User manual ZYXEL PRESTIGE 661H
Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Lastmanuals provides you a fast and easy access to the user manual ZYXEL PRESTIGE 661H. We hope that this ZYXEL PRESTIGE 661H user guide will be useful to you.
Lastmanuals help download the user guide ZYXEL PRESTIGE 661H.
Manual abstract: user guide ZYXEL PRESTIGE 661H
Detailed instructions for use are in the User's Guide.
[. . . ] P-661H/HW Series
802. 11g Wireless ADSL2+ 4-port Security Gateway
User's Guide
Version 3. 40 Edition 1 5/2006
P-661H/HW Series User's Guide
Copyright
Copyright © 2006 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. [. . . ] · Restrict use of certain protocols, such as Telnet, to authorized users on the LAN. These custom rules work by comparing the Source IP address, Destination IP address and IP protocol type of network traffic to rules set by the administrator. Your customized rules take precedence and override the ZyXEL Device's default rules.
9. 3 Rule Logic Overview
Note: Study these points carefully before configuring rules.
9. 3. 1 Rule Checklist
State the intent of the rule. For example, "This restricts all IRC access from the LAN to the Internet. " Or, "This allows a remote Lotus Notes server to synchronize over the Internet to an inside Notes server. " 1 Is the intent of the rule to forward or block traffic?2 What direction of traffic does the rule apply to?4 What computers on the LAN are to be affected (if any)?5 What computers on the Internet will be affected?For example, if traffic is being allowed from the Internet to the LAN, it is better to allow only certain machines on the Internet to access the LAN.
9. 3. 2 Security Ramifications
1 Once the logic of the rule has been defined, it is critical to consider the security ramifications created by the rule: 2 Does this rule stop LAN users from accessing critical resources on the Internet?For example, if IRC is blocked, are there users that require this service?3 Is it possible to modify the rule to be more specific?For example, if IRC is blocked for all users, will a rule that blocks just certain users be more effective?
158
Chapter 9 Firewall Configuration
P-661H/HW Series User's Guide
4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability?For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers. 5 Does this rule conflict with any existing rules?6 Once these questions have been answered, adding rules is simply a matter of plugging the information into the correct fields in the web configurator screens.
9. 3. 3 Key Fields For Configuring Rules
9. 3. 3. 1 Action
Should the action be to Drop, Reject or Permit?Note: "Drop" means the firewall silently discards the packet. "Reject" means the firewall discards packets and sends an ICMP destination-unreachable message to the sender.
9. 3. 3. 2 Service
Select the service from the Service scrolling list box. If the service is not listed, it is necessary to first define it. See Section 9. 9 on page 172 for more information on predefined services.
9. 3. 3. 3 Source Address
What is the connection's source address; is it on the LAN or WAN?Is it a single IP, a range of IPs or a subnet?
9. 3. 3. 4 Destination Address
What is the connection's destination address; is it on the LAN or WAN?Is it a single IP, a range of IPs or a subnet?
9. 4 Connection Direction
This section describes examples for firewall rules for connections going from LAN to WAN and from WAN to LAN. LAN to LAN/ Router and WAN to WAN/ Router rules apply to packets coming in on the associated interface (LAN or WAN, respectively). LAN to LAN/ Router means policies for LAN-to-ZyXEL Device (the policies for managing the ZyXEL Device through the LAN interface) and policies for LAN-to-LAN (the policies that control routing between two subnets on the LAN). [. . . ] 3 The AP and wireless clients use the pre-shared key to generate a common PMK (Pairwise Master Key). 4 The AP and wireless clients use the TKIP or AES encryption process to encrypt data exchanged between them.
366
Appendix K
P-661H/HW Series User's Guide Figure 211 WPA(2)-PSK Authentication
Security Parameters Summary
Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features.
Table 167 Wireless Security Relational Matrix
AUTHENTICATION ENCRYPTION ENTER METHOD/ KEY METHOD MANUAL KEY MANAGEMENT PROTOCOL Open Open None WEP No No Yes Yes Shared WEP No Yes Yes WPA WPA-PSK WPA2 WPA2-PSK TKIP/AES TKIP/AES TKIP/AES TKIP/AES No Yes No Yes IEEE 802. 1X Disable Enable without Dynamic WEP Key Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable Enable Disable Enable Disable
Appendix K
367
P-661H/HW Series User's Guide
368
Appendix K
P-661H/HW Series User's Guide
APPEN D I X L
Pop-up Windows, JavaScripts and Java Permissions
In order to use the web configurator you need to allow: · Web browser pop-up windows from your device. · JavaScripts (enabled by default). [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE ZYXEL PRESTIGE 661H Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... In any way can't Lastmanuals be held responsible if the document you are looking for is not available, incomplete, in a different language than yours, or if the model or language do not match the description. Lastmanuals, for instance, does not offer a translation service. Click on "Download the user manual" at the end of this Contract if you accept its terms, the downloading of the manual ZYXEL PRESTIGE 661H will begin.