User Guide
Page 14
... Setup ...144 9.4 Port Forwarding ...145 9.4.1 Default Server IP Address 146 9.4.2 Port Forwarding: Services and Port Numbers 146 9.4.3 Configuring Servers Behind Port Forwarding (Example 146 9.5 Configuring Port Forwarding 147 9.5.1 Port Forwarding Rule Edit 148 9.6 Address Mapping ...149 9.6.1 Address Mapping Rule Edit 150 9.7 Trigger Port ...151 9.8 Edit Trigger Port ...153 Part III: Security 155 Chapter 10 Firewalls...157 10.1 Firewall Overview ...157 14 P-662H/HW-D Series...
... Setup ...144 9.4 Port Forwarding ...145 9.4.1 Default Server IP Address 146 9.4.2 Port Forwarding: Services and Port Numbers 146 9.4.3 Configuring Servers Behind Port Forwarding (Example 146 9.5 Configuring Port Forwarding 147 9.5.1 Port Forwarding Rule Edit 148 9.6 Address Mapping ...149 9.6.1 Address Mapping Rule Edit 150 9.7 Trigger Port ...151 9.8 Edit Trigger Port ...153 Part III: Security 155 Chapter 10 Firewalls...157 10.1 Firewall Overview ...157 14 P-662H/HW-D Series...
User Guide
Page 25
...Example 146 Figure 85 NAT Port Forwarding ...147 Figure 86 Port Forwarding Rule Setup 148 Figure 87 Address Mapping Rules ...149 Figure 88 Edit Address Mapping Rule 150 Figure 89 Trigger Port ...152 Figure 90 Trigger Port Edit ...153 Figure 91... Figure 100 Firewall: Configure Customized Services 179 Figure 101 Firewall Example: Rules ...180 Figure 102 Edit Custom Port Example 180 Figure 103 Firewall Example: Edit Rule: Destination Address 181 Figure 104 Firewall Example: Edit Rule:... Security > Register ...212 Figure 124 Security > Register > Service 213 P-662H/HW-D Series User's Guide 25
...Example 146 Figure 85 NAT Port Forwarding ...147 Figure 86 Port Forwarding Rule Setup 148 Figure 87 Address Mapping Rules ...149 Figure 88 Edit Address Mapping Rule 150 Figure 89 Trigger Port ...152 Figure 90 Trigger Port Edit ...153 Figure 91... Figure 100 Firewall: Configure Customized Services 179 Figure 101 Firewall Example: Rules ...180 Figure 102 Edit Custom Port Example 180 Figure 103 Firewall Example: Edit Rule: Destination Address 181 Figure 104 Firewall Example: Edit Rule:... Security > Register ...212 Figure 124 Security > Register > Service 213 P-662H/HW-D Series User's Guide 25
User Guide
Page 32
... Configuration 135 Table 49 DMZ ...138 Table 50 NAT Definitions ...141 Table 51 NAT Mapping Types ...144 Table 52 NAT General ...145 Table 53 NAT Port Forwarding ...147 Table 54 Port Forwarding Rule Setup 148 Table 55 Address Mapping Rules ...150 Table 56 Edit Address Mapping Rule 151 Table 57 Trigger... Table 79 Content Access Control: User Profiles 206 Table 80 Content Access Control: Online Status 207 Table 81 Content Access Control: Trusted Device 208 32 P-662H/HW-D Series User's Guide
... Configuration 135 Table 49 DMZ ...138 Table 50 NAT Definitions ...141 Table 51 NAT Mapping Types ...144 Table 52 NAT General ...145 Table 53 NAT Port Forwarding ...147 Table 54 Port Forwarding Rule Setup 148 Table 55 Address Mapping Rules ...150 Table 56 Edit Address Mapping Rule 151 Table 57 Trigger... Table 79 Content Access Control: User Profiles 206 Table 80 Content Access Control: Online Status 207 Table 81 Content Access Control: Trusted Device 208 32 P-662H/HW-D Series User's Guide
User Guide
Page 48
... to change your LAN interface into subnets. LAN IP Use this screen to configure the ZyXEL Device to block access to configure IP address ranges for DoS attacks. 48 P-662H/HW-D Series User's Guide Anti Probing Use this screen to configure ISP parameters, WAN ...FUNCTION Status This screen shows the ZyXEL Device's general device, system and interface status information. Use this screen to configure LAN TCP/IP settings, enable Any IP and other advanced properties. Port Forwarding Use this screen to configure servers behind the ZyXEL Device. Threshold Use this screen...
... to change your LAN interface into subnets. LAN IP Use this screen to configure the ZyXEL Device to block access to configure IP address ranges for DoS attacks. 48 P-662H/HW-D Series User's Guide Anti Probing Use this screen to configure ISP parameters, WAN ...FUNCTION Status This screen shows the ZyXEL Device's general device, system and interface status information. Use this screen to configure LAN TCP/IP settings, enable Any IP and other advanced properties. Port Forwarding Use this screen to configure servers behind the ZyXEL Device. Threshold Use this screen...
User Guide
Page 92
... IP address given by your ISP in the IP Address field. Click Edit to go to the Port Forwarding screen to calculate a subnet mask If you select Routing in the Mode field. Click the Advanced ... Address This option is available if you are VC or LLC. If you use NAT. The ZyXEL Device will try to edit your ISP gives you don't want the connection up all the time...on Demand when you . Apply Click Apply to the previous screen. The screen appears as shown. 92 P-662H/HW-D Series User's Guide By prior agreement, a protocol is not fixed; A static IP address is ...
... IP address given by your ISP in the IP Address field. Click Edit to go to the Port Forwarding screen to calculate a subnet mask If you select Routing in the Mode field. Click the Advanced ... Address This option is available if you are VC or LLC. If you use NAT. The ZyXEL Device will try to edit your ISP gives you don't want the connection up all the time...on Demand when you . Apply Click Apply to the previous screen. The screen appears as shown. 92 P-662H/HW-D Series User's Guide By prior agreement, a protocol is not fixed; A static IP address is ...
User Guide
Page 96
...request. Note: If you activate traffic redirect, you must be between the dial backup port and the external device. Metric This field sets this route's priority among the routes the ZyXEL Device uses. The metric represents the "cost of the IP addresses in dotted decimal ...from one Check WAN IP Address. Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to configure advanced settings for this to the Internet. RIP routing uses hop count as shown. 96 P-662H/HW-D Series User's Guide The number must configure at...
...request. Note: If you activate traffic redirect, you must be between the dial backup port and the external device. Metric This field sets this route's priority among the routes the ZyXEL Device uses. The metric represents the "cost of the IP addresses in dotted decimal ...from one Check WAN IP Address. Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to configure advanced settings for this to the Internet. RIP routing uses hop count as shown. 96 P-662H/HW-D Series User's Guide The number must configure at...
User Guide
Page 139
... connected servers (D through C) use public IP addresses that are in one subnet. The public IP addresses of the DMZ and WAN ports are in separate subnets. Select None to establish membership in another subnet. Clear this check box to block all NetBIOS packets going from the LAN ... Click Apply to the WAN. Figure 80 DMZ Public Address Example P-662H/HW-D Series User's Guide 139 Allow between DMZ and LAN Select this check box to forward NetBIOS packets from the WAN to the DMZ and from the DMZ to the ZyXEL Device. If your changes back to the LAN. Lower case...
... connected servers (D through C) use public IP addresses that are in one subnet. The public IP addresses of the DMZ and WAN ports are in separate subnets. Select None to establish membership in another subnet. Clear this check box to block all NetBIOS packets going from the LAN ... Click Apply to the WAN. Figure 80 DMZ Public Address Example P-662H/HW-D Series User's Guide 139 Allow between DMZ and LAN Select this check box to forward NetBIOS packets from the WAN to the DMZ and from the DMZ to the ZyXEL Device. If your changes back to the LAN. Lower case...
User Guide
Page 142
...address. Figure 81 How NAT Works 9.1.4 NAT Application The following figure illustrates this chapter. 142 P-662H/HW-D Series User's Guide In addition, you do not define any servers (for Many-to-...server, on the WAN. see Table 51 on other networks. The ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can communicate with hosts on page 144),...Does In the simplest form, NAT changes the source IP address in each packet and then forwards it to globally unique ones required for communication with three distinct WAN networks. If you can...
...address. Figure 81 How NAT Works 9.1.4 NAT Application The following figure illustrates this chapter. 142 P-662H/HW-D Series User's Guide In addition, you do not define any servers (for Many-to-...server, on the WAN. see Table 51 on other networks. The ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can communicate with hosts on page 144),...Does In the simplest form, NAT changes the source IP address in each packet and then forwards it to globally unique ones required for communication with three distinct WAN networks. If you can...
User Guide
Page 145
...used . SUA Only Select this can result in VoIP (Voice over IP), the sending of NAT sessions they need to the previous configuration. 9.4 Port Forwarding A port forwarding set is not degraded by the number of voice signals over Internet Protocol. If you do not limit the number of NAT sessions a single ...Use this check box to allow SIP sessions to the outside world even though NAT makes your ZyXEL Device. P-662H/HW-D Series User's Guide 145 Enable SIP ALG Select this field to the ZyXEL Device. If your changes back to limit the number of the available NAT sessions. SIP is...
...used . SUA Only Select this can result in VoIP (Voice over IP), the sending of NAT sessions they need to the previous configuration. 9.4 Port Forwarding A port forwarding set is not degraded by the number of voice signals over Internet Protocol. If you do not limit the number of NAT sessions a single ...Use this check box to allow SIP sessions to the outside world even though NAT makes your ZyXEL Device. P-662H/HW-D Series User's Guide 145 Enable SIP ALG Select this field to the ZyXEL Device. If your changes back to limit the number of the available NAT sessions. SIP is...
User Guide
Page 146
... might be forwarded, and the local IP address of 192.168.1.35 to a third (C in the remote management setup. 9.4.2 Port Forwarding: Services and Port Numbers Use the Port Forwarding screen to forward incoming service ...the example), port 80 to another (B in the example) and assign a default server IP address of the desired server. Figure 84 Multiple Servers Behind NAT Example 146 P-662H/HW-D ... are unsure, refer to a port or a range of port numbers. Many residential broadband ISP accounts do not assign a Default Server IP address, the ZyXEL Device discards all packets received for...
... might be forwarded, and the local IP address of 192.168.1.35 to a third (C in the remote management setup. 9.4.2 Port Forwarding: Services and Port Numbers Use the Port Forwarding screen to forward incoming service ...the example), port 80 to another (B in the example) and assign a default server IP address of the desired server. Figure 84 Multiple Servers Behind NAT Example 146 P-662H/HW-D ... are unsure, refer to a port or a range of port numbers. Many residential broadband ISP accounts do not assign a Default Server IP address, the ZyXEL Device discards all packets received for...
User Guide
Page 147
...list box. Server IP Address Enter the IP address of the server for particular services. P-662H/HW-D Series User's Guide 147 Table 53 NAT Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server In addition to open the following table describes the fields... setup. Chapter 9 Network Address Translation (NAT) Screens 9.5 Configuring Port Forwarding " The Port Forwarding screen is available only when you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified in this screen. See Appendix F on ...
...list box. Server IP Address Enter the IP address of the server for particular services. P-662H/HW-D Series User's Guide 147 Table 53 NAT Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server In addition to open the following table describes the fields... setup. Chapter 9 Network Address Translation (NAT) Screens 9.5 Configuring Port Forwarding " The Port Forwarding screen is available only when you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified in this screen. See Appendix F on ...
User Guide
Page 148
... the Delete icon to enable the rule. Service Name Enter a name to the ZyXEL Device. P-662H/HW-D Series User's Guide Start Port Enter a port number in this check box to delete an existing port forwarding rule. End Port Enter a port number in the End Port field. Modify Click the Edit icon to go to the screen where you take...
... the Delete icon to enable the rule. Service Name Enter a name to the ZyXEL Device. P-662H/HW-D Series User's Guide Start Port Enter a port number in this check box to delete an existing port forwarding rule. End Port Enter a port number in the End Port field. Modify Click the Edit icon to go to the screen where you take...
User Guide
Page 149
... Network > NAT > Address Mapping to the ZyXEL Device. Figure 87 Address Mapping Rules P-662H/HW-D Series User's Guide 149 Cancel Click Cancel to 7 will be pushed up by that you have already configured rules 1 to the previous screen. Chapter 9 Network Address Translation (NAT) Screens Table 54 Port Forwarding Rule Setup (continued) LABEL DESCRIPTION Server...
... Network > NAT > Address Mapping to the ZyXEL Device. Figure 87 Address Mapping Rules P-662H/HW-D Series User's Guide 149 Cancel Click Cancel to 7 will be pushed up by that you have already configured rules 1 to the previous screen. Chapter 9 Network Address Translation (NAT) Screens Table 54 Port Forwarding Rule Setup (continued) LABEL DESCRIPTION Server...
User Guide
Page 151
... port number and protocol ("incoming" port), the ZyXEL Device forwards the traffic P-662H/HW-D Series User's Guide 151 This field is the ending global IP address (IGA). Set Select a number from the server on the WAN) to the IP address of ports on a different LAN computer, you to specify inside servers of a LAN computer that port forwarding only forwards...
... port number and protocol ("incoming" port), the ZyXEL Device forwards the traffic P-662H/HW-D Series User's Guide 151 This field is the ending global IP address (IGA). Set Select a number from the server on the WAN) to the IP address of ports on a different LAN computer, you to specify inside servers of a LAN computer that port forwarding only forwards...
User Guide
Page 152
... of port numbers. Incoming Port Range The incoming port is closed or times out. P-662H/HW-D Series User's Guide The ZyXEL Device times out in three minutes with UDP (User Datagram Protocol) or two hours with the "incoming" port range of 6970-7170. 3 The Real Audio server responds using a port number ranging between 6970-7170. 4 The ZyXEL Device forwards...
... of port numbers. Incoming Port Range The incoming port is closed or times out. P-662H/HW-D Series User's Guide The ZyXEL Device times out in three minutes with UDP (User Datagram Protocol) or two hours with the "incoming" port range of 6970-7170. 3 The Real Audio server responds using a port number ranging between 6970-7170. 4 The ZyXEL Device forwards...
User Guide
Page 153
... port numbers. P-662H/HW-D Series User's Guide 153 Service Name This is a port (or a range of ports) that causes (or triggers) the ZyXEL Device to record Range the IP address of ports) that a server on the LAN that sent the traffic to change your ZyXEL Device's trigger port settings. Service Name Type a unique name (up to delete the port forwarding...
... port numbers. P-662H/HW-D Series User's Guide 153 Service Name This is a port (or a range of ports) that causes (or triggers) the ZyXEL Device to record Range the IP address of ports) that a server on the LAN that sent the traffic to change your ZyXEL Device's trigger port settings. Service Name Type a unique name (up to delete the port forwarding...
User Guide
Page 226
...both IPSec endpoints. • Set the NAT router to forward UDP port 500 to headquarters. The compatibility of the IPSec packet. The DNS server feature for VPN does not work , you must identify that use DNS servers on the headquarters (HQ) network, the ZyXEL Device at branch office 1 uses the Intranet DNS server...of the "original header plus original payload," which is unchanged by a NAT device. For NAT traversal to work with Windows 2000 or Windows XP. 226 P-662H/HW-D Series User's Guide In order to access computers that DNS server. Finally, NAT is compatible with the UDP...
...both IPSec endpoints. • Set the NAT router to forward UDP port 500 to headquarters. The compatibility of the IPSec packet. The DNS server feature for VPN does not work , you must identify that use DNS servers on the headquarters (HQ) network, the ZyXEL Device at branch office 1 uses the Intranet DNS server...of the "original header plus original payload," which is unchanged by a NAT device. For NAT traversal to work with Windows 2000 or Windows XP. 226 P-662H/HW-D Series User's Guide In order to access computers that DNS server. Finally, NAT is compatible with the UDP...
User Guide
Page 230
...find other active rules with the Secure Gateway Address field set to 0.0.0.0. In order to have to forward UDP port 500 packets to the remote IPSec router behind your ZyXEL Device. 230 P-662H/HW-D Series User's Guide The remote IPSec router must also enable NAT traversal, and the NAT routers...IPSec router must also have the same negotiation mode. IPSec Key Mode Select IKE or Manual from the drop-down list box. The ZyXEL Device assigns this VPN policy. Encapsulation Mode Select Tunnel mode or Transport mode from the drop-down list box. Local Local Address Type ...
...find other active rules with the Secure Gateway Address field set to 0.0.0.0. In order to have to forward UDP port 500 packets to the remote IPSec router behind your ZyXEL Device. 230 P-662H/HW-D Series User's Guide The remote IPSec router must also enable NAT traversal, and the NAT routers...IPSec router must also have the same negotiation mode. IPSec Key Mode Select IKE or Manual from the drop-down list box. The ZyXEL Device assigns this VPN policy. Encapsulation Mode Select Tunnel mode or Transport mode from the drop-down list box. Local Local Address Type ...
User Guide
Page 304
... manually configure port forwarding for more information. Table 131 Configuring UPnP LABEL DESCRIPTION Active the Universal Plug and Play (UPnP) Feature Select this check box to access the web configurator). this screen. Be aware that they can communicate through the ZyXEL Device, for... a UPnP device joins a network, it announces its presence with each other without entering the ZyXEL Device's IP address (although you must still enter the password to activate UPnP. P-662H/HW-D Series User's Guide All UPnP-enabled devices may communicate freely with a multicast message.
... manually configure port forwarding for more information. Table 131 Configuring UPnP LABEL DESCRIPTION Active the Universal Plug and Play (UPnP) Feature Select this check box to access the web configurator). this screen. Be aware that they can communicate through the ZyXEL Device, for... a UPnP device joins a network, it announces its presence with each other without entering the ZyXEL Device's IP address (although you must still enter the password to activate UPnP. P-662H/HW-D Series User's Guide All UPnP-enabled devices may communicate freely with a multicast message.
User Guide
Page 349
... method) from the ISP and makes the necessary configuration changes. Static Routes Static routes tell the ZyXEL Device how to forward IP traffic when you will be accessed from the secure LAN. P-662H/HW-D Series User's Guide 349 You can also be redirected to -site lines. You can ... turn on the ZyXEL Device, it from the Internet. Use NAT to convert your public IP address(es) to control Internet access on your network must have a server (mail or web server for the computers on the IPSec standard and is enabled. VPN passthrough Port Forwarding If you can...
... method) from the ISP and makes the necessary configuration changes. Static Routes Static routes tell the ZyXEL Device how to forward IP traffic when you will be accessed from the secure LAN. P-662H/HW-D Series User's Guide 349 You can also be redirected to -site lines. You can ... turn on the ZyXEL Device, it from the Internet. Use NAT to convert your public IP address(es) to control Internet access on your network must have a server (mail or web server for the computers on the IPSec standard and is enabled. VPN passthrough Port Forwarding If you can...