Page 1 ISG50 Integrated Service Gateway Default Login Details IMPORTANT! LAN IP https://192.168.1.1 READ CAREFULLY Address BEFORE USE. User Name admin Password 1234 KEEP THIS GUIDE FOR FUTURE REFERENCE. Version 2.30 Edition 3, 05/2012 www.zyxel.com www.zyxel.com Copyright © 2012 ZyXEL Communications Corporation...
Page 2 IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Graphics in this book may differ slightly from the product due to differences in operating systems, operating system versions, or if you installed updated firmware/software for your device. Every effort has been made to ensure that the information in this manual is accurate.
Page 3: Table Of Contents
Contents Overview Contents Overview User’s Guide ............................25 Introducing the ISG50 ..........................27 Features and Applications ........................37 Web Configurator ............................43 Installation Setup Wizard ........................59 Quick Setup .............................69 Configuration Basics ..........................87 General Tutorials ...........................107 PBX Tutorials ............................135 Technical Reference ........................183 Dashboard .............................185 Monitor ..............................195 Registration ............................229 Interfaces ..............................233 Trunks ..............................281...
Page 4 Contents Overview Meet-me Conference ..........................547 Paging Group ............................549 ACD ...............................553 Sound Files ............................568 Auto Provision ............................573 Voice Mail ..............................581 Phonebook ............................587 Office Hours ............................595 User/Group ............................599 Addresses .............................613 Services ..............................619 Schedules .............................625 AAA Server ............................631 Authentication Method ..........................639 Certificates ............................643 ISP Accounts ............................661 System ..............................665 Log and Report .............................705...
Page 5: Table Of Contents
Table of Contents Table of Contents Contents Overview ..........................3 Table of Contents ..........................5 Part I: User’s Guide ..................25 Chapter 1 Introducing the ISG50 ........................27 1.1 Overview ............................27 1.1.1 PBX ............................27 1.1.2 Security and Routing .......................28 1.1.3 Application Scenarios ......................28 1.2 Rack-mounted Installation .........................31 1.2.1 Rack-Mounted Installation Procedure ..................32 1.3 Connecting the Frame Ground ......................32...
Page 6 Table of Contents 4.1.1 Internet Access Setup - WAN Interface ..................59 4.1.2 Internet Access: Ethernet .......................60 4.1.3 Internet Access: PPPoE ......................62 4.1.4 Internet Access: PPTP ......................63 4.1.5 ISP Parameters ........................63 4.1.6 Internet Access Setup - Second WAN Interface ..............65 4.1.7 Internet Access - Finish ......................66 4.2 Device Registration .........................66 Chapter 5 Quick Setup............................69...
Page 7 Table of Contents 6.5.2 NAT Table Checking Flow ......................96 6.6 Other Features Configuration Overview ....................97 6.6.1 Feature ............................97 6.6.2 Licensing Registration ......................98 6.6.3 Interface ...........................98 6.6.4 Trunks ............................98 6.6.5 Policy Routes ...........................98 6.6.6 Static Routes ...........................99 6.6.7 Zones ............................99 6.6.8 DDNS ............................100 6.6.9 NAT ............................100 6.6.10 HTTP Redirect ........................101 6.6.11 ALG ............................101...
Page 8 Table of Contents 7.5.2 Set Up User Groups ......................118 7.5.3 Set Up User Authentication Using the RADIUS Server ............118 7.6 How to Use a RADIUS Server to Authenticate User Accounts Based on Groups ......120 7.7 How to Use Authentication Policies ....................122 7.7.1 Configure the Authentication Policy ..................122 7.8 How to Configure Service Control ....................123 7.8.1 Allow HTTPS Administrator Access Only From the LAN ............123...
Page 9 Table of Contents 8.7 Using Call Features .........................163 8.7.1 Customizing Feature Codes ....................163 8.7.2 Using the Voicemail Feature ....................163 8.8 Using the Extension Portal ......................164 8.8.1 Your Information ........................164 8.8.2 Accessing the Extension Portal .....................164 8.8.3 Using the Web Phone (IP Phone Users Only) ...............165 8.8.4 Changing Your Security Information ..................166 8.8.5 Personalizing Your Settings ....................167 8.8.6 Setting Up Voicemail ......................170...
Page 10 Table of Contents 10.7 IP/MAC Binding Monitor ........................205 10.8 The Login Users Screen ......................206 10.9 Cellular Status Screen ........................207 10.9.1 More Information .........................209 10.10 USB Storage Screen ........................210 10.11 The IPSec Monitor Screen ......................211 10.11.1 Regular Expressions in Searching IPSec SAs ..............212 10.12 SIP Peer Screen .........................213 10.13 FXS Peer Screen ........................214 10.14 SIP Trunk Screen ........................215...
Page 11 Table of Contents 12.6 VLAN Interfaces ...........................259 12.6.1 VLAN Summary Screen ......................261 12.6.2 VLAN Add/Edit ........................262 12.7 Bridge Interfaces ..........................267 12.7.1 Bridge Summary ........................269 12.7.2 Bridge Add/Edit ........................270 12.7.3 Virtual Interfaces Add/Edit ....................275 12.8 Interface Technical Reference .......................276 Chapter 13 Trunks ..............................281 13.1 Overview ............................281 13.1.1 What You Can Do in this Chapter ..................281...
Page 12 Table of Contents 16.1 Zones Overview ..........................313 16.1.1 What You Can Do in this Chapter ..................313 16.1.2 What You Need to Know ......................313 16.2 The Zone Screen ..........................314 16.3 Zone Edit ............................315 Chapter 17 DDNS..............................317 17.1 DDNS Overview ..........................317 17.1.1 What You Can Do in this Chapter ..................317 17.1.2 What You Need to Know ......................317 17.2 The DDNS Screen ........................318 17.2.1 The Dynamic DNS Add/Edit Screen ..................319...
Page 13 Table of Contents 21.1.1 What You Can Do in this Chapter ..................341 21.1.2 What You Need to Know ......................341 21.2 IP/MAC Binding Summary ......................342 21.2.1 IP/MAC Binding Edit ......................343 21.2.2 Static DHCP Edit .........................344 21.3 IP/MAC Binding Exempt List ......................345 Chapter 22 Authentication Policy ........................347 22.1 Overview ............................347...
Page 14 Table of Contents 25.1 Overview ............................397 25.1.1 What You Can Do in this Chapter ..................397 25.1.2 What You Need to Know .....................397 25.1.3 Bandwidth Management Examples ..................401 25.2 The Bandwidth Management Screen ...................404 25.2.1 The Bandwidth Management Add/Edit Screen ..............406 Chapter 26 ADP ..............................
Page 15 Table of Contents 28.1 Overview ............................448 28.1.1 What You Can Do in this Chapter ..................448 28.1.2 What You Need to Know ......................448 28.2 The FXS Screen ...........................449 28.3 The FXO Screen ..........................450 28.4 The BRI Screen ..........................451 Chapter 29 Extension Management........................453 29.1 Overview ............................453 29.1.1 What You Can Do in this Chapter ..................453 29.1.2 What You Need to Know ......................453...
Page 16 Table of Contents 30.2.10 Auto-Attendant for Incoming BRI Calls ................502 Chapter 31 Auto-attendant ..........................503 31.1 Overview ............................503 31.1.1 What You Can Do in this Chapter ..................503 31.1.2 What You Need to Know ......................503 31.2 The Default Auto-Attendant Screen ....................505 31.3 The Customized Auto-Attendant Screen ..................507 31.3.1 The Add/Edit Auto-Attendant Screen ..................508 31.3.2 Auto Attendant Settings: Office Hours ................509 31.3.3 The Add/Edit Auto-Attendant Option Screen ...............
Page 17 Table of Contents 34.3 The Call Park Screen ........................534 34.3.1 Configuring the Call Park Screen ..................535 34.4 The Call Waiting Screen .......................536 34.4.1 Configuring the Call Waiting Screen ..................537 34.5 The Emergency Call Screen ......................538 34.5.1 Configuring the Emergency Call Screen ................538 34.6 The Music on Hold Screen ......................539 34.6.1 Add or Edit Custom Music On Hold ..................541 34.7 The Call Transfer Screen ......................541...
Page 18 Table of Contents 38.6.1 The Skill Menu Settings Screen ..................565 38.6.2 Add/Edit Skill Menu Action Screen ..................566 Chapter 39 Sound Files ............................568 39.1 Overview ............................568 39.1.1 What You Can Do in this Chapter ..................568 39.1.2 What You Need to Know ......................568 39.2 The System Sound Screen ......................568 39.2.1 The Add/Edit Sound File Screen ..................569 39.3 The Specific Sound File Screen ....................570...
Page 19 Table of Contents 42.5.1 Local Phonebook Add/Edit Screen ..................592 Chapter 43 Office Hours ............................595 43.1 Overview ............................595 43.1.1 What You Can Do in this Chapter ..................595 43.1.2 What You Need To Know .....................595 43.1.3 Before You Begin .........................595 43.2 Office Hour Screen ........................595 Chapter 44 User/Group ............................599 44.1 Overview ............................599...
Page 20 Table of Contents Chapter 47 Schedules............................625 47.1 Overview ............................625 47.1.1 What You Can Do in this Chapter ..................625 47.1.2 What You Need to Know ......................625 47.2 The Schedule Summary Screen ....................626 47.2.1 The One-Time Schedule Add/Edit Screen ................627 47.2.2 The Recurring Schedule Add/Edit Screen ................628 Chapter 48 AAA Server............................631 48.1 Overview ............................631...
Page 21 Table of Contents 50.3.2 The Trusted Certificates Import Screen ................659 50.4 Certificates Technical Reference ....................659 Chapter 51 ISP Accounts.............................661 51.1 Overview ............................661 51.1.1 What You Can Do in this Chapter ..................661 51.2 ISP Account Summary ........................661 51.2.1 ISP Account Add/Edit ......................662 Chapter 52 System ...............................665 52.1 Overview ............................665...
Page 22 Table of Contents 52.8.4 Configuring SSH ........................695 52.8.5 Secure Telnet Using SSH Examples ...................696 52.9 Telnet ............................698 52.9.1 Configuring Telnet ........................698 52.10 FTP ............................699 52.10.1 Configuring FTP ........................699 52.11 SNMP ............................700 52.11.1 Supported MIBs .........................702 52.11.2 SNMP Traps ........................702 52.11.3 Configuring SNMP ......................702 52.12 Language Screen ........................704 Chapter 53 Log and Report ..........................705...
Page 23 Table of Contents 56.1 Overview ............................737 56.1.1 What You Can Do in this Chapter ..................737 56.2 The Diagnostic Screen ........................737 56.2.1 The Diagnostics Files Screen ....................738 56.3 The Packet Capture Screen ......................739 56.3.1 The Packet Capture Files Screen ..................741 56.3.2 Example of Viewing a Packet Capture File ................742 56.4 Core Dump Screen ........................742 56.4.1 Core Dump Files Screen .....................743 56.5 The System Log Screen ........................744...
Page 24 Table of Contents 61.1 Resetting the ISG50 ........................774 61.2 Getting More Troubleshooting Help ....................774 Appendix A Log Descriptions......................775 Appendix B Common Services ......................827 Appendix C Importing Certificates ....................831 Appendix D Legal Information ......................855 Index ..............................857 ISG50 User’s Guide...
Page 25: User's Guide
User’s Guide...
Page 27: Introducing The Isg50
• An Internet connection to an Internet Telephony Service Provider (ITSP): all ISG50 models • An Integrated Services Digital Network/Basic Rate Interface Network (ISDN BRI): ISG50-ISDN Each telephone connected to an IP PBX has an extension assigned to it. An extension is a unique telephone number within an organization typically consisting of only a few digits.
Page 28: Security And Routing
Chapter 1 Introducing the ISG50 company can call each other by dialing extensions. Calls to the outside world go through the IP PBX to the PSTN, ITSP, or ISDN. Figure 1 IP PBX Example ITSP Internet PSTN PSTN/ISDN The ISG50 can function as a stand alone telephone switchboard for a small organization. It can also supplement a legacy PBX within an organization by providing VoIP telephony features.
Page 29 Chapter 1 Introducing the ISG50 1.1.3.1 All-in-one Use the ISG50 to provide VoIP and security services. Figure 2 All-in-one Application Scenario Headquarters WAN1 WAN2 ITSP PSTN/ISDN VoIP Services: • VoIP phones and smartphones can make internal calls and external calls. •...
Page 30 Chapter 1 Introducing the ISG50 provides the VoIP services listed in the previous scenario, and the USG provides the security services. Here is an example. Figure 3 DMZ Installation Headquarters WAN1 WAN2 ITSP PSTN/ISDN 1.1.3.3 Parallel to a USG Connect the ISG50 to the Internet and a USG model’s LAN to give the VoIP a physically separate Internet connection to keep bursts of data traffic from impacting voice quality.
Page 31: Rack-Mounted Installation
Chapter 1 Introducing the ISG50 1.1.3.4 N-site In addition to one of the application scenarios already described, you can also use site-to-site VPNs to connect ISG50s at multiple locations. This allows peer to peer VoIP calling and faxes over IP without using an ITSP and remote dial-out to make local calls in different areas.
Page 32: Rack-Mounted Installation Procedure
Chapter 1 Introducing the ISG50 Use a #2 Phillips screwdriver to install the screws. Note: Failure to use the proper screws may damage the unit. 1.2.1 Rack-Mounted Installation Procedure Align one bracket with the holes on one side of the ISG50 and secure it with the included bracket screws (smaller than the rack-mounting screws).
Page 33: Front Panel
Figure 8 Frame Ground Frame Ground 1.4 Front Panel This section introduces the ISG50’s front panel. Figure 9 ISG50-PSTN Front Panel Figure 10 ISG50-ISDN Front Panel 1.4.1 Front Panel LEDs The following table describes the LEDs. Table 1 Front Panel LEDs COLOR...
Page 34: Pcmcia Card Installation
Chapter 1 Introducing the ISG50 Table 1 Front Panel LEDs (continued) COLOR STATUS DESCRIPTION There is no traffic on this port. Green The Ethernet port has a successful 10/100M connection but is not P1/P2 sending or sending packets. Blinking The ISG50 is sending or receiving packets on this port through a 10/100M connection.
Page 35: Starting And Stopping The Isg50
Chapter 1 Introducing the ISG50 Web Configurator The Web Configurator allows easy ISG50 setup and management using an Internet browser. This User’s Guide provides information about the Web Configurator. Figure 11 Managing the ISG50: Web Configurator Command-Line Interface (CLI) The CLI allows you to use text-based commands to configure the ISG50. You can access it using remote management (for example, SSH or Telnet) or via the console port.
Page 36 Chapter 1 Introducing the ISG50 Always use Maintenance > Shutdown > Shutdown or the shutdown command before you turn off the ISG50 or remove the power. Not doing so can cause the firmware to become corrupt. Table 3 Starting and Stopping the ISG50 METHOD DESCRIPTION Turning on the power...
Page 37: Features And Applications
H A PT ER Features and Applications This chapter introduces the main features and applications of the ISG50. 2.1 Features Voice over Internet Protocol (VoIP) Implementation The ISG50 uses SIP (Session Initiation Protocol) to communicate with other SIP devices. SIP is an internationally-recognized standard for implementing Voice over Internet Protocol (VoIP).
Page 38 Chapter 2 Features and Applications F: SIP Servers - Servers (D) located at your Internet Telephony Service Provider (ITSP) which process outgoing calls from the ISG50 and direct them to IP phones on the Internet or traditional phones on the PSTN. Figure 12 SIP Devices and the ISG50 ITSP PSTN...
Page 39 Chapter 2 Features and Applications • B - Connecting several ISG50s together to manage a larger telephone network. Figure 13 Scalable Design ITSP Automatic Call Distribution Automatic Call Distribution (ACD) allows you to distribute incoming calls to specific groups of phones connected to your telephone network.
Page 40 Chapter 2 Features and Applications Set up multiple connections to the Internet on the same port, or set up multiple connections on different ports. In either case, you can balance the loads between them. Figure 14 Applications: Multiple WAN Interfaces Virtual Private Networks (VPN) Use IPSec VPN to provide secure communication between two sites over the Internet or any insecure network that uses TCP/IP for communication.
Page 41 Chapter 2 Features and Applications travelers to provide secure access to your network. You can also set up additional connections to the Internet to provide better service. Figure 15 Applications: VPN Connectivity Flexible Security Zones Many security settings are made by zone, not by interface, port, or network. As a result, it is much simpler to set up and to change security settings in the ISG50.
Page 42 Chapter 2 Features and Applications User-Aware Access Control Set up security policies that restrict access to sensitive information and shared resources based on the user who is trying to access it. Figure 16 Applications: User-Aware Access Control Firewall The ISG50’s firewall is a stateful inspection firewall. The ISG50 restricts access by screening data packets against defined access rules.
Page 43: Web Configurator
H A PT ER Web Configurator The ISG50 Web Configurator allows easy ISG50 setup and management using an Internet browser. 3.1 Web Configurator Requirements In order to use the Web Configurator, you must • Use Internet Explorer 7 or later, or Firefox 1.5 or later •...
Page 44 Chapter 3 Web Configurator Type the user name (default: “admin”) and password (default: “1234”). If your account is configured to use an ASAS authentication server, use the OTP (One-Time Password) token to generate a number. Enter it in the One-Time Password field. The number is only good for one login.
Page 45: Web Configurator Screens Overview
Chapter 3 Web Configurator 3.3 Web Configurator Screens Overview Figure 19 Dashboard The Web Configurator screen is divided into these parts (as illustrated in Figure 19 on page 45): • A - title bar • B - navigation panel • C - main window 3.3.1 Title Bar The title bar provides some icons in the upper right corner.
Page 46: Navigation Panel
Chapter 3 Web Configurator Table 4 Title Bar: Web Configurator Icons (continued) LABEL DESCRIPTION Object Click this to open a screen where you can check which configuration items reference an Reference object. Console Click this to open the console in which you can use the command line interface (CLI). See the CLI Reference Guide for details on the commands.
Page 47 Chapter 3 Web Configurator drag it to resize them. The following sections introduce the ISG50’s navigation panel menus and their screens. Figure 22 Navigation Panel 3.3.2.1 Dashboard The dashboard displays general device information, system status, system resource usage, licensed service status, and interface status in widgets that you can re-arrange to suit your needs. See Chapter 9 on page 185 for details on the dashboard.
Page 48 Chapter 3 Web Configurator Table 6 Monitor Menu Screens Summary (continued) FOLDER OR LINK FUNCTION BRI Trunk Displays status information about ISDN BRI outbound line groups configured on the ISG50. ACD Queue Monitor phone call activity for Automatic Call Distribution (ACD) agents. System Log Lists system log entries.
Page 49 Chapter 3 Web Configurator Table 7 Configuration Menu Screens Summary (continued) FOLDER OR LINK FUNCTION IPSec VPN VPN Connection Configure IPSec tunnels. VPN Gateway Configure IKE tunnels. Control bandwidth for services passing through the ISG50. Anti-X General Display and manage ADP bindings. Profile Create and manage ADP profiles.
Page 50 Chapter 3 Web Configurator Table 7 Configuration Menu Screens Summary (continued) FOLDER OR LINK FUNCTION Call Service Auto Callback Automatically call an extension once it becomes available (ends an existing conversation). Call Park Allow users to put a call on hold at one extension and pick up the call from another extension in your organization.
Page 51 Chapter 3 Web Configurator Table 7 Configuration Menu Screens Summary (continued) FOLDER OR LINK FUNCTION Address Address Create and manage host, range, and network (subnet) addresses. Address Group Create and manage groups of addresses. Service Service Create and manage TCP and UDP services. Service Group Create and manage groups of services.
Page 52: Main Window
Chapter 3 Web Configurator 3.3.2.4 Maintenance Menu Use the maintenance menu screens to manage configuration and firmware files, run diagnostics, and reboot or shut down the ISG50. Table 8 Maintenance Menu Screens Summary FOLDER OR LINK FUNCTION File Manager Configuration File Manage and upload configuration files for the ISG50.
Page 53 Chapter 3 Web Configurator 3.3.3.2 Site Map Click Site MAP to see an overview of links to the Web Configurator screens. Click a screen’s link to go to that screen. Figure 24 Site Map 3.3.3.3 Object Reference Click Object Reference to open the Object Reference screen. Select the type of object and the individual object and click Refresh to show which configuration settings reference the object.
Page 54: Tables And Lists
Chapter 3 Web Configurator The fields vary with the type of object. The following table describes labels that can appear in this screen. Table 9 Object References LABEL DESCRIPTION Object Name This identifies the object for which the configuration settings that use it are displayed. Click the object’s name to display the object’s configuration screen in the main window.
Page 55 Chapter 3 Web Configurator Click a column heading to sort the table’s entries according to that column’s criteria. Figure 27 Sorting Table Entries by a Column’s Criteria Click the down arrow next to a column heading for more options about how to display the entries. The options available vary depending on the type of fields in the column.
Page 56 Chapter 3 Web Configurator Select a column heading and drag and drop it to change the column order. A green check mark displays next to the column’s title when you drag the column to a valid new location. Figure 30 Changing the Column Order Use the icons and fields at the bottom of the table to navigate to different pages of entries and control how many entries display at a time.
Page 57 Chapter 3 Web Configurator Table 10 Common Table Icons (continued) LABEL DESCRIPTION Inactivate To turn off an entry, select it and click Inactivate. Connect To connect an entry, select it and click Connect. Disconnect To disconnect an entry, select it and click Disconnect. Object References Select an entry and click Object References to open a screen that shows which settings use the entry.
Page 58 Chapter 3 Web Configurator 3.3.4.5 iNotes The iNote icon is a green square with an ‘i’. Hover your cursor over the icon to display information. Figure 34 iNotes ISG50 User’s Guide...
Page 59: Installation Setup Wizard
H A PT ER Installation Setup Wizard 4.1 Installation Setup Wizard Screens If you log into the Web Configurator when the ISG50 is using its default configuration, the first Installation Setup Wizard screen displays. This wizard helps you configure Internet connection settings and activate subscription services.
Page 60: Internet Access: Ethernet
Chapter 4 Installation Setup Wizard Note: Enter the Internet access information exactly as your ISP gave it to you. Figure 36 Internet Access: Step 1 • I have two ISPs: Select this option to configure two Internet connections. Leave it cleared to configure just one.
Page 61 Chapter 4 Installation Setup Wizard Note: Enter the Internet access information exactly as given to you by your ISP. Figure 37 Internet Access: Ethernet Encapsulation • Encapsulation: This displays the type of Internet connection you are configuring. • First WAN Interface: This is the number of the interface that will connect with your ISP. •...
Page 62: Internet Access: Pppoe
Chapter 4 Installation Setup Wizard 4.1.3 Internet Access: PPPoE Note: Enter the Internet access information exactly as given to you by your ISP. Figure 38 Internet Access: PPPoE Encapsulation 4.1.3.1 ISP Parameters • Type the PPPoE Service Name from your service provider. PPPoE uses a service name to identify and reach the PPPoE server.
Page 63: Internet Access: Pptp
Chapter 4 Installation Setup Wizard • First / Second DNS Server: These fields display if you selected static IP address assignment. The Domain Name System (DNS) maps a domain name to an IP address and vice versa. Enter a DNS server's IP address(es). The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.
Page 64 Chapter 4 Installation Setup Wizard • Select Nailed-Up if you do not want the connection to time out. Otherwise, type the Idle Timeout in seconds that elapses before the router automatically disconnects from the PPTP server. 4.1.5.1 PPTP Configuration • Base Interface: This identifies the Ethernet interface you configure to connect with a modem or router.
Page 65: Internet Access Setup - Second Wan Interface
Chapter 4 Installation Setup Wizard 4.1.6 Internet Access Setup - Second WAN Interface If you selected I have two ISPs, after you configure the First WAN Interface, you can configure the Second WAN Interface. The screens for configuring the second WAN interface are similar to the first (see Section 4.1.1 on page 59).
Page 66: Internet Access - Finish
Chapter 4 Installation Setup Wizard 4.1.7 Internet Access - Finish You have set up your ISG50 to access the Internet. After configuring the WAN interface(s), a screen displays with your settings. If they are not correct, click Back. Figure 41 Internet Access: Ethernet Encapsulation Note: If you have not already done so, you can register your ISG50 with myZyXEL.com.
Page 67 Chapter 4 Installation Setup Wizard Use the Registration > Service screen to update your service subscription status. Figure 42 Registration • Select new myZyXEL.com account if you haven’t created an account at myZyXEL.com, select this option and configure the following fields to create an account and register your ISG50. •...
Page 68 Chapter 4 Installation Setup Wizard • Country Code: Select your country from the drop-down box list. Figure 43 Registration: Registered Device ISG50 User’s Guide...
Page 69: Quick Setup
H A PT ER Quick Setup 5.1 Quick Setup Overview The Web Configurator's quick setup wizards help you configure Internet and VPN connection settings. This chapter provides information on configuring the quick setup screens in the Web Configurator. See the feature-specific chapters in this User’s Guide for background information. In the Web Configurator, click Configuration >...
Page 70: Wan Interface Quick Setup
Chapter 5 Quick Setup 5.2 WAN Interface Quick Setup Click WAN Interface in the main Quick Setup screen to open the WAN Interface Quick Setup Wizard Welcome screen. Use these screens to configure an interface to connect to the internet. Click Next.
Page 71: Select Wan Type
Chapter 5 Quick Setup 5.2.2 Select WAN Type WAN Type Selection: Select the type of encapsulation this connection is to use. Choose Ethernet when the WAN port is used as a regular Ethernet. Otherwise, choose PPPoE or PPTP for a dial-up connection according to the information from your ISP.
Page 72: Configure Wan Settings
Chapter 5 Quick Setup 5.2.3 Configure WAN Settings Use this screen to select whether the interface should use a fixed or dynamic IP address. Figure 48 WAN Interface Setup: Step 2 • WAN Interface: This is the interface you are configuring for Internet access. •...
Page 73 Chapter 5 Quick Setup Note: Enter the Internet access information exactly as your ISP gave it to you. Figure 49 WAN and ISP Connection Settings: (PPTP Shown) The following table describes the labels in this screen. Table 11 WAN and ISP Connection Settings LABEL DESCRIPTION ISP Parameter...
Page 74 Chapter 5 Quick Setup Table 11 WAN and ISP Connection Settings (continued) LABEL DESCRIPTION Retype to Type your password again for confirmation. Confirm Nailed-Up Select Nailed-Up if you do not want the connection to time out. Idle Timeout Type the time in seconds that elapses before the router automatically disconnects from the PPPoE server.
Page 75: Quick Setup Interface Wizard: Summary
Chapter 5 Quick Setup 5.2.5 Quick Setup Interface Wizard: Summary This screen displays the WAN interface’s settings. Figure 50 Interface Wizard: Summary WAN (PPTP Shown) The following table describes the labels in this screen. Table 12 Interface Wizard: Summary WAN LABEL DESCRIPTION Encapsulation...
Page 76: Vpn Quick Setup
Chapter 5 Quick Setup 5.3 VPN Quick Setup Click VPN Setup in the main Quick Setup screen to open the VPN Setup Wizard Welcome screen. The VPN wizard creates corresponding VPN connection and VPN gateway settings and address objects that you can use later in configuring more VPN connections or other features. Click Next.
Page 77: Vpn Setup Wizard: Wizard Type
Chapter 5 Quick Setup 5.4 VPN Setup Wizard: Wizard Type A VPN (Virtual Private Network) tunnel is a secure connection to another computer, smartphone, or network. Use this screen to select which type of VPN connection you want to configure. Figure 52 VPN Setup Wizard: Wizard Type Express: Use this wizard to create a VPN connection with another ISG50 using a pre-shared key and default security settings.
Page 78: Vpn Express Wizard - Scenario
Chapter 5 Quick Setup 5.5 VPN Express Wizard - Scenario Click the Express radio button as shown in Figure 52 on page 77 to display the following screen. Figure 53 VPN Express Wizard: Step 2 Rule Name: Type the name used to identify this VPN connection (and VPN gateway). You may use 1-31 alphanumeric characters, underscores (_), or dashes (-), but the first character cannot be a number.
Page 79: Vpn Express Wizard - Configuration
Chapter 5 Quick Setup 5.5.1 VPN Express Wizard - Configuration Figure 54 VPN Express Wizard: Step 3 • Secure Gateway: If Any displays in this field, it is not configurable for the chosen scenario. If this field is configurable, enter the WAN IP address or domain name of the remote IPSec device (secure gateway) to identify the remote IPSec router by its IP address or a domain name.
Page 80: Vpn Express Wizard - Summary
Chapter 5 Quick Setup 5.5.2 VPN Express Wizard - Summary This screen provides a read-only summary of the VPN tunnel’s configuration and also commands that you can copy and paste into another ISG50’s command line interface to configure it. Figure 55 VPN Express Wizard: Step 4 •...
Page 81: Vpn Express Wizard - Finish
Chapter 5 Quick Setup 5.5.3 VPN Express Wizard - Finish Now you can use the VPN tunnel. Figure 56 VPN Express Wizard: Finish Note: If you have not already done so, use the myZyXEL.com link and register your ISG50 with myZyXEL.com. Click Close to exit the wizard.
Page 82: Vpn Advanced Wizard - Scenario
Chapter 5 Quick Setup 5.5.4 VPN Advanced Wizard - Scenario Click the Advanced radio button as shown in Figure 52 on page 77 to display the following screen. Figure 57 VPN Advanced Wizard: Scenario Rule Name: Type the name used to identify this VPN connection (and VPN gateway). You may use 1-31 alphanumeric characters, underscores (_), or dashes (-), but the first character cannot be a number.
Page 83: Vpn Advanced Wizard - Phase 1 Settings
Chapter 5 Quick Setup 5.5.5 VPN Advanced Wizard - Phase 1 Settings There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA (Security Association). Figure 58 VPN Advanced Wizard: Phase 1 Settings •...
Page 84: Vpn Advanced Wizard - Phase 2
Chapter 5 Quick Setup • SA Life Time: Set how often the ISG50 renegotiates the IKE SA. A short SA life time increases security, but renegotiation temporarily disconnects the VPN tunnel. • NAT Traversal: Select this if the VPN tunnel must pass through NAT (there is a NAT router between the IPSec devices).
Page 85: Vpn Advanced Wizard - Summary
Chapter 5 Quick Setup • Perfect Forward Secrecy (PFS): Disabling PFS allows faster IPSec setup, but is less secure. Select DH1, DH2 or DH5 to enable PFS. DH5 is more secure than DH1 or DH2 (although it may affect throughput). DH1 refers to Diffie-Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number.
Page 86: Vpn Advanced Wizard - Finish
Chapter 5 Quick Setup 5.5.8 VPN Advanced Wizard - Finish Now you can use the VPN tunnel. Figure 61 VPN Wizard: Step 6: Advanced Note: If you have not already done so, you can register your ISG50 with myZyXEL.com and activate trials of services. Click Close to exit the wizard.
Page 87: Configuration Basics
H A PT ER Configuration Basics This information is provided to help you configure the ISG50 effectively. Some of it is helpful when you are just getting started. Some of it is provided for your reference when you configure various features in the ISG50.
Page 88 Chapter 6 Configuration Basics • FXS (Foreign Exchange Subscriber) Extension - This is an extension assigned to an analog phone directly connected to an FXS port on the ISG50 (See Figure 62 on page 88). The FXS ports on the ISG50 work the same way as the phone sockets in your home. In your home you are a subscriber to the telephone services of your local telephone company and when you connect an analog phone to the ISG50 you subscribe to the telephone services of the ISG50.
Page 89: Internal Call Routing
Chapter 6 Configuration Basics • Auto-Attendant - This is a feature which routes incoming calls to their proper extension. An auto-attendant is assigned to each outbound line group and it services incoming calls on those lines. If your organization has two outbound line groups, each with a specific telephone number for incoming calls, then you can assign a different auto-attendant for each incoming line.
Page 90 Chapter 6 Configuration Basics In the most basic setup example an organization has one authority group (with all of the company’s extensions), one outbound line group and an LCR which grants the authority group access to outbound lines. Everyone in the organization has the same rights to use outbound lines. Figure 64 Outbound Call Routing - Basic Authority Outbound...
Page 91: Object-Based Configuration
Chapter 6 Configuration Basics 6.2 Object-based Configuration The ISG50 stores information or settings as objects. You use these objects to configure many of the ISG50’s features and settings. Once you configure an object, you can reuse it in configuring other features.
Page 92: Zones, Interfaces, And Physical Ports
Chapter 6 Configuration Basics 6.3 Zones, Interfaces, and Physical Ports Zones (groups of interfaces and VPN tunnels) simplify security settings. Here is an overview of zones, interfaces, and physical ports in the ISG50. Zones, Interfaces, and Physical Ethernet Ports Figure 66 Zones LAN1 LAN2...
Page 93: Default Interface And Zone Configuration
Chapter 6 Configuration Basics • Virtual interfaces increase the amount of routing information in the ISG50. There are three types: virtual Ethernet interfaces (also known as IP alias), virtual VLAN interfaces, and virtual bridge interfaces. 6.3.2 Default Interface and Zone Configuration This section introduces the ISG50’s default zone member physical interfaces and the default configuration of those interfaces.
Page 94: Terminology In The Isg50
Chapter 6 Configuration Basics 6.4 Terminology in the ISG50 This section highlights some terminology or organization for the ISG50. Table 15 ISG50 Terminology FEATURE / TERM ISG50 FEATURE / TERM IP alias Virtual interface Gateway policy VPN gateway Network policy (IPSec SA) VPN connection Source NAT (SNAT) Policy route...
Page 95: Routing Table Checking Flow
Chapter 6 Configuration Basics • Automatic SNAT and WAN trunk routing for traffic going from internal to external interfaces (you don’t need to configure anything to all LAN to WAN traffic). The ISG50 automatically adds all of the external interfaces to the default WAN trunk. External interfaces include ppp and cellular interfaces as well as any Ethernet interfaces that are set as external interfaces.
Page 96: Nat Table Checking Flow
Chapter 6 Configuration Basics Policy Routes: These are the user-configured policy routes. Configure policy routes to send packets through the appropriate interface or VPN tunnel. See Chapter 14 on page 289 for more on policy routes. 1 to 1 and Many 1 to 1 NAT: These are the 1 to 1 NAT and many 1 to 1 NAT rules. If a private network server will initiate sessions to the outside clients, create a 1 to 1 NAT entry to have the ISG50 translate the source IP address of the server’s outgoing traffic to the same public IP address that the outside clients use to access the server.
Page 97: Other Features Configuration Overview
Chapter 6 Configuration Basics SNAT defined in the policy routes. 1 to 1 SNAT (including Many 1 to 1) is also included in the NAT table. NAT loopback is now included in the NAT table instead of requiring a separate policy route. SNAT is also now performed by default and included in the NAT table.
Page 98: Licensing Registration
Chapter 6 Configuration Basics 6.6.2 Licensing Registration Use these screens to register your ISG50 and subscribe to services. You must have Internet access to myZyXEL.com. Configuration > Licensing > Registration MENU ITEM(S) Internet access to myZyXEL.com PREREQUISITES 6.6.3 Interface Section 6.3 on page 92 for background information.
Page 99: Static Routes
Chapter 6 Configuration Basics Criteria: users, user groups, interfaces (incoming), IPSec VPN (incoming), addresses (source, destination), address groups (source, destination), schedules, services, service groups PREREQUISITES Next-hop: addresses (HOST gateway), IPSec VPN, trunks, interfaces NAT: addresses (translated address), services and service groups (port triggering) Example: You have an FTP server connected to P6 (in the DMZ zone).
Page 100: Ddns
Chapter 6 Configuration Basics Zones cannot overlap. Each interface and VPN tunnel can be assigned to at most one zone. Virtual interfaces are automatically assigned to the same zone as the interface on which they run. When you create a zone, the ISG50 does not create any firewall rule or configure remote management for the new zone.
Page 101: Http Redirect
Chapter 6 Configuration Basics 6.6.10 HTTP Redirect Configure this feature to have the ISG50 transparently forward HTTP (web) traffic to a proxy server. This can speed up web browsing because the proxy server keeps copies of the web pages that have been accessed so they are readily available the next time one of your users needs to access that page.
Page 102: Ipsec Vpn
Chapter 6 Configuration Basics To-ISG50 firewall rules control access to the ISG50. Configure to-ISG50 firewall rules for remote management. By default, the firewall only allows management connections from the LAN or WAN zone. Configuration > Firewall MENU ITEM(S) Zones, schedules, users, user groups, addresses (source, destination), address groups PREREQUISITES (source, destination), services, service groups Example: Suppose you have a SIP proxy server connected to the DMZ zone for VoIP calls.
Page 103: Adp
Chapter 6 Configuration Basics Examples: Suppose you want to give a user named Bob FTP access but with a limited download speed of 200 kbps from LAN (FTP client) to WAN (FTP server). Create user account for Bob. Click BWM > Add New Policy. Select the user account that you created for Bob. Select from LAN zone to WAN zone (default).
Page 104: User/Group
Chapter 6 Configuration Basics 6.7.1 User/Group Use these screens to configure the ISG50’s administrator and user accounts. The ISG50 provides the following user types. Table 17 User Types TYPE ABILITIES admin Change ISG50 configuration (web, CLI) limited-admin Look at ISG50 configuration (web) user Access network services, browse user-mode commands (CLI) guest...
Page 105: Logs And Reports
Chapter 6 Configuration Basics Click Configuration > System > WWW to configure the HTTP management access. Enable HTTPS and add an administrator service control entry. • Select the address object for the administrator’s computer. • Select the WAN zone. • Set the action to Accept. 6.8.2 Logs and Reports The ISG50 provides a system log, offers two e-mail profiles to which to send log messages, and sends information to four syslog servers.
Page 106 Chapter 6 Configuration Basics ISG50 User’s Guide...
Page 107: General Tutorials
H A PT ER General Tutorials Here are examples of using the Web Configurator to configure general settings in the ISG50. See Chapter 8 on page 135 for how to configure PBX settings. Note: The tutorials featured here require a basic understanding of connecting to and using the Web Configurator, see Chapter 3 on page 43 for details.
Page 108: Configure A Wan Ethernet Interface
Chapter 7 General Tutorials 7.1.1 Configure a WAN Ethernet Interface You need to assign the ISG50’s wan1 interface a static IP address of 1.2.3.4. Click Configuration > Network > Interface > Ethernet and double-click the wan1 interface’s entry. Select Use Fixed IP Address and configure the IP address, subnet mask, and default gateway settings and click OK.
Page 109: How To Configure A Cellular Interface
Chapter 7 General Tutorials Select WIZ_VPN and move it to the Member box and click OK. Figure 74 Configuration > Network > Zone > IPSec_VPN Edit 7.2 How to Configure a Cellular Interface Use 3G cards for cellular WAN (Internet) connections. See www.zyxel.com for a list of the compatible 3G devices.
Page 110 Chapter 7 General Tutorials Figure 76 Configuration > Network > Interface > Cellular > Edit Note: The Network Selection is set to Auto by default. This means that the 3G USB modem may connect to another 3G network when your service provider is not in range or when necessary.
Page 111: How To Configure Load Balancing
Chapter 7 General Tutorials To fine-tune the load balancing configuration, see Chapter 13 on page 281. See also Section 7.3 on page 111 for an example. 7.3 How to Configure Load Balancing This example shows how to configure a trunk for two WAN connections (to the Internet). The available bandwidth for the connections is 1Mbps (wan1) and 512 Kbps (wan2) respectively.
Page 112: Configure The Wan Trunk
Chapter 7 General Tutorials Figure 79 Configuration > Network > Interface > Ethernet > Edit (wan1) Repeat the process to set the egress bandwidth for wan2 to 512 Kbps. 7.3.2 Configure the WAN Trunk Click Configuration > Network > Interface > Trunk. Click the Add icon. Name the trunk and set the Load Balancing Algorithm field to Weighted Round Robin.
Page 113: How To Set Up An Ipsec Vpn Tunnel
Chapter 7 General Tutorials Figure 80 Configuration > Network > Interface > Trunk > Add Select the trunk as the default trunk and click Apply. Figure 81 Configuration > Network > Interface > Trunk 7.4 How to Set Up an IPSec VPN Tunnel This example shows how to use the IPSec VPN configuration screens to create the following VPN tunnel, see Section 5.4 on page 77...
Page 114: Set Up The Vpn Gateway
Chapter 7 General Tutorials Figure 82 VPN Example 2.2.2.2 1.2.3.4 192.168.1.0/24 172.16.1.0/24 In this example, the ISG50 is router X (1.2.3.4), and the remote IPSec router is router Y (2.2.2.2). Create the VPN tunnel between ISG50 X’s LAN subnet (192.168.1.0/24) and the LAN subnet behind peer IPSec router Y (172.16.1.0/24).
Page 115: Set Up The Vpn Connection
Chapter 7 General Tutorials Figure 83 Configuration > VPN > IPSec VPN > VPN Gateway > Add 7.4.2 Set Up the VPN Connection The VPN connection manages the IPSec SA. You have to set up the address objects for the local network and remote network before you can set up the VPN connection.
Page 116: Configure Security Policies For The Vpn Tunnel
Chapter 7 General Tutorials Enable the VPN connection and name it (“VPN_CONN_EXAMPLE”). Under VPN Gateway select Site-to-site and the VPN gateway (VPN_GW_EXAMPLE). Under Policy, select LAN1_SUBNET for the local network and VPN_REMOTE_SUBNET for the remote. Click OK. Figure 85 Configuration > VPN > IPSec VPN > VPN Connection > Add Now set up the VPN settings on the peer IPSec router and try to establish the VPN tunnel.
Page 117: Set Up User Accounts
Chapter 7 General Tutorials example that does not include priorities for different types of traffic. See Chapter 25 on page 397 for more on bandwidth management. Table 18 User-aware Access Control Example LAN1-TO-DMZ GROUP (USER) SURFING BANDWIDTH ACCESS Finance (Leo) 200K Engineer (Steven) 100K...
Page 118: Set Up User Groups
Chapter 7 General Tutorials 7.5.2 Set Up User Groups Set up the user groups and assign the users to the user groups. Click Configuration > Object > User/Group > Group. Click the Add icon. Enter the name of the group that is used in the example in Table 18 on page 117.
Page 119 Chapter 7 General Tutorials Figure 88 Configuration > Object > AAA Server > RADIUS > Add Click Configuration > Object > Auth. method. Double-click the default entry. Click the Add icon. Select group radius because the ISG50 should use the specified RADIUS server for authentication.
Page 120: How To Use A Radius Server To Authenticate User Accounts Based On Groups
Chapter 7 General Tutorials Figure 90 Configuration > Object > User/Group > Setting > Add (Force User Authentication Policy) When the users try to browse the web (or use any HTTP/HTTPS application), the Login screen appears. They have to log in using the user name and password in the RADIUS server. 7.6 How to Use a RADIUS Server to Authenticate User Accounts Based on Groups The previous example showed how to have a RADIUS server authenticate individual user accounts.
Page 121 Chapter 7 General Tutorials Figure 91 Configuration > Object > AAA Server > RADIUS > Add Now you add ext-group-user user objects to identify groups based on the group identifier values. Set up one user account for each group of user accounts in the RADIUS server. Click Configuration >...
Page 122: How To Use Authentication Policies
Chapter 7 General Tutorials 7.7 How to Use Authentication Policies Here is how to use authentication policies to make sure that users log in before they are allowed to access the network. 7.7.1 Configure the Authentication Policy Click Configuration > Auth. Policy and then the Authentication Policy Summary’s Add icon to open the Auth.
Page 123: How To Configure Service Control
Chapter 7 General Tutorials Figure 94 Configuration > Auth. Policy 7.8 How to Configure Service Control Service control lets you configure rules that control HTTP and HTTPS management access (to the Web Configurator) and separate rules that control HTTP and HTTPS user access. See Chapter 52 on page 665 for more on service control.
Page 124 Chapter 7 General Tutorials Figure 95 Configuration > System > WWW In the Zone field select LAN1 and click OK. Figure 96 Configuration > System > WWW > Service Control Rule Edit Select the new rule and click the Add icon. Figure 97 Configuration >...
Page 125: How To Allow Incoming H.323 Peer-To-Peer Calls
Chapter 7 General Tutorials Figure 98 Configuration > System > WWW > Service Control Rule Edit Click Apply. Figure 99 Configuration > System > WWW (Second Example Admin Service Rule Configured) Now administrator access to the Web Configurator can only come from the LAN1 zone. Non-admin users can still use HTTPS to log into the ISG50 from any of the ISG50’s zones.
Page 126: Turn On The Alg
Chapter 7 General Tutorials Figure 100 WAN to LAN H.323 Peer-to-peer Calls Example 192.168.1.56 10.0.0.8 7.9.1 Turn On the ALG Click Configuration > Network > ALG. Select Enable H.323 ALG and Enable H.323 transformations and click Apply. Figure 101 Configuration > Network > ALG 7.9.2 Set Up a NAT Policy For H.323 In this example, you need a NAT policy to forward H.323 (TCP port 1720) traffic received on the ISG50’s 10.0.0.8 WAN IP address to LAN1 IP address 192.168.1.56.
Page 127 Chapter 7 General Tutorials Figure 102 Create Address Objects Click Configuration > Network > NAT > Add. Configure a name for the rule (WAN-LAN_H323 here). You want the LAN H.323 device to receive peer-to-peer calls from the WAN and also be able to initiate calls to the WAN so you set the Classification to NAT 1:1.
Page 128: Set Up A Firewall Rule For H.323
Chapter 7 General Tutorials Figure 103 Configuration > Network > NAT > Add 7.9.3 Set Up a Firewall Rule For H.323 The default firewall rule for WAN-to-LAN traffic drops all traffic. Here is how to configure a firewall rule to allow H.323 (TCP port 1720) traffic received on the WAN_IP-for-H323 IP address to go to LAN1 IP address 192.168.1.56.
Page 129: How To Allow Public Access To A Web Server
Chapter 7 General Tutorials Figure 104 Configuration > Firewall > Add 7.10 How to Allow Public Access to a Web Server This is an example of making an HTTP (web) server in the DMZ zone accessible from the Internet (the WAN zone). In this example you have public IP address 1.1.1.1 that you will use on the wan1 interface and map to the HTTP server’s private IP address of 192.168.3.7.
Page 130: Configure Nat
Chapter 7 General Tutorials Figure 106 Creating the Address Object for the HTTP Server’s Private IP Address Create a host address object named Public_HTTP_Server_IP for the public WAN IP address 1.1.1.1. Figure 107 Creating the Address Object for the Public IP Address 7.10.2 Configure NAT You need a NAT rule to send HTTP traffic coming to IP address 1.1.1.1 on wan1 to the HTTP server’s private IP address of 192.168.3.7.
Page 131: Set Up A Firewall Rule
Chapter 7 General Tutorials Figure 108 Creating the NAT Entry 7.10.3 Set Up a Firewall Rule The firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to allow the public to send HTTP traffic to IP address 1.1.1.1 in order to access the HTTP server.
Page 132: How To Use Multiple Static Public Wan Ip Addresses For Lan To Wan Traffic
Chapter 7 General Tutorials Figure 109 Configuration > Firewall > Add 7.11 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic If your ISP gave you a range of static public IP addresses, here is how to configure a policy route to have the ISG50 use them for traffic it sends out from the LAN.
Page 133 Chapter 7 General Tutorials Although adding a description is optional, it is recommended. This example uses LAN-to-WAN- Range. Specifying a Source Address is also optional although recommended. This example uses LAN_SUBNET1. Set the Source Network Address Translation to Public-IPs and click OK. Figure 111 Configuring the Policy Route ISG50 User’s Guide...
Page 134 Chapter 7 General Tutorials 7.12 Initial Setup Video Use Adobe Reader 9 or later or a recent version of Foxit Reader to play this video. After clicking play, you may need to confirm that you want to play the content and click play again. ISG50 User’s Guide...
Page 135: Pbx Tutorials
H A PT ER PBX Tutorials Here are examples of using the web configurator to set up and use the ISG50 for a telephone network as shown in the following figure. Figure 112 Tutorial Overview PSTN / ISDN ITSP The tutorials include: Table 19 Tutorials Overview TUTORIAL GOAL STEPS...
Page 136: Making Internal Calls
Chapter 8 PBX Tutorials Table 19 Tutorials Overview TUTORIAL GOAL STEPS Using Call Features • Customizing Feature Codes • Using the Voicemail Feature Using the Extension Portal • Your Information • Accessing the Extension Portal • Changing Your Security Information •...
Page 137 Chapter 8 PBX Tutorials In the web configurator, click Configuration > PBX > Extension Management > Authority Group to open the Authority Group screen. Click the Add icon to open the Add screen. Enter the name of the group (Basic in this example) and type 1-5 digits to use as an ID for this authority group (345 here).
Page 138 Chapter 8 PBX Tutorials The SIP username for extension 1001 is 1001 and the SIP password for this extension is 11100199. You do not need to configure the Prefix and Postfix values as long as the SIP password length is at least four digits long. Click OK and wait for the ISG50 to create the extensions.
Page 139 Chapter 8 PBX Tutorials The SIP extensions display in the Edit Authority Group Basic screen. Click OK. Keep a list of the SIP passwords (the Prefix + Extension Number + Postfix combinations). When you deploy the network’s IP phones, you will need this information for SIP registration. See Section 8.1.2 on page 140 for information on configuring your IP phones.
Page 140: Connect Ip Phones
Chapter 8 PBX Tutorials 8.1.2 Connect IP Phones You can now set up your IP phones. For example, you can connect all of the IP phones and the ISG50 to an Ethernet switch and assign all the IP phones IP addresses in the same subnet. Figure 114 Connect IP Phones IP = 172.23.37.201 IP = 172.23.37.101...
Page 141: Auto Provisioning
Chapter 8 PBX Tutorials Complete the SIP registration for all the IP phones on your network. When all the phones are registered, you can make internal calls by dialing the extension number assigned to each phone. 8.2 Auto Provisioning You can have snom VoIP phones get a configuration text file from the ISG50. The configuration file contains the SIP settings that the SIP device uses to register with the ISG50.
Page 142: Configuring The Snom Voip Phones For Auto Provisioning
Chapter 8 PBX Tutorials Click Configuration > PBX > Auto Provision. Then double-click a SIP extension entry. Enter the SIP device’s MAC address and select what model it is. Click OK. Repeat these steps to map each SIP extension to a snom device’s MAC. 8.2.1 Configuring the snom VoIP Phones for Auto Provisioning Configure the snom phones to receive configuration information from the ISG50.
Page 143: Making Pstn Calls
Chapter 8 PBX Tutorials 8.3 Making PSTN Calls The following section shows you how to make and receive calls via a connection to the PSTN. This example covers: • The PSTN Connection - configuring the outbound line group (connection settings) from the FXO ports to the PSTN.
Page 144: Creating A Dialing Rule For Pstn
Chapter 8 PBX Tutorials In the web configurator, click Configuration > PBX > Outbound Line Management > Outbound Trunk Group to open the Outbound Trunk Group screen. In the FXO Settings section click the Add icon to open the following screen. Enter the name of the group (PSTN1 in this example) and select the FXO ports that are to be members.
Page 145 Chapter 8 PBX Tutorials The LCRs determine which outside line the ISG50 should use to complete outbound calls. In our example we want to use the PSTN1 outbound line group to complete local calls. Figure 119 Outbound Calls via PSTN LocalCall PSTN 1001...
Page 146: Assigning An Lcr To An Authority Group
Chapter 8 PBX Tutorials • Click OK. Click OK again and you are done configuring the LCR. However, before it can be used by any of the phones connected to the ISG50, the LCR needs to be assigned to an appropriate authority group. 8.3.3 Assigning an LCR to an Authority Group Now add the LCR to an authority group to give the extensions in that group the right to use an LCR (outbound dial condition).
Page 147: Making Itsp Calls
Chapter 8 PBX Tutorials Select the LocalCall entry’s Association checkbox. Click OK. You can now use the telephones that are part of the FXOTrunk authority group to make outbound calls using the PSTN connection. The following figure summarizes the outbound call process for this example.
Page 148: The Itsp Connection
Chapter 8 PBX Tutorials • Assigning an LCR to an Authority Group - giving extensions the right to make outbound calls via the ITSP connection. The ISG50 matches this number with an LCR, applies an offset (strips off the 1), add a dial plan prefix 016 to the start of the number and routes the call to ITSP.
Page 149 Chapter 8 PBX Tutorials In the web configurator, click Configuration > PBX > Outbound Line Management > Outbound Line Group. ISG50 User’s Guide...
Page 150 Chapter 8 PBX Tutorials Click the Add icon in the SIP Trunk section. Enter the name of the group (“ITSP1” in this example). Fill in the other fields with the information provided by your ITSP (in our example we use the sample information as shown in Table 20 on page 148).
Page 151: Creating A Dialing Rule For Itsp
Chapter 8 PBX Tutorials People from the outside world can now call the ISG50 using the numbers provided by your ITSP. The default AA prompts the callers to dial the extension they would like to reach. See Section 8.4.2 on page 151 for information on how to set up a dialing rule so that the extensions on your network can make calls via your ITSP.
Page 152: Assigning An Lcr To An Authority Group
Chapter 8 PBX Tutorials The Dial Condition screen appears. • Type 1XXXXX followed by a period (.) in the Dial Condition field. This means that this LCR will be used when callers dial any 7 or greater digit number that begins with a 1. The X stands for any digit 0 to 9 and is used to create a minimum length condition.
Page 153 Chapter 8 PBX Tutorials Click Configuration > PBX > Group Management and double-click the Basic entry. Select the LongDistance entry’s checkbox in the Association column and click OK. ISG50 User’s Guide...
Page 154: Making Isdn Calls
Chapter 8 PBX Tutorials You can now use the telephones that are part of the Basic authority group to make long distance calls using the ITSP connection. The following figure summarizes the outbound call process for this example. The ISG50 matches this number with the long_distance_call LCR, applies the offset (strips off the 1), adds the prefix 016 to the start of...
Page 155: The Isdn Connection
Chapter 8 PBX Tutorials 8.5.1 The ISDN Connection Refer to the Quick Start Guide to connect your telephone cables to the outlets that connect to your local telephone company. The front of your ISG50 should look as shown in the following figure. Figure 123 BRI Connection ISDN In the web configurator, click Configuration >...
Page 156: Creating A Dialing Rule For Isdn
Chapter 8 PBX Tutorials Enter the name of the group (BRI1 in this example). Assume you want calls to be answered by the Auto-Attendant, so select AA. Select the BRI ports that are to be members and click OK. People from the outside world can now call the ISG50 using the ISDN numbers provided by your local telephone company.
Page 157 Chapter 8 PBX Tutorials In the web configurator, click Configuration > PBX > Outbound Line Management > LCR > Add. Enter a name and description for the dialing rule (the LCR is named ISDN_call in this example). Select the outbound line group from the pool column that you want to add to this LCR (in our example this is BRI1 as configured in Section 8.5.1 on page 155), then click the Right icon to...
Page 158: Assigning An Lcr To An Authority Group
Chapter 8 PBX Tutorials • Click OK. Click OK again and you are done configuring the LCR. However, before it can be used by any of the phones connected to the ISG50, the LCR needs to be assigned to an appropriate authority group. 8.5.3 Assigning an LCR to an Authority Group The Group Management screen allows you to give an authority group (and the extensions in that group) the right to use an LCR (outbound dial condition).
Page 159: Isdn Network Configuration Examples
Chapter 8 PBX Tutorials Select the ISDN_call entry’s checkbox in the Association column and click OK. You can now use the telephones that are part of the Basic authority group to make outbound calls using the ISDN connection. The following figure summarizes the outbound call process for this example.
Page 160: Example 1: Small/Medium Business
Chapter 8 PBX Tutorials The following figure shows the three examples (1 ~ 3). Figure 125 ISDN Network Configuration ISDN Line 8.6.1 Example 1: Small/Medium Business For a small/medium company, the ISG50 is the only device that forwards ISDN calls between the company and the telephone service provider.
Page 161: Example 2: Company With Existing Pbx
Chapter 8 PBX Tutorials • If you want outsiders to dial in directly to extensions without going through the Auto-Attendant, follow the instructions until step 2, select DDI/DID and configure the settings as following. In the DDI/DID Mapping Setting section, define DDI/DID Mask (the digits of the Directory Number on the right) for extension mappings.
Page 162: Example 3: Company With Existing Pbx And Expanding Employees
Chapter 8 PBX Tutorials • If you don’t want incoming calls to go through the Auto-Attendant, select Direct. • If you are using BRI line(s) and you want to have multiple subscriber numbers on one port, select MSN and configure the settings. Note: We don’t use DDI/DID in this type of example because DDI/DID is mainly used for outsiders to call extensions.
Page 163: Using Call Features
Chapter 8 PBX Tutorials • Like Example 2, you can also select Direct (if you want the callers from the PBX’s extensions to the ISG50’s not to go through the Auto-Attendant) or MSN (if you are using BRI line(s) and you want to have multiple subscriber numbers on one port).
Page 164: Using The Extension Portal
Chapter 8 PBX Tutorials 8.8 Using the Extension Portal Every phone user has a personal extension portal on the ISG50. You can log in and make changes to your account setup, and IP phone users also use the web phone. The web phone is just like the telephone you usually use to make calls from this extension;...
Page 165: Using The Web Phone (Ip Phone Users Only)
Chapter 8 PBX Tutorials Continue past any warning messages to the Login screen. Click the Extension Portal tab. Figure 128 Extension Portal Log In Enter your extension number (“1001”) in the Extension Number field, and enter your PIN code (“5678”) in the PIN Code field. Click SIP Login. 8.8.3 Using the Web Phone (IP Phone Users Only) The Web Phone screen opens.
Page 166: Changing Your Security Information
Chapter 8 PBX Tutorials The Web Phone screen displays. Figure 130 Tutorial: The Web Phone Note: Make sure you have a headset (or speakers and a microphone) connected to your computer, and that your sound card is working correctly (try listening to an audio file or recording a voice note to check, if there is a problem).
Page 167: Personalizing Your Settings
Chapter 8 PBX Tutorials Note: The SIP Auth Password field does not display if you connect to the ISG50 using a regular analog telephone system. Figure 131 Tutorial: Changing Security Information • Enter the new SIP Auth Password and enter it again in the next field. Click Apply. •...
Page 168 Chapter 8 PBX Tutorials The following screen displays. Figure 132 Tutorial: Configuring Call Settings ISG50 User’s Guide...
Page 169 Chapter 8 PBX Tutorials The following table shows the example call setting information. You can also use this table to make a note of the call settings you want to configure, if you like. Table 23 Tutorial: Call Settings EXAMPLE INFORMATION YOUR INFORMATION Office Hours Monday ~ Friday, 09:00-17:30...
Page 170: Setting Up Voicemail
Chapter 8 PBX Tutorials 8.8.6 Setting Up Voicemail Next, you can set up your voicemail inbox to automatically send your received messages as audio files to your email inbox. It is recommended that you do this so that your voicemail inbox does not fill up (if it fills up, no new messages can be recorded).
Page 171: Capturing Packets Using The Web Configurator
Chapter 8 PBX Tutorials 8.9 Capturing Packets Using the Web Configurator The following section shows you how to capture packets using the ISG50 web configurator. You may need to do this if there are problems. For example, suppose a SIP phone (P) fails to register to the ISG50.
Page 172 Chapter 8 PBX Tutorials • Duration: 10 seconds Then click Capture. Re-initialize the SIP phone. This helps to get a complete packet capturing. Wait ten seconds, then use the Files tab to save the file to your computer. Use a packet capturing tool (such as Ethereal) to open the file and analyze the possible root cause. In this example, registration fails because the SIP username must be a number and not letters (bob in this example) for the ISG50.
Page 173: Creating An Automated Menu System
Chapter 8 PBX Tutorials If you cannot solve the problem, contact customer support and send this file. You may be asked to provide another file containing more real-time system information. Select Maintenance > Diagnostics > Collect and click Collect Now. Wait several seconds, then use the Files tab to save the file to your computer.
Page 174: Create An Agent Identity
Chapter 8 PBX Tutorials In order to do this, he must map his connections: Table 25 Tutorial: Example Automated Menu Design 1ST MENU SUBMENUS SKILLS AGENTS Language English Order Status Selection Steven Technical Support Steven George Accounts and Billing George Spanish Estado del Pedido Eddie...
Page 175: Create A Skill
Chapter 8 PBX Tutorials Log into the ISG50, then go to the Configuration > PBX > ACD > Agent screen. For each of your agents, click the Add button to open the Agent Settings screen, and configure the following items: Agent ID: Enter between 3 and 20 digits to serve as the agent’s identification number.
Page 176 Chapter 8 PBX Tutorials “Technical Support” as a skill, then any caller who presses the key for that skill is immediately forwarded to the first available person whose agent identity appears on that skill’s rule list. To create a new skill: Go to the Configuration >...
Page 177 Chapter 8 PBX Tutorials For each skill, click the Add button to open the Add New Skill screen, and assign configure the following items: Number: Enter an identification number of this skill. This is required to link the skill to a skill menu in the next section.
Page 178: Create An Auto-Attendant
Chapter 8 PBX Tutorials having two agents linked to this skill (Pam and Steven). He decides that the person who has received the fewest number of incoming calls since logging in should always be the first to answer the next incoming call. He therefore sets the Ring Strategy option to Fewest Calls. For more information about this option, see Section 38.4.1 on page 559.
Page 179 Chapter 8 PBX Tutorials Click the Add button. On the Add Customized Auto-Attendant screen, enter a Name and a Description (optional) for your first auto-attendant. The company manager of the Acme Widget company enters Language_Select, since this will be the first automated menu where callers choose either English or Spanish.
Page 180 Chapter 8 PBX Tutorials In the Office Hour tab provide an audio file saying something like “Press 1 for English or 2 for Spanish” to tell callers to select a language. Either upload an audio file (see Section 31.3.2 on page 509) or record one on the extension set as the recording peer (see Section 39.4 on page 571) and...
Page 181 Chapter 8 PBX Tutorials In the Add Option screen, enter a keypad number and action for your auto-attendant. Because this is the language selection auto-attendant for the Acme Widget company, the company manager enters “1” for Key, “English” for Description, and selects “Forward to a sub menu” for Action. The action selected here is quite important because it allows us to open up the second tier submenu.
Page 182 Chapter 8 PBX Tutorials On the Add Option screen, enter the keypad number and action for the submenu item. The company manager for the Acme Widget company enters “1” for Key, selects “Forward to a skill” for Action, selects “766/Order Status” from the list of configured skills for the ACD, and enters “Order Status”...
Page 183: Technical Reference
Technical Reference...
Page 185: Dashboard
H A PT ER Dashboard 9.1 Overview Use the Dashboard screens to check status information about the ISG50. 9.1.1 What You Can Do in this Chapter Use the Dashboard screens for the following. • Use the main Dashboard screen (see Section 9.2 on page 185) to see the ISG50’s general device information, system status, system resource usage, licensed service status, and interface...
Page 186 Chapter 9 Dashboard licensed service status, and interface status in widgets that you can re-arrange to suit your needs. You can also collapse, refresh, and close individual widgets. Figure 135 Dashboard The following table describes the labels in this screen. Table 26 Dashboard LABEL DESCRIPTION...
Page 187 Chapter 9 Dashboard Table 26 Dashboard (continued) LABEL DESCRIPTION Virtual Device Hover your cursor over a LED, interface or slot to view details about the status of the ISG50 connections. See Section 1.4.1 on page 33 for LED descriptions. An unconnected interface or slot appears grayed out.
Page 188 Chapter 9 Dashboard Table 26 Dashboard (continued) LABEL DESCRIPTION Current Date/ This field displays the current date and time in the ISG50. The format is yyyy-mm-dd Time hh:mm:ss. VPN Status Click this to look at the VPN tunnels that are currently established. See Section 9.2.1 on page 190.
Page 189 Chapter 9 Dashboard Table 26 Dashboard (continued) LABEL DESCRIPTION Action Use this field to get or to update the IP address for the interface. Click Renew to send a new DHCP request to a DHCP server. Click the Connect icon to have the ISG50 try to connect a PPPoE/PPTP interface. If the interface cannot use one of these ways to get or to update its IP address, this field displays n/a.
Page 190: The Cpu Usage Screen
Chapter 9 Dashboard 9.2.1 The CPU Usage Screen Use this screen to look at a chart of the ISG50’s recent CPU usage. To access this screen, click Show CPU Usage in the dashboard. Figure 136 Dashboard > Show CPU Usage The following table describes the labels in this screen.
Page 191: The Active Sessions Screen
Chapter 9 Dashboard The following table describes the labels in this screen. Table 28 Dashboard > Show Memory Usage LABEL DESCRIPTION The y-axis represents the percentage of RAM usage. The x-axis shows the time period over which the RAM usage occurred Refresh Interval Enter how often you want this window to be automatically updated.
Page 192: The Vpn Status Screen
Chapter 9 Dashboard 9.2.4 The VPN Status Screen Use this screen to look at the VPN tunnels that are currently established. To access this screen, click VPN Status in the dashboard. Figure 139 Dashboard > VPN Status The following table describes the labels in this screen. Table 30 Dashboard >...
Page 193: The Number Of Login Users Screen
Chapter 9 Dashboard The following table describes the labels in this screen. Table 31 Dashboard > DHCP Table LABEL DESCRIPTION This field is a sequential value, and it is not associated with a specific entry. Interface This field identifies the interface that assigned an IP address to a DHCP client. IP Address This field displays the IP address currently assigned to a DHCP client or reserved for a specific MAC address.
Page 194 Chapter 9 Dashboard Table 32 Dashboard > Number of Login Users (continued) LABEL DESCRIPTION IP address This field displays the IP address of the computer used to log in to the ISG50. Force Logout Click this icon to end a user’s session. ISG50 User’s Guide...
Page 195: Monitor
HAPTER Monitor 10.1 Overview Use the Monitor screens to check status and statistics information. 10.1.1 What You Can Do in this Chapter Use the Monitor screens for the following. • Use the System Status > Port Statistics screen (see Section 10.2 on page 196) to look at packet statistics for each physical port.
Page 196: The Port Statistics Screen
Chapter 10 Monitor • Use the PBX > BRI Trunk screen (Section 10.17 on page 218) to display status information about external connections via BRI interfaces. • Use the PBX > ACD Queue screen (Section 10.18 on page 219) to monitor phone call activity for Automatic Call Distribution (ACD) agents.
Page 197: The Port Statistics Graph Screen
Chapter 10 Monitor Table 33 Monitor > System Status > Port Statistics (continued) LABEL DESCRIPTION Status This field displays the current status of the physical port. Down - The physical port is not connected. Speed / Duplex - The physical port is connected. This field displays the port speed and duplex setting (Full or Half).
Page 198: Interface Status Screen
Chapter 10 Monitor The following table describes the labels in this screen. Table 34 Monitor > System Status > Port Statistics > Switch to Graphic View LABEL DESCRIPTION Refresh Interval Enter how often you want this window to be automatically updated. Refresh Now Click this to update the information in the window right away.
Page 199 Chapter 10 Monitor Each field is described in the following table. Table 35 Monitor > System Status > Interface Status LABEL DESCRIPTION Interface Status If an Ethernet interface does not have any physical ports associated with it, its entry is displayed in light gray text.
Page 200: The Traffic Statistics Screen
Chapter 10 Monitor Table 35 Monitor > System Status > Interface Status (continued) LABEL DESCRIPTION Name This field displays the name of each interface. If there is a Expand icon (plus-sign) next to the name, click this to look at the statistics for virtual interfaces on top of this interface. Status This field displays the current status of the interface.
Page 201 Chapter 10 Monitor You use the Traffic Statistics screen to tell the ISG50 when to start and when to stop collecting information for these reports. You cannot schedule data collection; you have to start and stop it manually in the Traffic Statistics screen. Figure 145 Monitor >...
Page 202 Chapter 10 Monitor Table 36 Monitor > System Status > Traffic Statistics (continued) LABEL DESCRIPTION Select the type of report to display. Choices are: Host IP Address/User - displays the IP addresses or users with the most traffic and how much traffic has been sent to and from each one.
Page 203: The Session Monitor Screen
Chapter 10 Monitor The following table displays the maximum number of records shown in the report, the byte count limit, and the hit count limit. Table 37 Maximum Values for Reports LABEL DESCRIPTION Maximum Number of Records 20 Byte Count Limit bytes;...
Page 204 Chapter 10 Monitor The following table describes the labels in this screen. Table 38 Monitor > System Status > Session Monitor LABEL DESCRIPTION View Select how you want the information to be displayed. Choices are: sessions by users - display all active sessions grouped by user sessions by services - display all active sessions grouped by service or protocol sessions by source IP - display all active sessions grouped by source IP address sessions by destination IP - display all active sessions grouped by destination IP...
Page 205: The Ddns Status Screen
Chapter 10 Monitor Table 38 Monitor > System Status > Session Monitor (continued) LABEL DESCRIPTION This field displays the amount of information transmitted by the source in the active session. Duration This field displays the length of the active session in seconds. 10.6 The DDNS Status Screen The DDNS Status screen shows the status of the ISG50’s DDNS domain names.
Page 206: The Login Users Screen
Chapter 10 Monitor IP/MAC binding enabled and have ever established a session with the ISG50. Devices that have never established a session with the ISG50 do not display in the list. Figure 148 Monitor > System Status > IP/MAC Binding The following table describes the labels in this screen.
Page 207: Cellular Status Screen
Chapter 10 Monitor The following table describes the labels in this screen. Table 41 Monitor > System Status > Login Users LABEL DESCRIPTION This field is a sequential value and is not associated with any entry. User ID This field displays the user name of each user who is currently logged in to the ISG50. Reauth Lease T.
Page 208 Chapter 10 Monitor Table 42 Monitor > System Status > Cellular Status (continued) LABEL DESCRIPTION Status No device - no 3G device is connected to the ISG50. No Service - no 3G network is available in the area; you cannot connect to the Internet. Limited Service - returned by the service provider in cases where the SIM card is expired, the user failed to pay for the service and so on;...
Page 209: More Information
Chapter 10 Monitor 10.9.1 More Information This screen displays more information on your 3G, such as the signal strength, IMEA/ESN and IMSI that helps identify your 3G device and SIM card. Click Monitor > System Status > More Information to display this screen. Note: This screen is only available when the 3G device is attached to and activated on the ISG50.
Page 210: Usb Storage Screen
Chapter 10 Monitor Table 43 Monitor > System Status > More Information LABEL DESCRIPTION Device Firmware This shows the software version of the 3G device. Device IMEI/ESN IMEI (International Mobile Equipment Identity) is a 15-digit code in decimal format that identifies the 3G device.
Page 211: The Ipsec Monitor Screen
Chapter 10 Monitor Table 44 Monitor > System Status > USB Storage (continued) LABEL DESCRIPTION Status Ready - you can have the ISG50 use the USB storage device. Click Remove Now to stop the ISG50 from using the USB storage device so you can remove it.
Page 212: Regular Expressions In Searching Ipsec Sas
Chapter 10 Monitor Each field is described in the following table. Table 45 Monitor > VPN Monitor > IPSec LABEL DESCRIPTION Name Enter the name of a IPSec SA here and click Search to find it (if it is associated). You can use a keyword or regular expression.
Page 213: Sip Peer Screen
Chapter 10 Monitor The whole VPN connection or policy name has to match if you do not use a question mark or asterisk. 10.12 SIP Peer Screen This screen displays information about the ISG50’s SIP extensions. Click Monitor > PBX > SIP Peer to display this screen.
Page 214: Fxs Peer Screen
Chapter 10 Monitor Table 46 Monitor > PBX > SIP Peer (continued) LABEL DESCRIPTION Registration This field displays online, if an IP phone is registered with the ISG50. It displays offline Status if no IP phone is registered with the ISG50 for a specific extension. For the web phone feature, it displays online, if a user has logged in the web phone feature, otherwise it displays offline.
Page 215: Sip Trunk Screen
Chapter 10 Monitor Table 47 Monitor > PBX > FXS Peer (continued) LABEL DESCRIPTION Call Status This field displays busy if an FXS extension is currently engaged, otherwise it displays idle. Mobile Extension This indicates whether the connection’s mobile extension is activated or not, or if it is Status unspecified.
Page 216: Cti Peer Screen
Chapter 10 Monitor Table 48 Monitor > PBX > SIP Trunk (continued) LABEL DESCRIPTION Registration This field displays online if the ISG50 successfully registered with the SIP server for this Status SIP trunk, offline if the ISG50 failed to register with the SIP server for this SIP trunk or Auth.
Page 217: Fxo Trunk Screen
Chapter 10 Monitor 10.16 FXO Trunk Screen This screen displays status information about external connections via FXO interfaces. Click Monitor > PBX > FXO Trunk to display this screen. Figure 158 Monitor > PBX > FXO Trunk The following table describes the labels in this screen. Table 50 Monitor >...
Page 218: Bri Trunk Screen
Chapter 10 Monitor 10.17 BRI Trunk Screen This screen displays status information about external connections via BRI interfaces. Click Monitor > PBX > BRI Trunk to display this screen. Figure 159 Monitor > PBX > BRI Trunk The following table describes the labels in this screen. Table 51 Monitor >...
Page 219: Acd Queue Screen
Chapter 10 Monitor 10.18 ACD Queue Screen Use this screen to monitor phone call activity for Automatic Call Distribution (ACD) agents. Click Monitor > PBX > ACD Queue to display this screen. Figure 160 Monitor > PBX > ACD Queue The following table describes the labels in this screen.
Page 220: Log Screen
Chapter 10 Monitor Table 52 Monitor > PBX > ACD Queue (continued) LABEL DESCRIPTION Caller ID This indicates the caller ID of the call. Entered Time This indicates the time the caller entered the queue. Waiting Time This indicates how long the caller has been waiting in the queue. 10.19 Log Screen Log messages are stored in two separate logs, one for regular log messages and one for debugging messages.
Page 221 Chapter 10 Monitor The following table describes the labels in this screen. Table 53 Monitor > Log LABEL DESCRIPTION Show Filter / Click this button to show or hide the filter settings. Hide Filter If the filter settings are hidden, the Display, Email Log Now, Refresh, and Clear Log fields are available.
Page 222: Querying Call Recordings
Chapter 10 Monitor Table 53 Monitor > Log (continued) LABEL DESCRIPTION Source This field displays the source IP address and the port number in the event that generated the log message. Destination This field displays the destination IP address and the port number of the event that generated the log message.
Page 223: Call Recordings File List
Chapter 10 Monitor 10.20.1 Call Recordings File List This screen lists the call recordings that matched your specified criteria. Use this screen to listen to or delete individual call recordings. Click Monitor > Log > Call Recording and perform a query to open the screen as following.
Page 224 Chapter 10 Monitor Table 56 Monitor > Log > CDR (continued) LABEL DESCRIPTION Backup Now Click the Backup Now button to save a CDR backup file on the ISG50. Remove If you no longer want to store a CDR file on the ISG50 then select the files you want to delete from the ISG50 and click the Remove button.
Page 225: Cdr Query Screen
Chapter 10 Monitor 10.22 CDR Query Screen Use this screen to search for call records on the ISG50. Click Monitor > Log > CDR > Query to view the screen as shown next. See Viewing Aged Files on page for details about extension “.tgz”...
Page 226 Chapter 10 Monitor Table 57 Monitor > Log > CDR > Query (continued) LABEL DESCRIPTION Call Time Call time is the time from when a caller finishes dialing a number until one of the parties hangs up. Enter the range of seconds, minutes or hours to specify the length of calls that you want to search for.
Page 227: Cdr Query Result Screen
Chapter 10 Monitor Table 57 Monitor > Log > CDR > Query (continued) LABEL DESCRIPTION Search Click the Search button to display your query results in a report window. Your Internet browser opens up a new window with the query results. Reset Click Reset to return the screen to its last-saved settings.
Page 228 Chapter 10 Monitor ISG50 User’s Guide...
Page 229: Registration
HAPTER Registration 11.1 Overview Use the Configuration > Licensing > Registration screens to register your ISG50 and manage its service subscriptions. 11.1.1 What You Can Do in this Chapter • Use the Registration screen (see Section 11.2 on page 230) to register your ISG50 with myZyXEL.com and activate a service.
Page 230: The Registration Screen
Chapter 11 Registration 11.2 The Registration Screen Use this screen to register your ISG50 with myZyXEL.com and activate a service, such as additional SIP extension numbers. Click Configuration > Licensing > Registration in the navigation panel to open the screen as shown next. Figure 167 Configuration >...
Page 231: The Service Screen
Chapter 11 Registration Table 59 Configuration > Licensing > Registration (continued) LABEL DESCRIPTION Password Enter a password of between 6 and 20 alphanumeric characters (and the underscore). Spaces are not allowed. Confirm Password Enter the password again for confirmation. E-Mail Address Enter your e-mail address.
Page 232 Chapter 11 Registration (license key) in this screen. Click Configuration > Licensing > Registration > Service to open the screen as shown next. Figure 169 Configuration > Licensing > Registration > Service The following table describes the labels in this screen. Table 60 Configuration >...
Page 233: Interfaces
HAPTER Interfaces 12.1 Interface Overview Use the Interface screens to configure the ISG50’s interfaces. You can also create interfaces on top of other interfaces. • Ports are the physical ports to which you connect cables. • Interfaces are used within the system operationally. You use them in configuring various features.
Page 234 Chapter 12 Interfaces • Many interfaces can share the same physical port. • An interface belongs to at most one zone. • Many interfaces can belong to the same zone. • Layer-3 virtualization (IP alias, for example) is a kind of interface. Types of Interfaces You can create several types of interfaces in the ISG50.
Page 235 Chapter 12 Interfaces - * The format of interface names other than the Ethernet and ppp interface names is strict. Each name consists of 2-4 letters (interface type), followed by a number (x). For most interfaces, x is limited by the maximum number of the type of interface.
Page 236: Port Role
Chapter 12 Interfaces 12.2 Port Role To access this screen, click Configuration > Network > Interface > Port Role. Use the Port Role screen to set the ISG50’s flexible ports as part of the lan1, lan2 or dmz interfaces. This creates a hardware connection between the physical ports at the layer-2 (data link, MAC address) level.
Page 237: Ethernet Summary Screen
Chapter 12 Interfaces Table 63 Configuration > Network > Interface > Port Role (continued) LABEL DESCRIPTION Apply Click this button to save your changes and apply them to the ISG50. Reset Click this button to change the port groups to their current configuration (last-saved values).
Page 238: Ethernet Edit
Chapter 12 Interfaces Each field is described in the following table. Table 64 Configuration > Network > Interface > Ethernet LABEL DESCRIPTION Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings. Remove To remove a virtual interface, select it and click Remove.
Page 239 Chapter 12 Interfaces With OSPF, you can use Ethernet interfaces to do the following things. • Enable and disable OSPF in the underlying physical port or port group. • Select the area to which the interface belongs. • Override the default link cost and authentication method for the selected area. •...
Page 240 Chapter 12 Interfaces Figure 172 Configuration > Network > Interface > Ethernet > Edit (WAN) ISG50 User’s Guide...
Page 241 Chapter 12 Interfaces Figure 173 Configuration > Network > Interface > Ethernet > Edit (DMZ) ISG50 User’s Guide...
Page 242 Chapter 12 Interfaces This screen’s fields are described in the table below. Table 65 Configuration > Network > Interface > Ethernet > Edit LABEL DESCRIPTION Show Advance Click this button to display a greater or lesser number of configuration fields. Settings / Hide Advance Settings General Settings...
Page 243 Chapter 12 Interfaces Table 65 Configuration > Network > Interface > Ethernet > Edit (continued) LABEL DESCRIPTION Maximum Transmission Unit. Type the maximum size of each data packet, in bytes, that can move through this interface. If a larger packet arrives, the ISG50 divides it into smaller fragments.
Page 244 Chapter 12 Interfaces Table 65 Configuration > Network > Interface > Ethernet > Edit (continued) LABEL DESCRIPTION Pool Size Enter the number of IP addresses to allocate. This number must be at least one and is limited by the interface’s Subnet Mask. For example, if the Subnet Mask is 255.255.255.0 and IP Pool Start Address is 10.10.10.10, the ISG50 can allocate 10.10.10.10 to 10.10.10.254, or 245 IP addresses.
Page 245 Chapter 12 Interfaces Table 65 Configuration > Network > Interface > Ethernet > Edit (continued) LABEL DESCRIPTION Send Version This field is effective when RIP is enabled. Select the RIP version(s) used for sending RIP packets. Choices are 1, 2, and 1 and 2. Receive Version This field is effective when RIP is enabled.
Page 246: Object References
Chapter 12 Interfaces 12.3.2 Object References When a configuration screen includes an Object References icon, select a configuration object and click Object References to open the Object References screen. This screen displays which configuration settings reference the selected object. The fields shown vary with the type of object. Figure 174 Object References The following table describes labels that can appear in this screen.
Page 247: Ppp Interface Summary
Chapter 12 Interfaces Figure 175 Example: PPPoE/PPTP Interfaces PPPoE/PPTP interfaces are similar to other interfaces in some ways. They have an IP address, subnet mask, and gateway used to make routing decisions; they restrict bandwidth and packet size; and they can verify the gateway is available. There are two main differences between PPPoE/ PPTP interfaces and other interfaces.
Page 248: Ppp Interface Add Or Edit
Chapter 12 Interfaces Each field is described in the table below. Table 67 Configuration > Network > Interface > PPP LABEL DESCRIPTION User Configuration / The ISG50 comes with the (non-removable) System Default PPP interfaces pre- System Default configured. You can create (and delete) User Configuration PPP interfaces. Click this to create a new user-configured PPP interface.
Page 249 Chapter 12 Interfaces Figure 177 Configuration > Network > Interface > PPP > Add Each field is explained in the following table. Table 68 Configuration > Network > Interface > PPP > Add LABEL DESCRIPTION Show Advance Click this button to display a greater or lesser number of configuration fields. Settings / Hide Advance Settings General Settings...
Page 250 Chapter 12 Interfaces Table 68 Configuration > Network > Interface > PPP > Add (continued) LABEL DESCRIPTION Enable Interface Select this to enable this interface. Clear this to disable this interface. Interface Properties Interface Name Specify a name for the interface. It can use alphanumeric characters, hyphens, and underscores, and it can be up to 11 characters long.
Page 251: Cellular Configuration Screen (3G)
Chapter 12 Interfaces Table 68 Configuration > Network > Interface > PPP > Add (continued) LABEL DESCRIPTION Maximum Transmission Unit. Type the maximum size of each data packet, in bytes, that can move through this interface. If a larger packet arrives, the ISG50 divides it into smaller fragments.
Page 252 Chapter 12 Interfaces • You can set the 3G device to connect only to the home network, which is the network to which you are originally subscribed. • You can set the 3G device to connect to other networks if the signal strength of the home network is too low or it is unavailable.
Page 253: Cellular Add/Edit Screen
Chapter 12 Interfaces Figure 178 Configuration > Network > Interface > Cellular The following table describes the labels in this screen. Table 70 Configuration > Network > Interface > Cellular LABEL DESCRIPTION Click this to create a new cellular interface. Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
Page 254 Chapter 12 Interfaces Figure 179 Configuration > Network > Interface > Cellular > Add ISG50 User’s Guide...
Page 255 Chapter 12 Interfaces The following table describes the labels in this screen. Table 71 Configuration > Network > Interface > Cellular > Add LABEL DESCRIPTION Show Advance Click this button to display a greater or lesser number of configuration fields. Settings / Hide Advance Settings General Settings...
Page 256 Chapter 12 Interfaces Table 71 Configuration > Network > Interface > Cellular > Add (continued) LABEL DESCRIPTION User Name This field displays when you select an authentication type other than None. This field is read-only if you selected Device in the profile selection. If this field is configurable, enter the user name for this 3G card exactly as the service provider gave it to you.
Page 257 Chapter 12 Interfaces Table 71 Configuration > Network > Interface > Cellular > Add (continued) LABEL DESCRIPTION Check Fail Enter the number of consecutive failures before the ISG50 stops routing through the Tolerance gateway. Check Default Select this to use the default gateway for the connectivity check. Gateway Check this Select this to specify a domain name or IP address for the connectivity check.
Page 258 Chapter 12 Interfaces Table 71 Configuration > Network > Interface > Cellular > Add (continued) LABEL DESCRIPTION Network Home network is the network to which you are originally subscribed. Selection Select Home to have the 3G device connect only to the home network. If the home network is down, the ISG50's 3G Internet connection is also unavailable.
Page 259: Vlan Interfaces
Chapter 12 Interfaces Table 71 Configuration > Network > Interface > Cellular > Add (continued) LABEL DESCRIPTION Actions when over Specify the actions the ISG50 takes when the specified percentage of time budget or % of time budget or data limit is exceeded. Enter a number from 1 to 99 in the percentage fields. If you % of data budget change the value after you configure and enable budget control, the ISG50 resets the statistics.
Page 260 Chapter 12 Interfaces Figure 181 Example: After VLAN Each VLAN is a separate network with separate IP addresses, subnet masks, and gateways. Each VLAN also has a unique identification number (ID). The ID is a 12-bit value that is stored in the MAC header.
Page 261: Vlan Summary Screen
Chapter 12 Interfaces Note: Each VLAN interface is created on top of only one Ethernet interface. Otherwise, VLAN interfaces are similar to other interfaces in many ways. They have an IP address, subnet mask, and gateway used to make routing decisions. They restrict bandwidth and packet size.
Page 262: Vlan Add/Edit
Chapter 12 Interfaces Table 72 Configuration > Network > Interface > VLAN (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ISG50. Reset Click Reset to return the screen to its last-saved settings. 12.6.2 VLAN Add/Edit This screen lets you configure IP address assignment, interface bandwidth parameters, DHCP settings, and connectivity check for each VLAN interface.
Page 263 Chapter 12 Interfaces Figure 183 Configuration > Network > Interface > VLAN > Edit ISG50 User’s Guide...
Page 264 Chapter 12 Interfaces Each field is explained in the following table. Table 73 Configuration > Network > Interface > VLAN > Edit LABEL DESCRIPTION Show Advance Click this button to display a greater or lesser number of configuration fields. Settings / Hide Advance Settings General Settings Enable Interface...
Page 265 Chapter 12 Interfaces Table 73 Configuration > Network > Interface > VLAN > Edit (continued) LABEL DESCRIPTION Connectivity Check The ISG50 can regularly check the connection to the gateway you specified to make sure it is still available. You specify how often to check the connection, how long to wait for a response before the attempt is a failure, and how many consecutive failures are required before the ISG50 stops routing to the gateway.
Page 266 Chapter 12 Interfaces Table 73 Configuration > Network > Interface > VLAN > Edit (continued) LABEL DESCRIPTION Pool Size Enter the number of IP addresses to allocate. This number must be at least one and is limited by the interface’s Subnet Mask. For example, if the Subnet Mask is 255.255.255.0 and IP Pool Start Address is 10.10.10.10, the ISG50 can allocate 10.10.10.10 to 10.10.10.254, or 245 IP addresses.
Page 267: Bridge Interfaces
Chapter 12 Interfaces Table 73 Configuration > Network > Interface > VLAN > Edit (continued) LABEL DESCRIPTION Send Version This field is effective when RIP is enabled. Select the RIP version(s) used for sending RIP packets. Choices are 1, 2, and 1 and 2. Receive Version This field is effective when RIP is enabled.
Page 268 Chapter 12 Interfaces Bridge Overview A bridge creates a connection between two or more network segments at the layer-2 (MAC address) level. In the following example, bridge X connects four network segments. When the bridge receives a packet, the bridge records the source MAC address and the port on which it was received in a table.
Page 269: Bridge Summary
Chapter 12 Interfaces • Zero or one VLAN interfaces (and any associated virtual VLAN interfaces) • Any number of Ethernet interfaces (and any associated virtual Ethernet interfaces) When you create a bridge interface, the ISG50 removes the members’ entries from the routing table and adds the bridge interface’s entries to the routing table.
Page 270: Bridge Add/Edit
Chapter 12 Interfaces Table 77 Configuration > Network > Interface > Bridge (continued) LABEL DESCRIPTION Object References Select an entry and click Object References to open a screen that shows which settings use the entry. See Section 12.3.2 on page 246 for an example.
Page 271 Chapter 12 Interfaces Figure 185 Configuration > Network > Interface > Bridge > Add ISG50 User’s Guide...
Page 272 Chapter 12 Interfaces Each field is described in the table below. Table 78 Configuration > Network > Interface > Bridge > Edit LABEL DESCRIPTION Show Advance Click this button to display a greater or lesser number of configuration fields. Settings / Hide Advance Settings General Settings Enable Interface...
Page 273 Chapter 12 Interfaces Table 78 Configuration > Network > Interface > Bridge > Edit (continued) LABEL DESCRIPTION Interface Parameters Egress Enter the maximum amount of traffic, in kilobits per second, the ISG50 can send Bandwidth through the interface to the network. Allowed values are 0 - 1048576. Ingress This is reserved for future use.
Page 274 Chapter 12 Interfaces Table 78 Configuration > Network > Interface > Bridge > Edit (continued) LABEL DESCRIPTION Lease time Specify how long each computer can use the information (especially the IP address) before it has to request the information again. Choices are: infinite - select this if IP addresses never expire days, hours, and minutes - select this to enter how long IP addresses are valid.
Page 275: Virtual Interfaces Add/Edit
Chapter 12 Interfaces 12.7.3 Virtual Interfaces Add/Edit This screen lets you configure IP address assignment and interface parameters for virtual interfaces. To access this screen, click an Add icon next to an Ethernet interface, VLAN interface, or bridge interface in the respective interface summary screen. Figure 186 Virtual Interface Add Each field is described in the table below.
Page 276: Interface Technical Reference
Chapter 12 Interfaces Table 79 Virtual Interface Add (continued) LABEL DESCRIPTION Ingress This is reserved for future use. Bandwidth Enter the maximum amount of traffic, in kilobits per second, the ISG50 can receive from the network through the interface. Allowed values are 0 - 1048576. Click OK to save your changes back to the ISG50.
Page 277 Chapter 12 Interfaces In the example above, if the ISG50 gets a packet with a destination address of 5.5.5.5, it might not find any entries in the routing table. In this case, the packet is dropped. However, if there is a default router to which the ISG50 should send this packet, you can specify it as a gateway in one of the interfaces.
Page 278 Chapter 12 Interfaces In the ISG50, some interfaces can provide DHCP services to the network. In this case, the interface can be a DHCP relay or a DHCP server. As a DHCP relay, the interface routes DHCP requests to DHCP servers on different networks. You can specify more than one DHCP server.
Page 279 Chapter 12 Interfaces PPPoE/PPTP Overview Point-to-Point Protocol over Ethernet (PPPoE, RFC 2516) and Point-to-Point Tunneling Protocol (PPTP, RFC 2637) are usually used to connect two computers over phone lines or broadband connections. PPPoE is often used with cable modems and DSL connections. It provides the following advantages: •...
Page 280 Chapter 12 Interfaces ISG50 User’s Guide...
Page 281: Trunks
HAPTER Trunks 13.1 Overview Use trunks for WAN traffic load balancing to increase overall network throughput and reliability. Load balancing divides traffic loads between multiple interfaces. This allows you to improve quality of service and maximize bandwidth utilization for multiple ISP links. Maybe you have two Internet connections with different bandwidths.
Page 282 Chapter 13 Trunks • You can define multiple trunks for the same physical interfaces. Link Sticking You can have the ISG50 send each local computer’s traffic that is going to the same destination through a single WAN interface for a specified period of time. This is useful when a server requires authentication.
Page 283 Chapter 13 Trunks Least Load First The least load first algorithm uses the current (or recent) outbound bandwidth utilization of each trunk member interface as the load balancing index(es) when making decisions about to which interface a new session is to be distributed. The outbound bandwidth utilization is defined as the measured outbound throughput over the available outbound bandwidth.
Page 284 Chapter 13 Trunks the weight of wan1 and wan2 to 2 and 1 respectively. The ISG50 assigns the traffic of two sessions to wan1 for every session's traffic assigned to wan2. Figure 190 Weighted Round Robin Algorithm Example Spillover The spillover load balancing algorithm sends network traffic to the first interface in the trunk member list until the interface’s maximum allowable load is reached, then sends the excess network traffic of new sessions to the next interface in the trunk member list.
Page 285: The Trunk Summary Screen
Chapter 13 Trunks 13.2 The Trunk Summary Screen Click Configuration > Network > Interface > Trunk to open the Trunk screen. This screen lists the configured trunks and the load balancing algorithm that each is configured to use. Figure 192 Configuration > Network > Interface > Trunk ISG50 User’s Guide...
Page 286 Chapter 13 Trunks The following table describes the items in this screen. Table 84 Configuration > Network > Interface > Trunk LABEL DESCRIPTION Show Advance Click this button to display a greater or lesser number of configuration fields. Settings / Hide Advance Settings Enable Link Enable link sticking to have the system route sessions from one source to the...
Page 287: Configuring A Trunk
Chapter 13 Trunks 13.3 Configuring a Trunk Click Configuration > Network > Interface > Trunk and then the Add (or Edit) icon to open the Trunk Edit screen. Use this screen to create or edit a WAN trunk entry. Figure 193 Configuration > Network > Interface > Trunk > Add (or Edit) Each field is described in the table below.
Page 288: Trunk Technical Reference
Chapter 13 Trunks Table 85 Configuration > Network > Interface > Trunk > Add (or Edit) (continued) LABEL DESCRIPTION Move To move an interface to a different number in the list, click the Move icon. In the field that appears, specify the number to which you want to move the interface. This column displays the priorities of the group’s interfaces.
Page 289: Policy And Static Routes
HAPTER Policy and Static Routes 14.1 Policy and Static Routes Overview Use policy routes and static routes to override the ISG50’s default routing behavior in order to send packets through the appropriate interface or VPN tunnel. For example, the next figure shows a computer (A) connected to the ISG50’s LAN interface. The ISG50 routes most traffic from A to the Internet through the ISG50’s default gateway (R1).
Page 290: What You Need To Know
Chapter 14 Policy and Static Routes 14.1.2 What You Need to Know Policy Routing Traditionally, routing is based on the destination address only and the ISG50 takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
Page 291: Policy Route Screen
Chapter 14 Policy and Static Routes DiffServ (Differentiated Services) is a class of service (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the level of service desired.
Page 292 Chapter 14 Policy and Static Routes Note: Policy routes do not apply to the routing of PBX traffic. Figure 195 Configuration > Network > Routing > Policy Route The following table describes the labels in this screen. Table 86 Configuration > Network > Routing > Policy Route LABEL DESCRIPTION Show Advance...
Page 293 Chapter 14 Policy and Static Routes Table 86 Configuration > Network > Routing > Policy Route (continued) LABEL DESCRIPTION Incoming This is the interface on which the packets are received. Source This is the name of the source IP address (group) object. any means all IP addresses.
Page 294: Policy Route Edit Screen
Chapter 14 Policy and Static Routes 14.2.1 Policy Route Edit Screen Click Configuration > Network > Routing to open the Policy Route screen. Then click the Add or Edit icon to open the Policy Route Edit screen. Use this screen to configure or edit a policy route.
Page 295 Chapter 14 Policy and Static Routes Table 87 Configuration > Network > Routing > Policy Route > Edit (continued) LABEL DESCRIPTION Incoming Select where the packets are coming from; any, an interface, a tunnel, or the ISG50 itself. For an interface or a tunnel, you also need to select the individual interface or VPN tunnel connection.
Page 296 Chapter 14 Policy and Static Routes Table 87 Configuration > Network > Routing > Policy Route > Edit (continued) LABEL DESCRIPTION Interface This field displays when you select Interface in the Type field. Select an interface to have the ISG50 send traffic that matches the policy route through the specified interface.
Page 297: Ip Static Route Screen
Chapter 14 Policy and Static Routes Table 87 Configuration > Network > Routing > Policy Route > Edit (continued) LABEL DESCRIPTION Incoming Select the service that the client computer sends to a remote server. Service The incoming service should have the same service or protocol type as what you configured in the Service field.
Page 298: Static Route Add/Edit Screen
Chapter 14 Policy and Static Routes The following table describes the labels in this screen. Table 88 Configuration > Network > Routing > Static Route LABEL DESCRIPTION Click this to create a new static route. Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
Page 299: Policy Routing Technical Reference
Chapter 14 Policy and Static Routes Table 89 Configuration > Network > Routing > Static Route > Add (continued) LABEL DESCRIPTION Metric Metric represents the “cost” of transmission for routing purposes. IP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks.
Page 300 Chapter 14 Policy and Static Routes to connect to the remote server without manually configuring a port forwarding rule for each client computer. Port triggering is used especially when the remote server responses using a different port from the port the client computer used to request a service. The ISG50 records the IP address of a client computer that sends traffic to a remote server to request a service (incoming service).
Page 301 Chapter 14 Policy and Static Routes When multiple policy routes require more bandwidth, the ISG50 gives the highest priority policy routes the available bandwidth first (as much as they require, if there is enough available bandwidth), and then to lower priority policy routes if there is still bandwidth available. The ISG50 distributes the available bandwidth equally among policy routes with the same priority level.
Page 302: Routing Protocols
HAPTER Routing Protocols 15.1 Routing Protocols Overview Routing protocols give the ISG50 routing information about the network from other routers. The ISG50 stores this routing information in the routing table it uses to make routing decisions. In turn, the ISG50 can also use routing protocols to propagate routing information to other routers. See Section 6.7 on page 103 for related information on the RIP and OSPF screens.
Page 303 Chapter 15 Routing Protocols protocols, it uses hop count to decide which route is the shortest. Unfortunately, it also broadcasts its routes asynchronously to the network and converges slowly. Therefore, RIP is more suitable for small networks (up to 15 routers). •...
Page 304: The Ospf Screen
Chapter 15 Routing Protocols Table 92 Configuration > Network > Routing Protocol > RIP (continued) LABEL DESCRIPTION This field is available if the Authentication is MD5. Type the password for Authentication MD5 authentication. The password can consist of alphanumeric characters and the underscore, and it can be up to 16 characters long.
Page 305 Chapter 15 Routing Protocols • The backbone is the transit area that routes packets between other areas. All other areas are connected to the backbone. • A normal area is a group of adjacent networks. A normal area has routing information about the OSPF AS, any networks outside the OSPF AS to which it is directly connected, and any networks outside the OSPF AS that provide routing information to any area in the OSPF AS.
Page 306 Chapter 15 Routing Protocols • An Area Border Router (ABR) connects two or more areas. It is a member of all the areas to which it is connected, and it filters, summarizes, and exchanges routing information between them. • An Autonomous System Boundary Router (ASBR) exchanges routing information with routers in networks outside the OSPF AS.
Page 307: Configuring The Ospf Screen
Chapter 15 Routing Protocols Virtual Links In some OSPF AS, it is not possible for an area to be directly connected to the backbone. In this case, you can create a virtual link through an intermediate area to logically connect the area to the backbone.
Page 308 Chapter 15 Routing Protocols Click Configuration > Network > Routing > OSPF to open the following screen. Figure 204 Configuration > Network > Routing > OSPF The following table describes the labels in this screen. See Section 15.3.2 on page 309 for more information as well.
Page 309: Ospf Area Add/Edit Screen
Chapter 15 Routing Protocols Table 94 Configuration > Network > Routing Protocol > OSPF (continued) LABEL DESCRIPTION Metric Type the external cost for routes provided by static routes. The metric represents the “cost” of transmission for routing purposes. The way this is used depends on the Type field.
Page 310 Chapter 15 Routing Protocols The following table describes the labels in this screen. Table 95 Configuration > Network > Routing > OSPF > Add LABEL DESCRIPTION Area ID Type the unique, 32-bit identifier for the area in IP address format. Type Select the type of OSPF area.
Page 311: Virtual Link Add/Edit Screen
Chapter 15 Routing Protocols 15.3.3 Virtual Link Add/Edit Screen The Virtual Link Add/Edit screen allows you to create a new virtual link or edit an existing one. When the OSPF add or edit screen (see Section 15.3.2 on page 309) has the Type set to Normal, a Virtual Link table displays.
Page 312 Chapter 15 Routing Protocols Authentication Types Authentication is used to guarantee the integrity, but not the confidentiality, of routing updates. The transmitting router uses its key to encrypt the original message into a smaller message, and the smaller message is transmitted with the original message. The receiving router uses its key to encrypt the received message and then verifies that it matches the smaller message sent with it.
Page 313: Zones
HAPTER Zones 16.1 Zones Overview Set up zones to configure network security and network policies in the ISG50. A zone is a group of interfaces and/or VPN tunnels. The ISG50 uses zones instead of interfaces in many security and policy settings, such as firewall rules and remote management. Zones cannot overlap.
Page 314: The Zone Screen
Chapter 16 Zones Intra-zone Traffic • Intra-zone traffic is traffic between interfaces or VPN tunnels in the same zone. For example, in Figure 207 on page 313, traffic between VLAN 2 and the Ethernet is intra-zone traffic. • In each zone, you can either allow or prohibit all intra-zone traffic. For example, in Figure 207 on page 313, you might allow intra-zone traffic in the LAN zone but prohibit it in the WAN zone.
Page 315: Zone Edit
Chapter 16 Zones The following table describes the labels in this screen. Table 97 Configuration > Network > Zone LABEL DESCRIPTION User The ISG50 comes with pre-configured System Default zones that you cannot Configuration / delete. You can create your own User Configuration zones System Default Click this to create a new, user-configured zone.
Page 316 Chapter 16 Zones The following table describes the labels in this screen. Table 98 Network > Zone > Edit LABEL DESCRIPTION Name For a system default zone, the name is read only. For a user-configured zone, type the name used to refer to the zone. You may use 1-31 alphanumeric characters, underscores( ), or dashes (-), but the first character cannot be a number.
Page 317: Ddns
HAPTER DDNS 17.1 DDNS Overview Dynamic DNS (DDNS) services let you use a domain name with a dynamic IP address. 17.1.1 What You Can Do in this Chapter • Use the DDNS screen (see Section 17.2 on page 318) to view a list of the configured DDNS domain names and their details.
Page 318: The Ddns Screen
Chapter 17 DDNS Finding Out More Section 6.6.8 on page 100 for related information on these screens. 17.2 The DDNS Screen The DDNS screen provides a summary of all DDNS domain names and their configuration. In addition, this screen allows you to add new domain names, edit the configuration for existing domain names, and delete domain names.
Page 319: The Dynamic Dns Add/Edit Screen
Chapter 17 DDNS Table 100 Configuration > Network > DDNS (continued) LABEL DESCRIPTION Backup This field displays the alternate interface to use for updating the IP address Interface/IP mapped to the domain name followed by how the ISG50 determines the IP address for the domain name.
Page 320 Chapter 17 DDNS The following table describes the labels in this screen. Table 101 Configuration > Network > DDNS > Add LABEL DESCRIPTION Show Advance Click this button to display a greater or lesser number of configuration fields. Settings / Hide Advance Settings Enable DDNS...
Page 321 Chapter 17 DDNS Table 101 Configuration > Network > DDNS > Add (continued) LABEL DESCRIPTION IP Address The options available in this field vary by DDNS provider. Interface -The ISG50 uses the IP address of the specified interface. This option appears when you select a specific interface in the Backup Binding Address Interface field.
Page 322 Chapter 17 DDNS ISG50 User’s Guide...
Page 323: Nat
HAPTER 18.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network. Use Network Address Translation (NAT) to make computers on a private network behind the ISG50 available outside the private network.
Page 324: The Nat Screen
Chapter 18 NAT • See Section 7.10.2 on page 130 for an example of how to configure NAT to allow web traffic from the WAN to a server on the DMZ. 18.2 The NAT Screen The NAT summary screen provides a summary of all NAT rules and their configuration. In addition, this screen allows you to create new NAT rules and edit and delete existing NAT rules.
Page 325: The Nat Add/Edit Screen
Chapter 18 NAT Table 102 Configuration > Network > NAT (continued) LABEL DESCRIPTION Mapped Port This field displays the new destination port(s) for the packet. This field is blank if there is no restriction on the original destination port. Apply Click this button to save your changes to the ISG50.
Page 326 Chapter 18 NAT Table 103 Configuration > Network > NAT > Add (continued) LABEL DESCRIPTION Classification Select what kind of NAT this rule is to perform. Virtual Server - This makes computers on a private network behind the ISG50 available to a public network outside the ISG50 (like the Internet). 1:1 NAT - If the private network server will initiate sessions to the outside clients, select this to have the ISG50 translate the source IP address of the server’s outgoing traffic to the same public IP address that the outside clients use...
Page 327 Chapter 18 NAT Table 103 Configuration > Network > NAT > Add (continued) LABEL DESCRIPTION Port Mapping Use the drop-down list box to select how many original destination ports this NAT Type rule supports for the selected destination IP address (Original IP). Choices are: any - this NAT rule supports all the destination ports.
Page 328: Nat Technical Reference
Chapter 18 NAT 18.3 NAT Technical Reference Here is more detailed information about NAT on the ISG50. NAT Loopback Suppose a NAT 1:1 rule maps a public IP address to the private IP address of a LAN SMTP e-mail server to give WAN users access. NAT loopback allows other users to also use the rule’s original IP to access the mail server.
Page 329 Chapter 18 NAT The LAN user’s computer then sends traffic to IP address 1.1.1.1. NAT loopback uses the IP address of the ISG50’s LAN interface (192.168.1.1) as the source address of the traffic going from the LAN users to the LAN SMTP server. Figure 216 LAN to LAN Traffic Source 192.168.1.1 Source 192.168.1.89...
Page 330 Chapter 18 NAT ISG50 User’s Guide...
Page 331: Http Redirect
HAPTER HTTP Redirect 19.1 Overview HTTP redirect forwards the client’s HTTP request (except HTTP traffic destined for the ISG50) to a web proxy server. In the following example, proxy server A is connected to the DMZ interface. When a client connected to the LAN1 zone wants to open a web page, its HTTP request is redirected to proxy server A first.
Page 332: The Http Redirect Screen
Chapter 19 HTTP Redirect A client connects to a web proxy server each time he/she wants to access the Internet. The web proxy provides caching service to allow quick access and reduce network usage. The proxy checks its local cache for the requested web resource first. If it is not found, the proxy gets it from the specified server and forwards the response to the client.
Page 333: The Http Redirect Edit Screen
Chapter 19 HTTP Redirect Note: You can configure up to one HTTP redirect rule for each (incoming) interface. Figure 219 Configuration > Network > HTTP Redirect The following table describes the labels in this screen. Table 104 Configuration > Network > HTTP Redirect LABEL DESCRIPTION Click this to create a new entry.
Page 334 Chapter 19 HTTP Redirect The following table describes the labels in this screen. Table 105 Network > HTTP Redirect > Edit LABEL DESCRIPTION Enable Use this option to turn the HTTP redirect rule on or off. Name Enter a name to identify this rule. You may use 1-31 alphanumeric characters, underscores( ), or dashes (-), but the first character cannot be a number.
Page 335: Alg
HAPTER 20.1 ALG Overview Application Layer Gateway (ALG) allows the following applications to operate properly through the ISG50’s NAT. • H.323 - A teleconferencing protocol suite that provides audio, data and video conferencing. • FTP - File Transfer Protocol - an Internet file transfer service. The ALG feature is only needed for traffic that goes through the ISG50’s NAT.
Page 336 Chapter 20 ALG The following example shows H.323 signaling (1) and audio (2) sessions between H.323 devices A and B. Figure 221 H.323 ALG Example Peer-to-Peer Calls and the ISG50 The ISG50 ALG can allow peer-to-peer VoIP calls for H.323. You must configure the firewall and NAT (port forwarding) to allow incoming (peer-to-peer) calls from the WAN to a private IP address on the LAN (or DMZ).
Page 337: Before You Begin
Chapter 20 ALG address B to receive calls through public WAN IP address 2. You configure corresponding policy routes to have calls from LAN IP address A go out through WAN IP address and calls from LAN IP address B go out through WAN IP address 2. Figure 223 VoIP with Multiple WAN IP Addresses Finding Out More •...
Page 338: The Alg Screen
Chapter 20 ALG 20.2 The ALG Screen Click Configuration > Network > ALG to open the ALG screen. Use this screen to turn ALGs off or on and configure the port numbers to which they apply. Figure 224 Configuration > Network > ALG The following table describes the labels in this screen.
Page 339: Alg Technical Reference
Chapter 20 ALG Table 106 Configuration > Network > ALG (continued) LABEL DESCRIPTION Additional FTP If you are also using FTP on an additional TCP port number, enter it here. Signaling Port for Transformations Apply Click Apply to save your changes back to the ISG50. Reset Click Reset to return the screen to its last-saved settings.
Page 340 Chapter 20 ALG When you make a VoIP call using H.323, the RTP (Real time Transport Protocol) is used to handle voice data transfer. See RFC 1889 for details on RTP. ISG50 User’s Guide...
Page 341: Ip/Mac Binding
HAPTER IP/MAC Binding 21.1 IP/MAC Binding Overview IP address to MAC address binding helps ensure that only the intended devices get to use privileged IP addresses. The ISG50 uses DHCP to assign IP addresses and records to MAC address it assigned each IP address.
Page 342: Ip/Mac Binding Summary
Chapter 21 IP/MAC Binding Interfaces Used With IP/MAC Binding IP/MAC address bindings are grouped by interface. You can use IP/MAC binding with Ethernet, bridge, and VLAN interfaces. You can also enable or disable IP/MAC binding and logging in an interface’s configuration screen. 21.2 IP/MAC Binding Summary Click Configuration >...
Page 343: Ip/Mac Binding Edit
Chapter 21 IP/MAC Binding 21.2.1 IP/MAC Binding Edit Click Configuration > Network > IP/MAC Binding > Edit to open the IP/MAC Binding Edit screen. Use this screen to configure an interface’s IP to MAC address binding settings. Figure 227 Configuration > Network > IP/MAC Binding > Edit The following table describes the labels in this screen.
Page 344: Static Dhcp Edit
Chapter 21 IP/MAC Binding Table 108 Configuration > Network > IP/MAC Binding > Edit (continued) LABEL DESCRIPTION Click OK to save your changes back to the ISG50. Cancel Click Cancel to exit this screen without saving. 21.2.2 Static DHCP Edit Click Configuration >...
Page 345: Ip/Mac Binding Exempt List
Chapter 21 IP/MAC Binding 21.3 IP/MAC Binding Exempt List Click Configuration > Network > IP/MAC Binding > Exempt List to open the IP/MAC Binding Exempt List screen. Use this screen to configure ranges of IP addresses to which the ISG50 does not apply IP/MAC binding. Figure 229 Configuration >...
Page 346 Chapter 21 IP/MAC Binding ISG50 User’s Guide...
Page 347: Authentication Policy
HAPTER Authentication Policy 22.1 Overview Use authentication policies to control who can access the network. You can authenticate users (require them to log in). 22.1.1 What You Can Do in this Chapter Use the Configuration > Auth. Policy screens (Section 22.2 on page 347) to create and manage authentication policies.
Page 348 Chapter 22 Authentication Policy Click Configuration > Auth. Policy to display the screen. Figure 230 Configuration > Auth. Policy ISG50 User’s Guide...
Page 349 Chapter 22 Authentication Policy The following table gives an overview of the objects you can configure. Table 111 Configuration > Auth. Policy LABEL DESCRIPTION Enable Select this to turn on the authentication policy feature. Authentication Policy Exceptional Use this table to list services that users can access without logging in. Services Click Add to change the list’s membership.
Page 350: Creating/Editing An Authentication Policy
Chapter 22 Authentication Policy Table 111 Configuration > Auth. Policy (continued) LABEL DESCRIPTION Destination This displays the destination address object to which this policy applies. Schedule This field displays the schedule object that dictates when the policy applies. none means the policy is active at all times if enabled. Authentication This field displays the authentication requirement for users when their traffic matches this policy.
Page 351 Chapter 22 Authentication Policy The following table gives an overview of the objects you can configure. Table 112 Configuration > Auth. Policy > Add LABEL DESCRIPTION Create new Use to configure any new settings objects that you need to use in this screen. Object Enable Policy Select this check box to activate the authentication policy.
Page 352 Chapter 22 Authentication Policy ISG50 User’s Guide...
Page 353: Firewall
HAPTER Firewall 23.1 Overview Use the firewall to block or allow services that use static port numbers. The firewall can also limit the number of user sessions. This figure shows the ISG50’s default firewall rules in action and demonstrates how stateful inspection works.
Page 354: What You Need To Know
Chapter 23 Firewall 23.1.2 What You Need to Know Stateful Inspection The ISG50 has a stateful inspection firewall. The ISG50 restricts access by screening data packets against defined access rules. It also inspects sessions. For example, traffic from one zone is not allowed unless it is initiated by a computer in another zone first.
Page 355 Chapter 23 Firewall You can configure a To-ISG50 firewall rule (with From Any To Device direction) for traffic from an interface which is not in a zone. Global Firewall Rules Firewall rules with from any and/or to any as the packet direction are called global firewall rules. The global firewall rules are the only firewall rules that apply to an interface or VPN tunnel that is not included in a zone.
Page 356: Firewall Rule Example Applications
Chapter 23 Firewall 23.1.3 Firewall Rule Example Applications Suppose that your company decides to block all of the LAN users from using IRC (Internet Relay Chat) through the Internet. To do this, you would configure a LAN to WAN firewall rule that blocks IRC traffic from any source IP address from going to any destination address.
Page 357 Chapter 23 Firewall Now you configure a LAN1 to WAN firewall rule that allows IRC traffic from the IP address of the CEO’s computer (192.168.1.7 for example) to go to any destination address. You do not need to specify a schedule since you want the firewall rule to always be in effect. The following figure shows the results of your two custom rules.
Page 358: Firewall Rule Configuration Example
Chapter 23 Firewall The rule for the CEO must come before the rule that blocks all LAN1 to WAN IRC traffic. If the rule that blocks all LAN1 to WAN IRC traffic came first, the CEO’s IRC traffic would match that rule and the ISG50 would drop it and not check any other firewall rules.
Page 359 Chapter 23 Firewall The screen for configuring a service object opens. Configure it as follows and click OK. Figure 238 Firewall Example: Create a Service Object Select From WAN and To LAN1. Enter the name of the firewall rule. Select Dest_1 is selected for the Destination and Doom is selected as the Service. Enter a description and configure the rest of the screen as follows.
Page 360: The Firewall Screen
Chapter 23 Firewall 23.2 The Firewall Screen Asymmetrical Routes If an alternate gateway on the LAN has an IP address in the same subnet as the ISG50’s LAN IP address, return traffic may not go through the ISG50. This is called an asymmetrical or “triangle” route.
Page 361 Chapter 23 Firewall • If you enable intra-zone traffic blocking (see the chapter about zones), the firewall automatically creates (implicit) rules to deny packet passage between the interfaces in the specified zone. • Besides configuring the firewall, you also need to configure NAT rules to allow computers on the WAN to access LAN devices.
Page 362 Chapter 23 Firewall Table 117 Configuration > Firewall (continued) LABEL DESCRIPTION From Zone / To This is the direction of travel of packets. Select from which zone the packets come Zone and to which zone they go. Firewall rules are grouped based on the direction of travel of packets to which they apply.
Page 363: The Firewall Add/Edit Screen
Chapter 23 Firewall 23.2.2 The Firewall Add/Edit Screen In the Firewall screen, click the Edit or Add icon to display the Firewall Rule Edit screen. Figure 243 Configuration > Firewall > Add The following table describes the labels in this screen. Table 118 Configuration >...
Page 364: The Session Limit Screen
Chapter 23 Firewall Table 118 Configuration > Firewall > Add (continued) LABEL DESCRIPTION Access Use the drop-down list box to select what the firewall is to do with packets that match this rule. Select deny to silently discard the packets without sending a TCP reset packet or an ICMP destination-unreachable message to the sender.
Page 365: The Session Limit Add/Edit Screen
Chapter 23 Firewall Table 119 Configuration > Firewall > Session Limit (continued) LABEL DESCRIPTION Rule Summary This table lists the rules for limiting the number of concurrent sessions hosts can have. Click this to create a new entry. Select an entry and click Add to create a new entry after the selected entry.
Page 366 Chapter 23 Firewall The following table describes the labels in this screen. Table 120 Configuration > Firewall > Session Limit > Edit LABEL DESCRIPTION Create new Use to configure any new settings objects that you need to use in this screen. Object Enable Rule Select this check box to turn on this session limit rule.
Page 367: Ipsec Vpn
HAPTER IPSec VPN 24.1 IPSec VPN Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
Page 368: What You Need To Know
Chapter 24 IPSec VPN 24.1.2 What You Need to Know An IPSec VPN tunnel is usually established in two phases. Each phase establishes a security association (SA), a contract indicating what security parameters the ISG50 and the remote IPSec router will use. The first phase establishes an Internet Key Exchange (IKE) SA between the ISG50 and remote IPSec router.
Page 369 Chapter 24 IPSec VPN Application Scenarios The ISG50’s application scenarios make it easier to configure your VPN connection settings. Table 121 IPSec VPN Application Scenarios SITE-TO-SITE WITH REMOTE ACCESS REMOTE ACCESS SITE-TO-SITE DYNAMIC PEER (SERVER ROLE) (CLIENT ROLE) Choose this if the Choose this if the Choose this to allow Choose this to connect...
Page 370: Before You Begin
Chapter 24 IPSec VPN 24.1.3 Before You Begin This section briefly explains the relationship between VPN tunnels and other features. It also gives some basic suggestions for troubleshooting. You should set up the following features before you set up the VPN tunnel. •...
Page 371: The Vpn Connection Add/Edit (Ike) Screen
Chapter 24 IPSec VPN Each field is discussed in the following table. See Section 24.2.2 on page 377 Section 24.2.1 on page 371 for more information. Table 122 Configuration > VPN > IPSec VPN > VPN Connection LABEL DESCRIPTION Use Policy Select this to be able to use policy routes to manually specify the destination Route to control addresses of dynamic IPSec rules.
Page 372 Chapter 24 IPSec VPN the Add icon, you have to select a specific VPN gateway in the VPN Gateway field before the following screen appears. Figure 249 Configuration > VPN > IPSec VPN > VPN Connection > Edit (IKE) ISG50 User’s Guide...
Page 373 Chapter 24 IPSec VPN Each field is described in the following table. Table 123 Configuration > VPN > IPSec VPN > VPN Connection > Edit LABEL DESCRIPTION Show Advance Click this button to display a greater or lesser number of configuration fields. Settings / Hide Advance Settings Create new Object...
Page 374 Chapter 24 IPSec VPN Table 123 Configuration > VPN > IPSec VPN > VPN Connection > Edit (continued) LABEL DESCRIPTION Policy Clear this to allow traffic with source and destination IP addresses that do not Enforcement match the local and remote policy to use the VPN tunnel. Leave this cleared for free access between the local and remote networks.
Page 375 Chapter 24 IPSec VPN Table 123 Configuration > VPN > IPSec VPN > VPN Connection > Edit (continued) LABEL DESCRIPTION Authentication Select which hash algorithm to use to authenticate packet data in the IPSec SA. Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5, but it is also slower.
Page 376 Chapter 24 IPSec VPN Table 123 Configuration > VPN > IPSec VPN > VPN Connection > Edit (continued) LABEL DESCRIPTION Source Select the address object that represents the original source address (or select Create Object to configure a new one). This is the address object for the computer or network outside the local network.
Page 377: The Vpn Connection Add/Edit Manual Key Screen
Chapter 24 IPSec VPN Table 123 Configuration > VPN > IPSec VPN > VPN Connection > Edit (continued) LABEL DESCRIPTION Click OK to save the changes. Cancel Click Cancel to discard all changes and return to the main VPN screen. 24.2.2 The VPN Connection Add/Edit Manual Key Screen The VPN Connection Add/Edit Manual Key screen allows you to create a new VPN connection or edit an existing one using a manual key.
Page 378 Chapter 24 IPSec VPN Table 124 Configuration > VPN > IPSec VPN > VPN Connection > Add > Manual Key (continued) LABEL DESCRIPTION Secure Gateway Type the IP address of the remote IPSec router in the IPSec SA. Address Type a unique SPI (Security Parameter Index) between 256 and 4095. The SPI is used to identify the ISG50 during authentication.
Page 379: The Vpn Gateway Screen
Chapter 24 IPSec VPN Table 124 Configuration > VPN > IPSec VPN > VPN Connection > Add > Manual Key (continued) LABEL DESCRIPTION Encryption Key This field is applicable when you select an Encryption Algorithm. Enter the encryption key, which depends on the encryption algorithm. DES - type a unique key 8-32 characters long 3DES - type a unique key 24-32 characters long AES128 - type a unique key 16-32 characters long...
Page 380 Chapter 24 IPSec VPN To access this screen, click Configuration > VPN > Network > IPSec VPN > VPN Gateway. The following screen appears. Figure 251 Configuration > VPN > IPSec VPN > VPN Gateway Each field is discussed in the following table. See Section 24.3.1 on page 381 for more information.
Page 381: The Vpn Gateway Add/Edit Screen
Chapter 24 IPSec VPN 24.3.1 The VPN Gateway Add/Edit Screen The VPN Gateway Add/Edit screen allows you to create a new VPN gateway policy or edit an existing one. To access this screen, go to the VPN Gateway summary screen (see Section 24.3 on page 379), and click either the Add icon or an Edit icon.
Page 382 Chapter 24 IPSec VPN Each field is described in the following table. Table 126 Configuration > VPN > IPSec VPN > VPN Gateway > Edit LABEL DESCRIPTION Show Advance Click this button to display a greater or lesser number of configuration fields. Settings / Hide Advance Settings General Settings...
Page 383 Chapter 24 IPSec VPN Table 126 Configuration > VPN > IPSec VPN > VPN Gateway > Edit (continued) LABEL DESCRIPTION Local ID Type This field is read-only if the ISG50 and remote IPSec router use certificates to identify each other. Select which type of identification is used to identify the ISG50 during authentication.
Page 384 Chapter 24 IPSec VPN Table 126 Configuration > VPN > IPSec VPN > VPN Gateway > Edit (continued) LABEL DESCRIPTION Content This field is disabled if the Peer ID Type is Any. Type the identity of the remote IPSec router during authentication. The identity depends on the Peer ID Type.
Page 385 Chapter 24 IPSec VPN Table 126 Configuration > VPN > IPSec VPN > VPN Gateway > Edit (continued) LABEL DESCRIPTION This field is a sequential value, and it is not associated with a specific proposal. The sequence of proposals should not affect performance significantly.
Page 386: Ipsec Vpn Background Information
Chapter 24 IPSec VPN Table 126 Configuration > VPN > IPSec VPN > VPN Gateway > Edit (continued) LABEL DESCRIPTION Enable Extended Select this if one of the routers (the ISG50 or the remote IPSec router) Authentication verifies a user name and password from the other router using the local user database and/or an external server.
Page 387 Chapter 24 IPSec VPN IKE SA Proposal The IKE SA proposal is used to identify the encryption algorithm, authentication algorithm, and Diffie-Hellman (DH) key group that the ISG50 and remote IPSec router use in the IKE SA. In main mode, this is done in steps 1 and 2, as illustrated next. Figure 253 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal One or more proposals, each one consisting of: - encryption algorithm...
Page 388 Chapter 24 IPSec VPN Diffie-Hellman (DH) Key Exchange The ISG50 and the remote IPSec router use DH public-key cryptography to establish a shared secret. The shared secret is then used to generate encryption keys for the IKE SA and IPSec SA. In main mode, this is done in steps 3 and 4, as illustrated next.
Page 389 Chapter 24 IPSec VPN You have to create (and distribute) a pre-shared key. The ISG50 and remote IPSec router use it in the authentication process, though it is not actually transmitted or exchanged. Note: The ISG50 and the remote IPSec router must use the same pre-shared key. Router identity consists of ID type and content.
Page 390 Chapter 24 IPSec VPN Main mode takes six steps to establish an IKE SA. Steps 1 - 2: The ISG50 sends its proposals to the remote IPSec router. The remote IPSec router selects an acceptable proposal and sends it back to the ISG50. Steps 3 - 4: The ISG50 and the remote IPSec router exchange pre-shared keys for authentication and participate in a Diffie-Hellman key exchange, based on the accepted DH key group, to establish a shared secret.
Page 391 Chapter 24 IPSec VPN • Configure the NAT router to forward packets with the extra header unchanged. (See the field description for detailed information about the extra header.) The extra header may be UDP port 500 or UDP port 4500, depending on the standard(s) the ISG50 and remote IPSec router support.
Page 392 Chapter 24 IPSec VPN Active Protocol The active protocol controls the format of each packet. It also specifies how much of each packet is protected by the encryption and authentication algorithms. IPSec VPN includes two active protocols, AH (Authentication Header, RFC 2402) and ESP (Encapsulating Security Payload, RFC 2406).
Page 393 Chapter 24 IPSec VPN If you enable PFS, the ISG50 and remote IPSec router perform a DH key exchange every time an IPSec SA is established, changing the root key from which encryption keys are generated. As a result, if one encryption key is compromised, other encryption keys remain secure. If you do not enable PFS, the ISG50 and remote IPSec router use the same root key that was generated when the IKE SA was established to generate encryption keys.
Page 394 Chapter 24 IPSec VPN • Destination address in inbound packets - this translation is used if you want to forward packets (for example, mail) from the remote network to a specific computer (like the mail server) in the local network. Each kind of translation is explained below.
Page 395 Chapter 24 IPSec VPN Destination Address in Inbound Packets (Inbound Traffic, Destination NAT) You can set up this translation if you want the ISG50 to forward some packets from the remote network to a specific computer in the local network. For example, in Figure 258 on page 394, you can configure this kind of translation if you want to forward mail from the remote network to the...
Page 396 Chapter 24 IPSec VPN ISG50 User’s Guide...
Page 397: Bandwidth Management
HAPTER Bandwidth Management 25.1 Overview Bandwidth management provides a convenient way to manage the use of various services on the network. It manages general protocols (for example, HTTP and FTP) and applies traffic prioritization to enhance the performance of delay-sensitive applications like voice and video. 25.1.1 What You Can Do in this Chapter Use the BWM screens (see Section 25.2 on page...
Page 398 Chapter 25 Bandwidth Management Connection and Packet Directions Bandwidth management looks at the connection direction, that is from which zone the connection was initiated and to which zone the connection is going. A connection has outbound and inbound packet flows. The ISG50 controls the bandwidth of traffic of each flow as it is going out through an interface or VPN tunnel.
Page 399 Chapter 25 Bandwidth Management • Inbound traffic is limited to 500 kbs. The connection initiator is on the LAN1 so inbound means the traffic traveling from the WAN to the LAN1. Figure 260 LAN1 to WAN, Outbound 200 kbps, Inbound 500 kbps Inbound Outbound 200 kbps...
Page 400 Chapter 25 Bandwidth Management 1000 kbps, but the WAN is set to a maximum outgoing speed of 1000 kbps. You configure policy A for server A’s traffic and policy B for server B’s traffic. Figure 261 Bandwidth Management Behavior 1000 kbps 1000 kbps 1000 kbps Configured Rate Effect...
Page 401: Bandwidth Management Examples
Chapter 25 Bandwidth Management Priority and Over Allotment of Bandwidth Effect Server A has a configured rate that equals the total amount of available bandwidth and a higher priority. You should regard extreme over allotment of traffic with different priorities (as shown here) as a configuration error.
Page 402 Chapter 25 Bandwidth Management • FTP traffic from the LAN1 to the DMZ can use more bandwidth since the interfaces support up to 1 Gbps connections, but it must be the lowest priority and limited so it does not interfere with SIP and HTTP traffic.
Page 403 Chapter 25 Bandwidth Management • Enable maximize bandwidth usage so the SIP traffic can borrow unused bandwidth. Figure 263 SIP Any to WAN Bandwidth Management Example Outbound: 200 kbps Inbound: 200 kbps 25.1.3.3 SIP WAN to Any Bandwidth Management Example You also create a policy for calls coming in from the SIP server on the WAN.
Page 404: The Bandwidth Management Screen
Chapter 25 Bandwidth Management • Disable maximize bandwidth usage since you do not want to give FTP more bandwidth. Figure 265 FTP WAN to DMZ Bandwidth Management Example Outbound: 300 kbps Inbound: 100 kbps 25.1.3.6 FTP LAN to DMZ Bandwidth Management Example •...
Page 405 Chapter 25 Bandwidth Management Click Configuration > Bandwidth Management to open the following screen. Configuration > Bandwidth Management Figure 267 The following table describes the labels in this screen. See Section 25.2.1 on page 406 for more information as well. Configuration >...
Page 406: The Bandwidth Management Add/Edit Screen
Chapter 25 Bandwidth Management Configuration > Bandwidth Management Table 133 LABEL DESCRIPTION This is the destination zone of the traffic to which this policy applies. Source This is the source address or address group for whom this policy applies. If any displays, the policy is effective for every source.
Page 407 Chapter 25 Bandwidth Management Management screen (see Section 25.2 on page 404), and click either the Add icon or an Edit icon. Configuration > Bandwidth Management > Edit Figure 268 The following table describes the labels in this screen. Configuration > Bandwidth Management Table 134 LABEL DESCRIPTION...
Page 408 Chapter 25 Bandwidth Management Configuration > Bandwidth Management Table 134 LABEL DESCRIPTION DSCP Marking Set how the ISG50 handles the DSCP value of the outgoing packets that match this policy. Inbound refers to the traffic the ISG50 sends to a connection’s initiator.
Page 409 Chapter 25 Bandwidth Management Configuration > Bandwidth Management Table 134 LABEL DESCRIPTION Click OK to save your changes back to the ISG50. Cancel Click Cancel to exit this screen without saving your changes. ISG50 User’s Guide...
Page 410 Chapter 25 Bandwidth Management ISG50 User’s Guide...
Page 411: Adp
HAPTER 26.1 Overview This chapter introduces ADP (Anomaly Detection and Prevention), anomaly profiles and applying an ADP profile to a traffic direction. ADP protects against anomalies based on violations of protocol standards (RFCs – Requests for Comments) and abnormal flows such as port scans. 26.1.1 ADP ADP anomaly detection is in general effective against abnormal behavior.
Page 412: Before You Begin
Chapter 26 ADP Base ADP Profiles Base ADP profiles are templates that you use to create new ADP profiles.The ISG50 comes with several base profiles. See Table 136 on page 414 for details on ADP base profiles. ADP Policy An ADP policy refers to application of an ADP profile to a traffic flow. Finding Out More •...
Page 413: The Profile Summary Screen
Chapter 26 ADP Table 135 Configuration > Anti-X > ADP > General (continued) LABEL DESCRIPTION Policies Use this list to specify which anomaly profile the ISG50 uses for traffic flowing in a specific direction. Edit the policies directly in the table. Click this to create a new entry.
Page 414: Base Profiles
Chapter 26 ADP • Delete an existing profile 26.3.1 Base Profiles The ISG50 comes with base profiles. You use base profiles to create new profiles. In the Configuration > Anti-X > ADP > Profile screen, click Add to display the following screen. Figure 270 Base Profiles These are the default base profiles at the time of writing.
Page 415: Creating New Adp Profiles
Chapter 26 ADP The following table describes the fields in this screen. Table 137 Anti-X > ADP > Profile LABEL DESCRIPTION Click this to create a new entry. Edit Select an entry and click this to be able to modify it. Remove Select an entry and click this to delete it.
Page 416 Chapter 26 ADP Figure 272 Profiles: Traffic Anomaly ISG50 User’s Guide...
Page 417 Chapter 26 ADP The following table describes the fields in this screen. Table 138 Configuration > ADP > Profile > Traffic Anomaly LABEL DESCRIPTION Name This is the name of the ADP profile. You may use 1-31 alphanumeric characters, underscores( ), or dashes (-), but the first character cannot be a number.
Page 418: Protocol Anomaly Profiles
Chapter 26 ADP Table 138 Configuration > ADP > Profile > Traffic Anomaly (continued) LABEL DESCRIPTION Cancel Click Cancel to return to the profile summary page without saving any changes. Save Click Save to save the configuration to the ISG50 but remain in the same page. You may then go to the another profile screen (tab) in order to complete the profile.
Page 419 Chapter 26 ADP Figure 273 Profiles: Protocol Anomaly ISG50 User’s Guide...
Page 420 Chapter 26 ADP The following table describes the fields in this screen. Table 139 Configuration > ADP > Profile > Protocol Anomaly LABEL DESCRIPTION Name This is the name of the profile. You may use 1-31 alphanumeric characters, underscores( ), or dashes (-), but the first character cannot be a number. This value is case-sensitive.
Page 421: Adp Technical Reference
Chapter 26 ADP Table 139 Configuration > ADP > Profile > Protocol Anomaly (continued) LABEL DESCRIPTION These are the log options. To edit this, select an item and use the Log icon. Action This is the action the ISG50 should take when a packet matches a rule. To edit this, select an item and use the Action icon.
Page 422 Chapter 26 ADP Decoy Port Scans Decoy port scans are scans where the attacker has spoofed the source address. These are some decoy scan types: • TCP Decoy Portscan • UDP Decoy Portscan • IP Decoy Portscan Distributed Port Scans Distributed port scans are many-to-one port scans.
Page 423 Chapter 26 ADP Flood Detection Flood attacks saturate a network with useless data, use up all available bandwidth, and therefore make communications in the network impossible. ICMP Flood Attack An ICMP flood is broadcasting many pings or UDP packets so that so much data is sent to the system, that it slows it down or locks it up.
Page 424 Chapter 26 ADP A SYN flood attack is when an attacker sends a series of SYN packets. Each packet causes the receiver to reply with a SYN-ACK response. The receiver then waits for the ACK that follows the SYN-ACK, and stores all outstanding SYN-ACK responses on a backlog queue. SYN-ACKs are only moved off the queue when an ACK comes back or when an internal timer ends the three-way handshake.
Page 425 Chapter 26 ADP HTTP Inspection and TCP/UDP/ICMP Decoders The following table gives some information on the HTTP inspection, TCP decoder, UDP decoder and ICMP decoder ISG50 protocol anomaly rules. Table 140 HTTP Inspection and TCP/UDP/ICMP Decoders LABEL DESCRIPTION HTTP Inspection APACHE-WHITESPACE This rule deals with non-RFC standard of tab for a space delimiter.
Page 426 Chapter 26 ADP Table 140 HTTP Inspection and TCP/UDP/ICMP Decoders (continued) LABEL DESCRIPTION OVERSIZE-REQUEST-URI- This rule takes a non-zero positive integer as an argument. The DIRECTORY ATTACK argument specifies the max character directory length for URL directory. If a URL directory is larger than this argument size, an alert is generated.
Page 427 Chapter 26 ADP Table 140 HTTP Inspection and TCP/UDP/ICMP Decoders (continued) LABEL DESCRIPTION ICMP Decoder TRUNCATED-ADDRESS- This is when an ICMP packet is sent which has an ICMP datagram HEADER ATTACK length of less than the ICMP address header length. This may cause some applications to crash.
Page 428 Chapter 26 ADP ISG50 User’s Guide...
Page 429: Global Pbx Settings
HAPTER Global PBX Settings 27.1 Overview This chapter shows you how to set up your ISG50-wide PBX settings including SIP server, feature code, email, fake IP, peer to peer, QoS and TAPI settings. The following diagram shows SIP devices communicating with the ISG50. In SIP some devices act as clients and others as servers.
Page 430: What You Need To Know
Chapter 27 Global PBX Settings • Use the Peer to peer screen to set up a direct connection between two IP phones on the same subnet. See Section 27.6 on page 436. • Use the QoS screen to configure Quality of Service (QoS) settings. See Section 27.7 on page 440.
Page 431: The Sip Server Screen
Chapter 27 Global PBX Settings The ISG50 can be configured to change the priority field of IP packets for all outgoing RTP (Real Time Protocol) packets. The ISG50 supports Differentiated Services (DiffServ) for implementing QoS. Configure the ISG50 with the QoS settings that your network uses for VoIP. TAPI Microsoft Windows Telephony Application Programming Interface (TAPI) integrates the ISG50’s telephone services with user computers.
Page 432 Chapter 27 Global PBX Settings Section 13.2 on page 285 to set the WAN trunk the ISG50 uses for default traffic. Figure 278 Configuration > PBX > Global > SIP Server Each field is described in the following table. Table 141 Configuration > PBX > Global > SIP Server LABEL DESCRIPTION SIP Server Realm...
Page 433: The Feature Code Screen
Chapter 27 Global PBX Settings Table 141 Configuration > PBX > Global > SIP Server (continued) LABEL DESCRIPTION Enable Personal Select From external call to enable the ISG50’s auto-attendant feature for calls received from outside the PBX-managed telephone system. Select From internal call to enable the ISG50’s auto-attendant feature for calls received from within the PBX-managed telephone system.
Page 434 Chapter 27 Global PBX Settings The following table describes the labels in this screen. Table 142 Configuration > PBX > Global > Feature Code LABEL DESCRIPTION Group Pickup This code is used to pick up calls for your extension from a different extension in the same authority group.
Page 435: The E-Mail Screen
Chapter 27 Global PBX Settings 27.4 The E-Mail Screen Use this screen to configure the mail server information through which the ISG50 sends voice mails and CDR (Call Detail Record) files to the email addresses which you configured in extension voice mail (see Section 29.3.3 on page 467) and CDR (see...
Page 436: The Peer To Peer Screen
Chapter 27 Global PBX Settings Click Configuration > PBX > Global > Fake IP to view the screen as shown next. Figure 281 Configuration > PBX > Global > Fake IP Each field is described in the following table. Table 144 Server > Fake IP LABEL DESCRIPTION Enable Fake IP...
Page 437: How The Peer-To-Peer Sip Connection Works
Chapter 27 Global PBX Settings Each field is described in the following table. Table 145 Configuration > PBX > Global > Peer to Peer LABEL DESCRIPTION Enable Peer to Select this to have the ISG50 to set up direct connections between two IP phones on the Peer same subnet.
Page 438: Add Peer-To-Peer Local Net
Chapter 27 Global PBX Settings Note: If either phone A or B requests to use a feature specific to the ISG50, such as call parking or music on hold, the ISG50 interrupts the direct communication bridge and re-establishes control of the two SIP connections. Figure 283 A Peer-to-Peer Example Bridge 27.6.2 Add Peer-to-Peer Local Net...
Page 439: How Local Net And Peer-To-Peer Work Together
Chapter 27 Global PBX Settings Each field is described in the following table. Table 146 Configuration > PBX > Global > Peer to Peer > Add LABEL DESCRIPTION IPv4 subnet in Enter an IPv4-compatible IP address in this field then select the length of the subnet CIDR format mask from the list.
Page 440: The Qos Screen
Chapter 27 Global PBX Settings However, peer-to-peer calls cannot be made between devices if one of them belongs to a subnet listed in the localnet table and the other does not. 3.3.3.3 Local Net = 192.168.1.0/24 192.168.1.54 Furthermore, the devices making a peer-to-peer connection: •...
Page 441 Chapter 27 Global PBX Settings Each field is described in the following table. Table 147 Configuration > PBX > Global > QoS LABEL DESCRIPTION Select the DSCP value to mark outgoing SIP control packets. You can choose one of the AF (Assured Forwarding) values or select User Define to specify another DSCP value.
Page 442: The Tapi Screen
Chapter 27 Global PBX Settings 27.8 The TAPI Screen Use this screen to enable TAPI, configure TAPI line settings on the ISG50 and download the ZyXEL TAPI driver. To access this screen, click Configuration > PBX > Global > TAPI. Figure 286 Configuration >...
Page 443: Setting Up The Tapi Driver And Utility On Your Computer
Chapter 27 Global PBX Settings Table 148 Configuration > PBX > Global > TAPI (continued) LABEL DESCRIPTION Server1/2 Specify the password for the TAPI server account. Password You can use up to 63 printable ASCII characters. Server TAPI Lines Peer Pool lists all the extension numbers that you created in the Authority Group > Settings Add screen (see 462).
Page 444 Chapter 27 Global PBX Settings Click Configuration > PBX > Global > TAPI. Click Download and save the file to your computer. Unzip the file and run it, following the on-screen instructions to install it. Open the ZyXEL_TAPI_for_ISG utility and click Configure..ISG50 User’s Guide...
Page 445 Chapter 27 Global PBX Settings In the Server window, click Settings..Enter the ISG50’s host name and IP address. If you want the computer to work as a TAPI server and manage more than one extension, enter the user name and password for a server account already configured in the ISG50.
Page 446 Chapter 27 Global PBX Settings In the Devices window, you can view the state and channel for the TAPI lines that you can control and manage. To change the TAPI line state or make/answer a call, you need the CTI (Computer Telephony Integration) client or server software, such as xtelsio CTI Client or ESTOS UCServer.
Page 447: Network Technical Reference
Chapter 27 Global PBX Settings 27.9 Network Technical Reference This section contains background material relevant to the Server screens. ISDN Overview ISDN (Integrated Service Digital Network) is a circuit-switched telephone network system. In ISDN, there are two types of channels: B-channels and D-channels. ISDN allows digital transmission of voice, video and data over ordinary telephone copper wires using B-channels with 64 kbps bandwidth.
Page 448: Voice Interfaces
HAPTER Voice Interfaces 28.1 Overview This chapter shows you how to configure parameters for FXO/FXS, and ISDN BRI channels. 28.1.1 What You Can Do in this Chapter • Use the FXS screen to configure the ISG50’s FXS ports for connecting analog phones to your ISG50.
Page 449: The Fxs Screen
Chapter 28 Voice Interfaces performance, monitoring, power transfer, and multiplexing of the channels. You must connect a TE device to a NT device to access an ISDN network. The ISG50 is a TE device. Types of ISDN Switches There are many different ISDN switch types from different vendors in the world. The BRI interface enables the ISG50 to communicate with the following BRI switches.
Page 450: The Fxo Screen
Chapter 28 Voice Interfaces Table 149 Configuration > PBX > Voice Interfaces > FXS (continued) LABEL DESCRIPTION Apply Click this to save your changes. Reset Click this to set every field in this screen to its last-saved value. 28.3 The FXO Screen Use this screen to configure settings related to the FXO lines configured on the ISG50.
Page 451: The Bri Screen
Chapter 28 Voice Interfaces 28.4 The BRI Screen Use this screen to configure ISDN BRI interface settings on the ISG50. Click Configuration > PBX > Voice Interfaces > BRI to view the screen as shown next. Figure 289 Configuration > PBX > Voice Interfaces > BRI Each field is described in the following table.
Page 452 Chapter 28 Voice Interfaces Table 151 Configuration > PBX > Voice Interfaces > BRI (continued) LABEL DESCRIPTION Type of Number Select the type for the prefix number which might be required by your telephone company to make outgoing calls. The options you can select are abbreviated, unknown, international, national, network-specific, and subscriber.
Page 453: Extension Management
HAPTER Extension Management 29.1 Overview This chapter shows you how to configure settings for managing groups of extensions. 29.1.1 What You Can Do in this Chapter • Use the Authority Group screen to set up, configure and manage the ISG50’s authority groups. Section 29.2 on page 458.
Page 454 Chapter 29 Extension Management The following figure shows the ISG50’s extensions divided into three authority groups (AG1, 2 and 3). Each authority group can have different settings and privileges. Figure 290 Authority Group Overview The group access code allows you to use the outbound dialing rules assigned to your authority group from extensions that do not have the same outbound dialing rules assigned to them.
Page 455 Chapter 29 Extension Management make long distance calls). She enters the code number and is able to place a call over the long distance connection. Figure 291 Call Access Code Overview Long Distance Enter Code Group Access Codes Group access codes allow your authority group members to use their group’s privileges with whichever extension they are using.
Page 456 Chapter 29 Extension Management • Each extension can be a member of only one authority group. • SIP and FXS extensions are treated the same within an authority group. Mobile Extensions A mobile extension is essentially call forwarding to both your IP phone extension and another phone.
Page 457: Before You Begin
Chapter 29 Extension Management Click-To-Talk (CTT) A Click-To-Talk (CTT) group allows visitors to your website to click an HTML link to use a web-based IP phone to connect to the CTT group’s extensions. Figure 293 A Click-To-Talk Example For example, users A and B click on an embedded Click-To-Talk link on a company’s online ordering web page, the web-based IP phone opens and lets them talk to the the CTT group’s extensions (sales agents C and D in this example).
Page 458: The Authority Group Screen
Chapter 29 Extension Management 29.2 The Authority Group Screen Use this screen to set up authority groups on the ISG50. To access this screen, click Configuration > PBX > Extension Management > Authority Group. Figure 294 Configuration > PBX > Extension Management > Authority Group Each field is described in the following table.
Page 459: The Authority Group Edit Screen
Chapter 29 Extension Management Each field is described in the following table. Table 153 Add Authority Group LABEL DESCRIPTION Authority Group Type a new name or modify an existing name for this authority group. You can use 1-20 Name alphanumeric characters (A-Z, a-z, 0-9) and underscores (_). Group ID Type 1-5 digits to use as an ID for this authority group.
Page 460 Chapter 29 Extension Management Note: You can use a subscription to increase the number of supported extensions. See Chapter 11 on page 229. Figure 296 Authority Group Edit Each field is described in the following table. Table 154 Authority Group Edit LABEL DESCRIPTION Authority Group...
Page 461: Extension Features
Chapter 29 Extension Management Table 154 Authority Group Edit (continued) LABEL DESCRIPTION Batch Add SIP Peer Click Batch Add if you want to configure multiple extensions for IP phones connected to the ISG50. Edit Double-click an entry or select it and click Edit to open a screen where you can modify the extension’s settings.
Page 462: Extension Add/Edit The Basic Screen
Chapter 29 Extension Management • Call Forwarding - set up call forwarding rules for the individual extension based on the following criteria: • Your extension is busy. • You turn on DND (Do Not Disturb). You can set up a list of telephone numbers, referred to as the White List that ignore DND.
Page 463: The Extension Call Forward Screen
Chapter 29 Extension Management Table 155 Extension Add/Edit: Basic (continued) LABEL DESCRIPTION Extension Number Type the extension number for this IP phone extension. The extension number can be 3- 10 digits. This is configurable when adding an extension. Web/VM PIN Code Type the 3-10 digit PIN code that allows the person with this extension to access the web portal or Voice Mail.
Page 464 Chapter 29 Extension Management To access this screen, click the Call Forward tab in any of the SIP extension configuration screens. Figure 298 Extension Add/Edit: Call Forward ISG50 User’s Guide...
Page 465 Chapter 29 Extension Management Each field is described in the following table. Table 156 Extension Add/Edit: Call Forward LABEL DESCRIPTION Office Hour The ISG50 has separate rules for call forwarding during office hours than after office hours. The settings you configure specify the office hours for this extension and affect call forwarding during those office hours.
Page 466 Chapter 29 Extension Management Table 156 Extension Add/Edit: Call Forward (continued) LABEL DESCRIPTION No Answer Forward Select Disable to turn this feature off for this extension. Select Enable to forward all incoming calls to the extensions specified in the Find Me List when this extension is not answered within the default ring time.
Page 467: The Extension Voice Mail Settings Screen
Chapter 29 Extension Management 29.3.3 The Extension Voice Mail Settings Screen Use this screen to configure voice mail settings for this extension. To access this screen, click the Voice Mail tab in any of the SIP extension configuration screens. Figure 299 Extension Add/Edit: Voice Mail Each field is described in the following table.
Page 468: The Extension Advanced Screen
Chapter 29 Extension Management 29.3.4 The Extension Advanced Screen Use this screen to configure advanced settings for this extension. The fields available varies depending on the extension type. Click the Advanced tab in any of the SIP extension configuration screens to view the screen as shown. Figure 300 Extension Add/Edit: Advanced Each field is described in the following table.
Page 469: The Batch Add Sip Screen
Chapter 29 Extension Management Table 158 Extension Add/Edit: Advanced (continued) LABEL DESCRIPTION Codec List This column indicates the codec types used by this extension. You can organize the priority of the codecs by highlighting it and clicking the Up or Down buttons to move the codec higher or lower in priority.
Page 470 Chapter 29 Extension Management Each field is described in the following table. Table 159 Batch Add SIP Extensions LABEL DESCRIPTION Batch Add SIP Peers Group Select the authority group you want these extensions to belong to. Start Number Type the first extension number for this range of extensions. Extensions can be 3-10 digits long.
Page 471: The Group Access Code Screen
Chapter 29 Extension Management Table 159 Batch Add SIP Extensions (continued) LABEL DESCRIPTION Codec List This column indicates the codec types used by this extension. You can organize the priority of the codecs by highlighting it and clicking the Up or Down buttons to move the codec higher or lower in priority.
Page 472: The Click To Talk Group Screen
Chapter 29 Extension Management 29.5 The Click To Talk Group Screen This screen allows you to set up CTT groups and their associated extensions. A CTT group is not related to an Authority Groups; it is created solely for the purpose of connecting calls placed with the web-based utility on a web page to the related extensions.
Page 473 Chapter 29 Extension Management Click the Add or Edit icon in the Click To Talk Group screen to display the options as shown next. Figure 304 Click To Talk Group Settings Each field is described in the following table. Table 162 Click To Talk Group Settings LABEL DESCRIPTION Group Name...
Page 474 Chapter 29 Extension Management 29.5.1.1 Sample HTML for a Click-To-Talk Extension This is the basic JavaScript and HTML code used to embed the ZyXEL web-based IP phone client in a web page. <script lang="JavaScript" src="http://WEB_SERVER_ADDR/ctt.js"></script> <a href= "javascript:Click_to_Talk('WEB_SERVER_ADDR','dicompjrwmA7352)yshvpdqg@wm4rV q[8&yuhvuhgrhx?zo3qTpZ:(vitvitltcghr@595246.542344<5483*fwqfpsfhA5)uuhvkgAL olcqr(wynqinlt?474165173.533*vxrnhprrvv@82')">Click_to_Talk</a> Note: You must replace both WEB_SERVER_ADDR strings in the sample code with your own company’s website.
Page 475: Authority Group Technical Reference
Chapter 29 Extension Management 29.6 Authority Group Technical Reference This section contains technical background information about the Authority Group screens. Voice Codecs A codec (coder/decoder) codes analog voice signals into digital signals and decodes the digital signals back into voice signals. The following table describes the codecs supported on the ISG50 Table 163 Voice Codecs Supported CODEC DESCRIPTION...
Page 476 Chapter 29 Extension Management into video signals. Although the ISG50 does not perform any video coding, it does support the pass through of the following video codecs. Table 164 Video Codecs Supported CODEC DESCRIPTION H.261 This is an ITU (International Telecommunication Union) video coding standard. H.261 was designed in 1990 and is considered the first practical video coding standard.
Page 477: Outbound Trunk Group
HAPTER Outbound Trunk Group 30.1 Overview This covers you how to manage outside lines on the ISG50. The following diagram shows the ISG50 connected to the various types of outside connections: • FXO/BRI Trunk (A): shows the ISG50 connected to the PSTN (Public Switched Telephone Network) or ISDN (Integrated Service Digital Network) via an FXO/BRI port on the ISG50.
Page 478: What You Need To Know
Chapter 30 Outbound Trunk Group • Use the LCR screens (starting in Section 31.2 on page 505) to configure the Configure Least Cost Routing (LCR) dialing rules. 30.1.2 What You Need to Know The following terms and concepts may help you as you read through the chapter. Outbound Trunk The outbound lines define a connection between the ISG50 and the PSTN, ISDN, ITSP or your trusted peer (another ISG50).
Page 479 Chapter 30 Outbound Trunk Group AA (Auto Attendant) After calling the number, the caller is prompted to dial the extension number. Figure 307 Auto Attendant (AA) Example Please dial extension! 6 0 1 2 555-123456 6012 ISDN DDI (Direct Dial In) DDI (also called DID, Direct Inward Dial) is a feature that maps a public number to an extension number.
Page 480 Chapter 30 Outbound Trunk Group This example also shows three call examples. A - When an outsider calls 555-123457, the call is mapped to the extension 1111. B - When someone makes an outgoing call from the extension 1111, the caller ID shown to the callee is 555-123457.
Page 481: Before You Begin
Chapter 30 Outbound Trunk Group 30.1.3 Before You Begin Before you start to configure an outbound line group, please consider the following. • In order to create an FXO/BRI trunk the ISG50 must have a corresponding FXO or BRI port. •...
Page 482 Chapter 30 Outbound Trunk Group Each field is described in the following table. Table 165 Outbound Line Management > Outbound Trunk Group LABEL DESCRIPTION SIP Trunk / Trust These headings divide the screen into sections based on the type of outside line you have Peer / FXO / BRI configured: Settings...
Page 483: Sip Trunk Add/Edit
Chapter 30 Outbound Trunk Group 30.2.1 SIP Trunk Add/Edit Use this screen to configure a SIP trunk. Click the Add or Edit icon in the SIP Trunk Settings section of the Outbound Trunk Group configuration screen to view the screen as shown. Figure 312 SIP Trunk Add/Edit ISG50 User’s Guide...
Page 484 Chapter 30 Outbound Trunk Group Each field is described in the following table. Table 166 SIP Trunk Add/Edit LABEL DESCRIPTION Trunk Name Type the name of this SIP trunk. This field can be 1-30 alphanumeric characters (A-Z, a-z, 0-9) and underscores (_). The first character must be a letter. Description Type the description for this SIP interface.
Page 485 Chapter 30 Outbound Trunk Group Table 166 SIP Trunk Add/Edit (continued) LABEL DESCRIPTION Minimum SE Enter the minimum session expiry time in seconds. The allowable range is 90~1800 seconds. When an incoming call requests a session expiry time that is lower than this, the ISG50 uses this value instead.
Page 486: Sip Auto Attendant And Ddi Setup
Chapter 30 Outbound Trunk Group Table 166 SIP Trunk Add/Edit (continued) LABEL DESCRIPTION Codec Setting Select the type of voice coder/decoder (codec) that you want this extension to use when communicating with the ISG50. The following codecs (shown in highest quality to lowest quality order) are supported by the ISG50: •...
Page 487 Chapter 30 Outbound Trunk Group your DID (Direct Inward Dialing) settings. In the the Outbound Trunk Group configuration screen, select a SIP trunk and click the Auto-Attendant icon to view the screen as shown. Figure 313 SIP Auto Attendant and DDI Setup Each field is described in the following table.
Page 488: Add Ddi/Did Number
Chapter 30 Outbound Trunk Group Table 167 SIP Auto Attendant and DDI Setup LABEL DESCRIPTION Enable Routing by Select this if this auto-attendant interacts with a SIP server that uses the SIP To header to SIP "To" Header do the DDI/DID mapping. If this SIP trunk outbound line group has DDI/DID mode enabled, using this deletes all of the this SIP trunk outbound line group’s DDI/DID mapping settings and sets the DDI/DID Mask to 0.
Page 489 Chapter 30 Outbound Trunk Group Each field is described in the following table. Table 168 Add DDI/DID Number LABEL DESCRIPTION DDI/DID Number Enter a DDI/DID number which allows outsiders to call and reach an extension directly. The number of digits you can enter in this field depends on what you set in the Representative Number DDI/DID Mask field.
Page 490: Trusted Peer Trunk Add/Edit
Chapter 30 Outbound Trunk Group 30.2.4 Trusted Peer Trunk Add/Edit Use this screen to configure a trusted peer trunk. Click the Add or Edit icon in the Trust Peer Settings section of the Outbound Trunk Group configuration screen to view the screen as shown.
Page 491 Chapter 30 Outbound Trunk Group Each field is described in the following table. Table 169 Trusted Peer Trunk Add/Edit LABEL DESCRIPTION Trunk Name Type the name of this trunk. This field can be 1-30 alphanumeric characters (A-Z, a-z, 0- 9) and underscores (_). The first character must be a letter. Description Type the description for this interface.
Page 492 Chapter 30 Outbound Trunk Group Table 169 Trusted Peer Trunk Add/Edit (continued) LABEL DESCRIPTION CallerID Setting Configure this section to change the format of identification you want to send when you make VoIP phone calls. The default format is “From: “Extension”<Extension@Server IP>”. CallerID Viewer This field displays the caller ID format shown to the callees depending on the setting you configure in the CallerID Name &...
Page 493: Trusted Peer Auto Attendant And Ddi Setup
Chapter 30 Outbound Trunk Group Table 169 Trusted Peer Trunk Add/Edit (continued) LABEL DESCRIPTION Codec Setting Select the type of voice coder/decoder (codec) that you want this extension to use when communicating with the ISG50. The following codecs (shown in highest quality to lowest quality order) are supported by the ISG50: •...
Page 494 Chapter 30 Outbound Trunk Group DID (Direct Inward Dialing) settings. In the the Outbound Trunk Group configuration screen, select a trusted peer trunk and click the Auto-Attendant icon to view the screen as shown. Figure 316 Trusted Peer Auto Attendant and DDI Setup Each field is described in the following table.
Page 495: Add/Edit Fxo Trunk
Chapter 30 Outbound Trunk Group Table 170 Trusted Peer Auto Attendant and DDI Setup LABEL DESCRIPTION Representative This field displays the representative number configured for the trunk. Number Enable Routing by Select this if this auto-attendant interacts with a SIP server that uses the SIP To header to SIP "To"...
Page 496: Fxo Or Bri Auto Attendant
Chapter 30 Outbound Trunk Group Each field is described in the following table. Table 171 Add/Edit FXO Trunk LABEL DESCRIPTION Trunk Name Type the name of this FXO interface group. This field can be 1-30 alphanumeric characters (A-Z, a-z, 0-9) and underscores (_). The first character must be a letter. Description Type the description for this FXO interface.
Page 497: Add/Edit Bri Trunk
Chapter 30 Outbound Trunk Group Each field is described in the following table. Table 172 AA for FXO or BRI Trunk LABEL DESCRIPTION Trunk Name This field displays the name of the outbound line trunk. Apply AA Type Select the auto attendant you want to use when calls come in on this outbound line group. Select AA (Auto-Attendant) to forward all calls coming in through this outbound line group to an Auto-Attendant system first.
Page 498 Chapter 30 Outbound Trunk Group Settings section of the Outbound Trunk Group configuration screen to view the screen as shown. Figure 319 BRI Trunk - Add/Edit: AA Figure 320 BRI Trunk - Add/Edit: MSN ISG50 User’s Guide...
Page 499 Chapter 30 Outbound Trunk Group Figure 321 BRI Trunk - Add/Edit: DDI/DID ISG50 User’s Guide...
Page 500 Chapter 30 Outbound Trunk Group Figure 322 BRI Trunk - Add/Edit: Direct Each field is described in the following table. Table 173 BRI Trunk Add/Edit LABEL DESCRIPTION General Settings Trunk Name Type the name of this BRI interface. This field can be 1-30 alphanumeric characters (A-Z, a-z, 0-9) and underscores (_).
Page 501 Chapter 30 Outbound Trunk Group Table 173 BRI Trunk Add/Edit (continued) LABEL DESCRIPTION Available For DDI/DID, AA, and Direct, this list displays the available slots and ports on the Interface ISG50. Click one slot and port and then click the Right icon if you want to add it to this outbound group.
Page 502: Add Bri Trunk Ddi/Did Mapping
Chapter 30 Outbound Trunk Group 30.2.9 Add BRI Trunk DDI/DID Mapping Use this screen to add or edit DDI/DID mapping table entries. Click the Add icon in the DDI/DID Mapping Setting section of the BRI Trunk - Add configuration screen to view the screen as shown.
Page 503: Auto-Attendant
HAPTER Auto-attendant 31.1 Overview This chapter shows you how to configure auto-attendant on the ISG50. An auto-attendant is software which acts as an automatic switchboard operator. Auto-attendants help route incoming calls to their proper extension. An auto-attendant is assigned to each outbound line group and it services incoming calls on those lines.
Page 504 Chapter 31 Auto-attendant Default Auto-Attendant Structure The ISG50 comes with a default auto-attendant. The default auto-attendant simply prompts callers to enter the extension they wish to reach. There is only one time when a caller has to make a decision. The following figure shows the default auto-attendant structure. Figure 325 Auto-Attendant Default Structure Example 1001 1002...
Page 505: The Default Auto-Attendant Screen
Chapter 31 Auto-attendant • Direct a call to an extension. “Dial 1 to reach the operator.” • Direct a caller to the next menu. “Dial 2 to reach the sales department.” • Allow the caller to listen to the current menu again. “Dial 3 to listen to this menu again.” •...
Page 506 Chapter 31 Auto-attendant Click Configuration > PBX > Outbound Line Management > Auto-Attendant to view the screen as shown next. Figure 328 Auto-Attendant > Default Each field is described in the following table. Table 175 Auto-Attendant > Default LABEL DESCRIPTION Greeting Upload Audio File Click Browse to locate an audio file to be used as the auto-attendant greeting message,...
Page 507: The Customized Auto-Attendant Screen
Chapter 31 Auto-attendant Table 175 Auto-Attendant > Default (continued) LABEL DESCRIPTION Action Type Select how the auto-attendant should proceed if no key is pressed for 5 seconds or the caller inputs an incorrect key code three times in a row. •...
Page 508: The Add/Edit Auto-Attendant Screen
Chapter 31 Auto-attendant Table 176 Auto-Attendant > Customized (continued) LABEL DESCRIPTION Download Select an entry and click Download to save the selected auto-attendant’s audio files to your computer. Upload Select an entry and click Upload to upload a backup audio file for it. This field is a sequential value, and it is not associated with a specific entry.
Page 509: Auto Attendant Settings: Office Hours
Chapter 31 Auto-attendant 31.3.2 Auto Attendant Settings: Office Hours Use this screen to edit auto-attendant office hour settings. To access this screen, click the Add or Edit icon in the Configuration > PBX > Outbound Line Management > Auto-Attendant > Customized screen and then click the Office Hour tab.
Page 510 Chapter 31 Auto-attendant Table 178 Office Hours Setting (continued) LABEL DESCRIPTION Forward to a Select this option to forward all calls that come into this auto-attendant to the specified specific extension extension, ACD, page group, hunt group, or user defined number. directly Play audio file Select this option to play the uploaded audio file before forwarding the call to the specified...
Page 511: The Add/Edit Auto-Attendant Option Screen
Chapter 31 Auto-attendant 31.3.3 The Add/Edit Auto-Attendant Option Screen Use this screen to configure an option for an auto-attendant menu. To access this screen, click the Add or Edit icon for an item in the office hour or night service Options list. Figure 332 Add/Edit Option Setting Each field is described in the following table.
Page 512: The Auto-Attendant Sub Menu Screen
Chapter 31 Auto-attendant 31.3.4 The Auto-Attendant Sub Menu Screen Use this screen to configure an option for an auto-attendant sub menu (child menu). To access this screen, in the auto-attendant Office Hour or Night Service screen, select an option entry that displays sub-menu as the Action and click Add Child.
Page 513: Auto Attendant Settings: Night Service
Chapter 31 Auto-attendant 31.3.5 Auto Attendant Settings: Night Service Use this screen to configure Night Service settings for this auto-attendant. You only need to configure this screen if you want the auto-attendant to perform different actions outside of regular office hours. In the Configuration >...
Page 514 Chapter 31 Auto-attendant Table 181 Night Service Setting (continued) LABEL DESCRIPTION Enable Dial Select this to allow incoming calls to dial extensions that are not associated with specific Extension key codes on the Options list below. Clear it to limit all input to the key codes listed on Number the Options table below.
Page 515: Greeting
Chapter 31 Auto-attendant 31.3.6 Greeting Use this screen to set up custom auto-attendant messages. The Temporary Greeting can be played before the normal auto-attendant greeting. This can be used to broadcast special messages, such as special operating hours for the office building (“We’re sorry but the Acme Mail Order Company is closed today to observe the holiday.”) The Schedule Greeting can be played during specific time range every day.
Page 516: Technical Reference
Chapter 31 Auto-attendant Each field is described in the following table. Table 182 Greeting Setting LABEL DESCRIPTION Temporary Greeting Settings Enable Temporary Select this to play the temporary greeting immediately before playing the auto- Greeting attendant’s normal greeting. Clear it to turn this feature off. Upload Audio File Click Browse to locate an audio file to be used as the temporary auto-attendant greeting message, and Upload to copy it to IP-PBX.
Page 517 Chapter 31 Auto-attendant Note: Make sure you have a microphone connected to your computer or that your system has an internal microphone (and that it is enabled). Open your sound recording software (Sound Recorder on Windows XP). From your desktop, click Start >...
Page 518 Chapter 31 Auto-attendant Specify the file format. In the Sound Selection window. Choose PCM in the Format field. Next, set the Attributes to 16,000 kHz, 16 Bit, Mono. Click OK when you are done. Figure 339 Audio File Settings Confirm your settings. Specify a location for the audio file by browsing to a suitable location on your file system.
Page 519: Lcr
HAPTER 32.1 Overview This chapter shows you how to configure dialing rules, also referred to as LCR (Least Cost Routing) on the ISG50. The following figure shows an example of two LCRs. LCR1 is composed of outbound line groups PSTN and ISDN along with the dial condition 01. (the period (.) is part of the dial condition). LCR2 is composed of outbound line group ITSP along with the dial condition 02..
Page 520: What You Can Do In This Chapter
Chapter 32 LCR only has LCR1 assigned to it, so extensions that are part of Research cannot use outbound line group ITSP. Figure 342 LCR Components Example PSTN LCR1 Sales Dial Condition = 01. ISDN Research LCR2 ITSP Dial Condition = 02.
Page 521: Lcr
Chapter 32 LCR • You have to define your outbound dialing plan. For example, dial a number starting with “0” is for local calls, “200” is for international calls, “3” is a call to branch office, etc. • You should define at least one outbound line group. See Section 30.2 on page 481.
Page 522 Chapter 32 LCR Note: Only the Add LCR screen is shown. In the Edit LCR screen, some of the fields are read-only. Before you configure any dial conditions for an LCR, you must first configure a name for the LCR. Figure 344 Configuration >...
Page 523: Add/Edit Lcr Dial Condition
Chapter 32 LCR Table 184 Configuration > PBX > Outbound Line Management > LCR > Add (continued) LABEL DESCRIPTION Outbound Line Use this section to add or remove outbound line groups from this outbound dialing rule Group (LCR). • Add an outbound line group to this LCR: Highlight an outbound line group in the Pool column by clicking on it and then click the Right button to move it to the Selected column.
Page 524 Chapter 32 LCR Note: Only the Add Dial Condition screen is shown. In the Edit Dial Condition screen, some of the fields are read-only. Figure 345 Configuration > PBX > Outbound Line Management > LCR > Add > Add Each field is described in the following table. Table 185 Configuration >...
Page 525 Chapter 32 LCR Table 185 Configuration > PBX > Outbound Line Management > LCR > Add > Add (continued) LABEL DESCRIPTION Prefix Specify a number which should be inserted at the beginning of the dialed number before it is sent out from the ISG50. Postfix Specify a number which should be appended to the end of the dialed number before it is sent out from the ISG50.
Page 526: Group Management
HAPTER Group Management 33.1 Overview This chapter shows you how to manage the ISG50’s authority groups and outbound line groups. Group management allows you to control the types of calls made via the ISG50. See the following figure for what you can configure in the group management. A - You can allow or disallow an extension group (defined in the authority group, AG) to call extensions in the same extension group or other extension groups.
Page 527: What You Can Do In This Chapter
Chapter 33 Group Management 33.1.1 What You Can Do in this Chapter Use the Group Management screens to view and manage the associations for the authority and outbound line groups configured on the ISG50. See Section 33.2 on page 530. 33.1.2 What You Need to Know The following terms and concepts may help you as you read through the chapter.
Page 528 Chapter 33 Group Management and LCR2 (this could be an LCR for long distance calls via your VoIP service provider ITSP). AG2 is associated with LCR1 only. In this case extensions belonging to AG1 can make calls via all outbound line groups, whereas extensions in AG2 are limited to calls to your local telephone company and your branch office.
Page 529 Chapter 33 Group Management Note: You must also configure auto-attendant settings before calls coming in from outside lines can call the extensions created on the ISG50. See Chapter 31 on page 503. The following example shows a configuration with three outbound line groups. ITSP represents a SIP trunk to your VoIP service provider.
Page 530: Before You Begin
Chapter 33 Group Management 33.1.3 Before You Begin Before you start to configure a group management, you need to do the following. • Configure authority group(s). See Section 29.2 on page 458. • Configure outbound line group(s) and the corresponding auto-attendant settings. See Section 30.2 on page 481.
Page 531: Edit Group Management Associations
Chapter 33 Group Management 33.2.1 Edit Group Management Associations Use this screen to configure links from an authority group or an outbound line group to authority groups, or LCRs configured on the ISG50. To access this screen, select the group you want to configure in the Configuration >...
Page 532: Call Services
HAPTER Call Services 34.1 Overview This chapter shows you how to configure and use call services on the ISG50. There are a variety of call services that can be configured. 34.1.1 What You Can Do in this Chapter • Use the Auto Callback screen to configure the ISG50 to automatically call an extension once it becomes available (ends an existing conversation).
Page 533: Before You Begin
Chapter 34 Call Services made from VoIP accounts to emergency dispatchers, but also provide information on the call’s originating number and, usually, location information. However, this system still has disadvantages over traditional emergency call service. For example, the physical location provided to the PSAP is usually the account-holder’s address as registered with the VoIP provider;...
Page 534: The Call Park Screen
Chapter 34 Call Services The following table describes the labels in this screen. Table 188 Configuration > PBX > Call Service > Auto Callback LABEL DESCRIPTION Enable Auto Select this to activate the auto callback feature. Callback Note: To enable auto callback, the personal auto-attendant for internal calls must also be enabled.
Page 535: Configuring The Call Park Screen
Chapter 34 Call Services Table 189 Call Parking Progression CALLER A ISG50 CALLER B 5. The ISG50 parks the call and informs caller B of the number to call to reconnect to the call. This is called the parking slot number. 6.
Page 536: The Call Waiting Screen
Chapter 34 Call Services 34.4 The Call Waiting Screen Call waiting allows you to put a present call on hold and answer a new call. When a second call comes in, the ISG50 sends a beep tone to you. You can decide to ignore it or to switch to the second call using one of the following methods.
Page 537: Configuring The Call Waiting Screen
Chapter 34 Call Services However, for extensions for which you do not enable the call waiting feature, the following happens. Table 192 No Call Waiting Example CALLER A CALLER C ISG50 RECEIVER B 1. Caller A makes a 2. The ISG50 routes the call to B at 3.
Page 538: The Emergency Call Screen
Chapter 34 Call Services The following table describes the labels in this screen. Table 193 Configuration > PBX > Call Service > Call Waiting Setting LABEL DESCRIPTION Extension Pool / Call waiting applies to the extensions you move to the Enabled Extension list. Enabled To add an extension, select it in the Extension Pool field and click the Right button (to Extension...
Page 539: The Music On Hold Screen
Chapter 34 Call Services The following table describes the labels in this screen. Table 194 Configuration > PBX > Call Service > Emergency Call LABEL DESCRIPTION Outbound Line Use this section to specify which outside line groups should be used for emergency calls. Summary Click this to create a new entry.
Page 540 Chapter 34 Call Services Click Configuration > PBX > Call Service > Music On Hold to open the screen as shown. Figure 360 Configuration > PBX > Call Service > Music On Hold: The following table describes the labels in this screen. Table 195 Configuration >...
Page 541: Add Or Edit Custom Music On Hold
Chapter 34 Call Services 34.6.1 Add or Edit Custom Music On Hold Use this screen to create or edit a music on hold profile and upload an audio file to it. In the Configuration > PBX > Call Service > Music On Hold screen, click Add or Edit to open the screen as shown.
Page 542: Configuring The Call Transfer Screen
Chapter 34 Call Services 34.7.1 Configuring the Call Transfer Screen Use this screen to configure call transfer on the ISG50. Click Configuration > PBX > Call Service > Call Transfer to open the screen as following. Figure 362 Configuration > PBX > Call Service > Call Transfer The following table describes the labels in this screen.
Page 543 Chapter 34 Call Services Each field is described in the following table. Table 198 Configuration > PBX > Call Service > Call Block LABEL DESCRIPTION Enable Anonymous Select this to block calls without caller ID from being routed by the ISG50. Clear it to block allow any incoming calls routed by the ISG50.
Page 544: Call Recording
HAPTER Call Recording 35.1 Overview Use the call recording feature to record all the calls going to or from specific extensions or trunks or let users record calls. This is useful if you need to monitor certain individuals’ calls. It is also useful for conference call recording, the administrator may configure the ISG50 to record a Meetme conference room and use the recording as the meeting minutes.
Page 545: Configuring The Call Recording Screen
Chapter 35 Call Recording • The maximum call recording time depends on the storage capacity of the connected USB storage device. • Once the ISG50 is recording the maximum number of channels defined by the call recording license, it does not record additional concurrent calls. See Chapter 11 on page 229.
Page 546 Chapter 35 Call Recording The following table describes the labels in this screen. Table 199 Configuration > PBX > Call Recording LABEL DESCRIPTION Quota Usage This bar displays what percentage of the ISG50’s call recording storage space is currently in use. When the storage space is almost full, you should consider deleting call recording files before adding more.
Page 547: Meet-Me Conference
HAPTER Meet-me Conference The ISG50 allows you to set up specific extension numbers which callers can dial to join a conference call. This type of extension is referred to as a conference room number. You can restrict the number of callers that can join the conference call. You can also specify a PIN (Personal Identification Number) for the conference room.
Page 548 Chapter 36 Meet-me Conference Note: The screen for editing an existing conference room has the same fields as the screen shown below. You can access the Conference Room Edit screen by clicking the Edit icon in the Conference Room List screen. Figure 366 Conference Room Add The following table describes the labels in this screen.
Page 549: Paging Group
HAPTER Paging Group 37.1 Overview This chapter shows you how to create and manage paging groups on the ISG50. Paging groups are sets of extensions through which a caller can make a one-way announcement by dialing a single number. It works much like a public address system. A caller wanting to make an announcement dials a pre-configured number representing a group of extensions.
Page 550: The Add/Edit Paging Group Screen
Chapter 37 Paging Group Each field is described in the following table. Table 202 Configuration > PBX > Paging Group LABEL DESCRIPTION Click this to create a new entry. Select an entry and click Add to create a new entry after the selected entry. Edit Double-click an entry or select it and click Edit to modify it.
Page 551 Chapter 37 Paging Group Each field is described in the following table. Table 203 Add Paging Group LABEL DESCRIPTION Paging Number Type the number you have to dial to call the extensions in this page group. This number can be from 3 to 10 digits long. PIN Code Type the password you have to dial to call the extensions in this page group.
Page 552 Chapter 37 Paging Group ISG50 User’s Guide...
Page 553: Acd
HAPTER 38.1 Overview This chapter shows you how to configure Automatic Call Distribution (ACD). ACD utilizes Skill-Based Routing (SBR), which allows you to distribute incoming calls to specific groups of phones based on assigned skills. When the ISG50 receives an incoming call, the auto-attendant presents the caller with a list of available skills and the key codes to access them.
Page 554: What You Need To Know
Chapter 38 ACD • Use the Skill Menu screen to create menus that a caller can use while in the queue waiting for an agent to respond. See Section 38.6 on page 564. 38.1.2 What You Need to Know The following terms and concepts may help you as you read through the chapter. Agent An agent is a member of an Automated Call Distribution system who receives incoming calls.
Page 555 Chapter 38 ACD Create at least 2 agent identities in the ACD system (Section 38.3 on page 556) to ultimately receive incoming calls after they have been routed by the ISG50. You can click Configuration > PBX > ACD > Agent to open this screen. Define at least 1 skill in the ACD system (Section 38.4 on page 558).
Page 556: The Acd Global Screen
Chapter 38 ACD 38.2 The ACD Global Screen Use this screen to set the global “wrap up” time for each extension in the ACD system. This is how long the ISG50 waits before sending new calls to the agent. Click Configuration > PBX > ACD > ACD Global to open this screen. Figure 371 ACD >...
Page 557: The Agent Settings Screen
Chapter 38 ACD Each field is described in the following table. Table 205 ACD > Agent List LABEL DESCRIPTION Click this to create a new entry. Edit Double-click an entry or select it and click Edit to open a screen where you can modify it.
Page 558: The Skill Screen
Chapter 38 ACD Table 206 Agent List > Agent Setting (continued) LABEL DESCRIPTION Agent Name Enter the name of the agent associated with this ID. It can be any combination of 1~32 alphanumeric characters (a-z, A-Z, 0-9). No asterisks (*) or exclamation points (!) allowed.
Page 559: The Add/Edit Skill Screen
Chapter 38 ACD 38.4.1 The Add/Edit Skill Screen Use this screen to create or edit a skill. A skill allows you to create rules for routing calls to a specific group of agents. You can also manage how calls to those agents are handled in the event that one or more of them is not logged on, or engaged in a conversation, and so on.
Page 560 Chapter 38 ACD Each field is described in the following table. Table 208 Add Skill LABEL DESCRIPTION Skill Setting Number Enter the number to be dialed that uses this skill. It can be any combination of 3~10 digits (0-9). No spaces, underscores, or hyphens are allowed. When this screen is in Edit mode, this number cannot be changed.
Page 561 Chapter 38 ACD Table 208 Add Skill (continued) LABEL DESCRIPTION Waiting Timeout Enter the duration in seconds (up to 99999) that the call to the agents associated with the skill rings before timing out. Once a call times out, the action defined in Timeout Action applies. This timeout only applies to calls in the queue that have not yet been routed to a particular agent.
Page 562: The Hunt Group Screen
Chapter 38 ACD Table 208 Add Skill (continued) LABEL DESCRIPTION Member This list indicates all members who are assigned to this skill. When adding or editing an entry select the member from the drop-down list. Priority The priority indicates to which agent incoming calls are routed first. When adding or editing an entry type the priority (1 highest to 5 lowest).
Page 563: The Add/Edit Hunt Group Screen
Chapter 38 ACD 38.5.1 The Add/Edit Hunt Group Screen The screens for editing or adding Hunt groups on the ISG50 contain the same fields. Click the Add (or Edit) icon in the Hunt Group configuration screen to view the screen as shown. Figure 377 Add Hunt Group Each field is described in the following table.
Page 564: The Skill Menu Screen
Chapter 38 ACD Table 210 Add Hunt Group (continued) LABEL DESCRIPTION Timeout Action If a call to an extension of the hunt group times out, then this item defines how the ISG50 responds when calls are sent to that member. Possible actions are: •...
Page 565: The Skill Menu Settings Screen
Chapter 38 ACD For example, if a caller enters the queue for the “English” skill but an English-speaking sales representative hasn’t yet picked up, he will periodically hear “Press 0 to exit. Press 3 for a Spanish- speaking representative. Press 4 for a French-speaking representative. Press 5 for a Russian- speaking representative.”...
Page 566: Add/Edit Skill Menu Action Screen
Chapter 38 ACD Click either the Add or Edit icon in the Skill Menu screen to display the options as shown next. Figure 379 Add Skill Menu Each field is described in the following table. Table 212 Add Skill Menu LABEL DESCRIPTION Skill Menu...
Page 567 Chapter 38 ACD Click either the Add or Edit icons in the Skill Menu Add or Edit screen to display the options as shown next. Figure 380 Add Skill Menu Action Each field is described in the following table. Table 213 Add Skill Menu Action LABEL DESCRIPTION Code...
Page 568: Sound Files
HAPTER Sound Files You can upload sound files for different language menus. You can also 39.1 Overview This chapter shows you how to change the language menus and some system sounds. You can also select the extension to record for creating audio files. 39.1.1 What You Can Do in this Chapter •...
Page 569: The Add/Edit Sound File Screen
Chapter 39 Sound Files Click Configuration > PBX > Sound File to open this screen. Figure 381 Configuration > PBX > Sound File > System Sound Each field is described in the following table. Table 214 Configuration > PBX > Sound File > System Sound LABEL DESCRIPTION Default Language...
Page 570: The Specific Sound File Screen
Chapter 39 Sound Files Click either the Add or Edit icon in the System Sound screen to display the options as shown next. Figure 382 Add System Sound File Each field is described in the following table. Table 215 Add System Sound File LABEL DESCRIPTION Language...
Page 571: The Add/Edit Sound File Screen
Chapter 39 Sound Files Each field is described in the following table. Table 216 Configuration > PBX > Sound File > Specific Sound File LABEL DESCRIPTION Edit Double-click an entry or select it and click Edit to open a screen where you can modify it.
Page 572 Chapter 39 Sound Files Click Configuration > PBX > Sound File > Record Peer to open this screen. Figure 385 Configuration > PBX > Sound File > Record Peer Each field is described in the following table. Table 218 Configuration > PBX > Sound File > Record Peer LABEL DESCRIPTION Default Record...
Page 573: Auto Provision
HAPTER Auto Provision 40.1 Overview This chapter shows you how to set up auto provisioning for the ISG50’s supported SIP clients. Auto provisioning allows administrators to configure VoIP related settings on snom or snom- compatible SIP clients from a central location. You can set up and maintain a configuration file associated with a SIP extension on the ISG50.
Page 574: Before You Begin
Chapter 40 Auto Provision How to Configure Auto Provisioning Take the following steps to configure auto provisioning for the VoIP devices on your network. See also Section 8.2 on page 141 for an auto provisioning tutorial. Configure SIP extensions that the snom VoIP devices will use. See Chapter 29 on page 453.
Page 575: Auto Provision Setup
Chapter 40 Auto Provision 40.2 Auto Provision Setup Use this screen to screens to configure auto provisioning for the snom VoIP devices connected to the ISG50. This screen displays the mapping between SIP extensions and snom VoIP device’s MAC addresses. To access this screen, click Configuration > PBX > Auto Provision. Figure 386 Configuration >...
Page 576: Snom Batch Configuration Xml File
Chapter 40 Auto Provision Table 219 Configuration > PBX > Auto Provision (continued) LABEL DESCRIPTION Remove Select a snom VoIP device extension and click the Remove Config icon to Customized remove any custom configuration for it. Config View Config File Select a snom VoIP device extension and click the View Config File icon to view the configuration file for it or save a copy of the configuration file.
Page 577: Auto Provision Edit
Chapter 40 Auto Provision 40.2.2 Auto Provision Edit Use this screen to set up the auto provisioning settings for a snom extension on the ISG50. To access this screen, click Configuration > PBX > Auto Provision and then click the Edit button for a snom device’s extension.
Page 578: Auto Provision Advanced Screen
Chapter 40 Auto Provision 40.3 Auto Provision Advanced Screen Use this screen to configure the feature key settings and firmware upgrade URLs for the snom VoIP devices connected to the ISG50. To access this screen, click Configuration > PBX > Auto Provision >...
Page 579 Chapter 40 Auto Provision Table 221 Configuration > PBX > Auto Provision > Auto Provision Advanced (continued) LABEL DESCRIPTION Firmware This list corresponds to the snom products supported by the ISG50. Upgrade File Enter the firmware upgrade URL for the type of device. You can find this URL and Location Settings any other upgrade information at the product page on the official snom website.
Page 580 Chapter 40 Auto Provision ISG50 User’s Guide...
Page 581: Voice Mail
HAPTER Voice Mail 41.1 Overview This chapter shows you how to set up voice mail for the ISG50’s calls. Voice mail messages on the ISG50 are stored on the built-in flash memory of the ISG50. To ensure that one user does not utilize a disproportionate amount of voice mail capacity, you can limit the per user voice mail resources on a system wide basis.
Page 582: The Voice Mail Screen
Chapter 41 Voice Mail 41.2 The Voice Mail Screen Use this screen to set up the voice mail settings on the ISG50. To access this screen, click Configuration > PBX > Voice Mail. Figure 389 Configuration > PBX > Voice Mail Each field is described in the following table.
Page 583: Accessing Voice Mail
Chapter 41 Voice Mail Table 222 Configuration > PBX > Voice Mail (continued) LABEL DESCRIPTION E-mail Body Enter up to 350 alphanumeric characters (a-z, A-Z, 1-0, all punctuation included) as the body text for e-mails sent out by the ISG50 to notify users of pending voice mails. You can also use the following ISG50-specific variables to include custom information about the voice mail: •...
Page 584 Chapter 41 Voice Mail Personal Voice Mail Main Flow The following figure describes the main flow in the personal voice mail system. Figure 390 Personal Voice Mail Flow Voice Mail Feature Code Enter Password Extension Failure Authentication Exit Success You have XX new/old messages. Exit Voice Mail Main Assistance...
Page 585 Chapter 41 Voice Mail Voice Message Menu The following figure describes the Voice Message Menu. From Voice Mail Main, press number 1 on your phone keypad to enter this menu. The ISG50 will play you a new message. Then you can choose either one of the following options for the next action.
Page 586 Chapter 41 Voice Mail Mail Box Options Menu The following figure describes the Mail Box Options Menu. From Voice Mail Main, press number 0 on your phone keypad to enter this menu. This menu allows you to record your messages which are played for the initial greeting or when you (your extension) is unavailable, busy.
Page 587: Phonebook
HAPTER Phonebook 42.1 Overview This chapter shows you how to set up a phonebook for the ISG50. There are two ways to set up a phone book on the ISG50. • You can create an LDAP (Lightweight Directory Access Protocol) phonebook, which imports entries from an LDAP directory on your network.
Page 588: Before You Begin
Chapter 42 Phonebook 42.1.3 Before You Begin If you intend to configure the ISG50 to use an LDAP phonebook, you need the following information about the LDAP server on your network to issue an LDAP query from the ISG50: • LDAP Server IP address - this is the IP address of the LDAP server you want to query. •...
Page 589: The Ldap Phonebook Summary Screen
Chapter 42 Phonebook 42.3 The LDAP Phonebook Summary Screen Use this screen to view the phonebook entries retrieved from the LDAP database. To access this screen, click Configuration > PBX > Phonebook > LDAP Phonebook. Figure 395 Configuration > PBX > Phonebook > LDAP Phonebook > Summary Each field is described in the following table.
Page 590 Chapter 42 Phonebook the LDAP phonebook search filter. To access this screen, click Configuration > PBX > Phonebook > LDAP Phonebook > Settings. Figure 396 Configuration > PBX > Phonebook > LDAP Phonebook > Settings Each field is described in the following table. Table 225 Configuration >...
Page 591: The Local Phonebook Screen
Chapter 42 Phonebook Table 225 Configuration > PBX > Phonebook > LDAP Phonebook > Settings (continued) LABEL DESCRIPTION Password Specify the password for the LDAP server. Name Specify the field name in the LDAP database that you want to map the Name field of the LDAP phonebook to.
Page 592: Local Phonebook Add/Edit Screen
Chapter 42 Phonebook Each field is described in the following table. Table 226 Configuration > PBX > Phonebook > Local Phonebook LABEL DESCRIPTION Phonebook File Use this section to upload a CSV format file containing your phonebook entries to the Settings ISG50 or download the local phonebook from the ISG50 to your local computer or another location on your network.
Page 593 Chapter 42 Phonebook entries on the ISG50. Click the Add (or Edit) icon in the Local Phonebook screen to view the screen as shown. Figure 398 Local Phonebook Add/Edit Screen Each field is described in the following table. Table 227 Local Phonebook Add/Edit Screen LABEL DESCRIPTION Name...
Page 594 Chapter 42 Phonebook ISG50 User’s Guide...
Page 595: Office Hours
HAPTER Office Hours 43.1 Overview This chapter shows you how to set the office hours for the ISG50. You can use office hours to have the ISG50 deal with incoming calls differently at different times of day and night. 43.1.1 What You Can Do in this Chapter Use the Office Hour screen to configure the days of the week and times you are in the office.
Page 596 Chapter 43 Office Hours Note: The office hour configuration here is used as the default for all new extensions. To customize office hours on a per-extension or per-authority group basis, you must go to those specific screens. For more, see Chapter 29 on page 453.
Page 597 Chapter 43 Office Hours Table 228 Configuration > PBX > Office Hour (continued) LABEL DESCRIPTION Edit Double-click an entry or select it and click Edit to modify it. Remove To remove an entry, select it and click Remove. The ISG50 confirms you want to remove it before doing so.
Page 598 Chapter 43 Office Hours ISG50 User’s Guide...
Page 599: User/Group
HAPTER User/Group 44.1 Overview This chapter describes how to set up user accounts, user groups, and user settings for the ISG50. You can also set up rules that control when users have to log in to the ISG50 before the ISG50 routes traffic for them.
Page 600 Chapter 44 User/Group Note: The default admin account is always authenticated locally, regardless of the authentication method setting. (See Chapter 48 on page 631 for more information about authentication methods.) Ext-User Accounts Set up an ext-user account if the user is authenticated by an external server and you want to set up specific policies for this user in the ISG50.
Page 601: User Summary Screen
Chapter 44 User/Group User Awareness By default, users do not have to log into the ISG50 to use the network services it provides. The ISG50 automatically routes packets for everyone. If you want to restrict network services that certain users can use via the ISG50, you can require them to log in to the ISG50 first. The ISG50 is then ‘aware’...
Page 602: User Add/Edit Screen
Chapter 44 User/Group 44.2.1 User Add/Edit Screen The User Add/Edit screen allows you to create a new user account or edit an existing one. 44.2.1.1 Rules for User Names Enter a user name from 1 to 31 characters. The user name can only contain the following characters: •...
Page 603 Chapter 44 User/Group The following table describes the labels in this screen. Table 231 Configuration > User/Group > User > Add LABEL DESCRIPTION User Name Type the user name for this user account. You may use 1-31 alphanumeric characters, underscores( ), or dashes (-), but the first character cannot be a number.
Page 604: User Group Summary Screen
Chapter 44 User/Group Table 231 Configuration > User/Group > User > Add (continued) LABEL DESCRIPTION Click OK to save your changes back to the ISG50. Cancel Click Cancel to exit this screen without saving your changes. 44.3 User Group Summary Screen User groups consist of access users and other user groups.
Page 605: Group Add/Edit Screen
Chapter 44 User/Group 44.3.1 Group Add/Edit Screen The Group Add/Edit screen allows you to create a new user group or edit an existing one. To access this screen, go to the Group screen (see Section 44.3 on page 604), and click either the Add icon or an Edit icon.
Page 606 Chapter 44 User/Group To access this screen, login to the Web Configurator, and click Configuration > Object > User/ Group > Setting. Figure 404 Configuration > Object > User/Group > Setting The following table describes the labels in this screen. Table 234 Configuration >...
Page 607 Chapter 44 User/Group Table 234 Configuration > Object > User/Group > Setting (continued) LABEL DESCRIPTION User Type These are the kinds of user account the ISG50 supports. • admin - this user can look at and change the configuration of the ISG50 •...
Page 608: Default User Authentication Timeout Settings Edit Screens
Chapter 44 User/Group Table 234 Configuration > Object > User/Group > Setting (continued) LABEL DESCRIPTION Maximum number per This field is effective when Limit ... for access account is checked. access account Type the maximum number of simultaneous logins by each access user.
Page 609: User Aware Login Example
Chapter 44 User/Group The following table describes the labels in this screen. Table 235 Configuration > Object > User/Group > Setting > Edit LABEL DESCRIPTION User Type This read-only field identifies the type of user account for which you are configuring the default settings.
Page 610: User /Group Technical Reference
Chapter 44 User/Group The following table describes the labels in this screen. Table 236 Web Configurator for Non-Admin Users LABEL DESCRIPTION User-defined Access users can specify a lease time shorter than or equal to the one that you lease time (max specified.
Page 611 Chapter 44 User/Group Figure 408 RADIUS Example: Keywords for User Attributes type=user;leaseTime=222;reauthTime=222 Creating a Large Number of Ext-User Accounts If you plan to create a large number of Ext-User accounts, you might use CLI commands, instead of the Web Configurator, to create the accounts. Extract the user names from the LDAP or RADIUS server, and create a shell script that creates the user accounts.
Page 612 Chapter 44 User/Group ISG50 User’s Guide...
Page 613: Addresses
HAPTER Addresses 45.1 Overview Address objects can represent a single IP address or a range of IP addresses. Address groups are composed of address objects and other address groups. 45.1.1 What You Can Do in this Chapter • The Address screen (Section 45.2 on page 613) provides a summary of all addresses in the ISG50.
Page 614: Address Add/Edit Screen
Chapter 45 Addresses The Address screen provides a summary of all addresses in the ISG50. To access this screen, click Configuration > Object > Address > Address. Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order. Figure 409 Configuration >...
Page 615: Address Group Summary Screen
Chapter 45 Addresses The following table describes the labels in this screen. Table 239 Configuration > Object > Address > Address > Edit LABEL DESCRIPTION Name Type the name used to refer to the address. You may use 1-31 alphanumeric characters, underscores( ), or dashes (-), but the first character cannot be a number.
Page 616: Address Group Add/Edit Screen
Chapter 45 Addresses The following table describes the labels in this screen. See Section 45.3.1 on page 616 for more information as well. Table 240 Configuration > Object > Address > Address Group LABEL DESCRIPTION Click this to create a new entry. Edit Double-click an entry or select it and click Edit to be able to modify the entry’s settings.
Page 617 Chapter 45 Addresses Table 241 Configuration > Object > Address > Address Group > Add (continued) LABEL DESCRIPTION Member List The Member list displays the names of the address and address group objects that have been added to the address group. The order of members is not important.
Page 618 Chapter 45 Addresses ISG50 User’s Guide...
Page 619: Services
HAPTER Services 46.1 Overview Use service objects to define TCP applications, UDP applications, and ICMP messages. You can also create service groups to refer to multiple service objects in other features. 46.1.1 What You Can Do in this Chapter • Use the Service screens (Section 46.2 on page 620) to view and configure the ISG50’s list of services and their definitions.
Page 620: The Service Summary Screen
Chapter 46 Services Service Objects and Service Groups Use service objects to define IP protocols. • TCP applications • UDP applications • ICMP messages • user-defined services (for other types of IP protocols) These objects are used in policy routes and firewall rules. Use service groups when you want to create the same rule for several services, instead of creating separate rules for each service.
Page 621 Chapter 46 Services To access this screen, log in to the Web Configurator, and click Configuration > Object > Service > Service. Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order. Figure 413 Configuration >...
Page 622: The Service Add/Edit Screen
Chapter 46 Services 46.2.1 The Service Add/Edit Screen The Service Add/Edit screen allows you to create a new service or edit an existing one. To access this screen, go to the Service screen (see Section 46.2 on page 620), and click either the Add icon or an Edit icon.
Page 623 Chapter 46 Services To access this screen, log in to the Web Configurator, and click Configuration > Object > Service > Service Group. Figure 415 Configuration > Object > Service > Service Group The following table describes the labels in this screen. See Section 46.3.1 on page 624 for more information as well.
Page 624: The Service Group Add/Edit Screen
Chapter 46 Services 46.3.1 The Service Group Add/Edit Screen The Service Group Add/Edit screen allows you to create a new service group or edit an existing one. To access this screen, go to the Service Group screen (see Section 46.3 on page 622), and click either the Add icon or an Edit icon.
Page 625: Schedules
HAPTER Schedules 47.1 Overview Use schedules to set up one-time and recurring schedules for policy routes and firewall rules. The ISG50 supports one-time and recurring schedules. One-time schedules are effective only once, while recurring schedules usually repeat. Both types of schedules are based on the current date and time in the ISG50.
Page 626: The Schedule Summary Screen
Chapter 47 Schedules 47.2 The Schedule Summary Screen The Schedule summary screen provides a summary of all schedules in the ISG50. To access this screen, click Configuration > Object > Schedule. Figure 417 Configuration > Object > Schedule The following table describes the labels in this screen. See Section 47.2.1 on page 627 Section 47.2.2 on page 628...
Page 627: The One-Time Schedule Add/Edit Screen
Chapter 47 Schedules Table 246 Configuration > Object > Schedule (continued) LABEL DESCRIPTION Start Time This field displays the time at which the schedule begins. Stop Time This field displays the time at which the schedule ends. 47.2.1 The One-Time Schedule Add/Edit Screen The One-Time Schedule Add/Edit screen allows you to define a one-time schedule or edit an existing one.
Page 628: The Recurring Schedule Add/Edit Screen
Chapter 47 Schedules Table 247 Configuration > Object > Schedule > Add (One Time) (continued) LABEL DESCRIPTION StopDate Specify the year, month, and day when the schedule ends. Year - 1900 - 2999 Month - 1 - 12 Day - 1 - 31 (it is not possible to specify illegal dates, such as February 31.) Hour - 0 - 23 Minute - 0 - 59 StopTime...
Page 629 Chapter 47 Schedules Table 248 Configuration > Object > Schedule > Add (Recurring) (continued) LABEL DESCRIPTION StartTime Specify the hour and minute when the schedule begins each day. Hour - 0 - 23 Minute - 0 - 59 StopTime Specify the hour and minute when the schedule ends each day. Hour - 0 - 23 Minute - 0 - 59 Weekly...
Page 630 Chapter 47 Schedules ISG50 User’s Guide...
Page 631: Aaa Server
HAPTER AAA Server 48.1 Overview You can use a AAA (Authentication, Authorization, Accounting) server to provide access control to your network. The AAA server can be a Active Directory, LDAP, or RADIUS server. Use the AAA Server screens to create and manage objects that contain settings for using AAA servers. You use AAA server objects in configuring ext-group-user user objects and authentication method objects (see Chapter 49 on page...
Page 632: Asas
Chapter 48 AAA Server user database that is limited to the memory capacity of the device. In essence, RADIUS authentication allows you to validate a large number of users from a central location. Figure 421 RADIUS Server Network Example 48.1.3 ASAS ASAS (Authenex Strong Authentication System) is a RADIUS server that works with the One-Time Password (OTP) feature.
Page 633 Chapter 48 AAA Server • Directory Service (LDAP/AD) LDAP (Lightweight Directory Access Protocol)/AD (Active Directory) is a directory service that is both a directory and a protocol for controlling access to a network. The directory consists of a database specialized for fast information retrieval and filtering activities. You create and store user profile and login information on the external server.
Page 634: Active Directory Or Ldap Server Summary
Chapter 48 AAA Server Bind DN A bind DN is used to authenticate with an LDAP/AD server. For example a bind DN of cn=ISG50Admin allows the ISG50 to log into the LDAP/AD server using the user name of ISG50Admin. The bind DN is used in conjunction with a bind password. When a bind DN is not specified, the ISG50 will try to log in as an anonymous user.
Page 635: Adding An Active Directory Or Ldap Server
Chapter 48 AAA Server 48.2.1 Adding an Active Directory or LDAP Server Click Object > AAA Server > Active Directory (or LDAP) to display the Active Directory (or LDAP) screen. Click the Add icon or an Edit icon to display the following screen. Use this screen to create a new AD or LDAP entry or edit an existing one.
Page 636: Radius Server Summary
Chapter 48 AAA Server Table 250 Configuration > Object > AAA Server > Active Directory (or LDAP) > Add (continued) LABEL DESCRIPTION Search time limit Specify the timeout period (between 1 and 300 seconds) before the ISG50 disconnects from the AD or LDAP server. In this case, user authentication fails. Search timeout occurs when either the user information is not in the AD or LDAP server(s) or the AD or LDAP server(s) is down.
Page 637: Adding A Radius Server
Chapter 48 AAA Server The following table describes the labels in this screen. Table 251 Configuration > Object > AAA Server > RADIUS LABEL DESCRIPTION Click this to create a new entry. Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
Page 638 Chapter 48 AAA Server The following table describes the labels in this screen. Table 252 Configuration > Object > AAA Server > RADIUS > Add LABEL DESCRIPTION Name Enter a descriptive name (up to 63 alphanumerical characters) for identification purposes. Description Enter the description of each server, if any.
Page 639: Authentication Method
HAPTER Authentication Method 49.1 Overview Authentication method objects set how the ISG50 authenticates wireless, HTTP/HTTPS clients, and peer IPSec routers (extended authentication) clients. Configure authentication method objects to have the ISG50 use the local user database, and/or the authentication servers and authentication server groups specified by AAA server objects.
Page 640: Authentication Method Objects
Chapter 49 Authentication Method Click OK to save the settings. Figure 427 Example: Using Authentication Method in VPN 49.2 Authentication Method Objects Click Configuration > Object > Auth. Method to display the screen as shown. Note: You can create up to 16 authentication method objects. Figure 428 Configuration >...
Page 641: Creating An Authentication Method Object
Chapter 49 Authentication Method 49.2.1 Creating an Authentication Method Object Follow the steps below to create an authentication method object. Click Configuration > Object > Auth. Method. Click Add. Specify a descriptive name for identification purposes in the Name field. You may use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first character cannot be a number.
Page 642 Chapter 49 Authentication Method Table 254 Configuration > Object > Auth. Method > Add (continued) LABEL DESCRIPTION Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings. Remove To remove an entry, select it and click Remove. The ISG50 confirms you want to remove it before doing so.
Page 643: Certificates
HAPTER Certificates 50.1 Overview The ISG50 can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 50.1.1 What You Can Do in this Chapter •...
Page 644 Chapter 50 Certificates Additionally, Jenny uses her own private key to sign a message and Tim uses Jenny’s public key to verify the message. The ISG50 uses certificates based on public-key cryptology to authenticate users attempting to establish a connection, not to encrypt the data that you send after establishing a connection. The method used to secure the data that you send through an established connection depends on the type of connection.
Page 645: Verifying A Certificate
Chapter 50 Certificates • Binary PKCS#12: This is a format for transferring public key and private key certificates.The private key in a PKCS #12 file is within a password-encrypted envelope. The file’s password is not connected to your certificate’s public or private passwords. Exporting a PKCS #12 file creates this and you must provide it to decrypt the contents when you import the file into the ISG50.
Page 646: The My Certificates Screen
Chapter 50 Certificates Double-click the certificate’s icon to open the Certificate window. Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields. Figure 431 Certificate Details Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields.
Page 647 Chapter 50 Certificates The following table describes the labels in this screen. Table 255 Configuration > Object > Certificate > My Certificates LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ISG50’s PKI storage space that is Space in Use currently in use.
Page 648: The My Certificates Add Screen
Chapter 50 Certificates 50.2.1 The My Certificates Add Screen Click Configuration > Object > Certificate > My Certificates and then the Add icon to open the My Certificates Add screen. Use this screen to have the ISG50 create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request.
Page 649 Chapter 50 Certificates The following table describes the labels in this screen. Table 256 Configuration > Object > Certificate > My Certificates > Add LABEL DESCRIPTION Name Type a name to identify this certificate. You can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters.
Page 650 Chapter 50 Certificates Table 256 Configuration > Object > Certificate > My Certificates > Add (continued) LABEL DESCRIPTION Create a certification Select this to have the ISG50 generate a request for a certificate and apply request and enroll for to a certification authority for a certificate. a certificate You must have the certification authority’s certificate already imported in the immediately online...
Page 651: The My Certificates Edit Screen
Chapter 50 Certificates 50.2.2 The My Certificates Edit Screen Click Configuration > Object > Certificate > My Certificates and then the Edit icon to open the My Certificate Edit screen. You can use this screen to view in-depth certificate information and change the certificate’s name.
Page 652 Chapter 50 Certificates The following table describes the labels in this screen. Table 257 Configuration > Object > Certificate > My Certificates > Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate. You can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters.
Page 653: The My Certificates Import Screen
Chapter 50 Certificates Table 257 Configuration > Object > Certificate > My Certificates > Edit LABEL DESCRIPTION Key Usage This field displays for what functions the certificate’s key can be used. For example, “DigitalSignature” means that the key can be used to sign certificates and “KeyEncipherment”...
Page 654: The Trusted Certificates Screen
Chapter 50 Certificates The certificate you import replaces the corresponding request in the My Certificates screen. You must remove any spaces from the certificate’s filename before you can import it. Figure 435 Configuration > Object > Certificate > My Certificates > Import The following table describes the labels in this screen.
Page 655 Chapter 50 Certificates as being trustworthy; thus you do not need to import any certificate that is signed by one of these certificates. Figure 436 Configuration > Object > Certificate > Trusted Certificates The following table describes the labels in this screen. Table 259 Configuration >...
Page 656: The Trusted Certificates Edit Screen
Chapter 50 Certificates 50.3.1 The Trusted Certificates Edit Screen Click Configuration > Object > Certificate > Trusted Certificates and then a certificate’s Edit icon to open the Trusted Certificates Edit screen. Use this screen to view in-depth information about the certificate, change the certificate’s name and set whether or not you want the ISG50 to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.
Page 657 Chapter 50 Certificates The following table describes the labels in this screen. Table 260 Configuration > Object > Certificate > Trusted Certificates > Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate. You can change the name.
Page 658 Chapter 50 Certificates Table 260 Configuration > Object > Certificate > Trusted Certificates > Edit (continued) LABEL DESCRIPTION Issuer This field displays identifying information about the certificate’s issuing certification authority, such as Common Name, Organizational Unit, Organization and Country. With self-signed certificates, this is the same information as in the Subject Name field.
Page 659: The Trusted Certificates Import Screen
Chapter 50 Certificates 50.3.2 The Trusted Certificates Import Screen Click Configuration > Object > Certificate > Trusted Certificates > Import to open the Trusted Certificates Import screen. Follow the instructions in this screen to save a trusted certificate to the ISG50. Note: You must remove any spaces from the certificate’s filename before you can import the certificate.
Page 660 Chapter 50 Certificates ISG50 User’s Guide...
Page 661: Isp Accounts
HAPTER ISP Accounts 51.1 Overview Use ISP accounts to manage Internet Service Provider (ISP) account information for PPPoE/PPTP interfaces. An ISP account is a profile of settings for Internet access using PPPoE or PPTP. Finding Out More • See Section 12.4 on page 246 for information about PPPoE/PPTP interfaces.
Page 662: Isp Account Add/Edit
Chapter 51 ISP Accounts The following table describes the labels in this screen. See the ISP Account Add/Edit section below for more information as well. Table 262 Configuration > Object > ISP Account LABEL DESCRIPTION Click this to create a new entry. Edit Double-click an entry or select it and click Edit to be able to modify the entry’s settings.
Page 663 Chapter 51 ISP Accounts The following table describes the labels in this screen. Table 263 Configuration > Object > ISP Account > Edit LABEL DESCRIPTION Profile Name This field is read-only if you are editing an existing account. Type in the profile name of the ISP account.
Page 664 Chapter 51 ISP Accounts Table 263 Configuration > Object > ISP Account > Edit (continued) LABEL DESCRIPTION Click OK to save your changes back to the ISG50. If there are no errors, the program returns to the ISP Account screen. If there are errors, a message box explains the error, and the program stays in the ISP Account Edit screen.
Page 665: System
HAPTER System 52.1 Overview Use the system screens to configure general ISG50 settings. 52.1.1 What You Can Do in this Chapter • Use the System > Host Name screen (see Section 52.2 on page 666) to configure a unique name for the ISG50 in your network. •...
Page 666: Host Name
Chapter 52 System 52.2 Host Name A host name is the unique name by which a device is known on a network. Click Configuration > System > Host Name to open the Host Name screen. Figure 441 Configuration > System > Host Name The following table describes the labels in this screen.
Page 667: Date And Time
Chapter 52 System Click Configuration > System > USB Storage to open the screen as shown next. Figure 442 Configuration > System > USB Storage The following table describes the labels in this screen. Table 265 Configuration > System > USB Storage LABEL DESCRIPTION Activate USB...
Page 668 Chapter 52 System To change your ISG50’s time based on your local time zone and date, click Configuration > System > Date/Time. The screen displays as shown. You can manually set the ISG50’s time and date or have the ISG50 get the date and time from a time server. Figure 443 Configuration >...
Page 669 Chapter 52 System Table 266 Configuration > System > Date and Time (continued) LABEL DESCRIPTION Get from Time Select this radio button to have the ISG50 get the time and date from the time Server server you specify below. The ISG50 requests time and date settings from the time server under the following circumstances.
Page 670: Pre-Defined Ntp Time Servers List
Chapter 52 System 52.4.1 Pre-defined NTP Time Servers List When you turn on the ISG50 for the first time, the date and time start at 2003-01-01 00:00:00. The ISG50 then attempts to synchronize with one of the following pre-defined list of Network Time Protocol (NTP) time servers.
Page 671: Console Port Speed
Chapter 52 System Click Apply. To get the ISG50 date and time from a time server Click System > Date/Time. Select Get from Time Server under Time and Date Setup. Under Time Zone Setup, select your Time Zone from the list. As an option you can select the Enable Daylight Saving check box to adjust the ISG50 clock for daylight savings.
Page 672: Dns Overview
Chapter 52 System 52.6 DNS Overview DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. 52.6.1 DNS Server Address Assignment The ISG50 can get the DNS server addresses in the following ways.
Page 673 Chapter 52 System The following table describes the labels in this screen. Table 269 Configuration > System > DNS LABEL DESCRIPTION Address/PTR This record specifies the mapping of a Fully-Qualified Domain Name (FQDN) to Record an IP address. An FQDN consists of a host and domain name. For example, www.zyxel.com.tw is a fully qualified domain name, where “www”...
Page 674: Address Record
Chapter 52 System Table 269 Configuration > System > DNS (continued) LABEL DESCRIPTION Click this to create a new entry. Edit Double-click an entry or select it and click Edit to be able to modify the entry’s settings. Remove To remove an entry, select it and click Remove. The ISG50 confirms you want to remove it before doing so.
Page 675: Ptr Record
Chapter 52 System 52.6.4 PTR Record A PTR (pointer) record is also called a reverse record or a reverse lookup record. It is a mapping of an IP address to a domain name. 52.6.5 Adding an Address/PTR Record Click the Add icon in the Address/PTR Record table to add an address/PTR record. Figure 447 Configuration >...
Page 676: Adding A Domain Zone Forwarder
Chapter 52 System 52.6.7 Adding a Domain Zone Forwarder Click the Add icon in the Domain Zone Forwarder table to add a domain zone forwarder record. Figure 448 Configuration > System > DNS > Domain Zone Forwarder Add The following table describes the labels in this screen. Table 271 Configuration >...
Page 677: Adding A Mx Record
Chapter 52 System be delivered to your mail server and vice versa. Each host or domain can have only one MX record, that is, one domain is mapping to one host. 52.6.9 Adding a MX Record Click the Add icon in the MX Record table to add a MX record. Figure 449 Configuration >...
Page 678: Www Overview
Chapter 52 System Table 273 Configuration > System > DNS > Service Control Rule Add (continued) LABEL DESCRIPTION Zone Select ALL to allow or prevent DNS queries through any zones. Select a predefined zone on which a DNS query to the ISG50 is allowed or denied. Action Select Accept to have the ISG50 allow the DNS queries from the specified computer.
Page 679: Https
Chapter 52 System Each user is also forced to log in the ISG50 for authentication again when the reauthentication time expires. You can change the timeout settings in the User/Group screens. 52.7.3 HTTPS You can set the ISG50 to use HTTP or HTTPS (HTTPS adds security) for Web Configurator sessions. Specify which zones allow Web Configurator access and from which IP address the access can come.
Page 680: Configuring Www Service Control
Chapter 52 System 52.7.4 Configuring WWW Service Control Click Configuration > System > WWW to open the WWW screen. Use this screen to specify from which zones you can access the ISG50 using HTTP or HTTPS. You can also specify which IP addresses the access can come from.
Page 681 Chapter 52 System The following table describes the labels in this screen. Table 274 Configuration > System > WWW > Service Control LABEL DESCRIPTION HTTPS Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the ISG50 Web Configurator using secure HTTPs connections.
Page 682 Chapter 52 System Table 274 Configuration > System > WWW > Service Control (continued) LABEL DESCRIPTION Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the ISG50 Web Configurator using HTTP connections.
Page 683: Service Control Rules
Chapter 52 System 52.7.5 Service Control Rules Click Add or Edit in the Service Control table in a WWW, SSH, Telnet, FTP or SNMP screen to add a service control rule. Figure 453 Configuration > System > Service Control Rule > Edit The following table describes the labels in this screen.
Page 684 Chapter 52 System displays after an access user logs into the Web Configurator to access network services like the Internet. See Chapter 44 on page 599 for more on access user accounts. Figure 454 Configuration > System > WWW > Login Page ISG50 User’s Guide...
Page 685 Chapter 52 System The following figures identify the parts you can customize in the login and access pages. Figure 455 Login Page Customization Title Logo Message (color of all text) Background Note Message (last line of text) Figure 456 Access Page Customization Logo Title Message...
Page 686 Chapter 52 System • Enter a pound sign (#) followed by the six-digit hexadecimal number that represents the desired color. For example, use “#000000” for black. • Enter “rgb” followed by red, green, and blue values in parenthesis and separate by commas. For example, use “rgb(0,0,0)”...
Page 687: Https Example
Chapter 52 System Table 276 Configuration > System > WWW > Login Page LABEL DESCRIPTION Apply Click Apply to save your changes back to the ISG50. Reset Click Reset to return the screen to its last-saved settings. 52.7.7 HTTPS Example If you haven’t changed the default HTTPS port on the ISG50, then in your browser enter “https:// ISG50 IP Address/”...
Page 688 Chapter 52 System 52.7.7.3 Login Screen After you accept the certificate, the ISG50 login screen appears. The lock displayed in the bottom of the browser status bar denotes a secure connection. Figure 458 Login Screen (Internet Explorer) 52.7.7.4 Enrolling and Importing SSL Client Certificates The SSL client needs a certificate if Authenticate Client Certificates is selected on the ISG50.
Page 689 Chapter 52 System 52.7.7.4.1 Installing the CA’s Certificate Double click the CA’s trusted certificate to produce a screen similar to the one shown next. Figure 460 CA Certificate Example Click Install Certificate and follow the wizard as shown earlier in this appendix. 52.7.7.4.2 Installing Your Personal Certificate(s) You need a password in advance.
Page 690 Chapter 52 System Click Next to begin the wizard. Figure 461 Personal Certificate Import Wizard 1 The file name and path of the certificate you double-clicked should automatically appear in the File name text box. Click Browse if you wish to import a different certificate. Figure 462 Personal Certificate Import Wizard 2 ISG50 User’s Guide...
Page 691 Chapter 52 System Enter the password given to you by the CA. Figure 463 Personal Certificate Import Wizard 3 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location. Figure 464 Personal Certificate Import Wizard 4 ISG50 User’s Guide...
Page 692 Chapter 52 System Click Finish to complete the wizard and begin the import process. Figure 465 Personal Certificate Import Wizard 5 You should see the following screen when the certificate is correctly installed on your computer. Figure 466 Personal Certificate Import Wizard 6 52.7.7.5 Using a Certificate When Accessing the ISG50 Example Use the following procedure to access the ISG50 via HTTPS.
Page 693: Ssh
Chapter 52 System When Authenticate Client Certificates is selected on the ISG50, the following screen asks you to select a personal certificate to send to the ISG50. This screen displays even if you only have a single certificate as in the example. Figure 468 SSL Client Authentication You next see the Web Configurator login screen.
Page 694: How Ssh Works
Chapter 52 System following figure, computer A on the Internet uses SSH to securely connect to the WAN port of the ISG50 for a management session. Figure 470 SSH Communication Over the WAN Example 52.8.1 How SSH Works The following figure is an example of how a secure connection is established between two remote hosts using SSH v1.
Page 695: Ssh Implementation On The Isg50
Chapter 52 System Authentication and Data Transmission After the identification is verified and data encryption activated, a secure tunnel is established between the client and the server. The client then sends its authentication information (user name and password) to the server to log in to the server. 52.8.2 SSH Implementation on the ISG50 Your ISG50 supports SSH versions 1 and 2 using RSA authentication and four encryption methods (AES, 3DES, Archfour, and Blowfish).
Page 696: Secure Telnet Using Ssh Examples
Chapter 52 System The following table describes the labels in this screen. Table 277 Configuration > System > SSH LABEL DESCRIPTION Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the ISG50 CLI using this service.
Page 697 Chapter 52 System A window displays prompting you to store the host key in you computer. Click Yes to continue. Figure 473 SSH Example 1: Store Host Key Enter the password to log in to the ISG50. The CLI screen displays next. 52.8.5.2 Example 2: Linux This section describes how to access the ISG50 using the OpenSSH client program that comes with most Linux distributions.
Page 698: Telnet
Chapter 52 System 52.9 Telnet You can use Telnet to access the ISG50’s command line interface. Specify which zones allow Telnet access and from which IP address the access can come. 52.9.1 Configuring Telnet Click Configuration > System > TELNET to configure your ISG50 for remote Telnet access. Use this screen to specify from which zones Telnet can be used to manage the ISG50.
Page 699: Ftp
Chapter 52 System Table 278 Configuration > System > TELNET (continued) LABEL DESCRIPTION This the index number of the service control rule. The entry with a hyphen (-) instead of a number is the ISG50’s (non-configurable) default policy. The ISG50 applies this to traffic that does not match any other configured rule.
Page 700: Snmp
Chapter 52 System The following table describes the labels in this screen. Table 279 Configuration > System > FTP LABEL DESCRIPTION Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the ISG50 using this service.
Page 701 Chapter 52 System one (SNMPv1) and version two (SNMPv2c). The next figure illustrates an SNMP management operation. Figure 478 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ISG50). An agent translates the local management information from the managed device into a form compatible with SNMP.
Page 702: Supported Mibs
Chapter 52 System 52.11.1 Supported MIBs The ISG50 supports MIB II that is defined in RFC-1213 and RFC-1215. The ISG50 also supports private MIBs (ZYXEL-ES-SMI.mib and ZYXEL-ES_COMMON.mib) to collect information about CPU and memory usage and VPN total throughput. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance.
Page 703 Chapter 52 System The following table describes the labels in this screen. Table 281 Configuration > System > SNMP LABEL DESCRIPTION Enable Select the check box to allow or disallow the computer with the IP address that matches the IP address(es) in the Service Control table to access the ISG50 using this service.
Page 704: Language Screen
Chapter 52 System 52.12 Language Screen Click Configuration > System > Language to open the following screen. Use this screen to select a display language for the ISG50’s Web Configurator screens. Figure 480 Configuration > System > Language The following table describes the labels in this screen. Table 282 Configuration >...
Page 705: Log And Report
HAPTER Log and Report 53.1 Overview Use these screens to configure daily reporting and log settings. 53.1.1 What You Can Do In this Chapter • Use the Email Daily Report screen (Section 53.2 on page 705) to configure where and how to send daily reports and what reports to send.
Page 706 Chapter 53 Log and Report Click Configuration > Log & Report > Email Daily Report to display the following screen. Configure this screen to have the ISG50 e-mail you system statistics every day. Figure 481 Configuration > Log & Report > Email Daily Report ISG50 User’s Guide...
Page 707: Log Setting Screens
Chapter 53 Log and Report The following table describes the labels in this screen. Table 283 Configuration > Log & Report > Email Daily Report LABEL DESCRIPTION Enable Email Select this to send reports by e-mail every day. Daily Report Mail Server Type the name or IP address of the outgoing SMTP server.
Page 708: Log Setting Summary
Chapter 53 Log and Report server names, etc.) for any log. Alternatively, if you want to edit what events is included in each log, you can also use the Active Log Summary screen to edit this information for all logs at the same time.
Page 709 Chapter 53 Log and Report Table 284 Configuration > Log & Report > Log Setting (continued) LABEL DESCRIPTION Log Format This field displays the format of the log. Internal - system log; you can view the log on the View Log tab. VRPT/Syslog - ZyXEL’s Vantage Report, syslog-compatible format.
Page 710: Edit System Log Settings
Chapter 53 Log and Report 53.3.2 Edit System Log Settings The Log Settings Edit screen controls the detailed settings for each log in the system log (which includes the e-mail profiles). Go to the Log Settings Summary screen (see Section 53.3.1 on page 708), and click the system log Edit icon.
Page 711 Chapter 53 Log and Report The following table describes the labels in this screen. Table 285 Configuration > Log & Report > Log Setting > Edit (System Log) LABEL DESCRIPTION E-Mail Server 1/2 Active Select this to send log messages and alerts according to the information in this section.
Page 712 Chapter 53 Log and Report Table 285 Configuration > Log & Report > Log Setting > Edit (System Log) (continued) LABEL DESCRIPTION E-mail Server 2 Use the E-Mail Server 2 drop-down list to change the settings for e-mailing logs to e-mail server 2 for all log categories.
Page 713: Edit Log On Usb Storage Setting
Chapter 53 Log and Report 53.3.3 Edit Log on USB Storage Setting The Edit Log on USB Storage Setting screen controls the detailed settings for saving logs to a connected USB storage device. Go to the Log Setting Summary screen (see Section 53.3.1 on page 708, and click the USB storage Edit icon.
Page 714 Chapter 53 Log and Report Table 286 Configuration > Log & Report > Log Setting > Edit (USB Storage) (continued) LABEL DESCRIPTION Selection Select what information you want to log from each Log Category (except All Logs; see below). Choices are: disable all logs (red X) - do not log any information from this category enable normal logs (green check mark) - log regular information and alerts from this category...
Page 715: Edit Remote Server Log Settings
Chapter 53 Log and Report 53.3.4 Edit Remote Server Log Settings The Log Settings Edit screen controls the detailed settings for each log in the remote server (syslog). Go to the Log Settings Summary screen (see Section 53.3.1 on page 708), and click a remote server Edit icon.
Page 716: Active Log Summary Screen
Chapter 53 Log and Report The following table describes the labels in this screen. Table 287 Configuration > Log & Report > Log Setting > Edit (Remote Server) LABEL DESCRIPTION Log Settings for Remote Server Active Select this check box to send log information according to the information in this section. You specify what kinds of messages are included in log information in the Active Log section.
Page 717 Chapter 53 Log and Report names).To access this screen, go to the Log Settings Summary screen (see Section 53.3.1 on page 708), and click the Active Log Summary button. Figure 486 Active Log Summary This screen provides a different view and a different way of indicating which messages are included in each log and each alert.
Page 718 Chapter 53 Log and Report Table 288 Configuration > Log & Report > Log Setting > Active Log Summary (continued) LABEL DESCRIPTION E-mail Server 1 Use the E-Mail Server 1 drop-down list to change the settings for e-mailing logs to e-mail server 1 for all log categories.
Page 719 Chapter 53 Log and Report Table 288 Configuration > Log & Report > Log Setting > Active Log Summary (continued) LABEL DESCRIPTION Remote Server For each remote server, select what information you want to log from each Log Category (except All Logs; see below). Choices are: disable all logs (red X) - do not log any information from this category enable normal logs (green check mark) - log regular information and alerts from this category...
Page 720: Call Detail Record (Cdr)
HAPTER Call Detail Record (CDR) 54.1 Overview This chapter shows you how to collect and manage Call Detail Records (CDRs) on the ISG50. Call Detail Records (CDRs) are telephone records containing details such as the time of call, duration of call, source telephone number and so on. The ISG50 has a built in CDR database that automatically stores calls made to or from its extensions.
Page 721: The Cdr Configuration Screen
Chapter 54 Call Detail Record (CDR) CDR Database Management via PostgreSQL PostgreSQL is a database management system based on SQL (Structured Query Language). You can configure a PostgreSQL server to collect CDRs from the ISG50 and expand the capacity of telephone records you can collect and review.
Page 722: Configure Your Remote Server
Chapter 54 Call Detail Record (CDR) Each field is described in the following table. Table 289 CDR > Configuration LABEL DESCRIPTION CDR Setting Database Usage This field indicates the percentage of records currently held by the database. When the local database is full, the ISG50 removes all the CDRs from the local database and creates an “Aged File”...
Page 723 Chapter 54 Call Detail Record (CDR) Move the cdr.sql file to “PostgreSQL installed directory”/bin and change to this directory and execute the following command: psql -h localhost -U sqlzyxel < cdr.sql After the script is successfully applied, your PostgreSQL server can work with the ISG50. ISG50 User’s Guide...
Page 724 Chapter 54 Call Detail Record (CDR) ISG50 User’s Guide...
Page 725: File Manager
HAPTER File Manager 55.1 Overview Configuration files define the ISG50’s settings. Shell scripts are files of commands that you can store on the ISG50 and run when you need them. You can apply a configuration file or run a shell script without the ISG50 restarting.
Page 726 Chapter 55 File Manager These files have the same syntax, which is also identical to the way you run CLI commands manually. An example is shown below. Figure 488 Configuration File / Shell Script: Example # enter configuration mode configure terminal # change administrator password username admin password 4321 user-type admin # configure lan1...
Page 727: The Configuration File Screen
Chapter 55 File Manager Line 3 in the following example exits sub command mode. interface wan1 ip address dhcp Lines 1 and 3 in the following example are comments and line 4 exits sub command mode. interface wan1 # this interface is a DHCP client Lines 1 and 2 are comments.
Page 728 Chapter 55 File Manager Configuration File Flow at Restart • If there is not a startup-config.conf when you restart the ISG50 (whether through a management interface or by physically turning the power off and back on), the ISG50 uses the system-default.conf configuration file with the ISG50’s default settings.
Page 729 Chapter 55 File Manager The following table describes the labels in this screen. Table 291 Maintenance > File Manager > Configuration File LABEL DESCRIPTION Rename Use this button to change the label of a configuration file on the ISG50. You can only rename manually saved configuration files.
Page 730 Chapter 55 File Manager Table 291 Maintenance > File Manager > Configuration File (continued) LABEL DESCRIPTION Apply Use this button to have the ISG50 use a specific configuration file. Click a configuration file’s row to select it and click Apply to have the ISG50 use that configuration file.
Page 731: The Firmware Package Screen
Chapter 55 File Manager Table 291 Maintenance > File Manager > Configuration File (continued) LABEL DESCRIPTION File Name This column displays the label that identifies a configuration file. You cannot delete the following configuration files or change their file names. The system-default.conf file contains the ISG50’s default settings.
Page 732 Chapter 55 File Manager The firmware update can take up to five minutes. Do not turn off or reset the ISG50 while the firmware update is in progress! Figure 493 Maintenance > File Manager > Firmware Package The following table describes the labels in this screen. Table 292 Maintenance >...
Page 733: The Shell Script Screen
Chapter 55 File Manager After five minutes, log in again and check your new firmware version in the HOME screen. If the upload was not successful, the following message appears in the status bar at the bottom of the screen. Figure 496 Firmware Upload Error 55.4 The Shell Script Screen Use shell script files to have the ISG50 use commands that you specify.
Page 734 Chapter 55 File Manager Each field is described in the following table. Table 293 Maintenance > File Manager > Shell Script LABEL DESCRIPTION Rename Use this button to change the label of a shell script file on the ISG50. You cannot rename a shell script to the name of another shell script in the ISG50. Click a shell script’s row to select it and click Rename to open the Rename File screen.
Page 735 Chapter 55 File Manager Table 293 Maintenance > File Manager > Shell Script (continued) LABEL DESCRIPTION Upload The bottom part of the screen allows you to upload a new or previously saved shell Shell Script script file from your computer to your ISG50. File Path Type in the location of the file you want to upload in this field or click Browse ...
Page 736 Chapter 55 File Manager ISG50 User’s Guide...
Page 737: Diagnostics
HAPTER Diagnostics 56.1 Overview Use the diagnostics screens for troubleshooting. 56.1.1 What You Can Do in this Chapter • Use the screen (see Section 56.2 on page 737) to generate a file Maintenance > Diagnostics containing the ISG50’s configuration and diagnostic information if you need to provide it to customer support during troubleshooting.
Page 738: The Diagnostics Files Screen
Chapter 56 Diagnostics The following table describes the labels in this screen. Table 294 Maintenance > Diagnostics LABEL DESCRIPTION Filename This is the name of the most recently created diagnostic file. Last modified This is the date and time that the last diagnostic file was created. The format is yyyy-mm-dd hh:mm:ss.
Page 739: The Packet Capture Screen
Chapter 56 Diagnostics 56.3 The Packet Capture Screen Use this screen to capture network traffic going through the ISG50’s interfaces. Studying these packet captures may help you identify network problems. Click Maintenance > Diagnostics > Packet Capture to open the packet capture screen. Note: New capture files overwrite existing files of the same name.
Page 740 Chapter 56 Diagnostics Table 296 Maintenance > Diagnostics > Packet Capture (continued) LABEL DESCRIPTION Host Port This field is configurable when you set the IP Type to any, tcp, or udp. Specify the port number of traffic to capture. Continuously capture Select this to have the ISG50 keep capturing traffic and overwriting old and overwrite old ones packet capture entries when the available storage space runs out.
Page 741: The Packet Capture Files Screen
Chapter 56 Diagnostics Table 296 Maintenance > Diagnostics > Packet Capture (continued) LABEL DESCRIPTION Capture Click this button to have the ISG50 capture packets according to the settings configured in this screen. You can configure the ISG50 while a packet capture is in progress although you cannot modify the packet capture settings.
Page 742: Example Of Viewing A Packet Capture File
Chapter 56 Diagnostics Table 297 Maintenance > Diagnostics > Packet Capture > Files (continued) LABEL DESCRIPTION File Name This column displays the label that identifies the file. The file name format is interface name-file suffix.cap. Size This column displays the size (in bytes) of a configuration file. Last Modified This column displays the date and time that the individual files were saved.
Page 743: Core Dump Files Screen
Chapter 56 Diagnostics Click Maintenance > Diagnostics > Core Dump to open the following screen. Figure 505 Maintenance > Diagnostics > Core Dump The following table describes the labels in this screen. Table 298 Maintenance > Diagnostics > Core Dump LABEL DESCRIPTION Save core dump to USB...
Page 744: The System Log Screen
Chapter 56 Diagnostics The following table describes the labels in this screen. Table 299 Maintenance > Diagnostics > Core Dump > Files LABEL DESCRIPTION Remove Select files and click Remove to delete them from the ISG50. Use the [Shift] and/or [Ctrl] key to select multiple files.
Page 745: Packet Flow Explore
HAPTER Packet Flow Explore 57.1 Overview Use this to get a clear picture on how the ISG50 determines where to forward a packet and how to change the source IP address of the packet according to your current settings. This function provides you a summary of all your routing and SNAT settings and helps troubleshoot any related problems.
Page 746 Chapter 57 Packet Flow Explore Note: Once a packet matches the criteria of a routing rule, the ISG50 takes the corresponding action and does not perform any further flow checking. Figure 508 Maintenance > Packet Flow Explore > Routing Status (Direct Route) Figure 509 Maintenance >...
Page 747 Chapter 57 Packet Flow Explore Figure 511 Maintenance > Packet Flow Explore > Routing Status (SitetoSite VPN) Figure 512 Maintenance > Packet Flow Explore > Routing Status (Dynamic VPN) Figure 513 Maintenance > Packet Flow Explore > Routing Status (Static-Dynamic Route) ISG50 User’s Guide...
Page 748 Chapter 57 Packet Flow Explore Figure 514 Maintenance > Packet Flow Explore > Routing Status (Default WAN Trunk) Figure 515 Maintenance > Packet Flow Explore > Routing Status (Main Route) The following table describes the labels in this screen. Table 301 Maintenance > Packet Flow Explore > Routing Status LABEL DESCRIPTION Routing Flow...
Page 749 Chapter 57 Packet Flow Explore Table 301 Maintenance > Packet Flow Explore > Routing Status (continued) LABEL DESCRIPTION Metric This is the route’s priority among the displayed routes. Flags This indicates additional information for the route. The possible flags are: •...
Page 750: The Snat Status Screen
Chapter 57 Packet Flow Explore Table 301 Maintenance > Packet Flow Explore > Routing Status (continued) LABEL DESCRIPTION System This section displays information about traffic originating from the ISG50 itself. Service Traffic This field is a sequential value, and it is not associated with any entry. Source This is the source IP address(es) from which the packets are sent.
Page 751 Chapter 57 Packet Flow Explore Note: Once a packet matches the criteria of an SNAT rule, the ISG50 takes the corresponding action and does not perform any further flow checking. Figure 516 Maintenance > Packet Flow Explore > SNAT Status (Policy Route SNAT) Figure 517 Maintenance >...
Page 752 Chapter 57 Packet Flow Explore The following table describes the labels in this screen. Table 302 Maintenance > Packet Flow Explore > SNAT Status LABEL DESCRIPTION SNAT Flow This section shows you the flow of how the ISG50 changes the source IP address for a packet according to the rules you have configured in the ISG50.
Page 753: Reboot
HAPTER Reboot 58.1 Overview Use this to restart the device (for example, if the device begins behaving erratically). See also Section 1.7 on page 35 for information on different ways to start and stop the ISG50. 58.1.1 What You Need To Know If you applied changes in the Web configurator, these were saved automatically and do not change when you reboot.
Page 754 Chapter 58 Reboot ISG50 User’s Guide...
Page 755: Shutdown
HAPTER Shutdown 59.1 Overview Use this to shutdown the device in preparation for disconnecting the power. See also Section 1.7 on page 35 for information on different ways to start and stop the ISG50. Always use the Maintenance > Shutdown > Shutdown screen or the “shutdown”...
Page 756 Chapter 59 Shutdown ISG50 User’s Guide...
Page 757: Extension Portal
HAPTER Extension Portal 60.1 Overview Use the extension portal to make calls via the web phone and manage settings for individual users. The extension portal is a HTML-based phone as well as a management tool that allows users to manage some of the settings related to their telephone extension. Each extension created on the ISG50 has an associated account which allows it to log into the extension portal.
Page 758: What You Need To Know
Chapter 60 Extension Portal • Use the Call Recording screen to play back calls you recorded on your extension. See Section 60.6 on page 764 60.1.2 What You Need to Know The following terms and concepts may help you as you read through the chapter. Extension Portal Login Open Internet Explorer (the extension portal supports Internet Explorer).
Page 759: Web Phone
Chapter 60 Extension Portal 60.2 Web Phone Use this screen to make calls from the web phone. To access this screen, click the Web Phone tab in the extension portal. Figure 525 Web Phone Each field is described in the following table. Table 303 Web Phone LABEL DESCRIPTION...
Page 760: Peer Info
Chapter 60 Extension Portal 60.3 Peer Info Use this screen to manage the passwords associated with your extension. To access this screen, click Peer info. Note: Some of the fields are not applicable for FXS extensions and do not display when analog phone users log into the personal extension portal.
Page 761: Call Forwarding And Blocking
Chapter 60 Extension Portal 60.4 Call Forwarding and Blocking Use this screen to set up call forwarding and call blocking rules for your extension. To access this screen, click Forward/Block in the extension portal. Figure 527 Forward/Block ISG50 User’s Guide...
Page 762 Chapter 60 Extension Portal Each field is described in the following table. Table 305 Forward/Block LABEL DESCRIPTION Call Forward Use this section to configure call forwarding settings for your extension. Settings Office Hour The ISG50 has separate rules for call forwarding during office hours than after office hours.
Page 763: Voice Mail Settings
Chapter 60 Extension Portal Table 305 Forward/Block (continued) LABEL DESCRIPTION No Answer Select Disable to turn this feature off for this extension. Forward Select Enable to forward all incoming calls to the extensions specified in the Find Me List when this extension is not answered within the default ring time. Use the Add, Edit, and Remove icons to create, modify, or delete Find Me List entries.
Page 764: Call Recording
Chapter 60 Extension Portal Each field is described in the following table. Table 306 Voice Mail LABEL DESCRIPTION Received E-mail Specify the e-mail address you want to forward your voice message notifications to. If you Address select the Attached Voice File option, then complete voice messages are sent to this e- mail address.
Page 765: Troubleshooting
HAPTER Troubleshooting This chapter offers some suggestions to solve problems you might encounter. • You can also refer to the logs (see Chapter 10 on page 220). For individual log descriptions, see the User’s Guide appendix Appendix A on page 775.
Page 766 Chapter 61 Troubleshooting • If you’ve forgotten the ISG50’s IP address, you can use the commands through the console port to check it. Connect your computer to the CONSOLE port using a console cable. Your computer should have a terminal emulation communications program (such as HyperTerminal) set to VT100 terminal emulation, no parity, 8 data bits, 1 stop bit, no flow control and 115200 bps port speed.
Page 767 Chapter 61 Troubleshooting • The format of interface names other than the Ethernet interface names is very strict. Each name consists of 2-4 letters (interface type), followed by a number (x, limited by the maximum number of each type of interface). For example, VLAN interfaces are vlan0, vlan1, vlan2, ...; and so on.
Page 768 Chapter 61 Troubleshooting • Make sure the cellular interface has the correct user name, password, and PIN code configured with the correct casing. • If the ISG50 has multiple WAN interfaces, make sure their IP addresses are on different subnets. I cannot configure a particular VLAN interface on top of an Ethernet interface even though I have it configured it on top of another Ethernet interface.
Page 769 Chapter 61 Troubleshooting • You may need to configure the DDNS entry’s IP Address setting to Auto if the interface has a dynamic IP address or there are one or more NAT routers between the ISG50 and the DDNS server. •...
Page 770 Chapter 61 Troubleshooting • The ISG50’s local and peer ID type and content must match the remote IPSec router’s peer and local ID type and content, respectively. • The ISG50 and remote IPSec router must use the same active protocol. •...
Page 771 Chapter 61 Troubleshooting The ISG50 automatically updates address objects based on an interface’s IP address, subnet, or gateway if the interface’s IP address settings change. However, you need to manually edit any address objects for your LAN that are not based on the interface. I cannot get the RADIUS server to authenticate the ISG50‘s default admin account.
Page 772 Chapter 61 Troubleshooting • Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates. • PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses lowercase letters, uppercase letters and numerals to convert a binary X.509 certificate into a printable form. •...
Page 773 Chapter 61 Troubleshooting The commands in my configuration file or shell script are not working properly. • In a configuration file or shell script, use “#” or “!” as the first character of a command line to have the ISG50 treat the line as a comment. •...
Page 774: Resetting The Isg50
Chapter 61 Troubleshooting 61.1 Resetting the ISG50 If you cannot access the ISG50 by any method, try restarting it by turning the power off and then on again. If you still cannot access the ISG50 by any method or you forget the administrator password(s), you can reset the ISG50 to its factory-default settings.
Page 775: Appendix A Log Descriptions
PP EN D I X Log Descriptions This appendix provides descriptions of example log messages for the ISG50. The logs do not all apply to all of the ISG50s. You will not necessarily see all of these logs in your device. The PBX call service logs deal with call service errors.
Page 776 Appendix A Log Descriptions Table 308 PBX Call Service Logs (continued) LOG MESSAGE DESCRIPTION Conference licenses have reached the maximun number of %d. The call was reject due to there are % memebrs 1st %s: Conference license number in conference. The call was rejected because there are % memebrs in conference The call was reject due room %s .
Page 777 Appendix A Log Descriptions The PBX dialplan logs deal with dialplan information and errors.. Table 310 PBX Dialplan Logs LOG MESSAGE DESCRIPTION The call failed because the ACD agent was busy. ACD agent %s called to extension %s has failed 1st %s: Agent number due to extension is 2nd %s: Extension Number...
Page 778 Appendix A Log Descriptions Table 310 PBX Dialplan Logs (continued) LOG MESSAGE DESCRIPTION A call from the specified extenstion was blocked because it did not The call from extension provide caller ID. %s was blocked due to no caller ID. A call was blocked because the caller ID is in the callee’s block list.
Page 779 Appendix A Log Descriptions Table 310 PBX Dialplan Logs (continued) LOG MESSAGE DESCRIPTION The incoming call dialed an invalid number. The incoming call dials number is an invalid number The caller did not dial any number in the Auto-Attendant menu The incoming call does before the time out period.
Page 780 Appendix A Log Descriptions Table 310 PBX Dialplan Logs (continued) LOG MESSAGE DESCRIPTION The listed mobile extension failed to log on because the PIN code Mobile extension %s was not input properly. logon failed. The inputing PIN code is 1st %s: Mobile extension number incorrect.
Page 781 Appendix A Log Descriptions The PBX SIP logs deal with SIP information and errors. Table 311 PBX SIP Logs LOG MESSAGE DESCRIPTION The call was rejected becaure it exceeded the call limit. The call %s peer '%s' was rejected due to the 1st %s: Call direction, from or to call reaches the call 2nd%s: Peer name,...
Page 782 Appendix A Log Descriptions Table 311 PBX SIP Logs (continued) LOG MESSAGE DESCRIPTION There was an SDP processing error. Call rejected due to SDP issue (Got "488 Not acceptable here"). The call was rejected because of unacceptable codecs (received a Call rejected due to 488 Not acceptable here SIP reply).
Page 783 Appendix A Log Descriptions Table 311 PBX SIP Logs (continued) LOG MESSAGE DESCRIPTION The ISG50 received an unknown SIP response. Unknown SIP response. Response code: %d. 1st %d: Response code Response method: %s. 1st %s: Response method Address: %s. 2nd %s: Address The listed extension’s registration failed.
Page 784 Appendix A Log Descriptions The PBX trunk logs deal with the SIP trunk being disconnected or recovered. Table 312 PBX Trunk Logs LOG MESSAGE DESCRIPTION The SIP trunk %s is disconnected. The SIP trunk %s is disconnected. 1st %s: SIP Trunk name The SIP trunk %s has been disconnected for over %d mins.
Page 785 Appendix A Log Descriptions Table 314 PBX Physical Port Logs (continued) LOG MESSAGE DESCRIPTION The listed FXO port is offline. FXO port %u is down. 1st %u: Port number FXS module initialization succeeded. FXS initialization has succeeded. FXS module initialization failed. FXS initialization has failed.
Page 786 Appendix A Log Descriptions Table 315 PBX Default Logs (continued) LOG MESSAGE DESCRIPTION The ISG50 tried to perform an automatic LDAP phonebook update Phonebook LDAP server and found that the LDAP server Base DN was not configured. Base DN is empty. The LDAP phonebook refresh failed because the LDAP server was LDAP phonebook refresh not active.
Page 787 Appendix A Log Descriptions Table 315 PBX Default Logs (continued) LOG MESSAGE DESCRIPTION An extension portal login attempt failed due to the extesion being Failed login attempt to blank. Extension Portal due to the extesion is blank The user of the specified extension {Extension Number} has logged Extension [%s] has into the extension portal.
Page 788 Appendix A Log Descriptions Table 316 ZySH Logs (continued) LOG MESSAGE DESCRIPTION 1st:zysh list name can't get reference count: %s! 1st:zysh entry name can't print entry name: 1st:zysh entry name Can't append entry: %s! 1st:zysh entry name Can't set entry: %s! 1st:zysh entry name Can't define entry: %s! 1st:zysh list name...
Page 789 Appendix A Log Descriptions Table 317 ADP Logs LOG MESSAGE DESCRIPTION The ISG50 detected an anomaly in traffic traveling between the from <zone> to <zone> specified zones. [type=<type>] <message> , Action: <action>, The <type> = {scan-detection(<attack>) | flood- Severity: <severity> detection(<attack>) | http-inspection(<attack>) | tcp- decoder(<attack>)}.
Page 790 Appendix A Log Descriptions Table 318 User Logs LOG MESSAGE DESCRIPTION A user logged into the ISG50. %s %s from %s has logged in ISG50 1st %s: The type of user account. 2nd %s: The user’s user name. 3rd %s: The name of the service the user is using (HTTP, HTTPS, FTP, Telnet, SSH, or console).
Page 791 Appendix A Log Descriptions Table 318 User Logs (continued) LOG MESSAGE DESCRIPTION The ISG50 blocked a login because the maximum simultaneous Failed login attempt to login capacity for the administrator or access account has already ISG50 from %s (reach been reached. the max.
Page 792 Appendix A Log Descriptions Table 319 myZyXEL.com Logs (continued) LOG MESSAGE DESCRIPTION The device received an incomplete response from the myZyXEL.com Trial service server and it caused a parsing error for the device. activation has failed. Because of lack must fields.
Page 793 Appendix A Log Descriptions Table 319 myZyXEL.com Logs (continued) LOG MESSAGE DESCRIPTION The device could not process an HTTPS connection because it could Verify server's not verify the myZyXEL.com server's certificate. The update has certificate has stopped. failed. Update stop. The device’s attempt to send a download message to the update Send download request server failed.
Page 794 Appendix A Log Descriptions Table 319 myZyXEL.com Logs (continued) LOG MESSAGE DESCRIPTION The daily check for service expiration failed, an error message Expiration daily- returned by the MyZyXEL.com server will be appended to this log. check has failed:%s. %s: error message returned by myZyXEL.com server The device received an incomplete response to the daily service Do expiration daily- expiration check and the packets caused a parsing error for the...
Page 795 Appendix A Log Descriptions Table 319 myZyXEL.com Logs (continued) LOG MESSAGE DESCRIPTION Verification of a server’s certificate failed while processing an HTTPS Certification connection. This log identifies the reason for the failure. verification failed: Depth: %d, Error 1st %d: certificate chain level Number(%d):%s.
Page 796 Appendix A Log Descriptions Table 320 IKE Logs (continued) LOG MESSAGE DESCRIPTION %s is the tunnel name. When negotiating Phase-2 and checking IPsec [ID] : Tunnel [%s] SAs or the ID is IPv6 ID. Phase 2 Remote ID mismatch %s is the tunnel name. When negotiating Phase-1, the peer tunnel IP [ID] : Tunnel [%s] did not match the secure gateway address in VPN gateway.
Page 797 Appendix A Log Descriptions Table 320 IKE Logs (continued) LOG MESSAGE DESCRIPTION %s is the tunnel name. When negotiating Phase-2, the SA protocol [SA] : Tunnel [%s] did not match. Phase 2 SA protocol mismatch %s is the tunnel name. When negotiating Phase-2, the SA sequence [SA] : Tunnel [%s] SA size did not match.
Page 798 Appendix A Log Descriptions Table 320 IKE Logs (continued) LOG MESSAGE DESCRIPTION Indicates the initiator/responder cookie pair. The cookie pair is : 0x%08x%08x / 0x%08x%08x %s is the tunnel name. When dialing a tunnel, the tunnel is already The IPSec tunnel "%s" dialed.
Page 799 Appendix A Log Descriptions Table 320 IKE Logs (continued) LOG MESSAGE DESCRIPTION The variables represent the phase 1 name and tunnel name. The Tunnel [%s:%s] device sent an IKE request. Sending IKE request The variables represent the tunnel name and the SPI of a tunnel that Tunnel [%s:0x%x] is was disconnected.
Page 800 Appendix A Log Descriptions Table 322 Firewall Logs LOG MESSAGE DESCRIPTION 1st variable is the global index of rule, 2nd is the from zone, priority:%lu, from %s to %s, service %s, %s 3rd is the to zone, 4th is the service name, 5th is ACCEPT/DROP/ REJECT.
Page 801 Appendix A Log Descriptions Table 324 Policy Route Logs LOG MESSAGE DESCRIPTION Policy routing can't activate BWM feature. Can't open bwm_entries Policy routing can't detect link up/down status. Can't open link_down User-aware policy routing is disabled due to some reason. Cannot get handle from UAM, user-aware PR is disabled...
Page 802 Appendix A Log Descriptions Table 324 Policy Route Logs (continued) LOG MESSAGE DESCRIPTION An interface came back up so the ISG50 will use the related policy Interface %s alive, route rules again. related policy route rules will be re- enabled An interface went down so the ISG50 will stop using the related Interface %s dead, policy route rules.
Page 803 Appendix A Log Descriptions Table 325 Built-in Services Logs (continued) LOG MESSAGE DESCRIPTION An administrator changed the port number for TELNET. TELNET port has been changed to port %s. %s is port number assigned by user An administrator changed the port number for TELNET back to the TELNET port has been default (23).
Page 804 Appendix A Log Descriptions Table 325 Built-in Services Logs (continued) LOG MESSAGE DESCRIPTION An administrator appended a new rule. DNS access control rule %u has been %u is rule number appended An administrator modified the rule %u. DNS access control rule %u has been %u is rule number modified...
Page 805 Appendix A Log Descriptions Table 325 Built-in Services Logs (continued) LOG MESSAGE DESCRIPTION A new built-in service access control rule was appended. Access control rule %u of %s was appended. %u is the index of the access control rule. %s is HTTP/HTTPS/SSH/SNMP/FTP/TELNET. An access control rule was inserted successfully.
Page 806 Appendix A Log Descriptions Table 326 System Logs (continued) LOG MESSAGE DESCRIPTION DHCP Server executed with cautious mode enabled. DHCP Server executed with cautious mode enabled DHCP Server executed with cautious mode disabled. DHCP Server executed with cautious mode disabled A packet was received but it is not an ARP response packet.
Page 807 Appendix A Log Descriptions Table 326 System Logs (continued) LOG MESSAGE DESCRIPTION The device was not able to synchronize with the NTP time server NTP update failed successfully. An administrator restarted the device. Device is rebooted by administrator! Cannot allocate system memory. Insufficient memory.
Page 808 Appendix A Log Descriptions Table 326 System Logs (continued) LOG MESSAGE DESCRIPTION Update profile failed because the feature requested is only available Update the profile %s to donators, %s is the profile name. has failed because the feature requested is only available to donators.
Page 809 Appendix A Log Descriptions Table 326 System Logs (continued) LOG MESSAGE DESCRIPTION Rename DDNS profile, 1st %s is the original profile name, 2nd %s is DDNS profile %s has the new profile name. been renamed as %s. Delete DDNS profile, %s is the profile name, DDNS profile %s has been deleted.
Page 810 Appendix A Log Descriptions Table 327 Connectivity Check Logs (continued) LOG MESSAGE DESCRIPTION The link status of interface is still activate after check of connectivity The connectivity- check process. check is activate for %s interface %s: interface name The link status of interface is fail after check of connectivity check The connectivity- process.
Page 811 Appendix A Log Descriptions Table 327 Connectivity Check Logs (continued) LOG MESSAGE DESCRIPTION The interface routing can forward packet. The %s routing status seted ACTIVATE by %s: interface name connectivity-check The specified interface failed a connectivity check. The link status of %s interface is inactive Table 328 Routing Protocol Logs LOG MESSAGE...
Page 812 Appendix A Log Descriptions Table 328 Routing Protocol Logs (continued) LOG MESSAGE DESCRIPTION RIP text authentication key has been deleted. RIP text authentication key has been deleted. RIP md5 authentication id and key have been deleted. RIP md5 authentication id and key have been deleted.
Page 813 Appendix A Log Descriptions Table 328 Routing Protocol Logs (continued) LOG MESSAGE DESCRIPTION Virtual-link %s authentication has been set to same-as-area but the Invalid OSPF virtual- area has invalid authentication configuration. %s: Virtual-Link ID link %s authentication of area %s. Invalid OSPF md5 authentication is set on interface %s.
Page 814 Appendix A Log Descriptions Table 330 PKI Logs LOG MESSAGE DESCRIPTION The router created an X509 format certificate with the specified Generate name. X509certifiate "%s" successfully The router was not able to create an X509 format certificate with the Generate X509 specified name.
Page 815 Appendix A Log Descriptions Table 330 PKI Logs (continued) LOG MESSAGE DESCRIPTION The device imported a PKCS#7 format certificate into My Certificates. Import PKCS#7 %s is the certificate request name. certificate "%s" into "My Certificate" successfully The device imported a PKCS#7 format certificate into Trusted Import PKCS#7 Certificates.
Page 816 Appendix A Log Descriptions Table 331 Certificate Path Verification Failure Reason Codes CODE DESCRIPTION Algorithm mismatch between the certificate and the search constraints. Key usage mismatch between the certificate and the search constraints. Certificate was not valid in the time interval. (Not used) Certificate is not valid.
Page 817 Appendix A Log Descriptions Table 332 Interface Logs (continued) LOG MESSAGE DESCRIPTION An administrator added a new interface. %s: interface name. Interface %s has been added. An administrator enabled an interface. %s: interface name. Interface %s is enabled. An administrator disabled an interface. %s: interface name. Interface %s is disabled.
Page 818 Appendix A Log Descriptions Table 332 Interface Logs (continued) LOG MESSAGE DESCRIPTION MS-CHAP authentication failed (the server must support MS-CHAP Interface %s connect and verify that the authentication failed, this does not include cases failed: MS-CHAP where the server does not support MS-CHAP). %s: interface name. authentication failed.
Page 819 Appendix A Log Descriptions Table 332 Interface Logs (continued) LOG MESSAGE DESCRIPTION You entered the correct PUK code and unlocked the SIM card for the "SIM card has been cellular device associated with the listed cellular interface (%d). successfully unlocked by PUK code on interface cellular%d.
Page 820 Appendix A Log Descriptions Table 332 Interface Logs (continued) LOG MESSAGE DESCRIPTION The cellular device (identified by its manufacturer and model) has "Cellular device [%s been removed from the specified slot. %s] has been removed from %s. You need to manually enter the password for the listed cellular Interface cellular%d interface (%d).
Page 821 Appendix A Log Descriptions Table 332 Interface Logs (continued) LOG MESSAGE DESCRIPTION A reserved pre-fix was not permitted to be used in an interface name. Configured interface name match reserved prefix. A duplicate name was not permitted for an interface. Duplicated interface name.
Page 822 Appendix A Log Descriptions Table 332 Interface Logs (continued) LOG MESSAGE DESCRIPTION This log is sent to the VRPT server to show the specified PPP/Cellular name=%s,status=%s,TxP interface’s statistics and uptime. kts=%u, RxPkts=%u,Colli.=%u,T The arguments represent the interface name, interface status, xB/s=%u, interface Tx packets, interface Rx packets, interface collision packets, RxB/s=%u,UpTime=%s...
Page 823 Appendix A Log Descriptions Table 335 Force Authentication Logs LOG MESSAGE DESCRIPTION Force user authentication will be turned on because HTTP server was Force User turned on. Authentication will be enabled due to http server is enabled. Force user authentication will be turned off because HTTP server was Force User turned off.
Page 824 Appendix A Log Descriptions Table 337 DHCP Logs LOG MESSAGE DESCRIPTION Can't find any lease for this All of the IP addresses in the DHCP pool are already assigned to client - %s, DHCP pool full! DHCP clients, so there is no IP address to give to the listed DHCP client.
Page 825 Appendix A Log Descriptions Table 339 IP-MAC Binding Logs LOG MESSAGE DESCRIPTION Drop packet %s- The IP-MAC binding feature dropped an Ethernet packet. The %u.%u.%u.%u- interface the packet came in through and the sender’s IP address and %02X:%02X:%02X:%02X: MAC address are also shown. %02X:%02X Cannot bind ip-mac from The IP-MAC binding feature could not create an IP-MAC binding hash...
Page 826 Appendix A Log Descriptions ISG50 User’s Guide...
Page 827: Appendix B Common Services
PP EN D I X Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. •...
Page 828 Appendix B Common Services Table 341 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION HTTP Hyper Text Transfer Protocol - a client/ server protocol for the world wide web. HTTPS HTTPS is a secured http session often used in e-commerce. ICMP User-Defined Internet Control Message Protocol is often...
Page 829 Appendix B Common Services Table 341 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SMTP Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another. SNMP TCP/UDP Simple Network Management Program.
Page 830 Appendix B Common Services ISG50 User’s Guide...
Page 831: Appendix C Importing Certificates
PP EN D I X Importing Certificates This appendix shows you how to import public key certificates into your web browser. Public key certificates are used by web browsers to ensure that a secure web site is legitimate. When a certificate authority such as VeriSign, Comodo, or Network Solutions, to name a few, receives a certificate request from a website operator, they confirm that the web domain and contact information in the request match those on public record with a domain name registrar.
Page 832 Appendix C Importing Certificates If your device’s Web Configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. Figure 530 Internet Explorer 7: Certification Error Click Continue to this website (not recommended). Figure 531 Internet Explorer 7: Certification Error In the Address Bar, click Certificate Error >...
Page 833 Appendix C Importing Certificates In the Certificate dialog box, click Install Certificate. Figure 533 Internet Explorer 7: Certificate In the Certificate Import Wizard, click Next. Figure 534 Internet Explorer 7: Certificate Import Wizard ISG50 User’s Guide...
Page 834 Appendix C Importing Certificates If you want Internet Explorer to Automatically select certificate store based on the type of certificate, click Next again and then go to step 9. Figure 535 Internet Explorer 7: Certificate Import Wizard Otherwise, select Place all certificates in the following store and then click Browse. Figure 536 Internet Explorer 7: Certificate Import Wizard In the Select Certificate Store dialog box, choose a location in which to save the certificate and then click OK.
Page 835 Appendix C Importing Certificates In the Completing the Certificate Import Wizard screen, click Finish. Figure 538 Internet Explorer 7: Certificate Import Wizard 10 If you are presented with another Security Warning, click Yes. Figure 539 Internet Explorer 7: Security Warning 11 Finally, click OK when presented with the successful certificate installation message.
Page 836 Appendix C Importing Certificates 12 The next time you start Internet Explorer and go to a ZyXEL Web Configurator page, a sealed padlock icon appears in the address bar. Click it to view the page’s Website Identification information. Figure 541 Internet Explorer 7: Website Identification Installing a Stand-Alone Certificate File in Internet Explorer Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you.
Page 837 Appendix C Importing Certificates In the security warning dialog box, click Open. Figure 543 Internet Explorer 7: Open File - Security Warning Refer to steps 4-12 in the Internet Explorer procedure beginning on page 831 to complete the installation process. Removing a Certificate in Internet Explorer This section shows you how to remove a public key certificate in Internet Explorer 7.
Page 838 Appendix C Importing Certificates In the Internet Options dialog box, click Content > Certificates. Figure 545 Internet Explorer 7: Internet Options In the Certificates dialog box, click the Trusted Root Certificates Authorities tab, select the certificate that you want to delete, and then click Remove. Figure 546 Internet Explorer 7: Certificates ISG50 User’s Guide...
Page 839 Appendix C Importing Certificates In the Certificates confirmation, click Yes. Figure 547 Internet Explorer 7: Certificates In the Root Certificate Store dialog box, click Yes. Figure 548 Internet Explorer 7: Root Certificate Store The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.
Page 840 Appendix C Importing Certificates Select Accept this certificate permanently and click OK. Figure 549 Firefox 2: Website Certified by an Unknown Authority The certificate is stored and you can now connect securely to the Web Configurator. A sealed padlock appears in the address bar, which you can click to open the Page Info > Security window to view the web page’s security information.
Page 841 Appendix C Importing Certificates Open Firefox and click Tools > Options. Figure 551 Firefox 2: Tools Menu In the Options dialog box, click Advanced > Encryption > View Certificates. Figure 552 Firefox 2: Options ISG50 User’s Guide...
Page 842 Appendix C Importing Certificates In the Certificate Manager dialog box, click Web Sites > Import. Firefox 2: Certificate Manager Figure 553 Use the Select File dialog box to locate the certificate and then click Open. Firefox 2: Select File Figure 554 The next time you visit the web site, click the padlock in the address bar to open the Page Info >...
Page 843 Appendix C Importing Certificates Removing a Certificate in Firefox This section shows you how to remove a public key certificate in Firefox 2. Open Firefox and click Tools > Options. Figure 555 Firefox 2: Tools Menu In the Options dialog box, click Advanced > Encryption > View Certificates. Figure 556 Firefox 2: Options ISG50 User’s Guide...
Page 844 Appendix C Importing Certificates In the Certificate Manager dialog box, select the Web Sites tab, select the certificate that you want to remove, and then click Delete. Firefox 2: Certificate Manager Figure 557 In the Delete Web Site Certificates dialog box, click OK. Figure 558 Firefox 2: Delete Web Site Certificates The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.
Page 845 Appendix C Importing Certificates Click Install to accept the certificate. Figure 559 Opera 9: Certificate signer not found The next time you visit the web site, click the padlock in the address bar to open the Security information window to view the web page’s security details. Figure 560 Opera 9: Security information Installing a Stand-Alone Certificate File in Opera Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when...
Page 846 Appendix C Importing Certificates Open Opera and click Tools > Preferences. Figure 561 Opera 9: Tools Menu In Preferences, click Advanced > Security > Manage certificates. Figure 562 Opera 9: Preferences ISG50 User’s Guide...
Page 847 Appendix C Importing Certificates In the Certificates Manager, click Authorities > Import. Opera 9: Certificate manager Figure 563 Use the Import certificate dialog box to locate the certificate and then click Open. Opera 9: Import certificate Figure 564 ISG50 User’s Guide...
Page 848 Appendix C Importing Certificates In the Install authority certificate dialog box, click Install. Opera 9: Install authority certificate Figure 565 Next, click OK. Opera 9: Install authority certificate Figure 566 The next time you visit the web site, click the padlock in the address bar to open the Security information window to view the web page’s security details.
Page 849 Appendix C Importing Certificates Open Opera and click Tools > Preferences. Figure 567 Opera 9: Tools Menu In Preferences, Advanced > Security > Manage certificates. Figure 568 Opera 9: Preferences ISG50 User’s Guide...
Page 850 Appendix C Importing Certificates In the Certificates manager, select the Authorities tab, select the certificate that you want to remove, and then click Delete. Opera 9: Certificate manager Figure 569 The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.
Page 851 Appendix C Importing Certificates Click Forever when prompted to accept the certificate. Figure 571 Konqueror 3.5: Server Authentication Click the padlock in the address bar to open the KDE SSL Information window and view the web page’s security details. Figure 572 Konqueror 3.5: KDE SSL Information Installing a Stand-Alone Certificate File in Konqueror Rather than browsing to a ZyXEL Web Configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you.
Page 852 Appendix C Importing Certificates In the Certificate Import Result - Kleopatra dialog box, click OK. Figure 574 Konqueror 3.5: Certificate Import Result The public key certificate appears in the KDE certificate manager, Kleopatra. Figure 575 Konqueror 3.5: Kleopatra The next time you visit the web site, click the padlock in the address bar to open the KDE SSL Information window to view the web page’s security details.
Page 853 Appendix C Importing Certificates Open Konqueror and click Settings > Configure Konqueror. Figure 576 Konqueror 3.5: Settings Menu In the Configure dialog box, select Crypto. On the Peer SSL Certificates tab, select the certificate you want to delete and then click Remove.
Page 854 Appendix C Importing Certificates ISG50 User’s Guide...
Page 855: Appendix D Legal Information
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Page 856 Appendix D Legal Information Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. Open Source Licenses This product contains in part some free software distributed under GPL license terms and/or GPL like licenses. Open source licenses are provided with the firmware package.
Page 857: Index
Index Index idle timeout Symbols logging in multiple logins see also users Web Configurator access users, see also force user authentication policies Numbers account myZyXEL.com 3322 Dynamic DNS 230, 231 user 3DES accounting server ACD queue 3G see also cellular Active Directory, see AD active protocol and encapsulation...
Page 858 Index and SNMP 335, 336 and SSH tutorial and Telnet AMR-WB and VPN connections analog and WWW audio HOST extension settings RANGE FXO line settings SUBNET telephones types of Analog Telephone Adapter where used see ATA address record Analysis-by-Synthesis admin user see AbS troubleshooting Anomaly Detection and Prevention, see ADP...
Page 859 Index self-directory-traversal attack creation guidelines truncated-address-header creation tutorial truncated-header descriptions 426, 427 truncated-options edit truncated-timestamp-header extensions TTCP-detected features u-encoding call blocking undersize-len call forwarding undersize-offset group names UTF-8-encoding grouping LCRs audio 146, 152, 158, 527 limitations files 532, 533 management for auto-attendant recording authorization server...
Page 860 Index bad-length-options attack bandwidth egress ingress and certificates bandwidth limit CA (Certificate Authority), see certificates troubleshooting call access code bandwidth management call blocking 462, 463, 466 and policy routes settings interface, outbound, see interfaces Call Detail Record maximize bandwidth usage 297, 300, 400, 401 see CDR see also policy routes...
Page 861 Index storage space 647, 655 aged file thumbprint algorithms backup results thumbprints executing SQL script used for authentication external server verifying fingerprints local database where used management certification requests 649, 650 overview certifications PostgreSQL notices query 225, 227 viewing remote server configuring procedure Challenge Handshake Authentication Protocol types of files (CHAP)
Page 862 Index text file configuration file troubleshooting Data Encryption Standard, see DES configuration files Database Management System at restart see DBMS backing up date downloading daylight savings downloading with FTP daytime call handling editing DBMS how applied lastgood.conf 728, 731 managing DDNS not stopping or starting the device backup mail exchanger...
Page 863 Index DiffServ Dynu 299, 430, 447 DiffServ Code Point see DSCP digit handling digital sampling Digital Signature Algorithm public-key algorithm, E911 see DSA echo direct pickup EGP (Exterior Gateway Protocol) direct routes egress bandwidth directory e-mail directory service daily statistics report file structure email, attaching voice file directory traversal attack...
Page 864 Index export phonebook filtered port scan extended authentication find me list and VPN gateways Firefox IKE SA firewall 353, 354 extension portal actions account settings and address groups 351, 363 call forward and blocking and address objects 351, 363 call recording and ALG 335, 336 restrictions...
Page 865 Index forcing login global PBX settings Foreign Exchange Office see FXO group management Foreign Exchange Subscriber associate to authority and outbound line groups see FXS granting calling rights forwarding calls group pickup 433, 468, 469 FQDN groups, ring fragmenting IPSec packets Guide additional signaling port CLI Reference...
Page 866 Index authenticating clients peer identity avoiding warning messages pre-shared key example proposal vs HTTP see also VPN with Internet Explorer user name hunt group import phonebook HyperText Transfer Protocol over Secure Socket inbound calls, and auto-attendant 503, 504 Layer, see HTTPS incoming bandwidth incoming calls handling...
Page 867 Index PPPoE/PPTP, see also PPPoE/PPTP interfaces. active protocol prerequisites 98, 235 relationships between and certificates static DHCP authentication subnet mask basic troubleshooting trunks, see also trunks. certificates types connections virtual, see also virtual interfaces. connectivity check VLAN, see also VLAN interfaces. encapsulation where used encryption...
Page 868 Index Perfect Forward Secrecy (PFS) proposal remote policy Java search by name permissions search by policy JavaScripts Security Parameter Index (SPI) (manual jitter buffer keys) see also IPSec see also VPN source NAT for inbound traffic source NAT for outbound traffic status key pairs transport mode...
Page 869 Index search time limit formats user attributes log consolidation settings Least Cost Routing syslog servers see LCR system least load first load balancing types of LED troubleshooting legacy PBX license upgrading MAC address licensing and VLAN Lightweight Directory Access Protocol Ethernet interface see LDAP range...
Page 870 Index ACD queue and interfaces BRI trunk and policy routes 290, 296 call recordings and to-Device firewall CDR backup and VoIP pass through CTI peer and VPN FXO trunk and VPN, see also VPN FXS peer configuration overview limitations SIP peer loopback SIP trunk port forwarding, see NAT...
Page 871 Index addresses and address groups internal (IR) authentication method link state advertisements certificates priority for configuration types of introduction to other documentation schedules OTP (One-Time Password) services and service groups outbound call routing users, user groups outbound line groups 88, 144, 150, 156, 477 obsolete-options attack and LCRs office hours...
Page 872 Index adding Point-to-Point Tunneling Protocol, see PPTP 550, 563 editing policy enforcement in IPSec 550, 563 PAP (Password Authentication Protocol) policy route parking lot extension troubleshooting parking, call policy routes actions Password Authentication Protocol (PAP) and address objects 27, 429 and ALG 336, 339 ACD queue...
Page 873 Index subnet mask Quick Start Guide PPPoE and RADIUS TCP port 1723 PPPoE/PPTP interfaces 234, 246 and ISP accounts 247, 661 rack-mounting basic characteristics RADIUS 631, 633 gateway advantages subnet mask and IKE SA PPTP and PPPoE and GRE and users as VPN user attributes precedence...
Page 874 Index reports round robin collecting data routing configuration overview troubleshooting daily Routing Information Protocol, see RIP daily e-mail routing protocols specifications and authentication algorithms traffic statistics and Ethernet interfaces representative number routing, by SIP To header 486, 493 SIP trunk 649, 652, 658 reset 340, 430, 431...
Page 875 Index service groups registration and firewall server and port triggering settings where used To header 486, 493 trunk service objects 150, 478, 484 auto-attendant and firewall 486, 493 caller ID and IP protocols 485, 492 channel limit and policy routes 484, 491 codecs 486, 493...
Page 876 Index driver driver installation stac compression example starting the device 35, 36 software startup-config.conf target market if errors missing at restart ACK (acknowledgment) present at restart connections startup-config-bad.conf decoder 418, 425 static DHCP decoy portscan static routes distributed portscan and interfaces port numbers and OSPF portscan...
Page 877 Index and OSPF port triggering and remote management and RIP RADIUS server and service control routing and VPN schedules global rules security settings see also firewall shell scripts SNAT token throughput rate tones VLAN trademarks traditional PBX truncated-address-header attack traffic truncated-header attack 426, 427 forwarding...
Page 878 Index access, see also access users admin (type) admin, see also admin users and AAA servers decoder 418, 425 and authentication method objects decoy portscan and firewall 363, 366 distributed portscan and LDAP flood attack and policy routes 294, 295, 405, 407 messages and RADIUS port numbers...
Page 879 Index Virtual Private Network, see VPN security associations (SA) see also IKE SA VLAN see also IPSec advantages see also IPSec SA and MAC address status troubleshooting troubleshooting VPN connections VLAN interfaces 234, 260 and address objects and Ethernet interfaces 261, 768 and policy routes basic characteristics...
Page 880 Index see also HTTP, HTTPS 123, 680 zones 92, 313 and firewall 354, 362 and FTP and interfaces 92, 313 and SNMP and SSH and Telnet and VPN 92, 313 and WWW block intra-zone traffic 316, 361 configuration overview default extra-zone traffic inter-zone traffic intra-zone traffic...

This manual is also suitable for:

Isg50

ZyXEL Communications ISG50-ISDN User Manual

Contents Overview

Table of Contents

User's Guide

PART I User's Guide

Chapter 1 Introducing the ISG50

Chapter 2 Features and Applications

Chapter 3 Web Configurator

Chapter 4 Installation Setup Wizard

Chapter 5 Quick Setup

Chapter 6 Configuration Basics

Chapter 7 General Tutorials

Chapter 8 PBX Tutorials

Technical Reference

Part II: Technical Reference

Chapter 9 Dashboard

Chapter 10 Monitor

Chapter 11 Registration

Chapter 12 Interfaces

Chapter 13 Trunks

Chapter 14 Policy and Static Routes

Chapter 15 Routing Protocols

Chapter 16 Zones

Chapter 17 DDNS

Chapter 18 NAT

Chapter 19 HTTP Redirect

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications ISG50-ISDN

Summary of Contents for ZyXEL Communications ISG50-ISDN