User ManualTable of ContentsUser’s Guide1Copyright2Disclaimer2Trademarks2Federal Communications Commission (FCC) Interference Statement3Notice 13Certifications3ZyXEL Limited Warranty4Note4Safety Warnings4Customer Support6Table of Contents9List of Figures21List of Tables27Preface31About This User's Guide31Related Documentation31User Guide Feedback32Syntax Conventions32Graphics Icons Key32Getting to Know Your Prestige331.1 Prestige Internet Security Gateway Overview331.2 Prestige Features331.2.1 Physical Features331.2.1.1 10/100M Auto-negotiating Ethernet/Fast Ethernet Interface(s)331.2.1.2 Auto-crossover 10/100 Mbps Ethernet Interface(s)331.2.1.3 4-Port Switch331.2.1.4 Time and Date331.2.1.5 Reset Button341.2.2 Non-Physical Features341.2.2.1 Trend Micro Security Services341.2.2.2 IPSec VPN Capability341.2.2.3 Firewall341.2.2.4 Content Filtering341.2.2.5 Brute-Force Password Guessing Protection341.2.2.6 Packet Filtering341.2.2.7 Universal Plug and Play (UPnP)351.2.2.8 Call Scheduling351.2.2.9 PPPoE351.2.2.10 PPTP Encapsulation351.2.2.11 Dynamic DNS Support351.2.2.12 IP Multicast351.2.2.13 IP Alias351.2.2.14 SNMP361.2.2.15 Network Address Translation (NAT)361.2.2.16 Traffic Redirect361.2.2.17 Port Forwarding361.2.2.18 DHCP (Dynamic Host Configuration Protocol)361.2.2.19 Full Network Management361.2.2.20 RoadRunner Support361.2.2.21 Logging and Tracing361.2.2.22 Upgrade Prestige Firmware via LAN371.2.2.23 Embedded FTP and TFTP Servers371.3 Applications for the Prestige371.3.1 Secure Broadband Internet Access via Cable or DSL Modem371.3.2 VPN Application37Introducing the Web Configurator392.1 Web Configurator Overview392.2 Accessing the Prestige Web Configurator392.3 Resetting the Prestige402.3.1 Procedure To Use The Reset Button402.3.2 Navigating the Prestige Web Configurator402.3.3 Navigation Panel41Wizard Setup453.1 Wizard Setup Overview453.2 Wizard Setup: General Setup and System Name453.2.1 Domain Name453.3 Wizard Setup: Screen 2463.3.1 Ethernet463.3.2 PPPoE Encapsulation483.3.3 PPTP Encapsulation493.4 Wizard Setup: Screen 3513.4.1 WAN IP Address Assignment513.4.2 IP Address and Subnet Mask513.4.3 DNS Server Address Assignment523.4.4 WAN MAC Address523.5 Basic Setup Complete54System Screens574.1 System Overview574.2 Configuring General Setup574.3 Dynamic DNS594.3.1 DynDNS Wildcard594.4 Configuring Dynamic DNS594.5 Configuring Password614.6 Configuring Time Setting61LAN Screens655.1 LAN Overview655.2 DHCP Setup655.2.1 IP Pool Setup655.2.2 System DNS Servers655.3 LAN TCP/IP655.3.1 Factory LAN Defaults655.3.2 IP Address and Subnet Mask665.3.3 RIP Setup665.3.4 Multicast665.4 Configuring IP675.5 Configuring Static DHCP705.6 Configuring IP Alias71WAN Screens736.1 WAN Overview736.2 TCP/IP Priority (Metric)736.3 Configuring Route736.4 Configuring WAN ISP746.4.1 Ethernet Encapsulation746.4.2 PPPoE Encapsulation756.4.3 PPTP Encapsulation786.5 Configuring WAN IP796.6 Configuring WAN MAC826.7 Traffic Redirect836.8 Configuring Traffic Redirect84Network Address Translation (NAT) Screens877.1 NAT Overview877.1.1 NAT Definitions877.1.2 What NAT Does887.1.3 How NAT Works887.1.4 NAT Application897.1.5 NAT Mapping Types907.2 Using NAT917.2.1 SUA (Single User Account) Versus NAT917.3 SUA Server917.3.1 Default Server IP Address927.3.2 Port Forwarding: Services and Port Numbers927.3.3 Configuring Servers Behind SUA (Example)937.4 Configuring SUA Server947.5 Configuring Address Mapping967.5.1 Configuring Address Mapping977.6 Trigger Port Forwarding997.6.1 Trigger Port Forwarding Example997.6.2 Two Points To Remember About Trigger Ports1007.7 Configuring Trigger Port Forwarding100Static Route Screens1038.1 Static Route Overview1038.2 Configuring IP Static Route1038.2.1 Configuring Route Entry104UPnP1079.1 Universal Plug and Play Overview1079.1.1 How Do I Know If I'm Using UPnP?1079.1.2 NAT Traversal1079.1.3 Cautions with UPnP1079.2 UPnP and ZyXEL1089.3 Configuring UPnP1089.4 Installing UPnP in Windows Example1099.4.1 Installing UPnP in Windows Me1109.4.2 Installing UPnP in Windows XP1119.5 Using UPnP in Windows XP Example1129.5.1 Auto-discover Your UPnP-enabled Network Device1139.5.2 Web Configurator Easy Access1149.5.3 Web Configurator Easy Access115Trend Micro Security Services11710.1 Trend Micro Security Service Overview11710.2 Configuring Service Settings11710.3 Virus Protection11910.4 Configuring Virus Protection11910.5 Parental Controls12110.6 Parental Controls Configuration12110.6.1 Parental Controls Statistics125Firewall12711.1 Introduction12711.1.1 What is a Firewall?12711.1.2 Stateful Inspection Firewall.12711.1.3 About the Prestige Firewall12711.1.4 Guidelines For Enhancing Security With Your Firewall12811.2 Firewall Settings Screen12811.3 The Firewall, NAT and Remote Management13011.3.1 LAN-to-WAN rules13011.3.2 WAN-to-LAN rules13011.4 Services131Content Filtering13512.1 Introduction to Content Filtering13512.2 Restrict Web Features13512.3 Days and Times13512.4 Configure Content Filtering135Remote Management Screens13913.1 Remote Management Overview13913.1.1 Remote Management Limitations13913.1.2 Remote Management and NAT14013.1.3 System Timeout14013.2 Configuring WWW14013.3 Configuring Telnet14113.4 Configuring TELNET14213.5 Configuring FTP14313.6 SNMP14413.6.1 Supported MIBs14513.6.2 SNMP Traps14513.6.3 Configuring SNMP14513.7 Configuring DNS14713.8 Configuring Security148Introduction to IPSec15114.1 VPN Overview15114.1.1 IPSec15114.1.2 Security Association15114.1.3 Other Terminology15114.1.3.1 Encryption15114.1.3.2 Data Confidentiality15214.1.3.3 Data Integrity15214.1.3.4 Data Origin Authentication15214.1.4 VPN Applications15214.2 IPSec Architecture15214.2.1 IPSec Algorithms15314.2.2 Key Management15314.3 Encapsulation15314.3.1 Transport Mode15414.3.2 Tunnel Mode15414.4 IPSec and NAT154VPN Screens15715.1 VPN/IPSec Overview15715.2 IPSec Algorithms15715.2.1 AH (Authentication Header) Protocol15715.2.2 ESP (Encapsulating Security Payload) Protocol15715.3 My IP Address15815.4 Secure Gateway Address15815.4.1 Dynamic Secure Gateway Address15915.5 Summary Screen15915.6 Keep Alive16115.7 NAT Traversal16115.7.1 NAT Traversal Configuration16115.7.2 Remote DNS Server16215.8 ID Type and Content16315.8.1 ID Type and Content Examples16415.9 Pre-Shared Key16415.10 Editing VPN Rules16515.11 IKE Phases16815.11.1 Negotiation Mode16915.11.2 Diffie-Hellman (DH) Key Groups16915.11.3 Perfect Forward Secrecy (PFS)16915.12 Configuring Advanced IKE Settings17015.13 Manual Key Setup17515.13.1 Security Parameter Index (SPI)17615.14 Configuring Manual Key17615.15 Viewing SA Monitor17915.16 Configuring Global Setting18015.17 Telecommuter VPN/IPSec Examples18115.17.1 Telecommuters Sharing One VPN Rule Example18115.17.2 Telecommuters Using Unique VPN Rules Example18215.18 VPN and Remote Management183Centralized Logs18516.1 View Log18516.2 Log Settings187Maintenance19117.1 Maintenance Overview19117.2 Status Screen19117.2.1 System Statistics19317.3 DHCP Table Screen19317.4 F/W Upload Screen19417.4.1 Preparing your Prestige for Firmware Upload19517.5 Configuration Screen19717.5.1 Backup Configuration19717.5.2 Restore Configuration19817.5.3 Back to Factory Defaults19917.6 Restart Screen199Introducing the SMT20118.1 SMT Introduction20118.1.1 Procedure for SMT Configuration via Telnet20118.1.2 Entering Password20118.1.3 Prestige SMT Menu Overview20218.2 Navigating the SMT Interface20218.2.1 System Management Terminal Interface Summary20418.3 Changing the System Password205Menu 1 General Setup20719.1 General Setup20719.2 Procedure To Configure Menu 120719.2.1 Procedure to Configure Dynamic DNS209Menu 2 WAN Setup21120.1 Introduction to WAN21120.2 WAN Setup211Menu 3 LAN Setup21321.1 LAN Setup21321.1.1 General Ethernet Setup21321.2 Protocol Dependent Ethernet Setup21421.3 TCP/IP Ethernet Setup and DHCP21421.3.1 IP Alias Setup216Internet Access21922.1 Introduction to Internet Access Setup21922.2 Ethernet Encapsulation21922.3 Configuring the PPTP Client22122.4 Configuring the PPPoE Client22222.5 Basic Setup Complete223Remote Node Configuration22523.1 Introduction to Remote Node Setup22523.2 Remote Node Profile Setup22523.2.1 Ethernet Encapsulation22523.2.2 PPPoE Encapsulation22723.2.2.1 Outgoing Authentication Protocol22723.2.2.2 Nailed-Up Connection22823.2.3 PPTP Encapsulation22823.3 Edit IP22923.4 Remote Node Filter23123.4.1 Traffic Redirect Setup232Static Route Setup23524.1 IP Static Route Setup235Network Address Translation (NAT)23725.1 Using NAT23725.1.1 SUA (Single User Account) Versus NAT23725.2 Applying NAT23725.3 NAT Setup23925.3.1 Address Mapping Sets24025.3.1.1 User-Defined Address Mapping Sets24125.3.1.2 Ordering Your Rules24225.4 Configuring a Server behind NAT24425.5 General NAT Examples24525.5.1 Example 1: Internet Access Only24625.5.2 Example 2: Internet Access with an Inside Server24625.5.3 Example 3: Multiple Public IP Addresses With Inside Servers24725.5.4 Example 4: NAT Unfriendly Application Programs25125.6 Configuring Trigger Port Forwarding253Enabling the Firewall25526.1 Remote Management and the Firewall25526.2 Access Methods25526.3 Enabling the Firewall255Filter Configuration25727.1 Introduction to Filters25727.1.1 The Filter Structure of the Prestige25827.2 Configuring a Filter Set25927.2.1 Configuring a Filter Rule26127.2.2 Configuring a TCP/IP Filter Rule26127.2.3 Configuring a Generic Filter Rule26427.3 Example Filter26627.4 Filter Types and NAT26827.5 Firewall Versus Filters26927.6 Applying a Filter26927.6.1 Applying LAN Filters26927.6.2 Applying Remote Node Filters270SNMP Configuration27128.1 About SNMP27128.2 Supported MIBs27228.3 SNMP Configuration27228.4 SNMP Traps273System Information and Diagnosis27529.1 System Status27529.2 System Information27729.2.1 System Information27729.2.2 Console Port Speed27829.3 Log and Trace27929.3.1 Syslog Logging27929.3.1.1 CDR28029.3.1.2 Packet triggered28029.3.1.3 Filter log28129.3.1.4 PPP log28129.3.1.5 Firewall log28229.3.2 Call-Triggering Packet28229.4 Diagnostic28329.4.1 WAN DHCP284Firmware and Configuration File Maintenance28730.1 Filename Conventions28730.2 Backup Configuration28830.2.1 Backup Configuration28830.2.2 Using the FTP Command from the Command Line28930.2.3 Example of FTP Commands from the Command Line29030.2.4 GUI-based FTP Clients29030.2.5 TFTP and FTP over WAN Management Limitations29030.2.6 Backup Configuration Using TFTP29130.2.7 TFTP Command Example29130.2.8 GUI-based TFTP Clients29230.3 Restore Configuration29230.3.1 Restore Using FTP29230.3.2 Restore Using FTP Session Example29430.4 Uploading Firmware and Configuration Files29430.4.1 Firmware File Upload29430.4.2 Configuration File Upload29530.4.3 FTP File Upload Command from the DOS Prompt Example29530.4.4 FTP Session Example of Firmware File Upload29630.4.5 TFTP File Upload29630.4.6 TFTP Upload Command Example297System Maintenance29931.1 Command Interpreter Mode29931.1.1 Command Syntax29931.1.2 Command Usage30031.2 Call Control Support30031.2.1 Budget Management30031.2.2 Call History30131.3 Time and Date Setting30231.3.1 Resetting the Time305Remote Management30732.1 Remote Management30732.1.1 Remote Management Limitations308Call Scheduling31133.1 Introduction to Call Scheduling311VPN/IPSec Setup31534.1 VPN/IPSec Overview31534.2 IPSec Summary Screen31634.3 IKE Setup32234.4 Manual Setup32434.4.0.1 Active Protocol32534.4.0.2 Security Parameter Index (SPI)325SA Monitor32735.1 SA Monitor Overview32735.2 Using SA Monitor327Appendix330Appendix A329Troubleshooting329Appendix B331PPPoE331PPPoE in Action331Benefits of PPPoE331Traditional Dial-up Scenario331How PPPoE Works332Prestige as a PPPoE Client332Appendix C333PPTP333What is PPTP?333How can we transport PPP frames from a computer to a broadband modem over Ethernet?333PPTP and the Prestige333PPTP Protocol Overview334Control & PPP Connections334Call Connection334PPP Data Connection335Appendix D337NetBIOS Filter Commands337Introduction337Display NetBIOS Filter Settings337NetBIOS Filter Configuration338Appendix E339Log Descriptions339Appendix F341Setting up Your Computer’s IP Address341Windows 95/98/Me341Installing Components342Configuring343Verifying Settings344Windows 2000/NT/XP344Verifying Settings348Macintosh OS 8/9349Verifying Settings350Macintosh OS X350Verifying Settings351Appendix G353Brute-Force Password Guessing Protection353Example353Appendix H355TMSS355Appendix I359Triangle Route359The Ideal Setup359The “Triangle Route” Problem359The “Triangle Route” Solutions360IP Aliasing360Gateways on the WAN Side361How To Configure Triangle Route361Index363A363B363C363D363E363F363G364H364I364J364L364M364N364O365P365R365S365T365U366V366W366Z366Size: 11.9 MBPages: 366Language: EnglishOpen manual