Page 1 Vantage CNM 2.0 Centralized Network Management User’s Guide Version 2.0.00.81.10 2.0.00.61.10 July 2004...
Page 2: Copyright
316. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice.
Page 3: Zyxel Limited Warranty
(90) days from the date of receipt, and (b) any Support Services provided by ZyXEL shall be substantially as described in applicable written materials provided to you by ZyXEL, and ZyXEL support engineers will make commercially reasonable efforts to solve any problem issues.
Page 4: Customer Support
ZyXEL Deutschland GmbH. Adenauerstr. 20/A2 D-52146 GERMANY sales@zyxel.de +49-2405-6909-99 Wuerselen Germany info@zyxel.fr +33 (0)4 72 52 97 97 www.zyxel.fr ZyXEL France 1 rue des Vergers +33 (0)4 72 52 19 20 FRANCE Bat. 1 / C 69760 Limonest France support@zyxel.es +34 902 195 420 www.zyxel.es...
Page 5: Table Of Contents
Vantage CNM 2.0 User’s Guide Table of Contents Copyright ........................2 ZyXEL Limited Warranty..................3 Customer Support....................4 List of Tables ......................24 Preface ........................28 Introducing Vantage Centralized Network Management (CNM) 2.0 .......28 Chapter 1 Introducing Vantage....................30 1.1 Key Features ......................30 1.1.1 Object Tree View ..................30...
Page 6 3.3 Device Registration ....................46 3.3.1 Manual Option ..................48 3.3.1.1 Configuring ZyXEL Device using Commands .........48 3.3.1.2 Configuring ZyXEL Device using Web Configurator .......48 3.3.2 Import From an XML Registration File ............49 3.3.2.1 Basic XML Syntax ................50 3.3.2.2 Minimum Mandatory Device Settings ..........51 3.4 Device –...
Page 7 Vantage CNM 2.0 User’s Guide 4.2.2 DDNS ......................64 4.2.3 Time Setting ....................66 4.2.4 Owner Info ....................67 Chapter 5 Configuration > LAN ....................70 5.1 LAN Overview ....................70 5.2 DHCP Setup .......................70 5.2.1 IP Pool Setup ....................70 5.2.2 DNS Servers .....................70 5.2.3 LAN TCP/IP ....................70...
Page 8 Vantage CNM 2.0 User’s Guide Chapter 7 Configuration > DMZ ....................96 7.1 DMZ Overview ....................96 7.2 DMZ Addresses ....................96 7.3 Configuring DMZ ....................96 Chapter 8 Configuration > WAN ................... 100 8.1 General WAN – ZyWALL .................100 8.1.1 TCP/IP Priority (Metric) ................100 8.1.2 WAN ISP –...
Page 9 Vantage CNM 2.0 User’s Guide 9.3.3 Configuring SUA Servers – Prestige ............136 9.3.4 Full Feature Address Mapping ..............137 9.3.5 Edit Full Feature Address Mapping ............138 9.4 Trigger Port Forwarding – ZyWALL ..............139 9.4.1 Configuring Trigger Port .................140 9.4.2 Edit Trigger Port ..................142 Chapter 10 Configuration >...
Page 10 12.3.2 Basics ....................168 12.3.3 Types of DoS Attacks ................168 12.4 Stateful Inspection ..................170 12.4.1 Stateful Inspection Process ..............171 12.4.2 Stateful Inspection and the ZyXEL device ..........172 12.4.3 TCP Security ..................172 12.4.4 UDP/ICMP Security ................173 12.4.5 Upper Layer Protocols ................173 12.4.6 Firewall Policies Overview ..............173 12.4.7 Rule Checklist ..................175...
Page 11 Vantage CNM 2.0 User’s Guide Chapter 14 Configuration > ADSL Monitor................192 14.1 Introduction ....................192 14.2 Configuring ADSL Monitor ................192 Chapter 15 Configuration > Device Alarms................194 15.1 Device Alarms ....................194 15.1.1 Alarm Classifications ................194 15.1.2 Alarm States ..................194 15.1.3 Current Alarms Screen .................195 15.1.4 Historical Alarms Screen ..............196...
Page 12 Vantage CNM 2.0 User’s Guide Chapter 18 Other System Screens ..................214 18.1 Status ......................214 18.2 Vantage Upgrade ...................215 18.2.1 Upgrade Procedure ................215 18.2.2 Version Format ..................217 18.3 License Management ..................218 18.3.1 License Upgrade ...................218 18.4 System >Preferences ..................219 18.4.1 General Vantage Preferences ..............219 18.4.2 User Access ..................220...
Page 13 Vantage CNM 2.0 User’s Guide Chapter 20 Other Monitor Screens ..................246 20.1 Firmware Upgrade Report ................246 20.2 Status Monitor ....................246 20.3 VPN Editor .....................247 20.3.1 Graphical VPN Tunnel Creation ............247 20.3.2 Graphical Tunnel Depictions ..............249 20.3.3 Map .......................250 Appendix A FTP Server (WFTPD) Setup Example ..............
Page 14 Vantage CNM 2.0 User’s Guide Setting up Your Computer’s IP Address............278 Windows 95/98/Me....................278 Installing Components.................... 279 Configuring......................280 Verifying Settings ....................281 Windows 2000/NT/XP .................... 281 Verifying Settings ....................285 Macintosh OS 8/9....................285 Verifying Settings ....................287 Macintosh OS X .....................
Page 15 Vantage CNM 2.0 User’s Guide Introduction ......................300 Appendix L Open Software Announcements................. 316 Notice ........................316 Copyright (C) 1999-2001 Intalio, Inc. All Rights Reserved........316 Common Public License Version 1.0 ..............317 Cryptix General License ..................321 TECHNOLOGY LICENSE FROM SUN MICROSYSTEMS, INC. TO DOUG LEA. 322 JAVA Software Technologies..................
Page 16 Vantage CNM 2.0 User’s Guide List of Figures Figure 1 Main Screen ..................... 34 Figure 2 Object Tree View Types ................... 35 Figure 3 Details Screen ....................35 Figure 4 Folder Right-Click Options ................36 Figure 5 Add Devices ..................... 36 Figure 6 Associate Administrators .................
Page 17 Vantage CNM 2.0 User’s Guide Figure 37 Configuration > LAN > IP – ZyWALL ............... 73 Figure 38 Configuration > LAN > IP – Prestige ..............76 Figure 39 Configuration > LAN > Static DHCP – ZyWALL ..........78 Figure 40 Configuration >...
Page 18 Vantage CNM 2.0 User’s Guide Figure 80 Configuration >Firewall > IP Address .............. 183 Figure 81 Firewall Custom Port ..................184 Figure 82 Configuration > Device Log > Device .............. 186 Figure 83 Configuration > Device Logs > Log Settings ........... 188 Figure 84 Purge Device Logs ..................
Page 19 Vantage CNM 2.0 User’s Guide Figure 123 System > Maintenance > Restore ..............230 Figure 124 System > Address Book .................. 231 Figure 125 System > Address Book Add/Edit ..............232 Figure 126 System > Certificate Management > Information ..........234 Figure 127 System >...
Page 20 Vantage CNM 2.0 User’s Guide Figure 166 WIndows 95/98/Me: Network: Configuration ........... 279 Figure 167 Windows 95/98/Me: TCP/IP Properties: IP Address ........280 Figure 168 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ......281 Figure 169 Windows XP: Start Menu ................. 282 Figure 170 Windows XP: Control Panel ................
Page 21: List Of Tables
Vantage CNM 2.0 User’s Guide List of Tables Table 1 Menus Overview ....................39 Table 2 Object Tree Icons .................... 40 Table 3 Pop-up Menus Icons ..................41 Table 4 Content Pane Icons ..................41 Table 5 VPN Editor Icons ..................... 42 Table 6 Device >...
Page 22 Vantage CNM 2.0 User’s Guide Table 39 Advanced WAN Backup – Prestige ..............126 Table 40 NAT Definitions ....................130 Table 41 NAT Mapping Types ..................132 Table 42 Configuration > NAT ..................133 Table 43 Services and Port Numbers ................134 Table 44 Configuration >...
Page 23 Vantage CNM 2.0 User’s Guide Table 82 Building Block > Configuration BB > Add ............202 Table 83 Building Block > Configuration BB > Edit ............204 Table 84 Building Block > Component BB ..............204 Table 85 Building Block > Component > Add ..............205 Table 86 Building Block >...
Page 24 Vantage CNM 2.0 User’s Guide Table 125 Subnet 2 ......................274 Table 126 Subnet 3 ......................274 Table 127 Subnet 4 ......................275 Table 128 Eight Subnets ....................275 Table 129 Class C Subnet Planning ................. 275 Table 130 Class B Subnet Planning ................. 276 Table 131 Comparison of EAP Authentication Types ............
Page 25: Preface
North American products. About This User's Guide This manual is designed to guide you through the configuration of your Vantage CNM 2.0 for its various applications. Related Documentation • Supporting Disk Refer to the included CD for support documents.
Page 26 Vantage CNM 2.0 User’s Guide Syntax Conventions • This manual may refer to Vantage Centralized Network Management 2.0 simply as Vantage CNM or Vantage. • The version number on the title page is the Vantage version that is documented in this User’s Guide.
Page 27: Introducing Vantage
This chapter introduces Vantage key features and Vantage requirements. 1.1 Key Features The following are the key features of Vantage CNM 2.0. 1.1.1 Object Tree View The object tree has three defined views letting you view the devices directly as you configure them. The views are Account (arranged by customer name), Type (arranged by device type) and Main View up to seven layers deep.
Page 28: Firewall
Vantage CNM 2.0 User’s Guide 1.1.7 Firewall Create consistent device firewall policies by reusing successful configurations in other ZyXEL devices. Ensure consistency and compliance with all security policies as well as constantly monitor all devices and act immediately if things go wrong.
Page 29: Vantage Requirements And Installation
Vantage CNM 2.0 User’s Guide 1.2 Vantage Requirements and Installation For Vantage setup requirements, access and installation, see the Quick Start Guide. Chapter 1 Introducing Vantage...
Page 30 Vantage CNM 2.0 User’s Guide Chapter 1 Introducing Vantage...
Page 31: Chapter 2 Gui Introduction
H A P T E R GUI Introduction 2.1 Overview The following figure displays an overiew of the Vantage CNM 2.0 graphical user interface. Figure 1 Main Screen Main Menu Components The main screen consists of two non-resizable panes; the object pane and the content pane.
Page 32: Object Tree View Types
Vantage CNM 2.0 User’s Guide 2.2 Object Tree View Types The View list box contains three default views called (device) TypeView, AccountView and MainView. You can also create custom views. Figure 2 Object Tree View Types • In the MainView, you may create group folders and account folders up to seven layers deep and add devices to each layer correspondingly.
Page 33: Figure 4 Folder Right-Click Options
Vantage CNM 2.0 User’s Guide Folder right-click options are (in MainView only): Figure 4 Folder Right-Click Options 1 Add device. Displays an Add devices screen from which you can select devices not yet mapped to another folder. Figure 5 Add Devices 2 Delete.
Page 34: Figure 6 Associate Administrators
Vantage CNM 2.0 User’s Guide Figure 6 Associate Administrators An administrator icon appears on the folder when you associate an administrator with a folder. To disassociate the administrator from this folder, right-click to select the icon and UnAssociate. Figure 7 Associated Administrator Right-Click Options 4 Add folder.
Page 35: Devices
Vantage CNM 2.0 User’s Guide Figure 9 Account Folder Alarm Right-Click Options 2.5 Devices Right-click a device options are: Figure 10 Device Right-Click Options • Unmap. The device disappears from the tree and goes to the available pool screen from which you can map.
Page 36: Procedure For Configuring A Device
Vantage CNM 2.0 User’s Guide • Some menus are not accessible because administrators do not have permission. • Vantage can remember device and configuration menus. If for example, you select device A, then select DMZ in the Configuration File menu and then change to device B. The configuration DMZ will appear for device B.
Page 37: Context-Sensitive Menus
If you do not want to see Java Applet Window in context-sensitive menus, then do the following: 1 On the Vantage CNM server, go to Vantage CNM 2.0 installation directory\utilities (the default installation path is C:\Program Files\ZyXEL\Vantage CNM 2.0\utilities) and copy the java.policy file.
Page 38: Table 3 Pop-Up Menus Icons
Vantage CNM 2.0 User’s Guide Table 2 Object Tree Icons (continued) ICON DESCRIPTION This is a ZyWALL device that has firmware uploading. This is a ZyWALL device that has an alarm that is turned on. This is a ZyWALL device turned off with an alarm and will have a firmware upload.
Page 39: Table 5 Vpn Editor Icons
Vantage CNM 2.0 User’s Guide Table 4 Content Pane Icons (continued) ICON DESCRIPTION Click to Cancel the configuration and return to the previous page. Click Retrieve to get the logs from a device. Click this icon to choose from an existing BB.
Page 40 Vantage CNM 2.0 User’s Guide Chapter 2 GUI Introduction...
Page 41: Chapter 3 Device Menus
Vantage CNM 2.0 User’s Guide H A P T E R Device Menus 3.1 Device Menus Overview The Device menus allow you to register your device, synchronize devices, and manage firmware and configuration files. 3.1.1 Device Main Screen Device Status is the default first screen you see; the default folder in the Object pane is “root”.
Page 42: Figure 12 Device > Status > Main Screen
This field displays the IP address of the ZyXEL device. Status This field displays the operating status of the ZyXEL device. Off indicates the ZyXEL device is not currently connected to the network. On indicates the ZyXEL device is connected to the network.
Page 43: Device Status
This field displays the IP address of the ZyXEL device. Status This field displays the operating status of the ZyXEL device. Off indicates the ZyXEL device is not currently connected to the network. On indicates the ZyXEL device is connected to the network.
Page 44: Figure 14 Device > Registration Wizard > Account Association
• Import from an XML batch registration file: choose this option if you want to input a batch of devices in one go. Go to the XML folder within the Vantage CNM Installation directory (C:\Program Files\ZyXEL\Vantage CNM 2.0\xml by default). Choose the 4- devices or 100-ZyWALL10W templates and modify accordingly.
Page 45: Manual Option
Encryption Mode None 3DES 3 To set the encryption key on the ZyXEL device, type 'CNM encrykey xxxxxxxxx' where ‘xxxxxxxxx’ is the alphanumeric encryption key (“0” to “9”, “a” to “z” or “A” to “Z”) in the Vantage server. 3.3.1.2 Configuring ZyXEL Device using Web Configurator...
Page 46: Import From An Xml Registration File
Click Finish to go to the Device Registration Finished screen. 3.3.2 Import From an XML Registration File Use this method when you want to register multiple ZyXEL devices at one time. The file should be in XML format containing the fields shown in the manual registration screen for each device.
Page 47: Basic Xml Syntax
Vantage CNM 2.0 User’s Guide Make sure the XML syntax is correct, as there are no validation checks in Vantage. Although you may be allowed to import an XML file with incorrect syntax into Vantage, device management via Vantage may be abnormal.
Page 48: Minimum Mandatory Device Settings
Note: For more detailed information on creating XML files for Vantage, please see the “Import Device Using XML Reference Manual” at the ZyXEL web site download library. After you have completed the XML file, click Browse to locate it in the next screen and then click Next.
Page 49: Device - Vantage Data Inconsistency: Synchronize
Vantage CNM 2.0 User’s Guide Figure 18 Registration Wizard: Configuration File The next screen displays all devices available in the XML file that can be imported.Select the individual devices that you wish to import or select Select All to import all devices that are displayed in this screen.
Page 50: Vantage - Device Override Criteria
Management Use the Firmware Management screen to download ZyXEL device firmware from the ZyXEL FTP site to Vantage. After you download it to Vantage, you can then upload it from Vantage to the target devices. All firmware is downloaded to one repository within Vantage. There is no domain-specific repository within Vantage for firmware downloads.
Page 51: Add Firmware Screen
This field displays the administrator who downloaded this firmware file to Vantage. ZyXEL Download Click this hyperlink to go to the ZyXEL Website and download firmware to your Website computer. Firmware is uploaded to your device in the following manner...
Page 52: Firmware Upgrade Select Product Line And Mode
Vantage CNM 2.0 User’s Guide Click Add in the screen shown in the previous figure to display the next screen. Type the file name and path or browse to where you saved the file. You may create a firmware alias for the selected zip in this screen.
Page 53: Firmware Upgrade Process
Vantage CNM 2.0 User’s Guide Figure 26 Firmware Upgrade > Select Product Line and Model 3.5.3 Firmware Upgrade Process 1 Select Firmware by picking a node. 2 Select the candidate devices (of that model type for the node selected). 3 Click Upgrade to begin the device upgrade process Figure 27 Device >...
Page 54: Configuration File Management
Vantage CNM 2.0 User’s Guide You can create your own configuration file alias in Vantage. This may make it easier to distinguish multiple configuration files for the same device. 3.5.6 Configuration File Management Use this screen to view and delete configuration files uploaded to Vantage. You can view the configuration file name, a description of it, the date it was backed up and which administrator backed it up.
Page 55: Configuration File Restore
Vantage CNM 2.0 User’s Guide Figure 29 Device > Configuration File > Back Up The following table describes the fields in this screen Table 11 Device > Configuration File > Back Up TYPE DESCRIPTION Destination Select the radio button to give the download destination to Vantage.
Page 56: Figure 30 Device > Configuration File > Restore
Vantage CNM 2.0 User’s Guide Figure 30 Device > Configuration File > Restore Table 12 Device > Configuration File > Restore TYPE DESCRIPTION Resource From Server Select this radio button to upload a configuration file From Vantage. File Path and Name Select a file from the drop-down list box.
Page 57: Configuration > Select Device Bb & General
These screens will vary depending on which model you’re configuring. When you click a configuration menu, the screen shows the current device configuration. If you’re unfamiliar with ZyXEL device configurations, please consult your device User’s Guide. Configuration > General can be saved as one Configuration BB.
Page 58: Figure 31 Zywall 10W Device Bb
Vantage CNM 2.0 User’s Guide Figure 31 ZyWALL 10W Device BB Figure 32 ZyWALL 70/35/5 Device BB Chapter 4 Configuration > Select Device BB & General...
Page 59: Procedure To Select And Apply A Device Bb
Vantage CNM 2.0 User’s Guide This Select Device BB screen allows you to select a device’s device BB and apply it to another device of the same type. Note: You can only apply a device BB to another device of the same type.
Page 60: System
Enter the password used to access the device. MAC (Hex) This field displays the LAN MAC address of the ZyXEL device. Vantage uses the MAC address to identify the ZyXEL device. This is entered when you manually register the ZyXEL device.
Page 61: Ddns
'CNM encrykey xxxxxxxxx' where ‘xxxxxxxxx’ is the hexadecimal secret key number you used in the Vantage server. System Name Enter a unique name here for the ZyXEL device for identification purposes. The device name cannot exceed 31 characters. Domain Name The Domain Name entry is what is propagated to the DHCP clients on the LAN side of the target device.
Page 62: Figure 34 Configuration > General > Ddns
Vantage CNM 2.0 User’s Guide Figure 34 Configuration > General > DDNS The following table describes the fields in this screen Table 14 Configuration > General > DDNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider.
Page 63: Time Setting
Vantage CNM 2.0 User’s Guide Table 14 Configuration > General > DDNS (continued) LABEL DESCRIPTION IP Address Enter the IP address if you select the User Specify option. E-Mail (Prestige Only) Type the e-mail address here or select from a previously created e-mail component BB.
Page 64: Owner Info
Vantage CNM 2.0 User’s Guide Table 15 Configuration > General > Time Setting (continued) LABEL DESCRIPTION Daylight Savings Select this option if you use daylight savings time. Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.
Page 65 Vantage CNM 2.0 User’s Guide Table 16 Configuration > General > Owner Info (continued) TYPE DESCRIPTION Contact Address Type the complete customer mailing address here. Address 1, 2 Type the customer’s building number, street and city zone (if applicable) here.
Page 66 Vantage CNM 2.0 User’s Guide Chapter 4 Configuration > Select Device BB & General...
Page 67: Chapter 5 Configuration > Lan
TCP/IP configuration at start-up from a server. You can configure the ZyXEL device as a DHCP server or disable it. When configured as a server, the ZyXEL device provides the IP configuration for the clients. If set to None, DHCP service will be disabled and you must have another DHCP server on your LAN, or else the computer must be manually configured.
Page 68: Ip Address And Subnet Mask
RIP Direction controls the sending and receiving of RIP packets. When set to Both or Out Only, the ZyXEL device will broadcast its routing table periodically. When set to Both or In Only, it will incorporate the RIP information that it receives;...
Page 69: Configuring Lan Ip - Zywall
The ZyXEL device supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP- v2). At start up, the ZyXEL device queries all directly connected networks to gather group membership. After that, the ZyXEL device periodically updates this information. IP multicasting can be enabled/disabled on the ZyXEL device LAN and/or WAN interfaces in the web configurator (LAN;...
Page 70: Figure 37 Configuration > Lan > Ip - Zywall
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (computers) to obtain TCP/IP configuration at startup from a server. When configured as a server, the ZyXEL device provides TCP/IP configuration for the clients. If not, DHCP service is disabled and you must have another DHCP server on your LAN, or else the computer must be manually configured.
Page 71 LAN IP address displays in the field to the right (read-only). The ZyXEL device tells the DHCP clients on the LAN that the ZyXEL device itself is the DNS server. When a computer on the LAN sends a DNS query to the ZyXEL device, the ZyXEL device forwards the query to the ZyXEL device’s system DNS server...
Page 72: Configuring Lan Ip - Prestige
Allow From LAN to Select this option to forward NetBIOS packets from the LAN port to the WAN port. Apply Click Apply to save your changes back to the ZyXEL device. Reset Click Reset to begin configuring this screen afresh.
Page 73: Figure 38 Configuration > Lan > Ip - Prestige
Select Relay to have the ZyXEL device act as a DNS proxy. The ZyXEL device tells the DHCP clients on the LAN that the ZyXEL device itself is the DNS server. When a computer on the LAN sends a DNS query to the ZyXEL device, the ZyXEL device forwards the query to the ZyXEL device’s system DNS server and...
Page 74: Configuring Lan Static Dhcp - Zywall
Table 18 Configuration > LAN > IP – Prestige (continued) LABEL DESCRIPTION IP Address Type the IP address of the ZyXEL device in dotted decimal notation. 192.168.1.1 is the factory default. IP Subnet Mask The subnet mask specifies the network number portion of an IP address. The ZyXEL device automatically calculates the subnet mask based on the IP address that you assign.
Page 75: Configuring Lan Ip Alias - Zywall
IP Alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The ZyXEL device lets you configure logical LAN interfaces via its single physical Ethernet interface with the device itself being the gateway for each LAN network.
Page 76: Figure 40 Configuration > Lan > Ip Alias
Table 20 Configuration > LAN > IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network for the ZyXEL device. IP Address Enter the IP address of the ZyXEL device in dotted decimal notation. IP Subnet Mask The ZyXEL device automatically calculates the subnet mask based how many aliases you select.
Page 77 Vantage CNM 2.0 User’s Guide Table 20 Configuration > LAN > IP Alias (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL device. Reset Click Reset to begin configuring this screen afresh. Chapter 5 Configuration > LAN...
Page 78 Vantage CNM 2.0 User’s Guide Chapter 5 Configuration > LAN...
Page 79: Chapter 6 Configuration > Wlan
Vantage CNM 2.0 User’s Guide H A P T E R Configuration > WLAN This chapter shows the wireless LAN screens. 6.1 Wireless LAN Overview This section introduces the wireless LAN (WLAN) and some basic scenarios. 6.1.1 Additional Installation Requirements for using 802.1x •...
Page 80: Rts/Cts
Wireless stations (WS) A and B do not hear each other. They can hear the AP. When station A sends data to the ZyXEL device, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 81: Fragmentation Threshold
6.2.4 Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the ZyXEL device will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.
Page 82: Wlan Wireless
Vantage CNM 2.0 User’s Guide 6.3.1 WLAN Wireless Figure 42 Configuration > WLAN > Wireless The following table describes the fields in this screen Table 21 Configuration > WLAN > Wireless LABEL DESCRIPTION Enable The wireless LAN is turned off by default; before you enable the wireless LAN you Wireless LAN should configure some security by setting MAC filters and/or 802.1x security;...
Page 83: Configuring Mac Filter
Click Reset to begin configuring this screen afresh. 6.4 Configuring MAC Filter The MAC filter screen allows you to configure the ZyXEL device to give exclusive access to specific devices (Allow Association) or exclude specific devices from accessing the ZyXEL device (Deny Association).
Page 84: Overview
The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management. Authentication can be done using the local user database internal to the ZyXEL device or an external RADIUS server for an unlimited number of users.
Page 85: Configuring 802.1X - Zywall
This field is activated only when you select Authentication Required in the Authentication Type field. Apply Click Apply to save your changes back to the ZyXEL device. Reset Click Reset to begin configuring this screen afresh. 6.5.2 Configuring 802.1x – Prestige Select a Prestige device and then click Configuration >...
Page 86: Figure 45 Configuration > Wlan > 802.1X - Prestige
Vantage CNM 2.0 User’s Guide Figure 45 Configuration > WLAN > 802.1x – Prestige The following table describes the fields in this screen Table 24 Configuration > WLAN > 802.1x – Prestige LABEL DESCRIPTION Authentication Select Authentication Required to authenticate all wireless clients before they Control.
Page 87: Local User Database
Click Reset to begin configuring this screen afresh. 6.6 Local User Database By storing user profiles locally on the ZyXEL device, the ZyXEL device is able to authenticate VPN extended authentication clients or wireless clients without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way.
Page 88: Radius
Enter a password up to 31 characters long for this user profile. Next Select Next to view the next page of Local User Database entries. Apply Click Apply to save your changes back to the ZyXEL device. Reset Click Reset to begin configuring this screen afresh. 6.6.2 RADIUS RADIUS is based on a client-sever model that supports authentication and accounting, where access point is the client and the server is the RADIUS server.
Page 89: Types Of Radius Messages
Vantage CNM 2.0 User’s Guide Keeps track of the client’s network activity. RADIUS user is a simple package exchange in which the ZyXEL device acts as a message relay between the wireless client and the network RADIUS server. 6.6.2.1 Types of RADIUS Messages...
Page 90: Configuring Radius
Appendices. • The wireless station sends a “start” message to the ZyXEL device. • The ZyXEL device sends a “request identity” message to the wireless station for identity information. • The wireless station replies with identity information, including username and password.
Page 91: Figure 47 Configuration > Wlan > Radius
Disable this feature if you will not use an external authentication server. If you disable this feature, you can still set the ZyXEL device to perform user authentication using the local user database. Server IP Enter the IP address of the external authentication server in dotted decimal notation.
Page 92 The key is not sent over the network. This key must be the same on the external accounting server and ZyXEL device. Apply Click Apply to save your changes back to the ZyXEL device. Reset Click Reset to begin configuring this screen afresh.
Page 93: Chapter 7 Configuration > Dmz
Vantage CNM 2.0 User’s Guide H A P T E R Configuration > DMZ 7.1 DMZ Overview The DeMilitarized Zone (DMZ) auto-negotiating 10/100 Mbps Ethernet port provides a way for public servers (Web, e-mail, FTP, etc.) to be visible to the outside world (while still being protected from DoS (Denial of Service) attacks such as SYN flooding and Ping of Death).
Page 94: Figure 48 Configuration > Dmz
Vantage CNM 2.0 User’s Guide Figure 48 Configuration > DMZ The following table describes the labels in this screen. Table 27 Configuration > DMZ LABEL DESCRIPTION DMZ TCP/IP IP Address Type the IP address of your ZyWALL in dotted decimal notation 192.168.1.1 (factory default).
Page 95 Vantage CNM 2.0 User’s Guide Table 27 Configuration > DMZ (continued) LABEL DESCRIPTION Windows Networking (NetBIOS over TCP/IP) Allow from DMZ to Click this option to forward NetBIOS packets from the DMZ port to the LAN LAN port Allow from DMZ to Click this option to forward NetBIOS packets from the DMZ port to the WAN port.
Page 96 Vantage CNM 2.0 User’s Guide Chapter 7 Configuration > DMZ...
Page 97: Chapter 8 Configuration > Wan
"1" and "15"; a number greater than "15" means the link is down. The smaller the number, the lower the "cost". The metric sets the priority for the ZyXEL device’s routes to the Internet. If any two of the default routes have the same metric, the ZyXEL device uses the following pre-defined priorities: •...
Page 98: Figure 49 Configuration > Wan > General - Zywall
"14" in the Dial Backup Priority (metric) field (and leave the Traffic Redirect Priority (metric) at the default of "15"). Active Select this check box to have the ZyXEL device use traffic redirect if the normal WAN connection goes down. Backup Type the IP address of your backup gateway in dotted decimal notation.
Page 99: Wan Isp - Zywall
Internet before traffic is forwarded to the backup gateway. Period (sec) Type the number of seconds for the ZyXEL device to wait between checks to see if it can connect to the WAN IP address (Check WAN IP Address field) or default gateway.
Page 100: Pppoe Encapsulation
By implementing PPPoE directly on the ZyXEL device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
Page 101: Figure 51 Configuration > Wan > Isp (Pppoe) - Zywall
This value specifies the time in seconds that elapses before the router automatically disconnects from the PPPoE server. Apply Click Apply to save your changes back to the ZyXEL device. Reset Click Reset to begin configuring this screen afresh. Chapter 8 Configuration > WAN...
Page 102: Pptp Encapsulation
Virtual Private Network (VPN) using TCP/IP-based networks. PPTP supports on-demand, multi-protocol, and virtual private networking over public networks, such as the Internet. The ZyXEL device supports only one PPTP server connection at any given time. To configure a PPTP client, you must configure the User Name and Password fields for a PPP connection and the PPTP parameters for a PPTP connection.
Page 103 Nailed-up Connection Select Nailed-Up Connection if you do not want the connection to time out. Idle Timeout This value specifies the time in seconds that elapses before the ZyXEL device automatically disconnects from the PPTP server. My IP Address Type the (static) IP address assigned to you by your ISP.
Page 104: Wan Ip - Zywall
Vantage CNM 2.0 User’s Guide 8.2 WAN IP – ZyWALL Figure 53 Configuration > WAN > IP – ZyWALL The following table describes the fields in this screen Table 32 Configuration > WAN > IP – ZyWALL LABEL DESCRIPTION WAN IP Address Assignment Get automatically Select this option If your ISP did not assign you a fixed IP address.
Page 105: Dial Backup - Zywall
RIP packets. Choose Both, None, In Only or Out Only. When set to Both or Out Only, the ZyXEL device will broadcast its routing table periodically. When set to Both or In Only, the ZyXEL device will incorporate RIP information that it receives.
Page 106: Traffic Redirect
Vantage CNM 2.0 User’s Guide 8.3.1 Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway when the ZyWALL cannot connect to the Internet through its normal gateway. Connect the backup gateway on the WAN so that the ZyWALL still provides firewall protection. This feature is not available on all models.
Page 107: Figure 56 Configuration > Wan > Dial Backup - Zywall
Vantage CNM 2.0 User’s Guide Figure 56 Configuration > WAN > Dial Backup – ZyWALL The following table describes the labels in this screen. Table 33 Configuration > WAN > Dial Backup – ZyWALL LABEL DESCRIPTION Enable Dial Backup Select this check box to turn on dial backup.
Page 108 Idle Timeout Type the number of seconds of idle time (when there is no traffic from the ZyXEL device to the remote node) for the ZyXEL device to wait before it automatically disconnects the dial backup connection. This option applies only when the ZyXEL device initiates the call.
Page 109: Advanced Modem Setup - Zywall
Terminal Ready) signal is dropped by the DTE. When the Drop DTR When Hang Up check box is selected, the ZyXEL device uses this hardware signal to force the WAN device to hang up, in addition to issuing the drop command ATH.
Page 110: Figure 57 Configuration > Wan > Dial Backup > Advanced - Zywall
Speed Type the keyword preceding the connection speed. CONNECT Call Control Dial Timeout (sec) Type a number of seconds for the ZyXEL device to try to set up an outgoing call before timing out (stopping). Chapter 8 Configuration > WAN...
Page 111: Edit Dial Backup - Zywall
DESCRIPTION EXAMPLE Retry Count Type a number of times for the ZyXEL device to retry a busy or no- answer phone number before blacklisting the number. Retry Interval Type a number of seconds for the ZyXEL device to wait before (sec) trying another call after a call has failed.
Page 112: Figure 58 Configuration > Wan > Dial Backup > Edit - Zywall
(automatically) assign your WAN IP address if you do not know it. Type your WAN IP address here if you know it (static). This is the address assigned to your local ZyXEL device, not the remote router. Remote Node IP Leave this field set to 0.0.0.0 (default) to have the ISP or other remote router...
Page 113: General Wan - Prestige
Address Mapping Set 255 in the SMT (see the section on menu 15.1 for more information). Select the check box to enable SUA. Clear the check box to disable SUA so the ZyXEL device does not perform any NAT mapping for the dial backup connection. Broadcast Dial Backup Select this check box to forward the backup route broadcasts to the WAN.
Page 114: Traffic Shaping
Vantage CNM 2.0 User’s Guide 8.4.1 Traffic Shaping Traffic Shaping is an agreement between the carrier and the subscriber to regulate the average rate and fluctuations of data transmission over an ATM network. This agreement helps eliminate congestion, which is important for transmission of real time data such as audio and video connections.
Page 115: Figure 60 Configuration > Wan > Setup - Prestige - Bridge Mode
Vantage CNM 2.0 User’s Guide Figure 60 Configuration > WAN > Setup – Prestige – Bridge Mode The following table describes the fields in this screen Table 36 Configuration > WAN > Setup – Prestige – Bridge Mode LABEL DESCRIPTION Name Enter the name of your Internet Service Provider, e.g., MyISP.
Page 116 Vantage CNM 2.0 User’s Guide Table 36 Configuration > WAN > Setup – Prestige – Bridge Mode (continued) LABEL DESCRIPTION Virtual Circuit ID VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit. Refer to the appendix for more information.
Page 117: Figure 61 Configuration > Wan > Setup - Prestige - Routing Mode
Vantage CNM 2.0 User’s Guide Figure 61 Configuration > WAN > Setup – Prestige – Routing Mode The following table describes the fields in this screen. Table 37 Configuration > WAN > Setup – Prestige – Routing Mode LABEL DESCRIPTION Name Enter the name of your Internet Service Provider, e.g., MyISP.
Page 118 Vantage CNM 2.0 User’s Guide Table 37 Configuration > WAN > Setup – Prestige – Routing Mode (continued) LABEL DESCRIPTION The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic). Enter the VCI assigned to you.
Page 119: Wan Backup - Prestige
Vantage CNM 2.0 User’s Guide Table 37 Configuration > WAN > Setup – Prestige – Routing Mode (continued) LABEL DESCRIPTION Nailed-Up Connection Select Nailed-Up Connection when you want your connection up all the time. The Prestige will try to bring up the connection automatically if it is disconnected.
Page 120: Figure 62 Configuration > Wan > Backup - Prestige
Vantage CNM 2.0 User’s Guide Figure 62 Configuration > WAN > Backup – Prestige The following table describes the fields in this screen. Table 38 WAN Backup – Prestige LABEL DESCRIPTION Backup Type Select the method that the Prestige uses to check the DSL connection.
Page 121: Table 38 Wan Backup - Prestige
Vantage CNM 2.0 User’s Guide Table 38 (continued) WAN Backup – Prestige LABEL DESCRIPTION Fail Tolerance Type the number of times (2 recommended) that your Prestige may ping the IP addresses configured in the Check WAN IP Address field without getting a response before switching to a WAN backup connection (or a different WAN backup connection).
Page 122: Configuring Advanced Wan Backup - Prestige
Vantage CNM 2.0 User’s Guide Table 38 (continued) WAN Backup – Prestige LABEL DESCRIPTION Advanced Backup Click this button to display the Advanced Backup screen and edit more details of your WAN backup setup. Apply Click Apply to save the changes.
Page 123: Figure 63 Advanced Wan Backup - Prestige
Vantage CNM 2.0 User’s Guide Figure 63 Advanced WAN Backup – Prestige The following table describes the fields in this screen. Table 39 Advanced WAN Backup – Prestige LABEL DESCRIPTION Basic Authentication Type Use the drop-down list box to select an authentication protocol for outgoing calls.
Page 124 Vantage CNM 2.0 User’s Guide Table 39 Advanced WAN Backup – Prestige (continued) LABEL DESCRIPTION Primary/ Secondary Type the first (primary) phone number from the ISP for this remote node. If the Phone Number primary phone number is busy or does not answer, your Prestige dials the secondary phone number if available.
Page 125: Advanced Modem Setup - Prestige
Vantage CNM 2.0 User’s Guide Table 39 Advanced WAN Backup – Prestige (continued) LABEL DESCRIPTION Nailed-Up Connection Select Nailed-Up Connection when you want your connection up all the time. The Prestige will try to bring up the connection automatically if it is disconnected.
Page 126 Vantage CNM 2.0 User’s Guide Chapter 8 Configuration > WAN...
Page 127: Chapter 9 Configuration > Nat
IP address known within another network. 9.1.1 NAT Definitions Inside/outside denotes where a host is located relative to the ZyXEL device. For example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Page 128: What Nat Does
9.1.4 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the ZyXEL device maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the ZyXEL device maps multiple local IP addresses to one global IP address.
Page 129: Sua (Single User Account) Versus Nat
SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. The ZyXEL device also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types.
Page 130: Disable Nat
FTP, that you can make visible to the outside world even though SUA makes your whole inside network appear as a single computer to the outside world. The ZyXEL device provides the additional safety of a DMZ port for connecting your publicly accessible servers. This makes the LAN more secure by physically separating it from your public servers.
Page 131: Port Forwarding: Services And Port Numbers
Note: If you do not assign a Default Server IP Address, the ZyXEL device discards all packets received for ports that are not specified here or in the remote management setup.
Page 132: Figure 65 Configuration > Nat > Sua Server - Zywall
End Port Server IP Type the IP address of the inside server. Address Apply Click Apply to save your changes back to the ZyXEL device. Cancel Click Cancel to return to the previous screen. Chapter 9 Configuration > NAT...
Page 133: Configuring Sua Servers - Prestige
End Port Server IP Type the IP address of the inside server. Address Apply Click Apply to save your changes back to the ZyXEL device. Cancel Click Cancel to return to the previous screen. Chapter 9 Configuration > NAT...
Page 134: Full Feature Address Mapping
Vantage CNM 2.0 User’s Guide Select a radio button and then click Edit to configure that server set. 9.3.4 Full Feature Address Mapping Select Full Feature in Figure 64 on page 133 and then click Edit to bring up the next screen.
Page 135: Edit Full Feature Address Mapping
One-to-one NAT mapping type. 2. Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only.
Page 136: Trigger Port Forwarding - Zywall
Click the link to go to the NAT > SUA Server screen to edit a server set that you have selected in the Server Mapping Set field. Save Click Save to save your changes back to the ZyXEL device. Cancel Click Cancel to return to the previous screen.
Page 137: Configuring Trigger Port
Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically take turns using the service. The ZyXEL device records the IP address of a LAN computer that sends traffic to the WAN to request a service with a specific port number and protocol (a "trigger"...
Page 138: Figure 69 Configuration > Nat > Full Feature > Trigger Port
This field displays a port number or the ending port number in a range of port numbers. Trigger The trigger port is a port (or a range of ports) that causes (or triggers) the ZyXEL device to record the IP address of the LAN computer that sent the traffic to a server on the WAN.
Page 139: Edit Trigger Port
Type a port number or the ending port number in a range of port numbers. Trigger The trigger port is a port (or a range of ports) that causes (or triggers) the ZyXEL device to record the IP address of the LAN computer that sent the traffic to a server on the WAN.
Page 140 Vantage CNM 2.0 User’s Guide Chapter 9 Configuration > NAT...
Page 141: Configuration > Static Route
10.1 Static Route Overview Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL device has no knowledge of the networks beyond 10.1.1 Static Route Summary Select a device and then click Configuration > Static Route.
Page 142: Edit Static Route
ZyXEL device that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as the ZyXEL device; over the WAN, the gateway must be the IP address of one of the remote nodes.
Page 143: Figure 72 Configuration > Static Route > Edit
ZyXEL device that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as the ZyXEL device; over the WAN, the gateway must be the IP address of one of the Remote Nodes.
Page 144 Vantage CNM 2.0 User’s Guide Chapter 10 Configuration > Static Route...
Page 145: Chapter 11 Configuration > Vpn
Vantage CNM 2.0 User’s Guide H A P T E R Configuration > VPN This chapter shows you how to configure VPNs using Vantage. 11.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
Page 146: Data Origin Authentication
Vantage CNM 2.0 User’s Guide 11.1.6 Data Origin Authentication The IPSec receiver can verify the source of IPSec packets. This service depends on the data integrity service. 11.1.7 IPSec Algorithms The ESP and AH protocols are necessary to create a Security Association (SA), the foundation of an IPSec VPN.
Page 147: Key Management
Vantage CNM 2.0 User’s Guide Table 52 AH and ESP (continued) Advanced Encryption Standard data encryption uses a secret key. This implementation of AES applies a 128-bit key to 128-bit blocks of data. AES is faster than 3DES. Select DES for minimal security and 3DES or AES for Select MD5 for minimal security and SHA- maximum.
Page 148: Ipsec And Nat
IPSec SA lifetime period expires. In effect, the IPSec tunnel becomes an always on connection after you initiate it. Both IPSec routers must have a ZyXEL device-compatible keep alive feature enabled in order for this feature to work.
Page 149: Nat Traversal
Vantage CNM 2.0 User’s Guide If the ZyXEL device has its maximum number of simultaneous IPSec tunnels connected to it and they all have keep alive enabled, then no other tunnels can take a turn connecting to the ZyXEL device because the ZyXEL device never drops the tunnels that are already connected.
Page 150: Ike Phases
LOCAL ID TYPE CONTENT Type the IP address of your computer or leave the field blank to have the ZyXEL device automatically use its own IP address. Type a domain name (up to 31 characters) by which to identify this ZyXEL device.
Page 151: Negotiation Mode
The ZyXEL device automatically renegotiates the IPSec SA if there is traffic when the IPSec SA lifetime period expires. The ZyXEL device also automatically renegotiates the IPSec SA if both IPSec routers have keep alive enabled, even if there is no traffic.
Page 152: Perfect Forward Secrecy (Pfs)
This may be unnecessary for data that does not require such security, so PFS is disabled (None) by default in the ZyXEL device. Disabling PFS means new authentication and encryption keys are derived from the same root secret (which may have security implications in the long run) but allows faster SA setup (by bypassing the Diffie-Hellman key exchange).
Page 153: Add A Vpn Tunnel
You can create a single-ended VPN tunnel using Vantage by selecting N/A from the Remote Device field. This allows you to create a VPN tunnel between a ZyXEL device and another IPSec router. You must make sure the remote IPSec router VPN settings correspond to the ZyXEL device VPN settings.
Page 154: Figure 74 Configuration > Vpn > Tunnel Ipsec Detail
Vantage CNM 2.0 User’s Guide Figure 74 Configuration > VPN > Tunnel IPSec Detail The following table describes the labels in this screen. Table 57 Configuration > VPN > Tunnel IPSec Detail LABEL DESCRIPTION Name This is a VPN name for identification purposes.
Page 155 Enable Replay Detection Keep Alive When you initiate an IPSec tunnel with keep alive enabled, the ZyXEL device automatically renegotiates the tunnel when the IPSec SA lifetime period expires. In effect, the IPSec tunnel becomes an always on connection after you initiate it.
Page 156 WAN IP addresses. With DNS or E-mail in the Local ID Type field, type a domain name or e-mail address by which to identify this ZyXEL device. Use up to 31 ASCII characters including spaces, although trailing spaces are truncated. The domain name or e-mail address is for identification purposes only and can be any string.
Page 157 It is called pre-shared because you have to share it with another party before you can communicate with them over a secure connection. ZyXEL gateways authenticate an IKE VPN session by matching pre-shared keys. Enter from 8 up to 31 characters. Any character may be used, including spaces, but trailing spaces are truncated.
Page 158: Manual Vpn Tunnel
Vantage CNM 2.0 User’s Guide Table 57 Configuration > VPN > Tunnel IPSec Detail (continued) LABEL DESCRIPTION Encapsulation In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
Page 159: Figure 75 Configuration > Vpn > Manual Tunnel Ipsec Detail
IP addresses, as long as only one is active at any time. A-End / Z-End Device Select the name of the ZyXEL device from the pull-down list. My IP This is the IP address of the local and remote computer(s) of the VPN tunnel.
Page 160 Address Start When the Address Type field is configured to Single, enter a (static) IP address on the LAN behind the ZyXEL device. When the Address Type field is configured to Range, enter the beginning (static) IP address, in a range of computers on the LAN behind the ZyXEL device.
Page 161: Vpn And Netbios
Table 58 Configuration > VPN >Manual Tunnel IPSec Detail (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL device. Cancel Click Cancel to begin configuring this screen afresh. 11.3 VPN and NetBIOS NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to find other computers.
Page 162 Vantage CNM 2.0 User’s Guide Chapter 11 Configuration > VPN...
Page 163: Configuration > Firewall
Vantage CNM 2.0 User’s Guide H A P T E R Configuration > Firewall This chapter shows you how to configure firewall for your devices. 12.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.
Page 164: Stateful Inspection Firewalls
12.3 I ntroduction to ZyXEL’s Firewall The ZyXEL device firewall is a stateful inspection firewall and is designed to protect against Denial of Service attacks when activated (in SMT menu 21.2 or in the web configurator). The ZyXEL device’s purpose is to allow a private Local Area Network (LAN) to be securely connected to the Internet.
Page 165: Denial Of Service
Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The ZyXEL device is pre-configured to automatically detect and thwart all known DoS attacks.
Page 166: Table 60 Icmp Commands That Trigger Alerts
Vantage CNM 2.0 User’s Guide Weaknesses in the TCP/IP specification leave it open to "SYN Flood" and "LAND" attacks. These attacks are executed during the handshake that initiates a communication session between two applications. Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server.
Page 167: Stateful Inspection
To engage in IP spoofing, a hacker must modify the packet headers so that it appears that the packets originate from a trusted host and should be allowed through the router or firewall. The ZyXEL device blocks all IP Spoofing attempts. 12.4 Stateful Inspection With stateful inspection, fields of the packets are compared to packets that are already known to be trusted.
Page 168: Stateful Inspection Process
Vantage CNM 2.0 User’s Guide are allowed in. The ZyXEL device uses stateful packet inspection to protect the private LAN from hackers and vandals on the Internet. By default, the ZyXEL device’s stateful inspection allows all communications to the Internet that originate from the LAN, and blocks all traffic to the LAN that originates from the Internet.
Page 169: Stateful Inspection And The Zyxel Device
Below is a brief technical description of how these connections are tracked. Connections may either be defined by the upper protocols (for instance, TCP), or by the ZyXEL device itself (as with the "virtual connections" created for UDP and ICMP).
Page 170: Udp/Icmp Security
IP and UDP information will be allowed back in through the firewall. A similar situation exists for ICMP, except that the ZyXEL device is even more restrictive. Specifically, only outgoing echoes will allow incoming echo replies, outgoing address mask requests will allow incoming address mask replies, and outgoing timestamp requests will allow incoming timestamp replies.
Page 171 • WAN to LAN • WAN to WAN/ZyWALL This prevents computers on the WAN from using the ZyXEL device as a gateway to communicate with other computers on the WAN and/or managing the ZyXEL device. • DMZ to LAN •...
Page 172: Rule Checklist
Vantage CNM 2.0 User’s Guide • Block certain types of traffic, such as IRC (Internet Relay Chat), from the LAN to the Internet. • Allow certain types of traffic, such as Lotus Notes database synchronization, from specific hosts on the Internet to specific hosts on the LAN.
Page 173: Key Fields For Configuring Rules
Generate alert when attack detected checkbox Configure the Log Settings screen to have the ZyXEL device send an immediate e-mail message to you when an event generates an alert. Refer to the chapter on logs for details.
Page 174: Firewall Configuration Screens
Vantage CNM 2.0 User’s Guide Table 63 Services and Port Numbers (continued) HTTP (Hyper Text Transfer protocol or WWW, Web) POP3 (Post Office Protocol) NNTP (Network News Transport Protocol) SNMP (Simple Network Management Protocol) SNMP trap PPTP (Point-to-Point Tunneling Protocol)1723 12.5 Firewall Configuration Screens...
Page 175: Figure 77 Configuration >Firewall
Denial of Service (DoS) attacks when the firewall is activated. Bypass Triangle Route Select this check box to have the ZyXEL device firewall ignore the use of triangle route topology on the network. See the Appendices for more on triangle route topology.
Page 176: Dos Settings
The ordering of your rules is important as they are applied in order of their numbering. Apply Click Apply to save your changes back to the ZyXEL device. Click Add to create a new firewall rule. Delete Select a rule index and then click Delete to delete an existing firewall rule.
Page 177: Figure 78 Configuration > Firewall > Dos Settings
This is the rate of new half-open sessions that 80 existing half-open causes the firewall to stop deleting half-open sessions. sessions. The ZyXEL device continues to delete half-open sessions as necessary, until the rate of new connection attempts drops below this number.
Page 178: Add/Edit A Firewall Rule
Vantage CNM 2.0 User’s Guide Table 65 Configuration > Firewall > DoS Settings (continued) LABEL DESCRIPTION EXAMPLE VALUES TCP Maximum This is the number of existing half-open TCP .10 existing half-open TCP Incomplete sessions with the same destination host IP...
Page 179: Figure 79 Configuration >Firewall > Edit
Active Check the Active check box to have the ZyXEL device use this rule. Leave it unchecked if you do not want the ZyXEL device to use the rule after you apply it Packet Direction Use the drop-down list box to select the direction of packet travel to which you want to apply this firewall rule.
Page 180: Add/Edit Source/Destination Ip Addresses
Vantage CNM 2.0 User’s Guide Table 66 Configuration >Firewall > Edit (continued) DESCRIPTION LABEL Custom Port Click this button to bring up the screen that you use to configure a new custom service that is not in the predefined list of services.
Page 181: Custom Ports
Vantage CNM 2.0 User’s Guide 12.5.5 Custom Ports Configure customized ports for services not predefined by the ZyXEL device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) web site. Click Add or Edit under Custom Port to add or edit a custom port.
Page 182 Vantage CNM 2.0 User’s Guide Chapter 12 Configuration > Firewall...
Page 183: Configuration > Device Log
This field lists the destination IP address and the port number of the packet. Time This field displays the time the log was recorded. See the chapter on system maintenance and information to configure the ZyXEL device's time and date. Content This field states the reason for the log.
Page 184: Device Logging Options
Vantage CNM 2.0 User’s Guide 13.2 Device Logging Options Use the Logging Options screen to configure to where the ZyXEL device is to send logs; the schedule for when the ZyXEL device is to send the logs and which logs and/or immediate alerts the ZyXEL device is to send.
Page 185: Figure 83 Configuration > Device Logs > Log Settings
Vantage CNM 2.0 User’s Guide Figure 83 Configuration > Device Logs > Log Settings The following table describes the labels in this screen. Table 70 Configuration > Device Logs > Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 186: Purge Logs
Select the categories of logs that you want to record. Logs include alerts. Send Immediate Alert Select the categories of alerts for which you want the ZyXEL device to instantly e-mail alerts to the e-mail address specified in the Send Alerts To field.
Page 187: Figure 84 Purge Device Logs
Vantage CNM 2.0 User’s Guide Figure 84 Purge Device Logs The following table describes the labels in this screen. Table 71 Purge Device Logs LABEL DESCRIPTION Send e-mail Select the checkbox and enter valid e-mail address(es) of those who should receive report to a report on logs that have been purged.
Page 188 Vantage CNM 2.0 User’s Guide Chapter 13 Configuration > Device Log...
Page 189: Configuration > Adsl Monitor
Vantage CNM 2.0 User’s Guide H A P T E R Configuration > ADSL Monitor Use this screen to monitor your ADSL link. 14.1 Introduction The Prestige is an ADSL device compatible with the ADSL/ADSL2/ADSL2+ standards. Maximum data rates attainable by the Prestige for each standard are shown in the next table.
Page 190: Figure 85 Configuration > Adsl Monitor
Vantage CNM 2.0 User’s Guide Figure 85 Configuration > ADSL Monitor The following table describes the labels in this screen. Table 73 Configuration > ADSL Monitor LABEL DESCRIPTION ADSL Link Status This is the status of your ADSL link. ADSL Standard...
Page 191: Configuration > Device Alarms
Use these screens to view and manage device alarms. 15.1 Device Alarms Select a domain in the object tree to view alarms for that domain. Alarms are time-critical information that the ZyXEL device automatically sends out at the time of occurrence. 15.1.1 Alarm Classifications There are four alarm severity classifications.
Page 192: Current Alarms Screen
Vantage CNM 2.0 User’s Guide 15.1.3 Current Alarms Screen This screen includes filters for time, alarm type, alarm severity type and the administrator who responded to the alarm. You may also configure to have administrators automatically e-mailed when an alarm occurs in the System >...
Page 193: Historical Alarms Screen
Vantage CNM 2.0 User’s Guide Table 76 Configuration > Device Alarms >Current (continued) LABEL DESCRIPTION Retrieve Click Retrieve to renew the logs displayed for the selected device. Respond Click Respond to create a response to an alarm. Clear Click Clear to erase the logs displayed for the selected device. Only the root administrator can clear logs.
Page 194 Vantage CNM 2.0 User’s Guide Table 77 Configuration > Device Alarms > Historical (continued) LABEL DESCRIPTION Response Time This field displays the time of response since an administrator first received the alarm. Description This field displays a brief explanation of the administrator’s response.
Page 195: Chapter 16 Building Blocks (Bbs)
Vantage CNM 2.0 User’s Guide H A P T E R Building Blocks (BBs) 16.1 Categories A BB is a building block used to build a device configuration using Vantage CNM. • A device BB is a combination of configuration BBs, which vary by model. A device can have only one Device BB.
Page 196: Editing An Existing Bb
Vantage CNM 2.0 User’s Guide Figure 88 Building Block > Device BB The following table describes the fields in this screen Table 78 Building Block > Device BB TYPE DESCRIPTION Index This is the building block list number. Name A building block should have a unique name. Click this hyperlink to go to a BB info screen that allows you to edit the name and add some extra description of the BB.
Page 197: Device Bb Configuration Select
Vantage CNM 2.0 User’s Guide Table 79 Building Block > Device BB > Edit (continued) TYPE DESCRIPTION Next Click to proceed to the following screen Cancel Click to return to the previous screen. 16.3.2 Device BB Configuration Select Select one of the hyperlink configuration menus to configure your BB Device LAN, WLAN etc.
Page 198: Configuration Bbs
Vantage CNM 2.0 User’s Guide Figure 91 Building Block > Device BB > Add Table 80 Building Block > Device BB > Add TYPE DESCRIPTION Name Type a unique name for the building block. Device Select the device model. Note...
Page 199: Adding A Configuration Bb
Vantage CNM 2.0 User’s Guide Table 81 Building Block > Configuration (continued) TYPE DESCRIPTION Click to proceed to the next screen. Delete Click to delete a selected device BB. 16.4.1 Adding a Configuration BB Click Add from Figure 92 on page 201.
Page 200: Editing A Configuration Bb
Vantage CNM 2.0 User’s Guide Figure 94 Building Block > Configuration BB > Add > Next The completed configuration BB is shown next. You may edit this BB by clicking the Name hyperlink. Figure 95 Building Block > Configuration BB > Added 16.4.2 Editing a Configuration BB...
Page 201: Component Bbs
Vantage CNM 2.0 User’s Guide Figure 96 Building Block > Configuration BB > Edit The following table describes the fields in this screen Table 83 Building Block > Configuration BB > Edit TYPE DESCRIPTION Name You may change the name for this configuration building block.
Page 202: Adding A Component Bb
Vantage CNM 2.0 User’s Guide Table 84 Building Block > Component BB (continued) TYPE DESCRIPTION create new component BBs Click Add to create a new configuration BB. Alternatively, directly from the configuration menus by using the “save as new BB” icon.
Page 203: Adding A Component Bb: E-Mail Type
Vantage CNM 2.0 User’s Guide Figure 99 Building Block > Component BB > Add > IP Address The following table describes the fields in this screen Table 86 Building Block > Component BB > Add > IP Address TYPE DESCRIPTION IP Type Select from Single, Range or Subnet.
Page 204: Editing A Component Bb
Vantage CNM 2.0 User’s Guide Figure 101 Component BBs Added 16.5.2 Editing a Component BB Click the Name hyperlink in the component BB summary screen as shown in Figure 101 on page 207 to edit a component BB. Figure 102 Building Block > Component BB > Edit The following table describes the fields in this screen Table 88 Building Block >...
Page 205: System > Administrators
Vantage CNM 2.0 User’s Guide H A P T E R System > Administrators Use these screens to manage Vantage administrators. 17.1 I ntroduction to Administrators An Administrator can only be associated to one management domain. To change an Administrator’s management domain, you must first disassociate him or her from an existing domain before associating to the new domain.
Page 206: Super" Administrators
Vantage CNM 2.0 User’s Guide 3 Only “root” can see all other Administrators. Other Administrators can only see Administrators within their domain. 17.1.1.2 “Super” Administrators “Super” Administrators are Administrators created using the “Super” User Group. They are the next most powerful type Administrator next to “root”.
Page 207: Creating An Administrator Account
Vantage CNM 2.0 User’s Guide Figure 103 System > View Administrator List The following table describes the fields in this screen. Table 89 System > View Administrator List LABEL DESCRIPTION Select the checkbox and enter a valid e-mail address of the person who should receive a report on logs that have been purged.
Page 208: Figure 104 System > Administrator Details
Vantage CNM 2.0 User’s Guide Figure 104 System > Administrator Details The following table describes the fields in this screen. Table 90 System > Administrator Details LABEL DESCRIPTION Name Type the administrator name used for identification purposes. Login ID Type the administrator login name associated with the password that you log into Vantage with.
Page 209: Administrator Permissions
Vantage CNM 2.0 User’s Guide 17.3.2 Administrator Permissions You may select which permissions (privileges) an administrator may have from the next screen. Figure 105 System > Administrator Permissions The following table describes the fields in this screen. Table 91 System > Administrator Permissions...
Page 210 Vantage CNM 2.0 User’s Guide Table 91 System > Administrator Permissions (continued) LABEL DESCRIPTION System System Management is defined as follows: Management Vantage Upgrade License Preference Log option and purge log Maintenance Apply Click Apply to save your settings in Vantage.
Page 211: Chapter 18 Other System Screens
Vantage CNM 2.0 User’s Guide H A P T E R Other System Screens Only the root administrator can view the System > Upgrade to System > Data Maintenance screens as only the root administrator can perform these duties. 18.1 Status Click System >...
Page 212: Vantage Upgrade
This field displays the number of Administrators currently logged into currently logged in Vantage. 18.2 Vantage Upgrade Upgraded Vantage software may be for bug fixes, increased ZyXEL device support or new Vantage modules. You should perform system maintenance (backup) before upgrading software. 18.2.1 Upgrade Procedure 1 Click System >...
Page 213: Figure 107 System > Upgrade > Online Administrators
If an administrator has not logged out, Vantage will not let you continue. A warning screen will re-appear reminding you to notify them to log out. You should have already downloaded the upgraded Vantage software from the ZyXEL website. The next screen asks you to Browse to the location on your computer where you have previously downloaded the software upgrade file.
Page 214: Version Format
Vantage. This number changes for patch upgrades. The version code of the Vantage CNM 2.0 for Windows XP SP1 without a patch is 2.0.00.61.00. The version code of the Vantage CNM 2.0 for RedHat Linux 9.0 without a patch is 2.0.00.81.00.
Page 215: License Management
You get an initial license key when you first buy Vantage and after that you may buy expansion license keys in order to be able to manage more ZyXEL devices with Vantage. Click Vantage > License to display the next screen.
Page 216: System >Preferences
Vantage CNM 2.0 User’s Guide Figure 112 System > License > License Management > Upgrade The following table describes the fields in this screen. Table 95 System > License > License Management > Upgrade LABEL DESCRIPTION Activation Key Copy and paste or type the Activation Key that is generated in the myZyXEL.com website.
Page 217: User Access
Vantage CNM 2.0 User’s Guide Figure 113 System > Preferences > General System The following table describes the fields in this screen. Table 96 System > Preferences > General System LABEL DESCRIPTION Vantage CNM Root This refers to the root of the object tree.
Page 218: Servers
Vantage CNM 2.0 User’s Guide Figure 114 System > Preferences > User Access The following table describes the fields in this screen. Table 97 System > Preferences > User Access LABEL DESCRIPTION Max Count of Users Online Type the maximum number of administrators allowed to log into Vantage at any one time.
Page 219 Vantage CNM 2.0 User’s Guide The SMTP server is used for e-mail notifications. The syslog server is used to receive logs. The syslog server you configure for a device and the syslog server you configure for Vantage MUST be the same.
Page 220: Figure 115 System > Preferences > Server
Vantage CNM 2.0 User’s Guide Figure 115 System > Preferences > Server The following table describes the fields in this screen. Table 98 System > Preferences > Server LABEL DESCRIPTION Vantage CNM server Select the check box to make the IP address editable.
Page 221: Vantage Server Public Ip Address
Vantage CNM 2.0 User’s Guide Table 98 System > Preferences > Server (continued) LABEL DESCRIPTION Mail Server The mail (SMTP) server is used to send Vantage notifications. Select the checkbox to activate the fields below. IP Address Type the IP address of the mail server here.
Page 222: Notifications
Vantage CNM 2.0 User’s Guide 18.4.4 Notifications Use this screen to decide who should receive e-mails for events that may warrant immediate attention such as firmware upgrade or device logs and/or alarms. Device Owner is a variable that refers to the e-mail address of the device owner (configured in Configuration > General >...
Page 223: Vantage Permissions: User Group
Vantage CNM 2.0 User’s Guide 18.4.5 Vantage Permissions: User Group A “user group” is a pre-defined set of administrator permissions. Super pre-defined permissions are not editable. Root may choose what default permissions are associated with the Normal permissions template here. Root can also create and delete new permission templates here.
Page 224: Figure 120 System > Preferences > Permissions > Add
Vantage CNM 2.0 User’s Guide Figure 120 System > Preferences > Permissions > Add The following table describes the fields in this screen. Table 101 System > Preferences > Permissions > Add LABEL DESCRIPTION Add User Group User Group ID Enter the new template name (User Group) in this field.
Page 225: System Maintenance
Vantage CNM 2.0 User’s Guide 18.5 System Maintenance Use the Maintenance screens to manage, back up and restore Vantage system backup files. Data maintenance includes device firmware and configuration files you have uploaded to the Vantage server. You can back up or restore to your computer or Vantage. You can choose what domain to back up by selecting a folder in the object tree.
Page 226: Restore System Maintenance
Vantage CNM 2.0 User’s Guide Figure 122 System > Maintenance > Backup The following table describes the fields in this screen. Table 103 System > Maintenance > Backup LABEL DESCRIPTION Destination Select the radio button to give the download destination to server.
Page 227: Address Book
Vantage CNM 2.0 User’s Guide Figure 123 System > Maintenance > Restore The following table describes the fields in this screen. Table 104 System > Maintenance > Restore LABEL DESCRIPTION Destination Select this radio button to upload a configuration file From Server.
Page 228: Address Book Add/Edit
Vantage CNM 2.0 User’s Guide Figure 124 System > Address Book The following table describes the labels in this screen. Table 105 System > Address Book LABEL DESCRIPTION This is a number defining an address book entry. Index This field displays the address book entry index number.
Page 229: Certificate Management Overview
Click Cancel to return to the previous screen. 18.7 Certificate Management Overview Some ZyXEL devices can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner's identity and public key. Certificates provide a way to exchange public keys for use in authentication.
Page 230: Advantages Of Certificates
A certification path is the hierarchy of certification authority certificates that validate a certificate. The ZyXEL device does not trust a certificate if any certificate on its path has expired or been revoked.
Page 231: Figure 126 System > Certificate Management > Information
Use the My Certificate Import screen to import the certificate and replace the request. SELF represents a self-signed certificate. *SELF represents the default self-signed certificate, which the ZyXEL device uses to sign imported trusted remote host certificates. CERT represents a certificate issued by a certification authority.
Page 232: Create A Certificate
Vantage CNM 2.0 User’s Guide 18.7.3 Create a Certificate You can create certificates by entering the requested information into the fields below. Then click Apply. Figure 127 System > Certificate Management > Create CSR The following table describes the labels in this screen.
Page 233: Vantage Logs
Vantage CNM 2.0 User’s Guide Figure 128 System > Certificate Management > Import Certificate The following table describes the labels in this screen. Table 109 System > Certificate Management > Import Certificate LABEL DESCRIPTION Input Certificate Input Your Certificate Path Type in the location of the certificate you want to upload in this field or click Browse ...
Page 234: Vantage Logging Options
Vantage CNM 2.0 User’s Guide Figure 129 System > Logs > CNM Server The following table describes the labels in this screen. Table 110 System > Logs > CNM Server LABEL DESCRIPTION Select Time Period Select the time period for which you wish to view Vantage logs Source This field displays the source of the Vantage log.
Page 235: About Vantage
Vantage CNM 2.0 User’s Guide Figure 130 System > Logging Options 18.9 A bout Vantage The About screen provides some basic information about Vantage as shown in the following screen. Figure 131 System > About Vantage Chapter 18 Other System Screens...
Page 236 Vantage CNM 2.0 User’s Guide Chapter 18 Other System Screens...
Page 237: Chapter 19 Monitor > Alarms
19.1 Alarms Select a domain in the object tree to view alarms for that domain. Alarms are time-critical information that the ZyXEL device automatically sends out at the time of occurrence. 19.1.1 Alarm Types There are three types of alarms.
Page 238: Alarm States
Vantage CNM 2.0 User’s Guide 19.1.3 Alarm States When an alarm is received by Vantage, it can be in one of three states: Table 113 Alarm States STATE DESCRIPTION Active This is the initial state of an alarm, which means this alarm is new and no one has assumed responsibility for handling it yet.
Page 239: Figure 132 Monitor > Current Alarms
Vantage CNM 2.0 User’s Guide Figure 132 Monitor > Current Alarms Chapter 19 Monitor > Alarms...
Page 240: Historical Alarms
Vantage CNM 2.0 User’s Guide Table 114 Monitor > Current Alarms STATE DESCRIPTION Select Time Period Select the time period for which you wish to view alarms. Select Type of Select the type of alarm you wish to view. Alarm Select Severity of Select the type of alarm you wish to view.
Page 241: Figure 133 Monitor > Historical Alarms
Vantage CNM 2.0 User’s Guide Figure 133 Monitor > Historical Alarms 4See Table 114 on page 243 for more information on fields in this table. Chapter 19 Monitor > Alarms...
Page 242 Vantage CNM 2.0 User’s Guide Chapter 19 Monitor > Alarms...
Page 243: Chapter 20 Other Monitor Screens
Vantage CNM 2.0 User’s Guide H A P T E R Other Monitor Screens Firmware Upgrade means that Vantage signals the device to request a firmware FTP upload from Vantage. 20.1 Firmware Upgrade Report Details of firmware uploaded to Vantage are shown as in the next screen.
Page 244: Vpn Editor
20.3.1 Graphical VPN Tunnel Creation Configure IPSec tunnels graphically as follows 1 Drag the ZyXEL device icons around the screen as you please. Drag them apart to view each device more clearly. Save this view by clicking Save. 2 Right-click a ZyXEL device (A-End) and select VPN in the popup menu. Click the ZyXEL device again and drag (you should see a red line) to another ZyXEL device (Z- End), then release the mouse button.
Page 245: Figure 136 Monitor > Vpn Editor > Tunnel Ipsec Detail
Vantage CNM 2.0 User’s Guide Figure 136 Monitor > VPN Editor > Tunnel IPSec Detail 4 See Table 57 on page 157 for more information on the fields in this screen. Click Apply to go to a Tunnel Summary screen.
Page 246: Graphical Tunnel Depictions
A gray solid line means that the VPN tunnel is set up between the devices but the tunnel is not active yet (no traffic). A green solid line means an active tunnel (with traffic) between the ZyXEL devices. The icons are dragged apart and dashed lines indicating VPN Tunnels are created after configuring the Tunnel IPSec Detail screen.
Page 247: Map
Vantage CNM 2.0 User’s Guide Figure 138 Monitor > VPN Monitor – Graphical Tunnel 20.3.3 Map Click the Map button to upload a background image such as a map. Click the Map button in the IPSec Summary to upload a background gif (only) image. Type a file and path name or browse for your required file.
Page 248 Vantage CNM 2.0 User’s Guide Chapter 20 Other Monitor Screens...
Page 249: Ftp Server (Wftpd) Setup Example
Vantage CNM 2.0 User’s Guide Appendix A FTP Server (WFTPD) Setup Example Installing WFTPD 1 Download the WFTPD software from www.wftpd.com to where you want to install it. 2 Double-click setup.exe to begin the wizard. Figure 140 Setup 3 Click Next to begin and then follow the wizard prompts.
Page 250: Figure 142 Information
Vantage CNM 2.0 User’s Guide Figure 142 Information 5 Select the installation type and click Next. Figure 143 Installation Type 6 Select where to install WFTPD Pro and click Next.
Page 251: Figure 144 Installation Directory
Vantage CNM 2.0 User’s Guide Figure 144 Installation Directory 7 You are prompted to create the directory if it doesn’t already exist. Click Yes to create a new directory. Figure 145 Create Directory 8 Click Next to begin the installation.
Page 252: Running Wftpd
Vantage CNM 2.0 User’s Guide Running WFTPD Figure 147 Run WFTPD 10 Click Start Service form the WFTPD main screen. WFTPD main screen. Figure 148 WFTPD Main Screen 11 Open Administrative Tools in the Windows Control Panel and then select Services to...
Page 253: Figure 149 Windows Services
Vantage CNM 2.0 User’s Guide Figure 149 Windows Services 12 Right-click WFTPD Pro service and then click Properties. Figure 150 WFTPD Properties 13 Click the Log On tab to configure a user name and password for this server. This must...
Page 254: Figure 151 Wftpd Pro Log On
Vantage CNM 2.0 User’s Guide Figure 151 WFTPD Pro Log On...
Page 255: Configuring The Kiwi Syslog Daemon
Vantage CNM 2.0 User’s Guide Appendix B Configuring the Kiwi Syslog Daemon This section shows you how to install and configure the KiWi Syslog Daemon for use with Vantage CNM 2.0. Installing the Kiwi Syslog Daemon Follow the steps below to install the KiWi. Syslog Daemon 1 Download the latest version of the KiWi Syslog Daemon from www.kiwisyslog.com...
Page 256: Importing The Syslog Configuration File
4 Click Install to install Kiwi to the default directory. Note: You must install Kiwi in the C:\Program Files\Syslog directory for the Vantage CNM 2.0 syslog function to work. Figure 154 Kiwi Installation: Installation Directory Wait before the installation process completes.
Page 257: Figure 155 Kiwi Syslog Daemon Setup
Vantage CNM 2.0 User’s Guide 3 Click Defaults/Import/Export under Inputs. 4 Click Import Settings and Rules from INI file. Figure 155 Kiwi Syslog Daemon Setup 5 Locate the “.ini” syslog configuration file you saved to your computer in step 1 and click Open.
Page 258: Starting The Telnet Service
Vantage CNM 2.0 User’s Guide Figure 157 Kiwi Syslog Daemon Setup: Import Configuration File: Confirm 7 In the Kiwi Syslog Daemon Setup screen, click Apply and then OK to close the screen. Note: You must start the Telnet service on the computer you install Kiwi.
Page 259: Setting Up The Syslog Server In Vantage
After you have installed and configure the Kiwi Syslog Daemon and started the Telnet service on the computer, configure the syslog settings in Vantage CNM 2.0. Set the syslog server username and password to be the same as the Windows username and password in the Vantage system Server screen.
Page 260: Figure 160 Vantage System Servers
Vantage CNM 2.0 User’s Guide Figure 160 Vantage System Servers 3 Select Syslog Server, then enter the IP address of the computer on which you installed the Syslog server and the user name and password that you configured 4 Click Apply.
Page 261: Ftp And Syslog Server Overview
Table 116 FTP and syslog Server Overview LABEL DESCRIPTION This is the Vantage CNM 2.0 server. This is any ZyXEL device. This is a syslog server This is an FTP server Vantage sends syslog server and FTP server information to the device when you register the device with Vantage.
Page 262 After a successful communication link has been established between Vantage and the syslog server, Vantage instructs the syslog server to send the vantage.log (ZyXEL devices’ logs) from the syslog server to an FTP server for retrieval. Vantage uses the FTP protocol to retrieve the vantage.log (ZyXEL devices’ logs) from the FTP server.
Page 263: Java Console Debug Messages
Vantage CNM 2.0 User’s Guide Appendix D Java Console Debug Messages Introduction If you have problems with Vantage, customer support may ask you to find Java console debug messages. This appendix shows you how to do this. 1 Click Start, Control Panel and double-click on Java Plug-in.
Page 264: Figure 162 Java Plug-In Control Panel
Vantage CNM 2.0 User’s Guide Figure 162 Java Plug-in Control Panel 3 Open Internet Explorer and log into Vantage CNM 2.0. After successful login a Java plug-in icon should appear in your Windows system tray. If there is no icon present, return to step 2.
Page 265: Figure 165 Java Console
Vantage CNM 2.0 User’s Guide Figure 165 Java Console 6 Paste this data into an e-mail and send it to customer support.
Page 266 Vantage CNM 2.0 User’s Guide...
Page 267: Appendix Eip Subnetting
Vantage CNM 2.0 User’s Guide Appendix E IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
Page 268: Subnet Masks
Vantage CNM 2.0 User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B”...
Page 269: Example: Two Subnets
Vantage CNM 2.0 User’s Guide For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with mask 255.255.255.128. The following table shows all possible subnet masks for a class “C” address using both notations. Table 120 Alternative Subnet Mask Notation SUBNET MASK IP ADDRESS SUBNET MASK “1”...
Page 270: Table 122 Subnet 1
Vantage CNM 2.0 User’s Guide Table 122 Subnet 1 LAST OCTET BIT NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 00000000 Subnet Mask 255.255.255. Subnet Mask (Binary) 11111111.11111111.11111111. 10000000 Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1 Broadcast Address: Highest Host ID: 192.168.1.126...
Page 271: Example: Four Subnets
Vantage CNM 2.0 User’s Guide Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow”...
Page 272: Example Eight Subnets
Vantage CNM 2.0 User’s Guide Table 127 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.193 192.168.1.192 Broadcast Address: Highest Host ID: 192.168.1.254 192.168.1.255...
Page 273: Subnetting With Class A And Class B Networks
Vantage CNM 2.0 User’s Guide Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID.
Page 274 Vantage CNM 2.0 User’s Guide...
Page 275: Setting Up Your Computer's Ip Address
Vantage CNM 2.0 User’s Guide Appendix F Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Page 276: Installing Components
Vantage CNM 2.0 User’s Guide Figure 166 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 277: Configuring
Vantage CNM 2.0 User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring...
Page 278: Verifying Settings
Vantage CNM 2.0 User’s Guide Figure 168 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add.
Page 279: Figure 169 Windows Xp: Start Menu
Vantage CNM 2.0 User’s Guide Figure 169 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 170 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
Page 280: Figure 171 Windows Xp: Control Panel: Network Connections: Properties
Vantage CNM 2.0 User’s Guide Figure 171 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 172 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 281: Figure 173 Windows Xp: Advanced Tcp/Ip Settings
Vantage CNM 2.0 User’s Guide • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. Figure 173 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
Page 282: Verifying Settings
Vantage CNM 2.0 User’s Guide • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Page 283: Figure 175 Macintosh Os 8/9: Apple Menu
Vantage CNM 2.0 User’s Guide Figure 175 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 176 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list.
Page 284: Verifying Settings
Vantage CNM 2.0 User’s Guide 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box.
Page 285: Verifying Settings
Vantage CNM 2.0 User’s Guide Figure 178 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box.
Page 286 Vantage CNM 2.0 User’s Guide...
Page 287: Virtual Circuit Topology
Vantage CNM 2.0 User’s Guide Appendix G Virtual Circuit Topology Introduction ATM is a connection-oriented technology, meaning that it sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows: • Virtual Channel Logical connections between ATM switches •...
Page 288 Vantage CNM 2.0 User’s Guide...
Page 289: Wireless Lan And Ieee 802.11
Vantage CNM 2.0 User’s Guide Appendix H Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, E-mail, printer services, etc.) without the use of a cabled connection.
Page 290: Ad-Hoc Wireless Lan Configuration
Vantage CNM 2.0 User’s Guide Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS). In the most basic form, a wireless LAN connects a set of computers with wireless adapters. Any...
Page 291: Figure 181 Ess Provides Campus-Wide Coverage
Vantage CNM 2.0 User’s Guide Figure 181 ESS Provides Campus-Wide Coverage...
Page 292 Vantage CNM 2.0 User’s Guide...
Page 293: Wireless Lan With Ieee 802.1X
Vantage CNM 2.0 User’s Guide Appendix I Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC...
Page 294: Radius Server Authentication Sequence
Vantage CNM 2.0 User’s Guide RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Figure 182 Sequences for EAP MD5–Challenge Authentication...
Page 295: Types Of Eap Authentication
Vantage CNM 2.0 User’s Guide Appendix J Types of EAP Authentication Introduction This appendix discusses three popular EAP authentication types: EAP-MD5, EAP-TLS and EAP-TTLS. The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information.
Page 296: Peap (Protected Eap)
Vantage CNM 2.0 User’s Guide PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
Page 297: Appendix K Log Descriptions
Vantage CNM 2.0 User’s Guide Appendix K Log Descriptions Introduction This appendix provides descriptions of example device log messages. Table 132 System Maintenance Logs LOG MESSAGE DESCRIPTION The router has adjusted its time based on information from the Time calibration is time server.
Page 298: Table 133 System Error Logs
Vantage CNM 2.0 User’s Guide Table 132 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION An SMT management session has started. SMT Session Begin An SMT management session has ended. SMT Session End The router is saving configuration changes. Configuration Change: PC = 0x%x, Task ID = 0x%x Someone has logged on to the router’s SSH server.
Page 299: Table 135 Tcp Reset Logs
Vantage CNM 2.0 User’s Guide Table 134 Access Control Logs (continued) LOG MESSAGE DESCRIPTION The router blocked a packet that didn't have a Packet without a NAT table entry corresponding NAT table entry. blocked: [TCP | UDP | IGMP | ESP...
Page 300: Table 137 Icmp Logs
Vantage CNM 2.0 User’s Guide Table 137 ICMP Logs LOG MESSAGE DESCRIPTION ICMP access matched the default policy and was blocked Firewall default policy: ICMP or forwarded according to the user's setting. For type and <Packet Direction>, <type:%d>, code details, see Table 149.
Page 301: Table 140 Upnp Logs
Vantage CNM 2.0 User’s Guide Table 139 PPP Logs (continued) LOG MESSAGE DESCRIPTION The PPP connection’s Link Control Protocol stage is closing. ppp:LCP Closing The PPP connection’s Internet Protocol Control Protocol stage is closing. ppp:IPCP Closing Table 140 UPnP Logs...
Page 302: Table 142 Attack Logs
Vantage CNM 2.0 User’s Guide Table 141 Content Filtering Logs (continued) LOG MESSAGE DESCRIPTION The connection to the external content filtering server failed. Connecting to content filter server fail License key is invalid The external content filtering license key is invalid.
Page 303: Table 143 Ipsec Logs
Vantage CNM 2.0 User’s Guide Table 143 IPSec Logs LOG MESSAGE DESCRIPTION The router received and discarded a packet with an incorrect Discard REPLAY packet sequence number. The router received a packet that has been altered. A third party may Inbound packet have altered or tampered with the packet.
Page 304 Vantage CNM 2.0 User’s Guide Table 144 IKE Logs (continued) LOG MESSAGE DESCRIPTION The router couldn’t resolve the IP address from the domain Cannot resolve Secure Gateway name that was used for the secure gateway address. Addr for rule <%d>...
Page 305 Vantage CNM 2.0 User’s Guide Table 144 IKE Logs (continued) LOG MESSAGE DESCRIPTION The router was not able to use extended authentication to XAUTH fail! Username: authenticate the listed username. <Username> The listed rule’s IKE phase 1 negotiation mode did not match Rule[%d] Phase 1 negotiation between the router and the peer.
Page 306: Table 145 Pki Logs
Vantage CNM 2.0 User’s Guide Table 144 IKE Logs (continued) LOG MESSAGE DESCRIPTION The listed rule’s IKE phase 2 did not match between the router Rule [%d] phase 2 mismatch and the peer. The listed rule’s IKE phase 2 key lengths (with the AES...
Page 307: Table 146 Certificate Path Verification Failure Reason Codes
Vantage CNM 2.0 User’s Guide Table 145 PKI Logs (continued) LOG MESSAGE DESCRIPTION The router received directory data that was too large (the size is listed) Rcvd data <size> too from the LDAP server whose address and port are recorded in the large! Max size Source field.
Page 308: Table 147 802.1X Logs
Vantage CNM 2.0 User’s Guide Table 146 Certificate Path Verification Failure Reason Codes (continued) CODE DESCRIPTION Database method failed. Path was not verified. Maximum path length reached. Table 147 802.1X Logs LOG MESSAGE DESCRIPTION A user was authenticated by the local user database.
Page 309: Table 148 Acl Setting Notes
Vantage CNM 2.0 User’s Guide Table 148 ACL Setting Notes PACKET DIRECTION DIRECTION DESCRIPTION (L to W) LAN to WAN ACL set for packets traveling from the LAN to the WAN. (W to L) WAN to LAN ACL set for packets traveling from the WAN to the LAN.
Page 310: Table 150 Syslog Logs
Vantage CNM 2.0 User’s Guide Table 149 ICMP Notes (continued) TYPE CODE DESCRIPTION Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message...
Page 311 Vantage CNM 2.0 User’s Guide Table 151 RFC-2408 ISAKMP Payload Types (continued) LOG DISPLAY PAYLOAD TYPE Signature Nonce NONCE Notification NOTFY Delete Vendor ID...
Page 312 Vantage CNM 2.0 User’s Guide...
Page 313: Open Software Announcements
No part may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, except the express written permission of ZyXEL Communications Corporation. This Product includes Castor Copyright (C) 1999-2001 Intalio, Inc.
Page 314: Common Public License Version 1.0
Vantage CNM 2.0 User’s Guide IN NO EVENT SHALL INTALIO, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS...
Page 315 Vantage CNM 2.0 User’s Guide a) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non- exclusive, worldwide, royalty-free copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, distribute and sublicense the Contribution of such Contributor, if any, and such derivative works, in source code and object code form.
Page 316 Vantage CNM 2.0 User’s Guide Contributors may not remove or alter any copyright notices contained within the Program. Each Contributor must identify itself as the originator of its Contribution, if any, in a manner that reasonably allows subsequent Recipients to identify the originator of the Contribution.
Page 317 Vantage CNM 2.0 User’s Guide EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT...
Page 318: Cryptix General License
Vantage CNM 2.0 User’s Guide This Agreement is governed by the laws of the State of New York and the intellectual property laws of the United States of America. No party to this Agreement will bring a legal action under this Agreement more than one year after the cause of action arose. Each party waives its rights to a jury trial in any resulting litigation.
Page 319: Technology License From Sun Microsystems, Inc. To Doug Lea
Vantage CNM 2.0 User’s Guide This Product includes software of Java Software technologies. TECHNOLOGY LICENSE FROM SUN MICROSYSTEMS, INC. TO DOUG LEA Whereas Doug Lea desires to utlized certain Java Software technologies in the util.concurrent technology; and Whereas Sun Microsystems, Inc. (Sun) desires that Doug Lea utilize certain Java Software technologies in the util.concurrent technology;...
Page 320: Java Software Technologies
Vantage CNM 2.0 User’s Guide DISTRIBUTING THE SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN MICROSYSTEMS, INC. OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN MICROSYSTEMS, INC.
Page 321 Vantage CNM 2.0 User’s Guide the applicable README file), (iv) you do not remove or alter any proprietary legends or notices contained in the Software, (v) you only distribute the Software subject to a license agreement that protects Sun's interests consistent with the terms contained in this Agreement, and (vi) you agree.
Page 322: Apache License
Vantage CNM 2.0 User’s Guide 7. Distribution by Publishers. This section pertains to your distribution of the Software with your printed book or magazine (as those terms are commonly used in the industry) relating to Java technology ("Publication"). Subject to and conditioned upon your compliance with the...
Page 323 Vantage CNM 2.0 User’s Guide "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
Page 324 Vantage CNM 2.0 User’s Guide 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty- free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
Page 325 Vantage CNM 2.0 User’s Guide 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions.
Page 326 Vantage CNM 2.0 User’s Guide Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
Page 327: Copyright (C) 2002, 2003 Gargoyle Software Inc. All Rights Reserved
Vantage CNM 2.0 User’s Guide Copyright (c) 2002, 2003 Gargoyle Software Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Page 328: Gnu Lesser General Public License
Vantage CNM 2.0 User’s Guide This Product includes J3SSH under LGPL. Copyright (C) 2002 Lee David Painter. All right reserved. GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
Page 329 Vantage CNM 2.0 User’s Guide For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code.
Page 330 Vantage CNM 2.0 User’s Guide Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.
Page 331 Vantage CNM 2.0 User’s Guide notices stating that you changed the files and the date of any change. c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.
Page 332 Vantage CNM 2.0 User’s Guide However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.
Page 333 Vantage CNM 2.0 User’s Guide needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
Page 334 Vantage CNM 2.0 User’s Guide refrain entirely from distribution of the Library. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims;...
Page 335: Gnu General Public License
Vantage CNM 2.0 User’s Guide 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,...
Page 336 Vantage CNM 2.0 User’s Guide To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have.
Page 337 Vantage CNM 2.0 User’s Guide a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
Page 338 Vantage CNM 2.0 User’s Guide scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
Page 339 Vantage CNM 2.0 User’s Guide 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded.
Page 340: End-User License Agreement For Vantage Cnm
License Agreement remains in full force and effect. Ownership of the Software, Documentation and all intellectual property rights therein shall remain at all times with ZyXEL. Any other use of the Software by any other entity is strictly forbidden and is a violation of this License Agreement.
Page 341 5.Confidentiality You acknowledge that the Software contains proprietary trade secrets of ZyXEL and you hereby agree to maintain the confidentiality of the Software using at least as great a degree of care as you use to maintain the confidentiality of your own most confidential information.
Page 342 This License Agreement is effective until it is terminated. You may terminate this License Agreement at any time by destroying or returning to ZyXEL all copies of the Software and Documentation in your possession or under your control. ZyXEL may terminate this License Agreement for any reason, including, but not limited to, if ZyXEL finds that you have violated any of the terms of this License Agreement.
Page 343 Software and Documentation shall not be assigned by you without the prior written consent of ZyXEL. Any waiver or modification of this License Agreement shall only be effective if it is in writing and signed by both parties hereto. If any part of this License...
Page 344 Vantage CNM 2.0 User’s Guide Index Access Point EAP Authentication Aggressive Enable Wireless LAN Alarms Encapsulation Alternative Subnet Mask Notation encrymode Application-level Firewalls Encryption Algorithm 160, 161 Attack Types EnterSee Syntax Conventions Authentication Algorithm 160, 161 ESS ID Extended Service Set...
Page 345: Index
Vantage CNM 2.0 User’s Guide LAN TCP/IP RADIUS Shared Secret Key LAND RADIUS Message Types Read Me First Related Documentation MAC (Hex RF signals MAC Address Filter Action MAC Address Filtering RTS Threshold MAC service data unit RTS/CTS handshake Main...
Page 346 Vantage CNM 2.0 User’s Guide UDP/ICMP Security Upper Layer Protocols 172, 173 User Name User Profiles WAN Backup Web Configurator 167, 173, 175 WEP Encryption Wireless LAN WLAN ZyXEL’s Firewall Introduction Index...

This manual is also suitable for:

Vantage cnm v2.0

ZyXEL Communications VANTAGE CNM 2.0 User Manual

Copyright

Zyxel Limited Warranty

Customer Support

List of Tables

Preface

Chapter 1 Introducing Vantage

Chapter 2 GUI Introduction

Chapter 3 Device Menus

Chapter 4 Configuration > Select Device BB & General

Chapter 5 Configuration > LAN

Chapter 6 Configuration > WLAN

Chapter 7 Configuration > DMZ

Chapter 8 Configuration > WAN

Chapter 9 Configuration > NAT

Chapter 10 Configuration > Static Route

Chapter 11 Configuration > VPN

Quick Links

Related Manuals for ZyXEL Communications VANTAGE CNM 2.0

Summary of Contents for ZyXEL Communications VANTAGE CNM 2.0