User Guide
Page 14
... Setup ...144 9.4 Port Forwarding ...145 9.4.1 Default Server IP Address 146 9.4.2 Port Forwarding: Services and Port Numbers 146 9.4.3 Configuring Servers Behind Port Forwarding (Example 146 9.5 Configuring Port Forwarding 147 9.5.1 Port Forwarding Rule Edit 148 9.6 Address Mapping ...149 9.6.1 Address Mapping Rule Edit 150 9.7 Trigger Port ...151 9.8 Edit Trigger Port ...153 Part III: Security 155 Chapter 10 Firewalls...157 10.1 Firewall Overview ...157 14 P-662H/HW-D Series...
... Setup ...144 9.4 Port Forwarding ...145 9.4.1 Default Server IP Address 146 9.4.2 Port Forwarding: Services and Port Numbers 146 9.4.3 Configuring Servers Behind Port Forwarding (Example 146 9.5 Configuring Port Forwarding 147 9.5.1 Port Forwarding Rule Edit 148 9.6 Address Mapping ...149 9.6.1 Address Mapping Rule Edit 150 9.7 Trigger Port ...151 9.8 Edit Trigger Port ...153 Part III: Security 155 Chapter 10 Firewalls...157 10.1 Firewall Overview ...157 14 P-662H/HW-D Series...
User Guide
Page 25
...Example 146 Figure 85 NAT Port Forwarding ...147 Figure 86 Port Forwarding Rule Setup 148 Figure 87 Address Mapping Rules ...149 Figure 88 Edit Address Mapping Rule 150 Figure 89 Trigger Port ...152 Figure 90 Trigger Port Edit ...153 Figure 91... Figure 100 Firewall: Configure Customized Services 179 Figure 101 Firewall Example: Rules ...180 Figure 102 Edit Custom Port Example 180 Figure 103 Firewall Example: Edit Rule: Destination Address 181 Figure 104 Firewall Example: Edit Rule:... Security > Register ...212 Figure 124 Security > Register > Service 213 P-662H/HW-D Series User's Guide 25
...Example 146 Figure 85 NAT Port Forwarding ...147 Figure 86 Port Forwarding Rule Setup 148 Figure 87 Address Mapping Rules ...149 Figure 88 Edit Address Mapping Rule 150 Figure 89 Trigger Port ...152 Figure 90 Trigger Port Edit ...153 Figure 91... Figure 100 Firewall: Configure Customized Services 179 Figure 101 Firewall Example: Rules ...180 Figure 102 Edit Custom Port Example 180 Figure 103 Firewall Example: Edit Rule: Destination Address 181 Figure 104 Firewall Example: Edit Rule:... Security > Register ...212 Figure 124 Security > Register > Service 213 P-662H/HW-D Series User's Guide 25
User Guide
Page 32
... Configuration 135 Table 49 DMZ ...138 Table 50 NAT Definitions ...141 Table 51 NAT Mapping Types ...144 Table 52 NAT General ...145 Table 53 NAT Port Forwarding ...147 Table 54 Port Forwarding Rule Setup 148 Table 55 Address Mapping Rules ...150 Table 56 Edit Address Mapping Rule 151 Table 57 Trigger... Table 79 Content Access Control: User Profiles 206 Table 80 Content Access Control: Online Status 207 Table 81 Content Access Control: Trusted Device 208 32 P-662H/HW-D Series User's Guide
... Configuration 135 Table 49 DMZ ...138 Table 50 NAT Definitions ...141 Table 51 NAT Mapping Types ...144 Table 52 NAT General ...145 Table 53 NAT Port Forwarding ...147 Table 54 Port Forwarding Rule Setup 148 Table 55 Address Mapping Rules ...150 Table 56 Edit Address Mapping Rule 151 Table 57 Trigger... Table 79 Content Access Control: User Profiles 206 Table 80 Content Access Control: Online Status 207 Table 81 Content Access Control: Trusted Device 208 32 P-662H/HW-D Series User's Guide
User Guide
Page 48
... ranges for DoS attacks. 48 P-662H/HW-D Series User's Guide Client List Use this screen to activate/deactivate the firewall and the direction of the individual and applications. IP Alias Use this screen to enable NAT. Port Forwarding Use this screen to partition your ...LAN interface into subnets. Security Firewall General Use this screen to configure the threshold for servers behind the ZyXEL Device. Threshold Use this screen to access the summary ...
... ranges for DoS attacks. 48 P-662H/HW-D Series User's Guide Client List Use this screen to activate/deactivate the firewall and the direction of the individual and applications. IP Alias Use this screen to enable NAT. Port Forwarding Use this screen to partition your ...LAN interface into subnets. Security Firewall General Use this screen to configure the threshold for servers behind the ZyXEL Device. Threshold Use this screen to access the summary ...
User Guide
Page 92
... gateway IP address (supplied by your ISP from the drop-down list. Click Edit to go to the Port Forwarding screen to save the changes. The screen appears as shown. 92 P-662H/HW-D Series User's Guide Chapter 5 WAN Setup Table 24 More Connections Edit (continued) LABEL DESCRIPTION Multiplexing ...a different one set . Cancel Click Cancel to begin configuring this screen to use RFC 1483, enter the IP address given by your ZyXEL Device's advanced WAN settings. Click the Advanced Setup button in each packet header. For LLC-based multiplexing or PPP encapsulation, one public ...
... gateway IP address (supplied by your ISP from the drop-down list. Click Edit to go to the Port Forwarding screen to save the changes. The screen appears as shown. 92 P-662H/HW-D Series User's Guide Chapter 5 WAN Setup Table 24 More Connections Edit (continued) LABEL DESCRIPTION Multiplexing ...a different one set . Cancel Click Cancel to begin configuring this screen to use RFC 1483, enter the IP address given by your ZyXEL Device's advanced WAN settings. Click the Advanced Setup button in each packet header. For LLC-based multiplexing or PPP encapsulation, one public ...
User Guide
Page 96
...this screen afresh. 5.9 WAN Backup Advanced Screen Use this screen to the Internet. Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to change your ZyXEL Device's WAN backup advanced settings, click WAN > WAN Backup Setup > Advanced Setup. Metric This field ...user name for directly connected networks. The WAN connection is as shown. 96 P-662H/HW-D Series User's Guide Note: If you activate traffic redirect, you must be between the dial backup port and the external device. RIP routing uses hop count as the measurement of cost,...
...this screen afresh. 5.9 WAN Backup Advanced Screen Use this screen to the Internet. Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to change your ZyXEL Device's WAN backup advanced settings, click WAN > WAN Backup Setup > Advanced Setup. Metric This field ...user name for directly connected networks. The WAN connection is as shown. 96 P-662H/HW-D Series User's Guide Note: If you activate traffic redirect, you must be between the dial backup port and the external device. RIP routing uses hop count as the measurement of cost,...
User Guide
Page 139
... Click Cancel to begin configuring this check box to forward NetBIOS packets from the WAN to the DMZ and from the DMZ to the LAN. The LAN port and connected computers (A through F) use private IP addresses that are in separate subnets. The ZyXEL Device supports both IGMP version 1 (IGMP-v1) ...Protocol) is enabled with public IP addresses on the WAN and DMZ and private IP addresses on the LAN. Figure 80 DMZ Public Address Example P-662H/HW-D Series User's Guide 139 Windows Networking (NetBIOS over TCP/IP) Allow between DMZ and WAN Select this screen afresh. 8.3 DMZ Public ...
... Click Cancel to begin configuring this check box to forward NetBIOS packets from the WAN to the DMZ and from the DMZ to the LAN. The LAN port and connected computers (A through F) use private IP addresses that are in separate subnets. The ZyXEL Device supports both IGMP version 1 (IGMP-v1) ...Protocol) is enabled with public IP addresses on the WAN and DMZ and private IP addresses on the LAN. Figure 80 DMZ Public Address Example P-662H/HW-D Series User's Guide 139 Windows Networking (NetBIOS over TCP/IP) Allow between DMZ and WAN Select this screen afresh. 8.3 DMZ Public ...
User Guide
Page 142
...and TCP or UDP source port numbers for Many-to-One ...IP address in each packet and then forwards it to RFC 1631, The IP ... ZyXEL Device can designate servers, for the inside local address before forwarding... the packet to the outside host is the source address on other networks. Note that the IP address (either static or dynamically assigned by the ISP. For more information on your ZyXEL...of the original addresses and port numbers so incoming reply packets...inside global address) before forwarding it to globally unique ones required ...the WAN. The ZyXEL Device keeps track ...
...and TCP or UDP source port numbers for Many-to-One ...IP address in each packet and then forwards it to RFC 1631, The IP ... ZyXEL Device can designate servers, for the inside local address before forwarding... the packet to the outside host is the source address on other networks. Note that the IP address (either static or dynamically assigned by the ISP. For more information on your ZyXEL...of the original addresses and port numbers so incoming reply packets...inside global address) before forwarding it to globally unique ones required ...the WAN. The ZyXEL Device keeps track ...
User Guide
Page 145
.... If your ZyXEL Device. Apply Click Apply to save your network has a small number of clients using peer to peer applications, you can make visible to the outside world. P-662H/HW-D Series User's Guide 145 Max NAT/ Firewall Session Per User When computers use peer ...by the number of NAT sessions they need to establish NAT sessions. If your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previous configuration. 9.4 Port Forwarding A port forwarding set is a signaling protocol used . Figure 83 NAT General Chapter 9 Network Address Translation (NAT) ...
.... If your ZyXEL Device. Apply Click Apply to save your network has a small number of clients using peer to peer applications, you can make visible to the outside world. P-662H/HW-D Series User's Guide 145 Max NAT/ Firewall Session Per User When computers use peer ...by the number of NAT sessions they need to establish NAT sessions. If your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previous configuration. 9.4 Port Forwarding A port forwarding set is a signaling protocol used . Figure 83 NAT General Chapter 9 Network Address Translation (NAT) ...
User Guide
Page 146
... Web or FTP server) from ports that are not specified in the remote management setup. 9.4.2 Port Forwarding: Services and Port Numbers Use the Port Forwarding screen to forward incoming service requests to a port or a range of ports. Figure 84 Multiple Servers Behind NAT Example 146 P-662H/HW-D Series User's Guide ...residential broadband ISP accounts do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that corresponds to the server(s) on the Internet. The port number identifies a service; In some cases, such as for unknown services ...
... Web or FTP server) from ports that are not specified in the remote management setup. 9.4.2 Port Forwarding: Services and Port Numbers Use the Port Forwarding screen to forward incoming service requests to a port or a range of ports. Figure 84 Multiple Servers Behind NAT Example 146 P-662H/HW-D Series User's Guide ...residential broadband ISP accounts do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that corresponds to the server(s) on the Internet. The port number identifies a service; In some cases, such as for unknown services ...
User Guide
Page 147
... screen. Figure 85 NAT Port Forwarding The following table describes the fields in this button to add a rule to open the following screen. A default server receives packets from the drop-down list box. Add Click this screen. P-662H/HW-D Series User's Guide...Click Network > NAT > Port Forwarding to the table below. Chapter 9 Network Address Translation (NAT) Screens 9.5 Configuring Port Forwarding " The Port Forwarding screen is available only when you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here...
... screen. Figure 85 NAT Port Forwarding The following table describes the fields in this button to add a rule to open the following screen. A default server receives packets from the drop-down list box. Add Click this screen. P-662H/HW-D Series User's Guide...Click Network > NAT > Port Forwarding to the table below. Chapter 9 Network Address Translation (NAT) Screens 9.5 Configuring Port Forwarding " The Port Forwarding screen is available only when you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here...
User Guide
Page 148
... box to enable the rule. P-662H/HW-D Series User's Guide Table 54 Port Forwarding Rule Setup LABEL DESCRIPTION Active Click this field. Start Port Enter a port number in this check box to the ZyXEL Device. To forward only one port, enter the port number again in the End Port field. To forward only one port, enter the port number again in the Start...
... box to enable the rule. P-662H/HW-D Series User's Guide Table 54 Port Forwarding Rule Setup LABEL DESCRIPTION Active Click this field. Start Port Enter a port number in this check box to the ZyXEL Device. To forward only one port, enter the port number again in the End Port field. To forward only one port, enter the port number again in the Start...
User Guide
Page 149
...in the order that number of the server here. Ordering your changes back to open the following screen. Figure 87 Address Mapping Rules P-662H/HW-D Series User's Guide 149 Now if you configure rule number 9. In the set and now you delete rule 4, rules 5 to... screen is important because the ZyXEL Device applies the rules in the NAT > General screen. Apply Click Apply to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6. Chapter 9 Network Address Translation (NAT) Screens Table 54 Port Forwarding Rule Setup (continued) LABEL ...
...in the order that number of the server here. Ordering your changes back to open the following screen. Figure 87 Address Mapping Rules P-662H/HW-D Series User's Guide 149 Now if you configure rule number 9. In the set and now you delete rule 4, rules 5 to... screen is important because the ZyXEL Device applies the rules in the NAT > General screen. Apply Click Apply to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6. Chapter 9 Network Address Translation (NAT) Screens Table 54 Port Forwarding Rule Setup (continued) LABEL ...
User Guide
Page 151
... end local IP address (ILA). The ZyXEL Device records the IP address of a computer on the WAN) to forward a service (coming in this link to go to the Port Forwarding screen to the ZyXEL Device. Chapter 9 Network Address Translation (...NAT) Screens The following . • One-to-One: One-to-One mode maps one local IP address to one global IP address. Back Click Back to return to request a service with a specific port number and protocol ("incoming" port), the ZyXEL Device forwards the traffic P-662H...
... end local IP address (ILA). The ZyXEL Device records the IP address of a computer on the WAN) to forward a service (coming in this link to go to the Port Forwarding screen to the ZyXEL Device. Chapter 9 Network Address Translation (...NAT) Screens The following . • One-to-One: One-to-One mode maps one local IP address to one global IP address. Back Click Back to return to request a service with a specific port number and protocol ("incoming" port), the ZyXEL Device forwards the traffic P-662H...
User Guide
Page 152
...ZyXEL Device forwards the traffic with this check box to enable the rule. Start Port Type a port number or the starting port number in a range of port numbers. Trigger Port Range The trigger port is a port (or a range of ports) that sent the request. Start Port Type a port number or the starting port number in a range of port numbers. The ZyXEL... use the service in this screen to add and view trigger port rules configured on your ZyXEL Device. All characters are permitted - including spaces. P-662H/HW-D Series User's Guide After that service closes, another computer...
...ZyXEL Device forwards the traffic with this check box to enable the rule. Start Port Type a port number or the starting port number in a range of port numbers. Trigger Port Range The trigger port is a port (or a range of ports) that sent the request. Start Port Type a port number or the starting port number in a range of port numbers. The ZyXEL... use the service in this screen to add and view trigger port rules configured on your ZyXEL Device. All characters are permitted - including spaces. P-662H/HW-D Series User's Guide After that service closes, another computer...
User Guide
Page 153
... ZyXEL Device forwards the traffic with this action. Cancel Click Cancel to return to the previous configuration. 9.8 Edit Trigger Port Click the Edit icon in the NAT > Trigger Port screen to open the following table describes the labels in a range of ports) to the client computer on the LAN that a server on the WAN. P-662H/HW...
... ZyXEL Device forwards the traffic with this action. Cancel Click Cancel to return to the previous configuration. 9.8 Edit Trigger Port Click the Edit icon in the NAT > Trigger Port screen to open the following table describes the labels in a range of ports) to the client computer on the LAN that a server on the WAN. P-662H/HW...
User Guide
Page 226
... mode. • Enable NAT traversal on both IPSec endpoints. • Set the NAT router to forward UDP port 500 to private IP addresses on the headquarters (HQ) network, the ZyXEL Device at branch office 1 uses the Intranet DNS server in the following figure depicts an example where three...AH Tunnel N ESP Transport Y* ESP Tunnel Y Y* - In order to work with the UDP port 500 header unchanged. The NAT router forwards the IPSec packet with Windows 2000 or Windows XP. 226 P-662H/HW-D Series User's Guide This is summarized in headquarters. You cannot use private domain names on...
... mode. • Enable NAT traversal on both IPSec endpoints. • Set the NAT router to forward UDP port 500 to private IP addresses on the headquarters (HQ) network, the ZyXEL Device at branch office 1 uses the Intranet DNS server in the following figure depicts an example where three...AH Tunnel N ESP Transport Y* ESP Tunnel Y Y* - In order to work with the UDP port 500 header unchanged. The NAT router forwards the IPSec packet with Windows 2000 or Windows XP. 226 P-662H/HW-D Series User's Guide This is summarized in headquarters. You cannot use private domain names on...
User Guide
Page 230
... to identify this check box to choose Single, Range, or Subnet. A DNS server allows clients on the LAN behind your ZyXEL Device. 230 P-662H/HW-D Series User's Guide Two active SAs can configure multiple SAs between the same local and remote IP addresses, as long ...IKE key management. Select Single for troubleshooting if you cannot configure any other computers and servers on your LAN behind your ZyXEL Device. Select Yes to have to forward UDP port 500 packets to 0.0.0.0, the ranges of local addresses. Manual is configured to Range, enter the beginning (static) IP...
... to identify this check box to choose Single, Range, or Subnet. A DNS server allows clients on the LAN behind your ZyXEL Device. 230 P-662H/HW-D Series User's Guide Two active SAs can configure multiple SAs between the same local and remote IP addresses, as long ...IKE key management. Select Single for troubleshooting if you cannot configure any other computers and servers on your LAN behind your ZyXEL Device. Select Yes to have to forward UDP port 500 packets to 0.0.0.0, the ranges of local addresses. Manual is configured to Range, enter the beginning (static) IP...
User Guide
Page 304
ZyXEL's UPnP implementation supports Internet Gateway Device (IGD) 1.0. See Section 22.1 on the LAN only. Be aware that they can communicate through UPnP Select this eliminates the need to manually configure port forwarding for more information. P-662H/HW-D Series User's Guide Disable UPnP if this check box to activate UPnP. See the following table describes...
ZyXEL's UPnP implementation supports Internet Gateway Device (IGD) 1.0. See Section 22.1 on the LAN only. Be aware that they can communicate through UPnP Select this eliminates the need to manually configure port forwarding for more information. P-662H/HW-D Series User's Guide Disable UPnP if this check box to activate UPnP. See the following table describes...
User Guide
Page 349
...and days during which content filtering is enabled. LAN/DMZ Interface The ZyXEL Device provides a LAN port that allows your network must have a server (mail or web server for information input or troubleshooting. P-662H/HW-D Series User's Guide 349 In cases where additional account information... Zero Configuration Internet Access Once you have its own unique IP address. VPN passthrough Port Forwarding If you connect and turn on your regular WAN connection fails. The ZyXEL Device VPN is based on your network, you can function as an Internet account user...
...and days during which content filtering is enabled. LAN/DMZ Interface The ZyXEL Device provides a LAN port that allows your network must have a server (mail or web server for information input or troubleshooting. P-662H/HW-D Series User's Guide 349 In cases where additional account information... Zero Configuration Internet Access Once you have its own unique IP address. VPN passthrough Port Forwarding If you connect and turn on your regular WAN connection fails. The ZyXEL Device VPN is based on your network, you can function as an Internet account user...