA In phase 1 you must: • Choose a negotiation mode. • Authenticate the connection by entering a pre-shared key. • Choose an encryption algorithm. • Choose an authentication algorithm. •...
Chapter 10 VPN • Aggressive Mode is quicker than Main Mode because it eliminates several steps when the communicating parties are negotiating authentication (phase 1). However the trade-off is that faster speed limits its negotiating power and it also does not provide identity protection. It is useful in remote access situations where the address of the initiator is not know by the responder and both parties want to use pre-shared key authentication.
Chapter 10 VPN Figure 143 NAT Router Between IPsec Routers Normally you cannot set up an IKE SA with a NAT router between the two IPsec routers because the NAT router changes the header of the IPsec packet. NAT traversal solves the problem by adding a UDP port 500 header to the IPsec packet.
Chapter 10 VPN Section 10.6 on page 176). The ID type and content act as an extra level of identification for incoming SAs. The type of ID can be a domain name, an IP address or an e-mail address. The content is the IP address, domain name, or e-mail address.
Page 193
Chapter 10 VPN supported. Upon completion of the Diffie-Hellman exchange, the two peers have a shared secret, but the IKE SA is not authenticated. For authentication, use pre-shared keys. SBG5500/3310 Series User’s Guide...
H A P T E R Bandwidth Management 11.1 Overview Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. Without QoS, all traffic data is equally likely to be dropped when the network is congested.
Page 195
Chapter 11 Bandwidth Management CoS technologies include IEEE 802.1p layer 2 tagging and DiffServ (Differentiated Services or DS). IEEE 802.1p tagging makes use of three bits in the packet header, while DiffServ is a new protocol and defines a new DS field, which replaces the eight-bit ToS (Type of Service) field in the IP header. Tagging and Marking In a QoS class, you can configure whether to add or change the DSCP (DiffServ Code Point) value, IEEE 802.1p priority level and VLAN ID number in a matched packet.
Chapter 11 Bandwidth Management 11.2 The General Screen Click Configuration > Bandwidth Management > General to open the screen as shown next. Use this screen to enable or disable QoS and set the upstream bandwidth. See Section 11.1 on page 194 for more information.
Chapter 11 Bandwidth Management Table 86 Configuration > Bandwidth Management > General (continued) (continued) LABEL DESCRIPTION LAN Managed Enter the amount of downstream bandwidth for the LAN interfaces (including WLAN) that you Downstream want to allocate using QoS. Bandwidth The recommendation is to set this speed to match the WAN interfaces’ actual transmission speed.
Page 198
Chapter 11 Bandwidth Management Figure 145 Configuration > Bandwidth Management > Queue Setup The following table describes the labels in this screen. Table 87 Network Setting > QoS > Queue Setup LABEL DESCRIPTION Click this button to create a new queue entry. Edit Double-click a queue entry or select it and click Edit to open a screen where you can modify the queue’s settings.
Chapter 11 Bandwidth Management 11.3.1 QoS Queue: Add/Edit Click Add or the select an existing queue and click Edit icon in the Queue Setup screen to configure a queue. Figure 146 Queue Setup: Add/Edit The following table describes the labels in this screen. Table 88 Queue Setup: Add/Edit LABEL DESCRIPTION...
Chapter 11 Bandwidth Management 11.4 The Classification Setup Screen Use this screen to add, edit or delete QoS classifiers. A classifier groups traffic into data flows according to specific criteria such as the source address, destination address, source port number, destination port number or incoming interface.
Chapter 11 Bandwidth Management 11.4.1 QoS Class: Add/Edit Click Add in the Classification Setup screen or the Edit icon next to a classifier to open the following screen. Figure 148 Classification Setup: Add/Edit The following table describes the labels in this screen. Table 90 Classification Setup: Add/Edit LABEL DESCRIPTION...
Page 202
Chapter 11 Bandwidth Management Table 90 Classification Setup: Add/Edit (continued) LABEL DESCRIPTION Class Name Enter a descriptive name for the classifier. You can use up to 31 alphanumeric characters, it must begin with a letter. The valid characters are [0-9][a-z] [A-Z][_-]. Order Select an existing number for where you want to put this classifier to move the classifier to the number you selected after clicking OK.
Page 203
Chapter 11 Bandwidth Management Table 90 Classification Setup: Add/Edit (continued) LABEL DESCRIPTION Service This field is available only when you select IP in the Ether Type field. This field simplifies classifier configuration by allowing you to select a predefined application. When you select a predefined application, you do not configure the rest of the filter fields.
Chapter 11 Bandwidth Management Table 90 Classification Setup: Add/Edit (continued) LABEL DESCRIPTION Class Routing Forward Select a WAN interface through which traffic of this class will be forwarded out. If you select Interface Unchange, the SBG forward traffic of this class according to the default routing table. Outgoing Queue To Queue Select a queue that applies to this class.
Chapter 11 Bandwidth Management Table 91 Network Setting > QoS > Policer Setup (continued) LABEL DESCRIPTION Rule These are the rates and burst sizes against which the policer checks the traffic of the member QoS classes. Action This shows the how the policer has the SBG treat different types of traffic belonging to the policer’s member QoS classes.
Chapter 11 Bandwidth Management Table 92 Policer Setup: Add/Edit (continued) LABEL DESCRIPTION Meter Type This shows the traffic metering algorithm used in this policer. The Simple Token Bucket algorithm uses tokens in a bucket to control when traffic can be transmitted.
Chapter 11 Bandwidth Management Figure 151 Configuration > Bandwidth Management > Shaper Setup The following table describes the labels in this screen. Table 93 Configuration > Bandwidth Management > Shaper Setup LABEL DESCRIPTION Click this to create a new shaper. Edit Double-click a shaper or select it and click Edit to open a screen where you can modify the shaper’s settings.
Chapter 11 Bandwidth Management Table 94 Shaper Setup: Add/Edit LABEL DESCRIPTION Click this button to save your changes to the SBG. Cancel Click this button to exit this screen without saving. 11.7 Technical Reference The following section contains additional technical information about the SBG features described in this chapter.
Page 209
Chapter 11 Bandwidth Management DSCP and Per-Hop Behavior DiffServ defines a new Differentiated Services (DS) field to replace the Type of Service (TOS) field in the IP header. The DS field contains a 2-bit unused field and a 6-bit DSCP field which can define up to 64 service levels.
Page 211
Chapter 11 Bandwidth Management The Single Rate Three Color Marker (srTCM, defined in RFC 2697) is a type of traffic policing that identifies packets by comparing them to one user-defined rate, the Committed Information Rate (CIR), and two burst sizes: the Committed Burst Size (CBS) and Excess Burst Size (EBS). The srTCM evaluates incoming packets and marks them with one of three colors which refer to packet loss priority levels.
Page 212
Chapter 11 Bandwidth Management SBG5500/3310 Series User’s Guide...
H A P T E R Network Management 12.1 Overview This chapter describes the SBG’s Configuration > Network Management screens. Use this screens to configure your SBG’s SNMP. 12.1.1 What You Can Do in This Chapter Use the SNMP screen to configure the SBG’s SNMP settings (Section 12.2 on page 213) 12.2 The SNMP Screen...
Page 214
Chapter 12 Network Management The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include such as number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects.
Page 215
Chapter 12 Network Management Table 97 Configuration > Network Management > SNMP (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the SBG. Reset Click Reset to restore your previously saved settings. SBG5500/3310 Series User’s Guide...
H A P T E R Log / Report 13.1 Overview The web configurator allows you to choose which categories of events and/or alerts to have the SBG log and then display the logs or have the SBG send them to an administrator (as e-mail) or to a syslog server.
Chapter 13 Log / Report Table 98 Syslog Severity Levels CODE SEVERITY Warning: There is a warning condition on the system. Notice: There is a normal but significant condition on the system. Informational: The syslog contains an informational message. 13.2 The Log Viewer Screen Use the Log viewer screen to see the system logs.
Chapter 13 Log / Report Table 99 Configuration > Log / Report > Log Viewer LABEL DESCRIPTION Protocol This displays when you show the filter. Select a service protocol whose log messages you would like to see. Destination IP This displays when you show the filter. Type the IP address of the destination of the incoming packet when the log message was generated.
Chapter 13 Log / Report Figure 156 Configuration > Log / Report > Log Settings The following table describes the labels in this screen. Table 100 Configuration > Log / Report > Log Settings LABEL DESCRIPTION Edit Double-click an entry or select it and click Edit to open a screen where you can modify it. Multiple Entries Turn Select one or more entries and click this to enable them.
Page 220
Chapter 13 Log / Report Figure 157 Configuration > Log / Report > Log Settings > Edit (USB) The following table describes the labels in this screen. Table 101 Configuration > Log / Report > Log Settings > Edit (USB) LABEL DESCRIPTION USB Log Setting...
Chapter 13 Log / Report Table 101 Configuration > Log / Report > Log Settings > Edit (USB) LABEL DESCRIPTION Click this to save your changes and return to the previous screen. Cancel Click this to return to the previous screen without saving your changes. 13.3.2 System and Email: Edit The Log Settings Edit screen controls the detailed settings for each log in the system log (which includes the e-mail profiles).
Page 222
Chapter 13 Log / Report Table 102 Configuration > Log / Report > Log Settings > Edit (System and Email) LABEL DESCRIPTION TLS Security Select the check box if you want encrypted communications between the mail server and the SBG. Security Select SSL/TLS to use Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
Chapter 13 Log / Report Table 102 Configuration > Log / Report > Log Settings > Edit (System and Email) LABEL DESCRIPTION E-mail Server Use the E-Mail Server drop-down list to change the settings for e-mailing logs to e- mail server for all log categories. Using the System Log drop-down list to disable all logs overrides your e-mail server settings.
Page 224
Chapter 13 Log / Report Figure 159 Configuration > Log / Report > Log Settings > Edit (Remote) The following table describes the labels in this screen. Table 103 Configuration > Log / Report > Log Settings > Edit (Remote) LABEL DESCRIPTION Log Settings for Remote Server...
Page 225
Chapter 13 Log / Report Table 103 Configuration > Log / Report > Log Settings > Edit (Remote) LABEL DESCRIPTION Selection Use the Selection drop-down list to change the log settings for all of the log categories. disable all logs (red X) - do not send the remote server logs for any log category. enable normal logs (green check mark) - send the remote server log messages and alerts for all log categories.
H A P T E R Service / License 14.1 Overview Use the Service / License screen to display the status of your service registrations. To activate or extend a standard service subscription, purchase an iCard and enter the iCard’s PIN number (license key) at myZyxel.com.
Page 228
Chapter 14 Service / License Table 104 Maintenance > Service / License LABEL DESCRIPTION Expiration Date This field displays the date your service expires. This field is blank when a service does not expire. Count This field displays the maximum number of users that may connect to the SBG at the same time or how many managed APs the SBG can support with your current license.
Chapter 15 Device Name H A P T E R Device Name 15.1 Overview Use the Device Name screen to change the SBG’s name in the network. 15.2 The Device Name Screen Click Maintenance > Device Name to view the following screen. Figure 161 Maintenance >...
Page 230
Chapter 15 Device Name Table 105 Maintenance > Device Name LABEL DESCRIPTION Apply Click Apply to save your changes back to the SBG. Reset Click Reset to renew this screen. SBG5500/3310 Series User’s Guide...
Chapter 16 Host Name List H A P T E R Host Name List 16.1 Overview Use the Host Name List screen to add connected devices to the SBG’s host list. Configure these devices to turn on with the Wake on LAN screen, see Section 6.6 on page 16.2 The Host Name List Screen Click Maintenance >...
Page 232
Chapter 16 Host Name List Figure 163 Maintenance > Host Name List: Add The following table describes the labels in this screen. Table 107 Maintenance > Host Name List: Add LABEL DESCRIPTION Refer To Select MAC Filter List if you want to select the devices that you added in the MAC Filter List.
Chapter 17 Date / Time H A P T E R Date / Time 17.1 Overview This chapter shows you how to configure system related settings, such as system time and the daylight saving setup. 17.2 The Date / Time Screen To change your SBG’s time and date, click Maintenance >...
Page 234
Chapter 17 Date / Time Figure 164 Maintenance > Date / Time The following table describes the labels in this screen. Table 108 Maintenance > Date / Time LABEL DESCRIPTION Current Date / Time Current Time This field displays the time of your SBG. Each time you reload this page, the SBG synchronizes the time with the time server.
Page 235
Chapter 17 Date / Time Table 108 Maintenance > Date / Time LABEL DESCRIPTION Daylight Saving Setup Daylight Saving time is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.
Chapter 18 User Account H A P T E R User Account 18.1 Overview Use the User Account screen to manage user accounts, which includes configuring the username, password, retry times, and users timeout period. 18.2 What You Can Do in this Chapter Use the User Account screen to view and manage all user accounts (Section 18.3 on page 236).
Chapter 18 User Account Table 109 Maintenance > User Account (continued) LABEL DESCRIPTION Lock Period This field indicates the number of minutes for the lockout period. A user cannot log into the SBG during the lockout period, even if he/she enters correct account information. An account will be locked if the account password is entered incorrectly too many times.
Page 238
Chapter 18 User Account Table 110 Users Configuration: Add/Edit (continued) LABEL DESCRIPTION Retry Times The SBG can lock a user out if you use a wrong user name or password to log in the SBG. Enter up to how many times a user can re-enter his/her account information before the SBG locks the user out.
Chapter 19 USB Storage H A P T E R USB Storage 19.1 Overview Use the USB Storage screen to share files on a USB memory stick or hard drive connected to your SBG with users on your network. The following figure is an overview of the SBG’s file server feature. Computers A and B can access files on a USB device (C) which is connected to the SBG.
Chapter 19 USB Storage File Systems A file system is a way of storing and organizing files on your hard drive and storage device. Often different operating systems such as Windows or Linux have different file systems. The file sharing feature on your SBG supports File Allocation Table (FAT) and FAT32.
Page 241
Chapter 19 USB Storage Figure 168 Maintenance > USB Storage The following table describes the labels in this screen. Table 111 Maintenance > USB Storage LABEL DESCRIPTION Configuration Enable USB Storage Click the check box to activate file sharing through the SBG. Sharing USB Information This section is available only when a USB device is connected and detected by the SBG.
Chapter 19 USB Storage Table 111 Maintenance > USB Storage LABEL DESCRIPTION Apply Click Apply to save your changes back to the SBG. Reset Click Reset to restore your previously saved settings. 19.2.1 Add a USB Share If a USB is connected to the USB port in the SBG you can view the Share Directory List table. Click Add to add a shared file to the SBG’s network.
Chapter 20 Diagnostic H A P T E R Diagnostic 20.1 Overview The Diagnostic screens display information to help you identify problems with the SBG. The route between a CO VDSL switch and one of its CPE may go through switches owned by independent organizations.
Chapter 20 Diagnostic 20.2 The Network Tools Screen Use this screen to ping, traceroute, or nslookup an IP address. Click Maintenance > Diagnostic > Network Tools to open the screen shown next. Figure 170 Maintenance > Diagnostic > Network Tools The following table describes the fields in this screen.
Chapter 20 Diagnostic 20.3 The Packet Capture Screen Use this screen to capture network traffic going through the SBG’s interfaces. Studying these packet captures may help you identify network problems. Click Maintenance > Diagnostic > Packet Capture to open the packet capture screen. Note: New capture files overwrite existing files of the same name.
Page 246
Chapter 20 Diagnostic Table 114 Maintenance > Diagnostic > Packet Capture LABEL DESCRIPTION Setting Capture Until Stop Click this check box to have the SBG capture packets according to the settings configured here. You can configure the SBG while a packet capture is in progress although you cannot modify the packet capture settings.
Chapter 21 Firmware Upgrade H A P T E R Firmware Upgrade 21.1 Overview This chapter explains how to upload new firmware package, to update USB 3G/4G dongle support, to your SBG. You can download new firmware releases and USB 3G/4G dongle support packages from your nearest Zyxel FTP site (or www.zyxel.com) to use to upgrade your device’s performance.
Page 248
Chapter 21 Firmware Upgrade The following table describes the labels in this screen. Table 115 Maintenance > Firmware Upgrade LABEL DESCRIPTION Firmware Status This is a sequential value, and it is not associated with the entry. Status This indicates whether the firmware is Running, or not running but already uploaded to the SBG and is on Standby.
Chapter 21 Firmware Upgrade Figure 174 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear. Click OK to go back to the Firmware Upgrade screen.
Page 250
Chapter 21 Firmware Upgrade Table 116 Maintenance > Firmware Upgrade > Mobile Profile LABEL DESCRIPTION Version This is the version of the SBG’s present mobile profile. Upgrade Click the Upgrade icon to open a new screen, where you Browse the location of the file you want to Upload to the SBG.
Chapter 22 Backup / Restore H A P T E R Backup / Restore 22.1 Overview The Backup / Restore screen allows you to backup and restore device configurations. You can also reset your device settings back to the factory default. 22.2 The Backup / Restore Screen Click Maintenance >...
Page 252
Chapter 22 Backup / Restore Click Backup to save the SBG’s current configuration to your computer. Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your SBG. Table 117 Restore Configuration LABEL DESCRIPTION File Path...
Chapter 23 Language H A P T E R Language 23.1 Overview Use the Language screen to change the language in which the screen are displayed in the web configurator. 23.2 The Language Screen Click Maintenance > Language to open the following screen. Figure 180 Maintenance >...
Chapter 24 Restart / Shutdown Chapter 24 Restart / Shutdown 24.1 Overview Use this screen to restart the device. Restart is different to reset; restart returns the device to its default configuration. 24.2 The Restart / Shutdown Screen System restart allows you to reboot the SBG remotely without turning the power off. You may need to do this if the SBG hangs, for example.
H A P T E R Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • SBG Access and Login • Internet Access •...
Chapter 25 Troubleshooting 25.2 SBG Access and Login I forgot the IP address for the SBG. The default LAN IP address is 192.168.1.1. If you changed the IP address and have forgotten it, you might get the IP address of the SBG by looking up the IP address of the default gateway for your computer.
Chapter 25 Troubleshooting • Make sure you have logged out of any earlier management sessions using the same user account even if they were through a different interface or using a different browser. • Try to access the SBG using another service, such as Telnet. If you can access the SBG, check the remote management settings and firewall rules to find out why the SBG does not respond to HTTP.
Chapter 25 Troubleshooting If the problem continues, contact your ISP. I cannot access the Internet through a DSL connection. Make sure you have the DSL WAN port connected to a telephone jack (or the DSL or modem jack on a splitter if you have one).
Page 259
Chapter 25 Troubleshooting Reboot the SBG. If you are connecting a USB hard drive that comes with an external power supply, make sure it is connected to an appropriate power source that is on. Re-connect your USB device to the SBG. SBG5500/3310 Series User’s Guide...
• Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • Zyxel Communications Corporation • http://www.zyxel.com Asia China • Zyxel Communications (Shanghai) Corp. Zyxel Communications (Beijing) Corp. Zyxel Communications (Tianjin) Corp. • http://www.zyxel.cn India • Zyxel Technology India Pvt Ltd • http://www.zyxel.in Kazakhstan •...
Page 262
Appendix A Customer Support Belgium • Zyxel Communications B.V. • http://www.zyxel.com/be/nl/ • http://www.zyxel.com/be/fr/ Bulgaria • Zyxel България • http://www.zyxel.com/bg/bg/ Czech Republic • Zyxel Communications Czech s.r.o • http://www.zyxel.cz Denmark • Zyxel Communications A/S • http://www.zyxel.dk Estonia • Zyxel Estonia • http://www.zyxel.com/ee/et/ Finland •...
Page 263
• Zyxel Communications Poland • http://www.zyxel.pl Romania • Zyxel Romania • http://www.zyxel.com/ro/ro Russia • Zyxel Russia • http://www.zyxel.ru Slovakia • Zyxel Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.sk Spain • Zyxel Communications ES Ltd • http://www.zyxel.es Sweden • Zyxel Communications • http://www.zyxel.se Switzerland •...
Page 264
Appendix A Customer Support • http://www.zyxel.ch/ Turkey • Zyxel Turkey A.S. • http://www.zyxel.com.tr • Zyxel Communications UK Ltd. • http://www.zyxel.co.uk Ukraine • Zyxel Ukraine • http://www.ua.zyxel.com Latin America Argentina • Zyxel Communication Corporation • http://www.zyxel.com/ec/es/ Brazil • Zyxel Communications Brasil Ltda.
Page 265
Appendix A Customer Support North America • Zyxel Communications, Inc. - North America Headquarters • http://www.zyxel.com/us/en/ Oceania Australia • Zyxel Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.za SBG5500/3310 Series User’s Guide...
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of Zyxel Communications Corporation. Published by Zyxel Communications Corporation. All rights reserved.
Page 267
Appendix B Legal Information g) If trouble is experienced with this equipment US: 1RODL01ASBG5500-A, for repair or warranty information, please contact Zyxel Communication Inc.; 1130 N Miller street Anaheim, CA 92806-2001, USA ;TEL: 002 +1 714-6320882. If the equipment is causing harm to the telephone network, the telephone company may request that you disconnect the equipment until the problem is resolved.
Page 268
Appendix B Legal Information • Do not expose your device to dampness, dust or corrosive liquids. • Do not store things on the device. • Do not obstruct the device ventilation slots as insufficient airflow may harm your device. For example, do not place the device in an enclosed space such as a box or on a very soft surface such as a bed or sofa.
Page 269
Appendix B Legal Information Il simbolo sotto significa che secondo i regolamenti locali il vostro prodotto e/o batteria deve essere smaltito separatamente dai rifiuti domestici. Quando questo prodotto raggiunge la fine della vita di servizio portarlo a una stazione di riciclaggio. Al momento dello smaltimento, la raccolta separata del vostro prodotto e/o della sua batteria aiuta a risparmiare risorse naturali e a proteggere l'ambiente e la salute umana.
Page 270
North American products. Trademarks ZyNOS (Zyxel Network Operating System) and ZON (Zyxel One Network) are registered trademarks of Zyxel Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Index Index static route 120, 237 Connectivity Check Messages, see CCMs contact information activation SIP ALG copyright administrator password CoS technologies algorithms customer support applications Internet access applications, NAT DDoS default server address Denials of Service, see DoS backup configuration DHCP 87, 106 blinking LEDs...
Page 272
Index Internet Protocol Security. See IPsec. PPP over Ethernet Internet Protocol version 6 encapsulation Internet Service Provider, see ISP 50, 187 IP address 87, 107 ping private IP Address Assignment IP alias file sharing NAT applications Finger IPsec firewalls algorithms add protocols architecture DDoS...
Page 273
Index passwords 20, 21 Maintenance Association, see MA Per-Hop Behavior, see PHB Maintenance Domain, see MD Maintenance End Point, see MEP Ping of Death Management Information Base (MIB) Point-to-Point Tunneling Protocol managing the device POP3 good habits port forwarding ports PPP over Ethernet, see PPPoE MTU (Multi-Tenant Unit) PPPoE...
Page 274
Index Routing Information Protocol. See RIP Tag Control Information See TCI Tag Protocol Identifier See TPID security associations. See VPN. Security Parameter Index, see SPI TPID Services trademarks setup transport mode static route trTCM 120, 237 Simple Network Management Protocol, see SNMP tunnel mode Single Rate Three Color Marker, see srTCM Two Rate Three Color Marker, see trTCM...
Page 275
Index Wide Area Network, see WAN warranty note web configurator login passwords 20, 21 wizard setup Internet Zone Control SBG5500/3310 Series User’s Guide...