Page 1 P-793H G.SHDSL.bis 4-port Security Gateway User’s Guide Version 3.40 Edition 1 8/2006...
Page 3: Copyright
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
Page 4: Certifications
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Viewing Certifications 1 Go to http://www.zyxel.com. 2 Select your product from the drop-down list box on the ZyXEL home page to go to that product's page. 3 Select the certification you wish to view from this page.
Page 5: Safety Warnings
P-793H User’s Guide Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids.
Page 6 P-793H User’s Guide This product is recyclable. Dispose of it properly. Safety Warnings...
Page 7: Zyxel Limited Warranty
Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Page 8: Customer Support
P-793H User’s Guide Customer Support Please have the following information ready when you contact customer support. • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it.
Page 9 P-793H User’s Guide METHOD SUPPORT E-MAIL TELEPHONE WEB SITE REGULAR MAIL SALES E-MAIL FTP SITE LOCATION support@zyxel.no +47-22-80-61-80 www.zyxel.no ZyXEL Communications A/S Nils Hansens vei 13 NORWAY sales@zyxel.no +47-22-80-61-81 0667 Oslo Norway info@pl.zyxel.com +48 (22) 333 8250 www.pl.zyxel.com ZyXEL Communications ul.
Page 10 P-793H User’s Guide Customer Support...
Page 11: Table Of Contents
Table of Contents ....................11 List of Figures ......................25 List of Tables ......................33 Preface ........................39 Chapter 1 Getting To Know Your ZyXEL Device ..............41 1.1 Overview ......................41 1.1.1 High-speed Internet Access ..............41 1.1.2 High-speed Point-to-point Connections ............42 1.2 LEDs ........................42 Chapter 2 Introducing the Web Configurator................
Page 12 4.1 Point-to-point Connection Overview ..............67 4.2 Point-to-point Connection Procedure ..............68 4.2.1 Set up the Server ..................68 4.2.2 Set up the Client ..................68 4.2.3 Connect the ZyXEL Devices ..............69 Chapter 5 WAN Setup......................71 5.1 WAN Overview ....................71 5.1.1 Encapsulation ...................71 5.1.1.1 ENET ENCAP .................71...
Page 13 5.8.2 Advanced Modem Settings for Dial Backup ..........91 Chapter 6 LAN Setup....................... 95 6.1 LAN Overview ....................95 6.1.1 LANs, WANs and the ZyXEL Device ............95 6.1.2 DHCP Setup .....................96 6.1.2.1 IP Pool Setup ..................96 6.1.3 DNS Server Address ................96 6.1.4 DNS Server Address Assignment .............97 6.2 LAN TCP/IP ......................97...
Page 14 8.4.2.2 Illegal Commands (NetBIOS and SMTP) ........124 8.4.2.3 Traceroute ..................125 8.5 Stateful Inspection ....................125 8.5.1 Stateful Inspection Process ..............126 8.5.2 Stateful Inspection and the ZyXEL Device ..........126 8.5.3 TCP Security ...................127 8.5.4 UDP/ICMP Security ................127 8.5.5 Upper Layer Protocols ................128 8.6 Guidelines for Enhancing Security with Your Firewall ........128...
Page 15 IPSec VPN ......................155 11.1 IPSec VPN Overview ..................155 11.1.1 IKE SA Overview ..................156 11.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router ..156 11.1.1.2 IKE SA Proposal ................157 11.1.1.3 Diffie-Hellman (DH) Key Exchange ..........157 11.1.1.4 Authentication ................158 11.1.2 Additional Topics for IKE SA ..............159...
Page 16 P-793H User’s Guide 11.1.4.1 IPSec SA using Manual Keys ............162 11.2 VPN Setup Screen ..................163 11.3 Editing VPN Policies ..................165 11.4 Configuring Advanced IKE Settings ...............170 11.5 Configuring Manual Key .................173 11.6 Viewing SA Monitor ..................176 11.7 Configuring Global Setting ................177 11.8 Telecommuter VPN/IPSec Examples .............178...
Page 17 16.1.1 How do I know if I'm using UPnP? ............215 16.1.2 NAT Traversal ..................215 16.1.3 Cautions with UPnP ................216 16.2 UPnP and ZyXEL ...................216 16.2.1 Configuring UPnP .................216 16.3 Installing UPnP in Windows Example ............217 16.4 Using UPnP in Windows XP Example ............220 Chapter 17 System ........................
Page 18 P-793H User’s Guide 18.2 Viewing the Logs ....................233 18.3 Configuring Log Settings ................234 Chapter 19 Tools ........................237 19.1 Firmware Upgrade ..................237 19.2 Configuration ....................239 19.3 Restart ......................241 Chapter 20 Diagnostic......................243 20.1 General Diagnostic ..................243 20.2 DSL Line Diagnostic ..................243 Chapter 21 Introducing the SMT ....................
Page 19 Chapter 29 Firewall Setup ....................... 297 29.1 Using ZyXEL Device SMT Menus ..............297 29.1.1 Activating the Firewall ................297 Chapter 30 Filter Configuration ....................299 30.1 Introduction to Filters ..................299 30.1.1 The Filter Structure of the ZyXEL Device ..........300 Table of Contents...
Page 20 P-793H User’s Guide 30.2 Configuring a Filter Set ..................301 30.2.1 Configuring a Filter Rule ...............304 30.2.2 Configuring a TCP/IP Filter Rule ............304 30.2.3 Configuring a Generic Filter Rule ............307 30.3 Example Filter ....................309 30.4 Filter Types and NAT ..................311 30.5 Firewall Versus Filters ..................311 30.6 Applying a Filter .....................311...
Page 21 P-793H User’s Guide 34.4 Restore Configuration ..................333 34.4.1 Restore Using FTP ................333 34.4.2 Restore Using FTP Session Example ..........334 34.4.3 Restore Via Console Port ..............334 34.5 Uploading Firmware and Configuration Files ..........335 34.5.1 Firmware File Upload ................335 34.5.2 Configuration File Upload ..............336 34.5.3 FTP File Upload Command from the DOS Prompt Example ....336...
Page 22 P-793H User’s Guide Chapter 38 Troubleshooting ....................361 38.1 Problems Starting Up the ZyXEL Device ............361 38.2 Problems with the LAN ...................361 38.3 Problems with the WAN .................362 38.4 Problems Accessing the ZyXEL Device ............363 Appendix A Product Specifications ..................365 Appendix B Wall-mounting Instructions.................
Page 23 P-793H User’s Guide Appendix H Firewall Commands ..................... 403 Appendix I NetBIOS Filter Commands .................. 409 Introduction ......................409 Display NetBIOS Filter Settings ................409 NetBIOS Filter Configuration.................. 410 Appendix J Log Descriptions....................411 Log Commands...................... 425 Log Command Example..................426 Index........................
Page 24 P-793H User’s Guide Table of Contents...
Page 25: List Of Figures
P-793H User’s Guide List of Figures Figure 1 High-speed Internet Access with Your ZyXEL Device .......... 41 Figure 2 Point-to-point Connections with Your ZyXEL Device ..........42 Figure 3 LEDs ........................43 Figure 4 Login Screen ......................46 Figure 5 Change Password at Login ................... 46 Figure 6 Select a Mode .......................
Page 26 Figure 45 NAT > Port Forwarding > Edit ................114 Figure 46 NAT > Address Mapping ..................115 Figure 47 NAT > Address Mapping > Edit ................116 Figure 48 ZyXEL Device Firewall Application ..............121 Figure 49 Three-Way Handshake ..................122 Figure 50 SYN Flood ......................123 Figure 51 Smurf Attack .......................
Page 27 P-793H User’s Guide Figure 82 VPN > Monitor ....................177 Figure 83 VPN > VPN Global Setting ................. 178 Figure 84 Telecommuters Sharing One VPN Rule Example ..........179 Figure 85 Telecommuters Using Unique VPN Rules Example ........... 180 Figure 86 Example of Static Routing Topology ..............183 Figure 87 Static Route >...
Page 28 P-793H User’s Guide Figure 125 Network Temporarily Disconnected ..............238 Figure 126 Error Message ....................239 Figure 127 Tools > Configuration ..................239 Figure 128 Configuration Upload Successful ..............240 Figure 129 Network Temporarily Disconnected ..............240 Figure 130 Configuration Upload Error ................241 Figure 131 Tools >...
Page 29 P-793H User’s Guide Figure 168 Menu 4: Internet Access & NAT Example ............291 Figure 169 NAT Example 2 ....................291 Figure 170 Menu 15.2: Specifying an Inside Server ............292 Figure 171 NAT Example 3 ....................293 Figure 172 Example 3: Menu 11.3 ..................293 Figure 173 Example 3: Menu 15.1.1.1 ................
Page 30 P-793H User’s Guide Figure 211 Successful Backup Confirmation Screen ............333 Figure 212 Menu 24.6: Restore Configuration ..............333 Figure 213 Restore Using FTP Session Example ............... 334 Figure 214 System Maintenance: Restore Configuration ........... 334 Figure 215 System Maintenance: Starting Xmodem Download Screen ......334 Figure 216 Restore Configuration Example ................
Page 31 P-793H User’s Guide Figure 254 Red Hat 9.0: KDE: Ethernet Device: General ..........380 Figure 255 Red Hat 9.0: KDE: Network Configuration: DNS ..........380 Figure 256 Red Hat 9.0: KDE: Network Configuration: Activate ........381 Figure 257 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 ....... 381 Figure 258 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0...
Page 32 P-793H User’s Guide List of Figures...
Page 33: List Of Tables
P-793H User’s Guide List of Tables Table 1 LEDs ........................43 Table 2 Web Configurator Screens Summary ..............48 Table 3 Status ........................51 Table 4 Status > Packet Statistics ..................53 Table 5 Wizard Main Screen ....................55 Table 6 Internet Setup Wizard: ISP Parameters ..............56 Table 7 Internet Setup Wizard: ISP Parameters (Ethernet) ..........
Page 34 P-793H User’s Guide Table 39 Firewall > Rules ....................138 Table 40 Firewall > Rules > Add/Edit ................. 139 Table 41 Firewall > Rules > Add/Edit > Edit Customized Services ........141 Table 42 Firewall > Rules > Add/Edit > Edit Customized Services > Edit ......142 Table 43 Firewall >...
Page 35 P-793H User’s Guide Table 82 Logs > View Log ....................234 Table 83 Logs > Log Settings ..................... 235 Table 84 Tools > Firmware ....................237 Table 85 Tools > Configuration ................... 239 Table 86 Diagnostic > General ................... 243 Table 87 Diagnostic >...
Page 36 Table 131 Menu 26: Schedule Setup ................. 358 Table 132 Menu 26.1: Schedule Set Setup ................ 359 Table 133 Troubleshooting Starting Up Your ZyXEL Device ..........361 Table 134 Troubleshooting the LAN ................... 361 Table 135 Troubleshooting the WAN .................. 362 Table 136 Troubleshooting Accessing the ZyXEL Device ..........
Page 37 P-793H User’s Guide Table 168 IKE Logs ......................417 Table 169 PKI Logs ......................420 Table 170 Certificate Path Verification Failure Reason Codes ........... 421 Table 171 802.1X Logs ...................... 422 Table 172 ACL Setting Notes ..................... 423 Table 173 ICMP Notes ....................... 423 Table 174 Syslog Logs .......................
Page 38 P-793H User’s Guide List of Tables...
Page 39: Preface
Settings and then click Control Panel. • “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”. • The P-793H may be referred to as the “ZyXEL Device” or the “device” in this User’s Guide.
Page 40 User Guide Feedback Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Page 41: Getting To Know Your Zyxel Device
ZyXEL Devices of the same type. In either setup, the ZyXEL Device itself can act as a router or as a bridge. As a router, the ZyXEL Device provides features such as firewall, content filtering and bandwidth management. As a bridge, the ZyXEL Device minimizes the configuration changes you have to make in your existing network.
Page 42: High-Speed Point-To-Point Connections
Set up each ZyXEL Device as a router or as a bridge, depending on the desired configuration. If you set up a ZyXEL Device as a router, you can use features such as firewall, content filtering and bandwidth management. If you set up a ZyXEL Device as a bridge, you can minimize the configuration changes you have to make in your existing network.
Page 43: Figure 3 Leds
ZyXEL Device is sending/receiving data.) Blinking The ZyXEL Device is sending/receiving data. The ZyXEL Device tried to get an IP address, but an error occurred. The Internet connection is down. Chapter 1 Getting To Know Your ZyXEL Device...
Page 44 P-793H User’s Guide Chapter 1 Getting To Know Your ZyXEL Device...
Page 45: Introducing The Web Configurator
See the chapter on troubleshooting if you need to make sure these functions are allowed in Internet Explorer. 2.2 Accessing the Web Configurator 1 Make sure your ZyXEL Device hardware is properly connected (refer to the Quick Start Guide). 2 Prepare your computer/computer network to connect to the ZyXEL Device (refer to the Quick Start Guide).
Page 46: Figure 4 Login Screen
Go to Advanced setup, and click Apply to display the Status screen. Select Click here to always start with the Advanced setup if you want the ZyXEL Device to skip this screen from now on and always go to the Status screen. See Section 2.4 on page...
Page 47: Navigating The Web Configurator
Note: The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyXEL Device if this happens to you. 2.3 Navigating the Web Configurator After you enter the admin password, use the sub-menus on the navigation panel to configure ZyXEL Device features.
Page 48: Figure 7 Web Configurator: Main Screen
SETUP Logout Click this icon to exit the web configurator. Status Use this screen to look at the ZyXEL Device’s general device, system and interface status information. You can also access the summary statistics tables. Network Internet Use this screen to configure ISP parameters, WAN IP address Connection assignment, and more advanced properties.
Page 49 Use this screen to block sites containing certain keywords in the URL. Schedule Use this screen to set the days and times for the ZyXEL Device to perform content filtering. Trusted Use this screen to exclude a range of users on the LAN from content filtering on your ZyXEL Device.
Page 50: Status Screen
This screen contains administrative and system-related information and also allows you to change your password. Time Setting Use this screen to change your ZyXEL Device’s time and date. Logs View Log Use this screen to view the logs for the categories that you selected.
Page 51: Figure 8 Status
Model Number This is the model number of the ZyXEL Device. MAC Address This is the MAC (Media Access Control) or Ethernet address unique to your ZyXEL Device. ZyNOS Firmware This is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's Version proprietary Network Operating System design.
Page 52: Status: Bandwidth Status
Network Operating System) and is thus available for running processes like NAT, VPN and the firewall. The bar displays what percent of the ZyXEL Device's heap memory is in use. The bar turns from green to red when the maximum is being approached.
Page 53: Status: Packet Statistics
Link Status This is the status of your WAN link. WAN IP Address This is the IP address assigned to your ZyXEL Device on the WAN. Upstream Speed This is the upstream speed of your ZyXEL Device. Downstream Speed This is the downstream speed of your ZyXEL Device.
Page 54: Status: Vpn Status
If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the ZyXEL Device to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to “1234”.
Page 55: Chapter 3 Wizards
P-793H User’s Guide H A P T E R Wizards Use these screens to configure Internet access or to configure basic bandwidth management. Note: See the advanced menu chapters for background information on these fields. To access the wizards, click Go to Wizard setup in...
Page 56: Internet Setup Wizard
P-793H User’s Guide 3.1 Internet Setup Wizard Use these screens to configure Internet access settings. To access this wizard, click INTERNET SETUP in the wizard main screen. 3.1.1 Screen 1 This screen lets you enter some of the ISP settings for your Internet connection.
Page 57: Screen 2
P-793H User’s Guide Table 6 Internet Setup Wizard: ISP Parameters LABEL DESCRIPTION Next Click Next to continue to the next wizard screen. The next wizard screen you see depends on what mode and encapsulation you selected above. Exit Click Exit to close the wizard screen without saving your changes.
Page 58: Figure 13 Internet Setup Wizard: Isp Parameters (Pppoe)
P-793H User’s Guide Table 7 Internet Setup Wizard: ISP Parameters (Ethernet) LABEL DESCRIPTION First DNS Enter the IP address(es) of the DNS server(s) provided by your ISP. If your ISP did Server not provide one or both, use the default value(s).
Page 59: Figure 14 Internet Setup Wizard: Isp Parameters (Rfc1483)
P-793H User’s Guide This screen appears if your Internet connection uses RFC1483 encapsulation. Figure 14 Internet Setup Wizard: ISP Parameters (RFC1483) The following table describes the fields in this screen. Table 9 Internet Setup Wizard: ISP Parameters (RFC1483) LABEL DESCRIPTION IP Address Enter the static IP address provided by your ISP.
Page 60: Screen 3
P-793H User’s Guide Figure 15 Internet Setup Wizard: ISP Parameters (PPPoA) The following table describes the fields in this screen. Table 10 Internet Setup Wizard: ISP Parameters (PPPoA) LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given.
Page 61: Bandwidth Management Wizard
ZyXEL Device features. 3.2 Bandwidth Management Wizard Use these screens to control the amount of bandwidth going out through the ZyXEL Device’s WAN port and prioritize the distribution of the bandwidth. This helps keep one service, or application, from using all of the available bandwidth and shutting out other services.
Page 62: Table 12 Bandwidth Management Setup: Services
P-793H User’s Guide The following table describes the services you can select. Table 12 Bandwidth Management Setup: Services SERVICE DESCRIPTION E-Mail Electronic mail consists of messages sent through a computer network to specific groups or individuals. Here are some default ports for e-mail:...
Page 63: Screen 1
Active Select the Active check box to have the ZyXEL Device apply bandwidth management to traffic going out through the ZyXEL Device’s WAN or LAN port. If you do not select this, you cannot run the rest of the wizard.
Page 64: Screen 3
These fields display the services names. Priority Select High, Mid or Low priority for each service to have your ZyXEL Device use a priority for traffic that matches that service. A service with High priority is given as much bandwidth as it needs.
Page 65: Figure 19 Bandwidth Management Wizard: Complete
P-793H User’s Guide Figure 19 Bandwidth Management Wizard: Complete Chapter 3 Wizards...
Page 66 P-793H User’s Guide Chapter 3 Wizards...
Page 67: Point-To-Point Configuration
42.) Figure 20 Example: Point-to-point Connections In a point-to-point connection, the DSL ports on the ZyXEL Devices are directly connected to each other, not to an ISP or the Internet. The connection can use RFC 1483 in bridge mode or ENET ENCAP in router mode, and the ZyXEL Devices must use the same VPI, VCI, multiplexing, and encapsulation method.
Page 68: Point-To-Point Connection Procedure
Client. Connect the ZyXEL Devices. 4.2.1 Set up the Server 1 Log in to the ZyXEL Device that will be the server. (See Chapter 2 on page 45.) 2 Click Network > WAN > Internet Connection. 3 Configure the VPI, VCI, Multiplexing, and Encapsulation fields for the point-to-point connection.
Page 69: Connect The Zyxel Devices
7 Click Apply. 4.2.3 Connect the ZyXEL Devices Connect the DSL ports on the ZyXEL Devices together, and wait while the ZyXEL Devices automatically establish the connection. When the connection is established, the DSL1, DSL2, and INTERNET lights are on. It takes up to half a minute to establish the connection. If the connection is not established, verify that the settings match.
Page 70 P-793H User’s Guide Chapter 4 Point-to-point Configuration...
Page 71: Chapter 5 Wan Setup
5.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 5.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device supports the following methods. 5.1.1.1 ENET ENCAP The MAC Encapsulated Routing Link Protocol (ENET ENCAP) is only implemented with the IP network protocol.
Page 72: Pppoa
By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
Page 73: Ip Address Assignment
The ZyXEL Device does two things when you specify a nailed-up connection. The first is that idle timeout is disabled. The second is that the ZyXEL Device will try to bring up the connection when turned on and whenever the connection is down. A nailed-up connection can be very expensive for obvious reasons.
Page 74: Metric
"1" and "15"; a number greater than "15" means the link is down. The smaller the number, the lower the "cost". The metric sets the priority for the ZyXEL Device’s routes to the Internet. If any two of the default routes have the same metric, the ZyXEL Device uses the following pre-defined priorities: •...
Page 75: Atm Traffic Classes
P-793H User’s Guide Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more cells (up to the MBS) can be sent at the PCR again.
Page 76: Unspecified Bit Rate (Ubr)
An example application is background file transfer. 5.4 Internet Connection To change your ZyXEL Device’s WAN remote node settings, click Network > WAN > Internet Connection. The screen differs by the encapsulation. Section 5.1 on page 71 for more information.
Page 77: Figure 23 Wan > Internet Connection
P-793H User’s Guide Figure 23 WAN > Internet Connection The following table describes the labels in this screen. Table 15 WAN > Internet Connection LABEL DESCRIPTION General Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is for descriptive purposes only.
Page 78 67.) Otherwise, select Client. Enable Rate This field is enabled if Service Type is Server. Indicate whether or not the Adaption ZyXEL Device can adjust the speed of its connection to that of the other device. Chapter 5 WAN Setup...
Page 79: Configuring Advanced Internet Connection
This field is enabled if Service Type is Server. Set the maximum rate at which (Kbps) the ZyXEL Device sends and receives information. If you select Enable Rate Adaption, the ZyXEL Device adjusts to the speed of the other device and may exceed this rate. Transfer Min Rate This field is enabled if Service Type is Server.
Page 80: Table 16 Wan > Internet Connection > Advanced Setup
Passthrough to allow up to ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the ZyXEL Device. Each host can have a separate account and a public WAN IP address.
Page 81: Configuring More Connections
P-793H User’s Guide 5.5 Configuring More Connections This section describes the protocol-independent parameters for a remote network. They are required for placing calls to a remote gateway and the network behind it across a WAN connection. When you use the WAN > Internet Connection screen to set up Internet access, you are configuring the first WAN connection.
Page 82: Figure 26 Wan > More Connections > Edit
Select Routing from the drop-down list box if your ISP allows multiple computers to share an Internet account. If you select Bridge, the ZyXEL Device will forward any packet that it does not route to this remote node; otherwise, the packets are discarded.
Page 83 Select Nailed-Up Connection when you want your connection up all the time. Connection The ZyXEL Device will try to bring up the connection automatically if it is disconnected. Connect on Demand Select Connect on Demand when you don't want the connection up all the time and specify an idle time-out in the Max Idle Timeout field.
Page 84: Configuring More Connections Advanced Setup
P-793H User’s Guide 5.5.2 Configuring More Connections Advanced Setup Use this screen to edit your ZyXEL Device's advanced WAN settings. Click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown. Figure 27 WAN > More Connections > Advanced Setup The following table describes the labels in this screen.
Page 85: Traffic Redirect
LAN. Use IP alias to configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the following figure) and the backup gateway in another subnet (Subnet 2).
Page 86: Dial Backup Interface
Use this screen to forward traffic to a backup gateway or to use the dial-backup port when the ZyXEL Device cannot connect to the Internet. To open this screen, click WAN > WAN Backup Setup. The screen appears as shown.
Page 87: Figure 30 Wan > Wan Backup Setup
Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up. Select ICMP to have the ZyXEL Device periodically ping the IP addresses configured in the Check WAN IP Address fields.
Page 88 Table 20 WAN > WAN Backup Setup (continued) LABEL DESCRIPTION Recovery Interval When the ZyXEL Device is using a lower priority connection (usually a WAN backup connection), it periodically checks to whether or not it can use a higher priority connection.
Page 89: Advanced Backup Setup
Click Cancel to begin configuring this screen afresh. 5.8.1 Advanced Backup Setup Use this screen to change your ZyXEL Device’s advanced dial backup settings. Click WAN > WAN Backup Setup > Advanced Setup. The screen appears as shown. Figure 31 WAN > WAN Backup Setup > Advanced Setup...
Page 90: Table 21 Wan > Wan Backup Setup > Advanced Setup
Select this if you want to enable RIP in the dial-backup connection. RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers. Clear this if you want the ZyXEL Deviceto not send any RIP packets and to ignore any RIP packets received.
Page 91: Advanced Modem Settings For Dial Backup
Enter the maximum amount of time (in minutes) each call can last. Enter 0 if there is no limit. With Period, you can set a limit on the total outgoing call time of the ZyXEL Device within a certain period of time. When the total outgoing call time exceeds the limit, the current call will be dropped and any future outgoing calls will be blocked.
Page 92: Figure 32 Wan > Wan Backup Setup > Advanced Setup > Edit
Call Control Dial Timeout Enter a number of seconds for the ZyXEL Device to keep trying to set up an outgoing call before timing out (stopping). The ZyXEL Device times out and stops if it cannot set up an outgoing call within the timeout value.
Page 93 Table 22 WAN > WAN Backup Setup > Advanced Setup > Edit (continued) LABEL DESCRIPTION Call Back Delay Enter a number of seconds for the ZyXEL Device to wait between dropping a callback request call and dialing the corresponding callback call. Back Click Back to return to the previous screen.
Page 94 P-793H User’s Guide Chapter 5 WAN Setup...
Page 95: Chapter 6 Lan Setup
6.1.1 LANs, WANs and the ZyXEL Device The actual physical connection determines whether the ZyXEL Device ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next.
Page 96: Dhcp Setup
If the Primary and Secondary DNS Server fields in the DHCP Setup screen are not specified, for instance, left as 0.0.0.0, the ZyXEL Device tells the DHCP clients that it itself is the DNS server. When a computer sends a DNS query to the ZyXEL Device, the ZyXEL Device forwards the query to the real DNS server learned through IPCP and relays the response back to the computer.
Page 97: Dns Server Address Assignment
If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the DHCP Setup screen. • The ZyXEL Device acts as a DNS proxy when the Primary and Secondary DNS Server fields are left as 0.0.0.0 in the DHCP Setup screen.
Page 98: Private Ip Addresses
• Both - the ZyXEL Device will broadcast its routing table periodically and incorporate the RIP information that it receives. • In Only - the ZyXEL Device will not send any RIP packets but will accept all RIP packets received.
Page 99: Multicast
P-793H User’s Guide • Out Only - the ZyXEL Device will send out RIP packets but will not accept any RIP packets received. • None - the ZyXEL Device will not send any RIP packets and will ignore any RIP packets received.
Page 100: Configuring Advanced Lan Setup
LAN setup. 6.3.1 Configuring Advanced LAN Setup Use this screen to edit your ZyXEL Device's advanced LAN settings. Click the Advanced Setup button in the LAN IP screen. The screen appears as shown. Figure 35 LAN > IP > Advanced Setup...
Page 101: Dhcp Setup
Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. 6.4 DHCP Setup Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Chapter 6 LAN Setup...
Page 102: Figure 36 Lan > Dhcp Setup
Address contiguous addresses in the IP address pool. Pool Size This field is enabled if the ZyXEL Device is a Server. Enter the size of, or the number of addresses in, the IP address pool. Remote DHCP This field is enabled if the ZyXEL Device is a Relay. Enter the IP address of the Server DHCP server to which the ZyXEL Device should route requests.
Page 103: Lan Client List
00:A0:C5:00:00:02. Use this screen to change your ZyXEL Device’s static DHCP settings. Click Network > LAN > Client List. The screen appears as shown. Figure 37 LAN > Client List The following table describes the labels in this screen.
Page 104: Lan Ip Alias
IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The ZyXEL Device supports three logical LAN interfaces via its single physical Ethernet interface with the ZyXEL Device itself as the gateway for each LAN network.
Page 105: Figure 39 Lan > Ip Alias
This field is enabled if RIP Direction is not None. The RIP Version field controls the format and the broadcasting method of the RIP packets that the ZyXEL Device sends (it recognizes both formats when receiving). RIP-1 is universally supported but RIP-2 carries more information.
Page 106 P-793H User’s Guide Chapter 6 LAN Setup...
Page 107: Network Address Translation (Nat) Screens
IP address known within another network. 7.1.1 NAT Definitions Inside/outside denotes where a host is located relative to the ZyXEL Device, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Page 108: What Nat Does
Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored. The following figure illustrates this.
Page 109: Nat Application
7.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the ZyXEL Device maps multiple local IP addresses to one global IP address.
Page 110: Sua (Single User Account) Versus Nat
Table 29 on page 110. • Choose SUA Only if you have just one public WAN IP address for your ZyXEL Device. • Choose Full Feature if you have multiple public WAN IP addresses for your ZyXEL Device.
Page 111: Port Forwarding
Address Translation (NAT) SUA Only Select this radio button if you have just one public WAN IP address for your ZyXEL Device. Full Feature Select this radio button if you have multiple public WAN IP addresses for your ZyXEL Device.
Page 112: Default Server Ip Address
Note: If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup.
Page 113: Configuring Port Forwarding
NAT > General screen or when you edit a server mapping set with Full Feature NAT. If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup.
Page 114: Port Forwarding Rule Edit
Click the delete icon to delete an existing port forwarding rule. Note that subsequent rules move up by one when you take this action. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previous configuration.
Page 115: Address Mapping
Note: The Address Mapping screen is available only when you select Full Feature in the NAT > General screen. Ordering your rules is important because the ZyXEL Device applies the rules in the order that you specify. When a rule matches the current packet, the ZyXEL Device takes the corresponding action and the remaining rules are ignored.
Page 116: Address Mapping Rule Edit
One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only.
Page 117: Table 34 Nat > Address Mapping > Edit
Note that port numbers do not change for One-to-one NAT mapping type. Many-to-One: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only.
Page 118 P-793H User’s Guide Chapter 7 Network Address Translation (NAT) Screens...
Page 119: Chapter 8 Firewalls
P-793H User’s Guide H A P T E R Firewalls This chapter gives some background information on firewalls and introduces the ZyXEL Device firewall. 8.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.
Page 120: Application-Level Firewalls
The ZyXEL Device also has packet filtering capabilities. The ZyXEL Device is installed between the LAN and the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN.
Page 121: Denial Of Service Attacks
Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The ZyXEL Device is pre-configured to automatically detect and thwart all known DoS attacks.
Page 122: Types Of Dos Attacks
P-793H User’s Guide 8.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data.
Page 123: Figure 50 Syn Flood
P-793H User’s Guide • SYN Attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYN-ACK, it queues up all outstanding SYN-ACK responses on what is known as a backlog queue.
Page 124: Icmp Vulnerability
P-793H User’s Guide Figure 51 Smurf Attack 8.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert: Table 35 ICMP Commands That Trigger Alerts REDIRECT TIMESTAMP_REQUEST TIMESTAMP_REPLY ADDRESS_MASK_REQUEST ADDRESS_MASK_REPLY 8.4.2.2 Illegal Commands (NetBIOS and SMTP)
Page 125: Traceroute
The ZyXEL Device uses stateful packet inspection to protect the private LAN from hackers and vandals on the Internet. By default, the ZyXEL Device’s stateful inspection allows all communications to the Internet that originate from the LAN, and blocks all traffic to the LAN that originates from the Internet.
Page 126: Stateful Inspection Process
P-793H User’s Guide The previous figure shows the ZyXEL Device’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed. However other Telnet traffic initiated from the WAN is blocked.
Page 127: Tcp Security
Below is a brief technical description of how these connections are tracked. Connections may either be defined by the upper protocols (for instance, TCP), or by the ZyXEL Device itself (as with the "virtual connections" created for UDP and ICMP).
Page 128: Upper Layer Protocols
P-793H User’s Guide A similar situation exists for ICMP, except that the ZyXEL Device is even more restrictive. Specifically, only outgoing echoes will allow incoming echo replies, outgoing address mask requests will allow incoming address mask replies, and outgoing timestamp requests will allow incoming timestamp replies.
Page 129: Packet Filtering Vs. Firewall
8.7 Packet Filtering vs. Firewall Below are some comparisons between the ZyXEL Device’s filtering and firewall functions. 8.7.1 Packet Filtering • The router filters packets as they pass through the router’s interface according to the filter rules you designed.
Page 130: When To Use Filtering
P-793H User’s Guide 8.7.1.1 When To Use Filtering • To block/allow LAN packets by their MAC addresses. • To block/allow special IP packets which are neither TCP nor UDP, nor ICMP packets. • To block/allow both inbound (WAN to LAN) and outbound (LAN to WAN) traffic between the specific inside host/network "A"...
Page 131: Firewall Configuration
9.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your ZyXEL Device has to offer. For this reason, it is recommended that you configure your firewall using the web configurator. CLI (Command Line Interpreter) commands provide limited configuration options and are only recommended for advanced users.
Page 132: Rule Logic Overview
These custom rules work by comparing the Source IP address, Destination IP address and IP protocol type of network traffic to rules set by the administrator. Your customized rules take precedence and override the ZyXEL Device’s default rules. 9.3 Rule Logic Overview Note: Study these points carefully before configuring rules.
Page 133: Key Fields For Configuring Rules
LAN to LAN/ Router and WAN to WAN/ Router rules apply to packets coming in on the associated interface (LAN or WAN, respectively). LAN to LAN/ Router means policies for LAN-to-ZyXEL Device (the policies for managing the ZyXEL Device through the LAN interface) and policies for LAN-to-LAN (the policies that control routing between two subnets on the LAN).
Page 134: Lan To Wan Rules
You may have more than one connection to the Internet (through one or more ISPs). If the alternate gateway is on the LAN (and its IP address is in the same subnet as the ZyXEL Device’s LAN IP address), the “triangle route” (also called asymmetrical route) problem may occur.
Page 135: Solving The "Triangle Route" Problem
9.5.2 Solving the “Triangle Route” Problem You can have the ZyXEL Device allow triangle route sessions. However this can allow traffic from the WAN to go directly to a LAN computer without passing through the ZyXEL Device and its firewall protection.
Page 136: General Firewall Policy
Denial of Service (DoS) attacks when the firewall is activated. Bypass Triangle Select this check box to have the ZyXEL Device firewall permit the use of triangle Route route topology on the network. See the appendix for more on triangle route topology.
Page 137: Firewall Rules Summary
Click this button to display more information. Basic... Click this button to display less information. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 9.7 Firewall Rules Summary Note: The ordering of your rules is very important as rules are applied in turn.
Page 138: Configuring Firewall Rules
Table 39 Firewall > Rules LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the ZyXEL Device's memory for recording Storage Space firewall rules it is currently using. When you are using 80% or less of the storage in Use space, the bar is green.
Page 139: Figure 58 Firewall > Rules > Add/Edit
P-793H User’s Guide Use this screen to create or edit a firewall rule. In the Rules screen, select an index number and click Add or click a rule’s Edit icon to display this screen and refer to the following table for information on the labels.
Page 140 Log Settings page and select the Access Control logs category to have the ZyXEL Device record these logs. Alert Send Alert Message Select the check box to have the ZyXEL Device generate an alert when the rule to Administrator is matched. When Matched.
Page 141: Customized Services
Click Cancel to exit this screen without saving. 9.7.2 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) web site. For further information on these services, please read...
Page 142: Example Firewall Rule
P-793H User’s Guide Refer to Section 8.1 on page 119 for more information. Figure 60 Firewall > Rules > Add/Edit > Edit Customized Services > Edit The following table describes the labels in this screen. Table 42 Firewall > Rules > Add/Edit > Edit Customized Services > Edit...
Page 143: Figure 61 Firewall Example: Rules
P-793H User’s Guide Figure 61 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8.
Page 144: Figure 63 Firewall Example: Edit Rule: Destination Address
P-793H User’s Guide Figure 63 Firewall Example: Edit Rule: Destination Address 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Note: Custom services show up with an “*” before their names in the Services list box and the Rules list box.
Page 145: Figure 64 Firewall Example: Edit Rule: Select Customized Services
P-793H User’s Guide Figure 64 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.
Page 146: Anti-Probing
Figure 65 Firewall Example: Rules: MyService 9.9 Anti-Probing If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. The ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent.
Page 147: Dos Thresholds
Select this option to prevent hackers from finding the ZyXEL Device by probing for Requests for unused ports. If you select this option, the ZyXEL Device will not respond to port Unauthorized request(s) for unused ports, thus leaving the unused ports and the ZyXEL Device Services.
Page 148: Half-Open Sessions
• If the Blocking Time timeout is 0 (the default), then the ZyXEL Device deletes the oldest existing half-open session for the host for every new connection request to the host. This ensures that the number of half-open sessions to a given host will never exceed the threshold.
Page 149: Configuring Firewall Thresholds
ZyXEL Device deletes half-open sessions as required to accommodate new connection attempts. For example, if One Minute Low is 80 and One Minute High is 100, the ZyXEL Device starts deleting half-open sessions when more than 100 session...
Page 150 Connection Request Comes. Deny New Select this, and specify for how long the ZyXEL Device should block new Connection Request connection requests when TCP Maximum Incomplete is reached. Enter the length of blocking time in minutes (between 1 and 256).
Page 151: Chapter 10 Content Filtering
Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL. You can set a schedule for when the ZyXEL Device performs content filtering. You can also specify trusted IP addresses on the LAN for which the ZyXEL Device will not perform content filtering.
Page 152: Configuring The Schedule
Click Cancel to return to the previously saved settings. 10.3 Configuring the Schedule Use this screen to set the days and times for the ZyXEL Device to perform content filtering. Click Security > Content Filter > Schedule. The screen appears as shown.
Page 153: Configuring Trusted Computers
Click Cancel to return to the previously saved settings. 10.4 Configuring Trusted Computers Use this screen to exclude a range of users on the LAN from content filtering on your ZyXEL Device. Click Security > Content Filter > Trusted. The screen appears as shown.
Page 154 P-793H User’s Guide Chapter 10 Content Filtering...
Page 155: Chapter 11 Ipsec Vpn
IPSec router will use. The first phase establishes an Internet Key Exchange (IKE) SA between the ZyXEL Device and remote IPSec router. The second phase uses the IKE SA to securely establish an IPSec SA through which the ZyXEL Device and remote IPSec router can send data between computers on the local network and remote network.
Page 156: Ike Sa Overview
11.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router In the ZyXEL Device, you have to specify the IP addresses of the ZyXEL Device and the remote IPSec router to establish an IKE SA.
Page 157: Ike Sa Proposal
SA. The remote IPSec router selects an acceptable proposal and sends the accepted proposal back to the ZyXEL Device. If the remote IPSec router rejects all of the proposals (for example, if the VPN tunnel is not configured correctly), the ZyXEL Device and remote IPSec router cannot establish an IKE SA.
Page 158: Authentication
The ZyXEL Device and the remote IPSec router each has its own identity, so each one must store two sets of information, one for itself and one for the other router. Local ID type and ID...
Page 159: Additional Topics For Ike Sa
Peer ID content: tom@yourcompany.com It is also possible to configure the ZyXEL Device to ignore the identity of the remote IPSec router. In this case, you usually set the peer ID type to Any. This is not as secure as other peer ID types, however.
Page 160: Vpn, Nat And Nat Traversal
Aggressive mode does not provide as much security as main mode because the identity of the ZyXEL Device and the identity of the remote IPSec router are not encrypted. It is usually used when the address of the initiator is not known by the responder and both parties want to use pre-shared keys for authentication (for example, telecommuters).
Page 161: Local Network And Remote Network
Header Header In tunnel mode, the ZyXEL Device encapsulates the entire IP packet. As a result, there are two IP headers, as well as the header for the active protocol. • Outside header: The outside IP header contains the IP addresses of the ZyXEL Device and remote IPSec router.
Page 162: Ipsec Sa Proposal And Perfect Forward Secrecy
In transport mode, the IP header is the original IP header, and the encapsulation depends on the active protocol. If the active protocol is AH, the ZyXEL Device includes part of the IP header when it encapsulates the packet. If the active protocol is ESP, the ZyXEL Device does not include the original IP header when it encapsulates the packet, in which case it is not possible to verify the integrity of the source IP address.
Page 163: Vpn Setup Screen
P-793H User’s Guide In IPSec SAs using manual keys, the ZyXEL Device and remote IPSec router do not establish an IKE SA. They only establish an IPSec SA. As a result, an IPSec SA using manual keys has some characteristics of IKE SAs and some characteristics of IPSec SAs. There are also some differences between IPSec SAs using manual keys and other types of SAs.
Page 164: Figure 78 Vpn > Setup
This field displays the identification name for this VPN policy. Local Address This is the IP address(es) of computer(s) on your local network behind your ZyXEL Device. The same (static) IP address is displayed twice when the Local Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Single.
Page 165: Editing Vpn Policies
Click the Edit icon to go to the screen where you can edit the VPN configuration. Click the Remove icon to remove an existing VPN configuration. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings.
Page 166: Figure 79 Vpn > Setup > Edit
Keep Alive Select either Yes or No from the drop-down list box. Select Yes to have the ZyXEL Device automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic. The remote IPSec router must also have keep alive enabled in order for this feature to work.
Page 167 When the Local Address Type field is configured to Range, enter the end (static) IP address, in a range of computers on the LAN behind your ZyXEL Device. When the Local Address Type field is configured to Subnet, this is a subnet mask on the LAN behind your ZyXEL Device.
Page 168 The domain name or e-mail address is for identification purposes only and can be any string. My IP Address Enter the WAN IP address of your ZyXEL Device. The VPN tunnel has to be rebuilt if this IP address changes.
Page 169 For IP, type the IP address of the computer with which you will make the VPN connection. If you configure this field to 0.0.0.0 or leave it blank, the ZyXEL Device will use the address in the Secure Gateway Address field (refer to the Secure Gateway Address field description).
Page 170: Configuring Advanced Ike Settings
Select MD5 for minimal security and SHA1 for maximum security. Advanced Click Advanced to configure more detailed settings of your IKE key management. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 11.4 Configuring Advanced IKE Settings Section 11.1 on page 155...
Page 171: Figure 80 Vpn > Setup > Edit > Advanced
Phase 1 Negotiation Mode Select the negotiation mode for the IKE SA. Main is more secure than Aggressive. The ZyXEL Device and remote IPSec router must use the same negotiation mode. Chapter 11 IPSec VPN...
Page 172 Table 52 VPN > Setup > Edit > Advanced (continued) LABEL DESCRIPTION Pre-Shared Key Type the pre-shared key the IKE SA uses. The ZyXEL Device and remote IPSec router must use the same pre-shared key. If the keys are different, the ZyXEL Device receives a “PYLD_MALFORMED” (payload malformed) packet.
Page 173: Configuring Manual Key
DH1 enables PFS and uses Diffie-Hellman Group 1, a 768-bit random number. DH2 enables PFS and uses Diffie-Hellman Group 2, a 1024-bit random number. Apply Click Apply to save your changes back to the ZyXEL Device and return to the VPN-IKE screen. Cancel Click Cancel to return to the previous screen without saving your changes.
Page 174: Figure 81 Vpn > Setup > Edit > Manual
If there is a private DNS server that services the VPN, type its IP address here. IPSec VPN) The ZyXEL Device assigns this additional DNS server to the ZyXEL Device 's DHCP clients that have IP addresses in this IPSec rule's range of local addresses.
Page 175 When the Local Address Type field is configured to Range, enter the end (static) IP address, in a range of computers on the LAN behind your ZyXEL Device. When the Local Address Type field is configured to Subnet, this is a subnet mask on the LAN behind your ZyXEL Device.
Page 176: Viewing Sa Monitor
A tunnel with no outbound or inbound traffic is "idle" and does not timeout until the SA lifetime period expires. You can also configure the ZyXEL Device to renegotiate an IPSec SA when the SA lifetime expires, even if there is no traffic.
Page 177: Configuring Global Setting
Refresh Click Refresh to display the current active VPN connection(s). 11.7 Configuring Global Setting Use this screen to change your ZyXEL Device’s global settings. Click VPN and then VPN Global Setting. The screen appears as shown. Chapter 11 IPSec VPN...
Page 178: Telecommuter Vpn/Ipsec Examples
The following examples show how multiple telecommuters can make VPN connections to a single ZyXEL Device at headquarters. The telecommuters use IPSec routers with dynamic WAN IP addresses. The ZyXEL Device at headquarters has a static public IP address. 11.8.1 Telecommuters Sharing One VPN Rule Example...
Page 179: Telecommuters Using Unique Vpn Rules Example
VPN rule for a VPN connection with a ZyXEL Device located at headquarters. The ZyXEL Device at headquarters (HQ in the figure) identifies each incoming SA by its ID type and content and uses the appropriate VPN rule to establish the VPN connection.
Page 180: Figure 85 Telecommuters Using Unique Vpn Rules Example
Local ID Type: E-mail Peer ID Type: E-mail Local ID Content: bob@bigcompanyhq.com Peer ID Content: bob@bigcompanyhq.com Telecommuter A (telecommutera.dydns.org) Headquarters ZyXEL Device Rule 1: Local ID Type: IP Peer ID Type: IP Local ID Content: 192.168.2.12 Peer ID Content: 192.168.2.12 Local IP Address: 192.168.2.12...
Page 181: Vpn And Remote Management
P-793H User’s Guide 11.9 VPN and Remote Management If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Remote Management) to allow access for that service. Chapter 11 IPSec VPN...
Page 182 P-793H User’s Guide Chapter 11 IPSec VPN...
Page 183: Chapter 12 Static Route
ZyXEL Device about the networks beyond the remote nodes. Figure 86 Example of Static Routing Topology 12.2 Configuring Static Route Use this screen to look at static routes in the ZyXEL Device. Click Advanced > Static Route to open the Static Route screen. Chapter 12 Static Route...
Page 184: Static Route Edit
Click the edit icon to go to the screen where you can set up a static route on the ZyXEL Device. Click the delete icon to remove a static route from the ZyXEL Device. A window displays asking you to confirm that you want to delete the route.
Page 185: Figure 88 Static Route > Static Route > Edit
Back Click Back to return to the previous screen without saving. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. Chapter 12 Static Route...
Page 186 P-793H User’s Guide Chapter 12 Static Route...
Page 187: Chapter 13 Bandwidth Management
(bandwidth budgets) to different bandwidth rules. The ZyXEL Device applies bandwidth management to traffic that it forwards out through an interface. The ZyXEL Device does not control the bandwidth of traffic that comes into an interface. Bandwidth management applies to all traffic flowing out of the router, regardless of the traffic's source.
Page 188: Application And Subnet-Based Bandwidth Management
64 Kbps 64 Kbps 13.5 Scheduler The scheduler divides up an interface’s bandwidth among the bandwidth classes. The ZyXEL Device has two types of scheduler: fairness-based and priority-based. 13.5.1 Priority-based Scheduler With the priority-based scheduler, the ZyXEL Device forwards traffic from bandwidth classes according to the priorities that you assign to the bandwidth classes.
Page 189: Fairness-Based Scheduler
When you enable maximize bandwidth usage, the ZyXEL Device first makes sure that each bandwidth class gets up to its bandwidth allotment. Next, the ZyXEL Device divides up an interface’s available bandwidth (bandwidth that is unbudgeted or unused by the classes) depending on how many bandwidth classes require more bandwidth and on their priority levels.
Page 190: Maximize Bandwidth Usage Example
P-793H User’s Guide 13.6.2 Maximize Bandwidth Usage Example Here is an example of a ZyXEL Device that has maximize bandwidth usage enabled on an interface. The following table shows each bandwidth class’s bandwidth budget. The classes are set up based on subnets. The interface is set to 10240 kbps. Each subnet is allocated 2048 kbps.
Page 191: Fairness-Based Allotment Of Unused And Unbudgeted Bandwidth
• Each class gets up to its budgeted bandwidth. The administration class only uses 1024 kbps of its budgeted 2048 kbps. • The ZyXEL Device divides the total 3072 kbps total of unbudgeted and unused bandwidth equally among the other classes. 1024 kbps extra goes to each so the other classes each get a total of 3072 kbps.
Page 192: Bandwidth Management Priorities
P-793H User’s Guide 13.6.4 Bandwidth Management Priorities The following table describes the priorities that you can apply to traffic that the ZyXEL Device forwards out through an interface. Table 65 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED.
Page 193: Bandwidth Management Rule Setup
Select Priority-Based to give preference to bandwidth classes with higher priorities. Select Fairness-Based to treat all bandwidth classes equally. Select this check box to have the ZyXEL Device divide up all of the interface’s Bandwidth unallocated and/or unused bandwidth among the bandwidth classes that require Usage bandwidth.
Page 194: Rule Configuration
Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing rule. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh.
Page 195: Figure 92 Bandwidth Mgmt > Rule Setup > Add/Edit
LABEL DESCRIPTION Rule Configuration Active Select this check box to have the ZyXEL Device apply this bandwidth management rule. Enable a bandwidth management rule to give traffic that matches the rule priority over traffic that does not match the rule.
Page 196 (service type) number. ID 0 means any protocol number. Back Click Back to go to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. Chapter 13 Bandwidth Management...
Page 197: Bandwidth Monitor
13.9 Bandwidth Monitor Section 13.1 on page 187 for background information. Use this screen to view the ZyXEL Device’s bandwidth usage and allotments. Click Advanced > Bandwidth MGMT > Monitor. The screen appears as shown. Select an interface from the drop-down list box to view the bandwidth usage of its bandwidth rules.
Page 198 P-793H User’s Guide Chapter 13 Bandwidth Management...
Page 199: Chapter 14 Dynamic Dns Setup
Section 14.2 on page 199 for configuration instruction. 14.2 Configuring Dynamic DNS Use this screen to change your ZyXEL Device’s DDNS settings. Click Advanced > Dynamic DNS. The screen appears as shown. Section 14.1 on page 199 for more information.
Page 200: Figure 94 Dynamic Dns > Dynamic Dns
Select the type of service that you are registered for from your Dynamic DNS Type service provider. Host Name Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider. You can specify up to two host names in the field separated by a comma (","). User Name Type your user name.
Page 201 Table 69 Dynamic DNS > Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS Select this option only when there are one or more NAT routers between the ZyXEL server auto Device and the DDNS server. This feature has the DDNS server automatically detect IP detect and use the IP address of the NAT router that has a public IP address.
Page 202 P-793H User’s Guide Chapter 14 Dynamic DNS Setup...
Page 203: Remote Management Configuration
To disable remote management of a service, select Disable in the corresponding Access Status field. You may only have one remote management session running at a time. The ZyXEL Device automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts.
Page 204: Remote Management And Nat
• Use the ZyXEL Device’s LAN IP address when configuring from the LAN. 15.1.3 System Timeout There is a system management idle timeout. The ZyXEL Device automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling.
Page 205: Telnet
15.4 Configuring Telnet Section 15.1 on page 203 for background information. Use this screen to configure Telnet access to the ZyXEL Device. Click Advanced > Remote MGMT > Telnet tab to display the screen as shown. Figure 97 Remote MGMT > Telnet...
Page 206: Configuring Ftp
Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
Page 207: Snmp
Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
Page 208: Supported Mibs
• Trap - Used by the agent to inform the manager of some events. 15.6.1 Supported MIBs The ZyXEL Device supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance.
Page 209: Configuring Snmp
15.6.3 Configuring SNMP Section 15.1 on page 203 for background information. Use this screen to change your ZyXEL Device’s SNMP settings. Click Advanced > Remote MGMT > SNMP. The screen appears as shown. Figure 100 Remote MGMT > SNMP The following table describes the labels in this screen.
Page 210: Configuring Dns
Click Advanced > Remote MGMT > DNS. The screen appears as shown. Use this screen to set from which IP address the ZyXEL Device will accept DNS queries and on which interface it can send them your ZyXEL Device’s DNS settings.
Page 211: Configuring Icmp
Click Cancel to begin configuring this screen afresh. 15.8 Configuring ICMP Use this screen to control how the ZyXEL Device responds to other types of requests. Click Advanced > Remote MGMT > ICMP. The screen appears as shown. If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned.
Page 212: 212
Click Cancel to begin configuring this screen afresh. 15.9 TR-069 TR-069 is a protocol that defines how your ZyXEL Device can be managed via a management server such as ZyXEL’s Vantage CNM Access. An administrator can use CNM Access to remotely set up the ZyXEL Device, modify settings, perform firmware upgrades as well as monitor and diagnose the ZyXEL Device.
Page 213: Figure 103 Enabling Tr-069
Whether or not the device must periodically send periodicEnable information to CNM Access. It is recommended to set this [0:Disable/ value to 1 in order for the ZyXEL Device to send 1:Enable] information to CNM Access. The duration in seconds of the interval for which the device...
Page 214 P-793H User’s Guide Chapter 15 Remote Management Configuration...
Page 215: Universal Plug-And-Play (Upnp)
P-793H User’s Guide H A P T E R Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 16.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices.
Page 216: Cautions With Upnp
See the following sections for examples of installing and using UPnP. 16.2.1 Configuring UPnP Use this screen to set up UPnP in the ZyXEL Device. Click Advanced > UPnP to display the screen shown next. Section 16.1 on page 215 for more information.
Page 217: Installing Upnp In Windows Example
Allow UPnP to pass through Select this to allow UPnP-enabled applications to automatically pass Firewall through the ZyXEL Device’s firewall. This is less secure, but you do not have to configure firewall rules for these applications. Apply Click Apply to save the setting to the ZyXEL Device.
Page 218: Figure 105 Add/Remove Programs: Windows Setup: Communication
P-793H User’s Guide Figure 105 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 106 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next.
Page 219: Figure 107 Network Connections
P-793H User’s Guide Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
Page 220: Using Upnp In Windows Xp Example
This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device.
Page 221: Figure 110 Network Connections
P-793H User’s Guide Figure 110 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Figure 111 Internet Connection Properties Chapter 16 Universal Plug-and-Play (UPnP)
Page 222: Figure 112 Internet Connection Properties: Advanced Settings
P-793H User’s Guide 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 112 Internet Connection Properties: Advanced Settings Figure 113 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically.
Page 223: Figure 115 Internet Connection Status
Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device.
Page 224: Figure 116 Network Connections
Figure 116 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. Chapter 16 Universal Plug-and-Play (UPnP)
Page 225: Figure 117 Network Connections: My Network Places
P-793H User’s Guide Figure 117 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 118 Network Connections: My Network Places: Properties: Example...
Page 226 P-793H User’s Guide Chapter 16 Universal Plug-and-Play (UPnP)
Page 227: Chapter 17 System
The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used. While you must enter the host name (System Name), the domain name can be assigned from the ZyXEL Device via DHCP.
Page 228: Figure 119 System > General
Password User Password If you log in with the user password, you can only view the ZyXEL Device status. The default user password is user. New Password Type your new system password (up to 30 characters). Note that as you type a password, the screen displays a (*) for each character you type.
Page 229: Time Setting
17.2 Time Setting To change your ZyXEL Device’s time and date, click Maintenance > System > Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone. Figure 120 System > Time Setting...
Page 230: Table 81 System > Time Setting
When you set Time and Date Setup to Manual, enter the new date in this field and then click Apply. Get from Time Select this radio button to have the ZyXEL Device get the time and date from the Server time server you specified below.
Page 231 In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh.
Page 232 P-793H User’s Guide Chapter 17 System...
Page 233: Chapter 18 Logs
The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server.
Page 234: Configuring Log Settings
Use the Log Settings screen to configure where the ZyXEL Device is to send logs; the schedule for when the ZyXEL Device is to send the logs and which logs and/or immediate alerts the ZyXEL Device is to record. See Section 18.1 on page 233 for more information.
Page 235: Figure 122 Logs > Log Settings
ZyXEL Device sends. Not all ZyXEL Device models have this field. Send Log To The ZyXEL Device sends logs to the e-mail address specified in this field. If this field is left blank, the ZyXEL Device does not send logs via e-mail.
Page 236 Enter the time of the day in 24-hour format (for example 23:00 equals 11:00 pm) to send the logs. Clear log after Select the check box to delete all the logs after the ZyXEL Device sends an E-mail of sending mail the logs.
Page 237: Chapter 19 Tools
ZyXEL Device. 19.1 Firmware Upgrade Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, "ZyXEL Device.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot.
Page 238: Figure 124 Firmware Upload In Progress
Note: Do NOT turn off the ZyXEL Device while firmware upload is in progress! Note: Do NOT turn off the ZyXEL Device while firmware upload is in progress! After you see the Firmware Upload in Progress screen, wait two minutes before logging into the ZyXEL Device again.
Page 239: Configuration
Figure 126 Error Message 19.2 Configuration Use this screen to back up or restore the configuration of the ZyXEL Device. You can also use this screen to reset the ZyXEL Device to the factory default settings. To access this screen, click Maintenance >...
Page 240: Figure 128 Configuration Upload Successful
If the ZyXEL Device’s IP address is different in the configuration file you selected, you may need to change the IP address of your computer to be in the same subnet as that of the ZyXEL Device. See your Quick Start Guide or the appendices for details on how to set up your computer’s IP address.
Page 241: Restart
19.3 Restart System restart allows you to reboot the ZyXEL Device without turning the power off. Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration. Figure 131 Tools > Restart...
Page 242 P-793H User’s Guide Chapter 19 Tools...
Page 243: Chapter 20 Diagnostic
P-793H User’s Guide H A P T E R Diagnostic These read-only screens display information to help you identify problems with the ZyXEL Device. 20.1 General Diagnostic Use this screen to ping a computer on the network. Click Maintenance > Diagnostic to open the screen shown next.
Page 244: Figure 133 Diagnostic > Dsl Line
P-793H User’s Guide Figure 133 Diagnostic > DSL Line The following table describes the fields in this screen. Table 87 Diagnostic > DSL Line LABEL DESCRIPTION ATM Status Click this button to view ATM status. Capture All Logs Click this button to display all logs generated by the DSL line.
Page 245: Chapter 21 Introducing The Smt
H A P T E R Introducing the SMT The System Management Terminal (SMT) provides a text-based, menu-driven console to manage the ZyXEL Device. This chapter describes how to access the SMT and then provides an overview of its menus. 21.1 Accessing the SMT Use Telnet to access the SMT.
Page 246: Smt Menu Items
ZyXEL Device will automatically log you out. You will then have to telnet into the ZyXEL Device again. You can use the web configurator or the CI commands (menu 24.8) to change the inactivity timeout period.
Page 247: Table 89 Smt Menus Overview
P-793H User’s Guide Table 88 Main Menu Summary MENU FUNCTION 21 Filter and Firewall Use this menu to configure filters and to activate or deactivate the firewall. Setup 22 SNMP Configuration Use this menu to configure SNMP. 23 System Password Use this menu to change your password.
Page 248: Navigating The Smt Interface
P-793H User’s Guide Table 89 SMT Menus Overview (continued) MENUS SUB MENUS 24 System Maintenance 24.1 System Maintenance - Status 24.2 System Information and 24.2.1 System Maintenance - Console Port Speed Information 24.2.2 System Maintenance - Change Console Port Speed 24.3 System Maintenance -...
Page 249 P-793H User’s Guide Table 90 Main Menu Commands OPERATION KEYSTROKE DESCRIPTION Move to a “hidden” Press [SPACE BAR] Fields beginning with “Edit” lead to hidden menus and menu to change No to Yes have a default setting of No. Press [SPACE BAR] once to then press [ENTER].
Page 250 P-793H User’s Guide Chapter 21 Introducing the SMT...
Page 251: Chapter 22 General Setup
Spaces are not allowed, but dashes “-” and underscores "_" are accepted. Location Enter a descriptive name for the place where the ZyXEL Device is located. You can enter up to 31 characters, or you can leave this field blank. Contact Person’s Enter the name of the person to contact for questions about the ZyXEL Device.
Page 252: Configuring Dynamic Dns
Bridge If Route IP is Yes, select Yes in this field to enable bridging in the ZyXEL Device for protocols that are not supported by IP-based routing (for example, SNA). If Route IP is No, select Yes in this field to enable bridging in the ZyXEL Device for all protocols.
Page 253: Table 92 Menu 1.1: Configure Dynamic Dns
IP address specified below. Only select Yes if the ZyXEL Device uses or is behind a static public IP address. Use IP Address Enter the static public IP address if you select Yes in the Use Specified IP Address field.
Page 254 P-793H User’s Guide Chapter 22 General Setup...
Page 255: Chapter 23 Wan Setup
Service Type Press [SPACE BAR] to indicate whether the ZyXEL Device is the server or the client in the DSL connection. Select Server if this ZyXEL Device is the server in a point-to- point application. (See Chapter 4 on page 67.) Otherwise, select Client.
Page 256 Select the method that the ZyXEL Device uses to check the DSL connection. Mechanism Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up. Select ICMP to have the ZyXEL Device periodically ping the IP addresses configured in the Check WAN IP Address fields.
Page 257: Configuring Traffic Redirect
Use this field to turn the traffic redirect feature on (Yes) or off (No). Configuration Backup Type the IP address of your backup gateway in dotted decimal notation. The ZyXEL Gateway IP Device automatically forwards traffic to this IP address if the ZyXEL Device's Internet Address connection terminates.
Page 258: Configuring Dial Backup In Menu 2
P-793H User’s Guide 23.4 Configuring Dial Backup in Menu 2 From the main menu, enter 2 to open menu 2. Figure 140 Menu 2.2: Dial Backup Setup Menu 2.2 - Dial Backup Setup Dial-Backup: Active= No Port Speed= 115200 AT Command String: Init= at&fs0=0...
Page 259: Figure 141 Menu 2.2.1: Advanced Dial Backup Setup
Call Control Dial Timeout (sec) Enter a number of seconds for the ZyXEL Device to keep trying to set up an outgoing call before timing out (stopping). The ZyXEL Device times out and stops if it cannot set up an outgoing call within the timeout value.
Page 260 P-793H User’s Guide Chapter 23 WAN Setup...
Page 261: Lan Setup
P-793H User’s Guide H A P T E R LAN Setup Use this to apply LAN filters, configure LAN DHCP and TCP/IP settings, and to activate or deactivate VLAN on each LAN port. 24.1 Accessing the LAN Menus From the main menu, enter 3 to open Menu 3 - LAN Setup.
Page 262: Tcp/Ip And Dhcp Setup Menu
DHCP This field enables/disables the DHCP server. If set to Server, your ZyXEL Device will act as a DHCP server. You should configure the rest of the fields in this section except for Remote DHCP Server. If set to Relay, the ZyXEL Device acts as a surrogate DHCP server and relays requests and responses between the remote server and the clients.
Page 263 Device's LAN IP address displays in the IP Address field below (read-only). The ZyXEL Device tells the DHCP clients on the LAN that the ZyXEL Device itself is the DNS server. When a computer on the LAN sends a DNS query to the ZyXEL Device, the ZyXEL Device forwards the query to the ZyXEL Device's system DNS server (configured in menu 1) and relays the response back to the computer.
Page 264: Lan Ip Alias
Enter the IP address of your ZyXEL Device in dotted decimal notation. IP Subnet Mask Your ZyXEL Device will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the ZyXEL Device.
Page 265: Port-Based Vlan Setup
P-793H User’s Guide 24.4.1 Port-based VLAN Setup You use menu 3.6 to control whether or not the ZyXEL Device sends layer-2 traffic (MAC addresses) between LAN ports. For example, if LAN port 1 and LAN port 2 are connected to different departments, you might not want the ZyXEL Device to broadcast traffic to both networks.
Page 266 P-793H User’s Guide Chapter 24 LAN Setup...
Page 267: Chapter 25 Internet Access Setup
Use this menu to configure your Internet connection. Use information from your ISP along with the instructions in this chapter to set up your ZyXEL Device to access the Internet. Contact your ISP to determine what encapsulation type you should use.
Page 268 P-793H User’s Guide Table 99 Menu 4: Internet Access Setup (continued) FIELD DESCRIPTION The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic). Enter the VCI assigned to you.
Page 269: Chapter 26 Remote Node Setup
P-793H User’s Guide H A P T E R Remote Node Setup Use this menu to configure detailed remote node settings (for example, your ISP is a remote node) as well as apply filters. 26.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gateway.
Page 270: Figure 149 Menu 11.1: Remote Node Profile (Nodes 1-7)
This section is only enabled for PPPoA or PPPoE connections. Rem Login Type the login name that this remote node will use to call your ZyXEL Device. The login name and the Rem Password will be used to authenticate this node.
Page 271 Enter the schedule sets that apply to this connection. Nailed-Up Connection Select this if you want the ZyXEL Device to automatically connect to your ISP when it is turned on and to remain connected all the time. This is not recommended if you pay for your Internet connected based on the amount of time you are connected.
Page 272: Figure 150 Menu 11.1: Remote Node Profile (Node 8)
Enter the password again. Authen This field appears if you select PPPoE in the Encapsulation field. Select what type of authentication your ISP uses. Select CHAP/PAP if you want the ZyXEL Device to support both choices. Pri Phone # Type the phone number(s) for this remote node. If the Primary Phone number...
Page 273: Remote Node Network Layer Options
Enter the schedule sets that apply to this connection. Nailed-Up Connection Select this if you want the ZyXEL Device to automatically connect to your ISP when it is turned on and to remain connected all the time. This is not recommended if you pay for your Internet connected based on the amount of time you are connected.
Page 274: Table 102 Menu 11.3: Remote Node Network Layer Options
Enter the IP address of the gateway provided by your ISP. These fields appear if you selected PPPoE in Encapsulation in menu 11. Rem IP Addr Enter the IP address of the remote (peer) computer to which the ZyXEL Device connects. Rem Subnet Mask Enter the subnet mask of the remote (peer) computer to which the ZyXEL Device connects.
Page 275: Remote Node Filter
Use this menu to specify the filter set(s) to apply to the incoming and outgoing traffic between this remote node and the ZyXEL Device to prevent certain packets from triggering calls. You can specify up to 4 filter sets separated by commas, for example, 1, 5, 9, 12, in each filter field.
Page 276: Remote Node Atm Layer Options
P-793H User’s Guide Figure 152 Menu 11.5: Remote Node Filter Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Call Filter Sets: protocol filters= device filters= The following table describes the labels in this menu.
Page 277: Figure 153 Menu 11.6: Remote Node Atm Layer Options
P-793H User’s Guide Figure 153 Menu 11.6: Remote Node ATM Layer Options Menu 11.6 - Remote Node ATM Layer Options VPI/VCI (VC-Multiplexing) VC Options for IP: VC Options for Bridge: VPI #= 0 VPI #= 0 VCI #= 38 VCI #= 38...
Page 278: Advance Setup Options
Passthrough to allow up to ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the ZyXEL Device. Each host can have a separate account and a public WAN IP address.
Page 279: Chapter 27 Static Route Setup
P-793H User’s Guide H A P T E R Static Route Setup Use this menu to configure IP and bridge (MAC) static routes. 27.1 IP Static Route Setup Enter 1 from the menu 12. Select one of the IP static routes as shown next to configure IP static routes in menu 12.1.
Page 280: Bridge Static Route Setup
ZyXEL Device; over the WAN, the gateway must be the IP address of one of the remote nodes. Metric Enter a number from 1 to 15 to set this route’s priority among the ZyXEL Device’s routes (see Section 5.2 on page 74).
Page 281: Figure 158 Menu 12.3.1: Edit Bridge Static Route
ZyXEL Device that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your ZyXEL Device; over the WAN, the gateway must be the IP address of one of the remote nodes.
Page 282 P-793H User’s Guide Chapter 27 Static Route Setup...
Page 283: Chapter 28 Nat Setup
Section 28.2.1 on page 285 for a detailed description of the NAT set for SUA. The ZyXEL Device also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types.
Page 284: Figure 159 Menu 4: Applying Nat For Internet Access
P-793H User’s Guide Figure 159 Menu 4: Applying NAT for Internet Access Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= ENET ENCAP Multiplexing= LLC-based VPI #= 0 VCI #= 33 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0...
Page 285: Nat Setup
Section 28.2.1 on page 285). Choose SUA Only if you have just one public WAN IP address for your ZyXEL Device. 28.2 NAT Setup Use the address mapping sets menus and submenus to create the mapping table used to assign global addresses to computers on the LAN and the DMZ.
Page 286: User-Defined Address Mapping Sets
P-793H User’s Guide Figure 162 Menu 15.1: Address Mapping Sets Menu 15.1 - Address Mapping Sets 1. ACL Default Set 255. SUA (read only) Select the address mapping set you want to modify. The fields in address 255 are used for SUA and are read-only.
Page 287: Table 109 Menu 15.1.1: Address Mapping Rules
Confirm…” to save your configuration, or press [ESC] to cancel. Ordering your rules is important because the ZyXEL Device applies the rules in the order that you specify. When a rule matches the current packet, the ZyXEL Device takes the corresponding action and the remaining rules are ignored.
Page 288: Configuring A Server Behind Nat
Confirm…” to save your configuration, or press [ESC] to cancel. 28.3 Configuring a Server behind NAT Note: If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup.
Page 289: Figure 165 Menu 15.2: Nat Server Sets
1 Enter 15 in the main menu to go to Menu 15 - NAT Setup. 2 Enter 2 to open menu 15.2 (and configure the address mapping rules for the WAN port on a ZyXEL Device with a single WAN port). Figure 165 Menu 15.2: NAT Server Sets Menu 15.2 - NAT Server Sets...
Page 290: General Nat Examples
Rule This field is a sequential value, and it is not associated with a specific rule. The sequence is important, however. The ZyXEL Device checks each active rule in order, and it only follows the first one that applies. Start Port This field displays the beginning of the range of port numbers forwarded by this rule.
Page 291: Example 2: Internet Access With An Default Server
P-793H User’s Guide Figure 168 Menu 4: Internet Access & NAT Example Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= ENET ENCAP Multiplexing= LLC-based VPI #= 0 VCI #= 33 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0...
Page 292: Example 3: Multiple Public Ip Addresses With Inside Servers
P-793H User’s Guide Figure 170 Menu 15.2: Specifying an Inside Server Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 192.168.1.10 192.168.1.33 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0...
Page 293: Figure 171 Nat Example 3
P-793H User’s Guide Figure 171 NAT Example 3 1 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3) in Figure 172 on page 293.
Page 294: Figure 173 Example 3: Menu 15.1.1.1
1 Enter 15 from the main menu. 2 Enter 2 to go to menu 15.2. 3 (Enter 1 or 2 from menu 15.2 on a ZyXEL Device with multiple WAN ports) configure the menu as shown in Figure 175 on page 295.
Page 295: Example 4: Nat Unfriendly Application Programs
P-793H User’s Guide Figure 175 Example 3: Menu 15.2 Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.21 192.168.1.20 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 28.4.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation.
Page 296: Figure 177 Example 4: Menu 15.1.1.1: Address Mapping Rule
P-793H User’s Guide Figure 177 Example 4: Menu 15.1.1.1: Address Mapping Rule Menu 15.1.1.1 Address Mapping Rule Type= Many-to-Many No Overload Local IP: Start= 192.168.1.10 = 192.168.1.12 Global IP: Start= 10.132.50.1 = 10.132.50.3 Server Mapping Set= N/A After you’ve configured your rule, you should be able to check the settings in menu 15.1.1 as shown next.
Page 297: Chapter 29 Firewall Setup
H A P T E R Firewall Setup Use this menu to activate or deactivate the firewall. 29.1 Using ZyXEL Device SMT Menus From the main menu enter 21 to go to Menu 21 - Filter and Firewall Setup to display the screen shown next.
Page 298 P-793H User’s Guide Note: Configure the firewall rules using the web configurator or CLI commands. Chapter 29 Firewall Setup...
Page 299: Chapter 30 Filter Configuration
This chapter shows you how to create and apply filters. 30.1 Introduction to Filters Your ZyXEL Device uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later.
Page 300: The Filter Structure Of The Zyxel Device
A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for NetBIOS, into a single set and give it a descriptive name. The ZyXEL Device allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system.
Page 301: Configuring A Filter Set
24 rules active for a single port. 30.2 Configuring a Filter Set The ZyXEL Device includes filtering for NetBIOS over TCP/IP packets by default. To configure another filter set, follow the procedure below. Chapter 30 Filter Configuration...
Page 302: Figure 183 Menu 21: Filter And Firewall Setup
P-793H User’s Guide 1 Enter 21 in the main menu to open menu 21. Figure 183 Menu 21: Filter and Firewall Setup Menu 21 - Filter and Firewall Setup 1. Filter Setup 2. Firewall Setup 2 Enter 1 to bring up the following menu.
Page 303: Figure 185 Menu 21.1.1: Filter Rules Summary
P-793H User’s Guide Figure 185 Menu 21.1.1: Filter Rules Summary Menu 21.1.1 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - The following table describes the labels in this screen. Table 112 Abbreviations Used in the Filter Rules Summary Menu...
Page 304: Configuring A Filter Rule
If you include a protocol filter set in a device filter field or vice versa, the ZyXEL Device will warn you and will not allow you to save.
Page 305: Figure 186 Menu 21.1.1.1: Tcp/Ip Filter Rule
P-793H User’s Guide Figure 186 Menu 21.1.1.1: TCP/IP Filter Rule Menu 21.1.1.1 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= No IP Protocol= 0 IP Source Route= No Destination: IP Addr= IP Mask= Port #=...
Page 306 P-793H User’s Guide Table 114 Menu 21.1.1.1: TCP/IP Filter Rule FIELD DESCRIPTION Port # Comp Press [SPACE BAR] and then [ENTER] to select the comparison to apply to the source port in the packet against the value given in Source: Port #.
Page 307: Configuring A Generic Filter Rule
P-793H User’s Guide Figure 187 Executing an IP Filter 30.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.
Page 308: Figure 188 Menu 21.1.1.1: Generic Filter Rule
P-793H User’s Guide For generic rules, the ZyXEL Device treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes.
Page 309: Example Filter
Menu 21.1.1 - Filter Rules Summary. 30.3 Example Filter Let’s look at an example to block outside users from accessing the ZyXEL Device via telnet. Please see our included disk for more example filters. Figure 189 Telnet Filter Example 1 Enter 21 from the main menu to open Menu 21 - Filter and Firewall Setup.
Page 310: Figure 190 Example Filter: Menu 21.1.3.1
P-793H User’s Guide Figure 190 Example Filter: Menu 21.1.3.1 Menu 21.1.3.1 - TCP/IP Filter Rule Filter #: 3,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= IP Mask= Port #= 23...
Page 311: Filter Types And Nat
NAT for incoming packets. On the other hand, the generic, or device filters are applied to the raw packets that appear on the wire. They are applied at the point when the ZyXEL Device is receiving and sending the packets; i.e., the interface. The interface can be an Ethernet port or any other hardware port.
Page 312: Applying Lan Filters
You can choose up to four filter sets (from twelve) by entering their numbers separated by commas, e.g., 3, 4, 6, 11. Input filter sets filter incoming traffic to the ZyXEL Device and output filter sets filter outgoing traffic from the ZyXEL Device.
Page 313: Chapter 31 Snmp Configuration
Trusted Host If you enter a trusted host, your ZyXEL Device will only respond to SNMP messages from this address. A blank (default) field means your ZyXEL Device will respond to all SNMP messages it receives, regardless of source.
Page 314 P-793H User’s Guide Chapter 31 SNMP Configuration...
Page 315: Chapter 32 System Password
The following table describes the labels in this menu. Table 117 Menu 23: System Password FIELD DESCRIPTION Old Password Enter the current administrator password for the ZyXEL Device. New Password Enter the new administrator password for the ZyXEL Device. Retype to confirm Enter the new administrator password again.
Page 316 P-793H User’s Guide Chapter 32 System Password...
Page 317: System Information & Diagnosis
System Status is a tool that can be used to monitor your ZyXEL Device. Specifically, it gives you information on your system firmware version, number of packets sent and number of packets received.
Page 318: Figure 198 Menu 24.1: System Maintenance - Status
(line (ppp) idle), Dial (starting to trigger a call) and Drop (dropping a call) if you're using PPPoE encapsulation. It displays N/A if the port is not connected. TxPkts This is the number of packets transmitted from the ZyXEL Device to the remote node. RxPkts This is the number of packets received by the ZyXEL Device from the remote node.
Page 319: System Information And Console Port Speed
P-793H User’s Guide Table 118 Menu 24.1: System Maintenance - Status (continued) FIELD DESCRIPTION TxPkts This is the number of transmitted packets on this port. RxPkts This is the number of received packets on this port. This section displays information about the WAN port.
Page 320: Console Port Speed
Table 119 Menu 24.2.1: System Maintenance - Information FIELD DESCRIPTION Name This is the ZyXEL Device's system name + domain name assigned in menu 1. For example, System Name= xxx; Domain Name= baboo.mickey.com Name= xxx.baboo.mickey.com Routing Refers to the routing protocol used.
Page 321: Log And Trace
Console Port Speed: 9600 33.4 Log and Trace There are two logging facilities in the ZyXEL Device. The first is the error logs and trace records that are stored locally. The second is the UNIX syslog facility for message logging.
Page 322: Syslog Logging
Clear Error Log (y/n): 33.4.2 Syslog Logging The ZyXEL Device uses the syslog facility to log the CDR (Call Detail Record) and system messages to a syslog server. Syslog and accounting can be configured in Menu 24.3.2 - System Maintenance - Syslog Logging, as shown next.
Page 323 Jul 19 11:19:27 192.168.102.2 ZyXEL: board 0 line 0 channel 0, call 1, C01 Outgoing Call dev=2 ch=0 40002 Jul 19 11:19:32 192.168.102.2 ZyXEL: board 0 line 0 channel 0, call 1, C02 OutCall Connected 64000 40002 Jul 19 11:20:06 192.168.102.2 ZyXEL: board 0 line 0 channel 0, call 1, C02 Call...
Page 324 (m) drop (D). Src: Source Address Dst: Destination Address prot: Protocol ("TCP","UDP","ICMP") spo: Source port dpo: Destination portMar 03 10:39:43 202.132.155.97 ZyXEL: GEN[fffffffffffnordff0080] }S05>R01mF Mar 03 10:41:29 202.132.155.97 ZyXEL: GEN[00a0c5f502fnord010080] }S05>R01mF Mar 03 10:41:34 202.132.155.97 ZyXEL: IP[Src=192.168.2.33 Dst=202.132.155.93 ICMP]}S04>R01mF Mar 03 11:59:20 202.132.155.97 ZyXEL:...
Page 325: Diagnostic
P-793H User’s Guide 33.5 Diagnostic The diagnostic facility allows you to test the different aspects of your ZyXEL Device to determine if it is working properly. Menu 24.4 allows you to choose among various types of diagnostic tests to evaluate your system, as shown next. Not all fields are available on all models.
Page 326 P-793H User’s Guide Chapter 33 System Information & Diagnosis...
Page 327: Firmware And Configuration File Maintenance
The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc. It arrives from ZyXEL with a “rom” filename extension. Once you have customized the ZyXEL Device's settings, they can be saved back to your computer under a filename of your choosing.
Page 328: Backup Configuration
The following table is a summary. Please note that the internal filename refers to the filename on the ZyXEL Device and the external filename refers to the filename not on the ZyXEL Device, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary.
Page 329: Using The Ftp Command From The Command Line
4 Enter your password as requested (the default is “1234”). 5 Enter “bin” to set transfer mode to binary. 6 Use “get” to transfer files from the ZyXEL Device to the computer, for example, “get rom-0 config.rom” transfers the configuration file on the ZyXEL Device to your computer and renames it “config.rom”.
Page 330: Gui-Based Ftp Clients
To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next. 1 Use telnet from your computer to connect to the ZyXEL Device and log in. Because TFTP does not have any security checks, the ZyXEL Device records the IP address of the telnet client and accepts TFTP requests only from this address.
Page 331: Tftp Command Example
Enter the IP address of the ZyXEL Device. 192.168.1.1 is the ZyXEL Device’s default IP address when shipped. Send/Fetch Use “Send” to upload the file to the ZyXEL Device and “Fetch” to back up the file on your computer. Local File Enter the path and name of the firmware file (*.bin extension) or configuration file...
Page 332: Backup Via Console Port
P-793H User’s Guide Refer to Section 34.3.5 on page 330 to read about configurations that disallow TFTP and FTP over WAN. 34.3.9 Backup Via Console Port Back up configuration via console port by following the HyperTerminal procedure shown next. Procedures using other serial communications programs should be similar.
Page 333: Restore Configuration
FTP is the preferred method for restoring your current computer configuration to your ZyXEL Device since FTP is faster. Please note that you must wait for the system to automatically restart after the file transfer is complete.
Page 334: Restore Using Ftp Session Example
5 Enter “bin” to set transfer mode to binary. 6 Find the “rom” file (on your computer) that you want to restore to your ZyXEL Device. 7 Use “put” to transfer files from the ZyXEL Device to the computer, for example, “put config.rom rom-0”...
Page 335: Uploading Firmware And Configuration Files
FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the ZyXEL Device, you will see the following screens for uploading firmware and the configuration file using FTP.
Page 336: Configuration File Upload
34.5.3 FTP File Upload Command from the DOS Prompt Example 1 Launch the FTP client on your computer. 2 Enter “open”, followed by a space and the IP address of your ZyXEL Device. 3 Press [ENTER] when prompted for a username.
Page 337: Ftp Session Example Of Firmware File Upload
4 Enter your password as requested (the default is “1234”). 5 Enter “bin” to set transfer mode to binary. 6 Use “put” to transfer files from the computer to the ZyXEL Device, for example, “put firmware.bin ras” transfers the firmware on your computer (firmware.bin) to the ZyXEL Device and renames it “ras”.
Page 338: Tftp Upload Command Example
The file name for the firmware is “ras”. Note that the telnet connection must be active and the ZyXEL Device in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program.
Page 339: Example Xmodem Firmware Upload Using Hyperterminal
34.5.9 Example Xmodem Firmware Upload Using HyperTerminal Click Transfer, then Send File to display the following screen. Figure 222 Example Xmodem Upload After the firmware upload process has completed, the ZyXEL Device will automatically restart. 34.5.10 Uploading Configuration File Via Console Port 1 Select 2 from Menu 24.7 –...
Page 340: Example Xmodem Configuration Upload Using Hyperterminal
34.5.11 Example Xmodem Configuration Upload Using HyperTerminal Click Transfer, then Send File to display the following screen. Figure 224 Example Xmodem Upload After the configuration upload process has completed, restart the ZyXEL Device by entering “atgo”. Chapter 34 Firmware and Configuration File Maintenance...
Page 341: Chapter 35 Menus 24.8 To 24.11
Enter the CI from the SMT by selecting menu 24.8. Access can be by Telnet or by a serial connection to the console port, although some commands are only available with a serial connection. See the included disk or zyxel.com for more detailed information on CI commands. Enter 8 from Menu 24 - System Maintenance.
Page 342: Command Usage
The budget management function allows you to set a limit on the total outgoing call time of the ZyXEL Device within certain times. When the total outgoing call time exceeds the limit, the current call will be dropped and any future outgoing calls will be blocked.
Page 343: Budget Management
P-793H User’s Guide 35.2.1 Budget Management Menu 24.9.1 shows the budget management statistics for outgoing calls. Enter 1 from Menu 24.9 - System Maintenance - Call Control to bring up the following menu. Not all fields are available on all models.
Page 344: Time And Date Setting
35.3 Time and Date Setting The ZyXEL Device’s Real Time Chip (RTC) keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your ZyXEL Device.
Page 345: Table 126 Menu 24.10: System Maintenance - Time And Date Setting
P-793H User’s Guide The following table describes the fields in this screen. Table 126 Menu 24.10: System Maintenance - Time and Date Setting FIELD DESCRIPTION Time Protocol Enter the time service protocol that your timeserver uses. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
Page 346: Remote Management
P-793H User’s Guide Table 126 Menu 24.10: System Maintenance - Time and Date Setting (continued) FIELD DESCRIPTION End Date (mm- Configure the day and time when Daylight Saving Time ends if you selected Yes in nth-week-hr) the Daylight Saving field. The hr field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October.
Page 347: Remote Management Limitations
LAN only, WAN only, ALL or Disable. Secured Client IP The default 0.0.0.0 allows any client to use this service to remotely manage the ZyXEL Device. Enter an IP address to restrict access to a client with a matching IP address.
Page 348 P-793H User’s Guide Chapter 35 Menus 24.8 to 24.11...
Page 349: Ip Routing Policy Setup
• Load Sharing – Network administrators can use IPPR to distribute traffic among multiple paths. • NAT - The ZyXEL Device performs NAT by default for traffic going to or from the ge1 interface. Routing policy’s SNAT allows network administrators to have traffic received on a specified interface use a specified IP address as the source IP address.
Page 350: Ip Routing Policy Setup
P-793H User’s Guide IPPR follows the existing packet filtering facility of RAS in style and in implementation. 36.4 IP Routing Policy Setup Use this menu to look at a summary of policy routes. To open this menu, enter 25 in the main menu.
Page 351: Figure 233 Menu 25.1: Ip Routing Policy Setup
P-793H User’s Guide Figure 233 Menu 25.1: IP Routing Policy Setup Menu 25.1 - IP Routing Policy Setup Criteria/Action - - ---------------------------------------------------------------------- 1 N SA=1.1.1.1-1.1.1.1 DA=2.2.2.2-2.2.2.5 SP=20-25 DP=20-25 P=6 T=NM PR=0 |GW=192.168.1.1 T=MT PR=0 2 N ______________________________________________________________________ ______________________________________________________________________ 3 N ______________________________________________________________________...
Page 352: Ip Routing Policy
P-793H User’s Guide Table 129 Menu 25: IP Routing Policy Setup, Abbreviations (continued) ABBREVIATION MEANING Maximum Throughput Maximum Reliability Minimum Cost 36.6 IP Routing Policy Use this menu to configure policy routes. To open this menu, select Edit and enter the appropriate rule number in menu 25.
Page 353: Ip Policy Routing Example
The gateway is an immediate neighbor of your ZyXEL Device and must be on the same subnet as the ZyXEL Device, if it is on the LAN, or the IP address of a remote node, if it is on the WAN. Enter 0.0.0.0 to specify the default gateway.
Page 354: Figure 235 Ip Routing Policy Example
P-793H User’s Guide Figure 235 IP Routing Policy Example To force Web packets coming from clients with IP addresses of 192.168.1.33 to 192.168.1.64 to be routed to the Internet via the WAN port of the ZyWALL, follow the steps as shown next.
Page 355: Figure 237 Ip Routing Policy Example 2
P-793H User’s Guide 4 Create another rule in menu 25.1 for this rule to route packets from any host (IP=0.0.0.0 means any host) with protocol TCP and port FTP access through another gateway (192.168.1.100). Figure 237 IP Routing Policy Example 2 Menu 25.1.1 - IP Routing Policy...
Page 356 P-793H User’s Guide Chapter 36 IP Routing Policy Setup...
Page 357: Chapter 37 Schedule Setup
37.2 Schedule Setup This menu is only applicable if your Internet connection uses PPPoE encapsulation. Use this menu to look at the schedule sets in the ZyXEL Device. To open this menu, enter 26 in the main menu. Figure 238 Menu 26: Schedule Setup...
Page 358: Schedule Set Setup
This menu is only applicable if your Internet connection uses PPPoE encapsulation. Use this menu to configure the schedule sets in the ZyXEL Device. To open this menu, enter the number of the schedule set in the Enter Schedule Set Number to Configure field, enter the name of the schedule set in the Edit Name field, and press [ENTER] in menu 26.
Page 359: Table 132 Menu 26.1: Schedule Set Setup
P-793H User’s Guide The following table describes the labels in this menu. Table 132 Menu 26.1: Schedule Set Setup FIELD DESCRIPTION Active Press [SPACE BAR] to select Yes or No. Choose Yes and press [ENTER] to activate the schedule set.
Page 360 P-793H User’s Guide Chapter 37 Schedule Setup...
Page 361: Chapter 38 Troubleshooting
Check for faulty Ethernet cables. Make sure your computer’s Ethernet Card is working properly. I cannot access Make sure that the IP address and the subnet mask of the ZyXEL Device and your the ZyXEL computer(s) are on the same subnet.
Page 362: Problems With The Wan
Password (be sure to use the correct casing). Refer to the WAN Setup chapter. I cannot access Make sure the ZyXEL Device is turned on and connected to the network. the Internet. Verify your WAN settings. Refer to the chapter on WAN setup.
Page 363: Problems Accessing The Zyxel Device
Your computer’s and the ZyXEL Device’s IP addresses must be on the same subnet for LAN access. If you changed the ZyXEL Device’s LAN IP address, then enter the new one as the URL. Check that pop-up windows, JavaScripts and Java permissions are allowed (See Appendix D on page 383).
Page 364 P-793H User’s Guide Chapter 38 Troubleshooting...
Page 365: Product Specifications
P-793H User’s Guide Appendix A Product Specifications Table 137 Device Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Pool 192.168.1.33 to 192.168.1.64 Dimensions (W x D x H) 180 x 128 x 36 mm...
Page 366: Unix Syslog
P-793H User’s Guide Table 138 Firmware (continued) ATM Support Multiple protocols over AAL5 (RFC1483) PPP over ATM (RFC 2364) PPP over Ethernet (RFC2516) ATM AAL5 supported Support 8 PVCs ATM Forum UNI3.0/4.0 PVC UBR CBR, and VBR traffic shaping Internet Access Sharing...
Page 367: Wall-Mounting Instructions
4 Make sure the screws are snugly fastened to the wall. They need to hold the weight of the ZyXEL Device with the connection cables. 5 Align the holes on the back of the ZyXEL Device with the screws on the wall. Hang the ZyXEL Device on the screws.
Page 368 P-793H User’s Guide Appendix B Wall-mounting Instructions...
Page 369: Setting Up Your Computer's Ip Address
P-793H User’s Guide Appendix C Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Page 370: Installing Components
P-793H User’s Guide Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 371: Figure 242 Windows 95/98/Me: Tcp/Ip Properties: Ip Address
P-793H User’s Guide Figure 242 Windows 95/98/Me: TCP/IP Properties: IP Address 3 Click the DNS Configuration tab. • If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in).
Page 372: Windows 2000/Nt/Xp
P-793H User’s Guide • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.
Page 373: Figure 245 Windows Xp: Control Panel
P-793H User’s Guide 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 245 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Figure 246 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties.
Page 374: Figure 247 Windows Xp: Local Area Connection Properties
P-793H User’s Guide Figure 247 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields.
Page 375: Figure 248 Windows Xp: Internet Protocol (Tcp/Ip) Properties
P-793H User’s Guide Figure 248 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 376: Figure 249 Windows Xp: Advanced Tcp/Ip Properties
P-793H User’s Guide Figure 249 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 377: Macintosh Os X
P-793H User’s Guide Figure 250 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
Page 378: Figure 251 Macintosh Os X: Apple Menu
P-793H User’s Guide Figure 251 Macintosh OS X: Apple Menu 2 Click Network in the icon bar. • Select Automatic from the Location list. • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list.
Page 379: Linux
P-793H User’s Guide 6 Restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window. Linux This section shows you how to configure your computer’s TCP/IP settings in Red Hat Linux 9.0. Procedure, screens and file location may vary depending on your Linux distribution and release version.
Page 380: Figure 254 Red Hat 9.0: Kde: Ethernet Device: General
P-793H User’s Guide Figure 254 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address, click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
Page 381: Figure 256 Red Hat 9.0: Kde: Network Configuration: Activate
P-793H User’s Guide Figure 256 Red Hat 9.0: KDE: Network Configuration: Activate 7 After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen. Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address.
Page 382: Figure 259 Red Hat 9.0: Dns Settings In Resolv.conf
P-793H User’s Guide 2 If you know your DNS server IP address(es), enter the DNS server information in the file in the directory. The following figure shows an example where resolv.conf /etc two DNS server IP addresses are specified. Figure 259 Red Hat 9.0: DNS Settings in resolv.conf nameserver 172.23.5.1...
Page 383: Pop-Up Windows, Javascripts And Java Permissions
P-793H User’s Guide P P E N D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default).
Page 384: Figure 263 Internet Options
P-793H User’s Guide Figure 263 Internet Options 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
Page 385: Figure 264 Internet Options
P-793H User’s Guide Figure 264 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites.
Page 386: Figure 266 Internet Options
P-793H User’s Guide 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab.
Page 387: Java Permissions
P-793H User’s Guide Figure 267 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
Page 388: Figure 268 Security Settings - Java
P-793H User’s Guide Figure 268 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window.
Page 389: Appendix E Services
7648 A popular videoconferencing solution from White Pines Software. TCP/UDP 24032 TCP/UDP Domain Name Server, a service that matches web names (e.g. www.zyxel.com) to IP numbers. User-Defined The IPSEC ESP (Encapsulation Security (IPSEC_TUNNEL) Protocol) tunneling protocol uses this service. FINGER...
Page 390 P-793H User’s Guide Table 139 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION HTTP Hyper Text Transfer Protocol - a client/ server protocol for the world wide web. HTTPS HTTPS is a secured http session often used in e-commerce. ICMP...
Page 391 P-793H User’s Guide Table 139 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION RCMD Remote Command Service. REAL_AUDIO 7070 A streaming audio service that enables real time sound over the web. REXEC Remote Execution Daemon. RLOGIN Remote Login. ROADRUNNER TCP/UDP...
Page 392 P-793H User’s Guide Table 139 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol).
Page 393: Ip Addresses And Subnetting
P-793H User’s Guide Appendix F IP Addresses and Subnetting This appendix introduces IP addresses, IP address classes and subnet masks. You use subnet masks to subdivide a network into smaller logical networks. Introduction to IP Addresses An IP address has two parts: the network number and the host ID. Routers use the network number to send packets to the correct network, while the host ID identifies a single device on the network.
Page 394: Table 140 Classes Of Ip Addresses
P-793H User’s Guide The following table shows the network number and host ID arrangement for classes A, B and Table 140 Classes of IP Addresses IP ADDRESS OCTET 1 OCTET 2 OCTET 3 OCTET 4 Class A Network number Host ID...
Page 395: Subnet Masks
P-793H User’s Guide Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP address is part of the network number.
Page 396: Example: Two Subnets
P-793H User’s Guide Table 143 Alternative Subnet Mask Notation (continued) SUBNET MASK SUBNET MASK “1” BITS LAST OCTET BIT VALUE 255.255.255.248 1111 1000 255.255.255.252 1111 1100 The first mask shown is the class “C” natural mask. Normally if no mask is specified it is understood that the natural mask is being used.
Page 397: Example: Four Subnets
P-793H User’s Guide Table 145 Subnet 1 (continued) LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 Table 146 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1.
Page 398: Table 148 Subnet 2
P-793H User’s Guide Table 147 Subnet 1 (continued) LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1 Broadcast Address: Highest Host ID: 192.168.1.62 192.168.1.63 Table 148 Subnet 2 LAST OCTET BIT...
Page 399: Example Eight Subnets
P-793H User’s Guide Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (000, 001, 010, 011, 100, 101, 110, 111). The following table shows class C IP address last octet values for each subnet. Table 151 Eight Subnets...
Page 400: Table 153 Class B Subnet Planning
P-793H User’s Guide The following table is a summary for class “B” subnet planning. Table 153 Class B Subnet Planning NO. “BORROWED” HOST NO. HOSTS PER SUBNET MASK NO. SUBNETS BITS SUBNET 255.255.128.0 (/17) 32766 255.255.192.0 (/18) 16382 255.255.224.0 (/19) 8190 255.255.240.0 (/20)
Page 401: Appendix G Command Interpreter
Command Interpreter The following describes how to use the command interpreter. You can use telnet to access the CLI (Command Line Interface) commands. See the included disk or zyxel.com for more detailed information on these commands. Note: Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable.
Page 402 P-793H User’s Guide Appendix G Command Interpreter...
Page 403: Appendix H Firewall Commands
P-793H User’s Guide Appendix H Firewall Commands The following describes the firewall commands. Table 154 Firewall Commands FUNCTION COMMAND DESCRIPTION Firewall SetUp This command turns the firewall on or off. config edit firewall active <yes | no> This command returns the previously saved config retrieve firewall firewall settings.
Page 404 This command sets the day on which the config edit firewall e-mail current firewall log is sent through e-mail if the day <sunday | monday | tuesday ZyXEL Device is set to send it on a weekly | wednesday | thursday | friday basis. | saturday>...
Page 405 This command sets the threshold of half-open config edit firewall attack TCP sessions with the same destination tcp-max-incomplete <0-255> where the ZyXEL Device starts dropping half- open sessions to that destination. Sets This command sets a name to identify a config edit firewall set <set...
Page 406 ZyXEL Device check for traffic with this #> rule <rule #> srcaddr- individual source address. single <ip address> This command sets a rule to have the ZyXEL config edit firewall set <set Device check for traffic from a particular #> rule <rule #> srcaddr- subnet (defined by IP address and subnet subnet <ip address>...
Page 407 Table 154 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION This command sets a rule to have the ZyXEL config edit firewall set <set Device check for traffic with a particular #> rule <rule #> destaddr- subnet destination (defined by IP address and subnet <ip address>...
Page 408 P-793H User’s Guide Appendix H Firewall Commands...
Page 409: Netbios Filter Commands
• Allow or disallow NetBIOS packets to initiate calls. Display NetBIOS Filter Settings Syntax: sys filter netbios disp This command gives a read-only list of the current NetBIOS filter modes for The ZyXEL Device. NetBIOS Display Filter Settings Command Example =========== NetBIOS Filter Status ===========...
Page 410: Netbios Filter Configuration
P-793H User’s Guide The filter types and their default settings are as follows. Table 155 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE Between LAN This field displays whether NetBIOS packets are blocked or forwarded Block and WAN between the LAN and the WAN.
Page 411: Appendix J Log Descriptions
P-793H User’s Guide Appendix J Log Descriptions This appendix provides descriptions of example log messages. Table 156 System Maintenance Logs LOG MESSAGE DESCRIPTION The router has adjusted its time based on information from the Time calibration is time server. successful The router failed to get information from the time server.
Page 412: Table 157 System Error Logs
P-793H User’s Guide Table 156 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION Someone has logged on to the router's web configurator Successful HTTPS login interface using HTTPS protocol. Someone has failed to log on to the router's web configurator HTTPS login failed interface using HTTPS protocol.
Page 413: Table 159 Tcp Reset Logs
P-793H User’s Guide Table 159 TCP Reset Logs LOG MESSAGE DESCRIPTION The router sent a TCP reset packet when a host was under a SYN Under SYN flood attack, flood attack (the TCP incomplete count is per destination host.) sent TCP RST...
Page 414: Table 161 Icmp Logs
P-793H User’s Guide Table 161 ICMP Logs LOG MESSAGE DESCRIPTION ICMP access matched the default policy and was blocked Firewall default policy: ICMP or forwarded according to the user's setting. For type and <Packet Direction>, <type:%d>, code details, see Table 173 on page 423.
Page 415: Table 164 Upnp Logs
The ZyXEL Device cannot get the IP address of the external content DNS resolving failed filtering via DNS query. Creating socket failed The ZyXEL Device cannot issue a query because TCP/IP socket creation failed, port:port number. Appendix J Log Descriptions...
Page 416: Table 166 Attack Logs
P-793H User’s Guide Table 165 Content Filtering Logs (continued) LOG MESSAGE DESCRIPTION The connection to the external content filtering server failed. Connecting to content filter server fail License key is invalid The external content filtering license key is invalid. Table 166 Attack Logs...
Page 417: Table 167 Ipsec Logs
P-793H User’s Guide Table 167 IPSec Logs LOG MESSAGE DESCRIPTION The router received and discarded a packet with an incorrect Discard REPLAY packet sequence number. The router received a packet that has been altered. A third party may Inbound packet have altered or tampered with the packet.
Page 418 P-793H User’s Guide Table 168 IKE Logs (continued) LOG MESSAGE DESCRIPTION The router couldn’t resolve the IP address from the domain Cannot resolve Secure Gateway name that was used for the secure gateway address. Addr for rule <%d> The displayed ID information did not match between the two Peer ID: <peer id>...
Page 419 P-793H User’s Guide Table 168 IKE Logs (continued) LOG MESSAGE DESCRIPTION The router was not able to use extended authentication to XAUTH fail! Username: authenticate the listed username. <Username> The listed rule’s IKE phase 1 negotiation mode did not match Rule[%d] Phase 1 negotiation between the router and the peer.
Page 420: Table 169 Pki Logs
P-793H User’s Guide Table 168 IKE Logs (continued) LOG MESSAGE DESCRIPTION The listed rule’s IKE phase 2 did not match between the router Rule [%d] phase 2 mismatch and the peer. The listed rule’s IKE phase 2 key lengths (with the AES...
Page 421: Table 170 Certificate Path Verification Failure Reason Codes
P-793H User’s Guide Table 169 PKI Logs (continued) LOG MESSAGE DESCRIPTION The router received directory data that was too large (the size is listed) Rcvd data <size> too from the LDAP server whose address and port are recorded in the large! Max size Source field.
Page 422: Table 171 802.1X Logs
P-793H User’s Guide Table 170 Certificate Path Verification Failure Reason Codes (continued) CODE DESCRIPTION Database method failed. Path was not verified. Maximum path length reached. Table 171 802.1X Logs LOG MESSAGE DESCRIPTION A user was authenticated by the local user database.
Page 423: Table 172 Acl Setting Notes
P-793H User’s Guide Table 172 ACL Setting Notes PACKET DIRECTION DIRECTION DESCRIPTION (L to W) LAN to WAN ACL set for packets traveling from the LAN to the WAN. (W to L) WAN to LAN ACL set for packets traveling from the WAN to the LAN.
Page 424: Table 174 Syslog Logs
P-793H User’s Guide Table 173 ICMP Notes (continued) TYPE CODE DESCRIPTION Timestamp request message Timestamp Reply Timestamp reply message Information Request Information request message Information Reply Information reply message Table 174 Syslog Logs LOG MESSAGE DESCRIPTION "This message is sent by the system ("RAS" displays as the <Facility*8 + Severity>Mon dd...
Page 425: Log Commands
5 Step 5.Use the sys logs save command to store the settings in the ZyXEL Device (you must do this in order to record logs). Displaying Logs • Use the sys logs display command to show all of the logs in the ZyXEL Device’s log. Appendix J Log Descriptions...
Page 426: Log Command Example
• Use the sys logs clear command to erase all of the ZyXEL Device’s logs. Log Command Example This example shows how to set the ZyXEL Device to record the access logs and alerts and then view the results. ras> sys logs load ras>...
Page 427: Index
P-793H User’s Guide Index Change Password screen Command Interpreter (CI) command syntax active protocol command usage configuration file and encapsulation back up 239, 328 back up using FTP address mapping backing up using console port backing up using TFTP and transport mode...
Page 428 P-793H User’s Guide brute-force 122, 123 structure IP spoofing TCP/IP filter rule firewall ping of death and filter set SYN flood and IP alias teardrop and remote management threshold. See DoS threshold. anti-probing types of application-level using ICMP direction using illegal NetBIOS commands...
Page 429 P-793H User’s Guide negotiation mode peer identity pre-shared key proposal and WAN IKE SA. See also VPN. LAN ports, communication between Internet Control Message Protocol. See ICMP. LEDs Internet Group Multicast Protocol. See IGMP. LLC (multiplexing) Internet Protocol Security. See IPSec.
Page 430 TR-069 client conditions remote node encapsulation and filter set procedure RESET button roles for the ZyXEL Device in reset to factory defaults 54, 239 server restart Point-to-Point Protocol over ATM Adaptation Layer 5. See PPPoA. RFC 1112. See IGMP. Point-to-Point Protocol over Ethernet. See PPPoE.
Page 431 P-793H User’s Guide traffic shaping Maximum Burst Size (MBS) Peak Cell Rate (PCR) safety warnings Sustained Cell Rate (SCR) schedule set triangle route Select Mode screen and IP alias and traffic redirect Simple Network Management Protocol. See SNMP. Single User Account. See SUA.
Page 432 P-793H User’s Guide remote management www.dyndns.org Index...

ZyXEL Communications P-793H User Manual

Table of Contents

Chapter 1 Getting to Know Your Zyxel Device

Chapter 2 Introducing the Web Configurator

Chapter 3 Wizards

Chapter 4 Point-To-Point Configuration

Chapter 5 WAN Setup

Chapter 6 LAN Setup

Chapter 7 Network Address Translation (NAT) Screens

Chapter 8 Firewalls

Chapter 9 Firewall Configuration

Chapter 10 Content Filtering

Chapter 11 Ipsec VPN

Chapter 12 Static Route

Chapter 13 Bandwidth Management

Chapter 14 Dynamic DNS Setup

Chapter 15 Remote Management Configuration

Chapter 16 Universal Plug-And-Play (Upnp)

Chapter 17 System

Chapter 18 Logs

Chapter 19 Tools

Chapter 20 Diagnostic

Chapter 21 Introducing the SMT

Quick Links

Chapters

Troubleshooting

Related Manuals for ZyXEL Communications P-793H

Summary of Contents for ZyXEL Communications P-793H