ZyXEL Communications P-660 User Manual
P-660 Series Support Notes
filter sets that were configured before. Instead, when ZyNOS translates the old
configuration into the new format, it will verify the filter rules and log the
inconsistencies. Please check the system log (Menu 24.3.1) before putting your device
into use.
configuration into the new format, it will verify the filter rules and log the
inconsistencies. Please check the system log (Menu 24.3.1) before putting your device
into use.
In order to avoid operational problems later, the P-660 will disable its
routing/bridging functions if there is an inconsistency among its filter rules.
routing/bridging functions if there is an inconsistency among its filter rules.
Filter Examples
1. A filter for blocking the web service
2. A filter for blocking a specific client
3. A filter for blocking a specific MAC address
4. A filter for blocking the NetBIOS packets
2. A filter for blocking a specific client
3. A filter for blocking a specific MAC address
4. A filter for blocking the NetBIOS packets
A filter for blocking the web service
Configuration
Before configuring a filter, you need to know the following information:
1. The outbound packet type (protocol & port number)
2. The source IP address
2. The source IP address
Generally, the outbound packets for Web service could be as following:
a. HTTP packet, TCP (06) protocol with port number 80
b. DNS packet, TCP (06) protocol with port number 53 or
c. DNS packet, UDP (17) protocol with port number 53
b. DNS packet, TCP (06) protocol with port number 53 or
c. DNS packet, UDP (17) protocol with port number 53
For all workstation on the LAN, the source IP address will be 0.0.0.0. Otherwise, you
have to enter an IP Address for the workstation you want to block. See the procedure
for configuring this filter below.
have to enter an IP Address for the workstation you want to block. See the procedure
for configuring this filter below.
1. Create a filter set in Menu 21, e.g., set 1
2. Create three filter rules in Menu 21.1.1, Menu 21.1.2, Menu 21.1.3
• Rule 1- block the HTTP packet, TCP (06) protocol with port number 80
• Rule 2- block the DNS packet, TCP (06) protocol with port number 53
• Rule 3- block the DNS packet, UDP (17) protocol with port number 53
• Rule 2- block the DNS packet, TCP (06) protocol with port number 53
• Rule 3- block the DNS packet, UDP (17) protocol with port number 53
3. Apply the filter set in menu 4
55
All contents copyright © 2005 ZyXEL Communications Corporation.