ZyXEL FMG3024-D10A User's Manual
Contents
1. LABEL DESCRIPTION Add new ACL rule Click this to go to add a filter rule for incoming or outgoing IP traffic Name This displays the name of the rule Src IP This displays the source IP addresses to which this rule applies Please note that a blank source address is equivalent to Any Dst IP This displays the destination IP addresses to which this rule applies Please note that a blank destination address is equivalent to Any Services This displays the protocol type and a port range that define the service to which this rule applies Policy This field displays whether the rule silently discards packets DROP discards packets and sends a TCP reset packet or an ICMP destination unreachable message to the sender REJ ECT or allows the passage of packets PERMIT Modify Click the Edit icon to edit the rule Click the Delete icon to delete an existing rule Note that subsequent rules move up by one when you take this action 13 4 1 The Add New ACL Rule Edit Screen Click Add New ACL Rule or the Edit icon next to an existing ACL rule in the Access Control screen The followi Figure 73 Security Add new ACL rule Filter Name Source Address Type Source IP Address Start Source IP Address End Destination Address Type Select Protocol Protocol Protocol Number Source Port Destination Port Policy Direction Destination IP Address Start Destination IP Address End ng s2. Connection Status As illustrated above the main screen is divided into these parts A title bar B main window C navigation panel 2 2 1 Title Bar The title bar shows the following icon in the upper right corner Click this icon to log out of the web configurator 2 2 2 Main Window The main window displays information and configuration fields It is discussed in the rest of this document After you click System Info on the Connection Status screen the System Info screen is displayed See Chapter 4 on page 62 for more information about the System Info screen FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 2 Introducing the Web Configurator If you click LAN Device on the System I nfo screen a in Figure 6 on page 21 the Connection Status screen appears See Chapter 4 on page 61 for more information about the Connection Status screen If you click Virtual Device on the System Info screen b in Figure 6 on page 21 a visual graphic appears showing the connection status of the Device s ports The connected ports are in color and disconnected ports are gray Figure 7 Virtual Device ZyXEL MEET Language Enoisn IE ERO Virtual Device A Refresh Interval None zil Connection Status 2 2 3 Navigation Panel Use the menu items on the navigation panel to open screens to configure Device features The following table describes each menu item Table 1 Navigat
3. seesssssesesesseseene eene nen enne rentes 149 RESONT S viet c r 151 13 6 Firewall Technical Reference Lees roscida aet bx saad ark dan Er tb Faser ebur aper EE ned de d 151 13 6 1 Guidelines For Enhancing Security With Your Firewall ssseeseeee 151 eH esc Ime mec m 152 Chapter 14 MAC FINOT pee ERI UE 153 TEI IIS TEE 153 14 1 2 Wia You Need To ODE iicet tu coido ne X ect EE Etc a o etr esie BUR oce ol Ep Ded an btad 153 tA TO MAG Far a iy OO ETE TET 153 Chapter 15 Parental COMO ui paier eee HERE ERR iaaiiai iai 155 P DOMUM huuc aD E c i e E MM 155 15 2 The Parental GORVOSEPSBIT cte E uar aat pates ador ESI Sp por a EEO ERES 155 15 2 1 Add Edit a Parental Control Rule cca snce toa vans n cnc bsec nga rcr kv tmn E Fo c 156 FMG3024 D10A FMG3025 D10A Series User s Guide Table of Contents Chapter 16 DEPITIBHIBS Ee E ce MM MU M PM M RM D E 159 RO IRSE oreet utu i Mie E DLE M IMEEM MM ence EU ID 159 16 1 1 What You Can Do Wi Wits Chaplet e 159 Te L2 Wha ou Need ta KION ENTE OO AS ASi a 159 16 13 OPINED aA C yi cr misan UT 160 Wee Loca COK a IB aiaa aaa a a ad Hr En RUD 161 bmc oes MUT E NE T 163 104 MEIN CA ir aiiis oa E E E E N E 163 T S I ET HILL TT DRE 164 Chapter 17 VEN I ie ciscsstsss emm erai eM MEMINI MEE DM MEM E ax MI EM EIDEM LEE 167 NER I A ETE ERE mU 167 pyjox 1o 246 12 T r R M 167 TALES THEOSNSIU SCIO Sins sae cs esas pan p dana pias AE sedo ai Dc
4. Each field is described in the following table Table 38 Security gt Firewall gt Services LABEL DESCRIPTION Add New Service Click this to define a new service Entry Name This is the name of a configured service Type This is the protocol type TCP UDP ICMP or Others of the service Port Number This displays a range of port numbers that defines the service Modify Click the Edit icon to edit the service Click the Delete icon to delete the service Note that subsequent rules move up by one when you take this action Deleting a service rule also deletes the related ACL rules which are configured in the Security gt Firewall gt Access Control screen FMG3024 D10A FMG3025 D10A Series Users Guide 147 Chapter 13 Firewall 13 3 1 The Add New Services Entry Screen Use this screen to configure a service that you want to use in an ACL rule in the Security gt Firewall Access Control Add New ACL Rule Edit screen To access this screen click Security Firewall Services and then the Add New Service Entry button Figure 71 Security gt Firewall gt Services gt Add New Service Entry Name Type Source Port Add New Service Entry Protocol Number Destination Port Ed TCP 7 7707 0 255 singe v Singe v Apply Back Each field is described in the following table Table 39 Security gt Firewall gt Service
5. LABEL DESCRIPTION SIP Account Select the Active SI P Account check box if you want to use this account Clear it if you do not want to use this account SIP Account Enter your SIP number In the full SIP URI this is the part before the 9 symbol Number You can use up to 127 printable ASCII characters Authentication Username Enter the user name for registering this SIP account exactly as it was given to you You can use up to 95 printable ASCII characters Password Enter the password for registering this SIP account exactly as it was given to you You can use up to 95 printable ASCII characters URL Type URL Type Select whether or not to include the SIP service domain name when the Device sends the SIP number SIP include the SIP service domain name TEL do not include the SIP service domain name Voice Features Primary Select the type of voice coder decoder codec that you want the Device to use Compression Type G 711 provides higher voice quality but requires more bandwidth 64 kbps Secondary e G 711MuLaw is typically used in North America and Japan Compression Type e G 711ALaw is typically used in Europe Third e G 729 only requires 8 kbps Compression Type G 726 32 operates at 16 24 32 or 40 kbps e G 722 operates at 48 56 and 64 kbps The Device must use the same codec as the peer When two SIP devices start a SIP session they must agree on a codec Select t
6. IP Addressing Values IP Pool Starting This field specifies the first of the contiguous addresses in the IP address pool Address Pool Size This field specifies the size or count of the IP address pool DNS Values DNS Server 1 3 Select From ISP if your ISP dynamically assigns DNS server information and the Device s WAN IP address Select User Defined if you have the IP address of a DNS server Enter the DNS server s IP address in the field to the right If you chose User Defined but leave the IP address set to 0 0 0 0 User Defined changes to None after you click Apply If you set a second choice to User Defined and enter the same IP address the second User Defined changes to None after you click Apply Select None if you do not want to configure DNS servers You must have another DHCP sever on your LAN or else the computers must have their DNS server addresses manually configured If you do not configure a DNS server you must know the IP address of a computer in order to access it Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings 7 3 The Static DHCP Screen This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses Every Ethernet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal charac
7. LABEL DESCRIPTION General Name Enter a service name of the connection Mode Select Bridge when your ISP provides you more than one IP address and you want the connected computers to get individual IP address from ISP s DHCP server directly If you select Bridge you cannot use routing functions such as QoS Firewall DHCP server and NAT on traffic from the selected LAN port s Enable VLAN Select this to add the VLAN Tag specified below to the outgoing traffic through this connection Specific LAN ports can be selected on the Interface Group screen Section 12 2 on page 143 Enter 802 1P Priority IEEE 802 1p defines up to 8 separate traffic types by inserting a tag into a MAC layer frame that contains bits to define class of service Type the IEEE 802 1p priority level from O to 7 to add to traffic through this connection The greater the number the higher the priority level Enter 802 1Q VLAN Type the VLAN ID number from 1 to 4094 for traffic through this connection ID Enable VLAN on Select this to have the Device add a VLAN tag to outgoing packets on the LAN LAN side ports Apply Click Apply to save your changes Back Click Back to return to the previous screen 5 3 The 3G Backup Screen Use this screen to configure your 3G settings Click Broadband 3G Backup At the time of writing the 3G card you can use in the Device is Huawei E220 E270 E160 E169G Note The actu
8. FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking Table 20 Compatible USB Printers continued BRAND MODEL HP Deskjet 1220C HP Deskjet F4185 HP Laserjet 1022 HP Laserjet 1200 HP Laserjet 2200D HP Laserjet 2420 HP Color Laserjet 1500L HP Laserjet 3015 HP Officejet 4255 HP Officejet 5510 HP Officejet 5610 HP Officejet 7210 HP Officejet Pro L7380 HP Photosmart 2610 HP Photosmart 3110 HP Photosmart 7150 HP Photosmart 7830 HP Photosmart C5280 HP Photosmart D5160 HP PSC 1350 HP PSC 1410 IBM Infoprint 1332 LEXMARK Z55 LEXMARK Z705 OKI B4350 SAMSUNG ML 1710 SAMSUNG SCX 4016 FMG3024 D10A FMG3025 D10A Series User s Guide 107 Chapter 7 Home Networking 7 9 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me 1 Click Start and Control Panel Double click Add Remove Programs 2 Click the Windows Setup tab and select Communication in the Components selection box Click Details Figure 36 Add Remove Programs Windows Setup Communication Add Remove Proara ype 3 2 xi Install Uninstall Windows Setup Startup Disk To add or remove a component select or clear the check box If the check box is shaded only part of the component wi
9. 4 FMG3024 D10A FMG3025 D10A Series User s Guide Table of Contents Table of Contents Pollo i ol oJ 8 3 iri 1 Reo lg 5 Part Users GUIE 13 Chapter 1 ijs 9A O O 1C OO0O OOO 15 pP ER 15 1 2 Applications TOE Tus DEVOE asissco dieu E ceases E ondsa dux don indu EX tn Raskb s ats Raus ie need melas ao DAMES oU RUEREK DA 15 FEAM e Fra E E E E E E E E E 15 Nee VOIP PBOUIERS sarane aa I 15 1o Waye io Maraga Me NS ee 17 1 4 Good Habits for Managing the Device Lasse tesco ates ois ur rectae E coco Rire draai hark c Daria 17 15 nhe HESETIBHUSD 2 bep rr rU REO RED N a Eu nd QUE OI iE 17 Chapter 2 introducing the Web Configurator sees Sasso eee 19 MESSIS 19 Eh Accessin the Web GORnIIOBISEDE 4 2 verbia poe RO Da ie b Pale d Ree a MO D d TER MUR 19 22 The Web OC OVEM insanin oua af du E Yi Dump a aa rt add ada 21 cM Ao e 21 AEREA E TEATE o e sts sites E AE dla debita rk oc M I d oU ad bv a br b o Pad bra at a aot 21 Exc ovre ac cg T T 22 Chapter 3 Hu E 25 cale 1s s 25 i2 Seid Up Your WAN COGI san ciiadacidenpsricia deed rated ca Fat
10. SMTP TCP 25 Simple Mail Transfer Protocol is the message exchange standard for the Internet SMTP enables you to move messages from one e mail server to another SNMP TCP UDP 161 Simple Network Management Program SNMP TRAPS TCP UDP 162 Traps for use with the SNMP RFC 1215 SQL NET TCP 1521 Structured Query Language is an interface to access data on many different types of database systems including mainframes midrange systems UNIX systems and network servers SSH TCP UDP 22 Secure Shell Remote Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNI X server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNI X environments It operates over TCP IP networks Its primary function is to allow users to log into remote host Systems TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP but uses the UDP User Datagram Protocol rather than TCP Transmission Control Protocol VDOLIVE TCP 7000 Another videoconferencing solution FMG3024 D10A FMG3025 D10A Series User s Guide Appendix D Common Services FMG3024
11. Medium Safe browsing and still functional Prompts before downloading potentially unsafe content Unsigned ActiveX controls will not be downloaded Appropriate for most Internet sites C Custom Level D Default Level DK Cancel Apply 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default 6 Click OK to close the window 286 FMG3024 D10A FMG3025 D10A Series User s Guide Appendix C Pop up Windows JavaScript and Java Permissions Figure 185 Security Settings Java Scripting Security Settings Settings Scripting Active scripting Q PRremp E Allow paste operations via script Q Disable 9 Enable Q Prompt Es Scripting of Java applets Q Disable Q Prompt lleas Aukhankieskinm Reset to Medium Reset Reset custom settings cme Java Permissions 1 From Internet Explorer click Tools I nternet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected 5 Click OK to close the window FMG3024 D10A FMG3025 D10A Series User s Guide 287 Appendix C Pop up Windows JavaScript and Java Permissions Figure 186 Security Settings Java Security Settings
12. Messages This field states the reason for the log FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 19 Logs 19 3 The Phone Log Screen Click System Monitor gt Log to open the Phone Log screen Use this screen to view phone logs and alert messages You can select the type of log and level of severity to display Figure 104 System Monitor gt Log gt Phone Log pU 1v Level All v Refresh Clear Logs Time Level oc Message 1 Aug 20 07 37 17 err SIP Registration SIP 12875 Register Fail error_cause 43 2 Aug 20 07 37 40 info ChangeMe FXS2 Phone Event OFFHOOK 3 Aug 20 07 37 43 info ChangeMe FXS2 Phone Event ONHOOK 4 Aug 20 07 37 43 infa ChangeMe FXS2 Phone Event idle 5 Aug 20 07 39 05 infa ChangeMe FXS2 Phone Event OFFHOOK 5 Aug 20 07 39 28 info ChangeMe FX82 Phone Event ONHOOK 7 Aug 20 07 39 28 info ChangeMe FX82 Phone Event idle 8 Aug 20 07 41 14 info SIP Registration SIP 128752 Register Success 9 Aug 20 07 41 49 info ChangeMe FXS2 Phone Event OFFHOOK 10 Aug 20 07 41 56 info iChangeMe FX82 Phone Event ONHOOK The following table describes the fields in this screen Table 68 System Monitor gt Log gt Phone Log LABEL DESCRIPTION Select a category of logs to view from the drop down list box select All Logs to view all logs Level Select the severity level that you want to view Refresh Click this to renew the log sc
13. The device is not found on the network Be sure that 1 The device is tumed on 2 The network is connected 3 The device is properly configured 4 The address on the previous page is correct If you think the address is not correct click Back to return to the previous page Then correct the address and perform another search on the network If you are sure the address is correct select the device type below Device Type O Standard 8 Confirm the IP address of the Device in the Printer Name or I P Address field 9 Select Raw under Protocol 10 The Port Number is automatically configured as 9100 Click OK to go back to the previous screen and click Next FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials 11 12 13 14 15 Configure Standard TCP IP Port Monitor 321 xl Port Settinas Port Name IP 182 168 1 1 Printer Name or IP Address 182 168 1 1 M Protocol Raw Setting Port Number 3100 LPR Settings Jueue Name F LPR Byte Counting Enabled T SNMP Status Enabled Community ame public SNMP Device Index fi aJ ces Click Finish to close the wizard window Add Standard TCP IP Printer Port Wizard Completing the Add Standard TCP IP Printer Port Wizard You have selected a port with the following characteristics SNMP No Protocol Raw Raw Device 192 168 1 1 Port Name IP 192 168 1 1 Adapter Type To
14. Chapter 3 Tutorials 2 Check Find media that others are sharing in the following screen and click OK Media Sharing 21x A Find and share music pictures and video on your network Leam about sharing Online Sharing settings Share my media d Your network Network is a private network Devices that you allow can find your shared media Networking How does sharing change firewall settings ox Cancel 3 Now Playing Library da gt Music gt Set gt El e Playlists Title E Create Playlist Primary Views E Jd Library Ww e al r r A a p S Artist Album Songs Genre Year Rating Playlists Additional Views 3 A Album t e 2 Je QJ Songs Contributing Composer Parental Online Stores Genre Artist Rating EJ Year ve Rating Playlists The Device displays as a playlist Clicking on the category icons in the right panel shows you the media files in the USB storage device attached to your Device Windows 7 1 Open Windows Media Player It should automatically detect the Device Eg FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials 3 Windows Media Player File View Play Tools Help GO Organize v Stream v Create playlist v M Artist Album Genre Bj Videos Pictures 5 Recorded TV pP Other Libraries dd Music Bj Videos Pictures Recorded TV E Libran 3 T Playlist
15. Configure IPv4 Manually HA IP Address 0 0 0 0 Subnet Mask 0 0 0 0 Router 0 0 0 0 DNS Servers Search Domains Optional IPv6 Address Configure IPv6 f i Click the lock to prevent further changes Assist me Apply Now 6 Click Apply Now and close the window Verifying Settings Check your TCP IP properties by clicking Applications gt Utilities gt Network Utilities and then selecting the appropriate Network I nterface from the Info tab Figure 159 Mac OS X 10 4 Network Utility eoo Network Utility info Netstat AppleTalk Ping Lookup Traceroute Whois Finger Port Scan Please sele erface for information Network Interface en0 i Transfer Statistics Hardware Address 00 16 cb 8b 50 2e Sent Packets 20607 IP Address es 118 169 44 203 Send Errors 0 Link Speed 100 Mb Recv Packets 22626 Link Status Active Recv Errors 0 Vendor Marvell Collisions 0 Model Yukon Gigabit Adapter 88E8053 Mac OS X 10 5 The screens in this section are from Mac OS X 10 5 FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address 1 Click Apple System Preferences Figure 160 Mac OS X 10 5 Apple Menu Finder File Edit Vie About This Mac Software Update Mac OS X Software gui ue c System Preferences DO i b Recent Items b Force Quit X385 Sleep Restart Shut Down 2 n S
16. iieeuieeueeue ee eiee esie pent tak aeaiia 59 Chapter 4 Connection Status and System Info ccsssseeeeseeeeeeeesseeeeeenseneeeeesseeeaeesseneeeeenseeeeesesesneeeesseeneesesenes 61 LEA V RP 61 2 2 The Convecion SIAE GOROBIT a d issih alas aai aai dubi da i duwnbiar Fama ra cnl caa Dd td 61 da got tact QD ESUC MET DEI een o S SLE ES 62 Chapter 5 i 67 MEO OLU 5 000 029 M 67 BLA What vog Dan DoJdn Ibis Chapa cbe u ide be etia dol ptr nena DUMP bE ue Ut odi be pedascR brote t M obo o OR dai i bed 68 5 1 2 What You Need TO TMW sriain R ne do ene S EUR RAE dt Rotae gana ia uM Ub ea uda pesce ER ERA EE uu ced 68 510 BODIO DOO ISO acts etm addsses asc ast uua Foch ad Ea nexa p Eum Ea Wien DR V c RR EE OR URDU e dae LEUR EU E DMREU RUE 70 52 IheBresdbsh SOIT uaxnedctxepHdtout RERA BUEPEH E PH GRE EFL D ERE PEE GREEN PEE QR POOR BERE UE 70 Ee T Add Edi Intenet GOBENSDIOR sodass rana epoca Plarebchcgra aAA a et ad ra ro RS s 71 Ec Ihb s BOSE GODOQNudediaxdiundam Si abd santa tay hats fasti asus O E down Casu ANO Rd dta 81 DA lechnical RST uec scis roe i cbr a igi essi OR Eod xU ron UR ER asa Uu tup t usa IRE asa E Sor ER ER MESS 83 Chapter 6 3 91 yD
17. Blocks third party cookies that use personally identifiable LJ information without your implicit consent Restricts first party cookies that use personally identifiable information without implicit consent Pop up Blocker S Prevent most pop up windows from appearing Block pop ups Arop 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab 2 Select Settings to open the Pop up Blocker Settings screen FMG3024 D10A FMG3025 D10A Series User s Guide Appendix C Pop up Windows JavaScript and Java Permissions Figure 182 Internet Options Privacy Internet Options PIR General Security Privacy Content Connections Programs Advanced Settings A Move the slider to select a privacy setting for the Internet ERR zone Medium Blocks third party cookies that do not have a compact privacy policy Blocks third party cookies that use personally identifiable LJ information without your implicit consent Restricts first party cookies that use personally identifiable information without implicit consent Pop up Blocker Prevent most pop up windows from appearing Type the IP address of your device the web page that you do not want to have blocked with the prefix
18. Dynamic DNS Type Dynamic DNS Host Name A to 255 characters User Name a to 255 characters Password a to 63 characters sooty cance FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 11 Dynamic DNS The following table describes the fields in this screen Table 34 Network Setting gt DNS LABEL DESCRIPTION Dynamic DNS Configuration Active Dynamic DNS Select this check box to use dynamic DNS Service Provider Select the name of your Dynamic DNS service provider Dynamic DNS Select the type of service that you are registered for from your Dynamic DNS Type service provider Host Name Type the domain name assigned to your Device by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma User Name Type your user name Password Type the password assigned to you Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings FMG3024 D10A FMG3025 D10A Series User s Guide Interface Group 12 1 Overview By default all LAN and WAN interfaces on the Device are in the same group and can communicate with each other Create interface groups to have the Device assign the IP addresses in different domains to different groups Each group acts as an independent network on the Device This lets devices connected to an interface group s LAN inter
19. In List View you can also view the client s information 4 3 The System Info Screen Click Connection Status System Info to open this screen Figure 10 System Info Screen System Info Device Information Interface Status Host Name router Model Name MAC Address Firmware Version WAN information Mode IP Address IP Subnet Mask WAN 2 Information Mode IP Address IP Subnet Mask System Status WAN 3 Information 1000Mbps N A N A N A System Up Time min Mode Current Date Time Sat Jan 1 01 51 47 CET 2000 LAN Information System Resource IP Address CPU Usage IP Subnet Mask 5 255 0 DHCP Server Serv Memory Usage Storage Printer Registration Status Account Status URI In Active ChangeMe ChangeMe In Active ChangeMe ChangeMe FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 4 Connection Status and System Info Each field is described in the following table Table3 System Info Screen LABEL DESCRIPTION Language Select the web configurator language from the drop down list box Refresh Interval Select how often you want the Device to update this screen from the drop down list box Device Information Host Name This field displays the Device system name It is used for identification You can change this in the Maintenance System screen s Host Name field Model Name This is the model n
20. Name Server 1 10 0 2 3 Name Server 2 Name Server 3 Update DNS data via DHCP 9 Click Finish to save your settings and close the window Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP IP properties From the Options sub menu select Show Connection I nformation Figure 178 openSUSE 10 3 KNetwork Manager 7 Disable Wireless y 3 Switch to Offline Mode 4 Show Connection Information Configur amp KNetworkManager Ak x Wired Network 2 Options Wired Devices E Dial Up Connections When the Connection Status KNetwork Manager window opens click the Statistics tab to see if your connection is working properly FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address Figure 179 openSUSE Connection Status KNetwork Manager Connection Status KNetworkManager Device h Addresse Received Bytes 2317441 MBytes 2 2 Packets 3621 Errors 0 Dropped 0 KBytes s 0 0 C Statistics Transmitted 841875 0 8 3140 0 0 0 0 FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address FMG3024 D10A FMG3025 D10A Series User s Guide C Pop up Windows JavaScript and Java Permissions In order to use the web configurator you need to allow Web browser pop up windows from your
21. Remote MGMT allows you to manage your Device from a remote location through the following interfaces LAN WAN only Note The Device is managed using the web configurator 22 1 1 What You Need to Know The following terms and concepts may help as you read this chapter TR 064 TR 064 is a LAN Side DSL CPE Configuration protocol defined by the DSL Forum TR 064 is built on top of UPnP It allows the users to use a TR 064 compliant CPE management application on their computers from the LAN to discover the CPE and configure user specific parameters such as the username and password SSH SCP SFTP Secure Shell SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network The following file transfer methods use SSH Secure Copy SC is a secure way of transferring files between computers It uses port 22 SSH File Transfer Protocol or Secure File Transfer Protocol SFTP is an old way of transferring files between computers It uses port 22 22 2 The Remote MGMT Screen Use this screen to decide what services you may use to access which Device interface Click Maintenance Remote MGMT to open the following screen FMG3024 D10A FMG3025 D10A Series User s Guide 217 Chapter 22 Remote MGMT Figure 112 Maintenance gt Remote MGMT Remote Management HTTPS Enable Enable 443 HTTP V
22. Server Server Port Enter the port number used by the auto provision server Retry Count Enter the number of times to retry auto provisioning Retry Timer Enter the number of seconds to wait before retrying the auto provisioning attempt Expire Timer Enter the number of seconds to wait before downloading the configuration file again if the configuration file from the server is the same as the configuration file on the device thereby retrying the download until an updated configuration file is downloaded Apply Click Apply to save your changes FMG3024 D10A FMG3025 D10A Series User s Guide Troubleshooting 31 1 Overview This chapter offers some suggestions to solve problems you might encounter The potential problems are divided into the following categories Power Hardware Connections and LEDs Device Access and Login Internet Access Phone Calls and VoIP USB Device Connection UPnP 31 2 Power Hardware Connections and LEDs The Device does not turn on None of the LEDs turn on 1 Make sure the Device is turned on 2 Make sure you are using the power adaptor or cord included with the Device 3 Make sure the power adaptor or cord is connected to the Device and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the Device off and on 5 If the problem continues contact the vendor One of the LEDs does not behave as expected 1 Make su
23. pt od SIP Acc SIP Iv siP1 12345678 m siP2 ChangeMe FXO Interface to Receive Incoming Call M Enable sop 5n 3 4 1 4 Making a VoIP Call 1 Make sure you connect a telephone to the first phone port on the Device 2 Make sure the Device is on and connected to the Internet 3 Pick up the phone receiver 4 Dial the VolP phone number you want to call 3 5 Using the File Sharing Feature In this section you can Set up file sharing of your USB device from the Device Access the shared files of your USB device from a computer 3 5 1 Set Up File Sharing To set up file sharing you need to connect your USB device enable file sharing and set up your share s 3 5 1 1 Activate File Sharing 1 Connect your USB device to one of the USB ports at the back panel of the Device 2 Click Network Setting gt Home Networking gt File Sharing Select Enable and click Apply to activate the file sharing function The Device automatically adds your USB device to the Share Directory List FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials Server Configuration File Sharing Services SMB Enable C Disable Share Directory List Add new share Status Share Name Share Path Share Description od v A USB Storage GENERIC USB Mass Storage 100 1 USB Storage 4 Apply Cancel 3 5 1 2 Set up File Sharing on Your Device You also need to set up file shar
24. 2 20012 b021 2d 1000 Link local IPv6 Address fe80 25d8 dcab c80a 5189 11 IPv4 Address e e s w 172 16 100 61 Subnet Mask s 4 eoe oce 255 255 255 0 Default Gateway e80 213 49f feaa 7125 11 172 16 100 254 FMG3024 D10A FMG3025 D10A Series User s Guide Appendix E IPv6 FMG3024 D10A FMG3025 D10A Series User s Guide Legal Information Copyright Copyright 2013 by ZyXEL Communications Corporation The contents of this publication may not be reproduced in any part or as a whole transcribed stored in a retrieval system translated into any language or transmitted in any form or by any means electronic mechanical magnetic optical chemical photocopying manual or otherwise without the prior written permission of ZyXEL Communications Corporation Published by ZyXEL Communications Corporation All rights reserved Disclaimers ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Your use of the Device is subject to the terms and conditions of any related service providers Use with products that have NAT and or 3G Do n
25. 209 The BGC SUS SOI RET E 211 2005 The VolP Status GOP CCID usu sea kann ed canis etg coa Resa rds as wadekxmunssaauaious Casca dd ctam Cacao aa ss 212 Chapter 21 Usor ACCOUN n PH PRATER AEEEL QR EPIO ait FREE RA EE AREUREOR KATE ERO AXE ELTE EL RR PERRA EE EAR OH ALEX AVE PE RR AE RR d 215 VAN AMONG EU ENT UTER PH 215 21 2 The NN crees Ee mc ERR m 215 Chapter 22 Femore MONT isch EHE HEU DEED Ier EcL EO REIR Hii 217 ESSA c E Tm 217 221 1 Whal VOM e To KNOW oes ir ter taut aci e uter a pod et EAE EA AATA 217 22 2 The Remote MGMT Screen wou cccececcccceececesceceeeeeesesceaeeueceseuseaeeseeesseuueuseeseeaueaeeeeeeeauaeeeeeeuaaaneeees 217 Chapter 23 ipee M H 219 EXE X Ud Ret mme 219 23 2 The SNMP Screg uui cx cna tetas ks ma ben ka bna Rcx ex td da Ra dpa zB E caedi ma a cdd x Da d RE nag BO Rd 219 Chapter 24 BOURSE oasuikdinikd fabri DS E ERU NNR DK RR AUN E ANNE UMP A 7E DU KR QA Cid d VIR RENE TAM UC D AA 221 BO IV I SU Tm aekeokeain 221 FMG3024 D10A FMG3025 D10A Series User s Guide Table of Contents eT Via TENUTI TO KNOW Lassus cde tarte o er ERE E dues t a ERE Pec Fa eue a ERE La pcc PER dn 221 PANTE rese as esc cactus cs E E TEE TUETT 221 Chapter 25 TMe Se ia a a aa iaiia iisi 223 SN EU E eT RTT EE 223 d The e SU SOME Zasnsnksutngxivicnindbicndidfrtentniidk eer cuti baa aaa VR naan 223 Chapter 26 Log Se cniinn anii i r aaia Aaaa 225 ES
26. E 485 z 9 mim 7 cr ww A Back Forward View Computer Home Favorites Applications 12 items 19 31 GB available Applications Applications Mac OS 9 Users J L D Documents Library System Double click the Utilities folder eo0 Applications e E E lt fers m ry A ww Back Forward View Computer Home Favorites Applications 39 items 19 31 G8 available M Address Book Calculator oT E UT X Chess Clock DVD Player Double click the Print Center icon eoo0 i Utilities 7 e z E 485 m o fees m z T wy Back Forward View Computer Home Favorites Applications 30 items 19 31 G8 available n 6 os Keychain Access Netinfo Manager Network Utility ODBC Administrator P Process Viewer Click the Add icon at the top of the screen Printer List ce eoo Name e Wi Status Stylus C43 Stopped Set up your printer in the Printer List configuration screen Select I P Printing from the drop down list box In the Printer s Address field type the IP address of your Device Deselect the Use default queue on server check box Type LP1 in the Queue Name field FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials 11 Select your Printer Model from the drop down list box If the printer s model is not listed select Generic o0 Printer List IP Printing v Printer s Address 192 168 1 1 Internet address or DNS name
27. Ethernet adapter Local Area Connection Connection specific DNS Suffix LE cAddEesSsWu i he ke este tae ee ose oS dl rl o46 Subnet Mask osx au le a vy e OD ZO SS Z 50 0 IP Address fe80 2d0 59ff feb8 103c 4 Default Gateway 10 1 1 254 IPv6 is installed and enabled by default in Windows Vista Use the ipconfig command to check your automatic configured IPv6 address as well You should see at least one IPv6 address available for the interface on your computer Example Enabling DHCPv6 on Windows XP Windows XP does not support DHCPv6 If your network uses DHCPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in your network ignore this section This example uses Dibbler as the DHCPv6 client To enable DHCPv6 client on your computer 1 Install Dibbler and select the DHCPv6 client option on your computer 2 After the installation is complete select Start gt All Programs gt Dibbler DHCPv6 gt Client Install as service 3 Select Start gt Control Panel gt Administrative Tools gt Services 4 Double click Dibbler a DHCPv6 client FMG3024 D10A FMG3025 D10A Series User s Guide Appendix E IPv6 i Services ile Action View Help m B RM gt By Services Local Hs Services Local Dibbler a DHCPv6 clien
28. FMG3025 D10A Series User s Guide Chapter 18 VoIP Each field is described in the following table Table 63 VoIP gt Call Rule LABEL DESCRIPTION Speed Dial Use this section to create or edit speed dial entries Select the speed dial number you want to use for this phone number Number Enter the SIP number you want the Device to call when you dial the speed dial number Description Enter a short description to identify the party you call when you dial the speed dial number You can use up to 127 printable ASCII characters Add Click this to use the information in the Speed Dial section to update the Speed Dial Phone Book section Phone Book Use this section to look at all the speed dial entries and to erase them This field displays the speed dial number you should dial to use this entry Number This field displays the SIP number the Device calls when you dial the speed dial number Description This field displays a short description of the party you call when you dial the speed dial number Modify Use this field to edit or erase the speed dial entry Click the Edit icon to copy the information for this speed dial entry into the Speed Dial section where you can change it Click Add when you finish editing to change the configurations Click the Delete icon to erase this speed dial entry Clear Click this to erase all the speed dial entries Cancel Click this to set eve
29. Figure 61 Port Forwarding Add Edit M Enable Service Name WAN Interface Start Port End Port Translation Start Port Translation End Port Server IP Address Protocol User Defined EtherWAN1 192 168 1 6 TCP M E The following table describes the labels in this screen Table 31 Port Forwarding Add Edit LABEL DESCRIPTION Enable This is available only in the Edit screen Clear the check box to disable the rule Select the check box to enable it Service Name Enter a name to identify this rule using keyboard characters A Z a z 1 2 and so on WAN Interface Select the WAN interface through which the service is forwarded You must have already configured a WAN connection with NAT enabled Start Port Enter the original destination port for the packets To forward only one port enter the port number again in the External End Port field To forward a series of ports enter the start port number here and the end port number in the External End Port field End Port Enter the last port of the original destination port range To forward only one port enter the port number in the External Start Port field above and then enter it again in this field To forward a series of ports enter the last port number in a series that begins with the port number in the External Start Port field above Translation Start Port This shows the port number to whi
30. 192 168 1 1 Subnet Mask 255 255 255 0 192 168 231 1 192 168 246 1 are reserved for VLAN DHCP Server State DHCP Enable C Disable IP Addressing Values IP Pool Starting Address 192468133 Pool Size B2 DNS Values DNS Server 1 9216811 DNS Server 2 None a DNS Server 3 None oa The following table describes the fields in this screen Table 12 Network Setting gt Home Networking gt LAN Setup LABEL DESCRIPTION LAN IP Setup IP Address Enter the LAN IP address you want to assign to your Device in dotted decimal notation for example 192 168 1 1 factory default IP Subnet Mask Type the subnet mask of your network in dotted decimal notation for example 255 255 255 0 factory default Your Device automatically computes the subnet mask based on the IP address you enter so do not change this field unless you are instructed to do so DHCP Server State 96 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking Table 12 Network Setting gt Home Networking gt LAN Setup continued LABEL DESCRIPTION DHCP Select Enable to have your Device assign IP addresses an IP default gateway and DNS servers to LAN computers and other devices that are DHCP clients If you select Disable you need to manually configure the IP addresses of the computers and other devices on your LAN When DHCP is used the following fields need to be set
31. ChangeMe Password ITEM EE 3 4 1 2 SIP Account Registration Follow the steps below to register and activate your SIP account 1 Click Connection Status System Info to check if your SIP account has been registered successfully If the status is Not Registered check your Internet connection and click Register to register your SIP account Account Action Account Status URI SIP 1 Not Registered 12345678 gsip example com SIP 2 In Active ChangeMe sip example com 3 4 1 3 Analog Phone Configuration 1 Click Vol P gt Phone to open the Phone Device screen Click the Edit icon next to Analog Phone 1 to configure the first phone port Analog Phone Analog Phone 1 12345678 2 Analog Phone 2 ChangeMe l4 2 Select SIP 1 from the SIP Account in the SIP Account to Make Outgoing Call section to have the phone connected to the first phone port use the registered SIP 1 account to make outgoing calls 3 Select the SIP 1 check box in the SIP Account s to Receive I ncoming Call section to have the phone connected to the first phone port receive phone calls for the SIP 3 account 4 Click Apply to save your changes FMG3024 D10A FMG3025 D10A Series User s Guide EB Chapter 3 Tutorials SIP Account to Make Outgoing Call SIP1 A SIP Account s to Receive Incoming Call SIP Account NEZ 12345678 sIP2 ChangeMe
32. Control Panel FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address Figure 135 Windows XP Start Menu Internet Explorer 7 My Documents Outlook Express Y Paint 2 My Recent Documents eo i My Pictures 99i Files and Settings Transfer W s E BY Command Prompt c My Music E Acrobat Reader 4 0 My Computer Tour Windows xP Windows Movie Maker E Control Panel ta Printers and Faxes Q9 Help and Support Search All Programs gt 3177 Run B Log Off o Turn Off Computer amp untitled Paint 2 In the Control Panel click the Network Connections icon Figure 136 Windows XP Control Panel amp Control Panel File Edit View Favorites Tools Help Q Bacl d pe Search Folders ii Address fe Control Panel Vg Control Panel A Network dd Hardware G Switch to Category View Connections See Also Game Controllers Windows Update 3 Right click Local Area Connection and then select Properties Figure 137 Windows XP Control Panel gt Network Connections gt Properties ocal Area Connection Standard PCI Fast Ethernet Adapte Disable Status Repair Bridge Connections Create Shortcut Rename FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address 4 On the General tab select Internet Protocol TCP IP and then click
33. It is similar to a private IP address in IPv4 You can have the same link local address on multiple interfaces on a device A link local unicast address has a predefined prefix of fe80 10 The link local unicast address format is as follows Table 97 Link local Unicast Address Format 1111 1110 10 0 Interface ID 10 bits 54 bits 64 bits FMG3024 D10A FMG3025 D10A Series User s Guide Appendix E IPv6 Global Address A global address uniquely identifies a device on the Internet It is similar to a public IP address in IPv4 A global unicast address starts with a 2 or 3 Unspecified Address An unspecified address 0 0 0 0 0 0 0 0 or is used as the source address when a device does not have its own address It is similar to 0 0 0 0 in IPv4 Loopback Address A loopback address 0 0 0 0 0 0 0 1 or 1 allows a host to send packets to itself It is similar to 127 0 0 1 in IPv4 Multicast Address In IPv6 multicast addresses provide the same functionality as IPv4 broadcast addresses Broadcasting is not supported in IPv6 A multicast address allows a host to send packets to all hosts in a multicast group Multicast scope allows you to determine the size of the multicast group A multicast address has a predefined prefix of ff00 8 The following table describes some of the predefined multicast addresses Table 98 Predefined Multicast Address MULTICAST ADDRESS DESC
34. Log gt System Log Remote Management Level All Refresh Clear Logs 1 1970 Jan 13 notice Send DHCP ACK to 00 24 21 7E 20 96 with IP 08 35 32 192 168 1970 Jan 13 a 94 24 7E 2 08 35 32 notice Receive DHCP REQUEST from 00 24 21 7E 2 3 1970 Jan 13 notice Send DHCP ACK to 00 24 21 7E 20 96 with IP 08 35 27 192 168 y 1970 Jan 13 Y z 08 35 27 notice Receive DHCP REQUEST from 00 24 21 7E 2 5 1970 Jan 13 notice 3end DHCP OFFER to 00 24 21 7E 20 96 with IP 08 35 27 192 168 x 1970 Jan 13 A A CV 94 24 7E 6 08 35 27 notice Receive DHCP DISCOVER from 00 24 21 7E 2 1970 Jan 13 7 08 35 22 notice Send DHCP NACK to 00 24 21 7E 2 1970 Jan 13 A 8 08 35 22 notice Receive DHCP REQUEST from 00 24 21 7E 2 The following table describes the fields in this screen Table 67 System Monitor gt Log gt System Log LABEL DESCRIPTION Level Select a severity level from the drop down list box This filters search results according to the severity level you have selected When you select a severity the Device searches through all logs of that severity or higher Refresh Click this to renew the log screen Clear Log Click this to delete all the logs This field is a sequential value and is not associated with a specific entry Time This field displays the time the log was recorded Level This field displays the severity level of the logs that the device is to send to this syslog server
35. RFC 3315 is a server client protocol that allows a DHCP server to assign and pass IPv6 network addresses prefixes and other configuration information to DHCP clients DHCPv6 servers and clients exchange DHCP messages using UDP Each DHCP client and server has a unique DHCP Unique IDentifier DUID which is used for identification when they are exchanging DHCPv6 messages The DUID is generated from the MAC address time vendor assigned ID and or the vendor s private enterprise number registered with the IANA It should not change over time even after you reboot the device IPv6 6to4 Mode This mode also enables the Device to convert I Pv6 packets to IPv4 packets But instead of pre configuring the destination router you need to configure a 6to4 relay router that helps to route the packets to any IPv6 networks In this mode the Device should get a public IPv4 address for the WAN The Device adds an IPv4 header to an IPv6 packet when transmitting the packet to the Internet In reverse the Device removes the IPv4 header from an IPv6 packet when receiving it from the Internet FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 5 Broadband An IPv6 address using the 6to4 mode consists of an IPv4 address the format is as the following 2002 a public IPv4 address in hexadecimal 48 For example A public IPv4 address is 202 156 30 41 The converted hexadecimal IP string is ca 9c 1E 29 The IPv6 address prefix becomes 2002 c
36. See Section 18 3 on page 188 for how to map a SIP account to a phone port To access the following screen click VoIP SIP SIP Account Figure 94 VolP gt SIP gt SIP Account Add new SIP account 1 SIP 1 ChangeMe ChangeMe ZW 2 SIP 2 ChangeMe ChangeMe 2 The following table describes the labels in this screen Table 59 VoIP gt SIP gt SIP Account LABEL DESCRIPTION This is the index number of the entry Active This shows whether the SIP account is activated or not A yellow bulb signifies that this SIP account is activated A gray bulb signifies that this SIP account is activated SIP Account This shows the name of the SIP account SIP Service This shows the name of the SIP service provider Provider Account No This shows the SIP number Modify Click the Edit icon to configure the SIP account Click the Delete icon to delete this SIP account from the Device 18 3 1 Add Edit SIP Account You can configure a new SIP account or edit one To access this screen click Add new SIP Account in the SIP Account screen or Edit icon next to an existing account 188 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP Figure 95 SIP Account Add Edit Service Provider Selection General SIP Account SIP Account Number Authenticaton Username Password URL Type URL Type Voice Features Primary Compression Type Second
37. allowing a maximum of 28 2 or 254 possible hosts The following figure shows the company network before subnetting Figure 130 Subnetting Example Before Subnetting i I D i 1 1 Internet T I I y 192 168 1 0 24 4 r 4 CEE um um m m m m m Em Um m m um You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 0 25 and 192 168 1 128 25 The following figure shows the company network after subnetting There are now two sub networks A and B FMG3024 D10A FMG3025 D10A Series User s Guide Appendix A IP Addresses and Subnetting Figure 131 Subnetting Example After Subnetting 1 A i i I nf I I uL t foi 3 N Internet I AJ p LE I Sa S31 TT t L 192 168 1 0 25 4 192 168 1 128 251 o In a 25 bit subnet the host ID has 7 bits so each sub network has a maximum of 27 2 or 126 possible hosts a host ID of all zeroes is the subnet s address itself all ones is the subnet s broadcast address 192 168 1 0 with mask 255 255 255 128 is subnet A itself and 192 168 1 127 with mask 255 255 255 128 is its broadcast address Therefore the lowest IP address that can be assigned to
38. ok JL cancel 6 Now your computer can obtain an IPv6 address from a DHCPv6 server Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable Pv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel gt Network and Sharing Center gt Local Area Connection 2 Select the Internet Protocol Version 6 TCP IPv6 checkbox to enable it 3 Click OK to save the change FMG3024 D10A FMG3025 D10A Series User s Guide Appendix E IPv6 Q Local Area Connection Properties Networking Connect using Pu Broadcom NetXtreme Gigabit Ethemet This connection uses the following items 0M Client for Microsoft Networks r2 ivi v IV amp Intemet Protocol Version 4 TCP IPv4 Install Jninst Properties Description TCP IP version amp The latest version of the intemet protocol that provides communication across diverse interconnected networks ree 4 Click Close to exit the Local Area Connection Status screen 5 Select Start gt All Programs gt Accessories gt Command Prompt 6 Use the ipconfig command to check your dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C gt ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address
39. 0 Drop 30 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 20 Traffic Status The following table describes the fields in this screen Table 70 System Monitor gt Traffic Status gt WAN LABEL DESCRIPTION Status This shows the number of bytes received and sent through the WAN interface of the Device Refresh Interval Select how often you want the Device to update this screen from the drop down list box Connected This shows the name of the WAN interface that is currently connected Interface Packets Sent Data This indicates the number of transmitted packets on this interface Error This indicates the number of frames with errors transmitted on this interface Drop This indicates the number of outgoing packets dropped on this interface Packets Received Data This indicates the number of received packets on this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface 20 3 The LAN Status Screen Click System Monitor gt Traffic Status gt LAN to open the following screen You can view the LAN traffic statistics in this screen Figure 107 System Monitor gt Traffic Status gt LAN Refresh interval 5 seconds Bytes Sent 0 0 1329628 0 Bytes Received 0 0 236957 0 terface LAI W i y LANS LAI Data 0 0 2241 0 Sent Packet Error 0
40. 1 2 2 VoIP Features You can register 1 SIP Session Initiation Protocol profile 2 accounts for that profile and use the Device to make and receive VolP telephone calls FMG3024 D10A FMG3025 D10A Series User s Guide 15 Chapter 1 Introduction Figure 2 Device s VoIP Application The Device sends your call to a VolP service provider s SIP server which forwards your calls to either VoIP or PSTN phones FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 1 Introduction 1 3 Ways to Manage the Device Use any of the following methods to manage the Device Web Configurator This is recommended for everyday management of the Device using a supported web browser FTP for firmware upgrades and configuration backup restore 1 4 Good Habits for Managing the Device Do the following things regularly to make the Device more secure and to manage the Device more effectively Change the password Use a password that s not easy to guess and that consists of different types of characters such as numbers and letters Write down the password and put it in a safe place Back up the configuration and make sure you know how to restore it Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes If you forget your password to access the Web Configurator you will have to reset the Device to its factory default settings If you backed up an earlier configuration
41. 3 2 e Manage network connections s TWPC99111 Internet Diagnose ana repair This computer amp Not connected 5 Right click Local Area Connection and then select Properties Figure 144 Windows Vista Network and Sharing Center LAN or High Sessd Internet MI mc Local Collapse group Left Arrow A Comm x at Intel Expand all groups Collapse all groups Disable Status Diagnose Bridge Connections Create Shortcut Delete Rename Note During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue 6 Select Internet Protocol Version 4 TCP IPv4 and then select Properties FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address Figure 145 Windows Vista Local Area Connection Properties I Local Area Connection Properties Networking Connect using This connection uses the following items La Intel R PRO 1000 MT Desktop Connection o Client for Microsoft Networks E Network Monitor3 Driver K I II IS i Link Layer Topology 5 File and Printer Sharing for Microsoft Networks re Internet Protocol Version 4 TCPAP 4 ivi Discovery Mapper 1 0 Driver M 2 Link Layer Topology Discovery Responder Install Uninstall Description across diverse interconnected networks arre Transmission Control Protocol Intemet Prot
42. 48 Packets Sent 8 B18 Received 5 943 746 With UPnP you can access the web based configurator on the Device without finding out the IP address of the Device first This comes helpful if you do not know the IP address of the Device Follow the steps below to access the web configurator Click Start and then Control Panel Double click Network Connections Select My Network Places under Other Places FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking Figure 47 Network Connections s Network Connections File Edit View Favorites Tools Advanced Help Back d P Search s Folders E Address Network Connections Network Tasks Internet Connection Disabled Internet Connection Create a new connection Set up a home or small office network LAN or High Speed Internet See Also Local Area Connection i Network Troubleshooter Enabled Other Places Mb Control Panel My Network Places i 4 My Documents 4 My Computer Details Network Connections System Folder j J start ES Network Connections E A Accton EN1207D TX PCI Fast 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your Device and select I nvoke The web configurator login screen displays FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking Figure 48 Network Connections
43. 6a b3 Sent Packets 1230 IP Address es 10 0 2 2 Send Errors 0 Link Speed 11 Mbit s Recv Packets 1197 Link Status Active Recv Errors 0 Vendor Apple Collisions 0 Model Wireless Network Adapter 802 11 Linux Ubuntu 8 GNOME This section shows you how to configure your computer s TCP IP settings in the GNU Object Model Environment GNOME using the Ubuntu 8 Linux distribution The procedure screens and file locations may vary depending on your specific distribution release version and individual configuration The following screens use the default Ubuntu 8 installation Note Make sure you are logged in as the root administrator Follow the steps below to configure your computer IP address in GNOME 1 Click System Administration Network Figure 165 Ubuntu 8 System gt Administration Menu System X Preferences OP Administration 5 Authorizations m Hardware Drivers 4 Hardware Testing Help and Support About GNOME Language Support ER Login Window Quit ET Network Network Tools lt 3 About Ubuntu 2 When the Network Settings window opens click Unlock to open the Authenticate window By default the Unlock button is greyed out until clicked You cannot make changes to your configuration unless you first enter your admin password 272 FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address Figure 166 Ubuntu 8 Ne
44. ChangeMe ONHOOK The following table describes the fields in this screen Table 74 System Monitor gt VoIP Status LABEL DESCRIPTION Refresh Interval Select how often you want the Device to update this screen from the drop down list box SIP Status Account This column displays each SIP account in the Device Registration This field displays the current registration status of the SIP account You can change this in the Status screen Registered The SIP account is registered with a SIP server Not Registered The last time the Device tried to register the SIP account with the SIP server the attempt failed The Device automatically tries to register the SIP account when you turn on the Device or when you activate it Inactive The SIP account is not active You can activate it in Vol P gt SIP gt SIP Account Last This field displays the last time you successfully registered the SIP account The Registration field is blank if you never successfully registered this account URI This field displays the account number and service domain of the SIP account You can change these in the VoIP gt SIP screens Message Waiting This field indicates whether or not there are any messages waiting for the SIP account Last Incoming Number This field displays the last number that called the SIP account The field is blank if no number has ever dialed the SIP account Last
45. Click Next to start configuring the printer port Add Standard TCP IP Printer Port Wizard x Welcome to the Add Standard TCP IP Printer Port Wizard You use this wizard to add a port for a network printer Before continuing be sure that 1 The device is turned on 2 The network is connected and configured To continue click Next Cancel 7 Enter the IP address of the Device to which the printer is connected in the Printer Name or IP Address field In our example we use the default IP address of the Device 192 168 1 1 The Port Name field updates automatically to reflect the IP address of the port Click Next FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials 8 9 Note The computer from which you are configuring the TCP IP printer port must be on the same LAN in order to use the printer sharing function Add Standard TCP IP Printer Port Wizard x Add Port RS For which device do you want to add a port NS N Enter the Printer Name or IP address and a port name for the desired device Printer Name or IP Address 192 168 1 1 Port Name P 92 168 1 1 Cancel Select Custom under Device Type and click Settings Add Standard TCP IP Printer Port Wizard E x Additional Port Information Required RS The device could not be identified N The device is not found on the network Be sure that 1 The device is turned on 2 The network
46. Complete and valid address j Use default queue on server Queue Name LP1 Printer Model Generic Cancel Add J 12 Click Add to select a printer model save and close the Printer List configuration screen o0 Printer List IP Printing ad Printer s Address 192 168 1 1 Internet address or DNS name Complete and valid address C Use default queue on server Queue Name LP1 Printer Model ESP ModedlNam 4 EPSON 24 Pin Series CUPS v1 1 EPSON New Stylus Color Series CUPS v1 1 EPSON New Stylus Photo Series CUPS v1 1 EPSON Stylus Color Series CUPS v1 1 FUE Cancel add gt 13 The Name LP1 on 192 168 1 1 displays in the Printer List field The default printer Name displays in bold type 608 Printer List E Make Default Add Delete Name Status LP1 on 192 168 1 1 Stylus C43 Stopped Your Macintosh print server driver setup is complete You can now use the Device s print server to print from a Macintosh computer FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials 3 8 Configuring Static Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions you may connect a router to the Device s LAN The router may be used to separate two department networks This tutorial shows how to configure a static routing rule for two network routings In the following figure router R
47. Compression Type Third Compression Type Speaking Volume Control Listening Volume Control B Note Call Features M Send Caller ID IV Active Call Transfer M Active Call Waiting Active Busy Forward Active No Answer Forward No Answer Ring Time warm Line Warm Line Timer sec SIP Service Provider Selection IV Active G 168 Echo Cancellation IV Active VAD Voice Active Detector Active Call Waiting Reject Time Active Unconditional Forward Hot Line Warm Line Enable Hot Line Warm Line number ChangeMe Active SIP Account ChangeMe ch angeMe 9999992929 SIP cz sl midde Z VAD will not be active while G 722 is used 24 10 60 second To Number ToNumer S To Number i0 10 180 Second HotLine SS 5 5 300 Second Active Anonymous Call Block Each field is described in the following table Table 60 SIP Account Edit LABEL DESCRIPTION SIP Service Provider Selection Service Provider Select the SIP service provider profile you want to use for the SIP account you Selection configure in this screen This field is view only if you are editing the SIP account SIP Account Selection Selection SIP Account This shows the SIP account you are configuring General FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP Table 60 SIP Account Edit continued
48. D10A FMG3025 D10A Series User s Guide Chapter 9 Quality of Service QoS Figure 54 Network Setting gt QoS gt Queue Setup Add new Queue 1 WAN Default Queue WAN 4 1 DT 2 i 2 j LAN_Default_Queue LAN 4 1 DT 4 3 Fast WAN 7 3 DT ZW 4 Active user WAN 5 3 DT 2 5 Passive user WAN 3 3 DT 3 i 6 Slow WAN 1 3 DT 3 i B note Maximum 8 user configurable entries The following table describes the labels in this screen Table 24 Network Setting gt QoS gt Queue Setup LABEL DESCRIPTION Add new Click this to create a new entry Queue This is the index number of this entry Status This indicates whether the queue is active or not A yellow bulb signifies that this queue is active A gray bulb signifies that this queue is not active Name This shows the descriptive name of this queue Interface This shows the name of the Device s interface through which traffic in this queue passes Priority This shows the priority of this queue Weight This shows the weight of this queue Buffer This shows the queue management algorithm used by the Device Management Rate Limit This shows the maximum transmission rate allowed for traffic on this queue kbps Modify Click the Edit icon to edit the queue Click the Delete icon to delete an existing queue Note that subsequent rules move up by one when you take this action 9 3 1 Add Edit a QoS Queue Use this screen to configure
49. E 2 xi Settings Q Disable 9 Enable ER Font download Q Disable 9 Enable A O Prompt 53 Microsoft VM Java permissions Q Custom 9 High sois Q Low safety Reset custom settings Reset to Medium Reset JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected 3 Click OK to close the window Figure 187 Java Sun Internet Options General Security Privacy Content Connections Programs Advanced Settings O Use inline AutoComplete O Use Passive FTP for firewall and DSL modem compatibility Use smooth scrolling HTTP 1 1 settings v Use HTTP 1 1 O Use HTTP 1 1 through proxy connections 3 Microsoft v gt Java C v d Use Java 2141 D for lt appleb equites rea Jaja 2 v1 4 1 07 for applet requires d Use Java 2141 D for lt appleb equites rea O Java console enabled requires restart O Java logging enabled JIT compiler for virtual machine enabled requires restart Multimedia O Always show Internet Explorer 5 0 or later Radio toolbar O Don t display online media content in the media bar Enable Automatic Image Resizing v b Restore Defaults Cancel Apply 288 FMG3024 D10A FMG3025 D10A Series User s Guide Appendix C Pop up Windows JavaScript and Java Permissions Mozilla Firefox Mozilla Firefox 2 0 screens are use
50. Enable Enable 80 TELNET Enable Enable 23 FTP V Enable Enable 21 SSH Enable Enable 22 ICMP V Enable V Enable N A TR 064 V Enable N A 18888 SNMP V Enable Enable 161 Apply Cancel The following table describes the fields in this screen Table 76 Maintenance gt Remote MGMT LABEL DESCRIPTION Services This is the service you may use to access the Device LAN Select the Enable check box for the corresponding services that you want to allow access to the Device from the LAN WAN Select the Enable check box for the corresponding services that you want to allow access to the Device from the WAN Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings FMG3024 D10A FMG3025 D10A Series User s Guide SNMP 23 1 Overview This chapter explains how to configure the SNMP settings on the Device 23 2 The SNMP Screen Simple Network Management Protocol is a protocol used for exchanging management information between network devices Your Device supports SNMP agent functionality which allows a manager station to manage and monitor the Device through the network The Device supports SNMP version one SNMPv1 and version two SNMPv2c The next figu
51. Guide Cable TV 6 1 Overview This chapter describes the Device s Network Setting gt CATV screen Use this screen to set up your Device s cable television function 6 2 The CATV Screen Use this screen to enable cable television functions Click Network Setting CATV to open the CATV screen Figure 24 Network Setting gt CATV CATV T Enable CATV CATV Filter I Enable CATV Filter The following table describes the labels in this screen Table 11 Network gt CATV LABEL DESCRIPTION CATV Select this to enable the cable TV function CATV Filter Select this to enable the cable TV low pass filter which filters unwanted high frequencies out of the signal Apply Click Apply to save your changes back to the Device Cancel Click Cancel to restore your previously saved settings FMG3024 D10A FMG3025 D10A Series User s Guide EE Chapter 6 Cable TV FMG3024 D10A FMG3025 D10A Series User s Guide 7 Home Networking 7 1 Overview A Local Area Network LAN is a shared communication system to which many computers are attached A LAN is usually located in one immediate area such as a building or floor of a building The LAN screens can help you configure a LAN DHCP server and manage IP addresses LAN 7 1 1 What You Can Do in this Chapter Use the LAN Setup screen to set the LAN IP address subnet mask and DHCP settings Section 7 2 on page 96 Use the
52. IGMP message types MLDv1 is equivalent to IGMPv2 and MLDv2 is equivalent to IGMPv3 MLD allows an IPv6 switch or router to discover the presence of MLD listeners who wish to receive multicast packets and the IP addresses of multicast groups the hosts want to join on its network MLD snooping and MLD proxy are analogous to IGMP snooping and IGMP proxy in IPv4 MLD filtering controls which multicast groups a port can join MLD Messages A multicast router or switch periodically sends general queries to MLD hosts to update the multicast forwarding table When an MLD host wants to join a multicast group it sends an MLD Report message for that address An MLD Done message is equivalent to an IGMP Leave message When an MLD host wants to leave a multicast group it can send a Done message to the router or switch The router or switch then sends a group specific query to the port on which the Done message is received to determine if other devices connected to this port should remain in the group FMG3024 D10A FMG3025 D10A Series User s Guide Appendix E IPv6 Example Enabling IPv6 on Windows XP 2003 Vista By default Windows XP and Windows 2003 support IPv6 This example shows you how to use the ipv6 install command on Windows XP 2003 to enable IPv6 This also displays how to use the ipconfig command to see auto generated IP addresses C N ipv6 install Installing Succeeded C gt ipconfig Windows IP Configuration
53. IP Packet Length 46 1504 r Exclude DSCP E Exclude TCP ACK E Exclude DHCP VendorClassID DHCP Option 60 E Exclude Class ID String Service FTF Y E Exclude Apply Back Class Name Give a class name to this traffic such as Email in this example To Queue Link this to a queue created in the QoS gt Queue Setup screen which is the Email queue created in this example From Interface This is the interface from which the traffic will be coming from Select Lan Ether Type Select I P to identify the traffic source by its IP address or MAC address MAC Address Type the MAC address of your computer AA FF AA FF AA FF Type the MAC Mask if you know it IP Address Type the IP address of your computer 192 168 1 23 Type the IP Subnet Mask if you know it IP Protocol Select User defined and enter 25 as the IP Protocol This maps e mail traffic to queue 7 created in the previous screen see the IP Protocol field This also maps your computer s IP address and MAC address to queue 7 see the Source fields 4 Verify that the queue setup works by checking Network Setting QoS Monitor This shows the bandwidth allotted to e mail traffic compared to other network traffic FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials Monitor Refresh Interval No Refresh Status Interface Monitor 1 ptm0 3900 Queue Monitor WAN Default Queue WAN 1
54. If the ISP or your network administrator assigns you a block of registered IP addresses follow their instructions in selecting the IP addresses and the subnet mask If the ISP did not explicitly give you an IP network number then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established If this is the case it is recommended that you select a network number from 192 168 0 0 to 192 168 255 0 The Internet Assigned Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise You must also enable Network Address Translation NAT on the Device Once you have decided on the network number pick an IP address for your Device that is easy to remember for instance 192 168 1 1 but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP address Your Device will compute the subnet mask automatically based on the IP address that you entered You don t need to change the subnet mask computed by the Device unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet running only between two branch offices for example you can assign any IP addresses to the hosts without problems However the Internet Assigne
55. Introduction to IP Addresses One part of the IP address is the network number and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the network the packets are delivered An IP address is made up of four parts written in dotted decimal notation for example 192 168 1 1 Each of these four parts is known as an octet An octet is an eight digit binary number for example 11000000 which is 192 in decimal notation Therefore each octet has a possible range of 00000000 to 11111111 in binary or 0 to 255 in decimal The following figure shows an example IP address in which the first three octets 192 168 1 are the network number and the fourth octet 16 is the host ID FMG3024 D10A FMG3025 D10A Series User s Guide Appendix A IP Addresses and Subnetting Figure 129 Network Number and Host ID 192 168 1 16 BONEN N n at i a 1 a a 1 4 E 1 3 i 1 1 i i 1 a m m m m m m m m m mm 9 How much of the IP address is the network number and how much is the host ID varies according to the subnet mask Subnet Masks A subnet mask
56. My Network Places 7 My Network Places File Edit View Favorites Q O Tools Help J2 Search Folders E a My Network Places Address Network Tasks gt Add a network place View network connections Set up a home or small office network 3 View workgroup computers Other Places Local Network Create Shortcut Rename Properties 6 basic information about the Device Right click on the icon for your Device and select Properties A properties window displays with Figure 49 Network Connections My Network Places Properties Example ZyXEL Internet Sharing Gateway x General zu m ZEL Internet Sharing Gateway Manufacturer ZyXEL Model Name ZyXEL Internet Sharing Gateway Model Number Description ZyXEL Internet Sharing Gateway Device Address http 192 168 1 1 Cancel Close FMG3024 D10A FMG3025 D10A Series User s Guide Routing 8 1 Overview The Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet To have the Device send data to devices not reachable through the default gateway use static routes For example the next figure shows a computer A connected to the Device s LAN interface The Device routes most traffic from A to the Internet through the Device s default gateway R1 You create one static route to connect to services offered by yo
57. Networking Services C 2 Other Network File and Print Services Description Contains a variety of specialized network related services and protocols Total disk space required 0 0 MB _detais _ Space available on disk 260 9 MB Deis 5 Inthe Networking Services window select the Universal Plug and Play check box Figure 40 Networking Services Networking Services To add or remove a component click the check bos amp shaded box means that only part of the component will be installed To see what s included in a component click Details Subcomponents of Networking Services SB RIP Listener 0 0 MB El Simple TCP IP Services 0 0 MB m Universal Plug and Play 0 2 MB Description Allows your computer to discover and control Universal Plug and Play devices Total disk space required 0 0 MB Space available on disk 260 8 MB 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking 7 10 Using UPnP in Windows XP Example 3 This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the Device Make sure the computer is connected to a LAN port of the Device Turn on your computer and the Device Auto discover Your UPnP enabled Network Device Click Start and Control Panel Dou
58. Outgoing This field displays the last number the SIP account called The field is blank if the Number SIP account has never dialed a number Call Status Account This column displays each SIP account in the Device Duration This field displays how long the current call has lasted FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 20 Traffic Status Table 74 System Monitor gt VoIP Status continued LABEL DESCRIPTION Status This field displays the current state of the phone call Idle There are no current VoIP calls incoming calls or outgoing calls being made Dial The callee s phone is ringing Ring The phone is ringing for an incoming VolP call Process There is a VoIP call in progress DI SC The callee s line is busy the callee hung up or your phone was left off the hook Codec This field displays what voice codec is being used for a current VoIP call through a phone port Peer Number This field displays the SIP number of the party that is currently engaged in a VoIP call through a phone port Phone Status Account This field displays the phone accounts of the Device Outgoing This field displays the SIP number that you use to make calls on this phone port Number Incoming This field displays the SIP number that you use to receive calls on this phone port Number Phone State This field shows whether or the phone connected to the subs
59. RFC 3262 Supported x DNS SRV Enabled RFC 3263 Session Timer RFC 4028 VoIP IOP Flags Iv Replace dial digit to 9623 in SIP messages IV Remove 5060 and transportzudp from request uri in SIP messages Remove the Route header in SIP messages IV Don t send re Invite to the remote party when there are multiple codecs answered in the SDP IV Remove the Authentication header in SIP ACK message RTP Port Range Start Port 50000 1025 65535 End Port 55535 1025 65535 DTMF Mode DTMF Mode RFC 2833 v Transport Type Transport Type UDP x FAX Option 6711 Fax Passthrough C 738 Fax Relay FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP Figure 93 VoIP gt SIP gt SIP Service Provider continued Outbound Proxy Enable Server Address Server Port QoS Tag SIP TOS Priority Setting RTP TOS Priority Setting Timer Setting Expiration Duration Register Re send timer Session Expires Min SE Dialing Interval Selection Dialing Interval Selection Phone Key Config Call Return Caller Display Call Caller Hidden Call One Shot Caller Display Call One Shot Caller Hidden Call Call Waiting Enable Call Waiting Disable One Shot Call Waiting Enable One Shot Call Waiting Disable Internal Call Call Transfer Unconditional Call Forward Enable Unconditional Call Forward Disable No Answer Call Forward Enable No Answer Call Forwa
60. SIP URI Uniform Resource Identifier A SIP account s URI identifies the SIP account in a way similar to the way an e mail address identifies an e mail account The format of a SIP identity is SIP Number 9SI P Service Domain SIP Number The SIP number is the part of the SIP URI that comes before the symbol A SIP number can use letters like in an e mail address johndoe your ITSP com for example or numbers like a telephone number 1122334455 9 Vol P provider com for example SIP Service Domain The SIP service domain of the VoIP service provider is the domain name in a SIP URI For example if the SIP address is 11223344559 Vol P provider com then Vol P provider com is the SIP service domain SIP Registration Each Device is an individual SIP User Agent UA To provide voice service it has a public IP address for SIP and RTP protocols to communicate with other servers A SIP user agent has to register with the SIP registrar and must provide information about the users it represents as well as its current IP address for the routing of incoming SIP requests After successful registration the SIP server knows that the users identified by their dedicated SIP URIs are represented by the UA and knows the IP address to which the SIP requests and responses should be sent Registration is initiated by the User Agent Client UAC running in the VoIP gateway the Device The gateway must be configured with information lett
61. Security IPSec is a standards based VPN that provides confidentiality data integrity and authentication This chapter shows you how to configure the Device s VPN settings 17 2 IPSec VPN 17 2 1 The General Screen Use this screen to view and manage your VPN tunnel policies The following figure helps explain the main fields in the web configurator Figure 84 IPSec Fields Summary Local Network Remote Network Remote IPSec Router TERR named Pug ey OD E Local IP Address h y Remote IP Address F4 Click Security gt VPN to open this screen as shown next Figure 85 IPSec VPN Summary Add New Tunnel FMG3024 D10A FMG3025 D10A Series User s Guide 167 Chapter 17 VPN This screen contains the following fields Table 50 IPSec VPN LABEL DESCRIPTION Add New Tunnel Click this button to add an item to the list This is the VPN policy index number Active This displays if the VPN policy is enabled Tunnel Name The name of the VPN connection Local Address This displays the IP address of the Device Remote Address This displays the IP address of the remote IPSec router IPSec Algorithm This displays the encryption algorithm for the VPN connection Modify Click the Edit icon to go to the screen where you can edit the rule Click the Delete icon to delete an existing rule 17 2 2 IPSec VPN Add Use these settings to add or edit VPN policies Click
62. Stack Lite to let local computers use IPv4 through an ISP s IPv6 network 4to6 Endpoint Specify the transition router s IPv6 address IPv6 Address Apply Click Apply to save your changes Back Click Back to return to the previous screen 5 2 1 2 Routing IPoE Click the Add new WAN I nterface in the Network Setting Broadband screen or the Edit icon next to the connection you want to configure Select Routing as the encapsulation mode and IP over Ethernet as the WAN service type 76 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 5 Broadband Figure 18 Broadband Add Edit Routing IPoE IPv4 Only General Name Mode Routing WANServiceType iPoverEthernet v IPv6 IPv4 Mode Pony H VLAN Enable VLAN r Enter 802 1P Priority 0 7 Enter 802 1Q VLAN ID 1 4094 3900 3905 are reserved MTU MTU h 500 IP Address Obtain an IP Address Automatically Enable DHCP Option 60 O C Static IP Address Routing Feature NAT Enable r IGMP Proxy Enable r Apply as Default Gateway O DNS Server Obtain DNS info Automatically C Use the following Static DNS IP Address 6 to 4 Tunnel IV 6to4 Tunneling 6RD Enable 6to4 Tunneling Relay Server IP Figure 19 Broadband Add Edit Routing IPoE IPv6 IPv4 Dual Stack IPv6 Address Obtain IPv6 Address Prefix Automatically Enable Non temporary Addresses O Enable Prefix Delegatio
63. Static DHCP screen to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses Section 7 3 on page 97 Use the UPnP screen to enable UPnP Section 7 4 on page 99 Use the File Sharing screen to enable file sharing server Section 7 5 on page 99 Use the Media Server screen to enable or disable the sharing of media files Section 7 6 on page 102 Use the Printer Server screen to enable the print server Section 7 7 on page 102 7 1 2 What You Need To Know The following terms and concepts may help as you read this chapter 7 1 2 1 About LAN IP Address Similar to the way houses on a street share a common street name so too do computers on a LAN share one common network number This is known as an Internet Protocol address FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking Subnet Mask The subnet mask specifies the network number portion of an IP address Your Device will compute the subnet mask automatically based on the IP address that you entered You don t need to change the subnet mask computed by the Device unless you are instructed to do otherwise DHCP DHCP Dynamic Host Configuration Protocol allows clients to obtain TCP IP configuration at start up from a server This Device has a built in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability DNS DNS Domain Name System maps a
64. Use this screen to configure a WAN connection The screen varies depending on the interface type encapsulation and WAN service type you select 5 2 1 1 Routing PPPoE Click the Add new WAN Interface in the Network Setting gt Broadband screen or the Edit icon next to the connection you want to configure Select Routing as the encapsulation mode and PPPoE as the WAN service type FMG3024 D10A FMG3025 D10A Series User s Guide 71 Chapter 5 Broadband 72 Figure 15 Broadband Add Edit Routing PPPoE IPv4 Only General Name l Mode Routing WANServiceType PPP over Ethernet PPPoE PPPoE Passthrough r IPV6 IPv4 Mode Pony rj VLAN Enable VLAN O Enter 802 1P Priority 0 7 rei Enter 802 10 VLAN ID 1 4094 3900 3905 are reserved PPP Infomation PPPUserName PPPPassword PPPoEServiceName Authentication Method ato v Use Static IP Address r Dial on demand with idle timeouttimer I MTU MTU 1492 Routing Feature NAT Enable ri IGMP Proxy Enable r Apply as Default Gateway O DNS Server Obtain DNS info Automatically C Use the following Static DNS IP Address 6 to 4 Tunnel M 6to4 Tunneling 6RD Enable 6to4 Tunneling Relay Server IP FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 5 Broadband Figure 16 Broadband Add Edit Routing PPPoE IPv6 IPv4 Dual Stack IPv6 Address Obtain IPv6 Address Prefi
65. User s Guide Chapter 26 Log Setting The following table describes the fields in this screen Table 80 Maintenance gt Log Setting LABEL DESCRIPTION Syslog Setting Syslog Logging The Device sends a log to an external syslog server Select the Enable check box to enable syslog logging Syslog Server Enter the server name or IP address of the syslog server that will log the selected categories of logs UDP Port Enter the port number used by the syslog server Active Log and Select Level Log Category Select the categories of logs that you want to record Log Level Select the severity level of logs that you want to record If you want to record all logs select ALL Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings 226 FMG3024 D10A FMG3025 D10A Series User s Guide 27 Firmware Upgrade 27 1 Overview This chapter explains how to upload new firmware to your Device You can download new firmware releases from your nearest ZyXEL FTP site or www zyxel com to use to upgrade your device s performance Only use firmware for your device s specific model Refer to the label on the bottom of your Device 27 2 The Firmware Upgrade Screen Click Maintenance gt Firmware Upgrade to open the following screen The upload process uses HTTP Hypertext Transfer Protocol and may take up to three minutes After a
66. a queue Click Add new queue in the Queue Setup screen or the Edit icon next to an existing queue FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 9 Quality of Service QoS Figure 55 Queue Setup Add Edit Active Name Interface wan E Priority ilow Weight 1 xj Rate Limit kbps Aent pea The following table describes the labels in this screen Table 25 Queue Setup Add Edit LABEL DESCRIPTION Active Select to enable or disable this queue Name Enter the descriptive name of this queue Interface This shows the interface of this queue Priority Select the priority level from 1 to 7 of this queue The larger the number the higher the priority level Traffic assigned to higher priority queues gets through faster while traffic in lower priority queues is dropped if the network is congested Weight Select the weight from 1 to 15 of this queue If two queues have the same priority level the Device divides the bandwidth across the queues according to their weights Queues with larger weights get more bandwidth than queues with smaller weights Rate Limit Specify the maximum transmission rate in Kbps allowed for traffic on this queue Apply Click Apply to save your changes Back Click Back to return to the previous screen without saving 9 4 The Class Setup Screen Use this screen to add edit or delete QoS classifiers A classi
67. address Mask Address Informatio n WAN Interface Select the interface for the VPN gateway My IP Address Enter the IP address of the Device in the IKE SA Secure Enter the IP address of the remote IPSec router in the IKE SA Gateway Address Local ID Select IP to identify the Device by its IP address Select DNS to identify this Device by a domain name Select E mail to identify this Device by an e mail address 170 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 17 VPN Table 51 IPSec VPN Add LABEL DESCRIPTION Content When you select I P in the Local ID field type the IP address of your computer in the Content field If you configure the Content field to 0 0 0 0 or leave it blank the Device automatically uses the Pre Share Key refer to the Pre Share Key field description It is recommended that you type an IP address other than 0 0 0 0 in the Content field or use the DNS or E mail ID type in the following situations e When there is a NAT router between the two IPSec routers When you want the remote IPSec router to be able to distinguish between VPN connection requests that come in from IPSec routers with dynamic WAN IP addresses When you select DNS or E mail in the Local I D field type a domain name or e mail address by which to identify this Device in the Content field Use up to 31 ASCII characters including spaces although trailing spaces are t
68. assigned to this queue are dropped 9 6 QoS Technical Reference This section provides some technical background information about the topics covered in this chapter FMG3024 D10A FMG3025 D10A Series User s Guide This shows how much traffic bps forwarded to this interface are transmitted Chapter 9 Quality of Service QoS 9 6 1 IEEE 802 1Q Tag The IEEE 802 1Q standard defines an explicit VLAN tag in the MAC header to identify the VLAN membership of a frame across bridges A VLAN tag includes the 12 bit VLAN ID and 3 bit user priority The VLAN ID associates a frame with a specific VLAN and provides the information that devices need to process the frame across the network IEEE 802 1p specifies the user priority field and defines up to eight separate traffic types The following table describes the traffic types defined in the IEEE 802 1d standard which incorporates the 802 1p Table 29 IEEE 802 1p Priority Level and Traffic Type PRIORITY LEVEL TRAFFIC TYPE Level 7 Typically used for network control traffic such as router configuration messages Level 6 Typically used for voice traffic that is especially sensitive to jitter jitter is the variations in delay Level 5 Typically used for video that consumes high bandwidth and is sensitive to jitter Level 4 Typically used for controlled load latency sensitive traffic such as SNA Systems Network Architecture transactions Level 3 T
69. bandwidth using QoS Queue Setup Use this screen to configure QoS queue assignment Class Setup Use this screen to set up classifiers to sort traffic into different flows and assign priority and define actions to be performed for a classified traffic flow Monitor Use this screen to view each queue s statistics NAT Port Forwarding Use this screen to make your local servers visible to the outside world Sessions Use this screen to limit the number of NAT sessions a single client can establish Dynamic DNS Dynamic DNS Use this screen to allow a static hostname alias for a dynamic IP address Interface Interface Group Use this screen to create a new interface group Group Security Firewall General Use this screen to activate deactivate the firewall Services Use this screen to set the default action to take on outgoing network traffic MAC Filter MAC Filter Use this screen to allow specific devices to access the Device Parental Parental Control Use this screen to define time periods and days during which Control the Device performs parental control and or block web sites with the specific URL Certificates Local Certificates Use this screen to generate and export self signed certificates or certification requests and import the Device s CA signed certificates Trusted CA Use this screen to save CA certificates to the Device VPN VPN Use this screen to configure VPN settings VoIP SIP SIP S
70. classifier to the number you selected after clicking Apply Select Last to put this rule in the back of the classifier list Forward to Select a WAN interface through which traffic of this class will be forwarded out Interface If you select Unchange the Device forward traffic of this class according to the default routing table FMG3024 D10A FMG3025 D10A Series User s Guide 127 Chapter 9 Quality of Service QoS Table 27 Class Setup Add Edit continued LABEL DESCRIPTION DSCP Mark This field is available only when you select the Ether Type check box in Criteria Configuration Basic section If you select Mark enter a DSCP value with which the Device replaces the DSCP field in the packets If you select Unchange the Device keep the DSCP field in the packets 802 1p Mark Select a priority level with which the Device replaces the IEEE 802 1p priority field in the packets If you select Unchange the Device keep the 802 1p priority field in the packets To Queue Select a queue that applies to this class You should have configured a queue in the Queue Setup screen already Criteria Configuration Use the following fields to configure the criteria for traffic classification Basic From Interface Select whether the traffic class comes from the LAN Ether Type Select a predefined application to configure a class for the matched traffic If you select I P you also need to con
71. colon hexadecimal notation FMG3024 D10A FMG3025 D10A Series User s Guide 79 Chapter 5 Broadband Table 7 Broadband Add Edit Routing IPOE continued LABEL DESCRIPTION Prefix length Enter the bit number of the IPv6 subnet mask provided by your ISP IPv6 Default Enter the I Pv6 address of the default outgoing gateway using a colon Gateway hexadecimal notation IPv6 DNS Server Select whether you want to obtain the IPv6 DNS server addresses automatically or configure them manually Obtain IPv6 DNS Select this to have the Device get the IPv6 DNS server addresses from the ISP info Automatically automatically Use the following Select this to have the Device use the DNS server addresses you configure Static DNS IPv6 manually Address Primary IPv6 Enter the first IPv6 DNS server address assigned by the ISP DNS Server Secondary IPv6 Enter the second IPv6 DNS server address assigned by the ISP DNS Server 6to4 Tunneling The 6 to 4 Tunnel fields display when you set the I Pv6 IPv4 Mode field to I Pv4 Only Select 6to4 if the Device is connected to a network that has both IPv6 and IPv4 and the IPv4 addresses are public IP addresses In this mode the Device can convert an IPv4 address directly to an IPv6 address The format is 2002 IPv4 address in hexadecimal 48 6RD Enable Select this option to enable IPv6 Rapid Deployment By enabling this function the Device uses an ISP s
72. computers with running FTP servers 4 Does this rule conflict with any existing rules Once these questions have been answered adding rules is simply a matter of entering the information into the correct fields in the web configurator screens 152 FMG3024 D10A FMG3025 D10A Series User s Guide MAC Filter 14 1 Overview This chapter discusses MAC address filtering You can configure the Device to permit access to clients based on their MAC addresses in the MAC Filter screen 14 1 1 What You Need to Know Every Ethernet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You need to know the MAC address of the devices to configure this screen 14 2 The MAC Filter Screen Use the MAC Filter screen to allow LAN clients access to the Device To change your Device s MAC filter settings click Security gt MAC Filter The screen appears as shown Figure 75 Security gt MAC Filter MAC Address Filter C Enable Disable set wo MAC Address N 00 24 21 7E 20 96 29 m 30 O 31 m 32 O B Note Only devices listed here are granted access to the network coca FMG3024 D10A FMG3025 D10A Series User s Guide 153 Chapter 14 MAC Filter The following table describes the labels in this menu Table 43 Security gt MAC Filter LABEL D
73. deliver data with minimum delay and the networking methods used to control the use of bandwidth QoS allows the Device to group and prioritize application traffic and fine tune network performance Without QoS all traffic data is equally likely to be dropped when the network is congested This can cause a reduction in network performance and make the network inadequate for time critical application such as video on demand The Device assigns each packet a priority and then queues the packet accordingly Packets assigned a high priority are processed more quickly than those with low priority if there is congestion allowing time sensitive applications to flow more smoothly Time sensitive applications include both those that require a low level of latency delay and a low level of jitter variations in delay such as Internet gaming and those for which jitter alone is a problem such as Internet radio or streaming video Note The Device has built in configurations for Voice over IP IP The Quality of Service QoS feature does not affect VoIP traffic See Section 9 6 on page 130 for advanced technical information on SIP 9 1 1 What You Can Do in this Chapter Use the General screen to enable QoS set the bandwidth and allow the Device to automatically assign priority to upstream traffic according to the IEEE 802 1p priority level IP precedence or packet length Section 9 2 on page 122 Use the Queue Setup screen to configure QoS
74. destination address For outgoing packets the ILA Inside Local Address is the source address on the LAN and the IGA Inside Global Address is the source address on the WAN For incoming packets the ILA is the destination address on the LAN and the IGA is the destination address on the WAN NAT maps private local IP addresses to globally unique ones required for communication with hosts on other networks It replaces the original IP source address and TCP or UDP source port numbers for Many to One and Many to Many Overload NAT mapping in each packet and then forwards it to the Internet The Device keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored The following figure illustrates this FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 10 Network Address Translation NAT Figure 63 How NAT Works NAT Table LAN Inside Local Inside Global IP Address IP Address WAN 192 168 1 10 IGA 1 192 168 1 13 192 168 1 11 IGA2 192 168 1 12 IGA 3 192 168 1 13 IGA 4 Inside Local Inside Global Address ILA Address IGA 192 168 1 11 155 168 1 10 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 10 Network Address Translation NAT FMG3024 D10A FMG3025 D10A Series User s Guide Dynamic DNS 11 1 Overview This chapter discusses how to configure your Device to use Dynamic DNS Dynamic DNS allows you to update your curr
75. device like the Device to call another without involving a SIP service provider However the networking difficulties involved in doing this make it tremendously impractical under normal circumstances Your SIP account provider removes these difficulties by taking care of the call routing and setup figuring out how to get your call to the right place in a way that you and the other person can talk to one another Voice Activity Detection Silence Suppression Voice Activity Detection VAD detects whether or not speech is present This lets the Device reduce the bandwidth that a call uses by not transmitting silent packets when you are not speaking Comfort Noise Generation When using VAD the Device generates comfort noise when the other party is not speaking The comfort noise lets you know that the line is still connected as total silence could easily be mistaken for a lost connection Echo Cancellation G 168 is an ITU T standard for eliminating the echo caused by the sound of your voice reverberating in the telephone receiver while you talk Use this screen to maintain basic information about each SIP account You can also enable and disable each SIP account configure the volume echo cancellation and VAD Voice Activity Detection settings for each individual phone port on the Device How to Find Out More See Chapter 3 on page 25 for a tutorial showing how to set up these screens in an example scenario See Section on pa
76. domain name to its corresponding IP address and vice versa The DNS server is extremely important because without it you must know the IP address of a computer before you can access it The DNS server addresses you enter when you set up DHCP are passed to the client machines along with the assigned IP address and subnet mask 7 1 2 2 About UPnP How do I know if I m using UPnP UPnP hardware is identified as an icon in the Network Connections folder Windows XP Each UPnP compatible device installed on your network will appear as a separate icon Selecting the icon of a UPnP device will allow you to access the information and properties of that device Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues Network information and configuration may also be obtained and modified by users in some network environments When a UPnP device joins a network it announces its presence with a multicast message For security reasons the Device allows multicast messages on the LAN only All UPnP enabled devices may communicate freely with each other without additional configuration Disable UPnP if this is not your intention UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP Implementers Corp UI C ZyXEL s UPnP implementation supports Internet Gateway Device IGD 1 0 See Sectio
77. following table describes the labels in this menu Table 18 Network Setting gt Home Networking gt Media Server LABEL DESCRIPTION Enable Media Check this to have the Device function as a DLNA compliant media server Server Enable the media server to let DLNA compliant media clients on your network play media files located in the shares Apply Click Apply to save your changes 7 7 The Printer Server Screen The Device allows you to share a USB printer on your LAN You can do this by connecting a USB printer to one of the USB ports on the Device and then configuring a TCP IP port on the computers connected to your network FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking Figure 33 Sharing a USB Printer 7 7 1 Before You Begin To configure the print server you need the following Your Device must be connected to your computer and any other devices on your network The USB printer must be connected to your Device A USB printer with the driver already installed on your computer The computers on your network must have the printer software already installed before they can create a TCP IP port for printing via the network Follow your printer manufacturers instructions on how to install the printer software on your computer Note Your printer s installation instructions may ask that you connect the printer to your computer Connect your printer to the Device ins
78. host name 63 IANA 105 250 ID type and content 178 IEEE 802 1Q 86 IEEE 802 1Q VLAN 200 IGMP 87 version 87 IKE phases 175 importing trusted CAs 163 inside header 175 install UPnP 108 Windows Me 108 Windows XP 109 Internet access 15 Internet Assigned Numbers Authority See IANA Internet Assigned Numbers Authority see IANA Internet Key Exchange 175 Internet Protocol version 6 68 Internet Protocol version 6 see IPv6 Internet Service Provider see ISP IP address 63 104 default 19 WAN 68 IP Address Assignment 86 FMG3024 D10A FMG3025 D10A Series User s Guide Index IP pool 97 IP pool setup 104 IPSec algorithms 174 architecture 173 NAT 177 IPSec VPN 167 IPv6 68 295 addressing 69 87 295 DHCP 69 EUI 64 297 global address 296 interface ID 297 link local address 295 Neighbor Discovery Protocol 295 ping 295 prefix 69 88 295 prefix delegation 70 prefix length 69 88 295 stateless autoconfiguration 297 unspecified address 296 IPv6 modes 6to4 mode 69 ISP 68 iTunes server 102 ITU T 182 L LAN 93 and USB printer 103 client list 97 MAC address 98 LAN TCP IP 104 listening port 186 Local Area Network see LAN login passwords 19 logout 20 automatic 20 logs 205 225 MAC 63 153 MAC address 98 MAC address filtering 153 MAC filter 153 Management Information Base MIB 220 managing the device good habits 17 using FTP See FTP Maximum Burst Size MBS 85 Media acc
79. host name on the Device later 3 10 2 Configuring DDNS on Your Device Configure the following settings in the Network Setting gt Dynamic DNS screen Select Active Dynamic DNS Select Dynamic DNS for the DDNS type Type zyxelrouter dyndns org in the Host Name field Enter the user name UserName1 and password 12345 Dynamic DNS Configuration IV Active Dynamic DNS Service Provider WWW DynDNS ORG Dynamic DNS Type Dynamic DNS v Host Name Eyxelrouter dyndns org 1to 255 characters User Name UserName1 1to 255 characters Password eecce 1to 63 characters Appiy conca Click Apply 3 10 3 Testing the DDNS Setting Now you should be able to access the Device from the Internet To test this 1 Open a web browser on the computer using the IP address a b c d that is connected to the Internet 2 Type http zyxelrouter dyndns org and press Enter 3 The Device s login page should appear You can then log into the Device and manage it FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials FMG3024 D10A FMG3025 D10A Series User s Guide PART Il Technical Reference The appendices provide general information Some details may not apply to your Device Connection Status and System Info 4 1 Overview After you log into the web configurator the Connection Status screen appears This shows the network connection status of the Device and clients con
80. in to log out 3 Turn the Device off and on 4 Ifthis does not work you have to reset the device to its factory defaults See Section 31 2 on page 237 cannot Telnet to the Device See the troubleshooting suggestions for cannot see or access the Login screen in the web configurator Ignore the suggestions about your browser cannot use FTP to upload download the configuration file cannot use FTP to upload new firmware See the troubleshooting suggestions for cannot see or access the Login screen in the web configurator Ignore the suggestions about your browser FMG3024 D10A FMG3025 D10A Series User s Guide 239 Chapter 31 Troubleshooting 31 4 Internet Access cannot access the Internet 1 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide 2 Make sure you entered your ISP account information correctly These fields are case sensitive so make sure Caps Lock is not on 3 Disconnect all the cables from your device and follow the directions in the Quick Start Guide again 4 Ifthe problem continues contact your ISP cannot create multiple connections of the same type Your WAN interface must enable VLAN and fill each WAN connection with different VLAN IDs cannot access the Internet anymore had access to the Internet with the Device but my Internet connection is not available anymore 1 Check the har
81. is connected 3 The device is properly configured 4 The address on the previous page is correct If you think the address is not correct click Back to return to the previous page Then correct the address and perfom another search on the network If you are sure the address is correct select the device type below Device Type C Standard Generic Netwo lt Back Cancel Confirm the IP address of the Device in the IP Address field 10 Select Raw under Protocol 11 The Port Number is automatically configured as 9100 Click OK FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials onfigure Standard TCP IP Port Monitor 21 xl Port Settings Port Name IP 182 158 1 1 Printer Name or IP Address 192168313 Protocol Port Number 9100 M LPR Settings ueue Name LPR Byte Counting Enabled SNMP Status Enabled public SNMP Device Index fi Commi Inty Name Add Standard TCP IP Printer Port Wizard x Additional Port Information Required The device could net be venite amp The device is not found on the network Be sure that 1 The device buned on 2 The network is connected 3 The device is properly configured A The addins on the previous page is comet If you think the address fe net conset click Baek to imtum to the previous page Then conset the address and perfo
82. new IP address f you changed the IP address and have forgotten it see the troubleshooting suggestions for I forgot the IP address for the Device 2 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide 3 M Make sure your Internet browser does not block pop up windows and has J avaScript and Java enabled See Appendix C on page 283 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 31 Troubleshooting 4 Reset the device to its factory defaults and try to access the Device with the default IP address See Section 1 5 on page 17 5 Ifthe problem continues contact the network administrator or vendor or try one of the advanced suggestions Advanced Suggestions Try to access the Device using another service such as Telnet If you can access the Device check the remote management settings and firewall rules to find out why the Device does not respond to HTTP f your computer is connected to the WAN port use a computer that is connected to a ETHERNET port can see the Login screen but cannot log in to the Device 1 Make sure you have entered the user name and password correctly The default user name is admin These fields are case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is using Telnet to access the Device Log out of the Device in the other session or ask the person who is logged
83. only for the phone call your are going to Display Call make One Shot Caller This code is used to hide the caller ID only for the phone call your are going to Hidden Call make Call Waiting This code is used to turn the call waiting feature on With call waiting you hear a Enable special beep notifying you of another incoming call while you have a call It allows you to place the first incoming call on hold and answer the second call so that you won t miss any important calls Call Waiting This code is used to turn the call waiting feature off Disable One Shot Call This code is used to enable call waiting only for the phone call your are going to Waiting Enable make See the description for the Call Waiting Enable field for more information One Shot Call Waiting Disable Internal Call This code is used to disable one shot call waiting Specify the key combinations that you can enter to call the phone s connected to the Device Call Transfer This code is used to enable call transfer that allows you to transfer an incoming call that you have answered to another phone Unconditional Call Forward Enable This code is used to enable unconditional call forwarding Incoming calls are always forwarded to a specified number without any condition Unconditional Call Forward Disable This code is used to disable unconditional call forwarding No Answer Call Forward Enable This code is use
84. ou 5 GHz conform ment la l gislation Europ enne En France m tropolitaine suivant les d cisions n 03 908 et 03 909 de l ARCEP la puissance d mission ne devra pas d passer 10 mW 10 dB dans le cadre d une installation WiFi en ext rieur pour les fr quences comprises entre 2454 MHz et 2483 5 MHz This Class B digital apparatus complies with Canadian CES 003 Cet appareil num rique de la classe B est conforme la norme NMB 003 du Canada PRODUCT COMPLIES WITH 21 CFR 1040 10 AND 1040 11 PRODUIT CONFORME SELON 21CFR 1040 10 ET 1040 11 CLASS 1 LASER PRODUCT APPAREIL LASER DE CLASSE 1 Viewing Certifications 1 Goto http www zyxel com 2 Select your product on the ZyXEL home page to go to that product s page 3 Select the certification you wish to view from this page ZyXEL Limited Warranty ZyXEL warrants to the original end user purchaser that this product is free from any defects in material or workmanship for a specific period the Warranty Period from the date of purchase The Warranty Period varies by region Check with your vendor and or the authorized ZyXEL local distributor for details about the Warranty Period of this product During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials ZyXEL will at its discretion repair or replace the defective products or components without charge for either parts or labor and to
85. phase 2 you must Choose an encryption algorithm Choose an authentication algorithm Choose a Diffie Hellman public key cryptography key group e Set the IPSec SA lifetime This field allows you to determine how long the IPSec SA should stay up before it times out The Device automatically renegotiates the IPSec SA if there is traffic when the IPSec SA lifetime period expires If an IPSec SA times out then the IPSec router must renegotiate the SA the next time someone attempts to send traffic 17 3 4 Negotiation Mode 176 The phase 1 Negotiation Mode you select determines how the Security Association SA will be established for each connection through IKE negotiations Main Mode ensures the highest level of security when the communicating parties are negotiating authentication phase 1 It uses 6 messages in three round trips SA negotiation Diffie Hellman exchange and an exchange of nonces a nonce is a random number This mode features identity protection your identity is not revealed in the negotiation FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 17 VPN Aggressive Mode is quicker than Main Mode because it eliminates several steps when the communicating parties are negotiating authentication phase 1 However the trade off is that faster speed limits its negotiating power and it also does not provide identity protection It is useful in remote access situations where the address of the initiator is no
86. port SIP Number This shows the SIP account number SIP Account s to Receive Incoming Call SIP Account Select a SIP account if you want to receive phone calls for the selected SIP account on this phone port If you select more than one SIP account for incoming calls there is no way to distinguish between them when you receive phone calls If you do not select a source for incoming calls you cannot receive any calls on this phone port SIP Number This shows the SIP account number Apply Click Apply to save your changes Back Click Back to return to the previous screen without saving 18 6 The Call Rule Screen Use this screen to add edit or remove speed dial numbers for outgoing calls Speed dial provides shortcuts for dialing frequently used Vol P phone numbers You also have to create speed dial entries if you want to call SIP numbers that contain letters Once you have configured a speed dial rule you can use a shortcut the speed dial number 01 for example on your phone s keypad to call the phone number To access this screen click Vol P gt Call Rule Figure 98 VoIP gt Call Rule Speed Dial 1 mj Phone Book 01 02 03 04 05 06 07 08 09 10 Number Description SIPNumber CD LE i i i amp amp amp NE NE NE Sy mj mi mi mj md cu n uj uj Gl amp NE E FMG3024 D10A
87. queue assignment Section 9 3 on page 123 Use the Class Setup screen to set up classifiers to sort traffic into different flows and assign priority and define actions to be performed for a classified traffic flow Section 9 4 on page 125 Use the Monitor screen to view the Device s QoS related packet statistics Section 9 5 on page 130 9 1 2 What You Need to Know The following terms and concepts may help as you read this chapter FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 9 Quality of Service QoS QoS versus Cos QoS is used to prioritize source to destination traffic flows All packets in the same flow are given the same priority CoS class of service is a way of managing traffic in a network by grouping similar types of traffic together and treating each type as a class You can use CoS to give different priorities to different packet types CoS technologies include IEEE 802 1p layer 2 tagging and DiffServ Differentiated Services or DS IEEE 802 1p tagging makes use of three bits in the packet header while DiffServ is a new protocol and defines a new DS field which replaces the eight bit ToS Type of Service field in the IP header Tagging and Marking In a QoS class you can configure whether to add or change the DSCP DiffServ Code Point value IEEE 802 1p priority level and VLAN ID number in a matched packet When the packet passes through a compatible network the networking device such as
88. sub command before the default sub command time out 2 seconds expires or issue an invalid sub command the current operation will be aborted Table 65 European Flash Key Commands COMMAND SUB COMMAND DESCRIPTION Flash Put a current call on hold to place a second call Switch back to the call if there is no second call Flash 0 Drop the call presently on hold or reject an incoming call which is waiting for answer Flash 1 Disconnect the current phone connection and answer the incoming call or resume with caller presently on hold Flash 2 1 Switch back and forth between two calls 2 Put a current call on hold to answer an incoming call 3 Separate the current three way conference call into two individual calls one is on line the other is on hold Flash 3 Create three way conference connection Flash 983t Transfer the call to another phone FMG3024 D10A FMG3025 D10A Series User s Guide 201 Chapter 18 VoIP European Call Hold Call hold allows you to put a call A on hold by pressing the flash key If you have another call press the flash key and then 2 to switch back and forth between caller A and B by putting either one on hold Press the flash key and then 0 to disconnect the call presently on hold and keep the current call on line Press the flash key and then 1 to disconnect the current call and resume the call on hold If you hang up the phone but a cal
89. the VPN tunnel renegotiates all users accessing remote resources are temporarily disconnected 172 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 17 VPN Table 51 IPSec VPN Add LABEL DESCRIPTION Perfect Select whether or not you want to enable Perfect Forward Secrecy PFS Forward Secrecy PFS PFS changes the root key that is used to generate encryption keys for each IPSec SA The longer the key the more secure the encryption but also the longer it takes to encrypt and decrypt information Both routers must use the same DH key group Choices are Diffie Hellman Group2 use a 1024 bit random number Diffie Hellman Group5 use a 1536 bit random number Diffie Hellman Group14 use a 2048 bit random number DPD Active Enable Dead Peer Detection DPD Active check box if you want the Device to make sure the remote IPSec router is there before it transmits data through the IKE SA The remote IPSec router must support DPD If the remote IPSec router does not respond the Device shuts down the IKE SA 17 2 3 The Monitor Screen Use this screen to view active VPN connections The following figure helps explain the main fields in the web configurator Click Security gt VPN gt Monitor to open this screen as shown next Figure 87 Monitor Refresh This screen contains the following fields Table 52 Monitor LABEL DESCRIPTION This is the VPN policy in
90. the host on the WAN Local This refers to the packet address source or destination as the packet travels on the LAN Global This refers to the packet address source or destination as the packet travels on the WAN NAT never changes the IP address either local or global of an outside host 10 4 2 What NAT Does In the simplest form NAT changes the source IP address in a packet received from a subscriber the inside local address to another the inside global address before forwarding the packet to the WAN side When the response comes back NAT translates the destination address the inside global address back to the inside local address before forwarding it to the original inside host Note that the IP address either local or global of an outside host is never changed The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP In addition you can designate servers for example a web server and a Telnet server on your local network and make them accessible to the outside world If you do not define any servers NAT offers the additional benefit of firewall protection With no servers defined your Device filters out all incoming inquiries thus preventing intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 10 4 3 How NAT Works Each packet has two addresses a source address and a
91. this example can complete negotiation and establish a VPN tunnel Table 56 Matching ID Type and Content Configuration Example Device A Device B Local ID type E mail Local ID type IP Local ID content tom yourcompany com Local ID content 1 1 1 2 Remote ID type IP Remote ID type E mail Remote ID content 1 1 1 2 Remote ID content tom yourcompany com The two Devices in this example cannot complete their negotiation because Device B s Local ID type is IP but Device A s Remote ID type is set to E mail An ID mismatched message displays in the IPSEC LOG Table 57 Mismatching ID Type and Content Configuration Example DEVICE A DEVICE B Local ID type IP Local ID type IP Local ID content 1 1 1 10 Local ID content 1 1 1 2 Remote ID type E mail Remote ID type IP Remote ID content aa yahoo com Remote ID content 1 1 1 0 17 3 8 Pre Shared Key A pre shared key identifies a communicating party during a phase 1 IKE negotiation see Section 17 3 3 on page 175 for more on IKE phases It is called pre shared because you have to share it with another party before you can communicate with them over a secure connection 17 3 9 Diffie Hellman DH Key Groups Diffie Hellman DH is a public key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel Diffie Hellman is used within IKE SA setup to establish session keys U
92. to LAN and WAN to DEVICE Apply Click Apply to save your changes Back Click Back to exit this screen without saving your changes FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 13 Firewall 13 5 The DoS Screen Click Security gt Firewall gt DoS to display the following screen Use this screen to enable or disable Denial of Service DoS protection Figure 74 Security gt Firewall gt DoS DoS Protection Blocking Enable C Disable Apply Cancel Each field is described in the following table Table 42 Security gt Firewall gt DoS LABEL DESCRIPTION DoS Protection DoS Denial of Service attacks can flood your Internet connection with invalid packets Blocking and connection requests using so much bandwidth and so many resources that Internet access becomes unavailable Select Enable to enable protection against DoS attacks or Disable to disable it Apply Click Apply to save the DoS Protection settings Cancel Click Cancel to restore your previously saved settings 13 6 Firewall Technical Reference This section provides some technical background information about the topics covered in this chapter 13 6 1 Guidelines For Enhancing Security With Your Firewall 1 Change the default password via web configurator 2 Think about access control before you connect to the network in any way 3 Limit who can access your Device 4 Don t enable any local service s
93. to give you a message waiting beeping dial tone when you have a voice message s Your VoIP service provider must have a messaging system that sends message waiting status SIP packets as defined in RFC 3842 18 7 3 Quality of Service QoS Quality of Service QoS refers to both a network s ability to deliver data with minimum delay and the networking methods used to provide bandwidth for real time multimedia applications 1 The Device does not support pulse dialing at the time of writing FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP Type of Service ToS Network traffic can be classified by setting the ToS Type of Service values at the data source for example at the Device so a server can decide the best method of delivery that is the least cost fastest route and so on DiffServ DiffServ is a class of service CoS model that marks packets so that they receive specific per hop treatment at DiffServ compliant network devices along the route based on the application types and traffic flow Packets are marked with DiffServ Code Points DSCP indicating the level of service desired This allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traff
94. to the LAN Interface Status Interface This column displays each interface the Device has Status This field indicates whether or not the Device is using the interface For the WAN interface this field displays Up when the Device is using the interface and Down when the Device is not using the interface For the LAN interface this field displays Up when the Device is using the interface and Down when the Device is not using the interface For the 3G interface it displays Enabled when 3G is enabled or Disabled when 3G is disabled FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 4 Connection Status and System Info Table3 System Info Screen continued LABEL DESCRIPTION Rate For the LAN interface this displays the port speed and duplex setting For the WAN interface this displays the port speed and duplex setting For the 3G interface it displays the maximum transmission rate when 3G is enabled or N A when 3G is disabled System Status System Up Time This field displays how long the Device has been running since it last started up The Device starts up when you plug it in when you restart it Maintenance Reboot or when you reset it see Section 1 5 on page 17 Current Date Time This field displays the current date and time in the Device You can change this in Maintenance Time Setting System Resource CPU Usage This field displays what percent
95. voice signals into digital signals and decodes the digital signals back into analog voice signals The Device supports the following codecs G 711 is a Pulse Code Modulation PCM waveform codec PCM measures analog signal amplitudes at regular time intervals and converts them into digital samples G 711 provides very good sound quality but requires 64 kbps of bandwidth G 726 is an Adaptive Differential PCM ADPCM waveform codec that uses a lower bitrate than standard PCM conversion ADPCM converts analog audio into digital signals based on the difference between each audio sample and a prediction based on previous samples The more similar the audio sample is to the prediction the less space needed to describe it G 726 operates at 16 24 32 or 40 kbps e G 729 is an Analysis by Synthesis AbS hybrid waveform codec that uses a filter based on information about how the human vocal tract produces sounds G 729 provides good sound quality and reduces the required bandwidth to 8 kbps PSTN Call Setup Signaling Dual Tone MultiFrequency DTMF signaling uses pairs of frequencies one lower frequency and one higher frequency to set up calls It is also known as Touch Tone Each of the keys on a DTMF telephone corresponds to a different pair of frequencies Pulse dialing sends a series of clicks to the local phone office in order to dial numbers MWI Message Waiting Indication Enable Message Waiting Indication MWI enables your phone
96. your ISP Internet Service Provider If your ISP offers a dial up Internet connection using PPPoE PPP over Ethernet they should also provide a username and password and service name for user authentication WAN IP Address The WAN IP address is an IP address for the Device which makes it accessible from an outside network It is used by the Device to communicate with other devices in other networks It can be static fixed or dynamically assigned by the ISP each time the Device tries to access the Internet If your ISP assigns you a static WAN IP address they should also assign you the subnet mask and DNS server IP address es 3G 3G Third Generation is a digital packet switched wireless technology Bandwidth usage is optimized as multiple users share the same channel and bandwidth is only allocated to users when they send data It allows fast transfer of voice and non voice data and provides broadband Internet access to mobile devices IPv6 Introduction IPv6 Internet Protocol version 6 is designed to enhance IP address size and features The increase in IPv6 address size to 128 bits from the 32 bit IPv4 address allows up to 3 4 x 10 8 IP addresses The Device can use IPv4 IPv6 dual stack to connect to IPv4 and IPv6 networks and supports IPv6 rapid deployment 6RD FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 5 Broadband IPv6 Addressing The 128 bit IPv6 address is written as eight 16 bit hexadeci
97. 0 0 2 LAN Default Queue LAN 0 0 3 Fast WAN 0 0 4 Active user WAN 0 0 5 Passive user WAN 0 0 6 Slow WAN 0 0 3 10 Access the Device Using DDNS If you connect your Device to the Internet and it uses a dynamic WAN IP address it is inconvenient for you to manage the device from the Internet The Device s WAN IP address changes dynamically Dynamic DNS DDNS allows you to access the Device using a domain name http zyxelrouter dyndns org a b c d To use this feature you have to apply for DDNS service at www dyndns org This tutorial shows you how to Registering a DDNS Account on www dyndns org Configuring DDNS on Your Device Testing the DDNS Setting Note If you have a private WAN IP address then you cannot use DDNS 3 10 1 Registering a DDNS Account on www dyndns org 1 Open a browser and type http www dyndns org FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials 2 Apply for a user account This tutorial uses UserName1 and 12345 as the username and password 3 Log into www dyndns org using your account 4 Add a new DDNS host name This tutorial uses the following settings as an example Hostname zyxelrouter dyndns org Service Type Host with IP address P Address Enter the WAN IP address that your Device is currently using You can find the IP address on the Device s web configurator Status page Then you will need to configure the same account and
98. 0 0 0 Drop 0 0 0 0 Data 0 0 2000 0 Received Packet Error 0 0 0 0 Drop 0 0 0 0 The following table describes the fields in this screen Table 71 System Monitor gt Traffic Status gt LAN LABEL DESCRIPTION Refresh Interval Select how often you want the Device to update this screen from the drop down list box Interface This shows the LAN interface Bytes Sent This indicates the number of bytes transmitted on this interface Bytes Received This indicates the number of bytes received on this interface Interface This shows the LAN interface Sent Packet FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 20 Traffic Status Table 71 System Monitor gt Traffic Status gt LAN continued LABEL DESCRIPTION Data This indicates the number of transmitted packets on this interface Error This indicates the number of frames with errors transmitted on this interface Drop This indicates the number of outgoing packets dropped on this interface Received Packet Data This indicates the number of received packets on this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface 20 4 The NAT Status Screen Click System Monitor gt Traffic Status gt NAT to open the following screen You can view the NAT status of the Device s cli
99. 049 Network File System NFS is a client server distributed file service that provides transparent file sharing for network environments NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service PING User Defined 1 Packet I Nternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e mail from a POP3 server through a temporary connection TCP IP or other PPTP TCP 1723 Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the control channel PPTP TUNNEL User Defined 47 PPTP Point to Point Tunneling Protocol GRE enables secure transfer of data over public networks This is the data channel RCMD TCP 512 Remote Command Service REAL AUDIO TCP 7070 A streaming audio service that enables real time sound over the web REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login RTELNET TCP 107 Remote Telnet RTSP TCP UDP 554 The Real Time Streaming media control Protocol RTSP is a remote control for multimedia on the Internet SFTP TCP 115 Simple File Transfer Protocol FMG3024 D10A FMG3025 D10A Series User s Guide Appendix D Common Services Table 96 Commonly Used Services continued NAME PROTOCOL PORT S DESCRIPTION
100. 18 Chapter 9 Gual OP SUIS Q0 S ermani E EAE EETA BAHIA DUAE UN 121 CT NE a T sadaxee aaatentiaamtimdsanatendtiaatieNans 121 o1 Wiat Yau Can Doin ihis erc E o m oo 121 91 2 What Yon Need to KON rcas aaa arae aaaea iaraa 121 PU EdEo SERRA a E E S A A A A A E A A S 122 9 0 Ihe Queus ID SCHOEN araia E Ei 123 cBECA Mor cho SR CAD OUE PITE A deltas 124 g4 Mecas Setup SEGEN osucsdusscptuui enda datoel Eeaskdast A Hd DR aue tup tom NK aa FUR EE 125 ST MQ S EO O cs o aiiin 126 9 5 The QoS Monitor SIL DNO UU RAEN 130 OB GOS Tecnica Relaronte ausiccuuddbee tudo vv ERE UR b epe iehe eH neo REP qN ua Eee a he E eb 0d oo debe pedis 130 JEI EEE 8021 Tay EE 131 Soe IP uie c rc T LSU 131 CISECAEIR II a 131 Chapter 10 Network Address Translation NAT ccccsssseeeeeeeeeeeensseeeneeeeesenssseeeeeecoesesessennananneseeeeensaeseneeeeeseens 133 DKES 7 Term 133 101 1 What Yeu Gan De dc IS SMI acest piss ntes dens ope de pees Dedi aae ped nor tet tanta ne dapi tuU TREES 133 10 12 What rou INGO TO KION rm 133 102 Tho PON Fonar iMa SIES aiezoniucaes enDDdzdcpam ic aA ES AS ASEA 134 TIE M the Parn Pereardidg SOSEN aisinn a ea 134 102 2 The Porn Forwardiho Bait Sere dois axbbctbend E aa mo EN 135 102 The Sese OPE asissicexdpet bv ual a UG Faure EUER I Eu Yu Eutr odd PUEDEN 137 paciens I T EUER 137 FMG3024 D10A FMG3025 D10A Series User s Guide Table of Contents T1531 1 REST DEBES eset aah cbt teach teca e E baa Y oat air Ea Pe n xt Ede ERE et iat d
101. 4 D10A FMG3025 D10A Series User s Guide Chapter 9 Quality of Service QoS Figure 57 Class Setup Add Edit Class Configuration Active iv Class Name ES Classification Order as e Forward To Interface Unchange DSCP Mark Unchange x 0 63 802 1P Mark Unchange SOY To Queue ras e Criteria Configuration Use the configurations below to specify the characteristics of a data flow need to be managed by this QoS rule Basic I From Interface Local I Ether Type IP 0x0800 Source MAC Address 7 MAC Mask E Exclude IP Address IPSubnetMask E Exclude Port Range E E Exclude Destination MAC Address MAC Mask r Exclude F IP Address I IP Subnet Mask NEEEEEEEEEN mn Exclude Port Range D n 65535 ni Exclude Others m 802 1P BE M E Exclude I IP Protocol TCP BEI r Exclude ipPacketlencth 46 1504 r Exclude pscP Ie Exclude TCP ACK m Exclude E DHCP endorClassID DHCP Option 60 E Exclude Class ID String F Service FTP M E Exclude i The following table describes the labels in this screen Table 27 Class Setup Add Edit LABEL DESCRIPTION Class Configuration Active Select to enable this classifier Class Name Enter a descriptive name of up to 32 printable English keyboard characters including spaces Classification Order Select an existing number for where you want to put this classifier to move the
102. 5 Broadcast Address 192 168 1 127 Highest Host ID 192 168 1 126 Table 91 Subnet 3 LAST OCTET BIT IP SUBNET MASK NETWORK NUMBER VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 92 Subnet 4 LAST OCTET BIT IP SUBNET MASK NETWORK NUMBER VALUE IP Address 192 168 1 192 IP Address Binary 11000000 10101000 00000001 11000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Example Eight Subnets Similarly use a 27 bit mask to create eight subnets 000 001 010 011 100 101 110 and 111 The following table shows IP address last octet values for each subnet Table 93 Eight Subnets SUBNET ADDRESS FIRST ADDRESS ADDRESS ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 FMG3024 D10A FMG3025 D10A Series User s Guide Appendix A IP Addresses and Subnetting Table 93 Eight Subnets continued SUBNET LAST BROADCAST SUBNET ADDRESS FIRST ADDRESS ADDR
103. 5 D10A Series User s Guide EN Table of Contents Appendix A IP Addresses and Subnetting esssssssseseeeeeee nennen 243 Appendix B Setting Up Your Computer s IP Address eeessseeeeemeenennn 253 Appendix C Pop up Windows JavaScript and Java Permissions seeeeeeeee 283 Appendix D Common pl REESE UE ree rer nErenn Eet 291 BEDAE EP UR ocu hr E LE M MM ee 295 Appondk F Legal Mmao eaae E m 305 C 309 12 FMG3024 D10A FMG3025 D10A Series User s Guide PART User s Guide Introduction 1 1 Overview The Device is a fiber WAN router which also includes Voice over IP Vol P communication capabilities to allow you to use a traditional analog telephone to make Internet calls By integrating all of these features you are provided with ease of installation and high speed shared Internet access The Device is also a complete security solution with a robust firewall based on Stateful Packet Inspection SPI technology and Denial of Service DoS Note The FMG3024 D10A model has cable TV support 1 2 Applications for the Device Here are some example uses for which the Device is well suited 1 2 1 Internet Access Your Device provides shared Internet access Computers can connect to the Device s LAN ports Figure 1 Device s Internet Access Application LAN WAN Bridging IPoE a PPPoE lt lt
104. AT sessions Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings 10 4 Technical Reference This section provides some technical background information about the topics covered in this chapter 10 4 1 NAT Definitions Inside outside denotes where a host is located relative to the Device for example the computers of your subscribers are the inside hosts while the web servers on the Internet are the outside hosts Global local denotes the IP address of a host in a packet as the packet traverses a router for example the local address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that inside outside refers to the location of a host while global local refers to the IP address of a host used in a packet Thus an inside local address ILA is the IP address of an inside host in a packet when the packet is still in the local network while an inside global address IGA is the IP FMG3024 D10A FMG3025 D10A Series User s Guide 137 Chapter 10 Network Address Translation NAT address of the same inside host when the packet is on the WAN side The following table summarizes this information Table 33 NAT Definitions ITEM DESCRIPTION Inside This refers to the host on the LAN Outside This refers to
105. Certificates offer the following benefits The Device only has to store the certificates of the certification authorities that you decide to trust no matter how many devices you need to authenticate Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys Certificate File Formats The certification authority certificate that you want to import has to be in one of these file formats Binary X 509 This is an ITU T recommendation that defines the formats for X 509 certificates PEM Base 64 encoded X 509 This Privacy Enhanced Mail format uses 64 ASCII characters to convert a binary X 509 certificate into a printable form Binary PKCS 7 This is a standard that defines the general syntax for data including digital signatures that may be encrypted The Device currently allows the importation of a PKS 7 file that contains a single certificate PEM Base 64 encoded PKCS Z7 This Privacy Enhanced Mail PEM format uses 64 ASCII characters to convert a binary PKCS 7 certificate into a printable form Note Be careful not to convert a binary file to text during the transfer process It is easy for this to occur since many programs use text files by default 16 1 3 Verifying a Certificate Before you import a trusted CA or trusted remote host certificate into the Device you should verify that you have the actual certificate This is especially true of tr
106. D10A FMG3025 D10A Series User s Guide IPv6 Overview IPv6 Internet Protocol version 6 is designed to enhance IP address size and features The increase in IPv6 address size to 128 bits from the 32 bit IPv4 address allows up to 3 4 x 1038 IP addresses IPv6 Addressing The 128 bit IPv6 address is written as eight 16 bit hexadecimal blocks separated by colons This is an example IPv6 address 2001 0db8 1a25 0015 0000 0000 1a2 0000 IPv6 addresses can be abbreviated in two ways e Leading zeros in a block can be omitted So 2001 0db8 1a2b 0015 0000 0000 1a2f 0000 can be written as 2001 db8 1a2b 15 0 0 1a2 0 Any number of consecutive blocks of zeros can be replaced by a double colon A double colon can only appear once in an IPv6 address So 2001 0db8 0000 0000 1a2 0000 0000 0015 can be written as 2001 0db8 1a2 0000 0000 0015 2001 0db8 0000 0000 1a2 0015 2001 db8 1a2 0 0 15 Or 2001 db8 0 0 la2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2 0 32 means that the first 32 bits 2001 db8 is the subnet prefix Link local Address A link local address uniquely identifies a device on the local network the LAN
107. ESCRIPTION MAC Address Select Enable to activate MAC address filtering Filter Set This is the index number of the MAC address Allow Select Allow to permit access to the Device MAC addresses not listed will be denied access to the Device If you clear this the MAC Address field for this set clears MAC Address Enter the MAC addresses of the LAN devices that are allowed access to the Device in these address fields Enter the MAC addresses in a valid MAC address format that is six hexadecimal character pairs for example 12 34 56 78 9a bc Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings FMG3024 D10A FMG3025 D10A Series User s Guide Parental Control 15 1 Overview Parental control allows you to block web sites with the specific URL You can also define time periods and days during which the Device performs parental control on a specific user 15 2 The Parental Control Screen Use this screen to enable parental control view the parental control rules and schedules Click Security Parental Control to open the following screen Figure 76 Security gt Parental Control General Parental Control C Enable Disable settings are invalid when disabled Add new PCP 1 PCP1 All EJESEJESESIBEHEE 1 30 23 59 configured None Apply Cancel The following table describes the fields in this screen Table 44 Pa
108. ESS ADDRESS 7 192 193 222 223 8 224 225 254 255 Subnet Planning The following table is a summary for subnet planning on a network with a 24 bit network number Table 94 24 bit Network Number Subnet Planning NO BORROWED SUBNET MASK NO SUBNETS NO HOSTS PER I 255 255 255 128 25 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 7 255 255 255 254 31 128 1 The following table is a summary for subnet planning on a network with a 16 bit network number Table 95 16 bit Network Number Subnet Planning NO BORROWED SUBNET MASK NO SUBNETS NO HOSTS PER 1 255 255 128 0 17 32766 2 255 255 192 0 18 16382 3 255 255 224 0 19 8190 4 255 255 240 0 20 16 4094 5 255 255 248 0 21 32 2046 6 255 255 252 0 22 64 1022 7 255 255 254 0 23 128 510 8 255 255 255 0 24 256 254 9 255 255 255 128 25 512 126 10 255 255 255 192 26 1024 62 11 255 255 255 224 27 2048 30 12 255 255 255 240 28 4096 14 13 255 255 255 248 29 8192 6 14 255 255 255 252 30 16384 15 255 255 255 254 31 32768 1 FMG3024 D10A FMG3025 D10A Series User s Guide Appendix A IP Addresses and Subnetting Configuring IP Addresses Where you obtain your network number depends on your particular situation
109. FMG3024 D10A FMG3025 D10A Series Gigabit Active Fiber VoIP IAD Default Login Details LAN IP http 192 168 1 1 Address User Name admin Password 1234 Version 1 00 Edition 1 2 2013 ZyXEL Copyright 2013 www zyxel com ZyXEL Communications Corporation KEEP THIS GUIDE FOR FUTURE REFERENCE IMPORTANT READ CAREFULLY BEFORE USE KEEP THIS GUIDE FOR FUTURE REFERENCE Note This guide is a reference for a series of products Therefore some features or options in this guide may not be available in your product Graphics in this book may differ slightly from the product due to differences in operating systems operating system versions or if you installed updated firmware software for your device Every effort has been made to ensure that the information in this manual is accurate Related Documentation Quick Start Guide The Quick Start Guide shows how to connect the Device and access the Web Configurator It also contains a connection diagram FMG3024 D10A FMG3025 D10A Series User s Guide Contents Overview Contents Overview Usora GUNO AEST I I I T E S 13 cpu De acisbuduse eco iE eeu ue pp od n Dd ou urbe oe qe ae qe teeou Loeb Due OP MON EB 15 Theocr die Wen DODRCRESEDT ceri aret rather a aa ERR labbra da rt ON d bead a tud itu P 19 BE rend eR T DEI I NNI T 25 59 Connection Sralue ahd System HIER sassanida ced d iua adf beri e
110. G3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials M Active Route Name Fonz Destination IP Address 1923168100 IP Subnet Mask 255 255 255 0 Gateway IP Address ie24681253 Bound Interface NotAvailiable Apply Back Click Apply The Routing screen should display the route you just added Add New Static Route Active Status MName RN RN 1 V V To N2 192 168 10 0 192 168 1 253 255 255 255 0 LAN brO 4 n Now B should be able to receive traffic from A You may need to additionally configure B s firewall settings to allow specific traffic to pass through 3 9 Configuring QoS Queue and Class Setup This section contains tutorials on how you can configure the QoS screen Note Voice traffic will not be affected by the user defined QoS settings on the Device It always gets the highest priority Let s say you are a team leader of a small sales branch office You want to prioritize e mail traffic because your task includes sending urgent updates to clients at least twice every hour You also upload data files such as logs and e mail archives to the FTP server throughout the day Your colleagues use the Internet for research as well as chat applications for communicating with other branch offices In the following figure your Internet connection has an upstream transmission bandwidth of 10 000 kbps For this example you want to configure QoS so that e mail traffic gets the high
111. IANA Internet Assigned Number Authority web site Name This is a short descriptive name for the service You can use this one or create a different one if you like Protocol This is the type of IP protocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is USER DEFI NED the Port s is the IP protocol number not the port number Port s This value depends on the Protocol Please refer to RFC 1700 for further information about port numbers f the Protocol is TCP UDP or TCP UDP this is the IP port number f the Protocol is USER this is the IP protocol number Description This is a brief explanation of the applications that use this service or the situations in which this service is used Table 96 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH User Defined 51 The IPSEC AH Authentication Header IPSEC TUNNEL tunneling protocol uses this service AI M New I1CQ TCP 5190 AOL s Internet Messenger service It is also used as a listening port by ICQ AUTH TCP 113 Authentication protocol used by some servers BGP TCP 179 Border Gateway Protocol BOOTP CLIENT UDP 68 DHCP Client BOOTP SERVER UDP 67 DHCP Server CU SEEME TCP 7648 A popular videoconferencing solution from White Pines Software UDP 24032 DNS TCP UDP 53 Domain Name Server a service that matches web names for example www zyxel com
112. IGMP The address 224 0 0 2 is assigned to the multicast routers group At start up the Device queries all directly connected networks to gather group membership After that the Device periodically updates this information DNS Server Address Assignment Use Domain Name System DNS to map a domain name to its corresponding IP address and vice versa for instance the IP address of www zyxel com is 204 217 0 2 The DNS server is extremely important because without it you must know the IP address of a computer before you can access it The Device can get the DNS server addresses in the following ways 1 ThelSP tells you the DNS server addresses usually in the form of an information sheet when you sign up If your ISP gives you DNS server addresses manually enter them in the DNS server fields 2 If your ISP dynamically assigns the DNS server IP addresses along with the Device s WAN IP address set the DNS server fields to get the DNS server address from the ISP IPv6 Addressing The 128 bit IPv6 address is written as eight 16 bit hexadecimal blocks separated by colons This is an example IPv6 address 2001 0db8 1a25b 0015 0000 0000 1a2 0000 IPv6 addresses can be abbreviated in two ways e Leading zeros in a block can be omitted So 2001 0db8 1a2b 0015 0000 0000 1a2f 0000 can be written as 2001 db8 1a2b 15 0 0 1a2 0 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 5 Broadband Any number of consecutiv
113. IPv6 address prefix instead of the 2002 48 prefix The operational domain of 6RD is limited to and controlled by the ISP s network 6RD hosts are ensured to be reachable from all native IPv6 addresses as 6RD only uses relay servers within control of the ISP 6to4 Tunneling Enter the tunneling relay server s IPv4 address in this field Relay Server IP 4 to 6 Tunnel The 4 to 6 Tunnel fields display when you set the I Pv6 IPv4 Mode field to I Pv6 Only Enable Dual Stack Lite to let local computers use IPv4 through an ISP s IPv6 network Enable DS Lite Enable Dual Stack Lite to let local computers use IPv4 through an ISP s IPv6 network 4to6 Endpoint Specify the transition router s IPv6 address IPv6 Address Apply Click Apply to save your changes Back Click Back to return to the previous screen 5 2 1 3 Bridge Mode Click the Add new WAN I nterface in the Network Setting Broadband screen or the Edit icon next to the connection you want to configure Select Bridge as the encapsulation mode FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 5 Broadband Figure 21 Broadband Add Edit Bridge General Name M Mode Bridge VLAN Enable VLAN Vv Enter 802 1P Priority 0 7 lO Enter 802 10 VLAN ID 1 4094 NEN 3900 3905 are reserved Enable VLAN on LAN side 0 The following table describes the fields in this screen Table 8 Broadband Add Edit Bridge
114. NEE VI etc 225 20 2 The Log Sotling Sereal ovivapvt tiendaer n baa peo DOR Up ERG Ln DRE Lbs o kp Le E Lp e 225 Chapter 27 dup rode o 227 2i SIUS Lotcesmosstenutecst iius nO LEE LES IM RM HER EU IL LE I RU ME MM LS ELE E AE ERE 227 27 2 The Firmware Upgrade Sorel oisi ana Ue RETEEH iain Uia EXTR YE Up ERE La ER ERE ERR Lin 227 Chapter 28 oli 229 PCM cr Tt 229 202 The Backup Resort SOGE NEED LOL 229 28 3 The Reboot Serel sisis cca ad utra Lat crono ra E eg c aas Ronan RE EONA sata bar Fascia Real xus iHe Dm da 231 Chapter 29 PI 233 VCNEE UD ECT 233 29 2 The Pa TraceRoute SOTBBIT Lic enin keb v ER CEP RE Uer P REX PAGE E ER Lg P OC EE CL EE C 233 Chapter 30 FNIT PETERET TIE T ERUIT w 235 X REM cr E EE Et 235 QD PIS PEROUISIBI aacra pees Eopptis aU us Super ie bases Sete x bep udi ard E prz eaa bruce v Lupus i uber Cau dad 235 Chapter 31 Decree aE 237 REA cr TE TEES 237 31 2 Power Hardware Connections and LEDS 1 uui iccsexren cux irere oa re Rb E cag cn E 237 31o Dorice oer ci and GU eT 238 SA UST I SC OS CETERO UTERETUR 240 2LA Phirip t ae Sr VBIB oo edis aries Date ame e oy eae ne RE ee M M ME DRM ES 241 31 8 USB Device Connection 1 auscco ask ence auzkrscct au paxkkuer aa kk aaie eaa cea mca iaaa aa accu aaa aaie 241 Fh Lr E Mu cT P 242 FMG3024 D10A FMG302
115. Network and other networks so that a computer in one location can communicate with computers in other locations Figure 11 LAN and WAN 3G third generation standards for the sending and receiving of voice video and data in a mobile environment You can attach a 3G wireless adapter to the USB port and set the Device to use this 3G connection as your WAN or a backup when the wired WAN connection fails Figure 12 3G WAN Connection FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 5 Broadband 5 1 1 What You Can Do in this Chapter Use the Broadband screen to view remove or add a WAN interface You can also configure the WAN settings on the ZyXEL Device for Internet access Section 5 2 on page 70 Use the 3G Backup screen to configure 3G WAN connection Section 5 3 on page 81 Table 4 WAN Setup Overview LAYER 2 INTERFACE INTERNET CONNECTION INTERFACE MODE WAN SERVICE CONNECTION SETTINGS EtherWAN Routing PPPoE PPP user name and password WAN IP address DNS server and default gateway IPOE WAN IP address NAT DNS server and default gateway Bridge N A N A 5 1 2 What You Need to Know The following terms and concepts may help as you read this chapter Encapsulation Method Encapsulation is used to include data from an upper layer protocol into a lower layer protocol To set up a WAN connection to the Internet you need to use the same encapsulation method used by
116. P The Neighbor Discovery Protocol NDP is a protocol used to discover other I Pv6 devices and track neighbor s reachability in a network An IPv6 device uses the following ICMPv6 messages types Neighbor solicitation A request from a host to determine a neighbor s link layer address MAC address and detect if the neighbor is still reachable A neighbor being reachable means it responds to a neighbor solicitation message from the host with a neighbor advertisement message Neighbor advertisement A response from a node to announce its link layer address Router solicitation A request from a host to locate a router that can act as the default router and forward packets Router advertisement A response to a router solicitation or a periodical multicast advertisement from a router to advertise its presence and other parameters IPv6 Cache An IPv6 host is required to have a neighbor cache destination cache prefix list and default router list The Device maintains and updates its IPv6 caches constantly using the information from response messages In IPv6 the Device configures a link local address automatically and then sends a neighbor solicitation message to check if the address is unique If there is an address to be resolved or verified the Device also sends out a neighbor solicitation message When the Device receives a neighbor advertisement in response it stores the neighbor s link layer address in the neighbor cache
117. P Address and fill in the IP address Subnet mask and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click OK to close the Internet Protocol TCP I P Properties window Click OK to close the Local Area Connection Properties window Verifying Settings 1 2 Click Start gt All Programs gt Accessories gt Command Prompt In the Command Prompt window type ipconfig and then press ENTER You can also go to Start gt Control Panel gt Network Connections right click a network connection click Status and then click the Support tab to view your IP address and connection information FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address Windows Vista This section shows screens from Windows Vista Professional 1 Click Start gt Control Panel Figure 140 Windows Vista Start Menu Dr eye 7 0 Professional Connect To eA Media Player Classic gt All Programs 5 le af sar ea 2 In the Control Panel click the Network and I nternet icon Figure 141 Windows Vista Control Panel Bme GOo E Control Panel gt II 2 File Edit View Tools Help Control Panel Home ins i System and Maintenance User Accounts Classic View 1 Get start
118. Prefix Broadcast Scope IPv4 10 0 2 15 255 255 255 0 10 0 2 255 IPv6 fe80 a00 27ff fe30 el6c 64 Link Interface Information Interface Statistics Hardware address 08 00 27 30 e1 6c 684 6 KiB Multicast Enabled Transmitted aa a 1425 MTU 1500 Transmission errors 0 Link speed not available Received bytes 219 5 KiB State Active Received packets 1426 Reception errors 0 Collisions 0 d ZEEZEZZEI Linux openSUSE 10 3 KDE This section shows you how to configure your computer s TCP IP settings in the K Desktop Environment KDE using the openSUSE 10 3 Linux distribution The procedure screens and file locations may vary depending on your specific distribution release version and individual configuration The following screens use the default openSUSE 10 3 installation Note Make sure you are logged in as the root administrator Follow the steps below to configure your computer IP address in the KDE 1 Click K Menu Computer Administrator Settings YaST 276 FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address Figure 172 openSUSE 10 3 K Menu gt Computer Menu s m ii se O ON a Administrator Settings ES Install Software D System Information Applications System Folders A Home Folder 2 My Documents rv Network Folders Prat Media 2 4G Media 2 0 GB available Eavorites Applic
119. Properties Figure 138 Windows XP Local Area Connection Properties 4 Local Area Connection Properties R General Authentication Advanced Connect using Ba Accton EN1207D TX PCI Fast Ethernet Adapter This connection uses the following items v E Client for Microsoft Networks v B File and Printer Sharing for Microsoft Networks Internet Protocol TCP IP Description Transmission Control Protocol Internet Protocol The default wide area network protocol that provides communication across diverse interconnected networks D C Show icon in notification area when connected 5 The Internet Protocol TCP IP Properties window opens FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address 7 8 Figure 139 Windows XP Internet Protocol TCP IP Properties Internet Protocol TCPAIP Properties General Altemate Configuration You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Use the following IP address Obtain DNS server address automatically Use the following DNS server addresses Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically Select Use the following I
120. RIPTION FF01 0 0 0 0 0 0 1 All hosts on a local node FF01 0 0 0 0 0 0 2 All routers on a local node FF02 0 0 0 0 0 0 1 All hosts on a local connected link FF02 0 0 0 0 0 0 2 All routers on a local connected link FF05 0 0 0 0 0 0 2 All routers on a local site FF05 0 0 0 0 0 1 3 All DHCP severs on a local site The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group Table 99 Reserved Multicast Address MULTICAST ADDRESS FF00 0 0 0 0 0 0 0 FF01 0 0 0 0 0 0 0 FF02 0 0 0 0 0 0 0 FF03 0 0 0 0 0 0 0 FF04 0 0 0 0 0 0 0 FF05 0 0 0 0 0 0 0 FF06 0 0 0 0 0 0 0 FF07 0 0 0 0 0 0 0 FMG3024 D10A FMG3025 D10A Series User s Guide Appendix E IPv6 Table 99 Reserved Multicast Address continued MULTICAST ADDRESS FF08 0 0 0 0 0 0 0 FF09 0 0 0 0 0 0 0 FF0A 0 0 0 0 0 0 0 FF0B 0 0 0 0 0 0 0 FF0C 0 0 0 0 0 0 0 FF0D 0 0 0 0 0 0 0 FF0E 0 0 0 0 0 0 0 FFOF 0 0 0 0 0 0 0 Subnet Masking Interface EUI 64 Both an IPv6 address and Pv6 subnet mask compose of 128 bit binary digits which are divided into eight 16 bit blocks and written in hexadecimal notation Hexadecimal uses four bits for each character 1 10 A F Each block s 16 bits are then represented by four hexadecimal characters For example FFFF FFFF FFFF FFFF FC00 0000 0000 0000 ID In IPv6 an interface ID is a 64 bit id
121. Re ROE E T A 91 SEMI SER E TI CRI LTUTTEEMTMM 91 Chapter 7 Home Neo aucsesuinasisnk sai dada KE MR RARE MERE RA AA EG RARTO A Ld RAT M REF DAR E REN META DU UAR KR ANATA UU I S AME MIA AA 93 pere cp Y 93 ZI Wiat Yu Can De mihe Chaptal 2s ccjccbccviesecd pce iesire QN OU FPE Qc HE Dope aded c Gu dude di dipi beds 93 FEE Nhat You Necad TO ror Mec 93 T MELAN Setup SEEEN oriori i o a Eaton a a A 96 Te The State DACP OOGO eenen 97 PaT ESE VO BOT rea E iradagussaads 97 6 FMG3024 D10A FMG3025 D10A Series User s Guide Table of Contents fu He UPF Sorel sioe rro nre GREG ROCHE MONDE E a OUR FUCO DOR E EE i RD DF p a ua 99 708 The Tibe PREIS SEQUI ects deers E E E A taeda pet eu rta A Dod am spe Ra ue s pa cus 99 Lael Boore YOU BeON pem 100 Fi Pe EC PE SAAMI ANTE thie a seat DL EI 101 FEM SEE I ESI ME TOS UTR 102 Gr The Pune Seer SGI COIN uu seoeiex ouk LI SEEE ES AMMRERRS M ACECLA AM o Ui A CE EAIR ARM ERU ARIA da URN REHADR DNE E GS 102 FEES ES Uv ETT 103 iod NC LE 5 d IRE D DUE ESSE 104 79 installing UP iP n Windows Ex Sie aids a nisin pO ERE Gra RR aE 108 710 Using UPnP in Windows XP Example sesso uetosur setius v eed aa ty cape cans E Ee aou iiaiai ea 111 Chapter 8 ROUTING H 117 Rb ris s esis em 117 pees vie Uli ale Statie ROUE ae eee ence tenner oaa Ra coul aAa NT 117 02 Fit Sai ROU oarso 1
122. Ready Printers G Adobe PDF 0 Ready d Canon iRS000 6000 PCLSe Ready EPSON Stylus C45 Series 0 Ready Documents 0 Spon Status Ready v Set as Default Printer Printing Preferences Model EPSON Stylus C45 Series Pause Printing Waiting Time 0 Cancel All Documents Sharing Use Printer Offline Create Shortcut Delete Rename Windows 2000 Support 4 Select the Ports tab and click Add Port FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials f EPSON Stylus C45 Series Properties 2 x Color Management Spout ersion Information General Sharing Pots Advanced je EPSON Stylus C45 Series Print to the following port s Documents will print to the first free checked port Pot Description Printer dal COLPT1 Printer Port WebWorks Rasterizer Cano COLPT2 Printer Port COLPT3 Printer Port COCOM1 Serial Port LlCOM2 Serial Port COCOM3 Serial Port LlCOM4 Serial Port zl Add Port Delete Port Configure Port v Enable bidirectional support Enable printer pooling Cancel Apply 5 A Printer Ports window appears Select Standard TCP IP Port and click New Port Available port types Adobe PDF Port Local Port Microsoft Document Imaging Writer Monitor Network Print Port DOE Dp Standard TCP New Port Type Cancel 6 Add Standard TCP IP Printer Port Wizard window opens up
123. Security gt VPN gt Add New Tunnel to open this screen as shown next 168 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 17 VPN Figure 86 IPSec VPN Add IPSEC Setup Active NAT Traversal Tunnel Name Mode net net d Local Local Address Type Subnet v IP Address Start End Subnet Mask Remote Remote Address Type IP Address Start End Subnet Mask Address Information WAN Interface My IP Address Secure Gateway Address Local ID Content Remote ID Content Securite Protocol C Pre share Key C Certificate Local Remote Y Advanced Setting Phase1 Encryption Algorithm Authentication Algorithm MD5 he DH Difie Hellman Group2 v SA Life Time seconds se400 Phase2 Encryption Algorithm os sj Authentication Algorithm MD5 he SA Life Time seconds 3600 Perfect Forward Serecy PFS DPD DPD Active FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 17 VPN This screen contains the following fields Table 51 IPSec VPN Add LABEL DESCRIPTION IPSEC Setup Active Select Active to activate this VPN policy NAT Traversal Select this if any of these conditions are satisfied This IKE SA might be used to negotiate IPSec SAs that use ESP as the active protocol There are one or more NAT routers between the Device and remote IPSec router and these routers do not support IPSec pass thru or a similar feature The remote IPSec router must a
124. U S A is firmware limited to channels 3 through 9 EEE 802 11b or 802 11g operation of this product in the U S A is firmware limited to channels 1 through 11 yaw TEM RGR RDS EA EE ETERA BER ROSE GS ER FERRET UI gt ZO AREH FA FSH G ERR gt ATR at ERDA ur SOK RIDA AFFERRI EXTBUESFH gt SE fa THEE SE ARE FH BE ATE gt FREES BLE ES f EE e o ERA Ee UR SRW CLS PER RR EORR PETER f JZ o IT EIT EE TEA ail EI lt T N ASPIRE BFE BK a ER SR HE DIRE RUE PS AEF e VADER MOR ROS AREH FMG3024 D10A FMG3025 D10A Series User s Guide Appendix F Legal Information Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This device is designed for the WLAN 2 4 GHz and or 5 GHz networks throughout the EC region and Switzerland with restrictions in France Ce produit est concu pour les bandes de fr quences 2 4 GHz et
125. When the Device uses a router solicitation message to query for a router and receives a router advertisement message it adds the router s information to the neighbor cache prefix list and destination cache The Device creates an entry in the default router list cache if the router can be used as a default router When the Device needs to send a packet it first consults the destination cache to determine the next hop If there is no matching entry in the destination cache the Device uses the prefix list to FMG3024 D10A FMG3025 D10A Series User s Guide Appendix E IPv6 determine whether the destination address is on link and can be reached directly without passing through a router If the address is unlink the address is considered as the next hop Otherwise the Device determines the next hop from the default router list or routing table Once the next hop IP address is known the Device looks into the neighbor cache to get the link layer address and sends the packet when the neighbor is reachable If the Device cannot find an entry in the neighbor cache or the state for the neighbor is not reachable it starts the address resolution process This helps reduce the number of IPv6 solicitation and advertisement messages Multicast Listener Discovery The Multicast Listener Discovery MLD protocol defined in RFC 2710 is derived from IPv4 s Internet Group Management Protocol version 2 IGMPv2 MLD uses I CMPv6 message types rather than
126. a backbone switch can provide specific treatment or service based on the tag or marker 9 2 The QoS General Screen Use this screen to enable or disable QoS set the bandwidth and select to have the Device automatically assign priority to upstream traffic according to the IEEE 802 1p priority level IP precedence or packet length Click Network Setting gt QoS to open the General screen Figure 53 Network Setting gt QoS gt General M Active QoS WAN Managed Upstream Bandwidth kbps Traffic priority will be automatically assigned by None B Note You can assign the upstream bandwidth manually Ifthe field is empty the CPE setthe value automatically If Enable QoS checkbox is selected choose an automapping type to assign traffic priority automatically LC 122 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 9 Quality of Service QoS The following table describes the labels in this screen Table 23 Network Setting gt QoS gt General LABEL DESCRIPTION Active QoS Select the check box to turn on QoS to improve your network performance You can give priority to traffic that the Device forwards out through the WAN interface Give high priority to voice and video to make them run more smoothly Similarly give low priority to many large file downloads so that they do not reduce the quality of other applications WAN Managed Enter the amount of bandwidth for the WAN interfa
127. a9c 1e29 48 Figure 13 Pv6 6to4 Mode d IPv6 b T ur Prefix Delegation Prefix delegation enables an IPv6 router to use the IPv6 prefix network address received from the ISP or a connected uplink router for its LAN The Device uses the received IPv6 prefix for example 2001 db2 48 to generate its LAN IP address Through sending Router Advertisements RAs regularly by multicast the Device passes the IPv6 prefix information to LAN hosts The hosts use the prefix to generate their IPv6 addresses 5 1 3 Before You Begin You need to know your Internet access settings such as encapsulation and WAN IP address Get this information from your ISP 5 2 The Broadband Screen The Device must have a WAN interface to allow users to access the Internet Use the Broadband screen to view or modify a WAN interface Click Network Setting Broadband The following screen opens FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 5 Broadband Figure 14 Network Setting gt Broadband Add new WAN Interface Internet Setup 1 EtherWAN1 2 22 w br11 Routing IPoE IPv4 Only N A N A Enabled Enabled Yes Routing IPoE IPv4 Only 2 2 Disabled Disabled No Bridge IPoE IPv4 Only 7 8 Disabled Disabled No The following table describes the fields in this screen Table 5 Network Setting gt Broadband LABEL DESCRIPTION Switch WAN Mode Add new WAN Click th
128. age and uses Tim s public key to decrypt it 5 Additionally Jenny uses her own private key to encrypt a message and Tim uses J enny s public key to decrypt the message FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 16 Certificates The Device uses certificates based on public key cryptology to authenticate users attempting to establish a connection The method used to secure the data that you send through an established connection depends on the type of connection For example a VPN tunnel might use the triple DES encryption algorithm The certification authority uses its private key to sign certificates Anyone can then use the certification authority s public key to verify the certificates Certification Path A certification path is the hierarchy of certification authority certificates that validate a certificate The Device does not trust a certificate if any certificate on its path has expired or been revoked Certificate Directory Servers Certification authorities maintain directory servers with databases of valid and revoked certificates A directory of certificates that have been revoked before the scheduled expiration is called a CRL Certificate Revocation List The Device can check a peer s certificate against a directory server s list of revoked certificates The framework of servers software procedures and policies that handles keys is called PKI public key infrastructure Advantages of Certificates
129. age of the Device s processing ability is currently used When this percentage is close to 100 the Device is running at full load and the throughput is not going to improve anymore If you want some applications to have more throughput you should turn off other applications Memory Usage This field displays what percentage of the Device s memory is currently used Usually this percentage should not increase much If memory usage does get close to 100 the Device is probably becoming unstable and you should restart the device See Chapter 28 on page 231 or turn off the device unplug the power for a few seconds USB Status Type This shows the type of device connected to the Device Status This shows whether the device is currently active Up This shows N A if there are no device connected to the Device or the connected device is not working Registration Status Account This column displays each SIP account in the Device Action This field displays the current registration status of the SIP account You have to register SIP accounts with a SIP server to use VoIP If the SIP account is already registered with the SIP server Click Unregister to delete the SIP account s registration in the SIP server This does not cancel your SIP account but it deletes the mapping between your SIP identity and your IP address or domain name The second field displays Registered If the SIP account is not registered wit
130. al data rate you obtain varies depending the 3G card you use the signal strength to the service provider s base station and so on If the signal strength of a 3G network is too low the 3G card may switch to an available 2 5G or 2 75G network Refer to Section 5 4 on page 83 for a comparison between 2G 2 5G 2 75G and 3G wireless technologies FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 5 Broadband Figure 22 Broadband gt 3G Backup 3G Backup Enable 3G Backup Card Description NIA Username L Optional Password ERN Optional PIN X qOptinal Only for unlock PIN next time PIN remaining authentication times N A Dial String APN 1 Connection Nailed UP Obtion an IP Address Automatically C Use the following static IP address 34 Obtain DNS info dynamically C Usethe following static DNS IP address Primary DNS Server NENNEN Secondary DNS Server The following table describes the labels in this screen Table 9 Broadband gt 3G Backup LABEL DESCRIPTION 3G Backup Select Enable 3G Backup to have the Device use the 3G connection as your WAN or a backup when the wired WAN connection fails Card Description This field displays the manufacturer and model name of your 3G card if you inserted one in the Device Otherwise it displays N A Username Type the user name of up to 64 ASCII printable characters given to you by your ser
131. ame of your device MAC Address Firmware Version This is the MAC Media Access Control or Ethernet address unique to your Device This field displays the current version of the firmware inside the device It also shows the date the firmware version was created Go to the Maintenance Firmware Upgrade screen to change it WAN Information Mode This is the method of encapsulation used by your ISP IP Address This field displays the current IP address of the Device in the WAN IP Subnet Mask This field displays the current subnet mask in the WAN LAN Information IP Address This field displays the current IP address of the Device in the LAN IP Subnet Mask This field displays the current subnet mask in the LAN DHCP Server This field displays what DHCP services the Device is providing to the LAN Choices are Server The Device is a DHCP server in the LAN It assigns IP addresses to other computers in the LAN None The Device is not providing any DHCP services to the LAN DHCPv6 Server This field displays what DHCPv6 services the Device is providing to the LAN Choices are Server The Device is a DHCPv6 server in the LAN It assigns IP addresses to other computers in the LAN Relay The Device acts as a surrogate DHCPv6 server and relays DHCP requests and responses between the remote server and the clients None The Device is not providing any DHCPv6 services
132. an actual host for subnet A is 192 168 1 1 and the highest is 192 168 1 126 Similarly the host ID range for subnet B is 192 168 1 129 to 192 168 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits giving 29 2 or 62 hosts for each subnet a host ID of all zeroes is the subnet itself all ones is the subnet s broadcast address Table 89 Subnet 1 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address Decimal 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address Lowest Host ID 192 168 1 1 192 168 1 0 Broadcast Address Highest Host ID 192 168 1 62 192 168 1 63 FMG3024 D10A FMG3025 D10A Series Users Guide 247 Appendix A IP Addresses and Subnetting Table 90 Subnet 2 LAST OCTET BIT IP SUBNET MASK NETWORK NUMBER VALUE IP Address 192 168 1 64 IP Address Binary 11000000 10101000 00000001 01000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 64 Lowest Host ID 192 168 1 6
133. ate Setup Time Protocol NTP Time Server Address europe pool ntp org Time Zone Time Zone GMT 01 00 Berlin Stockholm Rome Bern Brussels Vienna z IV Daylight Savings Start Date Last Sun v Of March v 2000 03 26 at 1 o clock End Date Last x Sun x Of October v 2000 10 29 at 1 o clock Apply Reset The following table describes the fields in this screen Table 79 Maintenance gt System gt Time Setting LABEL DESCRIPTION Current Date Time Current Time This field displays the time of your Device Current Date This field displays the date of your Device Time and Date Setup Time Protocol This shows the time service protocol that your time server sends when you turn on the Device Time Server Enter the IP address or URL up to 31 extended ASCII characters in length of Address your time server Check with your ISP network administrator if you are unsure of this information Time Zone Choose the time zone of your location This will set the time difference between your time zone and Greenwich Mean Time GMT FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 25 Time Setting Table 79 Maintenance gt System gt Time Setting continued LABEL DESCRIPTION Daylight Savings Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening Select this
134. ation 4 Hang up the phone to drop the connection 5 Ifyou want to separate the activated three way conference into two individual connections one is on line the other is on hold press the flash key and press 2 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP FMG3024 D10A FMG3025 D10A Series User s Guide Logs 19 1 Overview The web configurator allows you to choose which categories of events and or alerts to have the Device log and then display the logs or have the Device send them to an administrator as e mail or to a syslog server 19 1 1 What You Can Do in this Chapter Use the System Log screen to see the system logs for the categories that you select Section 19 2 on page 206 Use the Phone Log screen to view phone logs and alert messages Section 19 3 on page 207 Use The VoIP Call History screen to view the details of the calls performed on the Device Section 19 4 on page 207 19 1 2 What You Need To Know The following terms and concepts may help as you read this chapter Alerts and Logs An alert is a type of log that warrants more serious attention They include system errors attacks access control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts display in red and logs display in black Syslog Overview The syslog protocol allo
135. ations User zyxel on linux h2oz openSUSE 2 When the Run as Root KDE su dialog opens enter the admin password and click OK Figure 173 openSUSE 10 3 K Menu Computer Menu Run as root KDEsu S Please enter the Administrator root UAY password to continue J Command sbin yast2 Password Ignore 3 When the YaST Control Center window opens select Network Devices and then click the Network Card icon FMG3024 D10A FMG3025 D10A Series Users Guide 277 Appendix B Setting Up Your Computer s IP Address Figure 174 openSUSE 10 3 YaST Control Center e YaST Control Center linux h2o0z File Edit Help Network Card 1 5 Network Services i9 Novell AppArmor Security and Users ye K Miscellaneous Search 4 When the Network Settings window opens click the Overview tab select the appropriate connection Name from the list and then click the Configure button Figure 175 openSUSE 10 3 Network Settings YaST2 linux h20z Network Card a Network Settings Overview Obtain an overview of installed network cards Global Options Overview Hostname DNS Routing Additionally edit their configuration Name IP Address AMD PCnet Fast 79C971 DHCP Adding a Network Card Press Add to configure a new network card manually Configuring or Deleting Choose a network card to change or remove Then pre
136. automatically or configure them manually Obtain IPv6 DNS info Automatically Select this to have the Device get the IPv6 DNS server addresses from the ISP automatically Use the following Static DNS IPv6 Address Select this to have the Device use the DNS server addresses you configure manually Primary IPv6 DNS Server Secondary I Pv6 DNS Server Enter the first IPv6 DNS server address assigned by the ISP Enter the second IPv6 DNS server address assigned by the ISP FMG3024 D10A FMG3025 D10A Series User s Guide 75 Chapter 5 Broadband Table 6 Broadband Add Edit Routing PPPoE continued LABEL DESCRIPTION 6to4 Tunneling The 6 to 4 Tunnel fields display when you set the I Pv6 IPv4 Mode field to I Pv4 Only Select 6to4 if the Device is connected to a network that has both IPv6 and IPv4 and the IPv4 addresses are public IP addresses In this mode the Device can convert an IPv4 address directly to an IPv6 address The format is 2002 IPv4 address in hexadecimal 48 6to4 Tunneling Enter the tunneling relay server s IPv4 address in this field If your WAN Relay Server IP Service Type is PPPoE you need to enter this field in order to use 6to4 Tunneling 4 to 6 Tunnel The 4 to 6 Tunnel fields display when you set the IPv6 IPv4 Mode field to I Pv6 Only Enable Dual Stack Lite to let local computers use IPv4 through an ISP s IPv6 network Enable DS Lite Enable Dual
137. ber All of the time zones in the European Union stop using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would select Last Sunday October The time you type in the o clock field depends on your time zone In Germany for instance you would type 2 because Germany s time zone is one hour ahead of GMT or UTC GMT 1 Apply Click Apply to save your changes Reset Click Reset to begin configuring this screen afresh FMG3024 D10A FMG3025 D10A Series User s Guide 26 1 Overview You can configure where the Device sends logs and which logs and or immediate alerts the Device records in the Log Setting screen 26 2 The Log Setting Screen To change your Device s log settings click Maintenance Log Setting The screen appears as shown Figure 117 Maintenance gt Log Setting Log Setting Syslog Setting Syslog Logging Syslog Server UDP Port Active Log and Select Level Log Category VoIP VolP Call Statistics M VoIP SIP Call Signaling M VolP SIP Registrations I VolP Phone Event volP Misc System WAN DHCP I xDSL I ETHER r System Maintenance T Remote Management TR 069 I NTP I DDNS NAT Attack C Enable Disable o 0 0 0 IP Address 514 Server Port Log Level ALL ha ALL X ALL hd ALL E ALL E au s au rz ALL E fac rz ALL m ALL ALL E FMG3024 D10A FMG3025 D10A Series
138. ber of bytes received and sent through the 3G interface of the Device Refresh Interval Select how often you want the Device to update this screen from the drop down list box Connected This shows the name of the 3G connection interface that is currently connected Interface Packets Sent Data This indicates the number of transmitted packets on this interface Error This indicates the number of frames with errors transmitted on this interface Drop This indicates the number of outgoing packets dropped on this interface Packets Received Data This indicates the number of received packets on this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface 20 6 The VoIP Status Screen Click System Monitor gt VolP Status to open the following screen You can view the VoIP traffic statistics in this screen FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 20 Traffic Status Figure 110 System Monitor gt VoIP Status Refresh interval 5seconds SIP Status SIP 1 Disabled 0 00 00 ChangeMe ChangeMe NO N A NIA SIP 2 Disabled 0 00 00 ChangeMe ChangeMe NO NIA NIA Call Status 0 Day s 0 Hour s 0 Minute s SIP 1 0 Second s Idle None 0 Day s 0 Hour s 0 Minute s m2 0 Second s Idle None Phone Status Phone 1 ChangeMe ChangeMe ONHOOK Phone 2 ChangeMe
139. ble click Network Connections An icon displays under Internet Gateway Right click the icon and select Properties Figure 41 Network Connections s Network Connections File Edit View Favorites Tools Advanced Help Q peck Q 3 JO Search Folders ii Address e Network Connections Internet Gateway Network Tasks Internet Connection Create anew connection Set up 4 home or small office network s 2 Disable this network ap Internet Connection Disable LANorH Status device j Create Shortcut Rename this connection View status of this connection Change settings of this L Rename Froes In the Internet Connection Properties window click Settings to see the port mappings there were automatically created FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking Figure 42 Internet Connection Properties Y Internet Connection Properties General Connect to the Internet using 3 Internet Connection This connection allows you to connect to the Internet through a shared connection on another computer Settings Show icon in notification area when connected 4 You may edit or delete the port mappings or click Add to manually add port mappings n2 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking Figure 43 Internet Connection P
140. bnetting Figure 134 Conflicting Computer and Router IP Addresses Example Dum um um um um um Um S B a 1 192 168 1 1 B H N i a E E LANES _ Bl M S a 8 BE 1 8 192 168 1 1 Internet 4 A 252 FMG3024 D10A FMG3025 D10A Series User s Guide Setting Up Your Computer s IP Address Note Your specific Device may not support all of the operating systems described in this appendix See the product specifications for more information about which operating systems are supported This appendix shows you how to configure the IP settings on your computer in order for it to be able to communicate with the other devices on your network Windows Vista XP 2000 Mac OS 9 OS X and all versions of UNIX LINUX include the software components you need to use TCP IP on your computer If you manually assign IP information instead of using a dynamic IP make sure that your network s computers have IP addresses that place them in the same subnet In this appendix you can set up an IP address for Windows XP NT 2000 on page 253 Windows Vista on page 257 Windows 7 on page 261 Mac OS X 10 3 and 10 4 on page 265 Mac OS X 10 5 on page 268 Linux Ubuntu 8 GNOME on page 272 Linux openSUSE 10 3 KDE on page 276 Windows XP NT 2000 The following example uses the default Windows XP display theme but can also apply to Windows 2000 and Windows NT Click Start gt
141. bprint algorithms 161 thumbprints 161 trusted CAs 163 verifying fingerprints 161 Certification Authority see CA certifications 305 notices 307 viewing 307 CFI 86 Class of Service 200 Class of Service see CoS client list 97 client server protocol 196 comfort noise generation 182 configuration 104 backup 229 reset 230 restoring 230 copyright 305 CoS 131 200 D default LAN IP address 19 DH 179 DHCP 63 94 104 141 DHCPv6 69 diagnostic 233 differentiated services 200 FMG3024 D10A FMG3025 D10A Series User s Guide Index Differentiated Services see DiffServ Diffie Hellman key groups 179 DiffServ Differentiated Services 200 code points 200 marking rule 132 200 disclaimer 305 DLNA 102 DNS 94 DNS server address assignment 87 documentation related 2 domain name system see DNS Domain Name System See DNS DS Differentiated Services 132 DS field 132 200 DSCP 131 200 DTMF 199 Dual Tone MultiFrequency see DTMF DUID 69 dynamic DNS 141 Dynamic Host Configuration Protocol see DHCP DYNDNS wildcard 141 E echo cancellation 182 Encapsulation 83 MER 83 PPP over Ethernet 83 encapsulation 68 174 RFC 1483 84 ESP 174 Europe type call service mode 201 F FCC interference statement 305 File Sharing 99 firewalls 145 configuration 147 148 security 151 firmware 227 flash key 201 flashing 201 FTP 134 G G 168 182 Guide Quick Start 2 H host 215
142. ce that you want to allocate Upstream using QoS Bandwidth E The recommendation is to set this speed to match the interface s actual transmission speed For example set the WAN interface speed to 1000 kbps if your Internet connection has an upstream transmission speed of 1 Mbps Setting this number higher than the interface s actual transmission speed will stop lower priority traffic from being sent if higher priority traffic uses all of the actual bandwidth If you set this number lower than the interface s actual transmission speed the Device will not use some of the interface s available bandwidth Leave this field blank to have the Device set this value automatically Traffic priority These fields are ignored if upstream traffic matches a class you configured in the will be Class Setup screen automatically m assigned by If you select Ethernet Priority IP Precedence or Packet Length and traffic does not match a class configured in the Class Setup screen the Device assigns priority to unmatched traffic based on the IEEE 802 1p priority level IP precedence or packet length See Section 9 6 1 on page 131 for more information Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings 9 3 The Queue Setup Screen Use this screen to configure QoS queue assignment Click Network Setting QoS Queue Setup to open the screen as shown next FMG3024
143. cess Bob s Share using Windows Explorer browser In Windows Explorer s Address bar type a double backslash followed by the IP address of the Device the default IP address of the Device is 192 168 1 1 and press ENTER The share folder Bob s Share is available Address 9 192 168 1 1 Network Tasks Name Comments Bob s Share zz USB Storage USB Storage HB Printers and Faxes Shows installed printers and Fax printers and a Add a network place e View network connections Set up a wireless network For a home or small office pet Search Active Directory jak _ Show icons for networked UPnP devices Once you access Bob s_ Share via your Device you do not have to relogin unless you restart your computer 3 6 Using the Media Server Feature Use the media server feature to play files on a computer or on your television using DMA 2500 This section shows you how the media server feature works using the following media clients Microsoft MS Windows Media Player Media Server works with Windows Vista and Windows 7 Make sure your computer is able to play media files music videos and pictures ZyXEL DMA 2500 a digital media adapter You need to set up the DMA 2500 to work with your television TV Refer to the DMA 2500 Quick Start Guide for the correct hardware connections Before you begin connect the USB storage device containing the media files you want to p
144. ch you want the Device to translate the incoming port For a range of ports enter the first number of the range to which you want the incoming ports translated Translation End Port This shows the last port of the translated port range Server IP Address Enter the inside IP address of the virtual server here Protocol Type Select the protocol supported by this virtual server Choices are TCP UDP or TCP UDP Apply Click Apply to save your changes Back Click Back to return to the previous screen without saving FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 10 Network Address Translation NAT 10 3 The Sessions Screen Use the Sessions screen to limit the number of concurrent NAT sessions each client can use Click Network Setting NAT Sessions to display the following screen Figure 62 Network Setting gt NAT gt Sessions MAX NAT Sessions Per Host 048 512 20480 ee aa The following table describes the fields in this screen Table 32 Network Setting gt NAT gt Sessions LABEL DESCRIPTION MAX NAT Session Use this field to set a common limit to the number of concurrent NAT sessions each client computer can have If only a few clients use peer to peer applications you can raise this number to improve their performance With heavy peer to peer application use lower this number to ensure no single client uses too many of the available N
145. complete this wizard click Finish Finish Cancel Select the make of the printer that you want to connect to the print server in the Manufacturer list of printers Select the printer model from the list of Printers If your printer is not displayed in the list of Printers you can insert the printer driver installation CD disk or download the driver file to your computer click Have Disk and install the new printer driver Click Next to continue FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials Add Printer Wizard Install Printer Software The manufacturer and model determine which printer software to use M Select the manufacturer and model of your printer If your printer came with an installation disk click Have Disk If your printer is not listed consult your printer documentation for compatible printer software Manufacturer Printers Fujitsu f HP DeskJet 1200C PS GEC HP DeskJet 1220C Generic m Gestetner Sf HP DeskJet 1600C HP 3 R4 HP DeskJet 1600CM PS m E This driver is digitally signed Windows Update Have Disk Tell me why driver signing is important 16 If the following screen displays select Keep existing driver radio button and click Next if you already have a printer driver installed on your computer and you do not want to change it Otherwise select Replace existing driver to replace it with the new driver you selected in the previous scree
146. creen displays gt Firewall gt Access Control gt Add New ACL Rule Edit p o M Select Service v TCP 77007 0 255 singe s N sne E INE PERMIT LAN to WAN gt Apply Back FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 13 Firewall Each field is described in the following table Table 41 Security gt Firewall gt Access Control gt Add New ACL Rule Edit LABEL DESCRIPTION Filter Name Enter a descriptive name of up to 16 alphanumeric characters not including spaces underscores and dashes You must enter the filter name to add an ACL rule This field is read only if you are editing the ACL rule Source Address Type Select Single or Range depending on whether you want to enter a single or a range of source IP address es to which the ACL rule applies Select Any to indicate any source IP address Source IP Address Start Enter an IP address or the starting IP address of the source IP range Source IP Address End Enter the ending IP address of the source IP range Destination Address Type Destination IP Address Start Select Single or Range depending on whether you want to enter a single or a range of destination IP address es to which the ACL rule applies Select Any to indicate any destination IP address Enter an IP address or the starting IP address of the destination IP range Destination IP Ad
147. criber port is on hook ONHOOK or off hook OFFHOOK FMG3024 D10A FMG3025 D10A Series User s Guide User Account 21 1 Overview You can configure system password for different user accounts in the User Account screen 21 2 The User Account Screen Use the User Account screen to configure system password Click Maintenance User Account to open the following screen Figure 111 Maintenance gt User Account User Name flaamin Old Password E New Password EE Retype to Confirm sem coal The following table describes the labels in this screen Table 75 Maintenance gt User Account LABEL DESCRIPTION User Name You can configure the password for the Power User and Admin accounts Old Password Type the default password or the existing password you use to access the system in this field New Password Type your new system password up to 30 characters Note that as you type a password the screen displays a for each character you type After you change the password use the new password to access the Device Retype to Type the new password again for confirmation Confirm Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 21 User Account FMG3024 D10A FMG3025 D10A Series User s Guide Remote MGMT 22 1 Overview
148. ctions are indoors There is a remote risk of electric shock from lightning Do NOT obstruct the device ventilation slots as insufficient airflow may harm your device Use only No 26 AWG American Wire Gauge or larger telecommunication line cord If you wall mount your device make sure that no electrical lines gas or water pipes will be damaged This product is for indoor use only utilisation int rieure exclusivement Your product is marked with this symbol which is known as the WEEE mark WEEE stands for Waste Electronics and Electrical Equipment It means that used electrical and electronic products should not be mixed with general waste Used electrical and electronic equipment should be treated separately FMG3024 D10A FMG3025 D10A Series User s Guide Index Numbers 6to4 mode 69 A ACK message 199 activation media server 102 adding a printer example 42 administrator password 19 AH 174 algorithms 174 alternative subnet mask notation 245 applications Internet access 15 media server 102 activation 102 iTunes server 102 VoIP 15 automatic logout 20 backup configuration 229 bandwidth management 121 Broadband 67 broadcast 87 BYE request 199 C CA 159 call hold 202 call rule 193 Index call service mode 201 call transfer 202 call waiting 202 Canonical Format Indicator See CFI certificate factory default 162 certificates 159 CA 159 replacing 162 storage space 162 thum
149. d Numbers Authority IANA has reserved the following three blocks of IP addresses specifically for private networks e 10 0 0 0 10 255 255 255 e 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong to a small organization and your Internet access is through an ISP the ISP can provide you with the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space IP Address Conflicts Each device on a network must have a unique IP address Devices with duplicate IP addresses on the same network will not be able to access the Internet or other resources The devices may also be unreachable through the network Conflicting Computer IP Addresses Example More than one device can not use the same IP address In the following example computer A has a static or fixed IP address that is the same as the IP address that a DHCP server assigns to FMG3024 D10A FMG3025 D10A Series User s Guide Appendix A IP Ad
150. d here Screens for other versions may vary You can enable Java JavaScript and pop ups in one screen Click Tools then click Options in the screen that appears Figure 188 Mozilla Firefox Tools gt Options Web Search Ctrl k Downloads Ctri J Add ons Web Developer Error Console Adblock Plus Page Info Ctri Shift A FireFTP Clear Private Data Ctrl Shift Del Tab Mix Plus Options 55 Session Manager Click Content to show the screen below Select the check boxes as shown in the following screen Figure 189 Mozilla Firefox Content Security x 2 4 ES TN C m git ve B A Main Tabs Feeds Privacy Security Advanced w Block pop up windows Exceptions IV Load images automatically Exceptions IV Enable JavaScript Advanced IV Enable Java Fonts amp Colors Default font Times New Roman 7 Size 16 v Advanced Colors r File Types Configure how FireFox handles certain types of Files Manage Cancel i Help FMG3024 D10A FMG3025 D10A Series User s Guide Appendix C Pop up Windows JavaScript and Java Permissions FMG3024 D10A FMG3025 D10A Series User s Guide Common Services The following table lists some commonly used services and their associated protocols and port numbers For a comprehensive list of port numbers ICMP type code numbers and services visit the
151. d to enable call forwarding when there is no answer at a SIP number no one picked up the connected phone that uses the SIP number No Answer Call Forward Disable This code is used to disable call forwarding when there is no answer at a SIP number no one picked up the connected phone that uses the SIP number Call Forward When Busy Enable This code is used to enable call forwarding when the phone is busy Call Forward When Busy Disable This code is used to disable call forwarding when the phone is busy Do Not Disturb Enable This code is used to turn the do not disturb feature on This has the Device reject all calls destined to the phone line FMG3024 D10A FMG3025 D10A Series User s Guide 187 Chapter 18 VoIP Table 58 VoIP gt SIP gt SIP Service Provider continued LABEL DESCRIPTION Do Not Disturb This code is used to turn the Do Not Disturb feature off Disable Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings 18 3 The SIP Account Screen The Device uses a SIP account to make outgoing VoIP calls and check if an incoming call s destination number matches your SIP account s SIP number In order to make or receive a VoIP call you need to enable and configure a SIP account and map it to a phone port The SIP account contains information that allows your Device to connect to your VoIP service provider
152. device JavaScript enabled by default Java permissions enabled by default Note Internet Explorer 6 screens are used here Screens for other Internet Explorer versions may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable Pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 180 Pop up Blocker Mail and News Pop up Blocker Manage Add ons Synchronize Windows Update Windows Messenger Internet Options You can also check if pop up blocking is disabled in the Pop up Blocker section in the Privacy tab 1 In Internet Explorer select Tools Internet Options Privacy 2 Clear the Block pop ups check box in the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled FMG3024 D10A FMG3025 D10A Series User s Guide Appendix C Pop up Windows JavaScript and Java Permissions Figure 181 Internet Options Privacy Internet Options PIR General Security Privacy Content Connections Programs Advanced Settings Move the slider to select a privacy setting for the Internet RE zone Medium Blocks third party cookies that do not have a compact privacy policy
153. device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This device generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this device does cause harmful interference to radio television reception which can be determined by turning the device off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and the receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio TV technician for help FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment FCC Radiation Exposure Statement This transmitter must not be co located or operating in conjunction with any other antenna or transmitter e EEE 802 11b 802 119 or 802 11n 20MHz operation of this product in the U S A is firmware limited to channels 1 through 11 IEEE 802 11n 40MHz operation of this product in the
154. dex number Status This displays if the VPN policy is connected Tunnel Name Enter the name of the VPN connection IPSec Algorithm This displays the encryption algorithm being used for the VPN connection Refresh Click this button to refresh the information on the screen 17 3 Technical Reference This section provides some technical background information about the topics covered in this section 17 3 1 IPSec Architecture The overall IPSec architecture is shown as follows FMG3024 D10A FMG3025 D10A Series User s Guide 173 Chapter 17 VPN Figure 88 PSec Architecture IPSec Algorithms ESP Protocol AH Protocol RFC 2406 RFC 2402 Authentication Algorithm HMAC MD5 RFC 2403 E HMAC SHA 1 RFC 2404 IPSec Algorithms The ESP Encapsulating Security Payload Protocol RFC 2406 and AH Authentication Header protocol RFC 2402 describe the packet formats and the default standards for packet structure including implementation algorithms The Encryption Algorithm describes the use of encryption techniques such as DES Data Encryption Standard and Triple DES algorithms The Authentication Algorithms HMAC MD5 RFC 2403 and HMAC SHA 1 RFC 2404 provide an authentication mechanism for the AH and ESP protocols Key Management Key management allows you to determine whether to use IKE ISAKMP or manual key configuration in order to set up a VPN 17 3 2 Encap
155. dress End Enter the ending IP address of the destination IP range Select Protocol Select the name of a configured service or select Select Service to define a new service in this screen Protocol This field is available when you select Select Service in Select Protocol Choose the protocol type TCP UDP ICMP or Others of the service Protocol Number This field is available when you select Others in Protocol Enter the protocol number of the service type to which this ACL rule applies Source Port This field is displayed only when you select Select Service in Select Protocol and TCP or UDP in Protocol Select Single or Range and then enter a single port number or the range of port numbers of the source Select Any to indicate any source port Destination Port This field is displayed only when you select Select Service in Select Protocol and TCP or UDP in Protocol Select Single or Range and then enter a single port number or the range of port numbers of the destination Select Any to indicate any destination port Policy Use the drop down list box to select whether to silently discard DROP deny and send an ICMP destination unreachable message to the sender of REJECT or allow the passage of PERMIT packets that match this rule Direction Use the drop down list box to select the direction of traffic to which this rule applies The possible options are LAN to DEVICE LAN to WAN WAN
156. dresses and Subnetting computer B which is a DHCP client Neither can access the Internet This problem can be solved by assigning a different static IP address to computer A or setting computer A to obtain an IP address automatically Figure 132 Conflicting Computer IP Addresses Example t Internet L N A u mmmmm 192 168 1 33 eeu Conflicting Router IP Addresses Example Since a router connects different networks it must have interfaces using different network numbers For example if a router is set between a LAN and the Internet WAN the router s LAN and WAN addresses must be on different subnets In the following example the LAN and WAN are on the same subnet The LAN computers cannot access the Internet because the router cannot route between networks Figure 133 Conflicting Computer IP Addresses Example 0 um um Nm EH Um Um um uw LAN WAN SQ 192 168 1 88 192 168 1 1 RES Internet SA SE SBS SSS SS SS 2 ummmmmmmm Conflicting Computer and Router IP Addresses Example More than one device can not use the same IP address In the following example the computer and the router s LAN port both use 192 168 1 1 as the IP address The computer cannot access the Internet This problem can be solved by assigning a different IP address to the computer or the router s LAN port FMG3024 D10A FMG3025 D10A Series User s Guide 251 Appendix A IP Addresses and Su
157. dt a nd dan Na ad 61 Eis sioe Manca Ute Ftes ie BRNO Eug uiae eu ER itane a a 67 CADE e 91 Home RENON EE D LN M 93 zi 117 UU ses A Dic E E E E A A E ES 121 Nonvork Addrass ri pL Nerd T 133 Dri DU S aeo e E PR ebbe Mero beu ibd aen RR A p etr a m dto en ERR ER RIS 141 OR TG Dii eto PET RIT TEN E M E 143 Firewall e 145 MAC FET aic putin aise aa qon E pc Rd oca Laporan d p ba apad 153 Parama GaP y m PUT 155 E eE qe E E T E E E E T 159 i14 a E I DT EE A EE A A TE 167 pol E E EE dene vice Adee A TT 181 o aian 205 MMe eR pr ecc s 209 Usor ACCOUNT e M 215 Femte MONIT eer ener rrr ree ny rer rere rere There rer er rrr ttre renter rrr rr crn rrr rrr rere 217 il ee c LT 219 rame PN 221 TER rote uis NN E STILE 223 Gy urere 225 alin 5i s TEE III IL tr 227 Baron RESI MEET TT TID T DD DD DD TS D 229 SGD SUG ccc 233 FOVET c0 Mr ec NE 235 TEORHDIG SF IDEAE oed doe eU PE pear etre CHI Qiadb ber UR Fen ees er tre reser ets more een nesrarer DAE tere c FAT COUR PF UN tre crete ty 237 FMG3024 D10A FMG3025 D10A Series User s Guide 3 Contents Overview
158. dware connections and make sure the LEDs are behaving as expected See the Quick Start Guide 2 Turn the Device off and on 3 If the problem continues contact your ISP The Internet connection is slow or intermittent 1 There might be a lot of traffic on the network If the Device is sending or receiving a lot of information try closing some programs that use the Internet especially peer to peer applications 2 Turn the Device off and on 3 If the problem continues contact the network administrator or vendor or try one of the advanced suggestions Advanced Suggestions FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 31 Troubleshooting Check the settings for QoS If it is disabled you might consider activating it If it is enabled you might consider raising or lowering the priority for some applications 31 5 Phone Calls and VoIP The telephone port won t work or the telephone lacks a dial tone 1 Check the telephone connections and telephone wire can access the Internet but cannot make VoIP calls 1 The PHONE light should come on Make sure that your telephone is connected to the PHONE port 2 You can also check the VoIP status in the System Info screen 3 Ifthe VoIP settings are correct use speed dial to make peer to peer calls If you can make a call using speed dial there may be something wrong with the SIP server contact your VoIP service provider 31 6 USB Device Connect
159. e blocks of zeros can be replaced by a double colon A double colon can only appear once in an IPv6 address So 2001 0db8 0000 0000 1a2 0000 0000 0015 can be written as 2001 0db8 1a2 0000 0000 0015 2001 0db8 0000 0000 1a2 0015 2001 db8 1a2 0 0 15 Or 2001 db8 0 0 la2f 15 IPv6 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2 0 32 means that the first 32 bits 2001 db8 is the subnet prefix 3G Comparison Table See the following table for a comparison between 2G 2 5G 2 75G and 3G wireless technologies FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 5 Broadband Table 10 2G 2 5G 2 75G 3G and 3 5G Wireless Technologies MOBILE PHONE AND DATA STANDARDS DATA NAME TYPE SPEED GSM BASED CDMA BASED 2G Circuit GSM Global System for Mobile Interim Standard 95 IS 95 the first Slow switched Communications Personal Handy CDMA based digital cellular standard phone System PHS etc pioneered by Qualcomm The brand A name for IS 95 is cdmaOne IS 95 is also known as TIA EIA 95 2 5G Packet GPRS General Packet Radio CDMA2000 is a hybrid 2 5G 3G switched Services High Speed Circuit protocol of mobi
160. e of address in the IA Each IA holds one type of address A NA means an identity association for non temporary addresses and IA TA is an identity association for temporary addresses An IA NA option contains the T1 and T2 fields but an IA TA option does not The DHCPv6 server uses T1 and T2 to control the time at which the client contacts with the server to extend the lifetimes on any addresses in the IA NA before the lifetimes expire After T1 the client sends the server S1 from which the addresses in the IA NA were obtained a Renew message If the time T2 is reached and the server does not respond the client sends a Rebind message to any available server S2 For an IA TA the client may send a Renew or Rebind message at the client s discretion T2 I Tl OF I Re Ren Re Rood al pd i eee o S2 ew Renew bec Peking r to S l toS DHCP Relay Agent A DHCP relay agent is on the same network as the DHCP clients and helps forward messages between the DHCP server and clients When a client cannot use its link local address and a well known multicast address to locate a DHCP server on its network it then needs a DHCP relay agent to send a message to a DHCP server that is not attached to the same network The DHCP relay agent can add the remote identification remote ID option and the interface ID option to the Relay Forward DHCPv6 messages The remote ID option carries a user defined string 3 n IPv6 all network in
161. e printers and which sends print jobs to each printer from the computer itself or other devices Operating System An operating system OS is the interface which helps you manage a computer Common examples are Microsoft Windows Mac OS or Linux TCP IP TCP IP Transmission Control Protocol Internet Protocol is a set of communications protocols that most of the Internet runs on Port A port maps a network service such as http to a process running on your computer such as a process run by your web browser When traffic from the Internet is received on your computer the port number is used to identify which process running on your computer it is intended for FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking Supported OSs Your operating system must support TCP IP ports for printing and be compatible with the RAW port 9100 protocol The following OSs support Device s printer sharing feature Microsoft Windows 95 Windows 98 SE Second Edition Windows Me Windows NT 4 0 Windows 2000 Windows XP or Macintosh OS X 7 2 The LAN Setup Screen Click Network Setting Home Networking to open the LAN Setup screen Use this screen to set the Local Area Network IP address and subnet mask of your Device and configure the DNS server information that the Device sends to the DHCP client devices on the LAN Figure 25 Network Setting gt Home Networking gt LAN Setup LAN IP Setup IP Address
162. ed on network number Gateway This is the IP address of the gateway The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gateway helps forward packets to their destinations Subnet Mask This parameter specifies the IP network subnet mask of the final destination Modify Click the Edit icon to go to the screen where you can set up a static route on the Device Click the Delete icon to remove a static route from the Device 8 2 1 Add Edit Static Route Click add new Static Route in the Routing screen or click the Edit icon next to a rule The following screen appears Use this screen to configure the required information for a static route Figure 52 Routing Add Edit Active Route Name Destination IP Address 77 IP Subnet Mask PO Gateway IP Address Bound Interface Iv EtherWAN1 B Note The Destination IP Address and IP Subnet Mask fields must be matched e g host 255 255 255 255 or subnet 255 255 255 0 sox FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 8 Routing The following table describes the labels in this screen Table 22 Routing Add Edit LABEL DESCRIPTION Active Click this to activate this static route Route Name Enter the name of the IP static route Leave this field blank to delete this static route Destination IP Address This parameter specifies the IP n
163. ed with Windows e Change account type Back up your computer Appearance and Personalization Allow a program through Windows Change desktop background 7 Firewall Change the color scheme Security Check for updates Adjust screen resolution etwork and Internet Pinned triho imei Clock Language and Region View newakan txcke I Change keyboards or cther input methods Set up file sharing Change display language 3 Click the Network and Sharing Center icon Figure 142 Windows Vista Network And Internet Les on g D gt Control Panel Network and Internet p 41 Search p File Edit View Tools Help Control Panel Home o E EN Network and Sharing Center System and Maintenance Connect to a network View network computers and devices Add a device to the network Set up file sharing Security Network and Internet aaa eases 7M Internet Options Hardware and Sound Connecttotheinternet Changeyourhomepage Manage browser add ons Programs Delete browsing history and cookies 4 Click Manage network connections FMG3024 D10A FMG3025 D10A Series User s Guide 257 Appendix B Setting Up Your Computer s IP Address Figure 143 Windows Vista Network and Sharing Center un rT3 5 QU ss Network and Internet p Network and Sharing Center v File Edit View Tools Help Network and Sharing Center View computers and devices Connect to a network ian or network A
164. ed you enter your computer s Computer name in this field This name can be up to 30 alphanumeric characters long Spaces are not allowed but dashes and underscores are accepted Domain Name Enter the domain name if you know it here If you leave this field blank the ISP may assign a domain name via DHCP The domain name entered by you is given priority over the ISP assigned domain name Administrator Type how many minutes a management session either via the web configurator Inactivity Timer can be left idle before the session times out The default is 5 minutes After it times out you have to log in with your password again Very long idle timeouts may have security risks A value of 0 means a management session never times out no matter how long it has been left idle not recommended Apply Click this to save your changes back to the Device Cancel Click this to begin configuring this screen afresh FMG3024 D10A FMG3025 D10A Series User s Guide 25 1 Overview You can configure the system s time and date in the Time Setting screen 25 2 The Time Setting Screen Time Setting To change your Device s time and date click Maintenance Time The screen appears as shown Use this screen to configure the Device s time based on your local time zone Figure 116 Maintenance gt Time Setting Current Date Time Current Time 03 34 19 Current Date 2000 01 01 Time and D
165. elect this if you have a dynamic IP address Enable DHCP Select this to identify the vendor and functionality of the Device in DHCP Option 60 requests that the Device sends to a DHCP server when getting a WAN IP address Vendor Class Enter the Vendor Class Identifier Option 60 such as the type of the hardware Identifier or firmware Static IP Address Select this option If the ISP assigned a fixed IP address IP Address Enter the static IP address provided by your ISP Subnet Mask Enter the subnet mask provided by your ISP Gateway IP Address Enter the gateway IP address provided by your ISP Routing Feature NAT Enable Select this option to activate NAT on this connection IGMP Proxy Enable Internet Group Multicast Protocol IGMP is a network layer protocol used to establish membership in a Multicast group it is not used to carry user data Select this option to have the Device act as an IGMP proxy on this connection This allows the Device to get subscribing information and maintain a joined member list for each multicast group It can reduce multicast traffic significantly Apply as Default Gateway Select this option to have the Device use the WAN interface of this connection as the system default gateway DNS Server This is available only when you select Apply as Default Gateway in the Routing Feature field Obtain DNS info Automatically Select this to have the Dev
166. emporarily Disconnected d Local Area Connection Network cable unplugged If you restore the default configuration you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address 192 168 1 1 See Appendix B on page 253 for details on how to set up your computer s IP address If the upload was not successful an error screen will appear Click OK to go back to the Configuration screen Reset to Factory Defaults Click the Reset button to clear all user entered configuration information and return the Device to its factory defaults The following warning screen appears Figure 124 Reset Warning Message Warning E A Are you sure you want to reset to factory default EXE FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 28 Backup Restore Figure 125 Reset n Process Message C YJ Router is restarting now Please wait he no indication en the proc ait for one minute b attempting You can also press the RESET button on the back panel to reset the factory defaults of your Device Refer to Section 1 5 on page 17 for more information on the RESET button 28 3 The Reboot Screen System restart allows you to reboot the Device remotely without turning the power off You may need to do this if the Device hangs for example Click Maintenance gt Reboot Click the Reboot button to have the Device reboot This does not affect the Dev
167. ent dynamic IP address with one or many dynamic DNS services so that anyone can contact you in applications such as NetMeeting and CU SeeMe You can also access your FTP server or Web site on your own computer using a domain name for instance myhost dhs org where myhost is a name of your choice that will never change instead of using an IP address that changes each time you reconnect Your friends or relatives will always be able to call you even if they don t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynamic DNS service provider will give you a password or key 11 1 1 What You Need To Know DYNDNS Wildcard Enabling the wildcard feature for your host causes yourhost dyndns org to be aliased to the same IP address as yourhost dyndns org This feature is useful if you want to be able to use for example www yourhost dyndns org and still reach your hostname If you have a private WAN IP address then you cannot use Dynamic DNS 11 2 The Dynamic DNS Screen Use the Dynamic DNS screen to enable DDNS and configure the DDNS settings on the Device To change your Device s DDNS click Network Setting DNS The screen appears as shown Figure 64 Network Setting gt DNS Dynamic DNS Configuration Active Dynamic DNS Service Provider WWW DynDNS ORG
168. ent s in this screen Figure 108 System Monitor gt Traffic Status gt NAT Refresh interval 5 seconds DeviceName IP Address O IP Address DET AMEN EIL SEED Session i 142 twpc13774 02 192 168 1 58 00 24 21 7e 20 96 Total 142 The following table describes the fields in this screen Table 72 System Monitor gt Traffic Status gt NAT LABEL DESCRIPTION Refresh Interval Select how often you want the Device to update this screen from the drop down list box Device Name This shows the name of the client IP Address This shows the IP address of the client MAC Address This shows the MAC address of the client No of Open This shows the number of NAT sessions used by the client Session 20 5 The 3G Backup Status Screen Click System Monitor Traffic Status 3G Backup to open the following screen You can view the 3G connection traffic statistics in this screen FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 20 Traffic Status Figure 109 System Monitor gt Traffic Status gt 3G Backup Sent mf Received 0 Bytes 0 Bytes Status Refreshinterval 5 seconds Packets Sent Packets Received Connected Interface Data Error Drop Data Error Drop ppp9 0 0 0 0 0 0 The following table describes the fields in this screen Table 73 System Monitor gt Traffic Status gt 3G backup LABEL DESCRIPTION Status This shows the num
169. entifier It identifies a physical interface for example an Ethernet port or a virtual interface for example the management IP address for a VLAN One interface should have a unique interface ID The EUI 64 Extended Unique Identifier defined by the IEEE Institute of Electrical and Electronics Engineers is an interface ID format designed to adapt with IPv6 It is derived from the 48 bit 6 byte Ethernet MAC address as shown next EUI 64 inserts the hex digits fffe between the third and fourth bytes of the MAC address and complements the seventh bit of the first byte of the MAC address See the following example MAC 00 13 49 E 34 56 EUI 64 02 13 49 BENED e 34 56 Stateless Autoconfiguration With stateless autoconfiguration in IPv6 addresses can be uniquely and automatically generated Unlike DHCPv6 Dynamic Host Configuration Protocol version six which is used in IPv6 stateful autoconfiguration the owner and status of addresses don t need to be maintained by a DHCP server Every IPv6 device is able to generate its own and unique IP address automatically when Pv6 is initiated on its interface It combines the prefix and the interface ID generated from its own Ethernet MAC address see Interface ID and EUI 64 to form a complete IPv6 address When IPv6 is enabled on a device its interface automatically generates a link local address beginning with fe80 When the interface is connec
170. entifies the owner of the certificate such as Common Name CN OU Organizational Unit or department Organization O State ST and Country C It is recommended that each certificate have unique subject information Type This field displays general information about the certificate ca means that a Certification Authority signed the certificate Action Click the View icon to open a screen with an in depth list of information about the certificate or certification request Click the Delete icon to delete the certificate or certification request You cannot delete a certificate that one or more features is configured to use 16 4 Trusted CA Import Click Import Certificate in the Trusted CA screen to open the Import Certificate screen You can save a trusted certification authority s certificate to the Device Note You must remove any spaces from the certificate s filename before you can import the certificate FMG3024 D10A FMG3025 D10A Series User s Guide 163 Chapter 16 Certificates Figure 82 Trusted CA gt Import The certificate is in one ofthe following formats Binary X508 PEM Base 64 encoded Binary PKCS PEM Base 64 encoded PKCS 7 Certificate File Path Choose File No file chosen The following table describes the labels in this screen Table 48 Security gt Certificates gt Trusted CA gt Import LABEL DESCRIPTION Certificate File Ty
171. er an ATM network This agreement helps eliminate congestion which is important for transmission of real time data such as audio and video connections Peak Cell Rate PCR is the maximum rate at which the sender can send cells This parameter may be lower but not higher than the maximum line speed 1 ATM cell is 53 bytes 424 bits so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells sec This rate is not guaranteed because it is dependent on the line speed FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 5 Broadband Sustained Cell Rate SCR is the mean cell rate of each bursty traffic source It specifies the maximum average rate at which cells can be sent over the virtual connection SCR may not be greater than the PCR Maximum Burst Size MBS is the maximum number of cells that can be sent at the PCR After MBS is reached cell rates fall below SCR until cell rate averages to the SCR again At this time more cells up to the MBS can be sent at the PCR again If the PCR SCR or MBS is set to the default of 0 the system will assign a maximum value that correlates to your upstream line rate The following figure illustrates the relationship between PCR SCR and MBS Figure 23 Example of Traffic Shaping Cell Rate PCR ees SCR lt gt gt Time MBS MBS ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4 0 Specification Constan
172. ers Certificates are based on public private key pairs A certificate contains the certificate owner s identity and public key Certificates provide a way to exchange public keys for use in authentication 16 1 1 What You Can Do in this Chapter Use the Local Certificates screen to view and import the Device s CA signed certificates Section 16 2 on page 161 Use the Trusted CA screen to save the certificates of trusted CAs to the Device You can also export the certificates to a computer Section 16 3 on page 163 16 1 2 What You Need to Know The following terms and concepts may help as you read this chapter Certification Authorities A Certification Authority CA issues certificates and guarantees the identity of each certificate owner There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities Public and Private Keys When using public key cryptology for authentication each host has two keys One key is public and can be made openly available the other key is private and must be kept secure Public key encryption in general works as follows 1 Tim wants to send a private message to Jenny Tim generates a public private key pair What is encrypted with one key can only be decrypted using the other 2 Tim keeps the private key and makes the public key openly available 3 Tim uses his private key to encrypt the message and sends it to Jenny 4 Jenny receives the mess
173. ervice Use this screen to configure your Device s Voice over IP Provider settings SIP Account Use this screen to set up information about your SIP account and configure audio settings such as volume levels for the phones connected to the Device Phone Phone Device Use this screen to set which phone ports use which SIP accounts Call Rule Speed Dial Use this screen to configure speed dial for SIP phone numbers that you call often System Monitor Log Phone Log Use this screen to view the Device s phone logs VoIP Call History Use this screen to view the Device s VoIP call history FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 2 Introducing the Web Configurator Table 1 Navigation Panel Summary continued LINK TAB FUNCTION Traffic Status WAN Use this screen to view the status of all network traffic going through the WAN port of the Device LAN Use this screen to view the status of all network traffic going through the LAN ports of the Device NAT Use this screen to view the status of NAT sessions on the Device 3G Backup Use this screen to view the status of 3G Backup on the Device VoIP Status VoIP Status Use this screen to view the SIP phone and call status of the Device Maintenance Users Account Users Account Use this screen to configure the passwords your user accounts Remote MGMT Remote MGMT Use this screen to enable specific traffic direct
174. esponse ACKnowledgement PRACK method Select Supported or Required to have the Device include a SIP Require Supported header field with the option tag 100rel in all INVITE requests When the Device receives a SIP response message indicating that the phone it called is ringing the Device sends a PRACK message to have both sides confirm the message is received If you select Supported the peer device supports the option tag 100rel to send provisional responses reliably If you select Required the peer device requires the option tag 100rel to send provisional responses reliably Select Disabled to turn off this function Session Timer RFC 4028 Select this to have the Device support RFC 4028 This makes sure that SIP sessions do not hang and the SIP line can always be available for use VoIP IOP Flags Select VoIP inter operability settings Replace dial digit to 23 in SIP messages Remove 5060 and transport udp from request uri in SIP messages Remove the Route header in SIP messages Don t send re Invite to the remote party when there are multiple codecs answered in the Session Description Protocol SDP Remove the Authorization header in SIP ACK messages RTP Port Range FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP Table 58 VoIP gt SIP gt SIP Service Provider continued LABEL DESCRIPTION Start Port Enter the listening po
175. ess control 153 Media Access Control see MAC Address media server 102 activation 102 iTunes server 102 model name 63 MTU Multi Tenant Unit 86 multicast 87 multimedia 194 multiplexing 84 LLC based 84 VC based 84 multiprotocol encapsulation 84 N NAT 105 134 250 definitions 137 how it works 138 IPSec 177 traversal 177 what it does 138 negotiation mode 176 Network Address Translation see NAT network map 22 non proxy calls 193 O OK response 199 other documentation 2 FMG3024 D10A FMG3025 D10A Series User s Guide Index outside header 175 P passwords 19 Peak Cell Rate PCR 84 peer to peer calls 193 Per Hop Behavior see PHB PHB 132 200 phone book speed dial 193 PPP over Ethernet see PPPoE PPPoE 68 84 Benefits 84 prefix delegation 70 pre shared key 179 Printer Server 102 printer sharing and LAN 103 configuration 37 requirements 103 TCP IP port 37 product registration 308 protocol 68 PSTN call setup signaling 199 pulse dialing 199 Q QoS 121 122 131 199 Quality of Service see QoS Quick Start Guide 2 19 R Real time Transport Protocol see RTP registration product 308 related documentation 2 reset 230 RESET button 17 restart 231 restoring configuration 230 RFC 1483 84 RFC 1631 133 RFC 1889 198 RFC 3164 205 router advertisements 70 router features 15 RTP 198 S security network 151 service access control 217 Session Initiation Pro
176. ess known within another network 10 1 1 What You Can Do in this Chapter Usethe Port Forwarding screen to configure forward incoming service requests to the server s on your local network Section 10 2 on page 134 Use the Sessions screen to limit the number of concurrent NAT sessions each client can use Section on page 136 10 1 2 What You Need To Know The following terms and concepts may help as you read this chapter Inside Outside and Global Local Inside outside denotes where a host is located relative to the Device for example the computers of your subscribers are the inside hosts while the web servers on the Internet are the outside hosts Global local denotes the IP address of a host in a packet as the packet traverses a router for example the local address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side NAT In the simplest form NAT changes the source IP address in a packet received from a subscriber the inside local address to another the inside global address before forwarding the packet to the WAN side When the response comes back NAT translates the destination address the inside global address back to the inside local address before forwarding it to the original inside host Port Forwarding A port forwarding set is a list of inside behind NAT on the LAN server
177. est priority with at least 5 000 kbps You can do the following Configure a queue to assign the highest priority queue 7 to e mail traffic from the LAN interface so that e mail traffic would not get delayed when there is network congestion e Note the IP address 192 168 1 23 for example and or MAC address AA FF AA FF AA FF for example of your computer and map it to queue 7 Note QoS is applied to traffic flowing out of the Device Traffic that does not match this class is assigned a priority queue based on the internal QoS mapping table on the Device FMG3024 D10A FMG3025 D10A Series User s Guide 53 Chapter 3 Tutorials 1 2 3 ZyXEL Device DSL 10 000 kbps Your computer IP 192 168 1 23 and or MAC AA FF AA FF AA FF d E mail Queue 7 A colleague s computer Other traffic Automatic classifier Click Network Setting QoS General and check Active Set your WAN Managed Upstream Bandwidth to 10 000 kbps or leave this blank to have the Device automatically determine this figure Click Apply to save your settings M Active QoS WAN Managed Upstream Bandwidth 10000 kbps Traffic priority will be automatically assigned by None B Note You can assign the upstream bandwidth manually Ifthe field is empty the CPE setthe value automatically If Enable QoS checkbox is selected choose an automapping type to assign traffic priority automatically Apply Cancel Go t
178. etwork address of the final destination Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID IP Subnet Mask Enter the IP subnet mask here Gateway IP Address Bound Interface You can decide if you want to forward packets to a gateway IP address or a bound interface If you want to configure Gateway IP Address enter the IP address of the next hop gateway The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gateway helps forward packets to their destinations You can decide if you want to forward packets to a gateway IP address or a bound interface If you want to configure Bound Interface select the check box and choose an interface through which the traffic is sent You must have the WAN interface s already configured in the Broadband screen Apply Click Apply to save your changes Back Click Back to exit this screen without saving FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 8 Routing FMG3024 D10A FMG3025 D10A Series User s Guide Quality of Service QoS 9 1 Overview This chapter discusses the Device s QoS screens Use these screens to set up your Device to use QoS for traffic management Quality of Service QoS refers to both a network s ability to
179. faces communicate through the interface group s WAN or LAN interfaces but not other WAN or LAN interfaces 12 2 The Interface Group Screen You can manually add a LAN interface to a new group Use the LAN screen to configure the private IP addresses the DHCP server on the Device assigns to the clients in the default and or user defined groups Figure 65 Interface Grouping Application ETH 1 2 192 168 1 x 24 192 168 2 x 24 ETH 3 4 Click Network Setting Interface Group to open the following screen Figure 66 Network Setting gt Interface Group Add New Interface Group ETHER 22 33 44 66 br11 LAN1 LAN3 LANA 2 EtherWAN1 LAN2 4 i FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 12 Interface Group The following table describes the fields in this screen Table 35 Network Setting gt Interface Group LABEL DESCRIPTION Add New Click this button to create a new interface group Interface Group Group Name This shows the descriptive name of the group WAN Interface This shows the WAN interfaces in the group LAN Interfaces This shows the LAN interfaces in the group Criteria This shows the filtering criteria for the group Modify Click the Delete icon to remove the group Add Click this button to create a new group 12 2 1 Interface Group Configuration Click the Add New Interface Group button in the Interface Group screen to
180. fically for private use please do not use any other number unless you are told otherwise Let s say you select 192 168 1 0 as the network number which covers 254 individual addresses from 192 168 1 1 to 192 168 1 254 zero and 255 are reserved In other words the first three numbers specify the network number while the last number identifies an individual computer on that network Once you have decided on the network number pick an IP address that is easy to remember for instance 192 168 1 1 for your Device but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP address Your Device will compute the subnet mask automatically based on the IP address that you entered You don t need to change the subnet mask computed by the Device unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet for example only between your two branch offices you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has reserved the following three blocks of IP addresses specifically for private networks e 10 0 0 0 10 255 255 255 e 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If y
181. fier groups traffic into data flows according to specific criteria such as the source address destination address source port number destination port number or incoming interface For example you can configure a classifier to select traffic from the same protocol port such as Telnet to form a flow You can give different priorities to traffic that the Device forwards out through the WAN interface Give high priority to voice and video to make them run more smoothly Similarly give low priority to many large file downloads so that they do not reduce the quality of other applications Click Network Setting QoS Class Setup to open the following screen FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 9 Quality of Service QoS Figure 56 Network Setting gt QoS gt Class Setup Add new Classifier n From device Interface Local UnChange UnChange UnChange Fast Ether Type IP ICMP Protocol ICMP UnChange UnChange UnChange Fast Ether Type IP HTTP Protocol TCP UnChange UnChange UnChange Active user Destination Port 80 Ether Type IP HTTP Proxy Protocol TCP UnChange UnChange UnChange Active user Destination Port 8080 Ether Type IP HTTPS Protocol TCP UnChange UnChange UnChange Active user Destination Port 443 Ether Type IP LAN or WLAN TCP po Protocol TCP UnChange UnChange UnChange Slow Destination Port 1024 Ether Type IP LAN or WLAN UDP po Protocol UDP UnChange UnChange UnChange Slow Desti
182. figure source or destination MAC address IP address DHCP options DSCP value or the protocol type If you select 8021Q you can configure an 802 1p priority level and VLAN ID in the Others section Source MAC Address Select the check box and enter the source MAC address of the packet MAC Mask Type the mask for the specified MAC address to determine which bits a packet s MAC address should match Enter f for each bit of the specified source MAC address that the traffic s MAC address should match Enter 0 for the bit s of the matched traffic s MAC address which can be of any hexadecimal character s For example if you set the MAC address to 00 13 49 00 00 00 and the mask to ff ff ff 00 00 00 a packet with a MAC address of 00 13 49 12 34 56 matches this criteria IP Address Select the check box and enter the source IP address in dotted decimal notation A blank source IP address means any source IP address IP Subnet Mask Enter the source subnet mask Port Range If you select TCP or UDP in the IP Protocol field select the check box and enter the port number s of the source Exclude Select this option to exclude the packets that match the specified criteria from this classifier Destination MAC Address Select the check box and enter the destination MAC address of the packet MAC Mask Type the mask for the specified MAC address to determine which bits a packet s MAC address should match Enter f for eac
183. file you would not have to totally re configure the Device You could simply restore your last configuration Keep in mind that backing up a configuration file will not back up passwords used to set up PPPoE and VoIP Write down any information your ISP provides you 1 5 The RESET Button If you forget your password or cannot access the web configurator you will need to use the RESET button at the back of the device to reload the factory default configuration file This means that you will lose all configurations that you had previously and the passwords will be reset to the defaults 1 Make sure the POWER LED is on not blinking 2 To set the device back to the factory default settings press the RESET button for 5 seconds or until the POWER LED begins to blink and then release it When the POWER LED begins to blink the defaults have been restored and the device restarts FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 1 Introduction FMG3024 D10A FMG3025 D10A Series User s Guide Introducing the Web Configurator 2 1 Overview The web configurator is an HTML based management interface that allows easy device setup and management via Internet browser Use Internet Explorer 6 0 and later versions Mozilla Firefox 3 and later versions or Safari 2 0 and later versions The recommended screen resolution is 1024 by 768 pixels In order to use the web configurator you need to allow Web browser pop up windows fr
184. following figure either A or B can act as a SIP user agent client to initiate a call A and B can also both act as a SIP user agent to receive the call Figure 99 SIP User Agent SIP Proxy Server A SIP proxy server receives requests from clients and forwards them to another server In the following example you want to use client device A to call someone who is using client device C The client device A in the figure sends a call invitation to the SIP proxy server B The SIP proxy server forwards the call invitation to C FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP Figure 100 SIP Proxy Server A SIP Redirect Server A SIP redirect server accepts SIP requests translates the destination address to an IP address and sends the translated IP address back to the device that sent the request Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server Redirect servers do not initiate SIP requests In the following example you want to use client device A to call someone who is using client device C 1 Client device A sends a call invitation for C to the SIP redirect server B 2 The SIP redirect server sends the invitation back to A with C s IP address or domain name 3 Client device A then sends the call invitation to client device C FMG3024 D10A FMG3025 D10A Series User s Guide 197 Chapter 18 VoIP F
185. from 8 to 31 case sensitive ASCII characters or from 16 to 62 hexadecimal 0 9 A F characters You must precede a hexadecimal key with a Ox zero x which is not counted as part of the 16 to 62 character range for the key For example in 0x0123456789ABCDEF Ox denotes that the key is hexadecimal and 0123456789ABCDEF is the key itself Advanced Setting Phase 1 Encryption Select which key size and encryption algorithm to use in the IKE SA Choices Algorithm are 3DES a 168 bit key with the DES encryption algorithm AES128 a 128 bit key with the AES encryption algorithm AES256 a 256 bit key with the AES encryption algorithm The Device and the remote IPSec router must use the same key size and encryption algorithm Longer keys require more processing power resulting in increased latency and decreased throughput FMG3024 D10A FMG3025 D10A Series Users Guide 171 Chapter 17 VPN Table 51 IPSec VPN Add LABEL DESCRIPTION Authentication Select which hash algorithm to use to authenticate packet data Choices are Algorithm MD5 SHA1 SHA2 256 and SHA2 512 SHA is generally considered stronger than MD5 but it is also slower DH Select which Diffie Hellman key group you want to use for encryption keys Choices are Diffie Hellman Group2 use a 1024 bit random number Diffie Hellman Group5 use a 1536 bit random number Diffie Hellman Group14 use a 2048 bit random number The l
186. g broadcasts to a smaller and more manageable logical broadcast domain In traditional switched environments all broadcast packets go to each and every individual port With VLAN all broadcasts are confined to a specific broadcast domain Introduction to IEEE 802 1Q Tagged VLAN A tagged VLAN uses an explicit tag VLAN ID in the MAC header to identify the VLAN membership of a frame across bridges they are not confined to the switch on which they were created The VLANs can be created statically by hand or dynamically through GVRP The VLAN ID associates a frame with a specific VLAN and provides the information that switches need to process the frame across the network A tagged frame is four bytes longer than an untagged frame and contains two bytes of TPID Tag Protocol Identifier residing within the type length field of the Ethernet frame and two bytes of TCI Tag Control I nformation starts after the source address field of the Ethernet frame The CFI Canonical Format Indicator is a single bit flag always set to zero for Ethernet switches If a frame received at an Ethernet port has a CFI set to 1 then that frame should not be forwarded as it is to an untagged port The remaining twelve bits define the VLAN ID giving a possible maximum number of 4 096 VLANs Note that user priority and VLAN ID are independent of each other A frame with VID VLAN Identifier of null 0 is called a priority frame meaning that only the priority level
187. ge 193 You don t necessarily need to use all these screens to set up your account In fact if your service provider did not supply information on a particular field in a screen it is usually best to leave it at its default setting 18 1 2 What You Need to Know The following terms and concepts may help as you read this chapter VoIP VoIP stands for Voice over IP IP is the Internet Protocol which is the message carrying standard the Internet runs on So Voice over IP is the sending of voice signals speech over the Internet or another network that uses the Internet Protocol FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP SIP SIP stands for Session Initiation Protocol SIP is a signalling standard that lets one network device like a computer or the Device send messages to another In VoIP these messages are about phone calls over the network For example when you dial a number on your Device it sends a SIP message over the network asking the other device the number you dialed to take part in the call SIP Accounts A SIP account is a type of VolP account It is an arrangement with a service provider that lets you make phone calls over the Internet When you set the Device to use your SIP account to make calls the Device is able to send all the information about the phone call to your service provider on the Internet Strictly speaking you don t need a SIP account It is possible for one SIP
188. ge 194 for advanced technical information on SIP 18 1 3 Before You Begin Before you can use these screens you need to have a VoIP account already set up If you don t have one yet you can sign up with a VoIP service provider over the Internet FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP e You should have the information your VoIP service provider gave you ready before you start to configure the Device 18 2 The SIP Service Provider Screen Use this screen to configure the SIP server information QoS for VoIP calls the numbers for certain phone functions and dialing plan Click Vol P gt SIP to open the SIP Service Provider screen Note Click more to see all the fields in the screen You don t necessarily need to use all these fields to set up your account Click hide more to see and configure only the fields needed for this feature Figure 92 VoIP gt SIP gt SIP Service Provider SIP Service Provider Selection Service Provider Selection ChangeMe x Delete General SIP Service Provider M Enable SIP Service Provider SIP Service Provider Name ChangeMe SIP Local Port J5060 1025 65535 Main SIP Server Address ChangeMe SIP Server Port p060 1025 65535 REGISTER Server Address ChangeMe REGISTER Server Port 50650 1025 65535 SIP Service Domain Changeme hide more Bound Interface Name Bound Interface Name AnyWAN RFC Support PRACK
189. geMe i4 2 Analog Phone 2 ChangeMe i4 The following table describes the labels in this screen Table 61 VoIP gt Phone gt Phone Device LABEL DESCRIPTION This is the index number of the entry Phone ID This is the phone device number Outgoing SIP This is the outgoing SIP number of the phone device Number Modify Click the Edit icon to configure the SIP account 18 5 1 Edit Phone Device You can decide which SIP accounts the phones connected to the Device use by clicking the Edit icon next to a Phone ID The following screen displays You cannot edit the account if it is not activated Go to VoIP gt SIP gt SIP Account gt Edit to activate a SIP account see Section 18 3 on page 188 for more information Figure 97 Phone Device Edit Analog Phone Edit Xx SIP Account to Make Outgoing Call SIP Account SIP Number SIP Account SIP Iber giP 1 ChangeMe sip 2 ChangeMe SIP Account s to Receive Incoming Call m nii C ee uenenum und SIP Account SIP Number E Account SIP Number M siP 1 ChangeMe F siP2 ChangeMe Apply Back FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP The following table describes the labels in this screen Table 62 Phone Device Edit LABEL DESCRIPTION SIP Account to Make Outgoing Call SIP Account Select the SIP account you want to use when making outgoing calls with the analog phone connected to this phone
190. gnose Close work Connection P14 USB Adapter Note During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue 5 Select Internet Protocol Version 4 TCP I Pv4 and then select Properties FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address Figure 151 Windows 7 Local Area Connection Properties Connect using amp Broadcom NetXtreme Gigabit Ethemet This connection uses the following items 0M Client for Microsoft Networks vi fill aos Packet Scheduler ivi A File and Printer for Microsoft Networks M a A Intemet Protocol Version 4 T CPP vA amp Link Layer Topology Discovery Mapper l O Driver Link Layer Topology Discovery Responder ETC e Description Transmission Control Protocol Intemet Protocol The default wide area network protocol that provides communication across diverse interconnected networks 6 Thelnternet Protocol Version 4 TCP IPv4 Properties window opens FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address Figure 152 Windows 7 Internet Protocol Version 4 TCP IPv4 Properties Internet Protocol Version 4 TCP IPv4 Properties 9 Jm General You can get IP settings assigned automatically if your network supports this capability Otherwise you
191. h bit of the specified source MAC address that the traffic s MAC address should match Enter 0 for the bit s of the matched traffic s MAC address which can be of any hexadecimal character s For example if you set the MAC address to 00 13 49 00 00 00 and the mask to ff ff ff 00 00 00 a packet with a MAC address of 00 13 49 12 34 56 matches this criteria FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 9 Quality of Service QoS Table 27 Class Setup Add Edit continued LABEL DESCRIPTION IP Address Select the check box and enter the destination IP address in dotted decimal notation A blank source IP address means any source IP address IP Subnet Mask Enter the destination subnet mask Port Range If you select TCP or UDP in the IP Protocol field select the check box and enter the port number s of the source Exclude Select this option to exclude the packets that match the specified criteria from this classifier Others 802 1p This field is available only when you select 802 1Q in the Ether Type field Select this option and select a priority level between 0 and 7 from the drop down list box 0 is the lowest priority level and 7 is the highest IP Protocol This field is available only when you select I P in the Ether Type field Select this option and select the protocol service type from TCP or UDP If you select User defined enter the protocol service type numbe
192. h the SIP server Click Register to have the Device attempt to register the SIP account with the SIP server The second field displays the reason the account is not registered Inactive The SIP account is not active You can activate it in VoIP gt SIP SIP Settings Register Fail The last time the Device tried to register the SIP account with the SIP server the attempt failed The Device automatically tries to register the SIP account when you turn on the Device or when you activate it FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 4 Connection Status and System Info Table3 System Info Screen continued LABEL DESCRIPTION This shows Active when the SIP account has been registered and ready for use or I n Active when the SIP account is not yet registered Account Status This field displays the account number and service domain of the SIP URI account You can change these in VoIP gt SIP gt SIP Settings FMG3024 D10A FMG3025 D10A Series User s Guide e Chapter 4 Connection Status and System Info FMG3024 D10A FMG3025 D10A Series User s Guide Broadband 5 1 Overview This chapter discusses the Device s Broadband screens Use these screens to configure your Device for Internet access A WAN Wide Area Network connection is an outside connection to another network or the Internet It connects your private networks such as a LAN Local Area
193. hat match the specified criteria from this classifier Apply Click Apply to save your changes Back Click Back to return to the previous screen without saving FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 9 Quality of Service QoS 9 5 The QoS Monitor Screen To view the Device s QoS packet statistics click Network Setting QoS Monitor The screen appears as shown Figure 58 Network Setting gt QoS gt Monitor Monitor Refresh Interval No Refresh Status Interface Monitor 1 ptm0 3900 Queue Monitor OnFk Wh a WAN_Default_Queue LAN_Default_Queue Active user Passive user WAN LAN WAN WAN WAN WAN Fast oooooo oocoooo0 Slow The following table describes the labels in this screen Table 28 Network Setting gt QoS gt Monitor LABEL DESCRIPTION Monitor Refresh Interval Select how often you want the Device to update this screen Select No Refresh to stop refreshing statistics Status This is the index number of the entry Name This shows the name of the WAN interface on the Device Pass Rate bps Queue Monitor successfully Name This is the index number of the entry This shows the name of the queue Pass Rate bps This shows how much traffic bps assigned to this queue are transmitted successfully Drop Rate bps This shows how much traffic bps
194. he Internet Select this if you want to get a dynamic IP address from the ISP IP Address Enter the static IP address provided by your ISP Routing Feature NAT Enable Select this option to activate NAT on this connection FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 5 Broadband Table 6 Broadband Add Edit Routing PPPoE continued LABEL DESCRIPTION IGMP Proxy Enable Internet Group Multicast Protocol IGMP is a network layer protocol used to establish membership in a Multicast group it is not used to carry user data Select this option to have the Device act as an IGMP proxy on this connection This allows the Device to get subscribing information and maintain a joined member list for each multicast group It can reduce multicast traffic significantly Apply as Default Gateway Select this option to have the Device use the WAN interface of this connection as the system default gateway DNS Server The section is not available when you select Bridge in the WAN Service Type field Obtain DNS info Automatically Select this to have the Device get the DNS server addresses from the ISP automatically Use the following Select this to have the Device use the DNS server addresses you configure Static DNS IP manually Address Primary DNS Enter the first DNS server address assigned by the ISP Server Secondary DNS Server Enter the second DNS se
195. he Device s first choice for voice coder decoder Select the Device s second choice for voice coder decoder Select None if you only want the Device to accept the first choice Select the Device s third choice for voice coder decoder Select None if you only want the Device to accept the first or second choice Speaking Enter the loudness that the Device uses for speech that it sends to the peer Volume device Control Minimum is the quietest and Maximum is the loudest Listening Enter the loudness that the Device uses for speech that it receives from the peer Volume device Control Minimum is the quietest and Maximum is the loudest Active G 168 Select this if you want to eliminate the echo caused by the sound of your voice Echo reverberating in the telephone receiver while you talk Cancellation Active VAD Select this if the Device should stop transmitting when you are not speaking Voice Active This reduces the bandwidth the Device uses Detector Call Features Send Caller ID Select this if you want to send identification when you make VoIP phone calls Clear this if you do not want to send identification Active Call Select this to enable call transfer on the Device This allows you to transfer an Transfer incoming call that you have answered to another phone FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP Table 60 SIP Account Edit continued Wai
196. he clients If you turn DHCP service off you must have another DHCP server on your LAN or else the computer must be manually configured IP Pool Setup The Device is pre configured with a pool of IP addresses for the DHCP clients DHCP Pool See the product specifications in the appendices Do not assign static IP addresses from the DHCP pool to your LAN computers LAN TCP IP The Device has built in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability IP Address and Subnet Mask Similar to the way houses on a street share a common street name so too do computers on a LAN share one common network number FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking Where you obtain your network number depends on your particular situation If the ISP or your network administrator assigns you a block of registered IP addresses follow their instructions in selecting the IP addresses and the subnet mask If the ISP did not explicitly give you an IP network number then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established If this is the case it is recommended that you select a network number from 192 168 0 0 to 192 168 255 0 and you must enable the Network Address Translation NAT feature of the Device The Internet Assigned Number Authority IANA reserved this block of addresses speci
197. http For example http 192 168 167 1 Click Add to move the IP address to the list of Allowed sites Figure 183 Pop up Blocker Settings Pop up Blocker Settings Exceptions Pop ups are currently blocked You can allow pop ups from specific Web sites by adding the site to the list below Address of Web site to allow http 192 168 1 1 Add Allowed sites Notifications and Filter Level Play a sound when a pop up is blocked Show Information Bar when a pop up is blocked Filter Level Medium Block most automatic pop ups Pop up Blocker FAQ FMG3024 D10A FMG3025 D10A Series User s Guide Appendix C Pop up Windows JavaScript and Java Permissions 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScript If pages of the web configurator do not display properly in Internet Explorer check that J avaScript are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 184 Internet Options Security Internet Options jd x General Security Privacy Content Connections Programs Advanced Select a Web content zone to specify its security settings d oS Intemet Local intranet Trusted sites Restricted sites Internet QB This zone contains all Web sites you Gites haven t placed in other zones r Security level for this zone Move the slider to set the security level for this zone
198. ible examples would be over the telephone or through an HTTPS connection 16 2 Local Certificates Use this screen to view the Device s summary list of certificates and certification requests You can import the following certificates to your Device Web Server This certificate secures HTTP connections FMG3024 D10A FMG3025 D10A Series User s Guide EB Chapter 16 Certificates SIP TLS This certificate secures VolP connections SSH SCP SFTP This certificate secures remote connections Click Security Certificates to open the Local Certificates screen Figure 80 Security gt Certificates gt Local Certificates WebServer Replace PrivateKey Certificate file in PEM format ne al Browse web pem O ZyXEL CN zyxel com tw 2009 10 07 00 48 07 GW O ZyXEL CN zyxel com tw xdi 48 07 o SSH SCP SFTP Browse ssh rsa RSA B Note SSH SCP SFTP Maximum key length supported is up to 4096 bits default is 2048 bits and the initialization time is proportional to key length You need to adjust your application timeout settings to adapt this variation Replace Reset The following table describes the labels in this screen Table 46 Security gt Certificates gt Local Certificates LABEL DESCRIPTION WebServer Click Browse to find the certificate file you want to upload Current File This field displays the name used
199. ic is going DSCP and Per Hop Behavior DiffServ defines a new DS Differentiated Services field to replace the Type of Service TOS field in the IP header The DS field contains a 2 bit unused field and a 6 bit DSCP field which can define up to 64 service levels The following figure illustrates the DS field DSCP is backward compatible with the three precedence bits in the ToS octet so that non DiffServ compliant ToS enabled network device will not conflict with the DSCP mapping Figure 102 DiffServ Differentiated Service Field DSCP Unused 6 bit 2 bit The DSCP value determines the forwarding behavior the PHB Per Hop Behavior that each packet gets across the DiffServ network Based on the marking rule different kinds of traffic can be marked for different priorities of forwarding Resources can then be allocated according to the DSCP values and the configured policies VLAN Tagging Virtual Local Area Network VLAN allows a physical network to be partitioned into multiple logical networks Only stations within the same group can communicate with each other Your Device can add IEEE 802 1Q VLAN ID tags to voice frames that it sends to the network This allows the Device to communicate with a SIP server that is a member of the same VLAN group Some ISPs use the VLAN tag to identify voice traffic and give it priority over other traffic 18 7 4 Phone Services Overview Supplementary services such as call ho
200. ice s current configuration to a file on your computer Once your Device is configured and functioning properly it is highly recommended that you back up your configuration file before making configuration changes The backup configuration file will be useful in case you need to return to your previous settings Click Backup to save the Device s current configuration to your computer FMG3024 D10A FMG3025 D10A Series User s Guide EJ Chapter 28 Backup Restore Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your Device Table 82 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it Browse Click this to find the file you want to upload Remember that you must decompress compressed ZIP files before you can upload them Upload Click this to begin the upload process Reset Click this to reset your device settings back to the factory default Do not turn off the Device while configuration file upload is in progress After the Device configuration has been restored successfully the login screen appears Login again to restart the Device The Device automatically restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 123 Network T
201. ice get the DNS server addresses from the ISP automatically Use the following Select this to have the Device use the DNS server addresses you configure Static DNS IP manually Address Primary DNS Enter the first DNS server address assigned by the ISP Server Secondary DNS Server Enter the second DNS server address assigned by the ISP IPv6 Address This section is not available when you select Disable in the I Pv6 I Pv4 DualStack field Obtain I Pv6 Address Automatically Select this option if you want to have the Device use the IPv6 prefix from the connected router s Router Advertisement RA to generate an IPv6 address Enable Non temporary addresses The DHCPv6 server controls the time at which the client contacts with the server to extend the lifetimes on any addresses before the lifetimes expire After a first time limit specified by the server is reached the client sends the server a Renew message Select this option to have the server renew the lease before the second server specified time limit is reached Enable Prefix Delegation Select this to enable Prefix Delegation This enables an IPv6 router to use the IPv6 prefix network address received from the ISP or a connected uplink router for its LAN Static I Pv6 Address Select this option if you have a fixed IPv6 address assigned by your ISP IPv6 Address Enter the static IPv6 address provided by your ISP using
202. ice s configuration FMG3024 D10A FMG3025 D10A Series User s Guide 231 Chapter 28 Backup Restore 232 FMG3024 D10A FMG3025 D10A Series User s Guide 29 1 Overview Diagnostic You can use different diagnostic methods to test a connection and see the detailed information These read only screens display information to help you identify problems with the Device 29 2 The Ping TraceRoute Screen Ping and traceroute help check availability of remote hosts and also help troubleshoot network or Internet connections Click Maintenance Diagnostic to open the Ping TraceRoute screen shown next Figure 126 Maintenance gt Diagnostic gt Ping TraceRoute PING 192 168 1 33 192 168 1 33 56 data bytes 192 168 1 33 ping statistics 4 packets transmitted 0 packets received 10096 packet loss Hu SY Ping TraceRoute The following table describes the fields in this screen Table 83 Maintenance gt Diagnostic gt Ping TraceRoute LABEL DESCRIPTION Ping Type the IP address of a computer that you want to ping in order to test a connection Click Ping and the ping statistics will show in the diagnostic TraceRoute Click this button to perform the traceroute function This determines the path a packet takes to the specified host FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 29 Diagnostic FMG3024 D10A FMG3025 D10A Series User
203. ies Recorded TV 3 6 3 Using a Digital Media Adapter This section shows you how you can use the Device with a ZyXEL DMA 2500 to play media files stored in the USB storage device in your TV screen Note For this tutorial your DMA 2500 should already be set up with the TV according to the instructions in the DMA 2500 Quick Start Guide 1 Connect the DMA 2500 to an available LAN port in your Device USB Storage Device DMA 2500 ZyXEL Device 2 Turn on the TV and wait for the DMA 2500 Home screen to appear Using the remote control go to MyMedia to open the following screen Select the Device as your media server FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials INTER fff 02 TWPC 13262 01 3 The screen shows you the list of available media files in the USB storage device Select the file you want to open and push the Play button in the remote control ES Di x IE 1 Videos 2 ZyXEL Celebration Video gt 3 ZXEL Connecting the Future 3 7 Using the Print Server Feature In this section you can Configure a TCP IP Printer Port Add a New Printer Using Windows Add a New Printer Using Macintosh OS X Configure a TCP IP Printer Port This example shows how you can configure a TCP IP printer port This example is done using the Windows 2000 Professional operating system Some menu items may look different on your operating system The TCP IP por
204. if you have a static IP address Fill in the IP address Subnet mask and Hostname fields 7 Click Next to save the changes and close the Network Card Setup window 8 Ifyou know your DNS server IP address es click the Hostname DNS tab in Network Settings and then enter the DNS server information in the fields provided FMG3024 D10A FMG3025 D10A Series User s Guide 279 Appendix B Setting Up Your Computer s IP Address Figure 177 openSUSE 10 3 Network Settings YasT2Glinux h2oz Enter the name for this computer and the DNS domain that it belongs to Optionally enter the name server list and domain search list Note that the hostname is global it applies to all Network Settings Global Options Overview Hostname DNs J Routing m Hostname and Domain Name Hostname Domain Name linux h2oz site Change Hostname via DHCP C Write Hostname to etc hosts interfaces not just this one The domain is especially important if this computer is a mail server If you are using DHCP to get an IP address check whether to get a hostname via DHCP The hostname of your host which can be seen by issuing the hostname command will be set automatically by the DHCP client You may want to disable this option if you connect 4 to different networks m X Change etc resolv conf manually m Name Servers and Domain Search List Domain Search
205. igure 101 SIP Redirect Server SIP Register Server A SIP register server maintains a database of SIP identity to IP address or domain name mapping The register server checks your user name and password when you register RTP When you make a VoIP call using SIP the RTP Real time Transport Protocol is used to handle voice data transfer See RFC 3550 for details on RTP Pulse Code Modulation Pulse Code Modulation PCM measures analog signal amplitudes at regular time intervals and converts them into bits SIP Call Progression The following figure displays the basic steps in the setup and tear down of a SIP call A calls B Table 64 SIP Call Progression A B 1 INVITE j gt 4 2 Ringing lt i 3 OK 4 ACK r 5 Dialogue voice traffic 6 BYE pe i 7 OK FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP 1 Asends a SIP INVITE request to B This message is an invitation for B to participate in a SIP telephone call 2 B sends a response indicating that the telephone is ringing 3 B sends an OK response after the call is answered 4 Athen sends an ACK message to acknowledge that B has answered the call 5 Now A and B exchange voice media talk 6 After talking A hangs up and sends a BYE request 7 B replies with an OK response confirming receipt of the BYE request and the call is terminated Voice Coding A codec coder decoder codes analog
206. ils Cancel Click OK to go back to the Add Remove Programs Properties window and click Next Restart the computer when prompted Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP Click Start and Control Panel Double click Network Connections In the Network Connections window click Advanced in the main menu and select Optional Networking Components Figure 38 Network Connections s Network Connections File Edit View Favorites Tools Help gt Operator Assisted Dialing Bak J d Dial up Preferences Ed cL a man eee a tin Address r3 Network Connections Network Identification Mags Bridge Connections Network Tasks Advanced Settings Optional Networking Components 4 The Windows Optional Networking Components Wizard window displays Select Networking Service in the Components selection box and click Details FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking Figure 39 Windows Optional Networking Components Wizard Windows Optional Networking Components Wizard Windows Components You can add or remove components of Windows XP To add or remove a component click the checkbox amp shaded box means that only part of the component will be installed To see what s included in a component click Details Components s 26 Management and Monitoring Tools M
207. ing Up Your WAN Connection This tutorial shows you how to set up your Internet connection using the web configurator Use the information from your Internet Service Provider ISP to configure the Device Do the following steps Connect the Device properly Refer to the Quick Start Guide for details on the Device s hardware connection Connect one end of a fiber cable to the fiber port for data traffic on your Device Connect one end of Ethernet cable to an Ethernet port on the Device and the other end to a computer that you will use to access the web configurator Connect the Device to a power source turn it on and wait for the POWER LED to become a steady green Turn on the modem provided by your ISP as well as the computer Account Configuration Click Network Setting Broadband to open the Broadband screen Click Add new WAN Interface FMG3024 D10A FMG3025 D10A Series User s Guide 25 Chapter 3 Tutorials Enter the settings for your connection as specified by the ISP and save your changes You should see a summary of your new connection setup in the Broadband screen Try to connect to a website such as www zyxel com to see if you have correctly set up your Internet connection Be sure to contact your service provider for any information you need to configure the WAN screens 3 3 Setting Up NAT Port Forwarding 1 2 In this tutorial you manage the Doom server on a computer behind the Device In order f
208. ing it know where to send the REGISTER message as well as the relevant user and authorization data A SIP registration has a limited lifespan The User Agent Client must renew its registration within this lifespan If it does not do so the registration data will be deleted from the SIP registrar s database and the connection broken The Device attempts to register all enabled subscriber ports when it is switched on When you enable a subscriber port that was previously disabled the Device attempts to register the port immediately Authorization Requirements SIP registrations and subsequent SIP requests require a username and password for authorization These credentials are validated via a challenge response system using the HTTP digest mechanism as detailed in RFC3261 SIP Session Initiation Protocol FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP 1 2 SIP Servers SIP is a client server protocol A SIP client is an application program or device that sends SIP requests A SIP server responds to the SIP requests When you use SIP to make a VoIP call it originates at a client and terminates at a server A SIP client could be a computer or a SIP phone One device can act as both a SIP client and a SIP server SIP User Agent A SIP user agent can make and receive VoIP telephone calls This means that SIP can be used for peer to peer communications even though it is a client server protocol In the
209. ing on your Device in order to share files 1 Click Add new share in the File Sharing screen to configure a new share Select your USB device from the Volume drop down list box 2 Click Browse to browse through all the files on your USB device Select the folder that you want to add as a share In this example select Bob s Share Click Apply e GENERIC USB Mass Storage 100 1 c A Mac 09 38 36 65 r zywall 1050 dir poring R 2010 04 27 c A Win 7 14 51 36 C ei NWD 2205 PowerPC MacOS10 4 Driver 1003 UI 1 7 9 a Lege P San is 2010 08 22 pe 3 You can add a description for the share or leave it blank The Add Share Directory screen should look like the following Click Apply to finish Volume GENERIC USB Mass Storage 100 1 x Share Path Bob s Share Browse Description Ep 4 This sets up the file sharing server You can see the USB storage device listed in the table below Share Directory List Share Name Share Description GENERIC USB Mass FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials 3 5 2 Access Your Shared Files From a Computer You can use Windows Explorer to access the file storage devices connected to the Device Note The examples in this User s Guide show you how to use Microsoft s Windows XP to browse your shared files Refer to your operating system s documentation for how to browse your file structure Open Windows Explorer to ac
210. inimum level An example of an VBR nRT connection would be non time sensitive data file transfers Unspecified Bit Rate UBR The Unspecified Bit Rate UBR ATM traffic class is for bursty data transfers However UBR doesn t guarantee any bandwidth and only delivers traffic when the network has spare bandwidth An example application is background file transfer IP Address Assignment A static IP is a fixed IP that your ISP gives you A dynamic IP is not fixed the ISP assigns you a different one each time The Single User Account feature can be enabled or disabled if you have either a dynamic or static IP However the encapsulation method assigned influences your choices for IP address and default gateway Introduction to VLANs A Virtual Local Area Network VLAN allows a physical network to be partitioned into multiple logical networks Devices on a logical network belong to one group A device can belong to more than one group With VLAN a device cannot directly talk to or hear from devices that are not in the same group s the traffic must first go through a router In Multi Tenant Unit MTU applications VLAN is vital in providing isolation and security among the subscribers When properly configured VLAN prevents one subscriber from accessing the network resources of another on the same LAN thus a user will not see the printers and hard disks of another user in the same building VLAN also increases network performance by limitin
211. inistrator ae 7 5 1 Before You Begin Make sure the Device is connected to your network and turned on 1 Connect the USB device to one of the Device s USB ports Make sure the Device is connected to your network 2 The Device detects the USB device and makes its contents available for browsing If you are connecting a USB hard drive that comes with an external power supply make sure it is connected to an appropriate power source that is on Note If your USB device cannot be detected by the Device see the troubleshooting for suggestions Use this screen to set up file sharing using the Device To access this screen click Network Setting gt Home Networking gt File Sharing Figure 30 Network Setting gt Home Networking gt File Sharing Server Configuration File Sharing Services SMB Enable C Disable Share Directory List Add new share Iv i USB Storage GENERIC USB USB Storage ZW FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking Each field is described in the following table Table 16 Network Setting gt Home Networking gt File Sharing LABEL DESCRIPTION Server Configuration File Sharing Select Enable to activate file sharing through the Device Services SMB Add new share Click this to set up a new share on the Device Select the check box to make the share available to the network Otherwise clear this Stat
212. inted correctly Otherwise select No and then click Next to continue FMG3024 D10A FMG3025 D10A Series User s Guide 47 Chapter 3 Tutorials Add Printer Wizard Print Test Page To confirm that the printer is installed properly you can print a test page Do you want to print a test page lt Back Next gt Cancel 20 The following screen shows your current printer settings Select Finish to complete adding a new printer Add Printer Wizard Completing the Add Printer Wizard You have successfully completed the Add Printer Wizard You specified the following printer settings Name HP DeskJet 1220C Share name lt Not Shared gt Port IP 192 168 1 1 Model HP DeskJet 1220C Default Yes Testpage Yes To close this wizard click Finish lt Back Finish Cancel Add a New Printer Using Macintosh OS X Complete the following steps to set up a print server driver on your Macintosh computer 1 Click the Print Center icon located in the Macintosh Dock a place holding a series of icons shortcuts at the bottom of the desktop Proceed to step 6 to continue If the Print Center icon is not in the Macintosh Dock proceed to the next step 2 On your desktop double click the Macintosh HD icon to open the Macintosh HD window 3 Double click the Applications folder EB FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials 10 eoo Bl Macintosh HD gt E
213. ion ysconnect Configure 1 id Click the lock to prevent further changes Apply Now 4 For dynamically assigned settings select Using DHCP from the Configure I Pv4 list in the TCP IP tab FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address Figure 157 Mac OS X 10 4 Network Preferences gt TCP IP Tab ean Network 4 ShowAl Q Location Automatic als Show Built in Ethernet TCP IP PPPoE AppleTalk Proxies Ethernet Configure IPv4 Using DHCP n IP Address 0 0 0 0 Renew DHCP Lease Subnet Mask DHCP Client ID If required Router DNS Servers Search Domains Optional IPv6 Address Configure IPv6 2 f i Click the lock to prevent further changes Assist me Apply Now 5 For statically assigned settings do the following From the Configure I Pv4 list select Manually In the IP Address field type your IP address In the Subnet Mask field type your subnet mask n the Router field type the IP address of your device FMG3024 D10A FMG3025 D10A Series User s Guide 267 Appendix B Setting Up Your Computer s IP Address Figure 158 Mac OS X 10 4 Network Preferences gt Ethernet ean Network Show All Q Location Automatic 5 Show Built in Ethernet 5 TCP IP PPPoE AppleTalk Proxies Ethernet
214. ion The Device fails to detect my USB device 1 Disconnect the USB device 2 Reboot the Device 3 If you are connecting a USB hard drive that comes with an external power supply make sure it is connected to an appropriate power source that is on 4 Re connect your USB device to the Device FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 31 Troubleshooting 31 7 UPnP When using UPnP and the Device reboots my computer cannot detect UPnP and refresh My Network Places Local Network 1 Disconnect the Ethernet cable from the Device s LAN port or from your computer 2 Re connect the Ethernet cable The Local Area Connection icon for UPnP disappears in the screen Restart your computer cannot open special applications such as white board file transfer and video when use the MSN messenger Q1 Wait more than three minutes 2 Restart the applications FMG3024 D10A FMG3025 D10A Series User s Guide IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks IP addresses identify individual devices on a network Every networking device such as computers servers routers and printers needs an IP address to communicate across the network These networking devices are also known as hosts Subnet masks determine the maximum number of possible hosts on a network You can also use subnet masks to divide one network into multiple sub networks
215. ion Panel Summary LINK TAB FUNCTION Connection Status This screen shows the network status of the Device and computers devices connected to it Network Setting Broadband Broadband Use this screen to view and modify your WAN interface You can also configure ISP parameters WAN IP address assignment DNS servers and other advanced properties 3G Backup Use this screen to configure the 3G WAN connection CATV CATV Use this screen to enable cable television functions Home LAN Setup Use this screen to configure LAN TCP IP settings and other Networking advanced properties Static DHCP Use this screen to assign specific IP addresses to individual MAC addresses UPnP Use this screen to enable the UPnP function File Sharing Use this screen to enable file sharing via the Device Media Server Use this screen to enable or disable the sharing of media files Printer Server Use this screen to enable or disable sharing of a USB printer via your Device FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 2 Introducing the Web Configurator Table 1 Navigation Panel Summary continued LINK TAB FUNCTION Static Route Static Route Use this screen to view and set up static routes on the Device DNS Route DNS Route Use this screen to view and configure DNS routes QoS General Use this screen to enable QoS and decide allowable
216. ions for network services SNMP SNMP Use this screen to configure SNMP settings System System Use this screen to configure the Device s name domain name management inactivity time out Time Time Setting Use this screen to change your Device s time and date Log Setting Log Setting Use this screen to select which logs and or immediate alerts your device is to record You can also set it to e mail the logs to you Firmware Firmware Use this screen to upload firmware to your device Upgrade Upgrade Backup Backup Restore Use this screen to backup and restore your device s Restore configuration settings or reset the factory default settings Reboot Reboot Use this screen to reboot the Device without turning the power off Diagnostic Ping TraceRoute Use this screen to test the connections to other devices Auto Provision Auto Provision Use this screen to configure Auto Provision settings for automatically updating the Device settings FMG3024 D10A FMG3025 D10A Series User s Guide Tutorials 3 1 Overview This chapter contains the following tutorials Setting Up Your WAN Connection Setting Up NAT Port Forwarding How to Make a VoIP Call Using the File Sharing Feature Using the Media Server Feature Using the Print Server Feature Configuring Static Route for Routing to Another Network Configuring QoS Queue and Class Setup Access the Device Using DDNS 3 2 Sett
217. is connected to the Device s LAN R connects to two networks N1 192 168 1 x 24 and N2 192 168 10 x 24 If you want to send traffic from computer A in N1 network to computer B in N2 network the traffic is sent to the Device s WAN default gateway by default In this case B will never receive the traffic INTERNE iN2 FMG3024 D10A FMG3025 D10A Series User s Guide st Chapter 3 Tutorials You need to specify a static routing rule on the Device to specify R as the router in charge of forwarding traffic to N2 In this case the Device routes traffic from A to R and then R routes the traffic to B This tutorial uses the following example IP settings Table2 IP Settings in this Tutorial DEVICE COMPUTER IP ADDRESS The Device s WAN 172 16 1 1 The Device s LAN 192 168 1 1 A 192 168 1 34 R s N1 192 168 1 253 R s N2 192 168 10 2 B 192 168 10 33 To configure a static route to route traffic from N1 to N2 1 Click Network Setting Routing Click Add New Static Route Add New Static Route Active Status MName Destination IP Gateway Subnet Mask Interface Modify 2 Configure the Static Route Setup screen using the following settings Select Active Specify a descriptive name for this routing rule Type 192 168 10 0 and subnet mask 255 255 255 0 for the destination N2 Type 192 168 1 253 R s N1 address in the Gateway IP Address field 52 FM
218. is significant and the default VID of the ingress port is given as the VID of the frame Of the FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 5 Broadband 4096 possible VIDs a VID of 0 is used to identify priority frames and value 4095 FFF is reserved so the maximum possible VLAN configurations are 4 094 TPID User Priority CFI VLAN ID 2 Bytes 3 Bits 1 Bit 12 Bits Multicast IP packets are transmitted in either one of two ways Unicast 1 sender 1 recipient or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and not just 1 Internet Group Multicast Protocol IGMP is a network layer protocol used to establish membership in a Multicast group it is not used to carry user data IGMP version 2 RFC 2236 is an improvement over version 1 RFC 1112 but IGMP version 1 is still in wide use If you would like to read more detailed information about interoperability between IGMP version 2 and version 1 please see sections 4 and 5 of RFC 2236 The class D IP address is used to identify host groups and can be in the range 224 0 0 0 to 239 255 255 255 The address 224 0 0 0 is not assigned to any group and is used by IP multicast computers The address 224 0 0 1 is used for query messages and is assigned to the permanent group of all IP hosts including gateways All hosts must join the 224 0 0 1 group in order to participate in
219. is to create a new WAN interface Interface This is the index number of the connection Name This is the service name of the connection Mode This shows whether the connection is in routing mode or bridge mode Encapsulation This shows the method of encapsulation used by this connection IPv6 IPv4 Mode This shows the IPv6 IPv4 mode IPv4 Only I Pv6 IPv4 DualStack IPv4 and IPv6 at the same time or I Pv6 Only Vlan8021p This indicates the 802 1P priority level assigned to traffic sent through this connection This displays N A when there is no priority level assigned VlanMuxl d This indicates the VLAN ID number assigned to traffic sent through this connection This displays N A when there is no VLAN ID number assigned IGMP Proxy This shows whether IGMP Internet Group Multicast Protocol is activated or not for this connection IGMP is not available when the connection uses the bridging service NAT This shows whether NAT is activated or not for this connection NAT is not available when the connection uses the bridging service Default Gateway This shows whether the Device uses the interface of this connection as the system default gateway Modify Click the Edit icon to configure the connection Click the Delete icon to delete this connection from the Device A window displays asking you to confirm that you want to delete the connection 5 2 1 Add Edit Internet Connection
220. is used to determine which bits are part of the network number and which bits are part of the host ID using a logical AND operation The term subnet is short for sub network A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal Table 85 P Address Network Number and Host ID Example 1ST OCTET 2ND y SED 4TH OCTET 192 168 1 2 IP Address Binary 11000000 10101000 00000001 00000010 Subnet Mask Binary 11111111 11111111 11111111 00000000 Network Number 11000000 10101000 00000001 Host ID 00000010 By convention subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask followed by a continuous sequence of zeros for a total number of 32 bits Subnet masks can be referred to by the size of the network number part the bits with a 1 value For example an 8 bit mask means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes FMG3024 D10A FMG3025 D10A Series User s Guide Appendix A IP Addresses and Subnetting Subnet masks are expressed in dotted decimal
221. it Use this screen to configure a restricted access schedule and or URL filtering settings to block the users on your network from accessing certain web sites Figure 77 Add Edit Parental Control Rule Add new PCP s General Active Parental Control Profile Name Home Network User All b Internet Access Schedule Day M Everyday M Monday M Tuesday M Wednesday M Thursday M Friday M Saturday M Sunday Time Start End 00 00 24 00 00 00 24 00 No access fff Authorized access Network Service Network Service Setting Block selected service s Add new service Blocked Site URL Keyword n sone Apply Back The following table describes the fields in this screen Table 45 Add Edit Parental Control Rule LABEL DESCRIPTION General Active Select the checkbox to activate this parental control rule 156 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 15 Parental Control Table 45 Add Edit Parental Control Rule continued LABEL DESCRIPTION Parental Control Profile Name Enter a descriptive name for the rule Home Network User Select the LAN user that you want to apply this rule to from the drop down list box If you select Custom enter the LAN user s MAC address If you select All the rule applies to all LAN users Internet Access Schedule Day Select check boxes for the days that you want the Device to perform parenta
222. it tries again to register the SIP account if the first try failed or if there is no response Enter the number of seconds the Device lets a SIP session remain idle without traffic before it automatically disconnects the session FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP Table 58 VoIP gt SIP gt SIP Service Provider continued LABEL DESCRIPTION Min SE Enter the minimum number of seconds the Device lets a SIP session remain idle without traffic before it automatically disconnects the session When two SIP devices start a SIP session they must agree on an expiration time for idle sessions This field is the shortest expiration time that the Device accepts Dialing Interval Sel ection Dialing Interval Selection Enter the number of seconds the Device should wait after you stop dialing numbers before it makes the phone call The value depends on how quickly you dial phone numbers Phone Key Config Use this section to the Device customize the phone keypad combinations you use to access certain features on Call Return Caller Display Call Specify the key combinations that you can enter to place a call to the last number that called you This code is used to display the caller ID for outgoing calls Caller Hidden Call One Shot Caller This code is used to hide the caller ID for outgoing calls This code is used to display the caller ID
223. k Line Enable number is a phone number Hot Line is the number to be immediately dialed once the phone is off the hook Warm Line is the number to dial once the phone remains off the hook for a time surpassing the delay period Hot Line Enter the number to be dialed once the phone is off the hook immediately Hot RUE Line Line or after the time the phone remains off the hook has surpassed the delay MA period Warm Line Warm Line Enter the duration the phone can remain off the hook before automatically Timer sec dialing the warm line number You can set the delay from 5 to 300 seconds Active Select this if you do not want the phone to ring when someone tries to call you with caller ID deactivated Apply Click Apply to save your changes Back Click Back to return to the previous screen without saving 18 4 Multiple SIP Accounts You can set up two SIP accounts on your Device and your Device is equipped with two phone ports By default SIP1 of the Device maps to phone port 1 for incoming and outgoing and SIP2 maps to phone port 2 for incoming and outgoing FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP 18 5 Phone Screen Use this screen to control which SIP accounts and PSTN line each phone uses Click Vol P gt Phone to access the Phone Device screen Figure 96 VolP gt Phone gt Phone Device Analog Phone Phone ID Outgoing SIP Number Modify 1 Analog Phone 1 Chan
224. k Furthermore with NAT all of the LANs computers will have access RFC 1483 RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 AAL5 The first method allows multiplexing of multiple protocols over a single ATM virtual circuit LLC based multiplexing and the second method assumes that each protocol is carried over a separate ATM virtual circuit VC based multiplexing Please refer to RFC 1483 for more detailed information Multiplexing There are two conventions to identify what protocols the virtual circuit VC is carrying Be sure to use the multiplexing method required by your ISP VC based Multiplexing In this case by prior mutual agreement each protocol is assigned to a specific virtual circuit for example VC1 carries IP etc VC based multiplexing may be dominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical LLC based Multiplexing In this case one VC carries multiple protocols with protocol identifying information being contained in each packet header Despite the extra bandwidth and processing overhead this method may be advantageous if it is not practical to have a separate VC for each carried protocol for example if charging heavily depends on the number of simultaneous VCs Traffic Shaping Traffic Shaping is an agreement between the carrier and the subscriber to regulate the average rate and fluctuations of data transmission ov
225. l control Time Drag the time bar to define the time that the LAN user is allowed access Network Service Network Service Setting If you select Block the Device prohibits the users from viewing the Web sites with the URLs listed below If you select Access the Device blocks access to all URLs except ones listed below Add new service Click this to show a screen in which you can add a new service rule You can configure the Service Name Protocol and Name of the new rule This shows the index number of the rule Select the checkbox next to the rule to activate it Service Name This shows the name of the rule Protocol Port This shows the protocol and the port of the rule Modify Click the Edit icon to go to the screen where you can edit the rule Click the Delete icon to delete an existing rule Blocked Site URL Keyword Click Add to show a screen to enter the URL of web site or URL keyword to which the Device blocks access Click Delete to remove it Apply Click this button to save your settings back to the Device Back Click this button to return to the previous screen without saving any changes FMG3024 D10A FMG3025 D10A Series User s Guide 157 Chapter 15 Parental Control FMG3024 D10A FMG3025 D10A Series User s Guide Certificates 16 1 Overview The Device can use certificates also called digital IDs to authenticate us
226. lay to the USB port of your Device 3 6 1 Configuring the Device Note The Media Server feature is enabled by default To use your Device as a media server click Network Setting Home Networking Media Server 32 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials M Enable Media Server env Check Enable Media Server and click Apply This enables DLNA compliant media clients to play the video music and image files in your USB storage device 3 6 2 Using Windows Media Player This section shows you how to play the media files on the USB storage device connected to your Device using Windows Media Player USB Storage Device Computer with Windows Media Player ZyXEL Device Windows Vista 1 Open Windows Media Player and click Library gt Media Sharing as follows E Windows Media Player Now Playing dd Music Library Songs Create Playlist Create Auto Playlist El p Playlists Album Pj Create Playlist Aaron Goldberg Music El Jd Library jo Pictures D Artist Worlds ke Video 2 Album Aaron Goldberg Recorded TV J Songs i Jazz Other Genre 2006 Year Add to Lib E Ly Rating Apply Media Intormaton Aisha Duo Add Favorites to List When Draaging Quiet Songs Aisha Duo Jazz 2005 FMG3024 D10A FMG3025 D10A Series User s Guide 33 More Options Help with Using the Library
227. ld call waiting and call transfer are generally available from your VoIP service provider The Device supports the following services 2 The Device does not support DiffServ at the time of writing FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP Call Hold Call Waiting Making a Second Call Call Transfer Three Way Conference Internal Calls Do not Disturb Note To take full advantage of the supplementary phone services available through the Device s phone ports you may need to subscribe to the services from your VoIP service provider The Flash Key Flashing means to press the hook for a short period of time a few hundred milliseconds before releasing it On newer telephones there should be a flash key button that generates the signal electronically If the flash key is not available you can tap press and immediately release the hook by hand to achieve the same effect However using the flash key is preferred since the timing is much more precise With manual tapping if the duration is too long it may be interpreted as hanging up by the Device You can invoke all the supplementary services by using the flash key Europe Type Supplementary Phone Services This section describes how to use supplementary phone services with the Europe Type Call Service Mode Commands for supplementary services are listed in the table below After pressing the flash key if you do not issue the
228. le telecommunications Switched Data HSCSD etc standards that use CDMA a multiple 2 75G Packet Enhanced Data rates for GSM access scheme for aiditalradlo switched Evolution EDGE Enhanced GPRS CDMA2000 1xRTT 1 times Radio EGPRS etc Transmission Technology is the core CDMA2000 wireless air interface standard It is also known as 1x 1xRTT or IS 2000 and considered to be a 2 5G or 2 75G technology 3G Packet UMTS Universal Mobile CDMA2000 EV DO Evolution Data switched Telecommunications System a third Optimized originally 1x Evolution Data generation 3G wireless standard Only also referred to as EV DO EVDO defined in I TU specification is or just EV is an evolution of CDMA2000 sometimes marketed as 3GSM The 1xRTT and enables high speed wireless UMTS uses GSM infrastructures and connectivity It is also denoted as IS W CDMA Wideband Code Division 856 or High Data Rate HDR Multiple Access as the air interface 3 5G Packet HSDPA High Speed Downlink Packet switched Access is a mobile telephony protocol used for UMTS based 3G networks and allows for higher data transfer speeds Fast coordinate global telecom networks and services A The International Telecommunication Union ITU is an international organization within which governments and the private eme FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 5 Broadband FMG3024 D10A FMG3025 D10A Series User s
229. le time out in the Max Idle Timeout field This value specifies the time in minutes that elapses before the Device automatically disconnects from the ISP Obtain an IP Address Automatically Select this option If your ISP did not assign you a fixed IP address Use the following static IP address Select this option If the ISP assigned a fixed IP address IP Address Enter your WAN IP address in this field if you selected Use the following static I P address Obtain DNS info dynamically Select this to have the Device get the DNS server addresses from the ISP automatically Use the following static DNS IP address Select this to have the Device use the DNS server addresses you configure manually Primary DNS server Enter the first DNS server address assigned by the ISP Secondary DNS server Enter the second DNS server address assigned by the ISP Apply Click Apply to save your changes back to the Device Cancel Click Cancel to return to the previous configuration 5 4 Technical Reference The following section contains additional technical information about the Device features described in this chapter Encapsulation Be sure to use the encapsulation method required by your ISP The Device can work in bridge mode or routing mode When the Device is in routing mode it supports the following methods IP over Ethernet IP over Ethernet IPoE is an alternative t
230. lect Manually In the IP Address field enter your IP address n the Subnet Mask field enter your subnet mask n the Router field enter the IP address of your Device 270 FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address Figure 163 Mac OS X 10 5 Network Preferences gt Ethernet Location f Automatic B Internal Modem Q e Not Connected t Status Not Connected The cable for Ethernet is connected but e PPPoE Gasp your computer does not have an IP address Not Connected Ethernet PEN 3 Not Connected S2 Configure Manually He e FireWire 29 IP Address 0 0 0 0 Not Connected Subnet Mask e AirPort gt Off y Router SSS DNS Server ANN Search Domains 802 1X WPA ZyXELO4 es 1 id Click the lock to prevent further changes Apply 6 Click Apply and close the window Verifying Settings Check your TCP IP properties by clicking Applications Utilities Network Utilities and then selecting the appropriate Network interface from the Info tab FMG3024 D10A FMG3025 D10A Series User s Guide 271 Appendix B Setting Up Your Computer s IP Address Figure 164 Mac OS X 10 5 Network Utility 00 Network Utility info Netstat AppleTalk Ping Lookup Traceroute Whois Finger Port Scan Please aterface for information Network Interface en1 be Interface Transfer Statistics Hardware Address 00 30 65 25
231. ler is still on hold there will be a remind ring European Call Waiting This allows you to place a call on hold while you answer another incoming call on the same telephone directory number If there is a second call to a telephone number you will hear a call waiting tone Take one of the following actions Reject the second call Press the flash key and then press 0 Disconnect the first call and answer the second call Either press the flash key and press 1 or just hang up the phone and then answer the phone after it rings Put the first call on hold and answer the second call Press the flash key and then 2 European Call Transfer Do the following to transfer a call that you have answered to another phone number Press the flash key to put the caller on hold When you hear the dial tone dial 98 followed by the number to which you want to transfer the call to operate the Intercom After you hear the ring signal or the second party answers it hang up the phone European Three Way Conference Use the following steps to make three way conference calls When you are on the phone talking to someone press the flash key to put the call on hold and get a dial tone Dial a phone number directly to make another call FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP 3 When the second call is answered press the flash key and press 3 to create a three way convers
232. ll be installed To see what s included in a component click Details Components M Address Book Communications C A3 Desktop Themes 0 0 MB M ii Games 10 1 MB Multilanguage Support 0 0 MB Space used by installed components 42 4 MB Space required 0 0 MB Space available on disk 866 3 MB Description Includes accessories to help you connect to other computers and online services 5 of 10 components selected Details Have Disk OK Cancel Apply 3 Inthe Communications window select the Universal Plug and Play check box in the Components selection box 108 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking Figure 37 Add Remove Programs Windows Setup Communication Components x To install a component select the check box next to the component name or clear the check box if you do not want to install it A shaded box means that only part of the component will be installed To see what s included in a component click Details Components a NetMeeting amp Phone Dialer Universal Plug and Play 0 4 MB Ga Virtual Private Networking OOMB w Space used by installed components 42 4 MB Space required 0 0 MB Space available on disk 855 3 MB Description Universal Plug and Play enables seamless connectivity and communication between Windows and intelligent appliances Deta
233. lso enable NAT traversal and the NAT routers have to forward packets with UDP port 500 and UDP 4500 headers unchanged Tunnel Name Enter the name of the VPN connection Mode Local Select the encapsulation mode When net net is selected the connection will operate in tunnel mode Local Address Type Select Single to have only one local LAN IP address use the VPN tunnel Select Subnet to specify local LAN IP addresses by their subnet mask Address Type IP Address If Single is selected enter a static IP address on the LAN behind your Device Start If Subnet is selected specify IP addresses on a network by their subnet mask by entering a static IP address on the LAN behind your Device Then enter the subnet mask to identify the network address End Subnet If Subnet is selected enter the subnet mask to identify the network address Mask Remote Remote Select Single to have only one remote LAN IP address use the VPN tunnel Select Subnet to specify remote LAN IP addresses by their subnet mask IP Address If Single is selected enter a static IP address on the LAN behind the remote Start IPSec s router If Subnet is selected specify IP addresses on a network by their subnet mask by entering a static IP address on the LAN behind the remote IPSec s router Then enter the subnet mask to identify the network address End Subnet If Subnet is selected enter the subnet mask to identify the network
234. ly recommended to setup a new password instead of using the default one for security concern New Password aT Verify New Password x 6 The Connection Status screen appears Figure 5 Connection Status ZyXEL MEUSE TOTEM Enoisn gt ERIT Refresh Interval None i LAN Device E Viewing mode S Internet FMG3024 D10A Connection Status 7 Click System Info to display the System Info screen where you can view the Device s interface and system information FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 2 Introducing the Web Configurator 2 2 The Web Configurator Layout Click Connection Status System Info to show the following screen Figure 6 Web Configurator Layout ZyXEL Fmc3024 010A System Info Device Information Host Name Model Name D10 MAC Address 8f Down N A Firmware Version Up 1000Mbps WAN Information 1 WAI Down N A Mode PoE Down NIA IP Address Down N A IP Subnet Mask Disabled N A WAN 2 Information Mode IP Address IP Subnet Mask WAN 3 Information ER WAN 3 System Up Time Moe Current Date Time A MIRI System Resource IP Subnet Mask CPU Usage WAN 4 Information Mode o Memory Usage IP Address IP Subnet Mask WAN 5 Information Mode IP Address IP Subnet Mask Type WAN 6 Information T Ww 6 Storage Mode g Printer LAN Information IP Address IP Subnet Mask DHCP Server Status
235. m another search on the network Il you aie sure the address is comect select the device type below No LPR Ip 192 168 1 2 Port Name IP_192 168 1 2 Adapter Type To complete this wizard click Finish Enable printer pooling Add a New Printer Using Windows ng the Add Standard rinter Port Wizard Deve Type ro E ted a port with the following characteristics Custom Settrgs j Add Port Delete Port Configure Port v Enable bidirectional support A xi Version Information Advanced HP LaserJet 8000 Canon iR5000 600 13 Repeat steps 1 to 12 to add this printer to other computers on your network This example shows how to connect a printer to your Device using the Windows XP Professional operating system Some menu items may look different on your operating system FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials 1 Click Start gt Control Panel gt Printers and Faxes to open the Printers and Faxes screen Click Add a Printer P Printers and Faxes Fie Edit View Favorites Tools Help Q 21 e po Address B Printers and Faxes i i i 2 2 8 Acrobat Adobe PDF Microsoft Microsoft XPS PRT402 on PDF Writer Office Doc Document zytwpt l gt Setup PRT4050n WebWorks zytwpt 1 Rasterizer 2 Troubleshoot printing 9 Get help with printing Other Places G Control Panel 3 Scanners and Cameras L My Docume
236. mal blocks separated by colons This is an example IPv6 address 2001 0db8 1a2b 0015 0000 0000 1a2 0000 IPv6 addresses can be abbreviated in two ways e Leading zeros in a block can be omitted So 2001 0db8 1a2b 0015 0000 0000 1a2f 0000 can be written as 2001 db8 1a2b 15 0 0 1a2 0 Any number of consecutive blocks of zeros can be replaced by a double colon A double colon can only appear once in an IPv6 address So 2001 0db8 0000 0000 1a2 0000 0000 0015 can be written as 2001 0db8 1a2 0000 0000 0015 2001 0db8 0000 0000 1a2 0015 2001 db8 1a2 0 0 15 Or 2001 db8 0 0 la2f 15 IPv6 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2 0 32 means that the first 32 bits 2001 db8 is the subnet prefix IPv6 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128 bit binary digits which are divided into eight 16 bit blocks and written in hexadecimal notation Hexadecimal uses four bits for each character 1 10 A F Each block s 16 bits are then represented by four hexadecimal characters For example FFFF FFFF FFFF FFFF FC00 0000 0000 0000 DHCPv6 The Dynamic Host Configuration Protocol for IPv6 DHCPv6
237. matter whether the SIP server is a proxy redirect or register server SIP Server Port Enter the SIP server s listening port number if your VoIP service provider gave you one Otherwise keep the default value REGISTER Server Address Enter the IP address or domain name of the SIP register server if your VoIP service provider gave you one Otherwise enter the same address you entered in the SIP Server Address field You can use up to 95 printable ASCII characters REGISTER Server Port Enter the SIP register server s listening port number if your VoIP service provider gave you one Otherwise enter the same port number you entered in the SIP Server Port field SIP Service Domain Enter the SIP service domain name In the full SIP URI this is the part after the symbol You can use up to 127 printable ASCII Extended set characters Bound Interface Name Bound Interface Name If you select AnyWAN the Device automatically activates the Vol P service when any WAN connection is up If you select MultiWAN you also need to select the pre configured WAN connections The VoIP service is activated only when one of the selected WAN connections is up RFC Support PRACK RFC 3262 RFC 3262 defines a mechanism to provide reliable transmission of SIP provisional response messages which convey information on the processing progress of the request This uses the option tag 100rel and the Provisional R
238. ms MAW Ease of Access qj Uninstall a program e Let Windows suggest settings Optimize visual display 3 Click Change adapter settings Figure 149 Windows 7 Network And Sharing Center GO S Control Panel Network and Internet Network and Sharing Center v e Control Panel Home gt S g View your basic network information and set up connections ireless See full map Manage wirele nawari a A ge e ec ee TW PC ZyXEL com Internet Change advanced sharing This computer pens View your active networks Connect or disconnect de ZyXEL com Access type Internet Work network Connections Local Area Connection 4 Double click Local Area Connection and then select Properties FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address Figure 150 Windows 7 Local Area Connection Status QU i gt Control Panel Network and Internet Network Connections gt Organize v Disable this network device Diagnose this connection Rename this Local Area Connection wh Wireless Net Unidentified network AU ZyXEL RT3062 a B com NetXtreme Gigabit Eth ifl 802 11n Wireless A 4 Local rea Connection Status General Connection IPv4 Connectivity No network access IPv6 Connectivity No network access Media State Enabled Duration 00 04 36 Speed 100 0 Mbps Activity Sent A Received HI Packets 432 0 fli Properties 8 Disable Dia
239. n 7 9 on page 108 for examples of installing and using UPnP FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking 7 1 2 3 About File Sharing Workgroup name This is the name given to a set of computers that are connected on a network and share resources such as a printer or files Windows automatically assigns the workgroup name when you set up a network Shares When settings are set to default each USB device connected to the Device is given a folder called a share If a USB hard drive connected to the Device has more than one partition then each partition will be allocated a share You can also configure a share to be a sub folder or file on the USB device File Systems A file system is a way of storing and organizing files on your hard drive and storage device Often different operating systems such as Windows or Linux have different file systems The file sharing feature on your Device supports File Allocation Table FAT and FAT32 Common Internet File System The Device uses Common Internet File System CIFS protocol for its file sharing functions CIFS compatible computers can access the USB file storage devices connected to the Device CIFS protocol is supported on Microsoft Windows Linux Samba and other operating systems refer to your systems specifications for CIFS compatibility 7 1 2 4 About Printer Server Print Server This is a computer or other device which manages one or mor
240. n O C Static IPv6 Address IPv6 DNS Server Obtain IPv6 DNS info Automatically C Use the following Static DNS IPv6 Address FMG3024 D10A FMG3025 D10A Series User s Guide T7 Chapter 5 Broadband 78 Figure 20 Broadband Add Edit Routing IPoE IPv6 Only C Static IPv6 Address IPv6 DNS Server 4 to 6 Tunnel M Enable DS Lite IPv6 Address Obtain IPv6 Address Prefix Automatically Enable Non temporary Addresses O Enable Prefix Delegation r C Obtain IPv6 DNS info Automatically Use the following Static DNS IPv6 Address Primary IPv6 DNS Server Secondary IPv6 DNS Server 4to6 Endpoint IPv6 Address m m m The following table describes the fields in this screen Table 7 Broadband Add Edit Routing I PoE LABEL DESCRIPTION General Name Enter a service name of the connection Mode Select Routing default from the drop down list box if your ISP give you one IP address only and you want multiple computers to share an Internet account WAN Service Type IPv6 IPv4 Mode This field is available only when you select Routing in the Mode field Select the method of encapsulation used by your ISP PPP over Ethernet PPPoE PPPoE Point to Point Protocol over Ethernet provides access control and billing functionality in a manner similar to dial up services using PPP Select this if you have a username and password for Internet access IP over Ether
241. n again and check your new firmware version in the Status screen If the upload was not successful an error screen will appear Click OK to go back to the Firmware Upgrade screen Figure 121 Error Message Software Upload Error e The uploaded file was not accepted by the router Please return to the previous page and select a valid upgrade file FMG3024 D10A FMG3025 D10A Series User s Guide Backup Restore 28 1 Overview The Backup Restore screen allows you to backup and restore device configurations You can also reset your device settings back to the factory default 28 2 The Backup Restore Screen Click Maintenance gt Backup Restore Information related to factory defaults backup configuration and restoring configuration appears in this screen as shown next Figure 122 Maintenance gt Backup Restore Backup Configuration Click Backup to save the current configuration of your system to your computer Backup Restore Configuration To restore a previously saved configuration file to your system browse to the location of the configuration file and click Upload FilePath Browse Upload Back to Factory Defaults Click Reset to clear all user entered configuration information and return to factory defaults After resetting the LAN IP address will be 192 168 1 1 DHCP will be resetto server Reset Backup Configuration Backup Configuration allows you to back up save the Dev
242. n and click Next Add Printer Wizard Use Existing Driver driver is already installed for this printer You can use or replace the existing driver HP DeskJet 1220C Do you want to keep the existing driver or use the new one O Replace existing driver 17 Type a name to identify the printer and then click Next to continue FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials Add Printer Wizard Name Your Printer You must assign a name to this printer Type a name for this printer Because some programs do not support printer and server name combinations of more than 31 characters it is best to keep the name as short as possible Printer name HP DeskJet 12200 Do you want to use this printer as the default printer Q Yes O No 18 The Device is a print server itself and you do not need to have your computer act as a print server by sharing the printer with other users in the same network just select Do not share this printer and click Next to proceed to the following screen Add Printer Wizard Printer Sharing You can share this printer with other network users If you want to share this printer you must provide a share name You can use the suggested name or type a new one The share name will be visible to other network O Share name 19 Select Yes and then click the Next button if you want to print a test page A pop up screen displays to ask if the test page pr
243. n the Configuration list select Automatic Configuration DHCP if you have a dynamic IP address In the Configuration list select Static IP address if you have a static IP address Fill in the IP address Subnet mask and Gateway address fields Click OK to save the changes and close the Properties dialog box and return to the Network Settings screen If you know your DNS server IP address es click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address Location lt Connections General DNS Hosts DNS Servers Search Domains Help 8 Click the Close button to apply the changes Verifying Settings Check your TCP IP properties by clicking System gt Administration gt Network Tools and then selecting the appropriate Network device from the Devices tab The Interface Statistics column shows data if your connection is working properly FMG3024 D10A FMG3025 D10A Series User s Guide 275 Appendix B Setting Up Your Computer s IP Address Figure 171 Ubuntu 8 Network Tools m Devices Network tools Tem Fon x Tool Edit Help Devices Ping Netstat Traceroute Port Scan Lookup Finger Whois Network device W Configure IP Information Protocol IP Address Netmask
244. n the heading row to automatically select all check boxes or select the check box es in each entry to have the Device always assign the selected entry ies s IP address es to the corresponding MAC address es and host name s You can select up to 128 entries in this table Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings Refresh Click Refresh to reload the DHCP table If you click Add new static lease in the Static DHCP screen the following screen displays Figure 27 Static DHCP Add MAC Address IP Address a The following table describes the labels in this screen Table 14 Static DHCP Add LABEL DESCRIPTION MAC Address Enter the MAC address of a computer on your LAN IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address that you will also specify Apply Click Apply to save your changes Back Click Back to exit this screen without saving 98 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking 7 4 The UPnP Screen Universal Plug and Play UPnP is a distributed open networking standard that uses TCP IP for simple peer to peer network connectivity between devices A UPnP device can dynamically join a network obtain an IP address convey its capabilities and learn about other devices on the network In turn a device can leave a net
245. nation Port 1024 The following table describes the labels in this screen Table 26 Network Setting gt QoS gt Class Setup LABEL DESCRIPTION Add new Classifier Click this to create a new classifier Order This field displays the order number of the classifier Status This indicates whether the classifier is active or not A yellow bulb signifies that this classifier is active A gray bulb signifies that this classifier is not active Class Name This is the name of the classifier Classification This shows criteria specified in this classifier for example the interface from Criteria which traffic of this class should come and the source MAC address of traffic that matches this classifier Forward to This is the interface through which traffic that matches this classifier is forwarded out DSCP Mark This is the DSCP number added to traffic of this classifier 802 1p Mark This is the IEEE 802 1p priority level assigned to traffic of this classifier To Queue This is the name of the queue in which traffic of this classifier is put Modify Click the Edit icon to edit the classifier Click the Delete icon to delete an existing classifier Note that subsequent rules move up by one when you take this action 9 4 1 Add Edit QoS Class Click Add new Classifier in the Class Setup screen or the Edit icon next to an existing classifier to configure it FMG302
246. nected to it Use the System Info screen to look at the current status of the device system resources interfaces LAN WAN and SIP accounts You can also register and unregister SIP accounts If you click Virtual Device on the System Info screen a visual graphic appears showing the connection status of the Device s ports See Section 2 2 2 on page 21 for more information 4 2 The Connection Status Screen Use this screen to view the network connection status of the device and its clients A warning message appears if there is a connection problem If you prefer to view the status in a list click List View in the Viewing mode selection box You can configure how often you want the Device to update this screen in Refresh Interval Figure 8 Connection Status Icon View ZyXEL mc3024 p10a eee Enclish gt E LAN Device B Viewing mode ra Refresh Interval None i S Internet FMG3024 D10A Connection Status FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 4 Connection Status and System Info Figure 9 Connection Status List View ZyXEL 6 201 NEN NES LAN Device a E Viewing mode Refresh In None z Device Name IP Address MAC Address Address Source Connection Type In Icon View if you want to view information about a client click the client s name and Info Click the IP address if you want to change it If you want to change the name or icon of the client click Change name icon
247. need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically IP address 192 168 1 7 Subnet mask 255 255 255 0 Default gateway Use the following DNS server addresses Preferred DNS server Alternate DNS server Validate settings upon exit ar OK Cancel 7 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically Select Use the following I P Address and fill in the IP address Subnet mask and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click Advanced if you want to configure advanced settings for IP DNS and WINS 8 Click OK to close the Internet Protocol TCP I P Properties window 9 Click OK to close the Local Area Connection Properties window Verifying Settings 1 Click Start gt All Programs gt Accessories gt Command Prompt 2 Inthe Command Prompt window type ipconfig and then press ENTER 3 The IP settings are displayed as follows FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address Figure 153 Windows 7 Internet Protocol Version 4 TCP IPv4 Properties a 1ni x Mac OS X 10 3 and 10 4 The screens in this section are fr
248. net In this type of Internet connection IP packets are routed between the Ethernet interface and the WAN interface and then formatted so that they can be understood in a bridged environment Select IPv4 Only if you want the Device to run IPv4 only Select IPv6 I Pv4 DualStack to allow the Device to run IPv4 and IPv6 at the same time Select I Pv6 Only if you want the Device to run IPv6 only VLAN Enable VLAN Select this to add the VLAN tag specified below to the outgoing traffic through this connection Enter 802 1P Priority IEEE 802 1p defines up to 8 separate traffic types by inserting a tag into a MAC layer frame that contains bits to define class of service Type the IEEE 802 1p priority level from O to 7 to add to traffic through this connection The greater the number the higher the priority level Enter 802 1Q VLAN ID Type the VLAN ID number from 1 to 4094 for traffic through this connection IP Address This section is available only when you select Routing in the Mode field and I PoE in the WAN Service Type field FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 5 Broadband Table7 Broadband Add Edit Routing IPoE continued LABEL DESCRIPTION Obtain an IP A static IP address is a fixed IP that your ISP gives you A dynamic IP address Address is not fixed the ISP assigns you a different one each time you connect to the Automatically Internet S
249. ngeMe from the Service Provider Selection drop down list box 4 Select the Enable check box of SIP Service Provider and enter ServiceProvider1 as the SIP Service Provider Name Enter the SIP Server Address REGI STER Server Address and SIP Service Domain provided by your ISP accordingly Click Apply SIP Service Provider Selection Service Provider Selection ChangeMe Delete General SIP Service Provider IV Enable SIP Service Provider SIP Service Provider Name IServiceProvider1 SIP Local Port E050 1025 65535 SIP Server Address sipexamplecom SIP Server Port E050 1025 85535 REGISTER Server Address registersip example coi REGISTER Server Port E050 1025 85535 SIP Service Domain sipexamplecom more 5 Goto the SIP Account screen click the Edit icon of SIP 1 Add new SIP account ACTIVE gt vice Provider ACCOUM NO DGIT ServiceProvider1 ChangeMe C ServiceProvider1 ChangeMe 6 Select the Active SIP Account check box then enter the SIP Account Number Username and Password Leave other settings as default 7 Click Apply to save your settings 28 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials SIP Service Provider Selection Service Provider Selection ServiceProvider1 SIP Account Selection SIP Account Selection SIP 1 General SIP Account IV Active SIP Account SIP Account Number 12345678 Authenticaton Username
250. notation just like IP addresses The following examples show the binary and decimal notation for 8 bit 16 bit 24 bit and 29 bit subnet masks Table 86 Subnet Masks BINARY DECIMAL 1ST OCTET 2ND OCTET 3RD OCTET 4TH OCTET 8 bit mask 11111111 00000000 00000000 00000000 255 0 0 0 16 bit mask 11111111 11111111 00000000 00000000 255 255 0 0 24 bit mask 11111111 11111111 11111111 00000000 255 255 255 0 29 bit mask 11111111 11111111 11111111 11111000 255 255 255 248 Network Size Notation The size of the network number determines the maximum number of possible hosts you can have on your network The larger the number of network number bits the smaller the number of remaining host ID bits An IP address with host IDs of all zeros is the IP address of the network 192 168 1 0 with a 24 bit subnet mask for example An IP address with host IDs of all ones is the broadcast address for that network 192 168 1 255 with a 24 bit subnet mask for example As these two IP addresses cannot be used for individual hosts calculate the maximum number of possible hosts in a network as follows Table 87 Maximum Host Numbers SUBNET MASK HOST ID SIZE MTM lien ata 8 bits 255 0 0 0 24 bits 224 2 16777214 16 bits 255 255 0 0 16 bits 216 2 65534 24 bits 255 255 255 0 8 bits 28 2 254 29 bits 255 255 255 248 3 bits 23 2 6 Since the mask is always a continuous numbe
251. nts B My Pictures 3 My Computer 2 The Add Printer Wizard screen displays Click Next Add Printer Wizard Welcome to the Add Printer Q Wizard This wizard helps you install a printer or make printer connections through a USB port or any other hot pluggable port such as IEEE 1394 infrared and so on you do not need to use this wizard Click Cancel to close the wizard and then plug the printer s cable into your computer or point the printer toward your computer s infrared port and turn the printer on Windows will automatically install the printer for you i If you have a Plug and Play printer that connects To continue click Next Cancel 3 Select Local printer attached to this computer and click Next FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials Add Printer Wizard Local or Network Printer The wizard needs to know which type of printer to set up Select the option that describes the printer you want to use Automatically detect and install my Plug and Play printer OA network printer or a printer attached to another computer To set up a network printer that is not attached to a print server LD use the Local printer option 4 Select Create a new port and Standard TCP IP Port Click Next Add Printer Wizard Select a Printer Port Computers communicate with printers through ports Select the port you want your printer to use If the port is n
252. nts to retrieve all elements of a table from an agent it initiates a Get operation followed by a series of GetNext operations Set Allows the manager to set values for object variables within an agent Trap Used by the agent to inform the manager of some events Click Maintenance SNMP to open the following screen Use this screen to configure the Device SNMP settings Figure 114 Maintenance gt SNMP Get Community public Set Community private Trap Community pubic Trap Destination fi92 168 1 33 D cancer The following table describes the fields in this screen Table 77 Maintenance gt SNMP LABEL DESCRIPTION Get Community Enter the Get Community which is the password for the incoming Get and GetNext requests from the management station The default is public and allows all requests Set Community Enter the Set community which is the password for incoming Set requests from the management station The default is public and allows all requests Trap Community Type the trap community which is the password sent with each trap to the SNMP manager The default is public and allows all requests Trap Destination Type the IP address of the station to send your SNMP traps to Apply Click Apply to save your changes back to the Device Cancel Click Cancel to restore your previously saved settings 220 FMG3024 D10A FMG3025 D10A Series User s G
253. o Network Setting gt QoS gt Queue Setup Click Add new Queue to create a new queue In the screen that opens check Active and enter or select the following values then click Apply Name Email Priority 7 High Weight 15 Rate Limit 5 000 kbps M Active Name Email Interface wan E Priority 7 High z Weight 15 Rate Limit ooo kbps jo tea Go to Network Setting gt QoS gt Class Setup Click Add new Classifier to create a new class Check Active and follow the settings as shown in the screen below Then click Apply FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials Class Configuration Active Class Name Classification Order Forward To Interface unchange vl DSCP Mark Unchange xl 63 802 1P Mark To Queue Emi x Criteria Configuration Use the configurations below to specify the characteristics of a data flow need to be managed by this QoS rule Basic Iv From Interface Lan Iv Ether Type IP 0x0800 Source Iv MAC Address AFF AAFF AA FF MAC Mask r Exclude Iv IP Address 192 168 1 23 IP Subnet Mask 255 255 255 0 E Exclude Port Range 1 65535 m Exclude Destination MAC Address MAC Mask E Exclude I IP Address IP Subnet Mask E Exclude Port Range 1 65535 E Exclude Others 802 4P 0 BE Jai Exclude Iv IP Protocol User defined 5 r Exclude
254. o PPPoE IP packets are being delivered across an Ethernet network without using PPP encapsulation They are routed between the Ethernet interface and the WAN interface and then formatted so that they can be understood in a bridged environment For instance it encapsulates routed Ethernet frames into bridged Ethernet cells PPP over Ethernet PPPoE Point to Point Protocol over Ethernet PPPoE provides access control and billing functionality in a manner similar to dial up services using PPP PPPoE is an IETF standard RFC 2516 specifying how a personal computer PC interacts with a broadband modem DSL cable wireless etc connection FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 5 Broadband For the service provider PPPoE offers an access and authentication method that works with existing access control systems for example RADIUS One of the benefits of PPPoE is the ability to let you access one of multiple network services a function known as dynamic service selection This enables the service provider to easily create and offer new IP services for individuals Operationally PPPoE saves significant effort for both you and the ISP or carrier as it requires no specific configuration of the broadband modem at the customer site By implementing PPPoE directly on the Device rather than individual computers the computers on the LAN do not need PPPoE software installed since the Device does that part of the tas
255. o ach durs cna dae Pac d taa 25 5 9 melting Up NAT Fon Forwarding a isos edict nc dtes Sabi eb eb du Mid a e NOE iba bu dur MT dd don bed odios eod 26 2E Pow do Nake VEO A uso etc rep Od rb e E bra o d oa d aera brad andi ia vd tre rrr cra 27 3 4 1 VoIP Calls With a Registered SIP ACCOUNT 1 aues eseeueen sene rar keanan 27 scr Using Me File Sharning FEANN C sau 30 Bo mer tp Pls SAND an a a 30 3 5 2 Access Your Shared Files From a Computer cscciscsccceascceranesedecssanessccensansusssnerasadeessneoaieleonnnanesa 32 S0 LUSTING he Media Sener PUNE e ects etce cere tak Madey a EA A 32 S CODO Ios ON cise con cin se cotra tab uas beaten Onin Ead Fu dab Ea a uk sania Ade RR az aoc dO UMW eda FOU scies itdstbitundtatevev atate ae vin aedi bucas deca pian es nuca Ri pma uU ul dd FMG3024 D10A FMG3025 D10A Series User s Guide 5 Table of Contents 26 0 Using a Digital koda Adaplef T n 36 SE ESCA ARIE PPO tu ME O SCENDE af 3 8 Configuring Static Route for Routing to Another Network ssssssseseseeeeeeeeennennnnns 51 SB GOoniguamng Gus Queus and Class SEI Guustencnduxbeatbd died enn Mb apr ade aaa pa gd edd 53 310 Access the Device Using DONS Em 56 3 10 1 Registering a DDNS Account on Www dyndns Org accuses cce eone erre ntatnece enne nc ts irki E enea 56 2402 Cahir DDNS en Your DIS iuuscenadatibonian iannis a a Ra 57 2 15 9 Tesino ihe DONS SONA arrincan iea du P A 57 Part ik Technical Referernce
256. ocol The default wide area network protocol that provides communication 7 Thelnternet Protocol Version 4 TCP IPv4 Properties window opens FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address 9 Figure 146 Windows Vista Internet Protocol Version 4 TCP IPv4 Properties Internet Protocol Version 4 TCP IPv4 Properties E3 EJ General alternate Configuration You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator For the appropriate IP settings 5 Use the following IP address Obtain DNS server address automatically Use the following DNS server addresses Advanced OK Cancel Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically Select Use the following I P Address and fill in the IP address Subnet mask and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click Advanced Click OK to close the Internet Protocol TCP I P Properties window 10 Click OK to close the Local Area Connection Properties window Verifying Settings 1 2 Click Start gt All Programs gt Accessories gt Command Prom
257. ode ESP with authentication is compatible with NAT because integrity checks are performed over the combination of the original header plus original payload which is unchanged by a NAT device Transport mode ESP with authentication is not compatible with NAT Table 53 VPN and NAT SECURITY PROTOCOL MODE NAT AH Transport N AH Tunnel N ESP Transport N ESP Tunnel Y 17 3 6 VPN NAT and NAT Traversal NAT is incompatible with the AH protocol in both transport and tunnel mode An IPSec VPN using the AH protocol digitally signs the outbound packet both data payload and headers with a hash value appended to the packet but a NAT device between the IPSec endpoints rewrites the source or destination address As a result the VPN device at the receiving end finds a mismatch between the hash value and the data and assumes that the data has been maliciously altered NAT is not normally compatible with ESP in transport mode either but the Device s NAT Traversal feature provides a way to handle this NAT traversal allows you to set up an IKE SA when there are NAT routers between the two IPSec routers FMG3024 D10A FMG3025 D10A Series Users Guide 177 Chapter 17 VPN Figure 91 NAT Router Between IPSec Routers Normally you cannot set up an IKE SA with a NAT router between the two IPSec routers because the NAT router changes the header of the IPSec packet NAT traversal solves the problem by adding a UDP por
258. oduction 86 number of possible VI Ds priority frame static VLAN ID 86 VLAN Identifier See VID VLAN tag 86 voice activity detection 182 voice coding 199 VoIP 194 features 15 peer to peer calls 193 tutorial 27 VolP features 15 VolP status 212 W WAN Wide Area Network see WAN 67 warranty 307 note 307 Web Configurator 19 web configurator passwords 19 FMG3024 D10A FMG3025 D10A Series User s Guide Index FMG3024 D10A FMG3025 D10A Series User s Guide Index FMG3024 D10A FMG3025 D10A Series User s Guide 315 Index FMG3024 D10A FMG3025 D10A Series User s Guide
259. om Mac OS X 10 4 but can also apply to 10 3 1 Click Apple System Preferences Figure 154 Mac OS X 10 4 Apple Menu Finder File Edit Vie About This Mac Software Update Mac OS X Software Dock Location Recent Items Force Quit Sleep Restart Shut Down 2 In the System Preferences window click the Network icon FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address Figure 155 Mac OS X 10 4 System Preferences eo System Preferences gt aj Personal Appearance Dashboard amp Desktop amp Dock International Security Spotlight Expos Screen Saver Hardware a x gt mw UU m A Q b v i EZ Bluetooth CDs amp DVDs Displays Energy Keyboard amp Print amp Fax Sound Saver Mouse Internet amp Ne e Q Mac QuickTime Sharing System Hh u B oe Accounts Date amp Time Software Speech Startup Disk Universal Update Access 3 When the Network preferences pane opens select Built in Ethernet from the network connection type list and then click Configure Figure 156 Mac OS X 10 4 Network Preferences eoo Network J Ca gt show ait a Location Automatic m Show Network Status Hu Built in Ethernet is currently active and has the IP address O Built in Ethernet 10 0 1 2 You are connected to the Internet via Built in Ethernet Internet Sharing is on and is using AirPort to share the O AirPort connect
260. om your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default See Appendix C on page 283 if you need to make sure these functions are allowed in Internet Explorer 2 1 1 Accessing the Web Configurator Make sure your Device hardware is properly connected refer to the Quick Start Guide Launch your web browser Type 192 168 1 1 as the URL A password screen displays Type admin as the default Username and 1234 as the default password to access the device s Web Configurator Click Login If you have changed the password enter your password and click Login Figure 3 Password Screen Welcome Welcome to FMG3024 D10A configuration interface Please enter username and password to login Username al Password MT FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 2 Introducing the Web Configurator Note For security reasons the Device automatically logs you out if you do not use the web configurator for five minutes default If this happens log in again 5 The following screen displays if you have not yet changed your password It is strongly recommended you change the default password Enter a new password retype it to confirm and click Apply alternatively click Skip to proceed to the main menu if you do not want to change the password now Figure4 Change Password Screen Change Password itis high
261. onde a cs 137 IDE EET D PE TREE RR 138 TUAL OS How NAT WOS oapsicisecioeteesede uito ixado ot taeda rese O edt ro Feed o bertus GEN 138 Chapter 11 gu 9 141 TI TOMEI aonda d qoe Dra Coa Dulce onda iicet Rb RE ERE R ra sc Fav addam ER aS ER 141 11 1 1 What You Need To KNOW 41 inier op ePi SE s nea di ede ae e PY TEDE Quo DIN ES Eo b ac leto dU sen EY OP dH D cub ONENEN 141 TES ThE ig reais DNS CEON docct d Od seb Pe n a PLUS Decent p boe ups rabia 141 Chapter 12 menace CE o 143 T LOMPTSN ue chu EMI M M E D DIM E 143 PES TS ae Nelle Ben 143 12 2 1 Interface Group COQUE AMOR sasoinean Eom adr sn pa eu ad RD aaa R aa cR caa 144 Chapter 13 POWA ccrand as tM EAR RE ARR FARA ARA MF AR AEARM A ET RM RR 145 RECESSU E TIE NEU EE 145 1583 1 Vilar Your Can Do in Wis Gebiet a nprs a AR pub etnia RN e e d eb 145 Q1o 12 Whal vali Dogs t KNOW normiran Hd OEgE bp Ud eoe c ORE PIECE diae Deae diea tope c st oboe d ranag i 145 12 The General ete MT ome 146 13 3 The Services SO BOD asinino acorns c dt edo Eee ence Kan SS baa p rr bla dp a Oe sc cS a Da ada de Re a 147 18 3 1 The Add New Serica Entry Screen 1auosteceiesseeputidar tent indie Quia dr eco so qa snb eiia ER i 148 134 Te Gee ee Contro SCEE 252 oer Obra paries tios eee E ayaa re usury dard nba clas ds 148 13 4 1 The Add New ACL Rule Edit Screen
262. onger the key the more secure the encryption but also the longer it takes to encrypt and decrypt information Both routers must use the same DH key group SA Life Time Define the length of time before an IPSec SA automatically renegotiates in this field A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys However every time the VPN tunnel renegotiates all users accessing remote resources are temporarily disconnected Phase 2 Encryption Select which key size and encryption algorithm to use in the IKE SA Choices Algorithm are DES a 56 bit key with the DES encryption algorithm 3DES a 168 bit key with the DES encryption algorithm AES128 a 128 bit key with the AES encryption algorithm AES256 a 256 bit key with the AES encryption algorithm The Device and the remote IPSec router must use the same key size and encryption algorithm Longer keys require more processing power resulting in increased latency and decreased throughput Authentication Select which hash algorithm to use to authenticate packet data Choices are Algorithm MD5 SHA1 SHA is generally considered stronger than MD5 but it is also slower SA Life Time Define the length of time before an IPSec SA automatically renegotiates in this field A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys However every time
263. open the following screen Use this screen to create a new interface group Note An interface can belong to only one group at a time Figure 67 Interface Group Configuration Group Name WAN Interfaces used in the grouping ETH type 22C 33C 44 66 brti as m LAN1 Br LAN3 m LAN4 The following table describes the fields in this screen Table 36 Interface Group Configuration LABEL DESCRIPTION Group Name Enter a name to identify this group You can enter up to 30 characters You can use letters numbers hyphens and underscores Spaces are not allowed WAN Interface Select the WAN interface this group uses used in the grouping Grouped LAN Select one or more LAN interfaces in the Available LAN Interfaces list and use the left Interfaces arrow to move them to the Grouped LAN Interfaces list to add the interfaces to this group Available LAN Interfaces To remove a LAN interface from the Grouped LAN I nterfaces use the right facing arrow Remove Click the Remove icon to delete this rule from the Device Apply Click Apply to save your changes back to the Device Cancel Click Cancel to exit this screen without saving FMG3024 D10A FMG3025 D10A Series User s Guide Firewall 13 1 Overview Use the Device firewall screens to enable and configure the firewall that protects your Device and network from attacks by hackers on the Internet and control acces
264. option if you use Daylight Saving Time Start Date Configure the day and time when Daylight Saving Time starts if you selected Daylight Savings The o clock field uses the 24 hour format Here are a couple of examples Daylight Saving Time starts in most parts of the United States on the second Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States you would select Second Sunday March and type 2 in the o clock field Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would select Last Sunday March The time you type in the o clock field depends on your time zone In Germany for instance you would type 2 because Germany s time zone is one hour ahead of GMT or UTC GMT 1 End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Savings The o clock field uses the 24 hour format Here are a couple of examples Daylight Saving Time ends in the United States on the first Sunday of November Each time zone in the United States stops using Daylight Saving Time at 2 A M local time So in the United States you would select First Sunday November and type 2 in the o clock field Daylight Saving Time ends in the European Union on the last Sunday of Octo
265. or players on the Internet like A in the figure below to communicate with the Doom server you need to configure the port settings and IP address on the Device Traffic should be forwarded to the port 666 of the Doom server computer which has an IP address of 192 168 1 34 D 192 168 1 34 LAN WAN it port 666 You may set up the port settings by configuring the port settings for the Doom server computer see Chapter 10 on page 134 for more information Click Network Setting gt NAT gt Port Forwarding Click Add new rule Enter the following values Service Name Select User Defined WAN Interface Select the WAN interface through which the Doom service is forwarded This is the default interface for this example which is EtherWAN1 Start End Ports 666 Translation Start End 666 Ports Server IP Address Enter the IP address of the Doom server This is 192 168 1 34 for this example Protocol Select TCP UDP This should be the protocol supported by the Doom server FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials Service Name User Defined v _ _ WAN Interface Etherwant gt Start Port p End Port po Translation Start Port 666 Translation End Port 666 Server IP Address 192 168 1 34 Protocol TCP UDP B Note To translate the port to internal server enter the translated port number of zi Apply Back 3 Click Apply 4 The po
266. ot listed you can create a new port O Use the following port Create a new port Type of port Standard TCP IP Port v 5 Add Standard TCP IP Printer Port Wizard window opens up Click Next to start configuring the printer port Add Standard TCP IP Printer Port Wizard Welcome to the Add Standard TCP IP Printer Port Wizard You use this wizard to add a port for a network printer Before continuing be sure that 1 The device is tumed on 2 The network is connected and configured To continue click Next FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials 6 Enter the IP address of the Device to which the printer is connected in the Printer Name or IP Address field In our example we use the default IP address of the Device 192 168 1 1 The Port Name field updates automatically to reflect the IP address of the port Click Next Note The computer from which you are configuring the TCP IP printer port must be on the same LAN in order to use the printer sharing function Add Standard TCP IP Printer Port Wizard Add Port For which device do you want to add a port Enter the Printer Name or IP address and a port name for the desired device Printer Name or IP Address 192 168 1 1 Port Name IP_192 168 1 1 7 Select Custom under Device Type and click Settings Add Standard TCP IP Printer Port Wizard Additional Port Information Required RS The device could not be identified N
267. ot use the Device for illegal purposes Illegal downloading or sharing of files can result in severe civil and criminal penalties You are subject to the restrictions of copyright laws and any other applicable laws and will bear the consequences of any infringements thereof ZyXEL bears NO responsibility or liability for your use of the download service feature Use for products that have a download service Make sure all data and programs on the Device are also stored elsewhere ZyXEL is not responsible for any loss of or damage to any data programs or storage media resulting from the use misuse or disuse of this or any other ZyXEL product Use for storage backup devices Trademarks This item incorporates copy protection technology that is protected by U S patents and other intellectual property rights of Rovi Corporation Reverse engineering and disassembly are prohibited Use for STBs that need Rovi certification Certifications Class B Federal Communications Commission FCC Interference Statement The device complies with Part 15 of FCC rules Operation is subject to the following two conditions FMG3024 D10A FMG3025 D10A Series User s Guide Appendix F Legal Information This device may not cause harmful interference This device must accept any interference received including interference that may cause undesired operations This device has been tested and found to comply with the limits for a Class B digital
268. ou belong to a small organization and your Internet access is through an ISP the ISP can provide you with the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Note Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking Device Print Server Compatible USB Printers The following is a list of USB printer models compatible with the Device print server Table 20 Compatible USB Printers BRAND MODEL Brother MFC7420 CANON BJ F9000 CANON i320 CANON PIXMA MP450 CANON PIXMA MP730 CANON PIXMA MP780 CANON PIXMA MP830 CANON PIXUS ip2500 CANON PIXMA ip4200 CANON PIXMA ip5000 CANON PIXUS 990i EPSON CX3500 EPSON CX3900 EPSON EPL 5800 EPSON EPL 6200L EPSON LP 2500 EPSON LP 8900 EPSON RX 510 EPSON RX 530 EPSON Stylus 830U EPSON Stylus 1270 EPSON Stylus C43UX EPSON Stylus C60 EPSON Stylus Color 670 HP Deskjet 5550 HP Deskjet 5652 HP Deskjet 830C HP Deskjet 845C HP Deskjet 1125C HP Deskjet 1180C
269. pe in the location of the file you want to upload in this field or click Browse to Path find it Browse Click Browse to find the certificate file you want to upload Apply Click Apply to save the certificate on the Device Back Click Back to return to the previous screen 16 5 View Certificate Use this screen to view in depth information about the certification authority s certificate change the certificate s name and set whether or not you want the Device to check a certification authority s list of revoked certificates before trusting a certificate issued by the certification authority Click Security gt Certificates gt Trusted CA to open the Trusted CA screen Click the View icon to open the View Certificate screen Figure 83 Trusted CA View Certificate Name certnew cer BEGIN CERTIFICATE llEaTCCA1GgAwIBAglQGKaoaDflmLtD GHitntb31jANBakqhkiG9wOBAQUFADA RMwEQYKCZImiZPyLGOBGRYDY29tMRUwEwYKCZImiZPyLGQBGRYFVWnIYRUwxEDAO gNVBAMTB1p5WEVMQOEwHhcNMDcwMjA1MDMwMTIOWhcNMTCWMjA1MDMwOTQSWjA MRMWEQYKCZImiZPyLGQBGRYDY29tMRUWEwYKCZImiZPyLGQBGRYFWnlYRUwxEDAO gNVBAMTB1p5WEVMQOEwggEiIMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAOIBAQDS gNOfPI E DaV XWGN4prKCY3eHpT8z5X18rl CBOxQF GH8OT7kptXQlcvkrJP gss iQu1qBMf2 NsrTuzoyJ70iiQQ60RKIBGVFXSE6sRruL8BUuUKAHDTX3xtWyhySxxb2U SiTGp8B8sbXNOZKWYIREIJTBEXois iKTflSpnZRTVxT7 OQMAQIUeqP 11Yayv4yx aBPZSdGrz9VOKOVAryR11fjSKANfzZdOLn3BuHtqsO3pSH3029zogmcR9UfBU3q aDeWS8T2P 1sjYiyP 1jm 4r32Q
270. pon completion of the Diffie Hellman exchange the two peers have a shared secret but the IKE SA is not authenticated For authentication use pre shared keys FMG3024 D10A FMG3025 D10A Series User s Guide 179 Chapter 17 VPN FMG3024 D10A FMG3025 D10A Series User s Guide VoIP 18 1 Overview Use this chapter to Connect an analog phone to the Device Make phone calls over the Internet as well as the regular phone network Configure settings such as speed dial Configure network settings to optimize the voice quality of your phone calls 18 1 1 What You Can Do in this Chapter These screens allow you to configure your Device to make phone calls over the Internet and your regular phone line and to set up the phones you connect to the Device Use the SIP Service Provider screen to configure the SIP server information QoS for Vol P calls the numbers for certain phone functions Section 18 3 on page 188 Use the SIP Account screen to set up information about your SIP account control which SIP accounts the phones connected to the Device use and configure audio settings such as volume levels for the phones connected to the ZyXEL Device Section 18 3 on page 188 Use the Phone Device screen to control which SIP accounts the phones connected to the Device use Section 18 5 on page 192 Use the Call Rule screen to set up shortcuts for dialing frequently used VoIP phone numbers Section 18 6 on pa
271. pt In the Command Prompt window type ipconfig and then press ENTER You can also go to Start Control Panel Network Connections right click a network connection click Status and then click the Support tab to view your IP address and connection information FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address Windows 7 This section shows screens from Windows 7 Enterprise 1 Click Start gt Control Panel Figure 147 Windows 7 Start Menu WW Snipping Tool Computer Calculator Control Panel XPS Viewer hn Devices and Printers m Wi vs E indows Fax and Scan TUS Magnifier Help and Support b All Programs 2 In the Control Panel click View network status and tasks under the Network and Internet category Figure 148 Windows 7 Control Panel GA gt Control Panel v Adjust your computer s settings View by Category Y e System and Security 8 User Accounts and Family Safety LE vy Vj Add or remove user accounts Back up your computer Set up parental controls for any user Find and fix problems rus Appearance and Personalization x ay Change the theme Change desktop background up and sharing options Adjust screen resolution Hardware and Sound 3 Clock Language and Region kel View devices and printers ik Change keyboards or other input methods Add a device Change display language F Progra
272. qVHq9a37ErqCUjL1kSCatnx4Aq63Xg4 C1skCkN O9p UYsCBgKDgjvJBkPIAgMBAAGjggFhMIIBXTATBgkrBgEEAYI3FAIEBh4EAEMA ITALBgNVHQ8EBAMCAUYwDwYDVRO TAQH BAUwAWEB zAdBgNVHO4EF gQUZvbvYHJ IMCBN3Dw3QxUXkatg2QwgfY GA1UdHwSB7jCB6zCB6KCB5aCB40aBrWxkYXABGLy8v m FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 16 Certificates The following table describes the labels in this screen Table 49 Trusted CA View LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate If you want to change the name type up to 31 characters to identify this key certificate You may use any character not including spaces Certificate Detail This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses 64 ASCII characters to convert the binary certificate into a printable form You can copy and paste the certificate into an e mail to send to friends or colleagues or you can copy and paste the certificate into a text editor and save the file on a management computer for later distribution via floppy disk for example Back Click this to return to the previous screen FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 16 Certificates FMG3024 D10A FMG3025 D10A Series User s Guide VPN 17 1 Overview A virtual private network VPN provides secure communications over the the Internet Internet Protocol
273. r IP Packet This field is available only when you select IP in the Ether Type field Length Select this option and enter the minimum and maximum packet length from 46 to 1504 in the fields provided DSCP This field is available only when you select IP in the Ether Type field Select this option and specify a DSCP DiffServ Code Point number between 0 and 63 in the field provided TCP ACK This field is available only when you select IP in the Ether Type field If you select this option the matched TCP packets must contain the ACK Acknowledge flag DHCP This field is available only when you select IP in the Ether Type field and UDP in the IP Protocol field Select this option and select a DHCP option If you select Vendor Class I D DHCP Option 60 enter the Class ID of the matched traffic such as the type of the hardware or firmware If you select Clientl D DHCP Option 61 enter the Type of the matched traffic and Client I D of the DHCP client If you select User Class I D DHCP Option 77 enter the User Class Data which is a string that identifies the user s category or application type in the matched DHCP packets If you select VendorSpecificl ntro DHCP Option 125 enter the Enterprise Number of the software of the matched traffic and Vendor Class Data used by all the DHCP clients Service Select the service classification of the traffic Exclude Select this option to exclude the packets t
274. r of ones beginning from the left followed by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a followed by the number of bits in the mask after the address For example 192 1 1 0 25 is equivalent to saying 192 1 1 0 with subnet mask 255 255 255 128 The following table shows some possible subnet masks using both notations Table 88 Alternative Subnet Mask Notation suemermask AGGER B 255 255 255 0 124 0000 0000 0 255 255 255 128 25 1000 0000 128 255 255 255 192 26 1100 0000 192 255 255 255 224 27 1110 0000 224 FMG3024 D10A FMG3025 D10A Series User s Guide Appendix A IP Addresses and Subnetting Table 88 Alternative Subnet Mask Notation continued suwerwask ALTERNATIVE iasrocrer usroerer 255 255 255 240 28 1111 0000 240 255 255 255 248 29 1111 1000 248 255 255 255 252 30 1111 1100 252 Subnetting You can use subnetting to divide one network into multiple sub networks In the following example a network administrator creates two sub networks to isolate a group of servers from the rest of the company network for security reasons In this example the company network address is 192 168 1 0 The first three octets of the address 192 168 1 are the network number and the remaining octet is the host ID
275. rd Disable Call Forward When Busy Enable Call Forward When Busy Disable Do Not Disturb Enable Do Not Disturb Disable m 1025 65535 p 0 255 o 0 255 3600 60 65535 second 512 180 65535 second i80 100 3600 second 50 X 90 1800 second 5 7 second 92 C pao NN fate NN Far Fan 0 Apply Cance The following table describes the labels in this screen Table 58 VoIP gt SIP gt SIP Service Provider LABEL DESCRIPTION SIP Service Provider Selection Service Provider Select the SIP service provider profile you want to use for the SIP account you Selection configure in this screen If you change this field the screen automatically refreshes General SIP Service Select this if you want the Device to use this SIP provider Clear it if you do not Provider want the Device to use this SIP provider SIP Service Enter the name of your SIP service provider Provider Name FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP Table 58 VoIP gt SIP gt SIP Service Provider continued LABEL DESCRIPTION SIP Local Port Enter the Device s listening port number if your VoIP service provider gave you one Otherwise keep the default value Main SIP Server Address Enter the IP address or domain name of the SIP server provided by your VoIP service provider You can use up to 95 printable ASCII characters It does not
276. re illustrates an SNMP management operation Figure 113 SNMP Management Model MANAGER AGENT Managed Device Managed Device Managed Device An SNMP managed network consists of two main types of component agents and a manager An agent is a management software module that resides in a managed device the Device An agent translates the local management information from the managed device into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and monitor managed devices FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 23 SNMP The managed devices contain object variables managed objects that define each piece of information to be collected about a device Examples of variables include such as number of packets received node port status etc A Management Information Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple request response protocol based on the manager agent model The manager issues a request and the agent returns responses using the following protocol operations Get Allows the manager to retrieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wa
277. re you understand the normal behavior of the LED 2 Check the hardware connections See the Quick Start Guide 3 Inspect your cables for damage Contact the vendor to replace any damaged cables FMG3024 D10A FMG3025 D10A Series User s Guide 237 Chapter 31 Troubleshooting 4 Turn the Device off and on 5 If the problem continues contact the vendor 31 3 Device Access and Login forgot the IP address for the Device 1 The default IP address is 192 168 1 1 2 Ifyou changed the IP address and have forgotten it you might get the IP address of the Device by looking up the IP address of the default gateway for your computer To do this in most Windows computers click Start Run enter cmd and then enter ipconfig The IP address of the Default Gateway might be the IP address of the Device it depends on the network so enter this IP address in your Internet browser 3 If this does not work you have to reset the device to its factory defaults See Section 1 5 on page 17 forgot the password 1 The default admin password is 1234 and the default user password is 1234 2 Ifyou can t remember the password you have to reset the device to its factory defaults See Section 1 5 on page 17 cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 f you changed the IP address Section on page 104 use the
278. recorded Local Number This field displays the phone number you used to make or receive this call Peer Number This field displays the phone number you called or from which this call is made Interface This field displays the type of the call Duration This field displays how long the call lasted 208 FMG3024 D10A FMG3025 D10A Series User s Guide 20 1 Overview Traffic Status Use the Traffic Status screens to look at network traffic status and statistics of the WAN LAN interfaces and NAT 20 1 1 What You Can Do in this Chapter e Use the WAN screen to view the WAN traffic statistics Section 20 2 on page 209 Use the LAN screen to view the LAN traffic statistics Section 20 3 on page 210 Use the NAT screen to view the NAT status of the Device s client s Section 20 4 on page 211 Use the 3G Backup screen to view the 3G connection traffic statistics Section 20 6 on page 212 e Use the Vol P Status screen to view the VolP traffic statistics Section 20 6 on page 212 20 2 The WAN Status Screen Click System Monitor gt Traffic Status to open the WAN screen You can view the WAN traffic statistics in this screen Figure 106 System Monitor gt Traffic Status gt WAN Status Refresh interval 5 seconds iw Sent S Received 3062046 Bytes 17295076 Bytes Packets Sent Packets Received Connected Interface Data Error Drop Data Error eth1 12474 290328
279. reen Clear Logs Click this to delete all the logs This field is a sequential value and is not associated with a specific entry Time This field displays the time the log was recorded Level This field displays the severity level of the logs that the device is to send to this syslog server Message This field states the reason for the log 19 4 The VoIP Call History Screen Click System Monitor gt Log gt VolP Call History to open the VoIP Call History screen Use this screen to see the details of the calls performed on the Device Figure 105 System Monitor gt Log gt VoIP Call History All Call History v Refresh Clear Logs Local Number Peer Number Interface Duration 1 08 20 2010 09 43 52 128752 1353699 SIP 0 00 00 2 08 20 2010 09 43 07 128752 1353699 SIP 0 00 06 3 08 20 2010 09 42 11 128752 1353699 SIP 0 00 37 FMG3024 D10A FMG3025 D10A Series User s Guide 207 Chapter 19 Logs The following table describes the fields in this screen Table 69 System Monitor gt Log gt VoIP Call History LABEL DESCRIPTION Select a category of call records to view from the drop down list box select AII Call History to view all call records Refresh Click this to renew the log screen Clear Logs Click this to delete all the logs This field is a sequential value and is not associated with a specific entry Time This field displays the time the call was
280. rental Control gt Parental Control LABEL DESCRIPTION Parental Control Select Enable to activate parental control Add new PCP Click this if you want to configure a new parental control rule This shows the index number of the rule Status This indicates whether the rule is active or not A yellow bulb signifies that this rule is active A gray bulb signifies that this rule is not active PCP Name This shows the name of the rule Home Network This shows the MAC address of the LAN user s computer to which this rule User MAC applies Internet Access This shows the day s and time on which parental control is enabled Schedule Network Service This shows whether the network service is configured If not None will be shown FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 15 Parental Control Table 44 Parental Control gt Parental Control continued LABEL DESCRIPTION Website Blocked This shows whether the website block is configured If not None will be shown Modify Click the Edit icon to go to the screen where you can edit the rule Click the Delete icon to delete an existing rule Add Click Add to create a new schedule Apply Click Apply to save your changes back to the Device 15 2 1 Add Edit a Parental Control Rule Click Add new PCP in the Parental Control screen to add a new rule or click the Edit icon next to an existing rule to edit
281. rnal systems Tunnel mode is fundamentally an IP tunnel with authentication and encryption This is the most common mode of operation Tunnel mode is required for gateway to gateway and host to gateway communications Tunnel mode communications have two sets of IP headers Outside header The outside IP header contains the destination IP address of the VPN gateway nside header The inside IP header contains the destination IP address of the final system behind the VPN gateway The security protocol appears after the outer IP header and before the inside IP header 17 3 3 IKE Phases There are two phases to every IKE Internet Key Exchange negotiation phase 1 Authentication and phase 2 Key Exchange A phase 1 exchange establishes an IKE SA and the second one uses that SA to negotiate SAs for IPSec FMG3024 D10A FMG3025 D10A Series User s Guide 175 Chapter 17 VPN Figure 90 Two Phases to Set Up the IPSec SA In phase 1 you must Choose a negotiation mode Authenticate the connection by entering a pre shared key Choose an encryption algorithm Choose an authentication algorithm Choose a Diffie Hellman public key cryptography key group Set the IKE SA lifetime This field allows you to determine how long an IKE SA should stay up before it times out An IKE SA times out when the IKE SA lifetime period expires If an IKE SA times out when an IPSec SA is already established the IPSec SA stays connected In
282. roperties Advanced Settings Advanced Settings Services Select Hie sicer Tunning on pour nretescre that Intemel uel can ACSA Services Fi memo 132 1EE T EG BETB 16608 TEF be memnege 132 1581 B5 3858 27111 UDF mamaq 132 158 1 r 7281 25037 UDF e msg 0132 18 12 7810 21711 TCP Figure 44 Internet Connection Properties Advanced Settings Add Service Settings Description of service Test Name or IP address for example 192 168 0 12 of the computer hosting this service on your network 192 168 1 11 External Port number for this service 143 TCP C UDP Internal Port number for this service 143 Cancel 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 6 Select Show icon in notification area when connected option and click OK An icon displays in the system tray FMG3024 D10A FMG3025 D10A Series User s Guide 113 Chapter 7 Home Networking Figure 45 System Tray Icon J Internet Connection is now connected Click here For more information Double click on the icon to display your current Internet connection status Figure 46 Internet Connection Status Y Internet Connection Status Web Configurator Easy Access General Internet Gateway Status Connected Duration 00 00 56 Speed 100 0 Mbps Activity Internet Internet Gateway My Computer ey
283. rt forwarding settings you configured should appear in the table Make sure the bulb in Status is the color yellow meaning it is activated Click Apply to have the Device start forwarding port 666 traffic to the computer with IP address 192 168 1 34 Add new rule 1 y User Defined EtherWAN1 666 666 666 666 192 168 1 34 TCP UDP B note The TCP port 7676 is reserved for TRO69 connection request port Players on the Internet then can have access to your Doom server 3 4 How to Make a VoIP Call You can register a SIP account with the SIP server and make voice calls over the Internet to another VolP device The following parameters are used in this example SIP Service Provider Name ServiceProvider1 SIP Server Address sip example com REGISTER Server Address registersip example com SIP Service Domain sip example com SIP Account Number 12345678 Username ChangeMe Password ThislsMySIP 3 4 1 VoIP Calls With a Registered SIP Account To use a registered SIP account you should configure the SIP service provider and applied for a SIP account FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials 3 4 1 1 SIP Service Provider Configuration Follow the steps below to configure your SIP service provider 1 Make sure your Device is connected to the Internet 2 Open the web configurator 3 Click VolP gt SIP to open the SIP Service Provider screen Select Cha
284. rt number s for RTP traffic if your VolP service provider gave you this information Otherwise keep the default values End Port To enter one port number enter the port number in the Start Port and End Port fields To enter a range of ports enter the port number at the beginning of the range in the Start Port field enter the port number at the end of the range in the End Port field DTMF Mode Control how the Device handles the tones that your telephone makes when you push its buttons You should use the same mode your VoIP service provider uses RFC2833 send the DTMF tones in RTP packets PCM send the DTMF tones in the voice data stream This method works best when you are using a codec that does not use compression like G 711 Codecs that use compression like G 729 and G 726 can distort the tones SIP INFO send the DTMF tones in SIP messages Transport Type Transport Type Select the transport layer protocol UDP or TCP usually UDP used for SIP FAX Option This field controls how the Device handles fax messages G711 Fax Select this if the Device should use G 711 to send fax messages The peer Passthrough devices must also use G 711 T38 Fax Relay Select this if the Device should send fax messages as UDP or TCP IP packets through IP networks This provides better quality but it may have inter operability problems The peer devices must also use T 38 Outbound Proxy Enable Se
285. rtp E a da Tren Pert SER pe deu on Ei ra a cn s 191 185 ea eel c Me T I neat 192 OEC Mur uud te I I UIT 192 186 The Cal Rule Sargen iiec ae ad aa Eee a retta ars op ada E Sae tta Ra 193 187 Technical Referente E EU emmr t 194 FMG3024 D10A FMG3025 D10A Series User s Guide 9 Table of Contents REO E UV WT oR A A E eee CO 194 Ui tg pl ROMS tT TE 194 Iga auau EA vii Pu cc tm 199 18 74 Phone Servibss OVEPIBU uua iss po E Ron pee n EE Hin x abi se irt rd sedo i iyaoaeks 200 Chapter 19 T OO 205 ERE e111 ecu ch ULM MC ME EI E EE 205 191 1 Vilar You Can Do Ti NS Chapi isa Doe eb RU RE en ee rer erem ha daa yee n D vac OD 205 19 1 2 What You Need To Know sssesessseseeenen nre nenemennnnennhnnn nnne nnns n snss nnn en ssa ss ssa assa a nna 205 192 The So ciis Log GOCE NET I LS 206 199 The Phone EOD SOEN iirinn a abc prd bored Lea rra ago taie nia aa atra 207 T94 Roll og E 00cHub T 7 77 17 101 207 15S 207 Chapter 20 TAE AU ce cm T 209 VORNE SI E IE NE DTE RTI OR EROR HR a a 209 201 1 What Yon Ca De in this Chapter secu catene rna notable air be eb pn aad nad 209 SO TIS WAN SAIS ROI usicecoosca cote o peo cie poene nee beoe ine tnodo tace Doo e Deuce dE coco E Sce bae eese oops 209 209 Tha LAN EUR 1 PED TE T 210 204 Ths NAT STU CANAN oid esset iestitie tuo iodisosu e Dco soa Ebor adsit ad petiere too eadeece sed EU Sor eatem ied d ooteaE 211
286. runcated The domain name or e mail address is for identification purposes only and can be any string Remote ID Select IP to identify the remote IPSec router by its IP address Select DNS to identify the remote IPSec router by a domain name Select E mail to identify the remote IPSec router by an e mail address Content The configuration of the remote content depends on the remote ID type For IP type the IP address of the computer with which you will make the VPN connection If you configure this field to 0 0 0 0 or leave it blank the Device will use the address in the Secure Gateway Address field refer to the Secure Gateway Address field description For DNS or E mail type a domain name or e mail address by which to identify the remote IPSec router Use up to 31 ASCII characters including spaces although trailing spaces are truncated The domain name or e mail address is for identification purposes only and can be any string It is recommended that you type an IP address other than 0 0 0 0 or use the DNS or E mail ID type in the following situations When there is a NAT router between the two IPSec routers When you want the Device to distinguish between VPN connection requests that come in from remote IPSec routers with dynamic WAN IP addresses Security Protocol Pre Shared Type your pre shared key in this field A pre shared key identifies a Key communicating party during a phase 1 IKE negotiation Type
287. rver Address Select this if your VolP service provider has a SIP outbound server to handle voice calls This allows the Device to work with any type of NAT router and eliminates the need for STUN or a SIP ALG Turn off any SIP ALG on a NAT router in front of the Device to keep it from re translating the IP address since this is already handled by the outbound proxy server Enter the IP address or domain name of the SIP outbound proxy server Server Port Enter the SIP outbound proxy server s listening port if your Vol P service provider gave you one Otherwise keep the default value QoS Tag SIP TOS Priority Setting Enter the DSCP DiffServ Code Point number for SIP message transmissions The Device creates Class of Service CoS priority tags with this number to SIP traffic that it transmits RTP TOS Priority Setting Enter the DSCP DiffServ Code Point number for RTP voice transmissions The Device creates Class of Service CoS priority tags with this number to RTP traffic that it transmits Timer Setting Expiration Duration Enter the number of seconds your SIP account is registered with the SIP register server before it is deleted The Device automatically tries to re register your SIP account when one half of this time has passed The SIP register server might have a different expiration Register Re send timer Session Expires Enter the number of seconds the Device waits before
288. rver address assigned by the ISP IPv6 Address This section is not available when you select Disable in the IPv6 I Pv4 DualStack field Obtain I Pv6 Address Automatically Select this option if you want to have the Device use the IPv6 prefix from the connected router s Router Advertisement RA to generate an IPv6 address Enable Non temporary addresses The DHCPv6 server controls the time at which the client contacts with the server to extend the lifetimes on any addresses before the lifetimes expire After a first time limit specified by the server is reached the client sends the server a Renew message Select this option to have the server renew the lease before the second server specified time limit is reached Enable Prefix Delegation Select this to enable Prefix Delegation This enables an IPv6 router to use the IPv6 prefix network address received from the ISP or a connected uplink router for its LAN Static I Pv6 Address Select this option if you have a fixed IPv6 address assigned by your ISP IPv6 Address Enter the static IPv6 address provided by your ISP using colon hexadecimal notation Prefix length Enter the bit number of the IPv6 subnet mask provided by your ISP IPv6 Default Gateway Enter the I Pv6 address of the default outgoing gateway using a colon hexadecimal notation IPv6 DNS Server Select whether you want to obtain the IPv6 DNS server addresses
289. ry field in this screen to its last saved value 18 7 Technical Reference This section contains background material relevant to the Vol P screens 18 7 1 VoIP VoIP is the sending of voice signals over Internet Protocol This allows you to make phone calls and send faxes over the Internet at a fraction of the cost of using the traditional circuit switched telephone network You can also use servers to run telephone service applications like PBX services and voice mail Internet Telephony Service Provider ITSP companies provide VoIP service Circuit switched telephone networks require 64 kilobits per second Kbps in each direction to handle a telephone call Vol P can use advanced voice coding techniques with compression to reduce the required bandwidth 18 7 2 SIP The Session Initiation Protocol SIP is an application layer control signaling protocol that handles the setting up altering and tearing down of voice and multimedia sessions over the Internet 194 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 18 VoIP SIP signaling is separate from the media for which it handles sessions The media that is exchanged during the session can use a different path from that of the signaling SIP handles telephone calls and can interface with traditional circuit switched telephone networks SIP Identities A SIP account uses an identity sometimes referred to as a SIP address A complete SIP identity is called a
290. s for example web or FTP that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world FMG3024 D10A FMG3025 D10A Series User s Guide 133 Chapter 10 Network Address Translation NAT Finding Out More See Section 10 4 on page 137 for advanced technical information on NAT 10 2 The Port Forwarding Screen Use the Port Forwarding screen to forward incoming service requests to the server s on your local network You may enter a single port number or a range of port numbers to be forwarded and the local IP address of the desired server The port number identifies a service for example web service is on port 80 and FTP on port 21 In some cases such as for unknown services or where one server can support more than one service for example both FTP and web service it might be better to specify a range of port numbers You can allocate a server IP address that corresponds to a port or a range of ports The most often used port numbers and services are shown in Appendix D on page 291 Please refer to RFC 1700 for further information about port numbers Note Many residential broadband ISP accounts do not allow you to run any server processes such as a Web or FTP server from your location Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location If you are unsure refer to
291. s gt Add New Service Entry LABEL DESCRIPTION Name Type a descriptive name for the service Type Select the protocol type TCP UDP or ICMP or Others of the service Protocol Number Enter the protocol number of the service type Source Port Destination Port Apply The source port defines from which port number s the service traffic is sent The destination port defines the port number s the destination hosts use to receive the service traffic Select Single if the service uses one and only one source or destination port then enter the port number Select Multiple if the service uses two or more source or destination ports then enter a port range For example suppose you want to define the Gnutella service Select TCP type and enter a port range of 6345 6349 Click Apply to save your changes Back Click Back to exit this screen without saving your changes 13 4 The Access Control Screen Click Security Firewall Access Control to display the following screen This screen displays a list of the configured incoming or outgoing filtering rules Figure 72 Security gt Firewall gt Access Control Add new ACL rule O We me sre a id I VI ces o Poic Y FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 13 Firewall Each field is descri bed in the following table Table 40 Security gt Firewall gt Access Control
292. s E 4 JJ Music Music Videos Pictures Recorded TV Playlists C E gt d If you cannot see the Device in the left panel as shown above right click Other Libraries gt Refresh Other Libraries 2 Select a category in the left panel and wait for Windows Media Player to connect to the Device O Windows Media Player File View Play Tools Help Fas eJ gt gt Music gt All music Organize Stream v Create playlist v IS Library p Playlists 4 jJ Music P Artist gt Album Genre ES Videos Pictures Recorded TV Other Libraries ep eg JJ Music H Videos Pictures Recorded TV E Play Burn TE 4 Contacting the remote media library UW 3 Inthe right panel you should see a list of files available in the USB storage device FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials G Windows Media Player File View Play Tools Help COO Fn gt Videos All Videos Play Organize Stream v Create playlist v ge v Searc Length Release yea Genre Actors Rating E Library ib Playlists s hd 4 Jd Music a a D Arti I 2 m 24 Artist f ZyXEL Celebration ZyXEL Connecting the Album bel Video Ld Future e Genie 4 minutes 33 minutes e a Habibim a Unknown E ene Play all re ff Py 5 Recorded TV 4 ECC Play next Add to f amp Other Libraries 4 P es sepie Edit b jd Music Rate gt Bj Videos E Pictures Propert
293. s Guide Auto Provision 30 1 Overview You can use auto provision to automatically update the configuration settings on the Device The Auto Provision feature uses the http protocol with encryption and can be used to upgrade firmware or configuration information to the Device The device must access an Auto Provision server In the figure below three different Devices ZD1 ZD2 ZD3 are controlled by auto provision server S Figure 127 Auto Provision IAD TAD ZD1 ZD2 ZD3 30 2 Auto Provision Use this screen to configure Auto Provision settings for automatically updating the Device settings Click Maintenance gt Auto Provision to open the Auto Provision screen shown next Figure 128 Maintenance gt Auto Provision Auto Provision State AutoProvision C Enable Disable Directory L 4 Directory Path Auto Provision Server NENNEN IP Address Server Port fo Retry Count B times Retry Timer fso Seconds Expire Timer 6400 Seconds Avon FMG3024 D10A FMG3025 D10A Series User s Guide 235 Chapter 30 Auto Provision The following table describes the fields in this screen Table 84 Maintenance gt Auto Provision LABEL DESCRIPTION Auto Provision Enable or disable auto provision Directory Enter the directory path where the auto provision file is located Auto Provision Enter the IP address of the auto provision server
294. s ndn BE Fr Nd 167 pesce pur aa m NI n 168 T 2 3 TR Montor SOET niet men e p D netos Hoo HUE GM a LE REA 173 1f lechnical PSTSreriGB occidit Id pA bU ENk RUF LER RECO E BRE R cH DR RE pe Y TR HR VIDE UE Dion nt c dER et drin denn 173 123 T1 Dep a E T E E ree E E E E A E E A E E SE A E T 173 WAE a el Mese cc T T E E E E A 174 10583 IKE Phases oreo uito eee ve Ide dde QU Udine reb dag pee iadedacioen DR pae Reb e diode eue Nedad am iudeaneebiadaiens 175 DES T Nooi TOn ni ep Pm 176 1730 UC en NAT m PP E T EM Izz TASO VPN NAL and NAT MAVES i iE 177 TY3 7 U Tee and COMNEN inima a A S 178 12 8 5 Piero KON sanin debibes cip boo Prose QUd i bed Ge ie ene COUR due 179 173 9 Die Fellini DET Koy GOUS s tenere oe Prcte res Oc vest teri in Pest OR E Eva a ences 179 Chapter 18 pie Sere een ei E ORE EOM sd DA END IEEE HARE Creer Tere rT ARE KA ARCU ER T Ee Tree TT TT RETT RTC E E errr ETATE LERRA SRPL REG 181 LISSE ITI NNNM OPE UNE IPIS TAEA T O E E 181 198 3 What You Can Don uis Chaplet sa eire neers tented bee 181 18 1 2 Whal You ise to KNOW dius issusseiuupr ce ERR GRE EXER ERU T D E e CLER sd ioral eee Ne bI S RU S ria 181 T tos erre PO SQ auscoesvuatete iiu Haie a adem tedex die perdi ca Portam obe ciu PIC cu outers 182 19 2 The SIF cie igietis Ec ti PME ERES 183 78 2 The SIF Account SO BBEI panions gus raise rad n rk onion aida Eo pU x Fei Ade Eas oo bud up are dO dc RA 188 p cm b hzwmlers PI E E SU LUE m 188 18 4 Mulliple SIP AGDOBPIES cea eH n
295. s that this rule is not active Service Name This is the service s name This shows User Defined if you manually added a service You can change this by clicking the edit icon WAN Interface This shows the WAN interface through which the service is forwarded Start Port This is the first external port number that identifies a service End Port This is the last external port number that identifies a service Translation Start Port This is the first internal port number that identifies a service Translation End Port This is the last internal port number that identifies a service Server IP Address This is the server s IP address Protocol This shows the IP protocol supported by this virtual server whether it is TCP UDP or TCP UDP Modify Click the Edit icon to edit the port forwarding rule Click the Delete icon to delete an existing port forwarding rule Note that subsequent address mapping rules move up by one when you take this action Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings 10 2 2 The Port Forwarding Edit Screen This screen lets you create or edit a port forwarding rule Click Add new rule in the Port Forwarding screen or the Edit icon next to an existing rule to open the following screen FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 10 Network Address Translation NAT
296. s to it By default the firewall Allows traffic that originates from your LAN computers to go to all other networks Blocks traffic that originates on other networks from going to the LAN The following figure illustrates the default firewall action User A can initiate an IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 68 Default Firewall Action LAN WAN MI 13 1 1 What You Can Do in this Chapter Use the General screen to enable or disable the Device s firewall Section 13 2 on page 146 Use the Services screen to view the configured firewall rules and add edit or remove a firewall rule Section 13 3 on page 147 Use the Access Control screen to view and configure incoming outgoing filtering rules Section 13 4 on page 148 Use the DoS screen to enable or disable Denial of Service DoS protection Section 13 5 on page 151 13 1 2 What You Need to Know Firewall The Device s firewall feature physically separates the LAN and the WAN and acts as a secure gateway for all data passing between the networks FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 13 Firewall It is designed to protect against Denial of Service DoS attacks when activated The Device s purpose is to allow a private Local Area Network LAN to be securely connected to the Interne
297. ss Configure or Delete as desired AMD PCnet Fast 79C971 MAC 08 00 27 96 ed 3d Device Name eth etho Started automatically at boot IP address assigned using DHCP roams Abort 5 When the Network Card Setup window opens click the Address tab 278 FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address Figure 176 openSUSE 10 3 Network Card Setup YasStT2 linux h20z lt Address Setup Network Card Setup Select No Address Setup if you do not want any IP address for this device This is particularly useful for Ethernet bonding ethernet devices No IP Address for Bonding Devices General Select Dynamic Dynamic Address DHCP address if you do not have a static IP address assigned by IP Address Subnet Mask Hostname the system administrator or your cable or DSL provider Statically assigned IP Address You can choose one of the dynamic address assignment method Select DHCP if you have a DHCP server running on your local network Network addresses are then obtained automatically from the server To automatically search for free IP and then assign it statically select Zeroconf To use Cancel 6 Select Dynamic Address DHCP if you have a dynamic IP address Select Statically assigned IP Address
298. successful upload the system will reboot Do NOT turn off the Device while firmware upload is in progress Figure 118 Maintenance gt Firmware Upgrade Upgrade Firmware Current Firmware Version V3 10 TUJ 0 b4 FilePath __Browse The following table describes the labels in this screen Table 81 Maintenance gt Firmware Upgrade LABEL DESCRIPTION Current This is the present Firmware version Firmware Version File Path Type in the location of the file you want to upload in this field or click Browse to find it Browse Click this to find the bin file you want to upload Remember that you must decompress compressed zip files before you can upload them Upload Click this to begin the upload process This process may take up to three minutes After you see the firmware updating screen wait a few minutes before logging into the Device again FMG3024 D10A FMG3025 D10A Series User s Guide 227 Chapter 27 Firmware Upgrade Figure 119 Firmware Uploading C Router is restarting now Please wait ll be no indication o en the proc s complete or one minute b empting he The Device automatically restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 120 Network Temporarily Disconnected D Local Area Connection Network cable unplugged After two minutes log i
299. sulation The two modes of operation for IPSec VPNs are Transport mode and Tunnel mode At the time of writing the Device supports Tunnel mode only 174 FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 17 VPN Figure 89 Transport and Tunnel Mode IPSec Encapsulation Original IP TCP Data IP Packet Header Header Transport Mode IPSec IP TCP Dala Protected Packet Header Header Header Tunnel Mode IP IPSec IP TCP sah Protected Packet Header Header Header Header Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet In Transport mode the IP packet contains the security protocol AH or ESP located after the original IP header and options but before any upper layer protocols contained in the packet such as TCP and UDP With ESP protection is applied only to the upper layer protocols contained in the packet The IP header information and options are not used in the authentication process Therefore the originating IP address cannot be verified for integrity against the data With the use of AH as the security protocol protection is extended forward into the IP header to verify the integrity of the entire packet by use of portions of the original IP header in the hashing process Tunnel Mode Tunnel mode encapsulates the entire IP packet to transmit it securely A Tunnel mode is required for gateway services to provide access to inte
300. t The Device can be used to prevent theft destruction and modification of data as well as log events which may be important to the security of your network The Device is installed between the LAN and a broadband modem connecting to the Internet This allows it to act as a secure gateway for all data passing between the Internet and the LAN The Device has one Ethernet WAN port and four Ethernet LAN ports which are used to physically separate the network into two areas The WAN Wide Area Network port attaches to the broadband cable or DSL modem to the Internet The LAN Local Area Network port attaches to a network of computers which needs security from the outside world These computers will have access to Internet services such as e mail FTP and the World Wide Web However inbound access is not allowed by default unless the remote host is authorized to use a specific service ICMP Internet Control Message Protocol ICMP is a message control and error reporting protocol between a host server and a gateway to the Internet ICMP uses Internet Protocol IP datagrams but the messages are processed by the TCP IP software and directly apparent to the application user Finding Out More See Section 13 6 on page 151 for advanced technical information on firewall 13 2 The General Screen Use this screen to enable or disable the Device s firewall Click Security gt Firewall to open the General screen Figure 69 Security g
301. t Firewall gt General Firewall Enable C Disable Medium Recommended es o bM v v v LAN to WAN WAN to LAN j x FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 13 Firewall The following table describes the labels in this screen Table 37 Security gt Firewall gt General LABEL DESCRIPTION Firewall Select Enable to activate the firewall The Device performs access control and protects against Denial of Service DoS attacks when the firewall is activated Easy Medium Select Easy to have the firewall allow both LAN to WAN and WAN to LAN traffic High to flow through the Device Select Medium to have the firewall only allow traffic sent from the LAN to the WAN All access and traffic originating from the WAN will be blocked Select High to have the firewall only allow Telnet FTP HTTP HTTPS DNS POP3 and SMTP traffic sent from the LAN to the WAN Other traffic will be blocked Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings 13 3 The Services Screen Use this screen to view the configured service list To access this screen click Security gt Firewall gt Services You have to configure at least one service in this screen before configuring the Security gt Firewall gt Access Control gt Add New ACL Rule Edit screen Figure 70 Security gt Firewall gt Services Add New Service Entry
302. t 500 header to the IPSec packet The NAT router forwards the IPSec packet with the UDP port 500 header unchanged In the above figure when IPSec router A tries to establish an IKE SA IPSec router B checks the UDP port 500 header and IPSec routers A and B build the IKE SA For NAT traversal to work you must Use ESP security protocol in either transport or tunnel mode Use IKE keying mode Enable NAT traversal on both IPSec endpoints Set the NAT router to forward UDP port 500 to IPSec router A Finally NAT is compatible with ESP in tunnel mode because integrity checks are performed over the combination of the original header plus original payload which is unchanged by a NAT device The compatibility of AH and ESP with NAT in tunnel and transport modes is summarized in the following table Table 54 VPN and NAT SECURITY PROTOCOL MODE NAT AH Transport N AH Tunnel N ESP Transport Y ESP Tunnel Y Y This is supported in the Device if you enable NAT traversal 17 3 7 ID Type and Content 178 With aggressive negotiation mode see Section 17 3 4 on page 176 the Device identifies incoming SAs by ID type and content since this identifying information is not encrypted This enables the Device to distinguish between multiple rules for SAs that connect from remote IPSec routers that have dynamic WAN IP addresses Regardless of the ID type and content configuration the Device does not allow
303. t Bit Rate CBR Constant Bit Rate CBR provides fixed bandwidth that is always available even if no data is being sent CBR traffic is generally time sensitive doesn t tolerate delay CBR is used for connections that continuously require a specific amount of bandwidth A PCR is specified and if traffic exceeds this rate cells may be dropped Examples of connections that need CBR would be high resolution video and voice Variable Bit Rate VBR The Variable Bit Rate VBR ATM traffic class is used with bursty connections Connections that use the Variable Bit Rate VBR traffic class can be grouped into real time VBR RT or non real time VBR nRT connections The VBR RT real time Variable Bit Rate type is used with bursty connections that require closely controlled delay and delay variation It also provides a fixed amount of bandwidth a PCR is specified but is only available when data is being sent An example of an VBR RT connection would be video conferencing Video conferencing requires real time data transfers and the bandwidth requirement varies in proportion to the video image s changing dynamics FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 5 Broadband The VBR nRT non real time Variable Bit Rate type is used with bursty connections that do not require closely controlled delay and delay variation It is commonly used for bursty traffic typical on LANs PCR and MBS define the burst levels SCR defines the m
304. t Name Description Status Startup Type Log On As DCOM Server Process Launcher Provides la Started Automatic Local System ADH en n a g ma oca e Start the service i TEA Automatic Local Syster e4 Distributed Link Tracking Client Maintains li Started Automatic Local System y Distributed Transaction Coordinator Coordinate Manual Network S Description Bs DNS Client Resolves a Started Automatic Network 5 Dibbler a portable DHCPv6 Bs Error Reporting Service Allows erro Started Automatic Local System This is DHCPv6 ci 3 Sy Event Log Enables ev Started Automatic Local System SS cient version Sy Extensible Authentication Protocol Provides wi Manual Local System 0 7 2 Sy Fast User Switching Compatibility Provides m Manual Local System S amp sFLEXnet Licensing Service This servic Manual Local System sa i b Extended 5 Click Start and then OK Dibbler a DHCPv client Properties Local Computer General Log On Recovery Dependencies Service name DHCPv amp Client Display name Dibbler a DHCPv amp client Description Dibbler a portable DHCP v6 This is DHCP client version 0 7 2 Path to executable C Program Files DHCPv6Client_dibbler dibbler client exe service d C Pr Startup type Automatic Service status Stopped y Start You can specify the start parameters that apply when you start the service from here Start parameters
305. t know by the responder and both parties want to use pre shared key authentication 17 3 5 IPSec and NAT Read this section if you are running IPSec on a host computer behind the Device NAT is incompatible with the AH protocol in both Transport and Tunnel mode An IPSec VPN using the AH protocol digitally signs the outbound packet both data payload and headers with a hash value appended to the packet When using AH protocol packet contents the data payload are not encrypted A NAT device in between the IPSec endpoints will rewrite either the source or destination address with one of its own choosing The VPN device at the receiving end will verify the integrity of the incoming packet by computing its own hash value and complain that the hash value appended to the received packet doesn t match The VPN device at the receiving end doesn t know about the NAT in the middle so it assumes that the data has been maliciously altered IPSec using ESP in Tunnel mode encapsulates the entire original packet including headers in a new IP packet The new IP packet s source address is the outbound address of the sending VPN gateway and its destination address is the inbound address of the VPN device at the receiving end When using ESP protocol with authentication the packet contents in this case the entire original packet are encrypted The encrypted contents but not the new headers are signed with a hash value appended to the packet Tunnel m
306. t must be configured with the IP address of the Device and must FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 3 Tutorials use the RAW protocol to communicate with the printer Consult your operating systems documentation for instructions on how to do this or follow the instructions below if you have a Windows 2000 XP operating system 1 Click Start gt Settings then right click on Printers and select Open New Office Document Open Office Document Set Program Access and Defaults Windows Update fa Add Printer Winzip G Acrobat Distiller Q HP LaserJet 8000 Series PCL 6 Sra Programs gt BH WebWorks Rasterizer 1 WP Canon iR5000 6000 PCL6 Favorites d Adobe PDF d Canon iR5000 6000 PCLSe p d Microsoft Office Document Image Writer Ss PRT403 on zytwptO1 zyxel com di Network and Dial up Connections gt SS PRT402 on zytwptO1 zyxel com PSON Stylus C45 Series Documents gt Settings s Control Panel N Search 2 Help T Run ap Shut Down The Printers folder opens up First you need to open up the properties windows for the printer you want to configure a TCP IP port 2 Locate your printer 3 Right click on your printer and select Properties i Printers File Edit View Favorites Tools Help fe beck gt f seach GyFolders lt 4 m UI X x EJ Address LS Printers LCS Name Documents Status 3 s Add Printer f Acrobat Distiller
307. t the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 9 Quality of Service QoS DSCP and Per Hop Behavior DiffServ defines a new DS Differentiated Services field to replace the Type of Service TOS field in the IP header The DS field contains a 2 bit unused field and a 6 bit DSCP field which can define up to 64 service levels The following figure illustrates the DS field DSCP is backward compatible with the three precedence bits in the ToS octet so that non DiffServ compliant ToS enabled network device will not conflict with the DSCP mapping DSCP 6 bits Unused 2 bits The DSCP value determines the forwarding behavior the PHB Per Hop Behavior that each packet gets across the DiffServ network Based on the marking rule different kinds of traffic can be marked for different kinds of forwarding Resources can then be allocated according to the DSCP values and the configured policies 132 FMG3024 D10A FMG3025 D10A Series User s Guide Network Address Translation NAT 10 1 Overview NAT Network Address Translation NAT RFC 1631 is the translation of the IP address of a host in a packet for example the source address of an outgoing packet used within one network to a different IP addr
308. tead Use this screen to enable or disable sharing of a USB printer via your Device To access this screen click Network Setting gt Home Networking gt Printer Server Figure 34 Network Setting gt Home Networking gt Printer Server Print Server Configuration Print Server Enable C Disable Apply cane The following table describes the labels in this menu Table 19 Network Setting gt Home Networking gt Print Server LABEL DESCRIPTION Printer Select Enable to have the Device share a USB printer Server Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking 7 8 Technical Reference This section provides some technical background information about the topics covered in this chapter LANs WANs and the Device The actual physical connection determines whether the Device ports are LAN or WAN ports There are two separate IP networks one inside the LAN network and the other outside the WAN network as shown next Figure 35 LAN and WAN IP Addresses DHCP Setup DHCP Dynamic Host Configuration Protocol RFC 2131 and RFC 2132 allows individual clients to obtain TCP IP configuration at start up from a server You can configure the Device as a DHCP server or disable it When configured as a server the Device provides the TCP IP configuration for t
309. ted to a network with a router and the Device is set to automatically obtain an I Pv6 network prefix from the router for the interface it generates another address which FMG3024 D10A FMG3025 D10A Series User s Guide 297 Appendix E IPv6 DHCPv6 combines its interface ID and global and subnet information advertised from the router This is a routable global IP address The Dynamic Host Configuration Protocol for IPv6 DHCPv6 RFC 3315 is a server client protocol that allows a DHCP server to assign and pass IPv6 network addresses prefixes and other configuration information to DHCP clients DHCPv6 servers and clients exchange DHCP messages using UDP Each DHCP client and server has a unique DHCP Unique IDentifier DUID which is used for identification when they are exchanging DHCPv6 messages The DUID is generated from the MAC address time vendor assigned ID and or the vendor s private enterprise number registered with the IANA It should not change over time even after you reboot the device Identity Association An Identity Association IA is a collection of addresses assigned to a DHCP client through which the server and client can manage a set of related IP addresses Each IA must be associated with exactly one interface The DHCP client uses the IA assigned to an interface to obtain configuration from a DHCP server for that interface Each IA consists of a unique IAID and associated IP information The IA type is the typ
310. terfaces can be associated with several addresses FMG3024 D10A FMG3025 D10A Series User s Guide Appendix E IPv6 such as the system name The interface ID option provides slot number port information and the VLAN ID to the DHCPv6 server The remote ID option if any is stripped from the Relay Reply messages before the relay agent sends the packets to the clients The DHCP server copies the interface ID option from the Relay Forward message into the Relay Reply message and sends it to the relay agent The interface ID should not change even after the relay agent restarts Prefix Delegation Prefix delegation enables an IPv6 router to use the IPv6 prefix network address received from the ISP or a connected uplink router for its LAN The Device uses the received IPv6 prefix for example 2001 db2 48 to generate its LAN IP address Through sending Router Advertisements RAs regularly by multicast the Device passes the IPv6 prefix information to its LAN hosts The hosts then can use the prefix to generate their IPv6 addresses ICMPv6 Internet Control Message Protocol for IPv6 ICMPv6 or ICMP for IPv6 is defined in RFC 4443 ICMPv6 has a preceding Next Header value of 58 which is different from the value used to identify ICMP for IPv4 ICMPv6 is an integral part of IPv6 IPv6 nodes use ICMPv6 to report errors encountered in packet processing and perform other diagnostic functions such as ping Neighbor Discovery Protocol ND
311. ters for example 00 A0 C5 00 00 02 7 3 1 Before You Begin Find out the MAC addresses of your network devices if you intend to add them to the Static DHCP screen Use this screen to change your Device s static DHCP settings Click Network Setting gt Home Networking gt Static DHCP to open the following screen FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking Figure 26 Network Setting gt Home Networking gt Static DHCP Add new static lease a twpc13774 02 00 24 21 7e 20 96 192 168 1 58 Apply Cancel i Refresh The following table describes the labels in this screen Table 13 Network Setting gt Home Networking gt Static DHCP LABEL DESCRIPTION Add new static Click this to add a new static DHCP entry lease This is the index number of the entry Status This field displays whether the client is connected to the Device Host Name This field displays the client host name MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your computer six pairs of hexadecimal notation A network interface card such as an Ethernet adapter has a hardwired address that is assigned at the factory This address follows an industry standard that ensures no other adapter has a similar address IP Address This field displays the IP address relative to the field listed above Reserve Select the check box i
312. ther enter a short description of the share or leave this field blank Apply Click Apply to save your changes Back Click Back to return to the previous screen FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking 7 6 The Media Server Screen The media server feature lets anyone on your network play video music and photos from the USB storage device connected to your Device without having to copy them to another computer The Device can function as a DLNA compliant media server The Device streams files to DLNA compliant media clients like Windows Media Player The Digital Living Network Alliance DLNA is a group of personal computer and electronics companies that works to make products compatible in a home network The Device media server enables you to Publish all shares for everyone to play media files in the USB storage device connected to the Device Use hardware based media clients like the DMA 2500 to play the files Note Anyone on your network can play the media files in the published shares No user name and password or other form of security is used The media server is enabled by default with the video photo and music shares published To change your Device s media server settings click Network Setting Home Networking Media Server The screen appears as shown Figure 32 Network Setting gt Home Networking gt Media Server M Enable Media Server The
313. ting Reject Time LABEL DESCRIPTION Active Call Select this to enable call waiting on the Device This allows you to place a call on Waiting hold while you answer another incoming call on the same telephone directory number Active Call Specify a time of seconds that the Device waits before rejecting the second call if you do not answer it Active Select this if you want the Device to forward all incoming calls to the specified Unconditional phone number Forward Specify the phone number in the To Number field on the right Active Busy Select this if you want the Device to forward incoming calls to the specified Forward phone number if the phone port is busy Specify the phone number in the To Number field on the right If you have call waiting the incoming call is forwarded to the specified phone number if you reject or ignore the second incoming call Active No Answer Forward Select this if you want the Device to forward incoming calls to the specified phone number if the call is unanswered See No Answer Time Specify the phone number in the To Number field on the right No Answer Ring Time This field is used by the Active No Answer Forward feature Enter the number of seconds the Device should wait for you to answer an incoming call before it considers the call is unanswered Hot Line Warm Enable Warm Line or Hot Line feature on the Device A hot line or warm line Anonymous Call Bloc
314. to IP numbers ESP User Defined 50 The IPSEC ESP Encapsulation Security IPSEC TUNNEL Protocol tunneling protocol uses this service FINGER TCP 79 Finger is a UNIX or Internet related command that can be used to find out if a user is logged on FTP TCP 20 File Transfer Program a program to enable fast transfer of files including large files TCP 21 that may not be possible by e mail H 323 TCP 1720 NetMeeting uses this protocol FMG3024 D10A FMG3025 D10A Series User s Guide 290 Appendix D Common Services Table 96 Commonly Used Services continued NAME PROTOCOL PORT S DESCRIPTION HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS TCP 443 HTTPS is a secured http session often used in e commerce ICMP User Defined 1 Internet Control Message Protocol is often used for diagnostic or routing purposes ICQ UDP 4000 This is a popular Internet chat program IGMP MULTICAST User Defined 2 Internet Group Management Protocol is used when sending packets to a specific group of hosts IKE UDP 500 The Internet Key Exchange algorithm is used for key distribution and management IRC TCP UDP 6667 This is another popular Internet chat program MSN Messenger TCP 1863 Microsoft Networks messenger service uses this protocol NEW ICQ TCP 5190 An Internet chat program NEWS TCP 144 A protocol for news groups NFS UDP 2
315. to identify this certificate It is recommended that you give each certificate a unique name Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certificate have unique subject information Issuer This field displays identifying information about the certificate s issuing certification authority such as a common name organizational unit or department organization or company and country Valid From This field displays the date that the certificate becomes applicable The text displays in red and includes a Not Yet Valid message if the certificate has not yet become applicable Valid To This field displays the date that the certificate expires The text displays in red and includes an Expiring or Expired message if the certificate is about to expire or has already expired Cert Click this button and then Save in the File Download screen The Save As screen opens browse to the location that you want to use and click Save SSH SCP SFTP Type in the location of the SSH SCP SFTP certificate file you want to upload in this field or click Browse to find it Choose file Click this link to find the certificate file you want to upload Current File This field displays the name used to identify this certificate It is recommended that you give each certificate a unique name Ke
316. tocol see SIP silence suppression 182 Simple Network Management Protocol see SNMP SIP 194 account 195 call progression 198 client 196 identities 195 INVITE request 199 number 195 proxy server 196 redirect server 197 register server 198 servers 196 service domain 195 URI 195 user agent 196 SNMP 219 220 agents 219 Get 220 GetNext 220 Manager 219 managers 219 MIB 220 network components 219 Set 220 Trap 220 versions 219 speed dial 193 static route 117 static VLAN E FMG3024 D10A FMG3025 D10A Series User s Guide Index status 61 subnet 243 subnet mask 104 244 subnetting 246 supplementary services 200 Sustained Cell Rate SCR 85 syslog protocol 205 severity levels 205 system firmware 227 passwords 19 status 61 System Info 62 system name 63 222 T Tag Control Information See TCI Tag Protocol Identifier See TPID TCI TCP IP port 37 The 68 three way conference 202 ToS 200 TPID 86 trademarks 305 traffic shaping 84 transport mode 175 trusted CAs and certificates 163 tunnel mode 175 tutorial VoIP 27 Type of Service see ToS U unicast 87 Uniform Resource Identifier 195 Universal Plug and Play see UPnP upgrading firmware 227 UPnP 99 forum 94 security issues 94 V VAD 182 version firmware version 63 VID Virtual Circuit VC 84 Virtual Local Area Network See VLAN Virtual Local Area Network see VLAN VLAN 86 200 group 200 ID 200 ID tags 200 Intr
317. twork Settings gt Connections ir Network Settings fx Location lt Connections General ons Hosts ij Wired connection Qs Properties Roaming mode enabled g Point to point connec This network interface is not c 3 In the Authenticate window enter your admin account name and password then click the Authenticate button Figure 167 Ubuntu 8 Administrator Account Authentication z Authenticate x eA EN System policy prevents modifying the configuration An application is attempting to perform an action that requires privileges Authentication as one of the users below is required to perform this action amp CJ Cchris s gt Details 4 Inthe Network Settings window select the connection that you want to configure then click Properties FMG3024 D10A FMG3025 D10A Series User s Guide 273 Appendix B Setting Up Your Computer s IP Address 274 Location ES zT Connections General DNS Hosts s Properties G Point to point connec This network interface is not c c Wired connection J Roaming mode enabled 5 The Properties dialog box opens Figure 169 Ubuntu 8 Network Settings gt Properties t eto Properties ea CJ Enable roaming mode Connection Settings IP address Subnet mask Gateway address E 0 J cancel I
318. uch as Telnet or FTP that you don t use Any enabled service could present a potential security risk A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network 5 For local services that are enabled protect against misuse Protect by configuring the services to communicate only with specific peers and protect by configuring rules to block packets for the services at specific interfaces 6 Keep the firewall in a secured locked room FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 13 Firewall 13 6 2 Security Considerations Note Incorrectly configuring the firewall may block valid access or introduce security risks to the Device and your protected network Use caution when creating or deleting firewall rules and test your rules after you configure them Consider these security ramifications before creating a rule 1 Does this rule stop LAN users from accessing critical resources on the Internet For example if IRC is blocked are there users that require this service 2 Is it possible to modify the rule to be more specific For example if IRC is blocked for all users will a rule that blocks just certain users be more effective 3 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability For example if FTP ports TCP 20 21 are allowed from the Internet to the LAN Internet users may be able to connect to
319. uide System 24 1 Overview You can configure system settings including the host name domain name and the inactivity time out interval in the System screen 24 1 1 What You Need to Know The following terms and concepts may help as you read this chapter Domain Name This is a network address that identifies the owner of a network connection For example in the network address www zyxel com support files the domain name is www zyxel com 24 2 The System Screen Use the System screen to configure the system s host name domain name and inactivity time out interval The Host Name is for identification purposes However because some ISPs check this name you should enter your computer s Computer Name Find the system name of your Windows computer In Windows XP click start My Computer View system information and then click the Computer Name tab Note the entry in the Full computer name field and enter it as the Device System Name Click Maintenance System to open the following screen Figure 115 Maintenance gt System Host Name router Domain Name nome Administrator Inactivity Timer fo minutes 0 means no timeout FMG3024 D10A FMG3025 D10A Series User s Guide 221 Chapter 24 System The following table describes the labels in this screen Table 78 Maintenance gt System LABEL DESCRIPTION Host Name Choose a descriptive name for identification purposes It is recommend
320. ur ISP behind router R2 You create another static route to communicate with a separate network behind a router R3 connected to the LAN Figure 50 Example of Static Routing Topology 8 2 Configuring Static Route Use this screen to view and configure IP static routes on the Device Click Network Setting gt Static Route to open the following screen FMG3024 D10A FMG3025 D10A Series User s Guide 117 Chapter 8 Routing Figure 51 Network Setting gt Static Route Add New Static Route Active Status Name DestinationiPp Gateway SubnetMask Interface Modify 1 v test1 192 168 0 0 255 255 0 0 EtherWAN1 40 The following table describes the labels in this screen Table 21 Network Setting gt Static Route LABEL DESCRIPTION Add New Static Click this to set up a new static route on the Device Route This is the number of an individual static route Active This indicates whether the rule is active or not A yellow bulb signifies that this static route is active A gray bulb signifies that this static route is not active Status This shows whether the static route is currently in use or not A yellow bulb signifies that this static route is in use A gray bulb signifies that this static route is not in use Name This is the name that describes or identifies this route Destination IP This parameter specifies the IP network address of the final destination Routing is always bas
321. us This shows whether or not the share is available for sharing Share Name This field displays the share name on the Device Share Path This field displays the path for the share directories folders on the Device These are the directories folders on your USB storage device Share Description This field displays information about the share Modify Click the Edit icon to change the settings of an existing share Click the Delete icon to delete this share in the list Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings 7 5 2 Add Edit File Sharing Use this screen to set up a new share or edit an existing share on the Device Click Add new share in the File Sharing screen or click the Edit icon next to an existing share Figure 31 File Sharing Add Edit Volume GENERIC USB Mass Storage 100 1 m Share Path Browse Description Apply Back Each field is described in the following table Table 17 File Sharing Add Edit LABEL DESCRIPTION Volume Select the volume in the USB storage device that you want to add as a share in the Device This field is read only when you are editing the share Share Path Manually enter the file path for the share or click the Browse button and select the folder that you want to add as a share This field is read only when you are editing the share Description You can ei
322. use or service this device during a thunderstorm There is a remote risk of electric shock from lightning Connect ONLY suitable accessories to the device Do NOT open the device or unit Opening or removing covers can expose you to dangerous high voltage points or other risks ONLY qualified service personnel should service or disassemble this device Please contact your vendor for further information Make sure to connect the cables to the correct ports Place connecting cables carefully so that no one will step on them or stumble over them Always disconnect all cables from this device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect the power adaptor or cord to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT remove the plug and connect it to a power outlet by itself always attach the plug to the power adaptor first before connecting it to a power outlet Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution If the power adaptor or cord is damaged remove it from the device and the power source Do NOT attempt to repair the power adaptor or cord Contact your local vendor to order a new one Do not use the device outside and make sure all the conne
323. usted CA certificates since the Device also trusts any valid certificate signed by any of the imported trusted CA certificates FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 16 Certificates You can use a certificate s fingerprint to verify it A certificate s fingerprint is a message digest calculated using the MD5 or SHAI1 algorithms The following procedure describes how to check a certificate s fingerprint to verify that you have the actual certificate 1 Browse to where you have the certificate saved on your computer 2 Make sure that the certificate has a cer or crt file name extension Figure 78 Certificates on Your Computer T amp JLondon oOffice cer m Ed La office crt Certificates 3 Double click the certificate s icon to open the Certificate window Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields Figure 79 Certificate Details zjx General Details Certification Path Show lt ai gt Value Glenn RSA 1024 Bits Digital Signature Certificate Signing 3 DNS Names Glenn Zw Basic Constraints Subject Type CA Path Length Cons IS Thumbprint algorithm shal Thumbprint BOA7 22B6 7960 FF92 52F4 6B4C A2 v L x I 4 Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields The secure method may very based on your situation Poss
324. vel from 0 to 7 to add to traffic through this connection The greater the number the higher the priority level Enter 802 1Q VLAN ID Type the VLAN ID number from 1 to 4094 for traffic through this connection PPP Information This section is available only when you select Routing in the Mode field and PPPoE in the WAN Service Type field PPP User Name Enter the user name exactly as your ISP assigned If assigned a name in the form user domain where domain identifies a service name then enter both components exactly as given PPP Password Enter the password associated with the user name above PPPoE Service Name Type the name of your PPPoE service here Authentication Mode The Device supports PAP Password Authentication Protocol and CHAP Challenge Handshake Authentication Protocol CHAP is more secure than PAP however PAP is readily available on more platforms Use the drop down list box to select an authentication protocol for outgoing calls Options are AUTO Your Device accepts either CHAP or PAP when requested by this remote node CHAP Your Device accepts CHAP only PAP Your Device accepts PAP only e MS CHAP Your Device accepts MSCHAP only MS CHAP is the Microsoft version of the CHAP Use Static IP A static IP address is a fixed IP that your ISP gives you A dynamic IP address Address is not fixed the ISP assigns you a different one each time you connect to t
325. ver Ethernet In this type of Internet connection IP packets are routed between the Ethernet interface and the WAN interface and then formatted so that they can be understood in a bridged environment FMG3024 D10A FMG3025 D10A Series User s Guide 73 Chapter 5 Broadband 74 Table 6 Broadband Add Edit Routing PPPoE continued LABEL DESCRIPTION PPPoE Passthrough In addition to the Device s built in PPPoE client you can enable PPPoE pass through to allow hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the Device Each host can have a separate account and a public WAN IP address PPPoE pass through is an alternative to NAT for application where NAT is not appropriate Disable PPPoE pass through if you do not need to allow hosts on the LAN to use PPPoE client software on their computers to connect to the ISP IPv6 IPv4 Mode Select IPv4 Only if you want the Device to run IPv4 only Select IPv6 I Pv4 DualStack to allow the Device to run IPv4 and IPv6 at the same time Select I Pv6 Only if you want the Device to run IPv6 only VLAN Enable VLAN Enter 802 1P Priority Select this to add the VLAN tag specified below to the outgoing traffic through this connection IEEE 802 1p defines up to 8 separate traffic types by inserting a tag into a MAC layer frame that contains bits to define class of service Type the IEEE 802 1p priority le
326. vice provider Password Type the password of up to 64 ASCII printable characters associated with the user name above PIN A PIN Personal Identification Number code is a key to a 3G card Without the PIN code you cannot use the 3G card If your ISP enabled PIN code authentication enter the 4 digit PIN code 0000 for example provided by your ISP If you enter the PIN code incorrectly the 3G card may be blocked by your ISP and you cannot use the account to access the Internet If your ISP disabled PIN code authentication leave this field blank Dial String Enter the phone number dial string used to dial up a connection to your service provider s base station Your ISP should provide the phone number For example 99 is the dial string to establish a GPRS or 3G connection in Taiwan APN Code Enter the APN Access Point Name provided by your service provider Connections with different APNs may provide different services such as Internet access or MMS Multi Media Messaging Service and charge method You can enter up to 32 ASCII printable characters Spaces are allowed FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 5 Broadband Table9 Broadband 3G Backup continued LABEL DESCRIPTION Connection Max Idle Timeout Select Nailed UP if you do not want the connection to time out Select On Demand if you do not want the connection up all the time and specify an id
327. whatever extent it shall deem necessary to restore the product or components to proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal or higher value and will be solely at the discretion of ZyXEL This warranty shall not apply if the product has been modified misused tampered with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of FMG3024 D10A FMG3025 D10A Series User s Guide 307 Appendix F Legal Information merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact your vendor You may also refer to the warranty policy for the region in which you bought the device at http www zyxel com web support warranty info php Registration Register your product online to receive e mail notices of firmware upgrades and information at www zyxel com Safety Warnings Do NOT use this product near water for example in a wet basement or near a swimming pool Do NOT expose your device to dampness dust or corrosive liquids Do NOT store things on the device Do NOT install
328. work smoothly and automatically when it is no longer in use See page 108 for more information on UPnP Use the following screen to configure the UPnP settings on your Device Click Network Setting gt Home Networking gt Static DHCP gt UPnP to display the screen shown next Figure 28 Network Setting gt Home Networking gt UPnP UPnP State UPnP Enable C Disable Appi The following table describes the labels in this screen Table 15 Network Settings gt Home Networking gt UPnP LABEL DESCRIPTION UPnP Select Enable to activate UPnP Be aware that anyone could use a UPnP application to open the web configurator s login screen without entering the Device s IP address although you must still enter the password to access the web configurator Apply Click Apply to save your changes 7 5 The File Sharing Screen You can share files on a USB memory stick or hard drive connected to your Device with users on your network The following figure is an overview of the Device s file server feature Computers A and B can access files on a USB device C which is connected to the Device FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 7 Home Networking Figure 29 File Sharing Overview 297 The Device will not be able to join the workgroup if your local area network has restrictions set up that do not allow devices to join a workgroup In this case contact your network adm
329. ws devices to send event notification messages across an IP network to syslog servers that collect the event messages A syslog enabled device can generate a syslog message and send it to a syslog server Syslog is defined in RFC 3164 The RFC defines the packet format content and system log related information of syslog messages Each syslog message has a facility and severity level The syslog facility identifies a file in the syslog server Refer to the documentation of your syslog program for details The following table describes the syslog severity levels Table 66 Syslog Severity Levels CODE SEVERITY 0 Emergency The system is unusable 1 Alert Action must be taken immediately 2 Critical The system condition is critical FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 19 Logs Table 66 Syslog Severity Levels CODE SEVERITY 3 Error There is an error condition on the system Warning There is a warning condition on the system Notice There is a normal but significant condition on the system 4 5 6 Informational The syslog contains an informational message 7 Debug The message is intended for debug level purposes 19 2 The System Log Screen Click System Monitor gt Log to open the System Log screen Use the System Log screen to see the system logs for the categories that you select in the upper left drop down list box Figure 103 System Monitor gt
330. x Automatically Enable Non temporary Addresses O Enable Prefix Delegation O C Static IPv6 Address IPv6 DNS Server C Obtain IPv6 DNS info Automatically Use the following Static DNS IPv6 Address Primary IPv6 DNS Server Secondary IPv6 DNS Server Figure 17 Broadband Add Edit Routing PPPoE IPv6 Only IPv6 Address Obtain IPv6 Address Prefix Automatically Enable Non temporary Addresses r Enable Prefix Delegation rr C Static IPv6 Address IPv6 DNS Server C Obtain IPv6 DNS info Automatically Use the following Static DNS IPv6 Address Primary IPv6 DNS Server Secondary IPv6 DNS Server 4 to 6 Tunnel M Enable DS Lite 4to6 Endpoint IPv6 Address The following table describes the fields in this screen Table 6 Broadband Add Edit Routing PPPoE LABEL DESCRIPTION General Name Enter a service name of the connection Mode Select Routing default from the drop down list box if your ISP give you one IP address only and you want multiple computers to share an Internet account WAN Service Type This field is available only when you select Routing in the Mode field Select the method of encapsulation used by your ISP PPP over Ethernet PPPoE PPPoE Point to Point Protocol over Ethernet provides access control and billing functionality in a manner similar to dial up services using PPP Select this if you have a username and password for Internet access IP o
331. y Type This field applies to the SSH SCP SFTP certificate This shows the file format of the current certificate Replace Click this to replace the certificate s and save your changes back to the Device Reset Click this to clear your settings FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 16 Certificates 16 3 Trusted CA Use this screen to view a summary list of certificates of the certification authorities that you have set the Device to accept as trusted The Device accepts any valid certificate signed by a certification authority on this list as being trustworthy thus you do not need to import any certificate that is signed by one of these certification authorities Click Security Certificates Trusted CA to open the Trusted CA screen Figure 81 Security gt Certificates gt Trusted CA Import Certificate ELEME EN CN CPE Norway C NO L Fornebu O Telenor emailAddress cpe ca certpem norway telenor net OU Engineering CA E B Note Maximum 5 certificates can be stored The following table describes the labels in this screen Table 47 Security gt Certificates gt Trusted CA LABEL DESCRIPTION Import Certificate Click this button to open a screen where you can save the certificate of a certification authority that you trust to the Device Name This field displays the name used to identify this certificate Subject This field displays information that id
332. you to save multiple active rules with overlapping local and remote IP addresses With main mode see Section 17 3 4 on page 176 the ID type and content are encrypted to provide identity protection In this case the Device can distinguish between different incoming SAs that connect from remote IPSec routers that have dynamic WAN IP addresses The Device can distinguish different incoming SAs and you can select between different encryption algorithms authentication algorithms and key groups when you configure a VPN rule The ID type and content act as an extra level of identification for incoming SAs FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 17 VPN The type of ID can be a domain name an IP address or an e mail address The content is the IP address domain name or e mail address Table 55 Local ID Type and Content Fields LOCAL ID TYPE CONTENT IP Type the IP address of your computer DNS Type a domain name up to 31 characters by which to identify this Device E mail Type an e mail address up to 31 characters by which to identify this Device The domain name or e mail address that you use in the Local ID Content field is used for identification purposes only and does not need to be a real domain name or e mail address 17 3 7 1 ID Type and Content Examples Two IPSec routers must have matching ID type and content configuration in order to set up a VPN tunnel The two Devices in
333. your ISP Configuring Servers Behind Port Forwarding Example Let s say you want to assign ports 21 25 to one FTP Telnet and SMTP server A in the example port 80 to another B in the example and assign a default server IP address of 10 0 0 35 to a third C in the example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 59 Multiple Servers Behind NAT Example A 10 0 0 33 LAN WAN INTERNEJ IP Address assigned by ISP B 10 0 0 34 C 10 0 0 35 D 10 0 0 36 10 2 1 The Port Forwarding Screen Click Network Setting gt NAT to open the Port Forwarding screen See Appendix D on page 291 for port numbers commonly used for particular services FMG3024 D10A FMG3025 D10A Series User s Guide Chapter 10 Network Address Translation NAT Figure 60 Network Setting gt NAT gt Port Forwarding Add new rule User WA XN k oemed Eherwant 21 21 21 21 192 168 1 6 TCP B note The TCP port 30005 is reserved for TRO69 connection request port The following table describes the fields in this screen Table 30 Network Setting gt NAT gt Port Forwarding LABEL DESCRIPTION Add new rule Click this to add a new port forwarding rule This is the index number of the entry Status This field indicates whether the rule is active or not A yellow bulb signifies that this rule is active A gray bulb signifie
334. ypically used for excellent effort or better than best effort and would include important business traffic that can tolerate some delay Level 2 This is for spare bandwidth Level 1 This is typically used for non critical background traffic such as bulk transfers that are allowed but that should not affect other applications and users Level 0 Typically used for best effort traffic 9 6 2 IP Precedence Similar to IEEE 802 1p prioritization at layer 2 you can use IP precedence to prioritize packets in a layer 3 network IP precedence uses three bits of the eight bit ToS Type of Service field in the IP header There are eight classes of services ranging from zero to seven in IP precedence Zero is the lowest priority level and seven is the highest 9 6 3 DiffServ QoS is used to prioritize source to destination traffic flows All packets in the flow are given the same priority You can use CoS class of service to give different priorities to different packet types DiffServ Differentiated Services is a class of service CoS model that marks packets so that they receive specific per hop treatment at DiffServ compliant network devices along the route based on the application types and traffic flow Packets are marked with DiffServ Code Points DSCPs indicating the level of service desired This allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points withou
335. ystem Preferences click the Network icon Figure 161 Mac OS X 10 5 Systems Preferences eo System Preferences Personal VAN rz a M LH o Q Appearance Desktop amp Dock Expos amp International Security Spotlight Screen Saver Spaces Hardware amp Ww o v mw A t y C CDs amp DVDs Displays Energy Keyboard amp Print amp Fax Sound Saver Mouse Internet amp N e 6j Q a Mac QuickTime Sharing System a A s BH e 2 cC o 9 Accounts Date amp Time Parental Software Speech Startup Disk Time Machine Universal Controls Update Access 3 When the Network preferences pane opens select Ethernet from the list of available connection types FMG3024 D10A FMG3025 D10A Series User s Guide Appendix B Setting Up Your Computer s IP Address Figure 162 Mac OS X 10 5 Network Preferences gt Ethernet Network Location Automatic HJ Internal Modem Q5 e Not Connected RS Status Not Connected The cable for Ethernet is connected but piesa Qu your computer does not have an IP address Not Connected A Corn i Using oHe i4 x icin Configure Using DHCP FireWire Not Connected AirPort e Off DNS Server Search Domains 802 1X WPA ZyXELO4 1 id Click the lock to prevent further changes Apply 4 From the Configure list select Using DHCP for dynamically assigned settings 5 For statically assigned settings do the following From the Configure list se
Download Pdf Manuals
Related Search