P-794M - Modem/Router ZYXEL - Free user manual and instructions

USER MANUAL P-794M ZYXEL

SHDSL 4-Port Internet Security Gateway

User's Guide

Version 1.00

10/2005

Edition 1

ZyXEL

Copyright

Copyright © 2005 by ZyXEL Communications Corporation.

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.

Published by ZyXEL Communications Corporation. All rights reserved.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.

Trademarks

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

Federal Communications Commission (FCC) Interference Statement

This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:

• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause undesired operations.

This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.

If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and the receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
• Consult the dealer or an experienced radio/TV technician for help.

Notice 1

Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.

Certifications

1 Go to www.zyxel.com.
2 Select your product from the drop-down list box on the ZyXEL home page to go to that product's page.
3 Select the certification you wish to view from this page.

Safety Warnings

For your safety, be sure to read and follow all warning notices and instructions.

• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel can service the device. Please contact your vendor for further information.
• Connect the power cord to the right supply voltage (110V AC in North America or 230V AC in Europe).
• Place connecting cables carefully so that no one will step on them or stumble over them. Do NOT allow anything to rest on the power cord and do NOT locate the product where anyone can walk on the power cord.
• If you wall mount your device, make sure that no electrical, gas or water pipes will be damaged.
• Do NOT install nor use your device during a thunderstorm. There may be a remote risk of electric shock from lightning.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.
• Make sure to connect the cables to the correct ports.
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.
• Do NOT store things on the device.
• Connect ONLY suitable accessories to the device.

ZyXEL Limited Warranty

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.

Note

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser.

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.

Safety Warnings

1 To reduce the risk of fire, use only No. 26 AWG or larger telephone wire.
2 Do not use this product near water, for example, in a wet basement or near a swimming pool.
3 Avoid using this product during an electrical storm. There may be a remote risk of electric shock from lightening.

Customer Support

Please have the following information ready when you contact customer support.

• Product model and serial number.
- Warranty Information.
- Date that you received your device.
- Brief description of the problem and the steps you took to solve it.

a. “+” is the (prefix) number you enter to make an international telephone call.

Table of Contents

Copyright 2

Federal Communications Commission (FCC) Interference Statement ...... 3

Safety Warnings 4

ZyXEL Limited Warranty 5

Customer Support......6

Table of Contents 8

List of Figures 14

List of Tables 16

Preface 18

Chapter 1 Introduction ...... 20

1.1 About Your Prestige ....20

1.2 Features ....20

1.3 Applications ......22

1.3.1 Internet Access ......22

1.3.2 Firewall for Secure Broadband Internet Access 23

1.3.3 VPN Application ......23

1.3.4 LAN-to-LAN Application ......23

1.4 Hardware Connection ....24

1.4.1 Front Panel 24

1.5 Rear Panel 25

Chapter 2 The Web Configurator .... 26

2.1 Overview ......26

2.2 Accessing the Web Configurator 26

2.3 Resetting the Prestige ....27

2.3.1 Procedure To Use The Reset Button 27

2.4 Navigating the Web Configurator ....27

2.4.1 The Status Screen 27

2.5 System Status 28

2.6 ARP Table 29

2.6.1 How ARP Works ......29

2.7 Routing Table 30

2.7.1 PPTP Status ....31

2.7.2 IPSec Status ....31

2.7.3 L2TP Status 32

2.7.4 Email Status 33

2.7.5 Event Log 33

2.7.6 Error Log 34

2.7.7 NAT Sessions 35

2.8 Internet Access Quick Start Setup 35

2.8.1 Auto Scan ....37

Chapter 3 LAN .... 38

3.1 Overview ...... 38

3.2 LAN TCP/IP 38

3.2.1 Factory LAN Defaults ....38

3.2.2 IP Address and Subnet Mask 38

3.2.3 RIP 39

3.3 The Ethernet Screen .... 39

3.4 Ethernet Client Filter 40

3.4.1 Ethernet Client Filter Candidates 41

3.5 Port Setting 42

3.6 DHCP 43

3.6.1 IP Pool Setup 43

3.6.2 DNS Servers ....43

3.6.3 DHCP Setup 43

5.1 Overview ....58
5.2 Time Zone ....58
5.3 Remote Access ....59
5.4 Firmware Upgrade ....60
5.5 Backup/Restore 60
5.6 Restart Router 61
5.7 User Management 62

5.7.1 Create a New User Account 62

Chapter 6

Firewall....64

6.1 Overview 64
6.2 Types of Firewalls 64

6.2.1 Packet Filtering Firewalls ...... 64
6.2.2 Application-level Firewalls ...... 64
6.2.3 Stateful Inspection Firewalls ....65

6.3 General Settings 66
6.4 Packet Filter 67

6.4.1 Add a New TCP/UDP Packet Filter 69
6.4.2 Add a New Raw Packet Filter 70

6.5 Intrusion Detection .....71
6.6 URL Filter 73

6.6.1 Keywords Filtering ....74

6.6.1 Keywords Filtering ....74

6.6.1 Keywords Filtering ....74

6.6.1 Keywords Filtering ....74

6.6.1 Keywords Filtering ....74

6.6.1 Keywords Filtering ....74

6.6.1 Keywords Filtering ....74

6.6.1 Keywords Filtering ....74

6.6.1 Keywords Filtering 74

6.6.1 Keywords Filtering ....74

6.6.1 Keywords Filtering ....74

6.6.1 Keywords Filtering ....74

6.6.1 Keywords Filtering ....74

6.6.1 Keywords Filtering ....74

6.6.1 Keywords Filtering ....74

6.6.1 Keywords Filtering ....74

6.6.1 Keywords Filtering ....74

6.6.1 Keywords Filtering ....74

.2 Domain Filtering 75

6.7 Firewall Log ....76

6.7 Firewall Log ....76

Chapter 7

VPN....78

7.1 Overview ......78
7.2 PPTP 78

7.2.1 PPTP Summary ......78

7.2.2 Creating a PPTP VPN Rule 79

7.2.2.1 Remote Access Connection 79
7.2.2.2 LAN to LAN Connection 81

7.3 IPSec 83

7.3.1 AH (Authentication Header) 83
7.3.2 ESP (Encapsulating Security Payload) 83
7.3.3 Perfect Forward Secrecy (PFS) 84

7.3.4 Pre-Shared Key 84
7.3.5 IPSec VPN Summary 84
7.3.6 IPSec VPN Configuration 85

7.4 L2TP 87

7.4.1 Creating a New L2TP Rule 88

7.4.1.1 Remote Access L2TP Connection 88
7.4.1.2 LAN to LAN L2TP Connection 90

7.5 VPN Example 93

7.5.1 Example: Remote PPTP VPN Dial-in Connection .....93
7.5.2 Example: Remote PPTP VPN Dial-out Connection .....94

Chapter 8

QoS (Quality of Service) 96

8.1 Overview 96
8.1.1 Prioritization ......96
8.2 IP Throttling 98
8.3 QoS Example 100

8.3.1 Example Prioritization with QoS 100
8.3.2 Rate Limiting with IP Throttling Example 101

8.4 Time Schedule 101
8.4.1 Configuring a Time Schedule 102

Chapter 9

Static Route 104

9.1 Overview ...... 104
9.2 Configuration ...... 104

Chapter 10

Dynamic DNS....106

10.1 Overview ...... 106
10.1.1 Configuration 106

Chapter 11

Check Emails....108

11.1 Overview ...... 108
11.2 Configuring ...... 108

Chapter 12

Device Management.... 110

12.1 Overview 110

12.1.1 Universal Plug and Play (UPnP) 110

12.1.1.1 How do I know if I'm using UPnP? 110
12.1.1.2 Cautions with UPnP 110

12.1.2 SNMP 110

12.1.2.1 SNMPv3 111

12.1.2.2 SNMP Traps and MIBs 112

12.2 The Device Management Screen 112

12.3 IGMP 115

Index 116

List of Figures

Figure 1 Application: Internet Access 22

Figure 2 Application: Firewall 23

Figure 3 Application: VPN 23

Figure 4 Application: LAN-to-LAN 24

Figure 5 Front Panel: LEDs 24

Figure 6 Rear Panel 25

Figure 7 Web Configurator: Login 26

Figure 8 Web Configurator: Status 27

Figure 9 Status: ARP Table 29

Figure 10 Status: Routing Table 30

Figure 11 Status: PPTP Status 31

Figure 12 Status: IPSec Status 31

Figure 13 Status: L2TP Status 32

Figure 14 Status: Email Status 33

Figure 15 Event Log 34

Figure 16 Status: Error Log 34

Figure 17 Status: NAT Session 35

Figure 18 Quick Start 36

Figure 19 Quick Start: Auto Scan 37

Figure 20 LAN: Ethernet 40

Figure 21 LAN: Ethernet Client Filter 41

Figure 22 LAN: Ethernet Client Filter: Active PC in LAN 41

Figure 23 LAN: Port Setting 42

Figure 24 LAN: DHCP Server 44

Figure 25 LAN: DHCP Server: Disable 44

Figure 26 LAN: DHCP Server: DHCP 45

Figure 27 LAN: DHCP Server: DHCP: Fixed Host 46

Figure 28 LAN: DHCP Server: DHCP Relay Agent 47

Figure 29 WAN: ISP 49

Figure 30 WAN: ISP: Edit 50

Figure 31 WAN: Edit: Advanced PPP Options 52

Figure 32 ISP: Change Connection Type 53

Figure 33 ISP: Change Connection Type Settings (RFC 1483 Routed) ....54

Figure 34 DNS 55

Figure 35 SHDSL 55

Figure 36 System: Time Zone 58

Figure 37 System: Remote Access 59

Figure 38 System: Firmware Upgrade 60

Figure 39 System: Firmware Upgrade: Progress 60

Figure 40 System: Firmware Upgrade: Device Configuration Option ...... 60

Figure 41 System: Configuration Backup/Restore 61

Figure 42 System: Restart 61

Figure 43 System: User Management 62

Figure 44 System: User Management: Edit Account 63

Figure 45 Firewall: General Settings 66

Figure 46 Firewall: Packet Filter 68

Figure 47 Firewall: Packet Filters: Add TCP/UDP Filter 69

Figure 48 Firewall: Packet Filters: Add Raw Filter 70

Figure 49 Firewall: Intrusion Detection 72

Figure 50 Firewall: URL Filter 74

Figure 51 Firewall: URL Filter: Keywords Filtering 75

Figure 52 Firewall: URL Filter: Domains Filtering 75

Figure 53 Firewall: Firewall Logs 76

Figure 54 VPN: PPTP 78

Figure 55 VPN: PPTP 79

Figure 56 VPN: PPTP: Remote Access 79

Figure 57 VPN: PPTP: LAN to LAN Connection 81

Figure 58 IPSec Summary 84

Figure 59 IPSec: Create 85

Figure 60 VPN: L2TP 87

Figure 61 VPN: L2TP: Create 88

Figure 62 L2TP: Remote Access Connection 88

Figure 63 L2TP: LAN to LAN Connection 91

Figure 64 Remote PPTP VPN Dial-in Network Example 93

Figure 65 Remote PPTP VPN Dial-In Configuration Example 94

Figure 66 PPTP: Remote VPN Dial-out Access 94

Figure 67 PPTP VPN Example: Configuration for the Office 95

Figure 68 QoS: Prioritization 97

Figure 69 QoS: Outbound IP Throttling 99

Figure 70 QoS Network Example 100

Figure 71 QoS: Prioritization Example 100

Figure 72 Rating Limiting with IP Throttling Example 101

Figure 73 Configuration: Time Schedule 102

Figure 74 Configuration: Time Schedule: Edit 102

Figure 75 Static Route: Network Example ] 104

Figure 76 Advanced: Static Route 104

Figure 77 Advanced: Dynamic DNS 106

Figure 78 Advanced: Check Emails 108

Figure 79 SNMP Management Model 111

Figure 80 Advanced: Device Management 113

Figure 81 Advanced: IGMP 115

List of Tables

Table 1 Front Panel: LEDs 24

Table 2 Rear Panel 25

Table 3 Status ...... 28

Table 4 Status: ARP Table 30

Table 5 Status: Routing Table 30

Table 6 Status: PPTP Status 31

Table 7 Status: IPSec Status 32

Table 8 Status: L2TP Status 32

Table 9 Status: Email Status 33

Table 10 Status: Error Log 34

Table 11 Status: NAT Session 35

Table 12 Quick Start 36

Table 13 LAN: Ethernet 40

Table 14 LAN: Ethernet Client Filter 41

Table 15 LAN: Ethernet Client Filter: Active PC in LAN 42

Table 16 LAN: Port Setting 42

Table 17 LAN: DHCP Server 44

Table 18 LAN: DHCP Server: DHCP 45

Table 19 LAN: DHCP Server: DHCP: Fixed Host 46

Table 20 LAN: DHCP Server: DHCP Relay Agent 47

Table 21 WAN: ISP 49

Table 22 WAN: ISP: Edit (PPPoE) 50

Table 23 WAN: Edit: Advanced PPP Options 52

Table 24 DNS 55

Table 25 SHDSL 56

Table 26 System: Time Zone 59

Table 27 System: User Management 62

Table 28 System: User Management: Edit Account 63

Table 29 Firewall: General Settings 66

Table 30 Pre-defined Port Filter 67

Table 31 Firewall: Packet Filter 68

Table 32 Firewall: Packet Filters: Add TCP/UDP Filter 69

Table 33 Firewall: Packet Filters: Add Raw Filter 70

Table 34 IDS: Detectable Attacks 71

Table 35 Firewall: Intrusion Detection 73

Table 36 Firewall: URL Filter 74

Table 37 Firewall: URL Filter: Keywords Filtering 75

Table 38 Firewall: URL Filter: Domains Filtering 76

Table 39 Firewall: Firewall Logs 76

Table 40 VPN: PPTP 79

Table 41 VPN: PPTP: Remote Access 80

Table 42 VPN PPTP: LAN to LAN Connection 81

Table 43 ESP and AH 83

Table 44 VPN Rules (IKE): Add Policy 85

Table 45 VPN: PPTP 87

Table 46 VPN: L2TP: Create: Remote Access Connection 89

Table 47 VPN: L2TP: Create: LAN to LAN 91

Table 48 Remote PPTP VPN Dial-In Configuration Example 94

Table 49 Remote PPTP VPN Dial-In Configuration Example 95

Table 50 QoS: Prioritization 97

Table 52 QoS: Outbound/Inbound IP Throttling 99

Table 53 Rate Limiting with IP Throttling Example 101

Table 54 Configuration: Time Schedule 102

Table 55 Configuration: Time Schedule: Edit 103

Table 56 Advanced: Static Route 105

Table 57 Advanced: Dynamic DNS 107

Table 58 Advanced: Check Emails 108

Table 59 MIBs and Attributes ...... 112

Table 60 Advanced: Device Management 113

Table 61 Advanced: IGMP 115

Preface

Congratulations on your purchase of the Prestige 794M.

Note: Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.

Your Prestige is easy to install and configure.

About This User's Guide

This manual is designed to guide you through the configuration of your Prestige for its various applications using the web-based configurator.

Related Documentation

- Supporting Disk

Refer to the included CD for support documents.

- Quick Start Guide

The Quick Start Guide is designed to help you get up and running right away. They contain connection information and instructions on getting started.

• ZyXEL Glossary and Web Site

Please refer to www.zyxel.com for an online glossary of networking terms and additional support documentation.

User Guide Feedback

Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you!

Syntax Conventions

- “Enter” means for you to type one or more characters. “Select” or “Choose” means for you to use one predefined choices.

- The SMT menu titles and labels are in Bold Times New Roman font. Predefined field choices are in Bold Arial font. Command and arrow keys are enclosed in square brackets. [ENTER] means the Enter, or carriage return key; [ESC] means the Escape key and [SPACE BAR] means the Space Bar.

- Mouse action sequences are denoted using a comma. For example, “click the Apple icon, Control Panels and then Modem” means first click the Apple icon, then point your mouse pointer to Control Panels and then click Modem.

• For brevity's sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for “that is” or “in other words” throughout this manual.
• The Prestige 794M may be referred to as “the Prestige” in this user’s guide.

Graphics Icons Key

Prestige	Computer	Notebook computer
Server	DSLAM	Firewall
Telephone	Switch	Router
Wireless Signal

CHAPTER 1 Introduction

1.1 About Your Prestige

Your Prestige integrates high-speed 10/100Mbps auto-negotiating LAN interface(s) and a high-speed SHDSL port into a single package. The Prestige is ideal for high-speed Internet browsing and making LAN-to-LAN connections to remote networks. The Prestige is also an SHDSL router.

By integrating SHDSL and NAT, the Prestige provides ease of installation and Internet access. The Prestige is also a complete security solution with a robust firewall and content filtering.

1.2 Features

The following sections describe the features of the Prestige.

Multi-Mode Standard

Your Prestige supports symmetric data rates of up to 4.6Mbps. It also supports rate management that allows subscribers to select a speed to fit their needs and budgets. The Prestige uses the ITU standard PAM16 Line Code, complies with G.991.2 and G.994.1 standards.

10/100M Auto-negotiating Ethernet/Fast Ethernet Interface(s)

This auto-negotiation feature allows the Prestige to detect the speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network.

4-Port Switch

A combination of switch and router makes your Prestige a cost-effective and viable network solution. You can connect up to four computers to the Prestige without the cost of a hub. Use a hub to add more than four computers to your LAN.

Encapsulation

The Prestige supports PPPoA (RFC 2364 - PPP over ATM Adaptation Layer 5), RFC 1483 encapsulation over ATM, MAC encapsulated routing (ENET encapsulation), IPoA (RFC1577) as well as PPP over Ethernet (RFC 2516).

Multiplexing

The Prestige supports VC-based and LLC-based multiplexing.

Full Network Management

The embedded web configurator is an all-platform web-based utility that allows you to easily access the Prestige's management settings. Most functions of the Prestige are also configurable via the CLI (Command Line Interface) over a telnet/console connection.

Universal Plug and Play (UPnP)

Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.

Network Address Translation (NAT)

Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet).

Firewall

The Prestige is a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN. The Prestige firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts, reports and logs.

Content Filtering

The Prestige can block web features such as ActiveX controls, Java applets and cookies, as well as disable web proxies. The Prestige can block or allow access to web sites that you specify. The Prestige can also block access to web sites containing keywords that you specify. You can define time periods and days during which content filtering is enabled and include or exclude a range of users on the LAN from content filtering.

Packet Filtering

The packet filtering mechanism blocks unwanted traffic from entering/leaving your network.

Dynamic DNS (DDNS)

With Dynamic DNS support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider.

VPN

Establish a Virtual Private Network (VPN) to connect with business partners and branch offices using data encryption and the Internet to provide secure communications without the expense of leased site-to-site lines. The Prestige VPN is based on the IPSec standard and is fully interoperable with other IPSec-based VPN products.

DHCP (Dynamic Host Configuration Protocol)

DHCP (Dynamic Host Configuration Protocol) allows the individual client computers to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server capability, disabled by default, which means it can assign IP addresses, an IP default gateway and DNS servers to all systems that support the DHCP client.

SNMP

SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.

Firmware Upgradeable

The firmware of the Prestige can be upgraded via the web configurator.

1.3 Applications

Here are some examples of what you can do with your Prestige.

1.3.1 Internet Access

The Prestige is the ideal high-speed Internet access solution. Your Prestige supports the TCP/IP protocol, which the Internet uses exclusively. It is compatible with all major DSL DSLAM (Digital Subscriber Line Access Multiplexer) providers. A DSLAM is a rack of DSL line cards with data multiplexed into a backbone network interface/connection (for example, T1, OC3, DS3, ATM or Frame Relay). Think of it as the equivalent of a modem rack for SHDSL.

Figure 1 Application: Internet Access

The Prestige provides protection from attacks by Internet hackers. By default, the firewall blocks all incoming traffic from the WAN. The firewall supports TCP/UDP inspection and DoS (Denial of Services) detection and prevention, as well as real time alerts, reports and logs.

Figure 2 Application: Firewall

The Prestige's VPN feature makes it an ideal cost-effective way to connect branch offices and business partners over the Internet without the need (and expense) for leased lines between sites. VPN ensures the privacy and integrity of your data transmissions.

Figure 3 Application: VPN

graph TD
    subgraph LAN
        A["Computer"] --> B["Router"]
        C["Computer"] --> B
        D["Computer"] --> B
        E["Computer"] --> B
    end
    subgraph Remote Network
        F["Computer"] --> G["Switch"]
        H["Computer"] --> G
        I["Computer"] --> G
        J["Computer"] --> G
    end
    B --> K["Remote IPSec Router"]
    K --> L["Network"]
    style LAN fill:#f9f,stroke:#333
    style Remote Network fill:#bbf,stroke:#333

1.3.4 LAN-to-LAN Application

You can use the Prestige to connect two geographically dispersed networks over the SHDSL line. A typical LAN-to-LAN application for your Prestige is shown as follows.

Figure 4 Application: LAN-to-LAN

1.4 Hardware Connection

Refer to the Quick Start Guide for more information on hardware connection and initial setup using the Quick Start screen.

1.4.1 Front Panel

The following figure shows the front panel LEDs.

Figure 5 Front Panel: LEDs

The following table describes the LEDs.

Table 1 Front Panel: LEDs

1.5 Rear Panel

The following figure shows the rear panel of the Prestige.

Figure 6 Rear Panel

The following table describes the ports.

Table 2 Rear Panel

CHAPTER 2

The Web Configurator

This chapter introduces the web configurator and describes the Quick Start screen.

2.1 Overview

The embedded web configurator (eWC) allows you to manage the Prestige from anywhere through a browser such as Microsoft Internet Explorer or Netscape Navigator. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions with JavaScript enabled. It is recommended that you set your screen resolution to 1024 by 768 pixels. The screens you see in the web configurator may vary somewhat from the ones shown in this document due to differences between individual firmware versions.

2.2 Accessing the Web Configurator

1 Make sure your Prestige hardware is properly connected and prepare your computer/computer network to connect to the Prestige (refer to the Quick Start Guide).
2 Make sure the IP addresses of your computer and the Prestige are in the same range. Refer to the appendix on setting up your computer IP address for more information.
3 Launch your web browser and type "192.168.1.1" as the URL.
4 Enter the username (“admin” is the default) and the password (“1234” is the default).
5 Click OK to log in.

Figure 7 Web Configurator: Login

6 You should now see the HOME screen.

Note: The management session automatically times out when the time period expires (default 180 seconds or 3 minutes). Simply log back into the Prestige if this happens to you. You can change this timeout in the Device Management screen (see Section 12.2 on page 112).

2.3 Resetting the Prestige

If you forget your password or cannot access the web configurator, you will need to reload the factory-default configuration file or use the RESET button on the Prestige. Uploading this configuration file replaces the current configuration file with the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to 1234, also.

2.3.1 Procedure To Use The Reset Button

1 Make sure the PWR LED is on before you begin this procedure.
2 Press the RESET button for more than six seconds, and then release it. If the SYS LED begins to blink, the defaults have been restored and the Prestige restarts.

2.4 Navigating the Web Configurator

The following summarizes how to navigate the web configurator from the HOME screen.

2.4.1 The Status Screen

The following screen shows the Status screen. This is the first screen that displays every time you access the web configurator.

Figure 8 Web Configurator: Status

• Click the links in the navigation panel to configure the Prestige features.

• Click the SAVE CONFIG button to save the current settings to the Prestige.

• Click the RESTART button to reboot the Prestige.

• Click the LOGOUT button at any time to exit the web configurator.

2.5 System Status

Display the Status screen (see Figure 8 on page 27) to view general system information. The following table describes the labels in this screen.

Table 3 Status

2.6 ARP Table

Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control (MAC) address, on the local area network. An IP (version 4) address is 32 bits long. In an Ethernet LAN, MAC addresses are 48 bits long. The ARP table maintains an association between each MAC address and its corresponding IP address.

2.6.1 How ARP Works

When an incoming packet destined for a host device on a local area network arrives at the device, the device's ARP program looks in the ARP table and, if it finds the address, sends it to the device. If no entry is found for the IP address, ARP broadcasts the request to all the devices on the LAN. The device fills in its own MAC and IP address in the sender address fields, and puts the known IP address of the target in the target IP address field. In addition, the device puts all ones in the target MAC field (FF.FF.FF.FF.FF.FF is the Ethernet broadcast address). The replying device (which is either the IP address of the device being sought or the router that knows the way) replaces the broadcast address with the target's MAC address, swaps the sender and target pairs, and unicasts the answer directly back to the requesting machine. ARP updates the ARP table for future reference and then sends the packet to the MAC address that replied.

To view the ARP table, click Status and ARP Table in the navigation panel.

Figure 9 Status: ARP Table

The following table describes the labels in this screen.

Table 4 Status: ARP Table

2.7 Routing Table

The routing table contains the route information to the network(s) that the Prestige can reach. The Prestige automatically updates the routing table with the RIP information received from other Ethernet devices.

Click Status and Routing Table in the navigation panel to display the Routing Table screen.

Figure 10 Status: Routing Table

The following table describes the labels in this screen.

Table 5 Status: Routing Table

2.7.1 PPTP Status

Use the PPTP Status screen to view PPTP VPN connection information. Click Status and PPTP Status in the navigation panel to display the screen as shown next.

Figure 11 Status: PPTP Status

The following table describes the labels in this screen.

Table 6 Status: PPTP Status

2.7.2 IPSec Status

Use the IPSec Status screen to view IPSec VPN connection information. Click Status and IPSec Status in the navigation panel to display the screen as shown next.

Figure 12 Status: IPSec Status

The following table describes the labels in this screen.

Table 7 Status: IPSec Status

2.7.3 L2TP Status

Use the L2TP Status screen to view L2TP VPN connection information. Click Status and L2TP Status in the navigation panel to display the screen as shown next.

Figure 13 Status: L2TP Status

The following table describes the labels in this screen.

Table 8 Status: L2TP Status

2.7.4 Email Status

The Email Status screen shows the current E-mail account information (that you configured in the Check Email screen). You can also check your Email account status in this screen. Click Status and Email Status in the navigation panel.

Figure 14 Status: Email Status

The following table describes the labels in this screen.

Table 9 Status: Email Status

2.7.5 Event Log

Use the Event Log screen to view system logs (such as when an SHDSL connection is up). Click Status and Event Log in the navigation panel to display the screen as shown next.

Note: To display and log firewall events, enable firewall event logging in the Firewall Log screen.

Figure 15 Event Log

Click Refresh to update the event log entries. Click Clear to delete all event log entries from the text box.

2.7.6 Error Log

Use the Error Log screen to view errors (such as VPN configuration errors).

Note: This screen automatically displays when you click Apply and there is an error in the configuration screen. If this happens, simply check the error message here and try configuring the screen again.

Click Status and Error Log in the navigation panel to display the screen as shown next.

Figure 16 Status: Error Log

The following table describes the labels in this screen.

Table 10 Status: Error Log

2.7.7 NAT Sessions

Click Status and NAT Sessions in the navigation panel to display current NAT sessions.

Figure 17 Status: NAT Session

The following table describes the fields in the text box.

Table 11 Status: NAT Session

2.8 Internet Access Quick Start Setup

This section shows you how to configure the Prestige for Internet access using the Quick Start screen.

Note: You must already have an Internet access account and obtained the connection information from an ISP Internet Service Provider).

Click Quick Start in the navigation panel to display the screen as shown.

Figure 18 Quick Start

The following table describes the labels in this screen.

Table 12 Quick Start

2.8.1 Auto Scan

Use the Auto Scan screen to set the Prestige to automatically detect the Internet connection type.

Follow the steps below to allow the Prestige to automatically detect the Internet connection settings.

1 Click Auto Scan in the Quick Start screen to display the screen as shown next.

Figure 19 Quick Start: Auto Scan

2 If provided, enter the IP addresses of the DSLAM device or a gateway.
3 Click Start to begin the scanning process.
4 When the auto scan is complete and successful, a screen displays. Select your option from the list and click Apply. Otherwise, click Cancel and return to the Quick Start screen and configure the Internet access settings manually.

CHAPTER 3 LAN

This chapter describes how to configure LAN settings.

3.1 Overview

Local Area Network (LAN) is a shared communication system to which many computers are attached. The LAN screens can help you configure a LAN DHCP server and manage IP addresses.

3.2 LAN TCP/IP

The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability.

3.2.1 Factory LAN Defaults

The LAN parameters of the Prestige are preset in the factory with the following values:

• IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits).
  • DHCP server is disabled.

These parameters should work for the majority of installations. If your ISP gives you explicit DNS server address(es), read the embedded web configurator help regarding what fields need to be configured.

3.2.2 IP Address and Subnet Mask

Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.

Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.

If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from 192.168.0.0 to 192.168.255.0 and you must enable the Network Address Translation (NAT) feature of the Prestige. The Internet Assigned Number Authority (IANA) reserved this block

of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network.

Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for your Prestige, but make sure that no other device on your network is using that IP address.

The subnet mask specifies the network number portion of an IP address. Your Prestige will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the Prestige unless you are instructed to do otherwise.

3.2.3 RIP

RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers. By default, the Prestige sends and receives RIP packets.

RIP version controls the format and the broadcasting method of the RIP packets that the Prestige sends (it recognizes both formats when receiving). The follow lists the RIP versions that your Prestige supports:

• RIP v1 is universally supported (and is probably adequate for most networks, unless you have an unusual network topology).
• RIP v2 carries more information.
• RIP v2 Multicast sends routing data in RIP-2 format using multicasting. Multicasting can reduce the load on non-router machines since they generally do not listen to the RIP multicast address and so will not receive the RIP packets. However, if one router uses multicasting, then all routers on your network must use multicasting, also.

3.3 The Ethernet Screen

To set the LAN TCP/IP settings, click Configuration, LAN and Ethernet in the navigation panel to display the screen as shown next.

Figure 20 LAN: Ethernet

The following table describes the labels in this screen.

Table 13 LAN: Ethernet

3.4 Ethernet Client Filter

Use the Ethernet Client Filter screen to set the Prestige to allow or block specified Ethernet devices from accessing the LAN.

Click LAN and Ethernet Client Filter in the navigation panel to display the configuration screen.

Figure 21 LAN: Ethernet Client Filter

The following table describes the labels in this screen.

Table 14 LAN: Ethernet Client Filter

3.4.1 Ethernet Client Filter Candidates

You can display a list of MAC address of the devices that are currently connected to the Prestige. You can use the Active PC in LAN screen to add the selected MAC address(es) to the Ethernet Client Filter screen.

In the Ethernet Client Filter screen, click Candidates to display the screen.

Figure 22 LAN: Ethernet Client Filter: Active PC in LAN

The following table describes the labels in this screen.

Table 15 LAN: Ethernet Client Filter: Active PC in LAN

3.5 Port Setting

Use the Port Setting screen to configure the LAN port settings on the Prestige. Click Configuration, LAN and Port Setting to display the screen as shown next.

Figure 23 LAN: Port Setting

The following table describes the labels in this screen.

Table 16 LAN: Port Setting

3.6 DHCP

DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another DHCP server on your LAN, or else the computer must be manually configured.

3.6.1 IP Pool Setup

When you set the Prestige as a DHCP server, you can use the default DHCP client IP address pool setting. The default address pool has 20 IP addresses starting from 192.168.1.2 to 192.168.1.21. This configuration leaves the other IP addresses for other server computers, for instance, servers for mail, FTP, TFTP, web, etc., that you may have.

3.6.2 DNS Servers

There are two places where you can configure DNS setup on the Prestige.

1 Use the WAN DNS screen to configure the Prestige to use a DNS server to resolve domain names for Prestige system features like VPN, DDNS and the time server.
2 Use the LAN DHCP Server screen to configure the DNS server information that the Prestige sends to the DHCP client devices on the LAN.

3.6.3 DHCP Setup

To configure DHCP settings on the LAN, click Configuration, LAN and DHCP Server to display the screen as shown.

Figure 24 LAN: DHCP Server

The following table describes the labels in this screen.

Table 17 LAN: DHCP Server

Follow the steps below to disable DHCP server/relay on the LAN.

1 In the DHCP Server screen (see Figure 24 on page 44), select Disable and click Next.
2 A screen displays as shown next. Click Apply.

Figure 25 LAN: DHCP Server: Disable

3.6.3.2 DHCP Server Setup

To set the Prestige as a DHCP server, select DHCP Server and click Next in the DHCP Server screen. A screen displays as shown next.

Figure 26 LAN: DHCP Server: DHCP

The follow table describes the labels in this screen.

Table 18 LAN: DHCP Server: DHCP

3.6.3.2.1 Fixed Host

You can set the Prestige to assign one IP address on the LAN to a specific computer based on the MAC address. In the DHCP screen (see Figure 26 on page 45), click Fixed Host to display the screen as shown next.

Figure 27 LAN: DHCP Server: DHCP: Fixed Host

The following table describes the labels in this screen.

Table 19 LAN: DHCP Server: DHCP: Fixed Host

3.6.4 DHCP Relay Agent

If there is an Ethernet device that performs the DHCP server function for your network, then you can configure the Prestige as a DHCP relay agent. When the switch receives a request from a computer on your network, it contacts the Ethernet device (the DHCP server) for the necessary IP information, and then relays the assigned information back to the computer.

In the main DHCP Server screen, select DHCP Relay and click Next to display the configuration screen.

Figure 28 LAN: DHCP Server: DHCP Relay Agent

The following table describes the labels in this screen.

Table 20 LAN: DHCP Server: DHCP Relay Agent

CHAPTER 4 WAN

This chapter describes how to configure WAN settings.

4.1 Overview

A WAN (Wide Area Network) is an outside connection to another network or the Internet. Use the WAN screens to change your Prestige's WAN settings, click Configuration and WAN in the navigation panel.

4.1.1 Encapsulation Types

This section describes the various encapsulation (Internet connection) types the Prestige offers.

4.1.1.1 RFC 1483

RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 (AAL5). The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC-based multiplexing) and the second method assumes that each protocol is carried over a separate ATM virtual circuit (VC-based multiplexing). Please refer to the RFC for more detailed information.

In addition, the Prestige supports two RFC 1483 methods; routed or bridged. In RFC 1483 Bridged, the Prestige sends the packets based on the MAC address information. That is, the Prestige bridges the packets. In RFC 1483 Routed, the Prestige sends the packets based on the IP address. That is, the Prestige routes the packets. Refer to the RFC for more information.

4.1.1.2 PPPoE

The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 2516) specifying how a computer interacts with a broadband modem (DSL, cable, wireless, etc.) connection. PPPoE is for a dial-up connection using PPPoE. For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example RADIUS). PPPoE provides a login and authentication method that the existing Microsoft Dial-Up Networking software can activate, nd therefore requires no new learning or procedures for Windows users. One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for individuals.

Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no specific configuration of the broadband modem at the customer site. By implementing PPPoE directly on the Prestige (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the Prestige does that part of the task.

Furthermore, with NAT, all of the LAN computers will have access.

4.1.1.3 PPPoA

PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA connection functions like a dial-up Internet connection. The Prestige encapsulates the PPP session based on RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service Provider's (ISP) DSLAM (digital access multiplexer). Please refer to RFC 2364 for more information on PPPoA. Refer to RFC 1661 for more information on PPP.

4.1.1.4 IPoA

With IPoA (IP over ATM), the Prestige attempts to map the IP subnet onto the ATM network.

4.2 ISP

Use the ISP screens to configure the Prestige for Internet access. The screen differs by the encapsulation.

Figure 29 WAN: ISP

The following table describes the labels in this screen.

Table 21 WAN: ISP

4.2.1 Edit Settings

Click Edit in the main ISP screen to modify the settings. The configuration screen varies depending on the encapsulation type.

Figure 30 WAN: ISP: Edit

The following table describes the labels in this screen.

Table 22 WAN: ISP: Edit (PPPoE)

4.2.1.1 Advanced PPP Options

For PPPoA or PPPoE connection type, you can configure advanced PPP settings in the Advanced Options screen.

In the WAN Connection screen, click Advanced Options to display the screen shown next.

Figure 31 WAN: Edit: Advanced PPP Options

The following table describes the labels in his screen.

Table 23 WAN: Edit: Advanced PPP Options

4.2.2 Change Connection Type

Follow the steps below to change your Internet connection type and settings.

1 Click Change in the main ISP screen (see Figure 29 on page 49).
2 A screen displays as shown. Select the connection type your ISP uses and click Next. Click Quick Start to configure the line settings in the Quick Start screen (refer to Section 2.7.4 on page 33 for more information).

Figure 32 ISP: Change Connection Type

3 A configuration screen displays. This screen varies depending on the connection type you select. Refer to Section 4.2 on page 49 for more information.

Figure 33 ISP: Change Connection Type Settings (RFC 1483 Routed)

4 Click Apply to save the changes and return to the main ISP screen.

4.3 DNS

Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.

The Prestige can get the DNS server addresses in the following ways.

1 The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, manually enter them in the DNS server fields.
2 If your ISP dynamically assigns the DNS server IP addresses (along with the Prestige's WAN IP address), set the DNS server fields to get the DNS server address from the ISP.
3 You can manually enter the IP addresses of other DNS servers. These servers can be public or private. A DNS server could even be behind a remote IPSec router.

Use the DNS screen to specify the DNS server IP address(es) provided by your ISP.

Figure 34 DNS

The following table describes the labels in this screen.

Table 24 DNS

4.4 SHDSL Parameters

Use the SHDSL screen to configure advanced SHDSL settings. Click Configuration, WAN and SHDSL in the navigation panel to display the screen as shown next.

Figure 35 SHDSL

The following table describes the labels in this screen.

Table 25 SHDSL

CHAPTER 5 System

This chapter describes the System screens.

5.1 Overview

Use the System screens to configure the time server and user account settings, upgrade firmware and backup/restore configuration on the Prestige.

5.2 Time Zone

To change your Prestige's time and date, click Configuration, System and Time Server in the navigation panel. The screen appears as shown. Use this screen to configure the Prestige's time based on your local time zone.

The world map and the v indicator shows the current time zone you select.

Figure 36 System: Time Zone

The following table describes the labels in this screen.

Table 26 System: Time Zone

5.3 Remote Access

Use the Remote Access screen to the session time limit a user is allowed to remotely access the Prestige for management. After the time period is reached, the Prestige automatically disconnects a management session. In this case, you need to log in again with the login username and password.

Click Configuration, System and Remote Access to display the screen as shown.

Figure 37 System: Remote Access

Enter a time period (in minutes) in the Allow Access field. Enter a time period of 0 to not time out a management session. Then click Enable.

5.4 Firmware Upgrade

Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a “.bin” extension, e.g., "prestige.bin". The upload process may take up to two minutes. After a successful upload, the system will reboot.

1 Click Configuration, System and Firmware Upgrade in the navigation panel to display the screen as shown.

Figure 38 System: Firmware Upgrade

2 Click Browse... to find the firmware file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them.
3 Click Upload to begin the upload process. A screen displays showing the firmware upgrade progress.

Note: Do NOT turn off the Prestige while firmware upload is in progress!

Figure 39 System: Firmware Upgrade: Progress

4 After the Prestige successfully upgrades the firmware, a screen displays. Select Current Settings to keep current Prestige settings. Select Factory Default Settings to reset the Prestige to the factory defaults.

Figure 40 System: Firmware Upgrade: Device Configuration Option

5 Click Restart to reboot the Prestige. Wait for about one minute before accessing the Prestige again.

5.5 Backup/Restore

Use the Backup/Restore screen for configuration file maintenance. Click Configuration, System and Backup/Restore in the navigation panel.

Figure 41 System: Configuration Backup/Restore

Backup configuration allows you to back up (or save) the Prestige's current configuration to a file on your computer. Once your Prestige is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.

Click Backup to save the Prestige's current configuration to your computer.

Restore configuration allows you to upload a new or previously saved configuration file from your computer to your Prestige.

Click Browse... to find the file you want to upload. Click Restore to begin the upload process.

Note: Restore only the configuration file that you have previously backed up using the Backup/Restore screen.

Do NOT manually edit the configuration file.

5.6 Restart Router

The Restart Router screen allows you to reboot the Prestige without turning the power off. Click Configuration, System and Restart in the navigation panel to display the screen as shown below.

Figure 42 System: Restart

In the Restart Router with field, select Current Settings and click Restart to reboot the Prestige with the current settings.

Note: All unsaved configuration settings will be lost.

Select Factory Default Settings and click Restart to reboot and reset the Prestige to the factory default.

Note: All custom settings will be lost.

5.7 User Management

Use the User Management screen to maintain login accounts.

Figure 43 System: User Management

The following table describes the labels in this screen.

Table 27 System: User Management

5.7.1 Create a New User Account

To add a new user account, click Create in the User Management screen. A screen displays as shown.

Figure 44 System: User Management: Edit Account

The following table describes the labels in this screen.

Table 28 System: User Management: Edit Account

CHAPTER 6 Firewall

This chapter gives some background information on firewalls.

6.1 Overview

Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term firewall is a system or group of systems that enforces an access-control policy between two networks. It may also be defined as a mechanism used to protect a trusted network from an untrusted network. Of course, firewalls cannot solve every security problem. A firewall is one of the mechanisms used to establish a network security perimeter in support of a network security policy. It should never be the only mechanism or method employed. For a firewall to guard effectively, you must design and deploy it appropriately. This requires integrating the firewall into a broad information-security policy. In addition, specific policies must be implemented within the firewall itself.

6.2 Types of Firewalls

There are three main types of firewalls:

1 Packet Filtering Firewalls
2 Application-level Firewalls
3 Stateful Inspection Firewalls

6.2.1 Packet Filtering Firewalls

Packet filtering firewalls restrict access based on the source/destination computer network address of a packet and the type of application.

6.2.2 Application-level Firewalls

Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data. Application-level gateways have a number of general advantages over the default mode of permitting application traffic directly to internal hosts:

1 Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the application gateway is the only host whose name must be made known to outside systems.

2 Robust authentication and logging pre-authenticates application traffic before it reaches internal hosts and causes it to be logged more effectively than if it were logged with standard host logging. Filtering rules at the packet filtering router can be less complex than they would be if the router needed to filter application traffic and direct it to a number of specific systems. The router need only allow application traffic destined for the application gateway and reject the rest.

6.2.3 Stateful Inspection Firewalls

Stateful inspection firewalls restrict access by screening data packets against defined access rules. They make access control decisions based on IP address and protocol. They also "inspect" the session data to assure the integrity of the connection and to adapt to dynamic protocols. These firewalls generally provide the best speed and transparency; however, they may lack the granular application level access control or caching that some proxies support.

Firewalls, of one type or another, have become an integral part of standard security solutions for enterprises.

Your Prestige includes a full SPI (Stateful Packet Inspection) firewall for controlling Internet access from your LAN, as well as helping to prevent attacks from hackers. In addition to this, when using NAT (Network Address Translation), the Prestige acts as a “natural” Internet firewall, as all computers on your LAN will use private IP addresses that cannot be directly accessed from the Internet.

The following lists the different security features on the Prestige:

• Firewall: This prevents access from outside your network. The router provides three levels of security support:
• NAT: This masks the IP addresses of the computers on the LAN invisible to the WAN. This makes it much more difficult for a hacker to target a machine on your network.
• Firewall Security and Policy (General Settings): Inbound direction of packet filter rules to block unauthorized computers or applications access to your local network from the Internet.
• Intrusion Detection: Enable this feature to detect, prevent and log malicious attacks.
• Access Control: Prevents specified local computers from accessing your local network:
• Firewall Security and Policy (General Settings): Outbound direction of packet filter rules to block unauthorized computers or applications access from the Internet.
• MAC Filter rules: To prevent unauthorized computers from accessing the network through the Prestige.
• URL Filter: To block computers on your local network from accessing specific web sites.

6.3 General Settings

Enable the firewall in the General Settings screen. Click Configuration, Firewall and General Settings in the navigation panel to display the screen as shown.

Figure 45 Firewall: General Settings

The following table describes the labels in this screen.

Table 29 Firewall: General Settings

The following table lists inbound (Internet to LAN) and outbound (LAN to Internet) traffic that is allowed or not allowed for the pre-defined port filters. The Prestige uses the pre-defined port filters when you select a security level in the General Settings screen.

Table 30 Pre-defined Port Filter

6.4 Packet Filter

The packet filters are applicable when the firewall is enabled in the General Settings screen.

Use the Packet Filter screen to configure port and address filters. Click Configuration, Firewall and Packet Filters.

The Prestige comes with pre-configured packet filters as shown in the screen. These filters are for the Policy security levels in the Firewall: General Settings screen (refer to Section 6.3 on page 66). You can modify or delete the pre-configured packet filters.

Figure 46 Firewall: Packet Filter

The following table describes the labels in this screen.

Table 31 Firewall: Packet Filter

6.4.1 Add a New TCP/UDP Packet Filter

To add a new TCP/UDP packet filter, click Add TCP/UDP Filter in the Packet Filter screen.

Figure 47 Firewall: Packet Filters: Add TCP/UDP Filter

The following table describes the labels in this screen.

Table 32 Firewall: Packet Filters: Add TCP/UDP Filter

6.4.2 Add a New Raw Packet Filter

To add a new raw packet filter, click Add Raw Filter in the Packet Filters screen.

Figure 48 Firewall: Packet Filters: Add Raw Filter

The following table describes the labels in this screen.

Table 33 Firewall: Packet Filters: Add Raw Filter

6.5 Intrusion Detection

The Prestige's Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion attempts from the Internet. When you enable IDS on the Prestige, inbound packets are filtered and blocked depending on whether they are detected as possible hacker attacks, intrusion attempts or other connections that the router determines to be suspicious.

If the Prestige detects a possible attack, the source IP or destination IP address will be added to the Blacklist. Any further attempts using this IP address will be blocked for the time period specified in the Block Duration field. The default setting for this function is false (disabled). Some attack types are denied immediately without using the Blacklist function, such as Land attack and Echo/CharGen scan.

The following table lists the types of attacks that the IDS is able to detect and the actions performed.

Table 34 IDS: Detectable Attacks

Click Configuration, Firewall and Intrusion Detection in the navigation panel to display the screen as shown.

Note: The Intrusion Detection screen is available when you enable the firewall feature on the Prestige.

Figure 49 Firewall: Intrusion Detection

The following table describes the labels in this screen.

Table 35 Firewall: Intrusion Detection

Note: For SYN Flood, ICMP Echo Storm and ICMP flood attacks, the Prestige logs the event in the Event Log screen. The Prestige cannot prevent such attacks from occurring.

6.6 URL Filter

URL (Uniform Resource Locator) filtering allows you to create and enforce Internet access policies tailored to your needs. URL filtering gives you the ability to block web sites that contain key words (that you specify) in the web address (such as www.xxx.com). You can set a schedule for when the Prestige performs content filtering.

Note: URL filter blocks web browser (HTTP) connection attempts using port 80 only.

Click Configuration, Firewall and URL Filter in the navigation panel to display the screen as shown next.

Figure 50 Firewall: URL Filter

The following table describes the labels in this screen.

Table 36 Firewall: URL Filter

6.6.1 Keywords Filtering

Use the Keywords Filtering screen to specify the keywords in the URL. For example, if you specify the keyword "xxx", the Prestige blocks all sites containing this keyword including the URL http://www.website.com/xxx.html.

In the URL Filter screen, select Enable for Keywords Filtering and click Details to display the screen as shown next.

Figure 51 Firewall: URL Filter: Keywords Filtering

The following table describes the labels in this screen.

Table 37 Firewall: URL Filter: Keywords Filtering

6.6.2 Domain Filtering

Use the Domains Filtering screen to specify the URL domain. For example, if you specify the domain “www.xxx.com”, the Prestige blocks access to the sites in this domain, including “www.xxx”.

In the URL Filter screen, select Enable for Domains Filtering and click Details to display the screen as shown next.

Figure 52 Firewall: URL Filter: Domains Filtering

The following table describes the labels in this screen.

Table 38 Firewall: URL Filter: Domains Filtering

6.7 Firewall Log

Use the Firewall Log screen to set the Prestige to log firewall events (such as when an attack is detected). View the event logs in the Event Log screen.

Click Configuration, Firewall and Firewall Log in the navigation panel to display the screen as shown.

Figure 53 Firewall: Firewall Logs

The following table describes the labels in this screen.

Table 39 Firewall: Firewall Logs

CHAPTER 7 VPN

This chapter shows you how to configure the Prestige for VPN connection.

7.1 Overview

A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.

Your Prestige supports three main types of VPN (Virtual Private Network): PPTP, IPSec and L2TP.

7.2 PPTP

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks.

PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet. You can set the Prestige to initiate a VPN connection or accept connection requests from a VPN client.

7.2.1 PPTP Summary

To view PPTP VPN rule summary, click VPN and PPTP in the navigation panel to display the main PPTP screen.

Figure 54 VPN: PPTP

The following table describes the labels in this screen.

Table 40 VPN: PPTP

7.2.2 Creating a PPTP VPN Rule

To configure a PPTP VPN rule, click Create in the summary screen to display the screen as shown.

Figure 55 VPN: PPTP

In the Connection Type field, select Remote Access or LAN to LAN and click Next to display the configuration screen.

7.2.2.1 Remote Access Connection

Use PPTP Remote Access Connection screen to configure the Prestige to set up PPTP connection to a remote VPN device.

Figure 56 VPN: PPTP: Remote Access

The following table describes the labels in this screen.

Table 41 VPN: PPTP: Remote Access

7.2.2.2 LAN to LAN Connection

Use the PPTP LAN to LAN screen to configure the Prestige to accept connection requests from a VPN client.

Figure 57 VPN: PPTP: LAN to LAN Connection

The following table describes the labels in this screen.

Table 42 VPN PPTP: LAN to LAN Connection

7.3 IPSec

Internet Protocol Security (IPSec) is a standards-based VPN that offers flexible solutions for secure data communications across a public network like the Internet. IPSec is built around a number of standardized cryptographic techniques to provide confidentiality, data integrity and authentication at the IP layer.

7.3.1 AH (Authentication Header)

AH protocol (RFC 2402) was designed for integrity, authentication, sequence integrity (replay resistance), and non-repudiation but not for confidentiality, for which the ESP was designed.

In applications where confidentiality is not required or not sanctioned by government encryption restrictions, an AH can be employed to ensure integrity. This type of implementation does not protect the information from dissemination but will allow for verification of the integrity of the information and authentication of the originator.

7.3.2 ESP (Encapsulating Security Payload)

The ESP protocol (RFC 2406) provides encryption as well as the services offered by AH. ESP authenticating properties are limited compared to the AH due to the non-inclusion of the IP header information during the authentication process. However, ESP is sufficient if only the upper layer protocols need to be authenticated.

An added feature of the ESP is payload padding, which further protects communications by concealing the size of the packet being transmitted.

Table 43 ESP and AH

7.3.3 Perfect Forward Secrecy (PFS)

Enabling PFS means that the key is transient. The key is thrown away and replaced by a brand new key using a new Diffie-Hellman exchange for each new IPSec SA setup. With PFS enabled, if one key is compromised, previous and subsequent keys are not compromised, because subsequent keys are not derived from previous keys. The (time-consuming) Diffie-Hellman exchange is the trade-off for this extra security.

This may be unnecessary for data that does not require such security, so PFS is disabled (None) by default in the Prestige. Disabling PFS means new authentication and encryption keys are derived from the same root secret (which may have security implications in the long run) but allows faster SA setup (by bypassing the Diffie-Hellman key exchange).

7.3.4 Pre-Shared Key

A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called pre-shared because you have to share it with another party before you can communicate with them over a secure connection.

7.3.5 IPSec VPN Summary

To configure a IPSec VPN rule, click VPN and IPSec in the navigation panel to display the main IPSec screen. Click Create to configure a new IPSec VPN connection.

Figure 58 IPSec Summary

7.3.6 IPSec VPN Configuration

To configure an IPSec VPN connection, click Create in the main IPSec screen.

Figure 59 IPSec: Create

The following table describes the labels in this screen.

Table 44 VPN Rules (IKE): Add Policy

7.4 L2TP

L2TP (Layer 2 Tunneling Protocol) is another tunneling protocol to support VPN. L2TP allows a PPP session to travel through the Internet and a user to access a corporate network.

Click VPN and L2TP to display the summary screen.

Figure 60 VPN: L2TP

The following table describes the labels in this screen.

Table 45 VPN: PPTP

7.4.1 Creating a New L2TP Rule

Click Create to configure a new VPN connection. There are two types of L2TP VPN supported, Remote Access and LAN-to-LAN. Select a connection type and click Next.

Figure 61 VPN: L2TP: Create

7.4.1.1 Remote Access L2TP Connection

Use the L2TP Remote Access Connection screen to create an L2TP VPN rule for accessing a remote network.

Figure 62 L2TP: Remote Access Connection

The following table describes the labels in this screen.

Table 46 VPN: L2TP: Create: Remote Access Connection

7.4.1.2 LAN to LAN L2TP Connection

Use the L2TP LAN to LAN screen to create an L2TP VPN rule to connect to another VPN device on the LAN.

Figure 63 L2TP: LAN to LAN Connection

The following table describes the labels in this screen.

Table 47 VPN: L2TP: Create: LAN to LAN

7.5 VPN Example

This section shows some VPN configuration examples.

7.5.1 Example: Remote PPTP VPN Dial-in Connection

The following network example shows a remote VPN client connecting to the LAN behind the Prestige from the Internet.

Figure 64 Remote PPTP VPN Dial-in Network Example

graph LR
    A["LAN 192.168.1.0/24"] --> B["Router"]
    B --> C["Internet"]
    C --> D["Laptop"]
    style A fill:#f9f,stroke:#333
    style D fill:#bbf,stroke:#333
    subgraph VPN_Tunnel
        B
        C
    end

Create a PPTP dial in VPN connection for this network example. The Prestige assigns an IP address of 192.168.1.200 to the remote VPN client when the VPN connection is established.

Figure 65 Remote PPTP VPN Dial-In Configuration Example

The following table describes the configuration steps.

Table 48 Remote PPTP VPN Dial-In Configuration Example

7.5.2 Example: Remote PPTP VPN Dial-out Connection

The following figure depicts a VPN network example where a computer on the LAN behind the Prestige can establish a VPN connection to the public file server.

Figure 66 PPTP: Remote VPN Dial-out Access

graph LR
    A["LAN 192.168.1.0/24"] --> B["Server"]
    B --> C["Internet"]
    C --> D["Server"]
    style A fill:#f9f,stroke:#333
    style D fill:#bbf,stroke:#333
    subgraph VPN_Tunnel
        B
        C
    end

On the Prestige, create a dial-out PPTP VPN rule to allow a computer on the LAN to access the public file server securely.

Figure 67 PPTP VPN Example: Configuration for the Office

The following table describes the configuration steps.

Table 49 Remote PPTP VPN Dial-In Configuration Example

Note: Both the local and remote networks MUST in different subnets with LAN to LAN application.

CHAPTER 8 QoS (Quality of Service)

This chapter shows you how to configure QoS on the Prestige.

8.1 Overview

QoS function helps you to control your network traffic for each application from LAN to WAN (Internet). It facilitates you to control the different quality and speed of throughput for each application when the system is running with full loading of upstream.

You can find two items under the QoS section: Prioritization and IP Throttling (bandwidth management).

8.1.1 Prioritization

The Prestige provides three priority settings:

• High
• Normal (This is the default for the traffic type(s) that does not match any rules.)
• Low

Click Configuration, QoS and Prioritization in the navigation panel to display the screen as shown.

Figure 68 QoS: Prioritization

The following table describes the labels in this screen.

Table 50 QoS: Prioritization

The following is a mapping table between the Prestige DSCP marking scheme and the standard DSCP value.

8.2 IP Throttling

IP Throttling (or bandwidth management) helps you make sure that the Prestige forwards certain types of traffic (especially real-time applications) with minimum delay.

Use the Outbound IP Throttling screen to limit rates on traffic from the LAN to the WAN interface on the Prestige.

Use the Inbound IP Throttling screen to limit rates on traffic from the WAN to the LAN interface on the Prestige.

Figure 69 QoS: Outbound IP Throttling

The following table describes the labels in this screen.

Table 52 QoS: Outbound/Inbound IP Throttling

8.3 QoS Example

The following figure shows a network example where you want to limit the rates on different traffic types. The total upstream rate and the downstream rate of the Prestige are 928kbps and 8Mbps respectively.

Figure 70 QoS Network Example

graph TD
    VoIP["VoIP\n192.168.1.1"] --> Router["Router"]
    A["Router\n192.168.1.5"] --> Router
    B["Router\n192.168.1.10"] --> Router
    Router --> Internet["Internet"]

8.3.1 Example Prioritization with QoS

You can use the Prioritization screen to prioritize time-sensitive applications (like VoIP). Set a high priority level for VoIP traffic to improve service quality and prevent other applications from using most of the bandwidth. In the example figure, computer B is a restricted user whose traffic has the lowest priority on the network.

Figure 71 QoS: Prioritization Example

8.3.2 Rate Limiting with IP Throttling Example

With IP throttling you can fine tune bandwidth limits for specific applications. For the example network, you want to give a guaranteed bandwidth for VoIP applications. The following table lists the bandwidth allocated for the type of applications (or users) in this example.

Table 53 Rate Limiting with IP Throttling Example

Configure the Outbound IP Throttling screen based on the calculated rates.

Figure 72 Rating Limiting with IP Throttling Example

8.4 Time Schedule

You can configure time schedule profiles and associate a profile to a Prestige setting. This allows the Prestige to automatically disable or enable the setting. The time schedule is based on the Prestige system time. You must configure the Prestige to use a time server to update the system time accurately and automatically (refer to the section on time server).

Click Configuration and Time Schedule to display the main summary screen.

Figure 73 Configuration: Time Schedule

The following table describes the labels in this screen.

Table 54 Configuration: Time Schedule

8.4.1 Configuring a Time Schedule

To configure a time schedule, click Edit for a time schedule policy to display the configuration screen.

Figure 74 Configuration: Time Schedule: Edit

The following table describes the labels in this screen.

Table 55 Configuration: Time Schedule: Edit

CHAPTER 9 Static Route

This chapter shows you how to set advanced system settings.

9.1 Overview

Each remote node specifies only the network to which the gateway is directly connected, and the Prestige has no knowledge of the networks beyond. For instance, the Prestige knows about network N2 in the following figure through remote node router R1. However, the Prestige is unable to route a packet to network N3 because it doesn't know that there is a route through the same remote node router R1 (via gateway router R2). The static routes are for you to tell the Prestige about the networks beyond the remote nodes.

Figure 75 Static Route: Network Example ]

graph LR
    N1["Client 1"] --> R1["R1"]
    N1["Client 2"] --> R1["R1"]
    N1["Client 3"] --> R1["R1"]
    N1["Client 4"] --> R1["R1"]
    N1["Client 5"] --> R1["R1"]
    R1["R1"] --> N2["Router"]
    R2["R2"] --> N2["Router"]
    N2["Router"] --> N3["Router"]

9.2 Configuration

Click Configuration, Advanced and Static Route in the navigation panel to display the screen as shown.

Figure 76 Advanced: Static Route

The following table describes the labels in this screen.

Table 56 Advanced: Static Route

CHAPTER 10 Dynamic DNS

10.1 Overview

Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect. Your friends or relatives will always be able to call you even if they don't know your IP address.

First of all, you need to have registered a dynamic DNS account with www.dyndns.org. This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name. The Dynamic DNS service provider will give you a password or key.

Note: You must go to the Dynamic DNS service provider's website and register a user account and a domain name before you can use the Dynamic DNS service with your Prestige.

10.1.1 Configuration

Click Configuration, Advanced and Dynamic DNS to display the screen as shown next.

Figure 77 Advanced: Dynamic DNS

The following table describes the labels in this screen.

Table 57 Advanced: Dynamic DNS

CHAPTER 11 Check Emails

This chapter shows you how to configure the Check Emails screen for POP3 email checking.

11.1 Overview

You can configure the Prestige to automatically check the your POP3 mail box for new messages. You can check your mail box status in the Email Status screen (see Section 2.7.4 on page 33 for more information).

11.2 Configuring

Click Configuration, Advanced and Check Emails in the navigation panel to display the screen as shown next.

Figure 78 Advanced: Check Emails

The following table describes the labels in this screen.

Table 58 Advanced: Check Emails

CHAPTER 12 Device Management

This chapter shows you how to configure device management security and monitoring settings.

12.1 Overview

Configure general system settings (such as the system name, web server port numbers, etc.), UPnP and SNMP settings in the Device Management screen.

12.1.1 Universal Plug and Play (UPnP)

Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use.

12.1.1.1 How do I know if I'm using UPnP?

UPnP hardware is identified as an icon in the Network Connections folder (Windows XP). Each UPnP compatible device installed on your network will appear as a separate icon. Selecting the icon of a UPnP device will allow you to access the information and properties of that device.

12.1.1.2 Cautions with UPnP

All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention.

12.1.2 SNMP

Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP version one SNMPv1), version two (SNMPv2) and version three (SNMPv3). The next figure illustrates an SNMP management operation.

Figure 79 SNMP Management Model

graph TD
    A["MANAGER"] --> B["AGENT"]
    A --> C["AGENT"]
    A --> D["AGENT"]
    B --> E["Managed Device"]
    C --> F["Managed Device"]
    D --> G["Managed Device"]
    B <--> H["SNMP"]
    C <--> H
    D <--> H

An SNMP managed network consists of two main components: agents and a manager.

An agent is a management software module that resides in a managed device. An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.

The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include such as number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects.

SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations:

• Get - Allows the manager to retrieve an object variable from the agent.
• GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations.
• Set - Allows the manager to set values for object variables within an agent.
• Trap - Used by the agent to inform the manager of some events.

12.1.2.1 SNMPv3

SNMPv3 provides a secure environment for the management of systems and stations. It is designed to protect against unauthorized modification of SNMP messages and operations by using passwords (or community) to authenticate users. SNMPv3 provides user-based security and view-based access control models.

12.1.2.2 SNMP Traps and MIBs

Traps supported: Cold Start, Authentication Failure.

The following table lists the MIBs and attributes.

Table 59 MIBs and Attributes

12.2 The Device Management Screen

Click Configuration, Advanced and Device Management in the navigation panel to display the screen as shown.

Figure 80 Advanced: Device Management

The following table describes the labels in this screen.

Table 60 Advanced: Device Management

12.3 IGMP

A Prestige can passively snoop on IGMP Query, Report and Leave (IGMP version 2) packets transferred between IP multicast routers/switches and IP multicast hosts to learn the IP multicast group membership. It checks IGMP packets passing through it, picks out the group registration information, and configures multicasting accordingly. IGMP snooping allows the Prestige to learn multicast groups without you having to manually configure them.

The Prestige can also forward multicast traffic destined for multicast groups (that it has learned from IGMP snooping or that you have manually configured) to ports that are members of that group. The Prestige discards multicast traffic destined for multicast groups that it does not know. IGMP snooping generates no additional network traffic, allowing you to significantly reduce multicast traffic passing through your Prestige.

Click Configuration, Advanced and IGMP to display the screen as shown.

Figure 81 Advanced: IGMP

The following table describes the labels in this screen.

Table 61 Advanced: IGMP

Index

Numerics

110V AC 4

230V AC 4

4-wire connection 56

A

About your Prestige 20

AC 4

Accessories 4

Address Resolution Protocol (ARP) 29

Advanced PPP options 51

AH (Authentication Header) 83

Airflow 4

Application-level Firewalls 64

Applications 22

ARP 29

How it works 29

ATM Adaptation Layer 5 (AAL5) 48

ATM Class 50

Auto scan for Internet access 37

auto-negotiation 20

B

Bandwidth management 98

Basement 4

C

Cables, Connecting 4

Check email 108

Configuration backup 60

Configuration restore 60

Connecting Cables 4

Content filtering 21

Copyright 2

Corrosive Liquids 4

Covers 4

Customer Support 6

D

Dampness 4

Danger 4

Daylight saving 59

DDNS 21, 106

Denmark, Contact Information 6

Device management 110

DHCP 38, 43, 106

Disable 44

Relay agent 46

Server fixed host setup 46

Sever setup 44

DHCP (Dynamic Host Configuration Protocol) 22, 43

DHCP server 43

DiffServ Code Point (DSCP) 98

DNS 54

DNS server 43

DNS setup 43

Domain filtering 75

Domain Name 54

DoS (Denial of Service) 21

DSCP marking 98

DSLAM (Digital Subscriber Line Access Multiplexer) 22

Dust 4

Dynamic DNS 106

Dynamic DNS (DDNS) 21

E

Electric Shock 4

Electrical Pipes 4

Email status 33

encapsulation 20

Error log status 34

ESP (Encapsulating Security Payload) 83

Ethernet client filter 40

Ethernet client filter candidate 41

Europe 4

Event log status 33

Exposure 4

F

Factory LAN Defaults 38

FCC 3

Features 20

Finland, Contact Information 6

Firewall 21, 64

General settings 66

Log 76

Predefined port filters 67

Types 64

Firmware upgrade 60

Frame Relay 22

France, Contact Information 6

Front panel 24

Front panel LEDs 24

FTP 106

Full Network Management 21

G

Gas Pipes 4

Germany, Contact Information 6

H

High Voltage Points 4

HTTP 64

|

IDS actions 71

IEEE 802.1p 43

IGMP 115

interface 20

Internet access setup

Auto scan 37

Quick start 35

Internet Protocol Security (IPSec) 83

Intrusion detection 71

Intrusion Detection System (IDS) 71

IP Address 38, 40

IP Pool Setup 43

IP throttling

Example 101

IP Throttling 98

IPoA (IP over ATM) 49

IPSec 83

Configuration 85

Summary 84

IPSec standard 22

IPSec status 31

ISP 49

Connection type 53

Edit settings 50

K

Keyword filtering 74

L

L2TP 87

LAN to LAN connection 90

Remote access connection 88

L2TP (Layer 2 Tunneling Protocol) 87

L2TP status 32

LAN TCP/IP 38

Lightning 4

Liquids, Corrosive 4

Log 76

M

Media Access Control (MAC) 29

MPPE (Microsoft Point to Point Encryption) 80

Multi-mode standard 20

multiplexing 21

N

NAT 21, 38

NAT session status 35

Network Address Translation (NAT) 21

North America 4

North America Contact Information 6

Norway, Contact Information 6

0

Opening 4

P

Packet filter 67

Raw packet filter 70

TCP/UDP packet filter 69

Packet filtering 21

Packet Filtering Firewalls 64

Perfect Forward Secrecy 84

PFS (Perfect Forward Secrecy) 84

Pipes 4

Point to Point Protocol over ATM Adaptation Layer 5 (PPPoA) 49

Point-to-Point Tunneling Protocol (PPTP) 78

Pool 4

Port setting 42

Connection type 42

TOS priority control 42

Power Cord 4

PPPoE (Point-to-Point Protocol over Ethernet) 48

PPTP 78

Encryption mode 80

LAN to LAN connection 81

Remote access connection 79

Summary 78

PPTP status 31

Pre-Shared Key 84, 87

Prioritization 96

Example with QoS 100

PVC (Permanent Virtual Circuit) 49

Q

QoS

Example 100

QoS (Quality of Service) 96

Qualified Service Personnel 4

Quick start for Internet access 35

Quick Start Guide 26

R

Read Me First 18

Rear panel 25

Regular Mail 6

Related Documentation 18

Remote access 59

Removing 4

RESET 25

Reset button 27

Resetting the Prestige 27

Restart 61

RFC 1483 48

RFC 2402 83

RFC 2406 83

RFC 2516 48

RIP 39, 51

RIP (Routing Information Protocol) 39

RIP version 39

Risk 4

Risks 4

Routing table 30

S

Service 4, 5

Service Personnel 4

SHDSL parameters 55

Shock, Electric 4

Simple Network Management Protocol (SNMP) 110

SNMP 22, 110

SNMP ( Simple Network Management Protocol) 22

SNMP MIBs 112

SNMP traps 112

SNMPv3 111

Spain, Contact Information 7

Stateful Inspection 21, 64, 65

Static route 104

Status 28

ARP table 29

Email 33

Error log 34

Event log 33

IPSec 31

L2TP 32

NAT sessions 35

PPTP 31

Routing table 30

Subnet Mask 38, 40

Supply Voltage 4

Support E-mail 6

Supporting Disk 18

Sweden, Contact Information 7

Swimming Pool 4

Syntax Conventions 18

System 58

WAN

Encapsulation types 48

WAN (Wide Area Network) 48

Warnings 4

Water 4

Water Pipes 4

Web Configurator 26, 27

Web Site 6

Wet Basement 4

Worldwide Contact Information 6

T

Telephone 6

Thunderstorm 4

Time schedule 101

Time zone 58

Z

ZyXEL Limited Warranty

Note 5

U

Universal Plug and Play 110

Universal Plug and Play (UPnP) 21

UPnP 21, 110

URL (Uniform Resource Locator) 73

URL filter 73

User management 62

V

Vendor 4

Ventilation Slots 4

Virtual Private Network (VPN) 22

Voltage Supply 4

Voltage, High 4

VPN

Example 93

VPN (Virtual Private Network) 78

W

Wall Mount 4