ZyXEL Communications Broadband Security Gateway P-312 manual
- Consulta online o descarga el manual de instrucciones
- 254 páginas
- 1.93 mb
Ir a la página of
manuales de instrucciones parecidos
-
Network Router
ZyXEL Communications Cable Modem Router with Wireless P-974 series
2 páginas 0.15 mb -
Network Router
ZyXEL Communications Prestige 971M
9 páginas 0.51 mb -
Network Router
ZyXEL Communications P-662HW-D
7 páginas 5.82 mb -
Network Router
ZyXEL Communications P-870HN-51b
12 páginas 0.22 mb -
Network Router
ZyXEL Communications 792H
2 páginas 0.45 mb -
Network Router
ZyXEL Communications NWA1100-N
250 páginas 6.77 mb -
Network Router
ZyXEL Communications VSG-1200
280 páginas 11.26 mb -
Network Router
ZyXEL Communications ONU-6040BF-2x
20 páginas 0.94 mb
Buen manual de instrucciones
Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones ZyXEL Communications Broadband Security Gateway P-312. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica ZyXEL Communications Broadband Security Gateway P-312 o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.
¿Qué es un manual de instrucciones?
El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual ZyXEL Communications Broadband Security Gateway P-312 se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.
Desafortunadamente pocos usuarios destinan su tiempo a leer manuales ZyXEL Communications Broadband Security Gateway P-312, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.
Entonces, ¿qué debe contener el manual de instrucciones perfecto?
Sobre todo, un manual de instrucciones ZyXEL Communications Broadband Security Gateway P-312 debe contener:
- información acerca de las especificaciones técnicas del dispositivo ZyXEL Communications Broadband Security Gateway P-312
- nombre de fabricante y año de fabricación del dispositivo ZyXEL Communications Broadband Security Gateway P-312
- condiciones de uso, configuración y mantenimiento del dispositivo ZyXEL Communications Broadband Security Gateway P-312
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas
¿Por qué no leemos los manuales de instrucciones?
Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de ZyXEL Communications Broadband Security Gateway P-312 no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de ZyXEL Communications Broadband Security Gateway P-312 y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico ZyXEL Communications en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de ZyXEL Communications Broadband Security Gateway P-312, como se suele hacer teniendo una versión en papel.
¿Por qué vale la pena leer los manuales de instrucciones?
Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo ZyXEL Communications Broadband Security Gateway P-312, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.
Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual ZyXEL Communications Broadband Security Gateway P-312. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.
Índice de manuales de instrucciones
-
Página 1
Pr estige 312 Broadba nd Securi ty Gateway User’s Guide Version 3.20 November 2000[...]
-
Página 2
P312 Broadban d Security G ateway ii Copyright Prestige 312 Broadband Securi ty Gatew ay Copyright Copyright © 2000 by Zy XEL C ommunicat ions C orporati on. The conte nts of t his pub licati on may not be r eprod uced i n any pa rt or as a w hole, trans cribed, stor ed in a retrieval syste m, trans lated i nto any languag e, or tran smitte d in a[...]
-
Página 3
P312 Broadban d Security G ateway FCC Statem ent iii Federal Co mmunicatio ns Commission ( FCC) Inte rference Statement This dev ice comp lie s with Part 15 o f FCC rul es. Op eration is sub ject to the f ollow ing tw o conditio ns: This dev ice may not cau se harmf ul interferen ce. This dev ice must accept any interfer ence re ceived , inclu din [...]
-
Página 4
P312 Broadban d Security G ateway iv Canadia n Users Informat ion for Can adian U sers The Industry Canad a label iden tif ies certifi ed equi pme nt. This cer t ifi cat ion mea ns that the equ ipm ent meet s certain te lecom municatio ns network pro tectiv e, operat ion, and sa fety req uirement s. The I ndus try Canad a does not guarante e that t[...]
-
Página 5
P312 Broadban d Security G ateway Warranty v Declaration of Con for mit y We, the Manufacturer/Im porter, ZyXEL Communica tions Corp . No. 6, Innovation Rd. II, Science-Based Industrial Park, Hsinchu, T aiwan , 300 R.O.C declare t hat the pr odu ct Prestige 312 is in co nform ity with (reference t o the spec ific at i on under which conformity is d[...]
-
Página 6
P312 Broadban d Security G ateway vi CE Doc[...]
-
Página 7
P312 Broadban d Security G ateway Warranty vi i ZyXE L Limited W arr anty ZyX EL warrants to t he origi nal end user (pur cha ser) that this pro duct is fre e from a ny defe cts in materia ls or workmans hip for a period of up to two y ears fr om the d ate of p urchase . Duri ng the w arranty peri od, and upon proof of pur chase, sh ould the produc[...]
-
Página 8
P312 Broadban d Security G ateway viii Cust omer Su ppor t Customer Support When y ou contact your custom er support repres ent ative pl ease have the following information ready: ♦ Prestig e Model and s erial num ber. ♦ Information in Menu 24.2 .1 –System Inform ation . ♦ Warranty Information. ♦ Date you received y our Prestige. ♦ Brie[...]
-
Página 9
P312 Broadban d Security G ateway T able Of C ontents ix T able of Contents T able of Conte nts .............................................................................................................. ............. ix List of Fig ures .............................................................................................................[...]
-
Página 10
P312 Broadba nd Security Gateway x T able Of C ontents 2.10.1 LAN Port Filter Setup .................................................................................................... ...2-12 Chapter 3 Internet Access .............................................................................................................3- 1 3.1 TCP/IP and DH[...]
-
Página 11
P312 Broadban d Security G ateway T able Of C ontents xi 6.1.4 NAT Mapping Types ......................................................................................................... .6 - 2 6.1.5 SUA (Singl e User Account) Versus NAT .......................................................................... 6-3 6.1.6 NAT Application ...........[...]
-
Página 12
P312 Broadba nd Security Gateway xii T able Of Conte nts 9.1 System Status ............................................................................................................... ............... 9-2 9.2 System Inf ormation and Console Port Speed .............................................................................. 9-4 9.2.1 System [...]
-
Página 13
P312 Broadban d Security G ateway T able Of C ontents xiii 12.2 Telnet Under NAT........................................................................................................... ......... 12-1 12.3 Telnet Capabilities ........................................................................................................ ............ 12-1[...]
-
Página 14
P312 Broadba nd Security Gateway xiv T able Of Conte nts 15.3 E-Mail ..................................................................................................................... ..................15-3 15.3.1 What are Al erts? ......................................................................................................... .......15[...]
-
Página 15
P312 Broadban d Security G ateway T able Of C ontents xv 20.1 Restrict Web Featu res...................................................................................................... ......... 20-1 20.1.1 ActiveX .................................................................................................................. .......... 20-1 20[...]
-
Página 16
P312 Broadba nd Security Gateway xvi List Of Figur es List of Figures Figure 1-1 Secure In ternet Access via Cable ..................................................................................... ....... 1-3 Figure 1-2 Secure In ternet Access via DSL....................................................................................... .......[...]
-
Página 17
P312 Broadban d Security G ateway List Of F igures xvii Figure 4-5 Remote Node Netw ork Layer Options .................................................................................. 4 -8 Figure 4-6 Rem ote Node Filter (Ethernet Encapsulation)...................................................................... 4-1 0 Figure 4-7 Remote Node Filte[...]
-
Página 18
P312 Broadba nd Security Gateway xvi ii List Of F igures Figure 6- 22 Example 4- Menu 15.1.1. 1 - A ddress Mapping Ru le ............................................................ 6-20 Figure 6-23 Exam ple 4 - Menu 15.1.1 - Addres s Mapping Rules ............................................................ 6-20 Figure 7-1 Outgoing Packet Filterin[...]
-
Página 19
P312 Broadban d Security G ateway List Of F igures xix Figure 9-9 Call-T rigg ering Packet Ex ample ....................................................................................... ... 9- 10 Figure 9-10 Menu 24.4 - System Maintenan ce - Diagnostic ....................................................................9-1 1 Figure 9-1 1 W A N &a[...]
-
Página 20
P312 Broadba nd Security Gateway xx List Of F igures Figure 14-2 Menu 21 - Filter and Firewall Setup ................................................................................. .... 14-1 Figure 14-3 Menu 21.2 – Firew all Setup .......................................................................................... ........ 14-2 Figure 14-[...]
-
Página 21
P312 Broadban d Security G ateway List Of F igures xxi Figure 19-9 Exam ple 2 - L ocal Net work Rule Summ ary .................................................................. 19-10 Figure 19-10 Ex ample 2 - Internet to Local Netw ork Rule Summary .................................................. 19-1 1 Figure 19-1 1 Custom Port for Syslog ......[...]
-
Página 22
[...]
-
Página 23
P312 Broadban d Security G ateway List of T ables xx iii List Of T ables T able 2-1 LED functions ........................................................................................................ ................ 2-1 T able 2-2 Main Menu Co mm ands ..............................................................................................[...]
-
Página 24
P312 Broadba nd Security Gateway xxiv List of T ab les T able 7- 2 Abbrev iations Used If Filter T ype Is IP .............................................................................. ....7-7 T able 7- 3 Abbrev iations Used If Filter T y pe Is GEN .......................................................................... .... 7- 7 T able 7- 4 T[...]
-
Página 25
P312 Broadban d Security G ateway List of T ables xxv T able 16-5 T im eou t Menu ......................................................................................................... ........... 16-14 T able 17-1 Cus tom Ports ......................................................................................................... ............[...]
-
Página 26
[...]
-
Página 27
P312 Broadban d Security G ateway Preface xxvii Preface A bout Y our Router Congrat ulation s on y our purch ase of the Presti ge 312 Broad band Secu rity Gateway . Don’t f orget to reg ister your Prestig e (fast, e asy onlin e regist ration at www .zy xel.com ) for free futur e product updates and information. The Prest ige 312 is a dual Ethern [...]
-
Página 28
P312 Broadba nd Security Gateway xxvi ii Prefac e Regardless of your particular applicatio n, it is important that you follo w the steps outlined in Chapt ers 1-2 to connect y our Prestige to your LAN. You can then refer to the appropriate chapters of the m anual, depending on you r applications. Related Documentation " Support in g C D More d[...]
-
Página 29
Getting S tarted I Part I: Getti ng Starte d Chapters 1-3 are s tructured as a step- by-step guide to h elp you connec t, install a nd set up your Prestig e to op erate on your networ k and acc ess the Inter net.[...]
-
Página 30
[...]
-
Página 31
P312 Broadba nd Security Gateway Getting to Know Y our Prest ige 1-1 Chapter 1 Getting to Know Your Prestige This c hapter intr oduces the main f eatures and appl ications of the Pr estige . 1.1 The Prestige 3 12 Broadband Security Gatewa y The Prest ige 312 is a dual Et hern et Broadband S ecurity Gatew ay integrated with a robust firew all and ne[...]
-
Página 32
P312 Broadban d Security G ateway 1-2 Gettin g to Know Y our Prestige Dynamic DNS Support With Dyn amic DNS su pport, y ou can have a s tatic hostname alias for a dynami c IP address, al low ing th e host to be m ore easily accessi ble from various locations on the Intern et. You must regi ster for this serv ice with a Dynamic DNS client to use thi[...]
-
Página 33
P312 Broadba nd Security Gateway Getting to Know Y our Prest ige 1-3 not choose a time service protocol that your ti meserver will send when the Prestige powers up you can enter the tim e manually but each ti me the sy stem is booted, th e tim e & date w ill be reset t o 1/1/197 0 0: 0:0 . Logging and T racing The Prestige has the following fea[...]
-
Página 34
P312 Broadban d Security G ateway 1-4 Gettin g to Know Y our Prestige Figure 1- 2 Secure Int ernet Access v ia DSL You can als o use your xDSL m odem in the bridg e mode f or always- on Internet access and high speed data transfer.[...]
-
Página 35
P312 Broadba nd Security Gateway Hardwar e Ins ta lla ti on & Initia l Setup 2-1 Chapter 2 Hardware Installation & Initial Setup This c hapter shows you how to connec t the har dware an d perform the in itial s etup. 2.1 Front Panel LEDs and Back Panel Ports 2.1.1 Front Panel LEDs The LEDs on the f ront panel indicate the operation al statu[...]
-
Página 36
P312 Broadban d Security G ateway 2-2 Hardware Insta llati on & Initia l Se tup LEDs Function Indicator Status Activ e Description Flashing The 100M LAN is sendi ng/re ceiv ing pac kets. Off The W AN Link is not ready, or ha s faile d. On The W AN L ink is ok . W A N W A N Green Flashing The 10M W AN link i s send ing/rece iv ing pac kets. 2.2 [...]
-
Página 37
P312 Broadba nd Security Gateway Hardwar e Ins ta lla ti on & Initia l Setup 2-3 connector on the back of the cable modem. C onnect an xDSL Modem to th e xDSL Wall Jack. Please also see Appendix C f or im portant safety instructi ons on making conn ections to th e Prestig e. Step 1. Connecting the Console Port For the initial configuration o f [...]
-
Página 38
P312 Broadban d Security G ateway 2-4 Hardware Insta llati on & Initia l Se tup ♦ 9600 Baud. ♦ No parity, 8 Data bits, 1 Stop b it, Flow Control set to None. 3. A cable/xDSL modem and an ISP accoun t. After t he Pres tige is properl y set up, y ou can make future ch anges to th e config uration th rough t elnet connections. 2.4 Housing Your[...]
-
Página 39
P312 Broadba nd Security Gateway Hardwar e Ins ta lla ti on & Initia l Setup 2-5 Figure 2- 4 Passw ord Scr een 2.6 Navigating the SM T Interface The SMT (System Management Terminal) is the interf ace that you use to conf igure your Prestige. Several operations that you should be fa miliar wi th before you attempt to m odify the configuration ar[...]
-
Página 40
P312 Broadban d Security G ateway 2-6 Hardware Insta llati on & Initia l Se tup 2.6.1 Main Menu After you enter the password, the SMT displa y s the Prestige 312 Main Menu , as shown bel ow. Figure 2- 5 Prestige 312 M ain M enu 2.6.2 S y stem Management T erminal Interf ace Summary Tab le 2-3 M ain Menu Su mmary # Menu Title Description 1 Gener[...]
-
Página 41
P312 Broadba nd Security Gateway Hardwar e Ins ta lla ti on & Initia l Setup 2-7 99 Exit To ex it from SM T and return t o a bla nk scre en. 2.7 Changing the Sy stem Password The firs t th ing your sh ould do bef ore any thing el se is to ch ange th e default system passw ord by followi ng the steps below. Step 1. Enter 23 in the Main Menu to o[...]
-
Página 42
P312 Broadban d Security G ateway 2-8 Hardware Insta llati on & Initia l Se tup 2.8 General Setup Me nu 1 - General Setup contains administrative and system- related information. The fields for General Setup are as shown next. Syste m Name is for identifi cation purposes. How ever, because s ome ISPs check this name you should enter your PC’s[...]
-
Página 43
P312 Broadba nd Security Gateway Hardwar e Ins ta lla ti on & Initia l Setup 2-9 Table 2-4 Gener al Setup Menu Field Field Description Example System Na me Choose a des criptiv e name f or ident ificati on purpo ses. It is recomme nded y ou enter y our co mputer’ s “Computer na me” in th is field. T his nam e can b e up to 3 0 alpha nume [...]
-
Página 44
P312 Broadban d Security G ateway 2-10 Hardwar e Ins ta lla ti on & Initia l Se tup Table 2-5 Configure Dynamic DNS Menu Fields Field Description Example Service Provider Enter the na me of your Dy namic DNS cl ient. www.d dns.org Active Press [SPACE BAR] to togg le betw een Yes or No . Yes Host Enter the do main n ame as signed to your Pr est [...]
-
Página 45
P312 Broadba nd Security Gateway Hardwar e Ins ta lla ti on & Initia l Setup 2-1 1 Figure 2-9 Menu 2 – WAN Setup The MAC addres s field allows users to configu re the WAN port's MAC Address by either u sing the factory default or clon ing the MAC address from a works tation on your LA N. Once it is successfully configu red, the address w[...]
-
Página 46
P312 Broadban d Security G ateway 2-12 Hardwar e Ins ta lla ti on & Initia l Se tup Figure 2-10 Menu 3 - LA N Setup 2.10.1 LA N Port Filt er Setup This menu allows you to specif y the filter sets that you wish to apply to the LAN traffic. You seldo m need to filter the LAN traffic, however, the filter sets may be useful to block certain packets[...]
-
Página 47
P312 Broadba nd Security Gateway Internet Acc ess 3-1 Chapter 3 Internet Access This chapt er shows you how to confi gure the LAN as we ll as th e WAN of your Presti ge for Int ernet access. 3.1 TCP/I P and DHCP for LA N The Prestige has built -i n DH CP server capabilit y that assigns IP ad dresses and DNS servers to s ystems that support DHCP cli[...]
-
Página 48
P312 Broadban d Security G ateway 3-2 Internet Ac cess The subnet mask speci fies the net w ork number portio n of an IP addr ess. Yo ur P restige will compute the subn et mask automatically based on th e IP address th at you entered. You don’t need to ch ange the subn et mask computed by th e Prestige unless you are inst ructed to do otherwis e.[...]
-
Página 49
P312 Broadba nd Security Gateway Internet Acc ess 3-3 3.1.5 DHCP Configuration DHCP (Dy n amic Host C onfig uration Protocol, R FC 2131 an d RF C 2132) all ow s th e indiv idual cli ents ( wor ksta t ion s ) to o bta i n the T CP/ I P co nfigur atio n at st art -up fro m a se rver . Yo u can conf igure the Prestige as a DHCP server or disa ble it. [...]
-
Página 50
P312 Broadban d Security G ateway 3-4 Internet Ac cess The address 224.0.0.1 i s us ed for qu ery messag es and is as signed to t he perm anent grou p of al l IP hos ts (incl uding g ateways ). All hosts must join th e 224.0.0.1 g roup in order t o part icipate i n IGMP. The address 224.0.0.2 is assign ed to the multicast routers group. The Presti [...]
-
Página 51
P312 Broadba nd Security Gateway Internet Acc ess 3-5 Figure 3-3 Menu 3 - LA N Setup (10/ 100 Mbps Etherne t) To edit the T CP /IP and DHCP configuration, enter 2 to open Menu 3.2 - TCP /IP a nd DHCP Ethernet Setup as s hown next. Figure 3-4 Menu 3.2 – TCP/IP and DHCP Ethernet Setup Menu 3 – LAN Setup 1. LAN Port Filter Setup 2. TCP/IP and DHCP[...]
-
Página 52
P312 Broadban d Security G ateway 3-6 Internet Ac cess Follo w the instr uction s in the follo wing table on how to configure the DHCP fie ld s. T able 3-1 LAN DHCP Setup Menu Fields Field Description Example DHCP= This field enables/disables the DHCP server. If it is set to Serv er , your Prestige w ill act as a DHCP server. I f set to None , DHCP[...]
-
Página 53
P312 Broadba nd Security Gateway Internet Acc ess 3-7 Field Description Example Edit IP Alia s The Prestige s upports three log ical LAN inter faces v ia its single physical Et herne t interfa ce with t he Presti ge itse lf as th e gatew ay for each LAN netw ork. Pr ess th e spac e bar to t ogg le No to Y es, th en press [ENTER] to bring y ou to me[...]
-
Página 54
P312 Broadban d Security G ateway 3-8 Internet Ac cess RIP Direction Press the space bar to se lect th e RIP d irection from None, Bo th/In Onl y /Out Onl y. None Version Press the spa ce bar t o sele ct the RI P version fr om RIP-1/RIP- 2B/RIP-2M. RIP-1 Incomin g Protocol F ilters Enter the fi lter set( s) you w ish t o apply to the incomi ng traf[...]
-
Página 55
P312 Broadba nd Security Gateway Internet Acc ess 3-9 The follo w ing table describes t his screen. Tab le 3-4 Internet Acces s Setup M enu F ields Field Description ISP’s Name Enter the na me of y our Intern et Service Prov ider, e .g., my ISP. This informati on is f or identi ficatio n purpo ses only . Encapsulation Press the [SPACE BAR] and th[...]
-
Página 56
P312 Broadban d Security G ateway 3-10 Internet Ac cess 3.3.3 Configuring the PPTP Client T o co nfigur e a P PT P clie nt, you must c onfi gure the M y Login an d Passw ord fields for a PPP conn ection and the PPTP parameters for a PPTP conn ection. After con figur i ng t he User Name and Passw ord for PPP connection, pres s [ SP AC E BAR] in t he[...]
-
Página 57
P312 Broadba nd Security Gateway Internet Acc ess 3-1 1 For the serv ice provider, PPPoE off ers an access and authentication method that w orks with existing access control sy stems (e.g., R adius). For the us er, PPPoE provides a log in & authentication method th at the existing Micros oft Dial-Up Netw orking software can activ ate, and there[...]
-
Página 58
P312 Broadban d Security G ateway 3-12 Internet Ac cess Tab le 3-6 New Fields in M enu 4 (PPPoE) screen Field Description Examples Encapsulation Press the [SPACE BAR] and then press [ENTER] to choose PPPoE . The enca psulati on meth od influen ces your c hoice s for IP Address . PPPoE Service N ame Enter the PPPoE service na me provide d to you . P[...]
-
Página 59
Advance d App licatio ns II Part II: Advanced Applicat ions Advance d App licatio ns (Chap ters 4-6) describ e the a dvanced applic ations of your Prest ige, suc h as Rem ote Node Se tup IP Sta tic rou tes and N A T .[...]
-
Página 60
P312 Broadban d Security G ateway Remote N ode Set up 4-1 Chapter 4 Remote Node Setup This c hapter shows you how to confi gure a rem ote node . A rem ote node is req uired for placing calls to a remote gateway. A remote node represents both the remote gate way a nd the ne twor k be hind it a cro ss a W AN c onne ctio n. Note that when you use Menu[...]
-
Página 61
P312 Broadban d Security G ateway 4-2 Remote N ode Set up Table 4-1 Fields in Menu 11.1 Field Description Examples Rem Node Name Enter a des criptive n ame for t he re mote no de. Thi s field c an be up to e ight ch aracters . LAoffice Act iv e Press the [SPACE BAR] to t oggle be tween Yes and No and activat e (deact ivate) th e remote node. Yes En[...]
-
Página 62
P312 Broadban d Security G ateway Remote N ode Set up 4-3 4.1.2 PPPoE Encap sulation The Pr est ig e support s PP PoE (P oin t- to-Poin t Prot ocol ove r Eth erne t). You can only us e PPPoE encapsulation w hen you’re using the Prestige with an xDSL m odem as the WAN device. If you change the Encapsula tion to PP PoE, then y ou will see th e next[...]
-
Página 63
P312 Broadban d Security G ateway 4-4 Remote N ode Set up Tab le 4-2 Fields in M enu 11.1 (PPPoE Encapsu lation Specific) Field Description Examples Authen T his fie ld sets the aut hentica tion protoco l used for outgoing cal ls. Options for t hi s field are: CHAP/PAP - Your Prestig e will a ccept e ither CHAP or PAP when reque sted by this re mot[...]
-
Página 64
P312 Broadban d Security G ateway Remote N ode Set up 4-5 Figure 4- 3 Remote Nod e Profil e for P PTP En capsulat ion The nex t table sh ows h ow to conf igure fi elds in Menu 11.1 not prev iou sly dis cuss ed above. Tab le 4-3 Fields in Men u 11.1 (PPT P Encap sulati on) Field Description Examples Encapsulation T oggle the sp ace bar to choo se PP[...]
-
Página 65
P312 Broadban d Security G ateway 4-6 Remote N ode Set up 4.2 Edit i ng TCP/IP Options (with Ethernet Encapsulati on) Move the cursor to the Edit IP fie ld i n Me nu 11.1 , then press th e [SPA CE B AR] to toggle and set the value to Yes . Press [Enter] to open Menu 11.3 - N etwork Layer Op tions . Figure 4-4 Remote Node Network Layer Options T he [...]
-
Página 66
P312 Broadban d Security G ateway Remote N ode Set up 4-7 Field Description Example between 1 a nd 15. In pra ctice, 2 or 3 is us ually a good n umb er. Private This field is valid only for PPT P/ PP PoE enc aps u lat io n. Thi s parameter determin es if t he Pre stige w ill incl ude the r oute to this remote no de in it s RIP br oad casts. If set [...]
-
Página 67
P312 Broadban d Security G ateway 4-8 Remote N ode Set up Figure 4-5 Remote Node Network Layer Options T he next tab le gi ves yo u ins truct io ns a bout con figuri ng r emote node net work la yer o ptio ns. Table 4-5 Remote Node Network Layer Options Menu Fields Field Description Example IP Address Assignment If y our ISP did n ot ass ign you an [...]
-
Página 68
P312 Broadban d Security G ateway Remote N ode Set up 4-9 between 1 a nd 15. In pra ctice, 2 or 3 is us ually a good n umb er. Private T his paramet er determ ines if the Prest ige w ill in clude th e route to thi s remote no de in it s RIP br oad casts. If set t o Yes , thi s route is kept private and n ot i nclude d in RIP broa dcast. If No , the[...]
-
Página 69
P312 Broadban d Security G ateway 4-10 Remote N ode Set up Figure 4-6 Remote Node Filter (Ethernet Encapsulation) Figure 4-7 Remote Node Filter (PPPoE or PPTP Encapsulation) Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= 3 device filters= Output Filter Sets: protocol filters= 1 device filters= Enter here to CONFIRM or ESC to CA[...]
-
Página 70
P312 Broadban d Security G ateway IP Stat ic Route Setup 5-1 Chapter 5 IP Static Route Setup This c hapter shows you how to confi gure stat ic routes with yo ur Prestige. Static routes tell the Presti ge routing in formation that it cannot learn automatically through other m eans. This can arise in cases where RIP is disabled on the LAN. Each remot[...]
-
Página 71
P312 Broadban d Security G ateway 5-2 IP Stat ic Rout e Setup 5.1 IP Stat ic Route Setup You c onfig ure I P sta t ic ro utes in M enu 12. 1 , by selecting one of the IP static rou tes as show n below. Enter 12 from the Main Menu . Figure 5-2 Menu 12 - IP Sta tic Route Setup Now, ent er the in dex number of on e of the s tatic rou tes you w ant to [...]
-
Página 72
P312 Broadban d Security G ateway IP Stat ic Route Setup 5-3 Tab le 5-1 IP Stat ic Route M enu F ields Field Description Route # This is the ind ex number of the sta tic rout e that y ou cho se in M enu 12. Route Na me Enter a des criptiv e name for this rout e. This is for i dentifi cat ion purpo ses on ly. Active This fie ld allow s you to activ [...]
-
Página 73
[...]
-
Página 74
P312 Broadban d Security G ateway NA T 6-1 Chapter 6 Network Address Translation (NAT) This c hapter d iscusses how to conf igure NAT on the Prestige. 6.1 Intr oduction NAT (Netw ork Addres s Translat ion - NAT, RFC 1631) i s th e trans lation of the IP address of a h ost in a packet, e.g., th e source address of an ou tgoing pack et, used w ithin [...]
-
Página 75
P312 Broadban d Security G ateway 6-2 NA T them access ible to the outs ide world. If y ou do not def ine any se rvers (for Many -to-One and Many -to- Many Overload mapping – see below), NAT o ff ers the additional benefit of firewall protectio n. If no server is defined in these cases, all incoming i nquiries will b e filtered out b y your Prest[...]
-
Página 76
P312 Broadban d Security G ateway NA T 6-3 2. Many to One: In Many-to-One mode, the Prestige maps multiple lo cal IP addresses to one global IP address. T his is equivalent to SUA (i.e., PAT, por t addr ess translation), Zy XEL’s Sin gle U ser A ccount feature th at prev ious ZyXEL routers su pported (th e SUA Only option in today’ s rout ers).[...]
-
Página 77
P312 Broadban d Security G ateway 6-4 NA T remote node bas is. They are reu sable, but on ly one s et is allowed for each rem ote node. The Prestige support s 2 set s since there i s only one rem ote node. The secon d set ( SUA Onl y option i n Menu 15.1) is a conv enient, pre- confi gured, read only Many-to-1 port m appin g set, su ffi cient for m[...]
-
Página 78
P312 Broadban d Security G ateway NA T 6-5 Figure 6- 3 Applyin g N A T for Int ernet Access This f igure sh ows how you apply NAT to th e remote node i n Menu 11.1. Step 1. Enter 11 f rom the Main Menu . Step 2. Move the cursor to the Edit IP field, press the [SPACEBAR] to togg le the default No to Yes , then p r ess [ ENT ER] t o bring up Menu 11.[...]
-
Página 79
P312 Broadban d Security G ateway 6-6 NA T Tabl e 6-3 A ppl ying N A T in M enus 4 & 11.3 Field Options Description Full Feature When you selec t this o ption the SMT will use Address M apping S et 1 (M enu 15.1 – see sec ti on 6.2.3 for further dis cu ss ion). You can con fig ure any of the 5 mapp ing ty pes des cribe d in Table 6-2. None NA[...]
-
Página 80
P312 Broadban d Security G ateway NA T 6-7 Figure 6- 6 M enu 15.1 Addres s M apping Sets Let’s look first at Option 255. Opti on 255 i s equ ival ent to SUA in previous ZyXEL routers ( see section 6.1.4) . The fiel ds in this menu cann ot be chang ed. Ent ering 255 bri ngs up this s creen. Figure 6-7 SUA Address Mapping Rules The following table [...]
-
Página 81
P312 Broadban d Security G ateway 6-8 NA T Tab le 6-4 SU A Addres s Map ping Rules Field Description Options/Exa mple Set Name This is the nam e of the set yo u sele cted in M enu 15.1 or ent er the na me of a new set you w ant to create. SUA Idx This is the ind ex or rule number . 1 Local Start IP Lo cal E nd IP Local Start IP is the st arti ng lo[...]
-
Página 82
P312 Broadban d Security G ateway NA T 6-9 Figure 6-8 First Set in Men u 15.1.1 The Ty pe, Loc al a nd Glob al Start/ End I Ps are co nfigur ed i n Men u 15.1. 1.1 ( describe d later) a nd t he v alue s are d isp layed her e. Orderi ng Y our Rules Ordering y our rules is important becau se the Prestige applies the rules in the order that y ou speci[...]
-
Página 83
P312 Broadban d Security G ateway 6-10 NA T moved d own by one rule. Delete mea ns t o delete the selecte d rule an d then a ll t he rule s after the sele cted one will b e advan ced one rul e. Save Set means to save the w hole set (note when y ou cho ose this a ction, the Select Rul e item w ill be d isa bled). Select Rule When you choos e Edit , [...]
-
Página 84
P312 Broadban d Security G ateway NA T 6-1 1 Field Description Option/Exam ple ex amples. and Server Local IP Only loca l IP f ields a re N/A for server; Global IP fie lds M US T be set fo r Server . Start T his is the start ing lo cal IP ad dress (I LA). 0.0.0.0 End T his is the ending local IP addr ess (ILA). If the rule i s for al l local IPs, t[...]
-
Página 85
P312 Broadban d Security G ateway 6-12 NA T Figure 6- 10 Mult iple Servers Beh ind N A T 6.3.2 Configuring a Server behind NA T Follow the steps below to configure a se rver behind NAT: Step 1. Enter 15 in the main menu to go to Menu 1 5 – NAT Setup. Step 2. Enter 2 to go to Menu 15.2 - NAT Server Setup . Step 3. Enter the service port number in [...]
-
Página 86
P312 Broadban d Security G ateway NA T 6-13 Figure 6- 11 M enu 15.2 – N A T Serv er Set up Tab le 6-7 Servic es & Port numbe rs Services Port Number FTP (File T ransfer Proto col) 21 Telnet 23 SMT P (Simple M ail Tr ansfer Protoc ol) 25 DNS(Domain N ame Sy stem) 53 HTTP (H yper T ext Transfer prot ocol or WWW , W eb) 80 PPTP (Point-to-Poi nt [...]
-
Página 87
P312 Broadban d Security G ateway 6-14 NA T Figure 6-1 2 N A T Example 1 Figure 6- 13 Internet Access & N A T Exampl e From Menu 4 sh own above, si mply choos e the SUA Only o p tion from the Network Addr ess Trans lation fiel d. This is the Many-t o-One mappi ng dis cuss ed in sect ion 6.1.4. Th e SUA Only read only option fro m the Network Ad[...]
-
Página 88
P312 Broadban d Security G ateway NA T 6-15 6.4.2 Example 2 – Intern et A ccess with an Inside Serv er Figure 6-1 4 N A T Example 2 In this cas e, we do exactly as above (us e the conven ient pre-conf igured SU A Only set) and also go to Menu 15.2 t o specify the Insi de Server beh ind th e NAT as show n in the next f igure. Figure 6- 15 Specif y[...]
-
Página 89
P312 Broadban d Security G ateway 6-16 NA T server an d the other IGA is used by all. We w ant to map the FTP servers to the f irst two of our IGAs and the other LAN traff ic to the rem aining IGA. We also want to m ap out third IGA to an inside w eb server an d mail server. We need to configure 4 rules, 2 bi-directional and 2 o ne directional as f[...]
-
Página 90
P312 Broadban d Security G ateway NA T 6-17 Step 5. Select Type = as One-to-One (direct m apping for packets g oing both ways ) , and enter the local Start IP as 192.168 .1.10 (t he IP address of FTP S erver 1), th e global Star t IP as 10.132.5 0.1 (our fi rst IGA). ( See Figur e 6-18) Step 6. Repeat the previous step for rules 2 to 4 as outlined [...]
-
Página 91
P312 Broadban d Security G ateway 6-18 NA T When w e have conf igured all fou r rules, Menu 15.1.1 sh ould look as f ollows . Figure 6-19 Example 3 Final Menu 15.1.1 Now we configu re our IGA 3 to map to ou r w eb server an d mail se rver on th e LAN. Step 8. Enter 15 f rom the Main Menu . Step 9. Now ent er 2 from this menu an d configure i t as s[...]
-
Página 92
P312 Broadban d Security G ateway NA T 6-19 6.4.4 Example 4 –NA T Unfriendly A pplication Programs Some appl ication s do n ot support NA T Mapping us ing TCP or UD P port address t rans lation . In thi s case it is better to use Many-to- Many No Overl oad m apping as port n umbers do not chan ge for Many-to-Man y No Overload (and One- to-One ) N[...]
-
Página 93
P312 Broadban d Security G ateway 6-20 NA T Figure 6-2 2 Example 4- Menu 15.1.1.1 - Address M appin g Rule After you’ve configured this menu, you should see the following screen. Figure 6-2 3 Example 4 - Menu 15.1.1 - Address M appin g Rules Menu 15.1.1.1 Address Mapping Rule Type= Many-to-Many No Overload Local IP: Start= 192.168.1.10 End = 192.[...]
-
Página 94
Advance d Mana gem ent III Part III: Advanced Manag e ment Chapters 7 - 12 pr ovide inf orm ation on Pres tige fil tering, S ystem Inform ation and Dia gnosis, Transferring Fil es and T elnet.[...]
-
Página 95
[...]
-
Página 96
P312 Broadban d Security G ateway Filters 7-1 Chapter 7 Filter Configuration This c hapter shows you how to crea te and app ly filter( s). 7.1 About Filtering Your Prestige uses filters to decid e whether to allow passage of a data packet and/or to m ake a call. There are two types of filter applications: data filtering and call filtering. Filters [...]
-
Página 97
P312 Broadban d Security G ateway 7-2 Filters 7.1.1 The Filter Structure of the Pr estige A filter set consists of one or more filter rules. Usuall y , you would group related rules, e.g., all the rules for NetBIOS, into a single set and give it a descrip tive name. The Prestige allo ws y ou to configure up to t welv e filter sets with six rules in[...]
-
Página 98
P312 Broadban d Security G ateway Filters 7-3 Start Fetch First Filter Set Fetch First Filter Rule Active? Execute Filter Rule Fetch Next Filter Rule Next filter Rule Available? Fetch Next Filter Set Next Filter Set Available? Accept Packet Drop Packet Yes No Yes No Yes Packet into filter Filter Set Forward Drop No Check Next Rule Figure 7-2 Filter[...]
-
Página 99
P312 Broadban d Security G ateway 7-4 Filters 7.2 Configur ing a Filter Set To configu re a filter s et, follow the procedure below . For more inf ormation on Menus 21.2 and 21. 3, please see Part 4. Step 1. Select option 21. F ilt er Set Configurat ion fro m the M ain M enu t o op en M enu 21 . Figure 7-4 Menu 21 – Filter a nd Firewall Setup Ste[...]
-
Página 100
P312 Broadban d Security G ateway Filters 7-5 Figure 7-6 NetBIOS_W AN Filter Rules Summ ary Figure 7-7 NetBIOS _LAN Filter Rules Summary Figure 7-8 TEL_FT P_WEB_W A N Filter Rules Summ ary Menu 21.1.1 - Filter Rules Summary # A Type Filter Rules M m n - - ---- -------------------------------------------- --------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=[...]
-
Página 101
P312 Broadban d Security G ateway 7-6 Filters 7.2.1 Filter Rules Summary Menu This screen shows the summ ary of the existing rules in the filter set. The f ollowing tables cont ain a brief descripti on of the abbrev iati ons used in the previous menus . Tabl e 7-1 A bbr eviation s Used in th e Filter Rul es Summa ry Menu Abbr eviations Description [...]
-
Página 102
P312 Broadban d Security G ateway Filters 7-7 The protocol d ependent filter rules abbreviation are listed as follows: ! If the filter ty pe is IP, the following abbreviation s lis ted in t he follo wing table will be used. Table 7-2 Abbrev iations Used If Filter T y pe Is IP Abbr eviation Description Pr Protocol SA Source Addre ss SP Source Port n[...]
-
Página 103
P312 Broadban d Security G ateway 7-8 Filters Figure 7-9 Men u 21.1.1.1 - TCP/I P Filter Ru le The following table describes ho w to configure your TCP/IP filter rule. Table 7-4 T CP/IP Filter Rule M enu Fields Field Description Option Active This fie ld activ ates/d eactiv ates th e filter r ule. Yes/No IP Protocol Protocol refers to th e upper la[...]
-
Página 104
P312 Broadban d Security G ateway Filters 7-9 Field Description Option don’t-care if it i s 0. Destinatio n: Por t # Comp Select the co mparis on to ap ply to t he d estinat ion port in the pack et agai nst the v alue g iven i n Destina tion : Port #. None/Less/G reater/ Equal/Not Equal] Source: IP Ad dress Enter the source IP Ad dress of the pa [...]
-
Página 105
P312 Broadban d Security G ateway 7-10 Filters Field Description Option Once you h ave co mp leted fi lling i n Menu 21.1. 1.1 - TCP/IP Filt er Rule , press [E nter] at th e mes sage [Press Enter to Confir m] to save your co nfigurati on, or pre ss [Es c] to ca ncel. T his dat a w ill now be display ed on Menu 21.1.1 - Fi lter Rule s Summar y . The[...]
-
Página 106
P312 Broadban d Security G ateway Filters 7-1 1 Packet into IP Filter Matched Matched Yes Action Matched Action Not Matched More? No Filter Active? Check IP Protocol Drop Drop Packet Accept Packet Drop Forward Check Next Rule Check Next Rule Check Next Rule Forward Not Matched Yes No Check Src IP Addr Apply SrcAddrMask to Src Addr Matched Check Des[...]
-
Página 107
P312 Broadban d Security G ateway 7-12 Filters 7.2.4 Generic Filter Rul e This section sho ws you ho w to configure a generic filter rule. The purpose of generic rules is to allo w you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. For gen eric rules, th e Presti ge treats a pack et as a byt e stream as oppos[...]
-
Página 108
P312 Broadban d Security G ateway Filters 7-13 The follo wing table describes the fields in the Generic Filter R ule Me nu. Table 7-5 Generic Filter Rule Menu Fields Field Description Option Filter # This is the filt er s et, filter rule co-o rdinate s, i.e., 2,3 r efers to the se cond filter set and the thir d rule of that set . Filter Type Use th[...]
-
Página 109
P312 Broadban d Security G ateway 7-14 Filters Drop Once you h ave co mp leted fi lling i n Menu 21.4. 1.1 - Gen eric Filter Rule , pre ss [Enter ] at the messa ge [Press Enter to Confir m] to save your co nfigurati on, or pre ss [Es c] to ca ncel. T his dat a w ill now be display ed on Menu 21.1.1 - Fi lter Rule s Summary . 7.3 Example Filter Let?[...]
-
Página 110
P312 Broadban d Security G ateway Filters 7-15 Figure 7-1 3 Exampl e Filter – M enu 21.1. 1.1 When y ou pres s [Enter] to co nfirm, you will see the following screen. Note that there is only one filter rule in this set. Menu 21.1.1 - TCP/IP Filter Rule Filter #: 3,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No De[...]
-
Página 111
P312 Broadban d Security G ateway 7-16 Filters Figure 7-1 4 Example F ilter Rule s Summary – M enu 21.1 .3 After you’ve created the filter set, you must appl y it. Step 1. Enter 11 f rom the main menu t o go to Men u 11. Step 2. Go to the Edit Filter Sets field, press the [SPA CE BAR ] to toggle Yes to No and press [ENTER] . Step 3. This brin g[...]
-
Página 112
P312 Broadban d Security G ateway Filters 7-17 packets and after NAT for incoming packets. On the other hand, the generic, or device filters are applied to the raw packets that appear on the w ire. They are applied at the poin t when the Prestige is receiving an d sending the pack ets; i.e. the interf ace. The interface can be an Ethernet port or a[...]
-
Página 113
P312 Broadban d Security G ateway 7-18 Filters Figure 7-16 Filtering LAN Traffic 7.6.2 Remote Node Filters Go to Menu 11.5 (sho wn below – note that call filter sets are only present for PP PoE encapsulation) and enter the number(s) of th e filter set(s) as appro priate. You can cascade up to four f ilter sets by entering their numbers separated [...]
-
Página 114
P312 Broadban d Security G ateway SNMP 8- 1 Chapter 8 SNMP Configuration This c hapter d iscusses SNMP (Simp le Netw ork Manage ment Pro toco l) for network managem ent and monitor ing. 8.1 About SNMP Your Prest ige su pports S NMP agen t funct ionality, wh ich all ows a manage r station t o manage an d monitor the Prestige through the network. Kee[...]
-
Página 115
P312 Broadban d Security G ateway 8-2 SN MP The follo wing table describes t he SNMP co nfiguration parameters. Table 8-1 SNMP Configuration Menu Fields Field Description Default Get Community Enter th e ge t comm unity , which i s the pa ssw ord for the incomi ng Get- and GetN ex t- request s from the m anagem ent stat ion. public Set Community En[...]
-
Página 116
P312 Broadban d Security G ateway System I nform ation & D iagnosis 9-1 Chapter 9 System Information & Diagnosis This c hapter talk s you thro ugh S M T Menus 24.1 t o 24 .4. This chapter covers the dia gnost ic to ols that help you to maintai n your Prestige. T hese too ls include updates on system status, port stat us, log and trace capab[...]
-
Página 117
P312 Broadban d Security G ateway 9-2 System I nformati on & D iagnosis 9.1 S y stem Status T he first se l ectio n, S yste m Stat us, gi ves yo u info r mati on on t h e ver sio n o f your syste m fi r mwa r e and t he status an d statistics of the ports, as s hown in the figu re below. System Status is a tool that can be used to monit o r yo [...]
-
Página 118
P312 Broadban d Security G ateway System I nform ation & D iagnosis 9-3 The following table des cribes the fields presen t in Menu 2 4.1 - Syste m Maintena nce - Status . T able 9-1 System M aint enance - Stat us Men u Fields Field Description Port The W AN or LAN port. Status Shows the po rt speed and du plex setti ng if y ou’re us ing Ether[...]
-
Página 119
P312 Broadban d Security G ateway 9-4 System I nformati on & D iagnosis 9.2 S ystem Information and Console Port Speed This sect ion des cribes y our sys tem and al lows you to choose dif fe rent console port speeds. To g et to t he Sy stem Informat ion an d Consol e Port Speed: Step 1. Enter 24 to go to Menu 2 4 – Syste m Maint enance . Step[...]
-
Página 120
P312 Broadban d Security G ateway System I nform ation & D iagnosis 9-5 Tab le 9-2 Fields in System M aintenance Field Descriptio n Name This is the Prest ige' s syste m na me + d omain n ame a ssigned in M enu 1. E.G., Syste m Name= x xx ; Domain Name= babo o.mic key.com Name= xx x .baboo.mick ey.co m Routing Refers to th e rout ing prot [...]
-
Página 121
P312 Broadban d Security G ateway 9-6 System I nformati on & D iagnosis 9.3.1 Viewing Error Log The first place y ou should look f or clues w hen something goes wrong is th e error/trace log. Follow the procedure bel ow to v iew the local error/trace log: Step 1. Select opt ion 24 f rom the Main Menu t o open Menu 24 - System Ma int enance . St[...]
-
Página 122
P312 Broadban d Security G ateway System I nform ation & D iagnosis 9-7 Figure 9-8 Men u 24.3.2 - System M aint enance – UNI X Syslog You need to con figure the UNIX syslog parameters described in th e following table to activate syslog then choose w hat y o u want to log. Tab le 9-3 System Maint enance M enu Syslog P arameter s Parameter Des[...]
-
Página 123
P312 Broadban d Security G ateway 9-8 System I nformati on & D iagnosis 1. CDR CDR Message Format Sdcm dSyslogSend( SYSLOG_CDR, SYSLOG_INFO, String ); Stri ng = board xx line xx channel xx , c all xx, str board = the hardware board ID line = the WAN ID in a board Channel = channel ID within the W AN call = the call reference num ber which start[...]
-
Página 124
P312 Broadban d Security G ateway System I nform ation & D iagnosis 9-9 Mar 03 10:39:43 202.132.155.97 ZyXEL: GEN[fffffffffffnordff0080] }S05>R01mF Mar 03 10:41:29 202.132.155.97 ZyXEL: GEN[00a0c5f502fnord010080] }S05>R01mF Mar 03 10:41:34 202.132.155.97 ZyXEL: IP[Src=192.168.2.33 Dst=202.132.155.93 ICMP]}S04>R01mF Mar 03 11:59:20 202.[...]
-
Página 125
P312 Broadban d Security G ateway 9-10 System I nformati on & D iagnosis 9.3.3 Call-T riggering Packet Call-Triggering Packet dis plays information about the pack et that triggered a dial-out call in an easy readable form at. Equivalent inf ormation is available in Menu 2 4.1 in h ex f orm at. An exam ple is sh ow n next. Figure 9-9 Call-Trigg [...]
-
Página 126
P312 Broadban d Security G ateway System I nform ation & D iagnosis 9-1 1 Figure 9-10 M enu 24.4 - Sys tem M aintena nce - Diagnos tic Follo w the proced ure b elow to get to M enu 24 .4 - System M aintenan ce – Diagnos tic. Step 1. From the Main Menu, select optio n 24 to open Menu 24 - Syst em Mainte na nce . Step 2. From this menu, select [...]
-
Página 127
P312 Broadban d Security G ateway 9-12 System I nformati on & D iagnosis Figure 9-11 W A N & L A N DHCP The follo w ing table describes t he diagnostic tests a vailable in Menu 24.4 for y our Prestige and the connections. Table 9-4 Sys tem M aintena nce Menu Diagnostic Number Field Description 1 Ping Host Enter 1 to p ing any machi ne (w it[...]
-
Página 128
P312 Broadban d Security G ateway T ransferring F iles 10-1 Chapter 10 T ransferring Files This c hapter te lls you how to bac k up and restore y our co nfiguratio n file as well as uploa d new firmware and a new c onfigurat ion fi le. 10.1 Fil ename conventions The configuration file (often called the ro m file or rom-0) contains the factory defau[...]
-
Página 129
P312 Broadban d Security G ateway 10-2 T ransferr ing Files Table 10-1 Filename Conv entions File Ty pe Internal Name External Name Description AT Command Configurati on File Rom-0 *.rom This is the router co nfigurat ion f ilenam e on the Prestige . Upl oading t he rom-0 file replaces the ent ire ROM file system, includi ng your Pr estige con figu[...]
-
Página 130
P312 Broadban d Security G ateway T ransferring F iles 10-3 10.3 Restore Configuration Me nu 2 4.6 -- System Ma int e na nce - Restore Configuration allo ws you to restore the configuratio n via the cons ole port. FTP and TFTP are the preferre d m ethods f or restoring y our current w orkstation configu ration to your Prestig e since FTP and TFTP a[...]
-
Página 131
P312 Broadban d Security G ateway 10-4 T ransferr ing Files Step 4. After successful firmware upload, enter atgo to restart the Prestige. Figure 1 0-4 Men u 24.7.1 - System M ainten ance - Uplo ad Router Fi rmware 10.4.2 Uploading Router Configuration File The configu ration data, system-related data, th e error log an d the trace log are all s tor[...]
-
Página 132
P312 Broadban d Security G ateway T ransferring F iles 10-5 Figure 10-5 M enu 24.7.2 - System Maintenance - Upload Router Configura tion File 10.5 TFTP File T ransfer In addition to th e direct console port con nection , the Prestige supports the u p/downloading of th e firmware and th e config urati on file usi ng TFTP (Triv ial F ile Transf er Pr[...]
-
Página 133
P312 Broadban d Security G ateway 10-6 T ransferr ing Files Note: If yo u uplo ad the firm war e to t he Pre stige, i t will r eb oot a utoma ticall y whe n t he file tra nsfe r is c omple ted (t he SYS LED will f lash) . Note that the telnet connection must b e active a nd the SMT in CI mode before and during the TFTP transfer. For details on TFTP[...]
-
Página 134
P312 Broadban d Security G ateway T ransferring F iles 10-7 10.6 FTP File T ransfer In addition to uploading the firmware and configuration via the console port and T FTP client, y ou can also upload the Prestige firmw are and configuration files using FTP . To use this f eature, your workstation must have a n FT P clie nt. When you telnet into the[...]
-
Página 135
P312 Broadban d Security G ateway 10-8 T ransferr ing Files Figure 1 0-7 Telnet into Men u 24.7.2 - System M aintenance To transfer the f irmware and the configu ration file, follow these examples: 10.6.1 Using the FTP command from the DOS Prompt Step 1. Launc h t he FT P clie nt on your wor kstat i on. Step 2. Ty p e open and th e IP address of y [...]
-
Página 136
P312 Broadban d Security G ateway T ransferring F iles 10-9 Figure 1 0-8 FT P Session Example Th e system r eboot s aft er a succes sfu l upload . The follow ing table desc ribes some of the fields that y ou may see in third party FTP clien ts. Tab le 10-3 Th ird Party FT P Clients –G eneral fields Host A ddress Enter th e addres s of the host se[...]
-
Página 137
[...]
-
Página 138
P312 Broadban d Security G ateway System Mai nten anc e & Infor m ation 1 1-1 Chapter 11 System Maintenance & Information This c hapter leads you throu gh S M T me nus 24.8 t o 24.11 . 11.1 Comman d Interp rete r Mod e The Command In terpreter (CI) is a part of the m ain rout er firmw are. The CI provides m uch of the same functionality as [...]
-
Página 139
P312 Broadban d Security G ateway 1 1- 2 System Mai nten anc e & Infor m ation 11.2 Call Control Suppor t The Prestige prov ides two call cont rol functions: bu dget management and call hi story. Please note that this menu is only applicable when Encapsulat ion is set to PPPoE or PPTP i n Menu 4 or Menu 11.1. The budget management function al l[...]
-
Página 140
P312 Broadban d Security G ateway System Mai nten anc e & Infor m ation 1 1-3 The total budget is the time limit o n the accu mu lated ti m e for outgoing calls to a re mote node. When this limit is reached, th e call will be dropped an d furth er outgoing calls to that remote node w ill be blocked. After each period, th e total budg et is rese[...]
-
Página 141
P312 Broadban d Security G ateway 1 1- 4 System Mai nten anc e & Infor m ation Tab le 11-2 Call Hi story Fi elds Field Description Phone Number The PPPoE serv ice na mes are show n here. Dir This sh ow s whether the cal l was in co ming or o utgoing. Rate T his is the tran sfer rate o f the ca ll. #call This is the num ber of c alls m ade to or[...]
-
Página 142
P312 Broadban d Security G ateway System Mai nten anc e & Infor m ation 1 1-5 Figure 11-6 System Maintenance – Time and Date Setting Table 11-3 T ime and Da te Setting Fiel ds Field Description Use Time S erver w hen Bootup= Enter the ti me serv ice pro tocol t hat your timeserv er w ill send w hen th e Prestige p owers up. C hoi ces are Day [...]
-
Página 143
P312 Broadban d Security G ateway 1 1- 6 System Mai nten anc e & Infor m ation zone and Greenw ich mea n T ime (GM T). Be aw are if/when day light savings ti me alters t his ti me differe nce for y our time z one. Once you h ave fil led in t he new time and date, pre ss [E nter] to save th e settin g and pr ess [Esc] to return to Menu 2 4 . 11.[...]
-
Página 144
P312 Broadban d Security G ateway System Mai nten anc e & Infor m ation 1 1-7 Table 11-4 M enu 24.1 1 - Remote Management Control Field Description Option FTP serv ice active Press the [SPACE BAR] to t oggle Yes to No and press [Enter] to disable all FT P activity (both LAN and W AN). Yes No Telnet se rvice activ e Press the [SPACE BAR] to togg[...]
-
Página 145
P312 Broadban d Security G ateway 1 1- 8 System Mai nten anc e & Infor m ation Figure 11-9 Boot M odule Commands ======= Debug Command Listing ======= AT just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k ATENx,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator ATT[...]
-
Página 146
P312 Broadban d Security G ateway Te l n e t 12-1 Chapter 12 Telnet Configuration and Capabilities This c hapter cov ers the T elnet C onfigura tion and C apabi lities of th e Pres tige. 12.1 About T elnet Configur ati on Before the Prestige is prop e rly setup for T CP/IP, the only option for configurin g it i s through the conso le port. Once y o[...]
-
Página 147
P312 Broadban d Security G ateway 12-2 Te l n e t 12.3.2 Sy stem T imeout There is a sy stem t imeout of 5 minu tes (300 seconds ) for eit her th e console port or teln et. Your Pres tig e will automatically log you out if you do nothi n g in this timeout perio d, except when it is continuously updating the stat us i n M enu 24.1 or w hen "sys[...]
-
Página 148
Firewall and Cont ent Filters IV Part IV: Firewall and Co ntent Filter s Chapters 13 – 20 describ e types of fire walls, h ow to conf igure your Pr estige f irewall using th e Prestig e Web Configur ator , as well as t ypes of Den ial of Ser vices ( DoS) at tack s and Content Filter ing.[...]
-
Página 149
P312 Broadba nd Security Gateway W hat Is a Firewall ? 13-1 Chapter 13 What is a Firewall This chapt er giv es some back gro u nd infor mat ion on firew al ls. Ori g in al ly , th e term firewall refe rred to a constru ction technique des igned to preven t the spread of f ire from one room to an other. The n etw ork term firewall is ty pically def [...]
-
Página 150
P312 Broadba nd Security Gateway 13-2 W hat Is a Firewa ll? needed to filter application traffic and direct it to a number of specific systems. The router need only allow application traffic desti ned for the applicatio n gateway and reject the rest. 13.1.3 Statef ul Inspection f irewall s Stateful Inspection firewalls restrict access by screening [...]
-
Página 151
P312 Broadba nd Security Gateway W hat Is a Firewall ? 13-3 Figure 13-1 Pr estige Firewall A pplication 13.3 Denial of Service Denials of Service (DoS) attack s are aimed at dev ices and netw orks with a con nection to the Intern et. Their goal is not to s teal information, but to disable a dev ice or netw ork so users n o longer have access to n e[...]
-
Página 152
P312 Broadba nd Security Gateway 13-4 W hat Is a Firewa ll? Table 13-1 Common IP Ports 21 FTP 53 DNS 23 Telnet 80 HTTP 25 SMT P 110 POP3 13.3.2 T y pes of Do S attacks There are four ty pes of DoS attacks: 1. Those that exploit bugs i n a T CP/IP implementation. 2. Those that exploit weakn esses in the TCP/IP specification. 3. Brute-f orce attack s[...]
-
Página 153
P312 Broadba nd Security Gateway W hat Is a Firewall ? 13-5 Under normal circums tances, the application th at initiates a session sends a SYN (synchronize) packet to the receiving s erver. The receiver sen ds back an ACK (ackn owledgment) packet and its own SYN, and then the initiator responds with an ACK (ac kno wled g m ent). After this hands ha[...]
-
Página 154
P312 Broadba nd Security Gateway 13-6 W hat Is a Firewa ll? Figure 13-4 Smurf A ttack 4. Often, many DoS attacks also employ a techniqu e known as "IP Spoofing " as part of their attack . IP Spoofi ng may be u sed to break in to systems , to hi de the hack er's identi ty, or to magn ify the effect of the DoS attack. IP Spoof ing is a[...]
-
Página 155
P312 Broadba nd Security Gateway W hat Is a Firewall ? 13-7 Figure 13-5 Stateful Inspection Figure 13-5 shows the Presti ge’s default fire wall rules i n action as well as de monstrates ho w stateful inspection works. User A ca n initiate a T elnet session fro m within the LAN and respo nse s to this request are allowed. However other Telnet traf[...]
-
Página 156
P312 Broadba nd Security Gateway 13-8 W hat Is a Firewa ll? 7. The packet is ins pected by a firewall rule, and the conn ection's state table entry is updated as necessary. Based on the updated state inf ormation, the inbou nd extended access lis t temporary entries might be modified, in order to perm it only packets th at are valid for the cu[...]
-
Página 157
P312 Broadba nd Security Gateway W hat Is a Firewall ? 13-9 When any subsequent pack et hits the box (f rom the In ternet or from th e LAN), its conn ection information is extracted and ch ecked against the cach e. A packet is on ly allowed to pass th rough if it corresponds to a v alid connection (that is, if it is a response to a connection which[...]
-
Página 158
P312 Broadba nd Security Gateway 13-10 W hat Is a Firewa ll? 3. Limit who can Telnet into your router. 4. Don' t enable any local s ervice (su ch as SNMP or NTP) th at you don' t use. Any enabl ed serv ice coul d present a potential security risk. A deter mined, hostile part y m ight be able to find creative ways to misuse the enabled ser[...]
-
Página 159
P312 Broadba nd Security Gateway W hat Is a Firewall ? 13-1 1 12. Always shred confidential information, particularly about your computer, before throwing it away. Some hackers dig through the trash of co m panies or individ uals for information that mig ht help them in a social intrusio n.[...]
-
Página 160
[...]
-
Página 161
P312 Broadban d Security G ateway Introduc ing the Pr estige F irewall 14-1 Chapter 14 Introducing the Prestige Firewall This chapt er shows you how to get st arted with the Prest ige Firew all. Ple ase see Cha pter 1 3 for some b ackground inform ation on f irewalls . 14.1 SMT Menus From the Main Menu (see below) enter 21 to go to Menu 21 - Filter[...]
-
Página 162
P312 Broadba nd Security Gateway 14-2 Introduc ing the Pr estige F irewall Figure 14-3 M enu 21.2 – Fir ewall Setup Please n ote that yo u ca n onl y conf igur e the fire wall rules u sing t he Pre stige Web Configur at or or CL I co mman ds. 14.1.1 V iew Fire wall Log Enter 3 from menu 21 to view the firewall log. Fire wall logs may also b e vie[...]
-
Página 163
P312 Broadban d Security G ateway Introduc ing the Pr estige F irewall 14-3 ICM P Echo A bru te-force attack, such as a "Smurf" attack, targets a feature in the IP specification known as directed or subn et broadcastin g, t o quickl y flood th e targ et network with us eless data. A Smu rf hacker floods a router with Intern et Control Mes[...]
-
Página 164
P312 Broadba nd Security Gateway 14-4 Introduc ing the Pr estige F irewall T racerou te Traceroute is a u til ity used to determ ine the pat h a packet tak es betw een two endpoin ts. Sometimes w hen a packet fi lter firewall is config ured incorrectly an attacker can traceroute th e firewall gaining knowledge of the n etwork topol ogy insi de the [...]
-
Página 165
P312 Broadban d Security G ateway Introduc ing the Pr estige F irewall 14-5 Table 14-4 View Firewall Log Field Description # This is the ind ex number of the firew all log. 128 entr ies are av ailable numbere d from 0 to 127. Once t hey are all used, the log w ill w rap arou nd and t he old l og s will be lost. mm:dd:y y e.g., Jan 1 70 Time This is[...]
-
Página 166
P312 Broadba nd Security Gateway 14-6 Introduc ing the Pr estige F irewall Figure 14-5 Big Pictu re - Filtering, Firewall and NA T 14.3 Packet F iltering Vs Fire w all Belo w are some comparis ons between the Prestige’s filtering and firewall functions. 14.3.1 Packet Filtering : ! The router filters packets as they pass through the router’s int[...]
-
Página 167
P312 Broadban d Security G ateway Introduc ing the Pr estige F irewall 14-7 When T o Use Filtering 1. To block/allow LA N packets by their MAC addres s. 2. To block/allow s pecial IP packets which are n either TCP, UDP, nor ICMP packets. 3. To block/ allow both in boun d (WAN to LA N) and out boun d (LAN to WA N) traff ic between the s pecific insi[...]
-
Página 168
[...]
-
Página 169
P312 Broadban d Security G ateway Introduc ing the Pr estige Web Configur ator 15-1 Chapter 15 Introducing the Prestige Web Configurator This c hapter shows you how to confi gure your firewall w ith the W eb Conf igurator. 15.1 W eb Configurator Logi n and W elcome Screens Laun ch your web brow ser an d ent er 192.168.1.1 as the U RL . This is the [...]
-
Página 170
P312 Broadba nd Security Gateway 15-2 Introduc ing the Prest ige Web Config urator Figure 15-2 Prestige Web Configurator Welcome Scre e n 15.2 Enabling the Firewall Click Firewall, then Co n figuration, then the Rule Config tab to enable the fire wall as seen in the following screen.[...]
-
Página 171
P312 Broadban d Security G ateway Introduc ing the Pr estige Web Configur ator 15-3 Figure 15-3 Enabling the Firewall 15.3 E-Mail This screen allows y ou to specify your mail server, where e- m ail alerts sho uld be sent as well as when and how often they should be sen t. 15.3.1 What are A lerts? Alerts are report s on ev ent s such as attacks, w h[...]
-
Página 172
P312 Broadba nd Security Gateway 15-4 Introduc ing the Prest ige Web Config urator To field and schedule tim es for sending alerts in the Alert Tim er fields in the E-Mail s creen (following screen). 15.3.2 What are Logs? A log is a detailed record t hat y o u create f or packets th at either ma tch a rule, don’ t m atch a rule or both wh en you [...]
-
Página 173
P312 Broadban d Security G ateway Introduc ing the Pr estige Web Configur ator 15-5 Tab le 15-1 E-Mail Field Description Options Address Inform ation Mail Serv er Enter the IP addre ss of y our mai l server in dot decimal format. Y our Inter net Serv ice Prov ider (ISP) sh ould be able to pr ovide t his inf orma tion. If t his fi eld is left blank,[...]
-
Página 174
P312 Broadba nd Security Gateway 15-6 Introduc ing the Prest ige Web Config urator 15.3.3 SMTP Error Me ssag es If there are diff iculties in sending e-m ail the follo wing error messages appear. Please see th e Support Notes on the accom panying CD for information on oth er ty pes of error m essages . E-mail error m essa ges appear as "SMTP a[...]
-
Página 175
P312 Broadban d Security G ateway Introduc ing the Pr estige Web Configur ator 15-7 Figure 15-5 E-M ail Log 15.4 A ttack A lert In this screen you may choose to g enerate an alert whenever an attack is detected. For DoS attack s, the Prestig e us es threshol ds to dete rmine when to drop ses sions that do not becom e fully est ablishe d. These thre[...]
-
Página 176
P312 Broadba nd Security Gateway 15-8 Introduc ing the Prest ige Web Config urator You can use the default threshold values, or you can change them to value s more suitable to your security requirements. 15.4.1 Threshold V alues : You really just need to tun e these parameters when something is n ot working and after you have check ed the firewall [...]
-
Página 177
P312 Broadban d Security G ateway Introduc ing the Pr estige Web Configur ator 15-9 The Prestige deletes the old est exi sting half-open session for the host for every new connectio n request to the host. This ens ures that the nu mber of h alf-open sessi ons to a given host will n ever exceed the thresh old. 2. If the Blocki ng T ime timeout is gr[...]
-
Página 178
P312 Broadba nd Security Gateway 15-10 Introduc ing the Pr estige Web Configur ator Tab le 15-3 A ttac k Alert Field Description Default Values Generate aler t when attack dete cted A detected atta ck aut oma tically genera tes a log entry. C heck thi s box to generate an alert (as w ell a s a log) w henever an attack is dete cted. See sectio n 15.[...]
-
Página 179
P312 Broadban d Security G ateway Introduc ing the Pr estige Web Configur ator 15-1 1 Field Description Default Values rises ab ove thi s numb er, the Pre stige deletes half-ope n se ssion s as require d to accommoda te new connection reque sts. Do not set Maximum Inco mplet e High to lower than t he curren t Max-Inc omplete Low number. half-open s[...]
-
Página 180
[...]
-
Página 181
P312 Broadban d Security G ateway Creating C ustom Rul es 16-1 Chapter 16 Creating Custom Rules 16.1 Rules Overvie w Firewall rules are subdiv ided into “ Local Network” and “ Internet”. By def ault, the Prestige’s stateful packet inspection allows all communications to the Intern et that originate from the local network , and blocks all [...]
-
Página 182
P312 Broadba nd Security Gateway 16-2 Creati ng Custom Rules 5. What computers on the LAN are to be aff ected (if any)? 6. What computers on the Internet will be affected? The m ore specific, the better. For exam ple, if traffic is being allowed from the Internet to the LAN, it is better to allo w only certain machines o n the Internet to access th[...]
-
Página 183
P312 Broadban d Security G ateway Creating C ustom Rul es 16-3 16.3 Connection Direction This section talks abo ut con figuring firewall rules for connection s goi ng from L AN to W AN and WAN to LA N in y o u r f i rew a ll. 16.3.1 LA N to W A N R ules The default ru le for LAN to WAN traffic is th at all users on the LAN are allowe d non-restrict[...]
-
Página 184
P312 Broadba nd Security Gateway 16-4 Creati ng Custom Rules Figure 16-2 W AN to LAN Traffic 16.4 Services Supported The list box in the Rule Config (uration) screen ( see Figur e 16-4 ) display s all services that the Prestige support s. Cust om servi ces may also be configured u sing th e Custo m Ports function discussed later. Next to the name o[...]
-
Página 185
P312 Broadban d Security G ateway Creating C ustom Rul es 16-5 Table 16-1 Services Supported SERV ICE DESCRIPTI ON BGP(TCP:179) Border Gateway Protoc ol BOOTP_CLIE NT (UDP: 68) DHCP Client BOOTP_SERVE R(UDP:67) DHCP S erver CU-SEE ME(TC P/UDP:7648, 24032) A popular videoconferencing s olution from W hite Pines S oftware. DNS(UDP/ TCP:53) Domain Nam[...]
-
Página 186
P312 Broadba nd Security Gateway 16-6 Creati ng Custom Rules 16.5 Rule Summary The fi elds in the Rule Su m mar y screens ar e th e same for Loc al Networ k and Int ern et , so the dis cussion below refers to both. Click on Firew all , then Local Net w ork to bring up the following scree n. This screen is a summary of the existing rules. Note the o[...]
-
Página 187
P312 Broadban d Security G ateway Creating C ustom Rul es 16-7 Tab le 16-2 Firewall Rules Summar y – First S creen Field Description Option General Name This is the name of the firewall rule set. Default Perm it Log Check this b ox to log all matched rules i n the ACL default set. The defau lt actio n for pa cke ts not matchin g follow ing ru les[...]
-
Página 188
P312 Broadba nd Security Gateway 16-8 Creati ng Custom Rules Field Description Option section 16.5.1 f or more d etails. Delete Press this bu tton to d elet e an ex isting firewall r ule. Note that s ubseque nt firew all rules move u p by on e when y ou take thi s actio n. M ove Rule You may reorder y our rules using t hi s function. Select by cl i[...]
-
Página 189
P312 Broadban d Security G ateway Creating C ustom Rul es 16-9 Figure 16-4 Crea ting/Editing A Firewall Rule Table 16-3 Cre ating/Editing A Firewall Rule Field Description Option Source Addre ss Press Sr cA dd to add a n ew address, SrcEdit to edit an ex isting o ne or SrcD elete to delete one. Plea se see the nex t section for more i nformati on o[...]
-
Página 190
P312 Broadba nd Security Gateway 16-10 Creating C ustom Rul es Field Description Option from the A vailable Ser vices box on the left, then pres s >> to sele ct it. T he sele cte d service show s up on the Select ed Serv ices box on the right. T o remov e a servi ce, cli ck on it in t he Selecte d Serv ices box on the right, then press <&l[...]
-
Página 191
P312 Broadban d Security G ateway Creating C ustom Rul es 16-1 1 Figure 16-5 Adding/Editing Source & Destination A ddresses Table 16-4 A d ding/Editing Source & Destination Addresses Field Description Option Address T ype Do you w ant your rule to a pply to packe ts w ith a part icular (single) IP , a range of IP addr es ses (e.g. , 192.16 [...]
-
Página 192
P312 Broadba nd Security Gateway 16-12 Creating C ustom Rul es W he n y ou hav e fini shed, c lick A pply to save y our custo mized setting s and ex it this screen, Cancel to ex it this screen w ithout savin g, or He lp for online HTM L help on fie lds in this scre en. 16.6 T imeout The fi elds in the Timeout screen s are the same for Local and Int[...]
-
Página 193
P312 Broadban d Security G ateway Creating C ustom Rul es 16-13 Figure 16-6 T imeout Sc reen[...]
-
Página 194
P312 Broadba nd Security Gateway 16-14 Creating C ustom Rul es Table 16-5 Timeout Menu Field Description Default Value TCP T imeout V a lues Connectio n Timeo ut This is the len gth o f time t he Presti ge w aits for a T CP session to r ea ch the e stablished st ate before droppin g the sessio n. 30 seconds FIN- W ait T imeout This is the length o [...]
-
Página 195
P312 Broadban d Security G ateway Custom Ports 17-1 Chapter 17 Custom Ports 17.1 Introducti on You will need to configure customized po r ts for services not included in t he services pr o vided in the scrolling list box in t he screen sho wn in Figur e 16-4 . For furth er information on these services, please read section 16.4. To con figu re a cu[...]
-
Página 196
P312 Broadba nd Security Gateway 17-2 Custom Ports Tab le 17-1 Custom Ports Field Description Cus tom ize d Ser vices No This is the num ber of y our cust omiz ed por t. Name This is the nam e of yo ur custom ized port. Protocol T his show s the IP p rotocol ( TCP , UDP or Both ) that defines y our cu stomiz ed port. Port This is the port number or[...]
-
Página 197
P312 Broadban d Security G ateway Custom Ports 17-3 Figure 17-2 Creating/Editing A Custom Port The next table describes the fields in this screen.[...]
-
Página 198
P312 Broadba nd Security Gateway 17-4 Custom Ports Tab le 17-2 Creating/Ed iting A Custom Po rt Field Description Option Service Na me Enter a uni que nam e for you r custo m port. Service T ype Choose the IP por t ( TCP , UDP or Both ) tha t defines y our cu stomiz ed port fr om the drop down list box . TCP UDP Both Port Configura tion Type Click [...]
-
Página 199
P312 Broadban d Security G ateway Logs 18-1 Chapter 18 Logs 18.1 Log Scr een When y ou configu re a new rule you als o have the opti on to log events that match , don’t match (or both ) thi s rule ( see Fi gure 16-4 ). Click on the Logs to br ing up the ne x t scre en. Fir ewa ll logs may a lso be viewed in SMT Menu 21.3 ( s ee section 1 4.1.1) o[...]
-
Página 200
P312 Broadba nd Security Gateway 18-2 Logs Table 18-1 Log Screen Field Description No. This is the ind ex number of the firew all log. 128 entries are av ailable numbered from 0 to 127. Onc e they ar e al l used, the log w ill wrap aroun d and the o ld logs will be lost . dd:mm:yy e.g., Jan 1 0 Time This is the tim e th e log w as recorde d in this[...]
-
Página 201
P312 Broadban d Security G ateway Logs 18-3 Field Description W he n you have fi ni shed v iewing thi s scre en, cli ck ano ther link to ex it.[...]
-
Página 202
[...]
-
Página 203
P312 Broadban d Security G ateway Example F irewall Rules 19-1 Chapter 19 Example Firewall Rules 19.1 Examples Please note that whenever y ou open a hole in the firewall to f orward a service from the Internet to the local net work, a nd NAT is also enab led, you ma y ha ve to al so conf igur e a serve r be hi nd N AT usi n g SMT menu 15.2. Please [...]
-
Página 204
P312 Broadba nd Security Gateway 19-2 Examp les Fir ewall R ules Figure 19-1 Activate The Firewall Step 2. Now we configu re our E-mail screen as follo ws. Click the E-Ma il tab t o br i ng up the next screen. Check here to activate the firew all. You may also activate the firew all in SMT m enu 21.2.[...]
-
Página 205
P312 Broadban d Security G ateway Example F irewall Rules 19-3 Figure 1 9-2 Exampl e 1 – E- Mail Scre en Step 3. Now we conf igure our firewall rule as shown in the f ollowing screen. The defau lt firewall blocks all In ternet traffic entering ou r local network, but w e want to create a hole for w eb service from the Internet. Go to the Ru l e S[...]
-
Página 206
P312 Broadba nd Security Gateway 19-4 Examp les Fir ewall R ules Figure 19-3 Example 1 – Configuring A Rule This is an Internet to Local Network rule. Click DestAd d to configure the dest ination address as the IP of our server on the LAN. See the ne xt scre en. Click this butto n when you have finished editing scree ns. Select this service (web [...]
-
Página 207
P312 Broadban d Security G ateway Example F irewall Rules 19-5 Figure 1 9-4 Example 1: Destinat ion A ddres s for T raffic Origin ating F rom Th e Internet 10.100.1. 2 is t he IP of our server on th e LAN (support ing FTP, HTT P, Telnet and mail services) to w hich we w ish to forward traff ic orig inating from the Internet.[...]
-
Página 208
P312 Broadba nd Security Gateway 19-6 Examp les Fir ewall R ules Figure 1 9-5 Example 1 - Rule Su mmary Scr een 19.1.2 Example 2 – Sm all Off ice W ith Mail, FTP and Web Serv ers Our small offi ce has: i. A mail server wi th an IP of 192.168. 10.2 . ii. Two FTP servers. We w a nt FTP server On e (IP of 192.16 8.10.3) t o be accessi ble from t he [...]
-
Página 209
P312 Broadban d Security G ateway Example F irewall Rules 19-7 Step 1. First we want to send alerts whe n there is an attack. Go to the Attack Alert screen (click Configura tion , then the Attack Alert tab) sh own n ext. Figure 1 9-6 Send Alerts Wh en Atta cked Step 2. Configu re the E-Mail screen as shown in exam ple 1 – our m ail serv er’s IP[...]
-
Página 210
P312 Broadba nd Security Gateway 19-8 Examp les Fir ewall R ules Figure 19-7 Configuring A PO P Custom Por t Step 4. Now, we will create rules to block all outgoing traffic (from the local network to the Internet) except for traff ic originating from the HTTP proxy server and ou r mail server. Click Internet to see the Rule Summary screen. No w cli[...]
-
Página 211
P312 Broadban d Security G ateway Example F irewall Rules 19-9 Figure 1 9-8 Example 2 - L ocal N etwo rk Rule 1 Config uration Step 6. Similarly configure another local netw ork to Internet rule allowing traffic from our web (HTTP) proxy se rver. Step 7. Th e Rule Summary screen sho uld lo o k like Figure 19-9 . Don’ t forget to click Apply wh e [...]
-
Página 212
P312 Broadba nd Security Gateway 19-10 Examp les Firewa ll Rul es Figure 1 9-9 Example 2 - Local N etw ork Rule Summ ary Step 8. Now we want an FTP server (IP of 192.168. 10.3) to be access ible from the Intern et. Remember the default Internet to Local Net work ACL set b lo cks all traffic f rom the Internet, so we want to create a hole for this s[...]
-
Página 213
P312 Broadban d Security G ateway Example F irewall Rules 19-1 1 Figure 1 9-10 Example 2 - Internet t o Local Net work Rule Summary 19.1. 3 Example 3: DHCP Negotiation and S y slog Connection from the Internet The following are some Internet firew all rules examples to: 1. Al low DHCP n egotiat ion bet ween th e ISP an d the P312. 2. Allow a syslog[...]
-
Página 214
P312 Broadba nd Security Gateway 19-12 Examp les Firewa ll Rul es Figure 19-11 Custom Port for Syslog Step 2. Follo w the procedures o utli ned in t he pr evious exa m ples to co n figure all your rules. When finished, your rule summary screen should look like the following. C us t om por ts show up wi th a n “*” before th eir names in the Serv[...]
-
Página 215
P312 Broadban d Security G ateway Example F irewall Rules 19-13 Figure 19-12 Syslog Rule Configuration This is our Sy slog cust om port. Click Apply whe n fi ni shed . This is the address ran ge of t he sy slog s ervers .[...]
-
Página 216
P312 Broadba nd Security Gateway 19-14 Examp les Firewa ll Rul es Figure 1 9-13 Example 3 Ru le Summar y Rul e 1: Al low DHCP negot iation between t he ISP an d th e P312. Rule 2: Allow a syslog connection from the WAN. Click Apply to sa ve yo ur settings back to the Pr estige.[...]
-
Página 217
P312 Broadban d Security G ateway Content Fi ltering 20-1 Chapter 20 Content Filtering The Prestige can block web features such as ActiveX controls, Java applets, cook ies as well as disable web proxies. The Prestige can also block specif ic URLs by using the k eyword featu re. Please n ote that c onten t filter ing mea ns the abili ty to b lock ce[...]
-
Página 218
P312 Broadba nd Security Gateway 20-2 Content F iltering 20.1.3 Cookies Cooki es are used by Web serv ers to track usag e. Cookies provide s ervice bas ed on ID. U nfortun ately, cookies can be progra mmed not only to identify the visitor to the site, but also to track that visitor's activitie s. Because they repres ent a potential loss of pri[...]
-
Página 219
P312 Broadban d Security G ateway Content Fi ltering 20-3 Figure 20-1 Conte nt Filtering Sc reen Table 20-1 Content Filtering Fields Field Description Restrict We b Features Check the box (es) to restri ct that f eatu re. When you dow nload a page containi ng a res tricted feature, t hat part of the w eb page w ill app ear blan k or grayed out. Blo[...]
-
Página 220
T roubleshoot ing, A ppendic es, Glossar y and In dex V Part V: Troubleshooting, App end ices, Glossary and Index Chapter 21 provid es inf ormation a bout sol ving com mon pr oblem s, followed b y som e Appen dices, a Glossar y of T erm s and an Index.[...]
-
Página 221
[...]
-
Página 222
P312 Broadban d Security G ateway T roubleshoot ing 21-1 Chapter 21 Troubleshooting This c hapter cov ers the potential problems you may run int o and the p ossibl e remed ies. After each pro blem des cription, s ome ins tructions are pr ovided to help you to diagnos e and to s olve t he problem. Please se e our s upporting d isk for fur ther infor[...]
-
Página 223
P312 Broadban d Security G ateway 21-2 T roublesh ooting 21.2 Problems with the LA N Interface Table 21-2 T roubleshooting the LAN Interface Problem Corr ective A ction Check the 10M /100M LEDs on the fron t panel. O ne of these LED s should b e on. If t hey are both off, ch eck the cable s betw een your Prestige a nd hub or the sta tion. Can’t p[...]
-
Página 224
P312 Broadban d Security G ateway T roubleshoot ing 21-3 21.4 Problems w ith Internet A ccess Table 21-4 T roubleshooting Inte rnet A ccess Problem Correctiv e A ction Connect y our Cable/x DSL modem with th e Prestig e using appropriat e cable . Check w ith the manufa cturer of y our Cable /x DSL modem about th e cable req uiremen t becau se for s[...]
-
Página 225
[...]
-
Página 226
P312 Broadban d Security G ateway PPPo E E Appendix A PPPoE PPPoE in Action An A DSL modem bridges a PPP s ess ion over Et hern et (PPP ov er Eth ern et, R FC 2516) from your PC to an ATM PVC (Permanent Virtual Circuit) w hich connects to a xDSL Access Concentrator where th e PPP ses sion t erm inat es (see the next f igure). On e PVC can support a[...]
-
Página 227
P312 Broadban d Security G ateway PPPo E F How PPPoE Work s The P PPoE d river ma kes th e Et hern et appear as a se ria l l ink t o th e PC an d th e PC run s PPP ov er it , w h ile th e m odem bridges the Ethe rnet fra mes to the Access Concentrator (AC ). Between the AC and an ISP, the AC is acting as a L2T P (Layer 2 T unneling P rotoco l) LAC [...]
-
Página 228
P312 Broadban d Security G ateway PPTP G Appendix B PPTP What is PPT P? PPTP (Poi nt- to- Poin t Tunn eling Protocol) is a Micros oft prop riet ary protocol (R FC 2637 f or PPTP is inf orm ation al on ly ) to tunn el PPP f ram es. How can we transport PP P fram e s from a PC to a broadband modem over Ethernet? A solution is to build P PT P into the[...]
-
Página 229
P312 Broadban d Security G ateway PPTP H PNS and the PAC must have IP connectivity; however, the PAC must in additio n have dial-up capability. The ph on e ca ll is betw een the use r an d th e P A C an d t he PAC tunn els th e PPP f ra m es to t he PNS . The PP TP user is una ware o f the tu nnel b e twee n the P AC and the PN S. Microsoft in clud[...]
-
Página 230
P312 Broadban d Security G ateway Hardware Sp ec if ic ati ons I Appendix C Hardware Specifications Power Specifi cation I/P AC 120V / 60Hz ; O/P DC 12V 120 0 mA MT BF 10000 0 hrs Operation T emper ature 0º C ~ 40º C Ethernet Spe cification for WA N 10Mbit Half Dup lex Ethernet Spe cification for LAN 10/100 M bit Half / F ull Auto- nego tiation C[...]
-
Página 231
P312 Broadban d Security G ateway J Safety Ins tructions Appendix D Important Safety Instructions The follo wing safet y instructio ns appl y to the Presti ge: 1. Be sure to read and follow all warning notices and instr uction s. 2. The maximum recommended ambient temperature for th e Prestige is 40º(104º). Care m ust be tak en to allow sufficien[...]
-
Página 232
P312 Broadban d Security G ateway CLI Comm ands K Appendix E Firewall CLI Commands T he follo wing tab le d escri bes t he syn tax use d to conf i gure your fi re wa l l usi ng Co mmand Line I nte r face (CLI) comm ands. Select option 24.8 Comm a nd Interpreter Mode from the Main Menu to go into CLI m ode. For detail s on ot her CLI comm a nds to c[...]
-
Página 233
P312 Broadban d Security G ateway L CLI Comm ands Function CLI Sy ntax Description config edit firewall e-mail email-to <e-mail address> Edits the m ail address which you want to send t he alert to config edit firewall e-mail policy <full | hourly | daily | weekly> Edits whether the c urrent firewall traffic l og contents are s ent thro[...]
-
Página 234
P312 Broadban d Security G ateway CLI Comm ands M Function CLI Sy ntax Description config edit firewall set <set #> default-permit <forward | block> E di ts whether a pack et is dropped or allowed through, when it does not meet a rule within the set config edit firewall set <set #> icmp-timeout <seconds> Edits the time limit[...]
-
Página 235
P312 Broadban d Security G ateway N CLI Comm ands Function CLI Sy ntax Description config edit firewall set <set #> rule <rule #> srcaddr-subnet <ip address> <subnet mask> Select s and edits a sourc e address and subnet mask of traffi c w hich co mp ly to thi s ru le config edit firewall set <set #> rule <rule #>[...]
-
Página 236
P312 Broadban d Security G ateway CLI Comm ands O Function CLI Sy ntax Description D D e e l l e e t t e e config delete firewall e-mail Removes al l the sett i ngs for e-mai l alert config delete firewall attack Resets al l the sett i n gs for attack t o default setting config delete firewall set <set #> Removes t he specified set from the f[...]
-
Página 237
P312 Broadban d Security G ateway P Power Adapt er Spec if ic ati ons Appendix F Power Adapter Specs AC Power Adapter Specificati ons North America AC Pow er Adapter mode l M W 48-1201200 Input power: AC120Volts/ 60Hz Output pow er: DC12Volt s/1.2A Power consu mption: 9 W Plug: North Am erican standard s Safety standar ds: U L, CUL (U L 1310 , CSA [...]
-
Página 238
P312 Broadban d Security G ateway Power Adapt er Specif ications Q Japan AC Pow er Adapter mode l JOD-48-1 124 Input pow er: AC100Vo lts/ 50/ 60Hz/ 27VA Output pow er: DC12Volt s/1.2A Power consu mption: 9 W Plug: Japan stan dard s Safety standar ds: T -M ark Australia and New Zealand AC Power Adapter mode l AD-120120 0DS Input power: AC240Volts/ 5[...]
-
Página 239
P312 Broadban d Security G ateway R Glossa ry Glossary of T erms 10BaseT T he 10-M bps baseban d Ethernet speci ficatio n that u ses tw o pair s of tw isted-pa ir cabling (C ategory 3 or 5): on e pair for tran smitti ng data and the o ther for re ceivi ng data. ARP Address Re solutio n Protoco l is a p rotocol for map ping an I nter net Protoc ol a[...]
-
Página 240
P312 Broadban d Security G ateway Glossa ry S Cookie A string of charac ters sav ed by a web brow ser on the user' s hard d isk. M any w eb pages s end coo kies t o track spe cific user inf ormatio n. Coo kies can be u sed to r etai n informati on as t he user b row ses a w eb site . For ex ample, cookies ar e u sed to 'remember' the[...]
-
Página 241
P312 Broadban d Security G ateway T Glossa ry Digital Sig natur e Digital code t hat auth enticat es w homever signed the do cument or so ftware. Softw are, messages, E ma il, and other ele ctronic docum ents c an be s igned e lectroni cally so that they can not be a ltered by anyon e else. If som eone al ters a sign ed docu ment, th e signature is[...]
-
Página 242
P312 Broadban d Security G ateway Glossa ry U Events These are netw ork activit ies. Som e activ ities are dire ct attac ks on y our sy stem, w hile others m ight be d ependi ng on the cir cumst ances. Therefore , any a ctivity , regard less of severity i s calle d an ev ent. A n event may or may n ot be a d irect att ack on your sy stem. FAQ (Freq[...]
-
Página 243
P312 Broadban d Security G ateway V Glossa ry Integrity Proof that th e data i s the s ame as origina lly in tended. Un autho rized software or people have not altered t he or iginal informa tion . internet (Low er case i) Any t ime y ou conne ct 2 or more netw orks together, y ou have an internet. Internet (Upper c ase I) T he vast colle ction of [...]
-
Página 244
P312 Broadban d Security G ateway Glossa ry W as a stream of bits. Name Re solutio n T he allocati on of an IP ad dress t o a host name. S ee DN S NAT Netw ork Address T ranslati on is t he tr anslati on of an Internet Pr oto col addr ess us ed within one netw ork to a d ifferent IP addr ess k nown w ithin anot her netw ork - s ee also SUA. NDIS Ne[...]
-
Página 245
P312 Broadban d Security G ateway X Glossa ry Plain Tex t The opposite of Ci pher Tex t, Plain Text is read able by anyone . Prestige W eb Configurator T his is a web-bas ed Presti ge router ( not all) con figurator that inclu des an I nternet Access W izard, A dvance d and Fir ew all (not all Pre stige m odels) configur atio ns. POP Post Offi ce P[...]
-
Página 246
P312 Broadban d Security G ateway Glossa ry Y system, m eaning t hat an end-to-e nd priv ate cir cuit i s estab lished betw een call er and callee. Public Key Encryption Sy stem of en cryptin g el ectronic file s using a key pair . The key pair cont ains a public key used d uring encry ption, and a corre spondi ng pr ivate key us ed durin g decry p[...]
-
Página 247
P312 Broadban d Security G ateway Z Glossa ry SPAM Unw anted e-mail, usual ly in the form of advert isemen ts. Spoofing T o forge some thing, such a s an IP ad dress. IP Spoofing is a c ommon way for hackers to hide th eir loc ation an d ident ity SSL (Secured Socket Layer) Technolo gy that allow s you to send inf ormation that on ly the s erver ca[...]
-
Página 248
P312 Broadban d Security G ateway Glossa ry AA on a host syst em. Ob jects inc lude dir ect ories an d an as sortmen t of file ty pes, in clu ding tex t files, graph ics, v ideo, a nd audi o. A URL i s the a ddre ss of an object that i s nor mally typed in the Addre ss fiel d of a W eb br ow ser. The U RL is basic ally a pointer t o the location of[...]
-
Página 249
[...]
-
Página 250
P312 Broadban d Security G ateway Index CC Index A Action for M atched Pa ckets .......................... 16-10 Activate The F irew all ...................................... 19-2 ActiveX ........................................................... 20-1 Add Keyw ord .................................................. 20-3 Alert Schedule ............[...]
-
Página 251
P312 Broadban d Security G ateway DD Index Encapsulati on PPP over Ethernet .................................................... E Ethernet Enc apsulat ion3-8, 4-1, 4-5 , 4-6, 4-1 0, 6- 11, 6-12 Example E-M ail Log ........................................15-6 Example s ........................................................19-1 F Factory Default .[...]
-
Página 252
P312 Broadban d Security G ateway Index EE L LAN Setup ........................ 2-6, 2-11, 2- 12, 3-4, 3-5 LAN to W AN Rul es ......................................... 16-3 LAND ............................................ 13-4, 13-5, 14-2 Local Netw ork Rule Sum mary ................................................... 16- 6 log....................[...]
-
Página 253
P312 Broadban d Security G ateway FF Index S Safety Instruc tions ................................................ J Safety Instruc tions ................................................ J saving the stat e ............................................... 13-6 Security In G eneral .......................................13-10 Security Ramif icatio ns[...]
-
Página 254
P312 Broadban d Security G ateway Index GG W A N Setup ............................ 2-6, 2-10, 2- 11, 21-2 W AN t o LAN Rules ......................................... 16-3 W eb Configur ator ........................................... 13-9 W eb Prox y ...................................................... 20-2 W el come screen ....................[...]