User ManualTable of ContentsUser’s Guide1Copyright3Certifications4Safety Warnings6ZyXEL Limited Warranty7Customer Support8Table of Contents11List of Figures25List of Tables33Preface39Getting To Know Your ZyXEL Device411.1 Introducing the ZyXEL Device411.1.1 Features of the ZyXEL Device411.1.1.1 P-662HW Wireless Features451.1.2 Applications for the ZyXEL Device451.1.2.1 Internet Access461.1.2.2 LAN to LAN Application461.1.3 Firewall for Secure Broadband Internet Access461.1.4 Front Panel LEDs47Introducing the Web Configurator492.1 Web Configurator Overview492.2 Accessing the Web Configurator492.3 Resetting the ZyXEL Device512.3.1 Using the Reset Button522.4 Navigating the Web Configurator522.4.1 Navigation Panel522.4.8 Changing Login Password62Wizard Setup for Internet Access653.1 Introduction653.2 Internet Access Wizard Setup653.2.1 Automatic Detection673.2.2 Manual Configuration673.3 Wireless Connection Wizard Setup72Bandwidth Management Wizard794.1 Introduction794.2 Predefined Media Bandwidth Management Services794.3 Bandwidth Management Wizard Setup80WAN Setup855.1.1 Encapsulation855.1.1.1 ENET ENCAP855.1.1.2 PPP over Ethernet855.1.1.3 PPPoA865.1.1.4 RFC 1483865.1.2 Multiplexing865.1.2.1 VC-based Multiplexing865.1.2.2 LLC-based Multiplexing865.1.3 VPI and VCI865.1.4 IP Address Assignment875.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation875.1.4.2 IP Assignment with RFC 1483 Encapsulation875.1.4.3 IP Assignment with ENET ENCAP Encapsulation875.1.5 Nailed-Up Connection (PPP)875.1.6 NAT875.2 Metric885.3 Traffic Shaping885.3.1 ATM Traffic Classes895.3.1.1 Constant Bit Rate (CBR)895.3.1.2 Variable Bit Rate (VBR)895.3.1.3 Unspecified Bit Rate (UBR)905.4 Zero Configuration Internet Access90LAN Setup1096.1.1 LANs, WANs and the ZyXEL Device1096.1.2 DHCP Setup1106.1.2.1 IP Pool Setup1106.1.3 DNS Server Address1106.1.4 DNS Server Address Assignment1116.2 LAN TCP/IP1116.2.1 IP Address and Subnet Mask1116.2.1.1 Private IP Addresses1126.2.2 RIP Setup1126.2.3 Multicast1136.2.4 Any IP1136.2.4.1 How Any IP Works114Wireless LAN1237.1 Wireless Network Overview1237.2 Wireless Security Overview1247.2.1 SSID1247.2.2 MAC Address Filter1247.2.3 User Authentication1247.2.4 Encryption1257.2.5 One-Touch Intelligent Security Technology (OTIST)1267.3 Wireless Performance Overview1267.3.1 Quality of Service (QoS)1267.4 Additional Wireless Terms1277.5.2 WEP Encryption Screen1297.5.3 WPA(2)-PSK1307.5.4 WPA(2) Authentication Screen1327.6.1 Enabling OTIST1357.6.1.1 AP1367.6.1.2 Wireless Client1377.6.2 Starting OTIST1387.6.3 Notes on OTIST1387.8.1 WMM QoS Example1417.8.2 WMM QoS Priorities1417.8.3 Services1427.9.1 ToS (Type of Service) and WMM QoS1447.10 Multiple SSID (P-662HW-D Models only)1477.10.1 Multiple SSID Commands1487.10.2 Multiple SSID Example150DMZ1518.1 Introduction1518.3 DMZ Public IP Address Example1538.4 DMZ Private and Public IP Address Example154Network Address Translation (NAT) Screens1579.1.1 NAT Definitions1579.1.2 What NAT Does1589.1.3 How NAT Works1589.1.4 NAT Application1599.1.5 NAT Mapping Types1599.2 SUA (Single User Account) Versus NAT1609.4 Port Forwarding1619.4.1 Default Server IP Address1629.4.2 Port Forwarding: Services and Port Numbers1629.4.3 Configuring Servers Behind Port Forwarding (Example)163Firewalls16910.2 Types of Firewalls16910.2.1 Packet Filtering Firewalls16910.2.2 Application-level Firewalls17010.2.3 Stateful Inspection Firewalls17010.3 Introduction to ZyXEL’s Firewall17010.3.1 Denial of Service Attacks17110.4 Denial of Service17110.4.1 Basics17110.4.2 Types of DoS Attacks17210.4.2.1 ICMP Vulnerability17410.4.2.2 Illegal Commands (NetBIOS and SMTP)17410.4.2.3 Traceroute17510.5 Stateful Inspection17510.5.1 Stateful Inspection Process17610.5.2 Stateful Inspection and the ZyXEL Device17610.5.3 TCP Security17710.5.4 UDP/ICMP Security17710.5.5 Upper Layer Protocols17810.6 Guidelines for Enhancing Security with Your Firewall17810.6.1 Security In General17910.7 Packet Filtering Vs Firewall17910.7.1 Packet Filtering:18010.7.1.1 When To Use Filtering18010.7.2 Firewall18010.7.2.1 When To Use The Firewall180Firewall Configuration18111.1 Access Methods18111.2 Firewall Policies Overview18111.3 Rule Logic Overview18211.3.1 Rule Checklist18211.3.2 Security Ramifications18211.3.3 Key Fields For Configuring Rules18311.3.3.1 Action18311.3.3.2 Service18311.3.3.3 Source Address18311.3.3.4 Destination Address18311.4 Connection Direction18311.4.1 LAN to WAN Rules18411.4.2 Alerts18411.7 Example Firewall Rule19111.8 Predefined Services19511.10.1 Threshold Values19811.10.2 Half-Open Sessions19911.10.2.1 TCP Maximum Incomplete and Blocking Time199Anti-Virus Packet Scan20312.1 Overview20312.1.1 Types of Computer Viruses20312.2 Signature-Based Virus Scan20312.2.1 Computer Virus Infection and Prevention20412.3 Introduction to the ZyXEL Device Anti-virus Packet Scan20412.3.1 How the ZyXEL Device Virus Scan Works20512.3.2 Limitations of the ZyXEL Device Packet Scan20512.5.1 Updating the Anti-Virus Packet Scan209Content Filtering211Content Access Control21514.1 Content Access Control Overview21514.1.1 Content Access Control WLAN Application21514.1.2 Configuration Steps21514.2 Activating CAC and Creating User Groups21614.2.2.1 Available Services22014.5 Content Access Control Logins23014.5.1 User Login23014.5.2 Administrator Login231Introduction to IPSec23315.1 VPN Overview23315.1.1 IPSec23315.1.2 Security Association23315.1.3 Other Terminology23315.1.3.1 Encryption23315.1.3.2 Data Confidentiality23415.1.3.3 Data Integrity23415.1.3.4 Data Origin Authentication23415.1.4 VPN Applications23415.2 IPSec Architecture23515.2.1 IPSec Algorithms23515.2.2 Key Management23515.3 Encapsulation23515.3.1 Transport Mode23615.3.2 Tunnel Mode23615.4 IPSec and NAT236VPN Screens23916.1 VPN/IPSec Overview23916.2 IPSec Algorithms23916.2.1 AH (Authentication Header) Protocol23916.2.2 ESP (Encapsulating Security Payload) Protocol23916.3 My IP Address24016.4 Secure Gateway Address24116.4.1 Dynamic Secure Gateway Address24116.6 Keep Alive24316.7 VPN, NAT, and NAT Traversal24416.8 Remote DNS Server24516.9 ID Type and Content24516.9.1 ID Type and Content Examples24616.10 Pre-Shared Key24716.12 IKE Phases25216.12.1 Negotiation Mode25316.12.2 Diffie-Hellman (DH) Key Groups25416.12.3 Perfect Forward Secrecy (PFS)25416.13 Configuring Advanced IKE Settings25416.14 Manual Key Setup25716.14.1 Security Parameter Index (SPI)25716.18 Telecommuter VPN/IPSec Examples26216.18.1 Telecommuters Sharing One VPN Rule Example26216.18.2 Telecommuters Using Unique VPN Rules Example26316.19 VPN and Remote Management264Certificates26517.1 Certificates Overview26517.1.1 Advantages of Certificates26617.2 Self-signed Certificates26617.3 Configuration Summary26617.5.1 Certificate File Formats26917.12 Verifying a Trusted Remote Host’s Certificate28217.12.1 Trusted Remote Host Certificate Fingerprints282Static Route289Bandwidth Management29319.2 Application-based Bandwidth Management29319.3 Subnet-based Bandwidth Management29319.4 Application and Subnet-based Bandwidth Management29419.5 Scheduler29419.5.1 Priority-based Scheduler29419.5.2 Fairness-based Scheduler29519.6 Maximize Bandwidth Usage29519.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic29519.6.2 Maximize Bandwidth Usage Example29619.6.2.1 Priority-based Allotment of Unused and Unbudgeted Bandwidth29619.6.2.2 Fairness-based Allotment of Unused and Unbudgeted Bandwidth29719.6.3 Bandwidth Management Priorities297Dynamic DNS Setup30520.1.1 DYNDNS Wildcard305Remote Management Configuration30921.1.1 Remote Management Limitations30921.1.2 Remote Management and NAT31021.1.3 System Timeout31021.3 Telnet31121.6 SNMP31321.6.1 Supported MIBs31421.6.2 SNMP Traps31521.9 TR-069319Universal Plug-and-Play (UPnP)32122.1.1 How do I know if I'm using UPnP?32122.1.2 NAT Traversal32122.1.3 Cautions with UPnP32222.2 UPnP and ZyXEL32222.3 Installing UPnP in Windows Example32322.4 Using UPnP in Windows XP Example326System33323.1 General Setup33323.1.1 General Setup and System Name333Logs33924.1.1 Alerts and Logs33924.4 SMTP Error Messages34324.4.1 Example E-mail Log343Tools34525.2.1 Backup Configuration34725.2.2 Restore Configuration34825.2.3 Back to Factory Defaults349Diagnostic351Troubleshooting35327.1 Problems Starting Up the ZyXEL Device35327.2 Problems with the LAN35327.3 Problems with the WAN35427.4 Problems Accessing the ZyXEL Device35527.4.1 Pop-up Windows, JavaScripts and Java Permissions35527.4.1.1 Internet Explorer Pop-up Blockers35527.4.1.2 JavaScripts35827.4.1.3 Java Permissions36027.4.2 ActiveX Controls in Internet Explorer362Product Specifications365About ADSL369Wall-mounting Instructions371Setting up Your Computer’s IP Address373IP Addresses and Subnetting389Wireless LANs397Importing Certificates409Command Interpreter419Certificates Commands421Boot Commands425Firewall Commands427NetBIOS Filter Commands433Internal SPTGEN437Splitters and Microfilters463Log Descriptions465Triangle Route481Index485A485B485C486D487E488F488G489H489I489K490L490M490N491O491P492Q492R492S493T494U494V495W495Z496Size: 13.6 MBPages: 496Language: EnglishOpen manual