Page 1 FMG3024-D10A / FMG3025- D10A Series Gigabit Active Fiber VoIP IAD Default Login Details LAN IP http://192.168.1.1 Address IMPORTANT! User Name admin Password 1234 READ CAREFULLY BEFORE USE. Version 1.00 Edition 1, 2/2013 www.zyxel.com www.zyxel.com Copyright © 2013 ZyXEL Communications Corporation...
Page 2 KEEP THIS GUIDE FOR FUTURE REFERENCE. IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Note: This guide is a reference for a series of products. Therefore some features or options in this guide may not be available in your product. Graphics in this book may differ slightly from the product due to differences in operating systems, operating system versions, or if you installed updated firmware/software for your device.
Page 3: Table Of Contents
Contents Overview Contents Overview User’s Guide ............................13 Introduction .............................15 Introducing the Web Configurator ......................19 Tutorials ..............................25 Technical Reference ..........................59 Connection Status and System Info ......................61 Broadband ...............................67 Cable TV ..............................91 Home Networking ............................93 Routing ..............................117 Quality of Service (QoS) ........................121 Network Address Translation (NAT) ......................133 Dynamic DNS ............................141 Interface Group .............................143...
Page 4 Contents Overview FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 5: Table Of Contents
Table of Contents Table of Contents Contents Overview ..........................3 Table of Contents ..........................5 Part I: User’s Guide ..................13 Chapter 1 Introduction............................15 1.1 Overview ............................15 1.2 Applications for the Device ........................15 1.2.1 Internet Access ........................15 1.2.2 VoIP Features ..........................15 1.3 Ways to Manage the Device ......................17 1.4 Good Habits for Managing the Device ....................17 1.5 The RESET Button ..........................17 Chapter 2...
Page 6 Table of Contents 3.6.3 Using a Digital Media Adapter ....................36 3.7 Using the Print Server Feature ......................37 3.8 Configuring Static Route for Routing to Another Network ..............51 3.9 Configuring QoS Queue and Class Setup ..................53 3.10 Access the Device Using DDNS .....................56 3.10.1 Registering a DDNS Account on www.dyndns.org ..............56 3.10.2 Configuring DDNS on Your Device ..................57 3.10.3 Testing the DDNS Setting ......................57...
Page 7 Table of Contents 7.4 The UPnP Screen ..........................99 7.5 The File Sharing Screen ........................99 7.5.1 Before You Begin ........................100 7.5.2 Add/Edit File Sharing ......................101 7.6 The Media Server Screen .......................102 7.7 The Printer Server Screen ......................102 7.7.1 Before You Begin ........................103 7.8 Technical Reference ........................104 7.9 Installing UPnP in Windows Example .....................108 7.10 Using UPnP in Windows XP Example ..................
Page 8 Table of Contents 10.4.1 NAT Definitions ........................137 10.4.2 What NAT Does ........................138 10.4.3 How NAT Works ........................138 Chapter 11 Dynamic DNS ............................141 11.1 Overview ............................141 11.1.1 What You Need To Know .....................141 11.2 The Dynamic DNS Screen ......................141 Chapter 12 Interface Group ..........................143 12.1 Overview ............................143 12.2 The Interface Group Screen ......................143...
Page 9 Table of Contents Chapter 16 Certificates ............................159 16.1 Overview ............................159 16.1.1 What You Can Do in this Chapter ..................159 16.1.2 What You Need to Know ......................159 16.1.3 Verifying a Certificate ......................160 16.2 Local Certificates ...........................161 16.3 Trusted CA ..........................163 16.4 Trusted CA Import ........................163 16.5 View Certificate ..........................164 Chapter 17 VPN ..............................167...
Page 10 Table of Contents 18.7.1 VoIP .............................194 18.7.2 SIP ............................194 18.7.3 Quality of Service (QoS) ......................199 18.7.4 Phone Services Overview ....................200 Chapter 19 Logs ..............................205 19.1 Overview ............................205 19.1.1 What You Can Do in this Chapter ..................205 19.1.2 What You Need To Know .....................205 19.2 The System Log Screen ........................206 19.3 The Phone Log Screen .........................207 19.4 The VoIP Call History Screen ......................207...
Page 11 Table of Contents 24.1.1 What You Need to Know ......................221 24.2 The System Screen ........................221 Chapter 25 Time Setting ............................223 25.1 Overview ............................223 25.2 The Time Setting Screen ......................223 Chapter 26 Log Setting ............................225 26.1 Overview ............................225 26.2 The Log Setting Screen ........................225 Chapter 27 Firmware Upgrade ..........................227 27.1 Overview ............................227...
Page 12 Table of Contents Appendix A IP Addresses and Subnetting..................243 Appendix B Setting Up Your Computer’s IP Address ..............253 Appendix C Pop-up Windows, JavaScript and Java Permissions ...........283 Appendix D Common Services......................291 Appendix E IPv6 ..........................295 Appendix F Legal Information......................305 Index ..............................309 FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 13: User's Guide
User’s Guide...
Page 15: Introduction
H A PT ER Introduction 1.1 Overview The Device is a fiber WAN router, which also includes Voice over IP (VoIP) communication capabilities to allow you to use a traditional analog telephone to make Internet calls. By integrating all of these features, you are provided with ease of installation and high-speed, shared Internet access.
Page 16 Chapter 1 Introduction Figure 2 Device’s VoIP Application PSTN The Device sends your call to a VoIP service provider’s SIP server which forwards your calls to either VoIP or PSTN phones. FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 17: Ways To Manage The Device
Chapter 1 Introduction 1.3 Ways to Manage the Device Use any of the following methods to manage the Device. • Web Configurator. This is recommended for everyday management of the Device using a (supported) web browser. • FTP for firmware upgrades and configuration backup/restore. 1.4 Good Habits for Managing the Device Do the following things regularly to make the Device more secure and to manage the Device more effectively.
Page 18 Chapter 1 Introduction FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 19: Introducing The Web Configurator
H A PT ER Introducing the Web Configurator 2.1 Overview The web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 6.0 and later versions, Mozilla Firefox 3 and later versions, or Safari 2.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
Page 20 Chapter 2 Introducing the Web Configurator Note: For security reasons, the Device automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again. The following screen displays if you have not yet changed your password. It is strongly recommended you change the default password.
Page 21: The Web Configurator Layout
Chapter 2 Introducing the Web Configurator 2.2 The Web Configurator Layout Click Connection Status > System Info to show the following screen. Figure 6 Web Configurator Layout As illustrated above, the main screen is divided into these parts: • A - title bar •...
Page 22: Navigation Panel
Chapter 2 Introducing the Web Configurator If you click LAN Device on the System Info screen (a in Figure 6 on page 21), the Connection Status screen appears. See Chapter 4 on page 61 for more information about the Connection Status screen.
Page 23 Chapter 2 Introducing the Web Configurator Table 1 Navigation Panel Summary (continued) LINK FUNCTION Static Route Static Route Use this screen to view and set up static routes on the Device. DNS Route DNS Route Use this screen to view and configure DNS routes. General Use this screen to enable QoS and decide allowable bandwidth using QoS.
Page 24 Chapter 2 Introducing the Web Configurator Table 1 Navigation Panel Summary (continued) LINK FUNCTION Traffic Status Use this screen to view the status of all network traffic going through the WAN port of the Device. Use this screen to view the status of all network traffic going through the LAN ports of the Device.
Page 25: Tutorials
H A PT ER Tutorials 3.1 Overview This chapter contains the following tutorials: • Setting Up Your WAN Connection • Setting Up NAT Port Forwarding • How to Make a VoIP Call • Using the File Sharing Feature • Using the Media Server Feature •...
Page 26: Setting Up Nat Port Forwarding
Chapter 3 Tutorials Enter the settings for your connection as specified by the ISP and save your changes. You should see a summary of your new connection setup in the Broadband screen. Try to connect to a website, such as “www.zyxel.com” to see if you have correctly set up your Internet connection.
Page 27: How To Make A Voip Call
Chapter 3 Tutorials Click Apply. The port forwarding settings you configured should appear in the table. Make sure the bulb in Status is the color yellow, meaning it is activated. Click Apply to have the Device start forwarding port 666 traffic to the computer with IP address 192.168.1.34. Players on the Internet then can have access to your Doom server.
Page 28 Chapter 3 Tutorials 3.4.1.1 SIP Service Provider Configuration Follow the steps below to configure your SIP service provider. Make sure your Device is connected to the Internet. Open the web configurator. Click VoIP > SIP to open the SIP Service Provider screen. Select ChangeMe from the Service Provider Selection drop-down list box.
Page 29 Chapter 3 Tutorials 3.4.1.2 SIP Account Registration Follow the steps below to register and activate your SIP account. Click Connection Status > System Info to check if your SIP account has been registered successfully. If the status is Not Registered, check your Internet connection and click Register to register your SIP account.
Page 30: Using The File Sharing Feature
Chapter 3 Tutorials Tutorial: VoIP > Phone 3.4.1.4 Making a VoIP Call Make sure you connect a telephone to the first phone port on the Device. Make sure the Device is on and connected to the Internet. Pick up the phone receiver. Dial the VoIP phone number you want to call.
Page 31 Chapter 3 Tutorials 3.5.1.2 Set up File Sharing on Your Device You also need to set up file sharing on your Device in order to share files. Click Add new share in the File Sharing screen to configure a new share. Select your USB device from the Volume drop-down list box.
Page 32: Access Your Shared Files From A Computer
Chapter 3 Tutorials 3.5.2 Access Your Shared Files From a Computer You can use Windows Explorer to access the file storage devices connected to the Device. Note: The examples in this User’s Guide show you how to use Microsoft’s Windows XP to browse your shared files.
Page 33: Using Windows Media Player
Chapter 3 Tutorials Tutorial: USB Services > Media Server Check Enable Media Server and click Apply. This enables DLNA-compliant media clients to play the video, music and image files in your USB storage device. 3.6.2 Using Windows Media Player This section shows you how to play the media files on the USB storage device connected to your Device using Windows Media Player.
Page 34 Chapter 3 Tutorials Check Find media that others are sharing in the following screen and click OK. Tutorial: Media Sharing using Windows Vista (2) In the Library screen, check the left panel. The Windows Media Player should detect the Device. Tutorial: Media Sharing using Windows Vista (3) The Device displays as a playlist.
Page 35 Chapter 3 Tutorials Tutorial: Media Sharing using Windows 7 (1) If you cannot see the Device in the left panel as shown above, right-click Other Libraries > Refresh Other Libraries. Select a category in the left panel and wait for Windows Media Player to connect to the Device. Tutorial: Media Sharing using Windows 7 (2) In the right panel, you should see a list of files available in the USB storage device.
Page 36: Using A Digital Media Adapter
Chapter 3 Tutorials Tutorial: Media Sharing using Windows 7 (2) 3.6.3 Using a Digital Media Adapter This section shows you how you can use the Device with a ZyXEL DMA-2500 to play media files stored in the USB storage device in your TV screen. Note: For this tutorial, your DMA-2500 should already be set up with the TV according to the instructions in the DMA-2500 Quick Start Guide.
Page 37: Using The Print Server Feature
Chapter 3 Tutorials Tutorial: Media Sharing using DMA-2500 The screen shows you the list of available media files in the USB storage device. Select the file you want to open and push the Play button in the remote control. Tutorial: Media Sharing using DMA-2500 (2) 3.7 Using the Print Server Feature In this section you can: •...
Page 38 Chapter 3 Tutorials use the RAW protocol to communicate with the printer. Consult your operating systems documentation for instructions on how to do this or follow the instructions below if you have a Windows 2000/XP operating system. Click Start > Settings, then right click on Printers and select Open. Tutorial: Open Printers Window The Printers folder opens up.
Page 39 Chapter 3 Tutorials Tutorial: Printer Properties Window A Printer Ports window appears. Select Standard TCP/IP Port and click New Port... Tutorial: Add a Port Window Add Standard TCP/IP Printer Port Wizard window opens up. Click Next to start configuring the printer port.
Page 40 Chapter 3 Tutorials Note: The computer from which you are configuring the TCP/IP printer port must be on the same LAN in order to use the printer sharing function. Tutorial: Enter IP Address of the Device Select Custom under Device Type and click Settings. Tutorial: Custom Port Settings Confirm the IP address of the Device in the IP Address field.
Page 41 Chapter 3 Tutorials Tutorial: Custom Port Settings 12 Continue through the wizard, apply your settings and close the wizard window. Tutorial: Finish Adding the TCP/IP Port 13 Repeat steps 1 to 12 to add this printer to other computers on your network. Add a New Printer Using Windows This example shows how to connect a printer to your Device using the Windows XP Professional operating system.
Page 42 Chapter 3 Tutorials Click Start > Control Panel > Printers and Faxes to open the Printers and Faxes screen. Click Add a Printer. Tutorial: Printers Folder The Add Printer Wizard screen displays. Click Next. Tutorial: Add Printer Wizard: Welcome Select Local printer attached to this computer and click Next. FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 43 Chapter 3 Tutorials Tutorial: Add Printer Wizard: Local or Network Printer Select Create a new port and Standard TCP/IP Port. Click Next. Tutorial: Add Printer Wizard: Select the Printer Port Add Standard TCP/IP Printer Port Wizard window opens up. Click Next to start configuring the printer port.
Page 44 Chapter 3 Tutorials Enter the IP address of the Device to which the printer is connected in the Printer Name or IP Address: field. In our example we use the default IP address of the Device, 192.168.1.1. The Port Name field updates automatically to reflect the IP address of the port. Click Next. Note: The computer from which you are configuring the TCP/IP printer port must be on the same LAN in order to use the printer sharing function.
Page 45 Chapter 3 Tutorials Tutorial: Custom Port Settings 11 Click Finish to close the wizard window. Tutorial: Finish Adding the TCP/IP Port 12 Select the make of the printer that you want to connect to the print server in the Manufacturer list of printers.
Page 46 Chapter 3 Tutorials Tutorial: Add Printer Wizard: Printer Driver 16 If the following screen displays, select Keep existing driver radio button and click Next if you already have a printer driver installed on your computer and you do not want to change it. Otherwise, select Replace existing driver to replace it with the new driver you selected in the previous screen and click Next.
Page 47 Chapter 3 Tutorials Tutorial: Add Printer Wizard: Name Your Printer 18 The Device is a print server itself and you do not need to have your computer act as a print server by sharing the printer with other users in the same network; just select Do not share this printer and click Next to proceed to the following screen.
Page 48 Chapter 3 Tutorials Tutorial: Add Printer Wizard: Print Test Page 20 The following screen shows your current printer settings. Select Finish to complete adding a new printer. Tutorial: Add Printer Wizard Complete Add a New Printer Using Macintosh OS X Complete the following steps to set up a print server driver on your Macintosh computer.
Page 49 Chapter 3 Tutorials Tutorial: Macintosh HD folder Double-click the Utilities folder. Tutorial: Applications Folder Double-click the Print Center icon. Tutorial: Utilities Folder Click the Add icon at the top of the screen. Tutorial: Printer List Folder Set up your printer in the Printer List configuration screen. Select IP Printing from the drop- down list box.
Page 50 Chapter 3 Tutorials 11 Select your Printer Model from the drop-down list box. If the printer's model is not listed, select Generic. Tutorial: Printer Configuration 12 Click Add to select a printer model, save and close the Printer List configuration screen. Tutorial: Printer Model 13 The Name LP1 on 192.168.1.1 displays in the Printer List field.
Page 51: Configuring Static Route For Routing To Another Network
Chapter 3 Tutorials 3.8 Configuring Static Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions, you may connect a router to the Device’s LAN. The router may be used to separate two department networks. This tutorial shows how to configure a static routing rule for two network routings.
Page 52 Chapter 3 Tutorials You need to specify a static routing rule on the Device to specify R as the router in charge of forwarding traffic to N2. In this case, the Device routes traffic from A to R and then R routes the traffic to B.This tutorial uses the following example IP settings: Table 2 IP Settings in this Tutorial DEVICE / COMPUTER...
Page 53: Configuring Qos Queue And Class Setup
Chapter 3 Tutorials Click Apply. The Routing screen should display the route you just added. Now B should be able to receive traffic from A. You may need to additionally configure B’s firewall settings to allow specific traffic to pass through. 3.9 Configuring QoS Queue and Class Setup This section contains tutorials on how you can configure the QoS screen.
Page 54 Chapter 3 Tutorials QoS Example ZyXEL Device 10,000 kbps Your computer IP=192.168.1.23 and/or MAC=AA:FF:AA:FF:AA:FF A colleague’s computer E-mail: Queue 7 Other traffic: Automatic classifier Click Network Setting > QoS > General and check Active. Set your WAN Managed Upstream Bandwidth to 10,000 kbps (or leave this blank to have the Device automatically determine this figure).
Page 55 Chapter 3 Tutorials Tutorial: Advanced > QoS > Class Setup Class Name Give a class name to this traffic, such as Email in this example. To Queue Link this to a queue created in the QoS > Queue Setup screen, which is the Email queue created in this example. From Interface This is the interface from which the traffic will be coming from.
Page 56: Access The Device Using Ddns
Chapter 3 Tutorials Tutorial: Advanced > QoS > Monitor 3.10 Access the Device Using DDNS If you connect your Device to the Internet and it uses a dynamic WAN IP address, it is inconvenient for you to manage the device from the Internet. The Device’s WAN IP address changes dynamically. Dynamic DNS (DDNS) allows you to access the Device using a domain name.
Page 57: Configuring Ddns On Your Device
Chapter 3 Tutorials Apply for a user account. This tutorial uses UserName1 and 12345 as the username and password. Log into www.dyndns.org using your account. Add a new DDNS host name. This tutorial uses the following settings as an example. •...
Page 58 Chapter 3 Tutorials FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 59: Technical Reference
Technical Reference The appendices provide general information. Some details may not apply to your Device.
Page 61: Connection Status And System Info
H A PT ER Connection Status and System Info 4.1 Overview After you log into the web configurator, the Connection Status screen appears. This shows the network connection status of the Device and clients connected to it. Use the System Info screen to look at the current status of the device, system resources, interfaces (LAN, WAN), and SIP accounts.
Page 62: The System Info Screen
Chapter 4 Connection Status and System Info Figure 9 Connection Status: List View In Icon View, if you want to view information about a client, click the client’s name and Info. Click the IP address if you want to change it. If you want to change the name or icon of the client, click Change name/icon.
Page 63 Chapter 4 Connection Status and System Info Each field is described in the following table. Table 3 System Info Screen LABEL DESCRIPTION Language Select the web configurator language from the drop-down list box. Refresh Interval Select how often you want the Device to update this screen from the drop-down list box.
Page 64 Chapter 4 Connection Status and System Info Table 3 System Info Screen (continued) LABEL DESCRIPTION Rate For the LAN interface, this displays the port speed and duplex setting. For the WAN interface, this displays the port speed and duplex setting. For the 3G interface, it displays the maximum transmission rate when 3G is enabled or N/A when 3G is disabled.
Page 65 Chapter 4 Connection Status and System Info Table 3 System Info Screen (continued) LABEL DESCRIPTION Account Status This shows Active when the SIP account has been registered and ready for use or In-Active when the SIP account is not yet registered. This field displays the account number and service domain of the SIP account.
Page 66 Chapter 4 Connection Status and System Info FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 67: Broadband
H A PT ER Broadband 5.1 Overview This chapter discusses the Device’s Broadband screens. Use these screens to configure your Device for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks, such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Page 68: What You Can Do In This Chapter
Chapter 5 Broadband 5.1.1 What You Can Do in this Chapter • Use the Broadband screen to view, remove or add a WAN interface. You can also configure the WAN settings on the ZyXEL Device for Internet access (Section 5.2 on page 70).
Page 69 Chapter 5 Broadband IPv6 Addressing The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. IPv6 addresses can be abbreviated in two ways: • Leading zeros in a block can be omitted. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can be written as 2001:db8:1a2b:15:0:0:1a2f:0.
Page 70: Before You Begin
Chapter 5 Broadband An IPv6 address using the 6to4 mode consists of an IPv4 address, the format is as the following: 2002:[a public IPv4 address in hexadecimal]::/48 For example, A public IPv4 address is 202.156.30.41. The converted hexadecimal IP string is ca.9c.1E.29. The IPv6 address prefix becomes 2002:ca9c:1e29::/48.
Page 71: Add/Edit Internet Connection
Chapter 5 Broadband Figure 14 Network Setting > Broadband The following table describes the fields in this screen. Table 5 Network Setting > Broadband LABEL DESCRIPTION Switch WAN Mode Add new WAN Click this to create a new WAN interface. Interface This is the index number of the connection.
Page 72 Chapter 5 Broadband Figure 15 Broadband Add/Edit: Routing - PPPoE - IPv4 Only FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 73 Chapter 5 Broadband Figure 16 Broadband Add/Edit: Routing - PPPoE - IPv6 IPv4 Dual Stack Broadband Add/Edit: Routing - PPPoE - IPv6 Only Figure 17 The following table describes the fields in this screen. Table 6 Broadband Add/Edit: Routing - PPPoE LABEL DESCRIPTION General...
Page 74 Chapter 5 Broadband Table 6 Broadband Add/Edit: Routing - PPPoE (continued) LABEL DESCRIPTION PPPoE Passthrough In addition to the Device’s built-in PPPoE client, you can enable PPPoE pass through to allow hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the Device.
Page 75 Chapter 5 Broadband Table 6 Broadband Add/Edit: Routing - PPPoE (continued) LABEL DESCRIPTION IGMP Proxy Enable Internet Group Multicast Protocol (IGMP) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. Select this option to have the Device act as an IGMP proxy on this connection.
Page 76 Chapter 5 Broadband Table 6 Broadband Add/Edit: Routing - PPPoE (continued) LABEL DESCRIPTION 6to4 Tunneling The 6 to 4 Tunnel fields display when you set the IPv6/IPv4 Mode field to IPv4 Only. Select 6to4 if the Device is connected to a network that has both IPv6 and IPv4 and the IPv4 addresses are public IP addresses.
Page 77 Chapter 5 Broadband Figure 18 Broadband Add/Edit: Routing - IPoE - IPv4 Only Figure 19 Broadband Add/Edit: Routing - IPoE - IPv6 IPv4 Dual Stack FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 78 Chapter 5 Broadband Broadband Add/Edit: Routing - IPoE - IPv6 Only Figure 20 The following table describes the fields in this screen. Table 7 Broadband Add/Edit: Routing - IPoE LABEL DESCRIPTION General Name Enter a service name of the connection. Mode Select Routing (default) from the drop-down list box if your ISP give you one IP address only and you want multiple computers to share an Internet account.
Page 79 Chapter 5 Broadband Table 7 Broadband Add/Edit: Routing - IPoE (continued) LABEL DESCRIPTION Obtain an IP A static IP address is a fixed IP that your ISP gives you. A dynamic IP address Address is not fixed; the ISP assigns you a different one each time you connect to the Automatically Internet.
Page 80: Bridge Mode
Chapter 5 Broadband Table 7 Broadband Add/Edit: Routing - IPoE (continued) LABEL DESCRIPTION Prefix length Enter the bit number of the IPv6 subnet mask provided by your ISP. IPv6 Default Enter the IPv6 address of the default outgoing gateway using a colon (:) Gateway hexadecimal notation.
Page 81: The 3G Backup Screen
Chapter 5 Broadband Figure 21 Broadband Add/Edit: Bridge The following table describes the fields in this screen. Table 8 Broadband Add/Edit: Bridge LABEL DESCRIPTION General Name Enter a service name of the connection. Mode Select Bridge when your ISP provides you more than one IP address and you want the connected computers to get individual IP address from ISP’s DHCP server directly.
Page 82 Chapter 5 Broadband Figure 22 Broadband > 3G Backup The following table describes the labels in this screen. Table 9 Broadband > 3G Backup LABEL DESCRIPTION 3G Backup Select Enable 3G Backup to have the Device use the 3G connection as your WAN or a backup when the wired WAN connection fails.
Page 83: Technical Reference
Chapter 5 Broadband Table 9 Broadband > 3G Backup (continued) LABEL DESCRIPTION Connection Select Nailed-UP if you do not want the connection to time out. Select On-Demand if you do not want the connection up all the time and specify an idle time-out in the Max Idle Timeout field. Max Idle Timeout This value specifies the time in minutes that elapses before the Device automatically disconnects from the ISP.
Page 84 Chapter 5 Broadband For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example RADIUS). One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection.
Page 85 Chapter 5 Broadband Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source. It specifies the maximum average rate at which cells can be sent over the virtual connection. SCR may not be greater than the PCR. Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR.
Page 86 Chapter 5 Broadband The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR and MBS define the burst levels, SCR defines the minimum level. An example of an VBR-nRT connection would be non-time sensitive data file transfers.
Page 87 Chapter 5 Broadband 4096 possible VIDs, a VID of 0 is used to identify priority frames and value 4095 (FFF) is reserved, so the maximum possible VLAN configurations are 4,094. TPID User Priority VLAN ID 2 Bytes 3 Bits 1 Bit 12 Bits Multicast IP packets are transmitted in either one of two ways - Unicast (1 sender - 1 recipient) or Broadcast...
Page 88 Chapter 5 Broadband • Any number of consecutive blocks of zeros can be replaced by a double colon. A double colon can only appear once in an IPv6 address. So 2001:0db8:0000:0000:1a2f:0000:0000:0015 can be written as 2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015, 2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15. IPv6 Prefix and Prefix Length Similar to an IPv4 subnet mask, IPv6 uses an address prefix to represent the network address.
Page 89 Chapter 5 Broadband Table 10 2G, 2.5G, 2.75G, 3G and 3.5G Wireless Technologies MOBILE PHONE AND DATA STANDARDS DATA NAME TYPE SPEED GSM-BASED CDMA-BASED Circuit- GSM (Global System for Mobile Interim Standard 95 (IS-95), the first Slow switched Communications), Personal Handy- CDMA-based digital cellular standard phone System (PHS), etc.
Page 90 Chapter 5 Broadband FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 91: Cable Tv
H A PT ER Cable TV 6.1 Overview This chapter describes the Device’s Network Setting > CATV screen. Use this screen to set up your Device’s cable television function. 6.2 The CATV Screen Use this screen to enable cable television functions. Click Network Setting > CATV to open the CATV screen.
Page 92 Chapter 6 Cable TV FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 93: Home Networking
H A PT ER Home Networking 7.1 Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is usually located in one immediate area such as a building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses.
Page 94 Chapter 7 Home Networking Subnet Mask The subnet mask specifies the network number portion of an IP address. Your Device will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the Device unless you are instructed to do otherwise. DHCP DHCP (Dynamic Host Configuration Protocol) allows clients to obtain TCP/IP configuration at start- up from a server.
Page 95 Chapter 7 Home Networking 7.1.2.3 About File Sharing Workgroup name This is the name given to a set of computers that are connected on a network and share resources such as a printer or files. Windows automatically assigns the workgroup name when you set up a network.
Page 96: The Lan Setup Screen
Chapter 7 Home Networking Supported OSs Your operating system must support TCP/IP ports for printing and be compatible with the RAW (port 9100) protocol. The following OSs support Device’s printer sharing feature. • Microsoft Windows 95, Windows 98 SE (Second Edition), Windows Me, Windows NT 4.0, Windows 2000, Windows XP or Macintosh OS X.
Page 97: The Static Dhcp Screen
Chapter 7 Home Networking Table 12 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION DHCP Select Enable to have your Device assign IP addresses, an IP default gateway and DNS servers to LAN computers and other devices that are DHCP clients. If you select Disable, you need to manually configure the IP addresses of the computers and other devices on your LAN.
Page 98 Chapter 7 Home Networking Figure 26 Network Setting > Home Networking > Static DHCP The following table describes the labels in this screen. Table 13 Network Setting > Home Networking > Static DHCP LABEL DESCRIPTION Add new static Click this to add a new static DHCP entry. lease This is the index number of the entry.
Page 99: The Upnp Screen
Chapter 7 Home Networking 7.4 The UPnP Screen Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use.
Page 100: Before You Begin
Chapter 7 Home Networking Figure 29 File Sharing Overview The Device will not be able to join the workgroup if your local area network has restrictions set up that do not allow devices to join a workgroup. In this case, contact your network administrator.
Page 101: Add/Edit File Sharing
Chapter 7 Home Networking Each field is described in the following table. Table 16 Network Setting > Home Networking > File Sharing LABEL DESCRIPTION Server Configuration File Sharing Select Enable to activate file sharing through the Device. Services (SMB) Add new share Click this to set up a new share on the Device.
Page 102: The Media Server Screen
Chapter 7 Home Networking 7.6 The Media Server Screen The media server feature lets anyone on your network play video, music, and photos from the USB storage device connected to your Device (without having to copy them to another computer). The Device can function as a DLNA-compliant media server.
Page 103: Before You Begin
Chapter 7 Home Networking Figure 33 Sharing a USB Printer 7.7.1 Before You Begin To configure the print server you need the following: • Your Device must be connected to your computer and any other devices on your network. The USB printer must be connected to your Device.
Page 104: Technical Reference
Chapter 7 Home Networking 7.8 Technical Reference This section provides some technical background information about the topics covered in this chapter. LANs, WANs and the Device The actual physical connection determines whether the Device ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next.
Page 105 Chapter 7 Home Networking Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established.
Page 106 Chapter 7 Home Networking Device Print Server Compatible USB Printers The following is a list of USB printer models compatible with the Device print server. Table 20 Compatible USB Printers BRAND MODEL Brother MFC7420 CANON BJ F9000 CANON i320 CANON PIXMA MP450 CANON PIXMA MP730...
Page 107 Chapter 7 Home Networking Table 20 Compatible USB Printers (continued) BRAND MODEL Deskjet 1220C Deskjet F4185 Laserjet 1022 Laserjet 1200 Laserjet 2200D Laserjet 2420 Color Laserjet 1500L Laserjet 3015 Officejet 4255 Officejet 5510 Officejet 5610 Officejet 7210 Officejet Pro L7380 Photosmart 2610 Photosmart 3110 Photosmart 7150...
Page 108: Installing Upnp In Windows Example
Chapter 7 Home Networking 7.9 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. Click Start and Control Panel. Double-click Add/Remove Programs. Click the Windows Setup tab and select Communication in the Components selection box.
Page 109 Chapter 7 Home Networking Figure 37 Add/Remove Programs: Windows Setup: Communication: Components Click OK to go back to the Add/Remove Programs Properties window and click Next. Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. Click Start and Control Panel.
Page 110 Chapter 7 Home Networking Figure 39 Windows Optional Networking Components Wizard In the Networking Services window, select the Universal Plug and Play check box. Figure 40 Networking Services Click OK to go back to the Windows Optional Networking Component Wizard window and click Next.
Page 111: Using Upnp In Windows Xp Example
Chapter 7 Home Networking 7.10 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the Device. Make sure the computer is connected to a LAN port of the Device. Turn on your computer and the Device.
Page 112 Chapter 7 Home Networking Figure 42 Internet Connection Properties You may edit or delete the port mappings or click Add to manually add port mappings. FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 113 Chapter 7 Home Networking Figure 43 Internet Connection Properties: Advanced Settings Figure 44 Internet Connection Properties: Advanced Settings: Add When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Page 114 Chapter 7 Home Networking Figure 45 System Tray Icon Double-click on the icon to display your current Internet connection status. Figure 46 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the Device without finding out the IP address of the Device first.
Page 115 Chapter 7 Home Networking Figure 47 Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. Right-click on the icon for your Device and select Invoke. The web configurator login screen displays. FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 116 Chapter 7 Home Networking Figure 48 Network Connections: My Network Places Right-click on the icon for your Device and select Properties. A properties window displays with basic information about the Device. Figure 49 Network Connections: My Network Places: Properties: Example FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 117: Routing
H A PT ER Routing 8.1 Overview The Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the Device send data to devices not reachable through the default gateway, use static routes.
Page 118: Add/Edit Static Route
Chapter 8 Routing Figure 51 Network Setting > Static Route The following table describes the labels in this screen. Table 21 Network Setting > Static Route LABEL DESCRIPTION Add New Static Click this to set up a new static route on the Device. Route This is the number of an individual static route.
Page 119 Chapter 8 Routing The following table describes the labels in this screen. Table 22 Routing: Add/Edit LABEL DESCRIPTION Active Click this to activate this static route. Route Name Enter the name of the IP static route. Leave this field blank to delete this static route.
Page 120 Chapter 8 Routing FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 121: Quality Of Service (Qos)
H A PT ER Quality of Service (QoS) 9.1 Overview This chapter discusses the Device’s QoS screens. Use these screens to set up your Device to use QoS for traffic management. Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth.
Page 122: The Qos General Screen
Chapter 9 Quality of Service (QoS) QoS versus Cos QoS is used to prioritize source-to-destination traffic flows. All packets in the same flow are given the same priority. CoS (class of service) is a way of managing traffic in a network by grouping similar types of traffic together and treating each type as a class.
Page 123: The Queue Setup Screen
Chapter 9 Quality of Service (QoS) The following table describes the labels in this screen. Table 23 Network Setting > QoS > General LABEL DESCRIPTION Active QoS Select the check box to turn on QoS to improve your network performance. You can give priority to traffic that the Device forwards out through the WAN interface.
Page 124: Add/Edit A Qos Queue
Chapter 9 Quality of Service (QoS) Figure 54 Network Setting > QoS > Queue Setup The following table describes the labels in this screen. Table 24 Network Setting > QoS > Queue Setup LABEL DESCRIPTION Add new Click this to create a new entry. Queue This is the index number of this entry.
Page 125: The Class Setup Screen
Chapter 9 Quality of Service (QoS) Figure 55 Queue Setup: Add/Edit The following table describes the labels in this screen. Table 25 Queue Setup: Add/Edit LABEL DESCRIPTION Active Select to enable or disable this queue. Name Enter the descriptive name of this queue. Interface This shows the interface of this queue.
Page 126: Add/Edit Qos Class
Chapter 9 Quality of Service (QoS) Figure 56 Network Setting > QoS > Class Setup The following table describes the labels in this screen. Table 26 Network Setting > QoS > Class Setup LABEL DESCRIPTION Add new Classifier Click this to create a new classifier. Order This field displays the order number of the classifier.
Page 127 Chapter 9 Quality of Service (QoS) Figure 57 Class Setup: Add/Edit The following table describes the labels in this screen. Table 27 Class Setup: Add/Edit LABEL DESCRIPTION Class Configuration Active Select to enable this classifier. Class Name Enter a descriptive name of up to 32 printable English keyboard characters, including spaces.
Page 128 Chapter 9 Quality of Service (QoS) Table 27 Class Setup: Add/Edit (continued) LABEL DESCRIPTION DSCP Mark This field is available only when you select the Ether Type check box in Criteria Configuration-Basic section. If you select Mark, enter a DSCP value with which the Device replaces the DSCP field in the packets.
Page 129 Chapter 9 Quality of Service (QoS) Table 27 Class Setup: Add/Edit (continued) LABEL DESCRIPTION IP Address Select the check box and enter the destination IP address in dotted decimal notation. A blank source IP address means any source IP address. IP Subnet Mask Enter the destination subnet mask.
Page 130: The Qos Monitor Screen
Chapter 9 Quality of Service (QoS) 9.5 The QoS Monitor Screen To view the Device’s QoS packet statistics, click Network Setting > QoS > Monitor. The screen appears as shown. Figure 58 Network Setting > QoS > Monitor The following table describes the labels in this screen. Table 28 Network Setting >...
Page 131: Ieee 802.1Q Tag
Chapter 9 Quality of Service (QoS) 9.6.1 IEEE 802.1Q Tag The IEEE 802.1Q standard defines an explicit VLAN tag in the MAC header to identify the VLAN membership of a frame across bridges. A VLAN tag includes the 12-bit VLAN ID and 3-bit user priority.
Page 132 Chapter 9 Quality of Service (QoS) DSCP and Per-Hop Behavior DiffServ defines a new DS (Differentiated Services) field to replace the Type of Service (TOS) field in the IP header. The DS field contains a 2-bit unused field and a 6-bit DSCP field which can define up to 64 service levels.
Page 133: Network Address Translation (Nat)
HAPTER Network Address Translation (NAT) 10.1 Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 134: The Port Forwarding Screen
Chapter 10 Network Address Translation (NAT) Finding Out More Section 10.4 on page 137 for advanced technical information on NAT. 10.2 The Port Forwarding Screen Use the Port Forwarding screen to forward incoming service requests to the server(s) on your local network.
Page 135: The Port Forwarding Edit Screen
Chapter 10 Network Address Translation (NAT) Figure 60 Network Setting > NAT > Port Forwarding The following table describes the fields in this screen. Table 30 Network Setting > NAT > Port Forwarding LABEL DESCRIPTION Add new rule Click this to add a new port forwarding rule. This is the index number of the entry.
Page 136 Chapter 10 Network Address Translation (NAT) Figure 61 Port Forwarding: Add/Edit The following table describes the labels in this screen. Table 31 Port Forwarding: Add/Edit LABEL DESCRIPTION Enable This is available only in the Edit screen. Clear the check box to disable the rule. Select the check box to enable it. Service Name Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on).
Page 137: The Sessions Screen
Chapter 10 Network Address Translation (NAT) 10.3 The Sessions Screen Use the Sessions screen to limit the number of concurrent NAT sessions each client can use. Click Network Setting > NAT > Sessions to display the following screen. Figure 62 Network Setting > NAT > Sessions The following table describes the fields in this screen.
Page 138: What Nat Does
Chapter 10 Network Address Translation (NAT) address of the same inside host when the packet is on the WAN side. The following table summarizes this information. Table 33 NAT Definitions ITEM DESCRIPTION Inside This refers to the host on the LAN. Outside This refers to the host on the WAN.
Page 139 Chapter 10 Network Address Translation (NAT) Figure 63 How NAT Works NAT Table Inside Local Inside Global IP Address IP Address 192.168.1.10 IGA 1 192.168.1.13 192.168.1.11 IGA 2 192.168.1.12 IGA 3 192.168.1.13 IGA 4 192.168.1.12 192.168.1.10 IGA1 Inside Local Inside Global Address (ILA) Address (IGA) 192.168.1.11...
Page 140 Chapter 10 Network Address Translation (NAT) FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 141: Dynamic Dns
HAPTER Dynamic DNS 11.1 Overview This chapter discusses how to configure your Device to use Dynamic DNS. Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in applications such as NetMeeting and CU-SeeMe). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Page 142 Chapter 11 Dynamic DNS The following table describes the fields in this screen. Table 34 Network Setting > DNS LABEL DESCRIPTION Dynamic DNS Configuration Active Dynamic Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider. Dynamic DNS Select the type of service that you are registered for from your Dynamic DNS Type...
Page 143: Interface Group
HAPTER Interface Group 12.1 Overview By default, all LAN and WAN interfaces on the Device are in the same group and can communicate with each other. Create interface groups to have the Device assign the IP addresses in different domains to different groups. Each group acts as an independent network on the Device. This lets devices connected to an interface group’s LAN interfaces communicate through the interface group’s WAN or LAN interfaces but not other WAN or LAN interfaces.
Page 144: Interface Group Configuration
Chapter 12 Interface Group The following table describes the fields in this screen. Table 35 Network Setting > Interface Group LABEL DESCRIPTION Add New Click this button to create a new interface group. Interface Group Group Name This shows the descriptive name of the group. WAN Interface This shows the WAN interfaces in the group.
Page 145: Firewall
HAPTER Firewall 13.1 Overview Use the Device firewall screens to enable and configure the firewall that protects your Device and network from attacks by hackers on the Internet and control access to it. By default the firewall: • Allows traffic that originates from your LAN computers to go to all other networks. •...
Page 146: The General Screen
Chapter 13 Firewall It is designed to protect against Denial of Service (DoS) attacks when activated. The Device's purpose is to allow a private Local Area Network (LAN) to be securely connected to the Internet. The Device can be used to prevent theft, destruction and modification of data, as well as log events, which may be important to the security of your network.
Page 147: The Services Screen
Chapter 13 Firewall The following table describes the labels in this screen. Table 37 Security > Firewall > General LABEL DESCRIPTION Firewall Select Enable to activate the firewall. The Device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated. Easy, Medium, Select Easy to have the firewall allow both LAN-to-WAN and WAN-to-LAN traffic High...
Page 148: The Add New Services Entry Screen
Chapter 13 Firewall 13.3.1 The Add New Services Entry Screen Use this screen to configure a service that you want to use in an ACL rule in the Security > Firewall > Access Control > Add New ACL Rule/Edit screen. To access this screen, click Security >...
Page 149: The Add New Acl Rule/Edit Screen
Chapter 13 Firewall Each field is described in the following table. Table 40 Security > Firewall > Access Control LABEL DESCRIPTION Add new ACL rule Click this to go to add a filter rule for incoming or outgoing IP traffic. Name This displays the name of the rule.
Page 150 Chapter 13 Firewall Each field is described in the following table. Table 41 Security > Firewall > Access Control > Add New ACL Rule/Edit LABEL DESCRIPTION Filter Name Enter a descriptive name of up to 16 alphanumeric characters, not including spaces, underscores, and dashes.
Page 151: The Dos Screen
Chapter 13 Firewall 13.5 The DoS Screen Click Security > Firewall > DoS to display the following screen. Use this screen to enable or disable Denial of Service (DoS) protection. Figure 74 Security > Firewall > DoS Each field is described in the following table. Table 42 Security >...
Page 152: Security Considerations
Chapter 13 Firewall 13.6.2 Security Considerations Note: Incorrectly configuring the firewall may block valid access or introduce security risks to the Device and your protected network. Use caution when creating or deleting firewall rules and test your rules after you configure them. Consider these security ramifications before creating a rule: Does this rule stop LAN users from accessing critical resources on the Internet? For example, if IRC is blocked, are there users that require this service?
Page 153: Mac Filter
HAPTER MAC Filter 14.1 Overview This chapter discusses MAC address filtering. You can configure the Device to permit access to clients based on their MAC addresses in the MAC Filter screen. 14.1.1 What You Need to Know Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Page 154 Chapter 14 MAC Filter The following table describes the labels in this menu. Table 43 Security > MAC Filter LABEL DESCRIPTION MAC Address Select Enable to activate MAC address filtering. Filter This is the index number of the MAC address. Allow Select Allow to permit access to the Device.
Page 155: Parental Control
HAPTER Parental Control 15.1 Overview Parental control allows you to block web sites with the specific URL. You can also define time periods and days during which the Device performs parental control on a specific user. 15.2 The Parental Control Screen Use this screen to enable parental control, view the parental control rules and schedules.
Page 156: Add/Edit A Parental Control Rule
Chapter 15 Parental Control Table 44 Parental Control > Parental Control (continued) LABEL DESCRIPTION Website Blocked This shows whether the website block is configured. If not, None will be shown. Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Delete icon to delete an existing rule.
Page 157 Chapter 15 Parental Control Table 45 Add/Edit Parental Control Rule (continued) LABEL DESCRIPTION Parental Control Enter a descriptive name for the rule. Profile Name Home Network Select the LAN user that you want to apply this rule to from the drop-down list User box.
Page 158 Chapter 15 Parental Control FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 159: Certificates
HAPTER Certificates 16.1 Overview The Device can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 16.1.1 What You Can Do in this Chapter •...
Page 160: Verifying A Certificate
Chapter 16 Certificates The Device uses certificates based on public-key cryptology to authenticate users attempting to establish a connection. The method used to secure the data that you send through an established connection depends on the type of connection. For example, a VPN tunnel might use the triple DES encryption algorithm.
Page 161: Local Certificates
Chapter 16 Certificates You can use a certificate’s fingerprint to verify it. A certificate’s fingerprint is a message digest calculated using the MD5 or SHA1 algorithms. The following procedure describes how to check a certificate’s fingerprint to verify that you have the actual certificate. Browse to where you have the certificate saved on your computer.
Page 162 Chapter 16 Certificates • SIP TLS - This certificate secures VoIP connections. • SSH/SCP/SFTP - This certificate secures remote connections. Click Security > Certificates to open the Local Certificates screen. Figure 80 Security > Certificates > Local Certificates The following table describes the labels in this screen. Table 46 Security >...
Page 163: Trusted Ca
Chapter 16 Certificates 16.3 Trusted CA Use this screen to view a summary list of certificates of the certification authorities that you have set the Device to accept as trusted. The Device accepts any valid certificate signed by a certification authority on this list as being trustworthy;...
Page 164: View Certificate
Chapter 16 Certificates Figure 82 Trusted CA > Import The following table describes the labels in this screen. Table 48 Security > Certificates > Trusted CA > Import LABEL DESCRIPTION Certificate File Type in the location of the file you want to upload in this field or click Browse to Path find it.
Page 165 Chapter 16 Certificates The following table describes the labels in this screen. Table 49 Trusted CA: View LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces).
Page 166 Chapter 16 Certificates FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 167: Vpn
HAPTER 17.1 Overview A virtual private network (VPN) provides secure communications over the the Internet. Internet Protocol Security (IPSec) is a standards-based VPN that provides confidentiality, data integrity, and authentication. This chapter shows you how to configure the Device’s VPN settings. 17.2 IPSec VPN 17.2.1 The General Screen Use this screen to view and manage your VPN tunnel policies.
Page 168: Ipsec Vpn: Add
Chapter 17 VPN This screen contains the following fields: Table 50 IPSec VPN LABEL DESCRIPTION Add New Tunnel Click this button to add an item to the list. This is the VPN policy index number. Active This displays if the VPN policy is enabled. Tunnel Name The name of the VPN connection.
Page 169 Chapter 17 VPN Figure 86 IPSec VPN: Add FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 170 Chapter 17 VPN This screen contains the following fields: Table 51 IPSec VPN: Add LABEL DESCRIPTION IPSEC Setup Active Select Active to activate this VPN policy. NAT Traversal Select this if any of these conditions are satisfied. • This IKE SA might be used to negotiate IPSec SAs that use ESP as the active protocol.
Page 171 Chapter 17 VPN Table 51 IPSec VPN: Add LABEL DESCRIPTION Content When you select IP in the Local ID field, type the IP address of your computer in the Content field. If you configure the Content field to 0.0.0.0 or leave it blank, the Device automatically uses the Pre-Share Key (refer to the Pre- Share Key field description).
Page 172 Chapter 17 VPN Table 51 IPSec VPN: Add LABEL DESCRIPTION Authentication Select which hash algorithm to use to authenticate packet data. Choices are Algorithm MD5, SHA1, SHA2-256 and SHA2-512. SHA is generally considered stronger than MD5, but it is also slower. Select which Diffie-Hellman key group you want to use for encryption keys.
Page 173: The Monitor Screen
Chapter 17 VPN Table 51 IPSec VPN: Add LABEL DESCRIPTION Perfect Select whether or not you want to enable Perfect Forward Secrecy (PFS) Forward Secrecy (PFS) PFS changes the root key that is used to generate encryption keys for each IPSec SA.
Page 174: Encapsulation
Chapter 17 VPN Figure 88 IPSec Architecture IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
Page 175: Ike Phases
Chapter 17 VPN Figure 89 Transport and Tunnel Mode IPSec Encapsulation Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
Page 176: Negotiation Mode
Chapter 17 VPN Figure 90 Two Phases to Set Up the IPSec SA In phase 1 you must: • Choose a negotiation mode. • Authenticate the connection by entering a pre-shared key. • Choose an encryption algorithm. • Choose an authentication algorithm. •...
Page 177: Ipsec And Nat
Chapter 17 VPN • Aggressive Mode is quicker than Main Mode because it eliminates several steps when the communicating parties are negotiating authentication (phase 1). However the trade-off is that faster speed limits its negotiating power and it also does not provide identity protection. It is useful in remote access situations where the address of the initiator is not know by the responder and both parties want to use pre-shared key authentication.
Page 178: Id Type And Content
Chapter 17 VPN Figure 91 NAT Router Between IPSec Routers Normally you cannot set up an IKE SA with a NAT router between the two IPSec routers because the NAT router changes the header of the IPSec packet. NAT traversal solves the problem by adding a UDP port 500 header to the IPSec packet.
Page 179: Pre-Shared Key
Chapter 17 VPN The type of ID can be a domain name, an IP address or an e-mail address. The content is the IP address, domain name, or e-mail address. Table 55 Local ID Type and Content Fields LOCAL ID TYPE= CONTENT= Type the IP address of your computer.
Page 180 Chapter 17 VPN FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 181: Voip
HAPTER VoIP 18.1 Overview Use this chapter to: • Connect an analog phone to the Device. • Make phone calls over the Internet, as well as the regular phone network. • Configure settings such as speed dial. • Configure network settings to optimize the voice quality of your phone calls. 18.1.1 What You Can Do in this Chapter These screens allow you to configure your Device to make phone calls over the Internet and your regular phone line, and to set up the phones you connect to the Device.
Page 182: Before You Begin
Chapter 18 VoIP SIP stands for Session Initiation Protocol. SIP is a signalling standard that lets one network device (like a computer or the Device) send messages to another. In VoIP, these messages are about phone calls over the network. For example, when you dial a number on your Device, it sends a SIP message over the network asking the other device (the number you dialed) to take part in the call.
Page 183: The Sip Service Provider Screen
Chapter 18 VoIP • You should have the information your VoIP service provider gave you ready, before you start to configure the Device. 18.2 The SIP Service Provider Screen Use this screen to configure the SIP server information, QoS for VoIP calls, the numbers for certain phone functions and dialing plan.
Page 184 Chapter 18 VoIP Figure 93 VoIP > SIP > SIP Service Provider (continued) The following table describes the labels in this screen. Table 58 VoIP > SIP > SIP Service Provider LABEL DESCRIPTION SIP Service Provider Selection Service Provider Select the SIP service provider profile you want to use for the SIP account you Selection configure in this screen.
Page 185 Chapter 18 VoIP Table 58 VoIP > SIP > SIP Service Provider (continued) LABEL DESCRIPTION SIP Local Port Enter the Device’s listening port number, if your VoIP service provider gave you one. Otherwise, keep the default value. Main SIP Server Enter the IP address or domain name of the SIP server provided by your VoIP Address service provider.
Page 186 Chapter 18 VoIP Table 58 VoIP > SIP > SIP Service Provider (continued) LABEL DESCRIPTION Start Port Enter the listening port number(s) for RTP traffic, if your VoIP service provider gave you this information. Otherwise, keep the default values. End Port To enter one port number, enter the port number in the Start Port and End Port fields.
Page 187 Chapter 18 VoIP Table 58 VoIP > SIP > SIP Service Provider (continued) LABEL DESCRIPTION Min-SE Enter the minimum number of seconds the Device lets a SIP session remain idle (without traffic) before it automatically disconnects the session. When two SIP devices start a SIP session, they must agree on an expiration time for idle sessions.
Page 188: The Sip Account Screen
Chapter 18 VoIP Table 58 VoIP > SIP > SIP Service Provider (continued) LABEL DESCRIPTION Do Not Disturb This code is used to turn the Do Not Disturb feature off. Disable Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. 18.3 The SIP Account Screen The Device uses a SIP account to make outgoing VoIP calls and check if an incoming call’s destination number matches your SIP account’s SIP number.
Page 189 Chapter 18 VoIP Figure 95 SIP Account Add/Edit Each field is described in the following table. Table 60 SIP Account Edit LABEL DESCRIPTION SIP Service Provider Selection Service Provider Select the SIP service provider profile you want to use for the SIP account you Selection configure in this screen.
Page 190 Chapter 18 VoIP Table 60 SIP Account Edit (continued) LABEL DESCRIPTION SIP Account Select the Active SIP Account check box if you want to use this account. Clear it if you do not want to use this account. SIP Account Enter your SIP number.
Page 191: Multiple Sip Accounts
Chapter 18 VoIP Table 60 SIP Account Edit (continued) LABEL DESCRIPTION Active Call Select this to enable call waiting on the Device. This allows you to place a call on Waiting hold while you answer another incoming call on the same telephone (directory) number.
Page 192: Phone Screen
Chapter 18 VoIP 18.5 Phone Screen Use this screen to control which SIP accounts and PSTN line each phone uses. Click VoIP > Phone to access the Phone Device screen. Figure 96 VoIP > Phone > Phone Device The following table describes the labels in this screen. Table 61 VoIP >...
Page 193: The Call Rule Screen
Chapter 18 VoIP The following table describes the labels in this screen. Table 62 Phone Device: Edit LABEL DESCRIPTION SIP Account to Make Outgoing Call SIP Account Select the SIP account you want to use when making outgoing calls with the analog phone connected to this phone port.
Page 194: Technical Reference
Chapter 18 VoIP Each field is described in the following table. Table 63 VoIP > Call Rule LABEL DESCRIPTION Speed Dial Use this section to create or edit speed-dial entries. Select the speed-dial number you want to use for this phone number. Number Enter the SIP number you want the Device to call when you dial the speed-dial number.
Page 195 Chapter 18 VoIP SIP signaling is separate from the media for which it handles sessions. The media that is exchanged during the session can use a different path from that of the signaling. SIP handles telephone calls and can interface with traditional circuit-switched telephone networks. SIP Identities A SIP account uses an identity (sometimes referred to as a SIP address).
Page 196 Chapter 18 VoIP SIP Servers SIP is a client-server protocol. A SIP client is an application program or device that sends SIP requests. A SIP server responds to the SIP requests. When you use SIP to make a VoIP call, it originates at a client and terminates at a server. A SIP client could be a computer or a SIP phone.
Page 197 Chapter 18 VoIP Figure 100 SIP Proxy Server SIP Redirect Server A SIP redirect server accepts SIP requests, translates the destination address to an IP address and sends the translated IP address back to the device that sent the request. Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server.
Page 198 Chapter 18 VoIP Figure 101 SIP Redirect Server SIP Register Server A SIP register server maintains a database of SIP identity-to-IP address (or domain name) mapping. The register server checks your user name and password when you register. When you make a VoIP call using SIP, the RTP (Real time Transport Protocol) is used to handle voice data transfer.
Page 199: Quality Of Service (Qos)
Chapter 18 VoIP A sends a SIP INVITE request to B. This message is an invitation for B to participate in a SIP telephone call. B sends a response indicating that the telephone is ringing. B sends an OK response after the call is answered. A then sends an ACK message to acknowledge that B has answered the call.
Page 200: Phone Services Overview
Chapter 18 VoIP Type of Service (ToS) Network traffic can be classified by setting the ToS (Type of Service) values at the data source (for example, at the Device) so a server can decide the best method of delivery, that is the least cost, fastest route and so on.
Page 201 Chapter 18 VoIP • Call Hold • Call Waiting • Making a Second Call • Call Transfer • Three-Way Conference • Internal Calls • Do not Disturb Note: To take full advantage of the supplementary phone services available through the Device's phone ports, you may need to subscribe to the services from your VoIP service provider.
Page 202 Chapter 18 VoIP European Call Hold Call hold allows you to put a call (A) on hold by pressing the flash key. If you have another call, press the flash key and then “2” to switch back and forth between caller A and B by putting either one on hold.
Page 203 Chapter 18 VoIP When the second call is answered, press the flash key and press “3” to create a three-way conversation. Hang up the phone to drop the connection. If you want to separate the activated three-way conference into two individual connections (one is on-line, the other is on hold), press the flash key and press “2”.
Page 204 Chapter 18 VoIP FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 205: Logs
HAPTER Logs 19.1 Overview The web configurator allows you to choose which categories of events and/or alerts to have the Device log and then display the logs or have the Device send them to an administrator (as e-mail) or to a syslog server. 19.1.1 What You Can Do in this Chapter •...
Page 206: The System Log Screen
Chapter 19 Logs Table 66 Syslog Severity Levels CODE SEVERITY Error: There is an error condition on the system. Warning: There is a warning condition on the system. Notice: There is a normal but significant condition on the system. Informational: The syslog contains an informational message. Debug: The message is intended for debug-level purposes.
Page 207: The Phone Log Screen
Chapter 19 Logs 19.3 The Phone Log Screen Click System Monitor > Log to open the Phone Log screen. Use this screen to view phone logs and alert messages. You can select the type of log and level of severity to display. Figure 104 System Monitor >...
Page 208 Chapter 19 Logs The following table describes the fields in this screen. Table 69 System Monitor > Log > VoIP Call History LABEL DESCRIPTION Select a category of call records to view from the drop-down list box. select All Call History to view all call records. Refresh Click this to renew the log screen.
Page 209: Traffic Status
HAPTER Traffic Status 20.1 Overview Use the Traffic Status screens to look at network traffic status and statistics of the WAN, LAN interfaces and NAT. 20.1.1 What You Can Do in this Chapter • Use the WAN screen to view the WAN traffic statistics (Section 20.2 on page 209) .
Page 210: The Lan Status Screen
Chapter 20 Traffic Status The following table describes the fields in this screen. Table 70 System Monitor > Traffic Status > WAN LABEL DESCRIPTION Status This shows the number of bytes received and sent through the WAN interface of the Device. Refresh Interval Select how often you want the Device to update this screen from the drop-down list box.
Page 211: The Nat Status Screen
Chapter 20 Traffic Status Table 71 System Monitor > Traffic Status > LAN (continued) LABEL DESCRIPTION Data This indicates the number of transmitted packets on this interface. Error This indicates the number of frames with errors transmitted on this interface. Drop This indicates the number of outgoing packets dropped on this interface.
Page 212: The Voip Status Screen
Chapter 20 Traffic Status Figure 109 System Monitor > Traffic Status > 3G Backup The following table describes the fields in this screen. Table 73 System Monitor > Traffic Status > 3G backup LABEL DESCRIPTION Status This shows the number of bytes received and sent through the 3G interface of the Device.
Page 213 Chapter 20 Traffic Status Figure 110 System Monitor > VoIP Status The following table describes the fields in this screen. Table 74 System Monitor > VoIP Status LABEL DESCRIPTION Refresh Interval Select how often you want the Device to update this screen from the drop-down list box.
Page 214 Chapter 20 Traffic Status Table 74 System Monitor > VoIP Status (continued) LABEL DESCRIPTION Status This field displays the current state of the phone call. Idle - There are no current VoIP calls, incoming calls or outgoing calls being made. Dial - The callee’s phone is ringing.
Page 215: User Account
HAPTER User Account 21.1 Overview You can configure system password for different user accounts in the User Account screen. 21.2 The User Account Screen Use the User Account screen to configure system password. Click Maintenance > User Account to open the following screen. Figure 111 Maintenance >...
Page 216 Chapter 21 User Account FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 217: Remote Mgmt
HAPTER Remote MGMT 22.1 Overview Remote MGMT allows you to manage your Device from a remote location through the following interfaces: • LAN • WAN only Note: The Device is managed using the web configurator. 22.1.1 What You Need to Know The following terms and concepts may help as you read this chapter TR-064 TR-064 is a LAN-Side DSL CPE Configuration protocol defined by the DSL Forum.
Page 218 Chapter 22 Remote MGMT Figure 112 Maintenance > Remote MGMT The following table describes the fields in this screen. Table 76 Maintenance > Remote MGMT LABEL DESCRIPTION Services This is the service you may use to access the Device. Select the Enable check box for the corresponding services that you want to allow access to the Device from the LAN.
Page 219: Snmp
HAPTER SNMP 23.1 Overview This chapter explains how to configure the SNMP settings on the Device. 23.2 The SNMP Screen Simple Network Management Protocol is a protocol used for exchanging management information between network devices. Your Device supports SNMP agent functionality, which allows a manager station to manage and monitor the Device through the network.
Page 220 Chapter 23 SNMP The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include such as number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects.
Page 221: System
HAPTER System 24.1 Overview You can configure system settings, including the host name, domain name and the inactivity time- out interval in the System screen. 24.1.1 What You Need to Know The following terms and concepts may help as you read this chapter. Domain Name This is a network address that identifies the owner of a network connection.
Page 222 Chapter 24 System The following table describes the labels in this screen. Table 78 Maintenance > System LABEL DESCRIPTION Host Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name” in this field. This name can be up to 30 alphanumeric characters long.
Page 223: Time Setting
HAPTER Time Setting 25.1 Overview You can configure the system’s time and date in the Time Setting screen. 25.2 The Time Setting Screen To change your Device’s time and date, click Maintenance > Time. The screen appears as shown. Use this screen to configure the Device’s time based on your local time zone. Figure 116 Maintenance >...
Page 224 Chapter 25 Time Setting Table 79 Maintenance > System > Time Setting (continued) LABEL DESCRIPTION Daylight Savings Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.Select this option if you use Daylight Saving Time.
Page 225: Log Setting
HAPTER Log Setting 26.1 Overview You can configure where the Device sends logs and which logs and/or immediate alerts the Device records in the Log Setting screen. 26.2 The Log Setting Screen To change your Device’s log settings, click Maintenance > Log Setting. The screen appears as shown.
Page 226 Chapter 26 Log Setting The following table describes the fields in this screen. Table 80 Maintenance > Log Setting LABEL DESCRIPTION Syslog Setting Syslog Logging The Device sends a log to an external syslog server. Select the Enable check box to enable syslog logging.
Page 227: Firmware Upgrade
HAPTER Firmware Upgrade 27.1 Overview This chapter explains how to upload new firmware to your Device. You can download new firmware releases from your nearest ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device’s performance. Only use firmware for your device’s specific model. Refer to the label on the bottom of your Device.
Page 228 Chapter 27 Firmware Upgrade Figure 119 Firmware Uploading The Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 120 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, an error screen will appear.
Page 229: Backup/Restore
HAPTER Backup/Restore 28.1 Overview The Backup/Restore screen allows you to backup and restore device configurations. You can also reset your device settings back to the factory default. 28.2 The Backup/Restore Screen Click Maintenance > Backup/Restore. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next.
Page 230 Chapter 28 Backup/Restore Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your Device. Table 82 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it.
Page 231: The Reboot Screen
Chapter 28 Backup/Restore Figure 125 Reset In Process Message You can also press the RESET button on the back panel to reset the factory defaults of your Device. Refer to Section 1.5 on page 17 for more information on the RESET button. 28.3 The Reboot Screen System restart allows you to reboot the Device remotely without turning the power off.
Page 232 Chapter 28 Backup/Restore FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 233: Diagnostic
HAPTER Diagnostic 29.1 Overview You can use different diagnostic methods to test a connection and see the detailed information. These read-only screens display information to help you identify problems with the Device. 29.2 The Ping/TraceRoute Screen Ping and traceroute help check availability of remote hosts and also help troubleshoot network or Internet connections.
Page 234 Chapter 29 Diagnostic FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 235: Auto Provision
HAPTER Auto Provision 30.1 Overview You can use auto provision to automatically update the configuration settings on the Device. The Auto Provision feature uses the http protocol with encryption, and can be used to upgrade firmware or configuration information to the Device. The device must access an Auto Provision server. In the figure below, three different Devices (ZD1, ZD2, ZD3) are controlled by auto provision server S.
Page 236 Chapter 30 Auto Provision The following table describes the fields in this screen. Table 84 Maintenance > Auto Provision LABEL DESCRIPTION Auto Provision Enable or disable auto provision. Directory Enter the directory path where the auto provision file is located. Auto Provision Enter the IP address of the auto provision server.
Page 237: Troubleshooting
HAPTER Troubleshooting 31.1 Overview This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • Device Access and Login • Internet Access • Phone Calls and VoIP •...
Page 238: Device Access And Login
Chapter 31 Troubleshooting Turn the Device off and on. If the problem continues, contact the vendor. 31.3 Device Access and Login I forgot the IP address for the Device. The default IP address is 192.168.1.1. If you changed the IP address and have forgotten it, you might get the IP address of the Device by looking up the IP address of the default gateway for your computer.
Page 239 Chapter 31 Troubleshooting Reset the device to its factory defaults, and try to access the Device with the default IP address. Section 1.5 on page If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions.
Page 240: Internet Access
Chapter 31 Troubleshooting 31.4 Internet Access I cannot access the Internet. Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide. Make sure you entered your ISP account information correctly. These fields are case-sensitive, so make sure [Caps Lock] is not on.
Page 241: Phone Calls And Voip
Chapter 31 Troubleshooting • Check the settings for QoS. If it is disabled, you might consider activating it. If it is enabled, you might consider raising or lowering the priority for some applications. 31.5 Phone Calls and VoIP The telephone port won’t work or the telephone lacks a dial tone. Check the telephone connections and telephone wire.
Page 242: Upnp
Chapter 31 Troubleshooting 31.7 UPnP When using UPnP and the Device reboots, my computer cannot detect UPnP and refresh My Network Places > Local Network. Disconnect the Ethernet cable from the Device’s LAN port or from your computer. Re-connect the Ethernet cable. The Local Area Connection icon for UPnP disappears in the screen.
Page 243: Appendix A Ip Addresses And Subnetting
PP EN D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (such as computers, servers, routers, and printers) needs an IP address to communicate across the network. These networking devices are also known as hosts.
Page 244 Appendix A IP Addresses and Subnetting Figure 129 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Page 245 Appendix A IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 86 Subnet Masks BINARY DECIMAL 1ST OCTET 2ND OCTET 3RD OCTET...
Page 246 Appendix A IP Addresses and Subnetting Table 88 Alternative Subnet Mask Notation (continued) ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.240 1111 0000 255.255.255.248 1111 1000 255.255.255.252 1111 1100 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Page 247 Appendix A IP Addresses and Subnetting Figure 131 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 248 Appendix A IP Addresses and Subnetting Table 90 Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.65 192.168.1.64 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 Table 91 Subnet 3...
Page 249 Appendix A IP Addresses and Subnetting Table 93 Eight Subnets (continued) SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 94 24-bit Network Number Subnet Planning NO.
Page 250 Appendix A IP Addresses and Subnetting Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established.
Page 251 Appendix A IP Addresses and Subnetting computer B which is a DHCP client. Neither can access the Internet. This problem can be solved by assigning a different static IP address to computer A or setting computer A to obtain an IP address automatically.
Page 252 Appendix A IP Addresses and Subnetting Figure 134 Conflicting Computer and Router IP Addresses Example FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 253: Appendix B Setting Up Your Computer's Ip Address
PP EN D I X Setting Up Your Computer’s IP Address Note: Your specific Device may not support all of the operating systems described in this appendix. See the product specifications for more information about which operating systems are supported. This appendix shows you how to configure the IP settings on your computer in order for it to be able to communicate with the other devices on your network.
Page 254 Appendix B Setting Up Your Computer’s IP Address Figure 135 Windows XP: Start Menu In the Control Panel, click the Network Connections icon. Figure 136 Windows XP: Control Panel Right-click Local Area Connection and then select Properties. Figure 137 Windows XP: Control Panel > Network Connections > Properties FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 255 Appendix B Setting Up Your Computer’s IP Address On the General tab, select Internet Protocol (TCP/IP) and then click Properties. Figure 138 Windows XP: Local Area Connection Properties The Internet Protocol TCP/IP Properties window opens. FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 256 Appendix B Setting Up Your Computer’s IP Address Figure 139 Windows XP: Internet Protocol (TCP/IP) Properties Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
Page 257 Appendix B Setting Up Your Computer’s IP Address Windows Vista This section shows screens from Windows Vista Professional. Click Start > Control Panel. Figure 140 Windows Vista: Start Menu In the Control Panel, click the Network and Internet icon. Figure 141 Windows Vista: Control Panel Click the Network and Sharing Center icon.
Page 258 Appendix B Setting Up Your Computer’s IP Address Figure 143 Windows Vista: Network and Sharing Center Right-click Local Area Connection and then select Properties. Figure 144 Windows Vista: Network and Sharing Center Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue.
Page 259 Appendix B Setting Up Your Computer’s IP Address Figure 145 Windows Vista: Local Area Connection Properties The Internet Protocol Version 4 (TCP/IPv4) Properties window opens. FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 260 Appendix B Setting Up Your Computer’s IP Address Figure 146 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
Page 261 Appendix B Setting Up Your Computer’s IP Address Windows 7 This section shows screens from Windows 7 Enterprise. Click Start > Control Panel. Figure 147 Windows 7: Start Menu In the Control Panel, click View network status and tasks under the Network and Internet category.
Page 262 Appendix B Setting Up Your Computer’s IP Address Figure 150 Windows 7: Local Area Connection Status Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties. FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 263 Appendix B Setting Up Your Computer’s IP Address Figure 151 Windows 7: Local Area Connection Properties The Internet Protocol Version 4 (TCP/IPv4) Properties window opens. FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 264 Appendix B Setting Up Your Computer’s IP Address Figure 152 Windows 7: Internet Protocol Version 4 (TCP/IPv4) Properties Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
Page 265 Appendix B Setting Up Your Computer’s IP Address Figure 153 Windows 7: Internet Protocol Version 4 (TCP/IPv4) Properties Mac OS X: 10.3 and 10.4 The screens in this section are from Mac OS X 10.4 but can also apply to 10.3. Click Apple >...
Page 266 Appendix B Setting Up Your Computer’s IP Address Figure 155 Mac OS X 10.4: System Preferences When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure. Figure 156 Mac OS X 10.4: Network Preferences For dynamically assigned settings, select Using DHCP from the Configure IPv4 list in the TCP/IP tab.
Page 267 Appendix B Setting Up Your Computer’s IP Address Figure 157 Mac OS X 10.4: Network Preferences > TCP/IP Tab. For statically assigned settings, do the following: • From the Configure IPv4 list, select Manually. • In the IP Address field, type your IP address. •...
Page 268 Appendix B Setting Up Your Computer’s IP Address Figure 158 Mac OS X 10.4: Network Preferences > Ethernet Click Apply Now and close the window. Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network Interface from the Info tab.
Page 269 Appendix B Setting Up Your Computer’s IP Address Click Apple > System Preferences. Figure 160 Mac OS X 10.5: Apple Menu In System Preferences, click the Network icon. Figure 161 Mac OS X 10.5: Systems Preferences When the Network preferences pane opens, select Ethernet from the list of available connection types.
Page 270 Appendix B Setting Up Your Computer’s IP Address Figure 162 Mac OS X 10.5: Network Preferences > Ethernet From the Configure list, select Using DHCP for dynamically assigned settings. For statically assigned settings, do the following: • From the Configure list, select Manually. •...
Page 271 Appendix B Setting Up Your Computer’s IP Address Figure 163 Mac OS X 10.5: Network Preferences > Ethernet Click Apply and close the window. Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network interface from the Info tab.
Page 272 Appendix B Setting Up Your Computer’s IP Address Figure 164 Mac OS X 10.5: Network Utility Linux: Ubuntu 8 (GNOME) This section shows you how to configure your computer’s TCP/IP settings in the GNU Object Model Environment (GNOME) using the Ubuntu 8 Linux distribution. The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration.
Page 273 Appendix B Setting Up Your Computer’s IP Address Figure 166 Ubuntu 8: Network Settings > Connections In the Authenticate window, enter your admin account name and password then click the Authenticate button. Figure 167 Ubuntu 8: Administrator Account Authentication In the Network Settings window, select the connection that you want to configure, then click Properties.
Page 274 Appendix B Setting Up Your Computer’s IP Address Figure 168 Ubuntu 8: Network Settings > Connections The Properties dialog box opens. Figure 169 Ubuntu 8: Network Settings > Properties • In the Configuration list, select Automatic Configuration (DHCP) if you have a dynamic IP address.
Page 275 Appendix B Setting Up Your Computer’s IP Address Figure 170 Ubuntu 8: Network Settings > DNS Click the Close button to apply the changes. Verifying Settings Check your TCP/IP properties by clicking System > Administration > Network Tools, and then selecting the appropriate Network device from the Devices tab.
Page 276 Appendix B Setting Up Your Computer’s IP Address Figure 171 Ubuntu 8: Network Tools Linux: openSUSE 10.3 (KDE) This section shows you how to configure your computer’s TCP/IP settings in the K Desktop Environment (KDE) using the openSUSE 10.3 Linux distribution. The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration.
Page 277 Appendix B Setting Up Your Computer’s IP Address Figure 172 openSUSE 10.3: K Menu > Computer Menu When the Run as Root - KDE su dialog opens, enter the admin password and click OK. Figure 173 openSUSE 10.3: K Menu > Computer Menu When the YaST Control Center window opens, select Network Devices and then click the Network Card icon.
Page 278 Appendix B Setting Up Your Computer’s IP Address Figure 174 openSUSE 10.3: YaST Control Center When the Network Settings window opens, click the Overview tab, select the appropriate connection Name from the list, and then click the Configure button. Figure 175 openSUSE 10.3: Network Settings When the Network Card Setup window opens, click the Address tab FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 279 Appendix B Setting Up Your Computer’s IP Address Figure 176 openSUSE 10.3: Network Card Setup Select Dynamic Address (DHCP) if you have a dynamic IP address. Select Statically assigned IP Address if you have a static IP address. Fill in the IP address, Subnet mask, and Hostname fields.
Page 280 Appendix B Setting Up Your Computer’s IP Address Figure 177 openSUSE 10.3: Network Settings Click Finish to save your settings and close the window. Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP/IP properties. From the Options sub-menu, select Show Connection Information.
Page 281 Appendix B Setting Up Your Computer’s IP Address Figure 179 openSUSE: Connection Status - KNetwork Manager FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 282 Appendix B Setting Up Your Computer’s IP Address FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 283: Appendix C Pop-Up Windows, Javascript And Java Permissions
PP EN D I X Pop-up Windows, JavaScript and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScript (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here.
Page 284 Appendix C Pop-up Windows, JavaScript and Java Permissions Figure 181 Internet Options: Privacy Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
Page 285 Appendix C Pop-up Windows, JavaScript and Java Permissions Figure 182 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. Click Add to move the IP address to the list of Allowed sites. Figure 183 Pop-up Blocker Settings FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 286 Appendix C Pop-up Windows, JavaScript and Java Permissions Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScript If pages of the web configurator do not display properly in Internet Explorer, check that JavaScript are allowed. In Internet Explorer, click Tools, Internet Options and then the Security tab.
Page 287 Appendix C Pop-up Windows, JavaScript and Java Permissions Figure 185 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. Click OK to close the window.
Page 288 Appendix C Pop-up Windows, JavaScript and Java Permissions Figure 186 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. Click OK to close the window.
Page 289 Appendix C Pop-up Windows, JavaScript and Java Permissions Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, JavaScript and pop-ups in one screen. Click Tools, then click Options in the screen that appears.
Page 290 Appendix C Pop-up Windows, JavaScript and Java Permissions FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 291: Appendix D Common Services
PP EN D I X Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. •...
Page 292 Appendix D Common Services Table 96 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION HTTP Hyper Text Transfer Protocol - a client/ server protocol for the world wide web. HTTPS HTTPS is a secured http session often used in e-commerce. ICMP User-Defined Internet Control Message Protocol is often...
Page 293 Appendix D Common Services Table 96 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SMTP Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another. SNMP TCP/UDP Simple Network Management Program.
Page 294 Appendix D Common Services FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 295: Appendix E Ipv6
PP EN D I X IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 10 addresses.
Page 296: Global Address
Appendix E IPv6 Global Address A global address uniquely identifies a device on the Internet. It is similar to a “public IP address” in IPv4. A global unicast address starts with a 2 or 3. Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address.
Page 297 Appendix E IPv6 Table 99 Reserved Multicast Address (continued) MULTICAST ADDRESS FF08:0:0:0:0:0:0:0 FF09:0:0:0:0:0:0:0 FF0A:0:0:0:0:0:0:0 FF0B:0:0:0:0:0:0:0 FF0C:0:0:0:0:0:0:0 FF0D:0:0:0:0:0:0:0 FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 ~ 10, A ~ F).
Page 298 Appendix E IPv6 combines its interface ID and global and subnet information advertised from the router. This is a routable global IP address. DHCPv6 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6, RFC 3315) is a server-client protocol that allows a DHCP server to assign and pass IPv6 network addresses, prefixes and other configuration information to DHCP clients.
Page 299 Appendix E IPv6 such as the system name. The interface-ID option provides slot number, port information and the VLAN ID to the DHCPv6 server. The remote-ID option (if any) is stripped from the Relay-Reply messages before the relay agent sends the packets to the clients. The DHCP server copies the interface-ID option from the Relay-Forward message into the Relay-Reply message and sends it to the relay agent.
Page 300 Appendix E IPv6 determine whether the destination address is on-link and can be reached directly without passing through a router. If the address is unlink, the address is considered as the next hop. Otherwise, the Device determines the next-hop from the default router list or routing table. Once the next hop IP address is known, the Device looks into the neighbor cache to get the link-layer address and sends the packet when the neighbor is reachable.
Page 301 Appendix E IPv6 Example - Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6 install command on Windows XP/2003 to enable IPv6. This also displays how to use the ipconfig command to see auto-generated IP addresses.
Page 302 Appendix E IPv6 Click Start and then OK. Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer.
Page 303 Appendix E IPv6 Click Close to exit the Local Area Connection Status screen. Select Start > All Programs > Accessories > Command Prompt. Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection:...
Page 304 Appendix E IPv6 FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 306 Appendix F Legal Information • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations. This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules.
Page 307 Appendix F Legal Information Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This device is designed for the WLAN 2.4 GHz and/or 5 GHz networks throughout the EC region and Switzerland, with restrictions in France.
Page 308: Safety Warnings
Appendix F Legal Information merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser. To obtain the services of this warranty, contact your vendor. You may also refer to the warranty policy for the region in which you bought the device at http://www.zyxel.com/web/ support_warranty_info.php.
Page 309: Index
Index Index call service mode Numbers call transfer call waiting 6to4 mode Canonical Format Indicator See CFI certificate factory default certificates ACK message replacing activation storage space media server thumbprint algorithms adding a printer example thumbprints administrator password trusted CAs verifying fingerprints Certification Authority, see CA algorithms...
Page 310 Index Differentiated Services, see DiffServ flash key Diffie-Hellman key groups flashing DiffServ (Differentiated Services) code points marking rule 132, 200 disclaimer DLNA G.168 DNS server address assignment Guide documentation Quick Start related domain name system, see DNS Domain Name System. See DNS. DS (Differentiated Services) DS field 132, 200...
Page 311 Index IP pool IP pool setup IPSec 63, 153 algorithms MAC address architecture MAC address filtering MAC filter IPSec VPN Management Information Base (MIB) IPv6 68, 295 managing the device addressing 69, 87, 295 good habits DHCP using FTP. See FTP. EUI-64 Maximum Burst Size (MBS) global address...
Page 312 Index outside header restart restoring configuration RFC 1483 RFC 1631 RFC 1889 RFC 3164 passwords router advertisements Peak Cell Rate (PCR) router features peer-to-peer calls Per-Hop Behavior, see PHB 132, 200 phone book speed dial PPP over Ethernet, see PPPoE PPPoE security, network 68, 84...
Page 313 Index status forum security issues subnet subnet mask 104, 244 subnetting supplementary services Sustained Cell Rate (SCR) syslog protocol version severity levels firmware version system firmware passwords Virtual Circuit (VC) status Virtual Local Area Network See VLAN System Info Virtual Local Area Network, see VLAN system name 63, 222 VLAN...
Page 314 Index FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 315 Index FMG3024-D10A / FMG3025-D10A Series User’s Guide...
Page 316 Index FMG3024-D10A / FMG3025-D10A Series User’s Guide...

This manual is also suitable for:

Fmg3025-d10a series

ZyXEL Communications FMG3024-D10A Series User Manual

Contents Overview

Table of Contents

User's Guide

PART I User's Guide

Chapter 1 Introduction

Chapter 2 Introducing the Web Configurator

Chapter 3 Tutorials

Technical Reference

Part II: Technical Reference

Chapter 4 Connection Status and System Info

Chapter 5 Broadband

Chapter 6 Cable TV

Chapter 7 Home Networking

Chapter 8 Routing

Chapter 9 Quality of Service (Qos)

Chapter 10 Network Address Translation (NAT)

Chapter 11 Dynamic DNS

Chapter 12 Interface Group

Chapter 13 Firewall

Chapter 14 MAC Filter

Chapter 15 Parental Control

Chapter 16 Certificates

Chapter 17 VPN

Chapter 18 Voip

Chapter 19 Logs

Chapter 20 Traffic Status

Chapter 21 User Account

Chapter 22 Remote MGMT

Chapter 23 SNMP

Chapter 24 System

Chapter 25 Time Setting

Chapter 26 Log Setting

Chapter 27 Firmware Upgrade

Chapter 28 Backup/Restore

Chapter 29 Diagnostic

Chapter 30 Auto Provision

Chapter 31 Troubleshooting

Appendix A IP Addresses and Subnetting

Appendix B Setting up Your Computer's IP Address

Appendix C Pop-Up Windows, Javascript and Java Permissions

Appendix D Common Services

Appendix E Ipv6

Appendix F Legal Information

Index

Quick Links

Related Manuals for ZyXEL Communications FMG3024-D10A Series

Summary of Contents for ZyXEL Communications FMG3024-D10A Series