How it Works
Zyxel
Loading...
LTE7480-S905
Datasheet
4 pgs621.28 Kb0
User's Guide
179 pgs4.46 Mb0
Table of contents
Loading...

Zyxel LTE7480-S905, LTE7461-M602 User's Guide

Download
Default Login Details
User’s Guide

LTE7461-M602 & LTE7480-S905

LAN IP Address http://192.168.1.1
Login admin
Version 2.00 Ed 2, 9/2019
Copyright © 2019 Zyxel Communications Corporation
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE.
This is a series User’s Guide. Screenshots and graphics in this book may differ slightly from what you see due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate.
Related Documentation
•Quick Start Guide The Quick Start Guide shows how to connect the Zyxel Device.
•More Information Go to support.zyxel.com to find other information on the Zyxel Device
.
LTE Series User’s Guide
2

Document Conventions

Warnings and Notes
These are how warnings and notes are shown in this guide.
Warnings tell you about things that could harm you or your Zyxel Device.
Note: Notes tell you other important information (for example, other things you may need to
configure or helpful tips) or recommendations.
Syntax Conventions
• The LTE device in this user’s guide may be referred to as the “Zyxel Device” in this guide.
• Product labels, screen names, field labels and field choices are all in bold font.
• A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Network Setting > Routing > DNS Route means you first click Network Setting in the navigation panel, then the Routing sub menu and finally the DNS Route tab to get to that screen.
Icons Used in Figures
Figures in this user guide may use the following generic icons. The Zyxel Device icon is not an exact representation of your Zyxel Device.
Zyxel Device Generic Router Switch
Server Firewall USB Storage Device
Printer
LTE Series User’s Guide
3

Contents Overview

Contents Overview
User’s Guide ......................................................................................................................................11
Introduction ........................................................................................................................................... 12
The Web Configurator ......................................................................................................................... 17
Quick Start ............................................................................................................................................. 24
Technical Reference ........................................................................................................................26
Connection Status ................................................................................................................................ 27
Broadband ............................................................................................................................................ 34
Home Networking ................................................................................................................................. 43
Routing ................................................................................................................................................... 66
Network Address Translation (NAT) ..................................................................................................... 74
Dynamic DNS Setup ............................................................................................................................. 84
Firewall ................................................................................................................................................... 88
MAC Filter .............................................................................................................................................. 99
Certificates .......................................................................................................................................... 101
Log ........................................................................................................................................................ 110
Traffic Status ........................................................................................................................................ 113
ARP Table ............................................................................................................................................ 116
Routing Table ...................................................................................................................................... 118
Cellular WAN Status ............................................................................................................................ 121
System .................................................................................................................................................. 125
User Account ...................................................................................................................................... 126
Remote Management ....................................................................................................................... 129
Time Settings ........................................................................................................................................ 133
E-mail Notification .............................................................................................................................. 136
Log Setting ........................................................................................................................................... 139
Firmware Upgrade .............................................................................................................................. 142
Backup/Restore .................................................................................................................................. 144
Diagnostic ........................................................................................................................................... 147
Troubleshooting & Appendices .....................................................................................................149
Troubleshooting .................................................................................................................................. 150
LTE Series User’s Guide
4

Table of Contents

Table of Contents
Document Conventions .................................................................. ....................................................3
Contents Overview .............................................................................................................................4
Table of Contents.................................................................................................................................5
Part I: User’s Guide.......................................................................................... 11
Chapter 1
Introduction ........................................................................................................................................12
1.1 Overview ......................................................................................................................................... 12
1.2 Application for the Zyxel Device .................................................................................................. 13
1.3 Manage the Zyxel Device ............................................................................................................. 13
1.4 Good Habits for Managing the Zyxel Device ............................................................................. 14
1.5 Front and Bottom Panels ............................................................................................................... 14
1.5.1 LEDs (Lights) ........................................................................................................................... 14
1.5.2 Bottom Panels ........................................................................................................................ 14
1.6 Using the WiFi Button ...................................................................................................................... 15
1.7 The RESET Button ............................................................................................................................. 16
Chapter 2
The Web Configurator........................................................................................................................17
2.1 Overview ......................................................................................................................................... 17
2.1.1 Access the Web Configurator ............................................................................................. 17
2.2 Web Configurator Layout .............................................................................................................. 19
2.2.1 Settings Icon .......................................................................................................................... 19
2.2.2 Widget Icon ........................................................................................................................... 23
Chapter 3
Quick Start..........................................................................................................................................24
3.1 Overview ......................................................................................................................................... 24
3.2 Quick Start Setup ............................................................................................................................ 24
3.3 Time Zone ........................................................................................................................................ 24
3.4 WiFi Setup ........................................................................................................................................ 25
3.5 Quick Start Setup-Finish .................................................................................................................. 25
Part II: Technical Reference........................................................................... 26
LTE Series User’s Guide
5
Table of Contents
Chapter 4
Connection Status..............................................................................................................................27
4.1 Connection Status Overview ........................................................................................................ 27
4.1.1 Connectivity .......................................................................................................................... 27
4.1.2 System Info ............................................................................................................................. 28
4.1.3 WiFi Settings ........................................................................................................................... 30
4.1.4 LAN ......................................................................................................................................... 32
Chapter 5
Broadband..........................................................................................................................................34
5.1 Overview ......................................................................................................................................... 34
5.1.1 What You Can Do in this Chapter ....................................................................................... 34
5.1.2 What You Need to Know ..................................................................................................... 34
5.1.3 Before You Begin ................................................................................................................... 35
5.2 Cellular WAN ................................................................................................................................... 35
5.3 Cellular SIM Configuration ............................................................................................................. 37
5.4 Cellular Band Configuration .......................................................................................................... 38
5.5 PLMN Configuration ....................................................................................................................... 39
5.6 IP Passthrough ................................................................................................................................. 41
Chapter 6
Home Networking..............................................................................................................................43
6.1 Overview ......................................................................................................................................... 43
6.1.1 What You Can Do in this Chapter ....................................................................................... 43
6.1.2 What You Need To Know ..................................................................................................... 43
6.2 LAN Setup ........................................................................................................................................ 44
6.3 Static DHCP ..................................................................................................................................... 48
6.3.1 Before You Begin ................................................................................................................... 48
6.4 UPnP ................................................................................................................................................. 50
6.5 Technical Reference ...................................................................................................................... 51
6.6 Turn on UPnP in Windows 7 Example ............................................................................................ 52
6.6.1 Auto-discover Your UPnP-enabled Network Device ........................................................ 53
6.7 Turn on UPnP in Windows 10 Example .......................................................................................... 56
6.7.1 Auto-discover Your UPnP-enabled Network Device ........................................................ 58
6.8 Web Configurator Easy Access in Windows 7 ............................................................................. 61
6.9 Web Configurator Easy Access in Windows 10 ........................................................................... 63
Chapter 7
Routing................................................................................................................................................66
7.1 Overview ......................................................................................................................................... 66
7.2 Configure Static Route .................................................................................................................. 66
7.2.1 Add/Edit Static Route ........................................................................................................... 67
7.3 DNS Route ........................................................................................................................................ 69
LTE Series User’s Guide
6
Table of Contents
7.3.1 Add/Edit DNS Route ............................................................................................................. 69
7.4 Policy Route .................................................................................................................................... 70
7.4.1 Add/Edit Policy Route .......................................................................................................... 72
7.5 RIP Overview ................................................................................................................................... 73
7.5.1 RIP ........................................................................................................................................... 73
Chapter 8
Network Address Translation (NAT).................................................................................................. 74
8.1 Overview ......................................................................................................................................... 74
8.1.1 What You Can Do in this Chapter ....................................................................................... 74
8.1.2 What You Need To Know ..................................................................................................... 74
8.2 Port Forwarding Overview ............................................................................................................. 75
8.2.1 Port Forwarding ..................................................................................................................... 76
8.2.2 Add/Edit Port Forwarding ..................................................................................................... 77
8.3 Port Triggering ................................................................................................................................. 78
8.3.1 Add/Edit Port Triggering Rule ............................................................................................... 80
8.4 DMZ .................................................................................................................................................. 81
8.5 ALG ................................................................................................................................................... 82
Chapter 9
Dynamic DNS Setup...........................................................................................................................84
9.1 DNS Overview ................................................................................................................................. 84
9.1.1 What You Can Do in this Chapter ....................................................................................... 84
9.1.2 What You Need To Know ..................................................................................................... 84
9.2 DNS Entry ......................................................................................................................................... 85
9.2.1 Add/Edit DNS Entry ............................................................................................................... 85
9.3 Dynamic DNS .................................................................................................................................. 86
Chapter 10
Firewall................................................................................................................................................88
10.1 Overview ....................................................................................................................................... 88
10.1.1 What You Need to Know About Firewall .......................................................................... 88
10.2 Firewall ........................................................................................................................................... 89
10.2.1 What You Can Do in this Chapter ..................................................................................... 89
10.3 Firewall General Settings .............................................................................................................. 89
10.4 Protocol (Customized Services) .................................................................................................. 91
10.4.1 Add Customized Service .................................................................................................... 91
10.5 Access Control (Rules) ................................................................................................................. 92
10.5.1 Access Control Add New ACL Rule .................................................................................. 93
10.6 DoS ................................................................................................................................................. 95
10.7 Firewall Technical Reference ...................................................................................................... 96
10.7.1 Firewall Rules Overview ...................................................................................................... 96
10.7.2 Guidelines For Security Enhancement With Your Firewall .............................................. 97
LTE Series User’s Guide
7
Table of Contents
10.7.3 Security Considerations ...................................................................................................... 97
Chapter 11
MAC Filter ...........................................................................................................................................99
11.1 MAC Filter Overview ..................................................................................................................... 99
11.2 MAC Filter ...................................................................................................................................... 99
Chapter 12
Certificates .......................................................................................................................................101
12.1 Overview ..................................................................................................................................... 101
12.1.1 What You Can Do in this Chapter ................................................................................... 101
12.2 Local Certificates ....................................................................................................................... 101
12.2.1 Create Certificate Request ............................................................................................. 102
12.2.2 View Certificate Request ................................................................................................. 103
12.3 Trusted CA ................................................................................................................................... 105
12.4 Import Trusted CA Certificate ................................................................................................... 106
12.5 View Trusted CA Certificate ...................................................................................................... 106
12.6 Certificates Technical Reference ............................................................................................. 107
12.6.1 Verify a Certificate ............................................................................................................ 108
Chapter 13
Log ..................................... ................................................ ...............................................................110
13.1 Log Overview .............................................................................................................................. 110
13.1.1 What You Can Do in this Chapter ................................................................................... 110
13.1.2 What You Need To Know ................................................................................................. 110
13.2 System Log .................................................................................................................................. 111
13.3 Security Log ................................................................................................................................. 111
Chapter 14
Traffic Status .....................................................................................................................................113
14.1 Traffic Status Overview ............................................................................................................... 113
14.1.1 What You Can Do in this Chapter ................................................................................... 113
14.2 WAN Status .................................................................................................................................. 113
14.3 LAN Status .................................................................................................................................... 114
Chapter 15
ARP Table..........................................................................................................................................116
15.1 ARP Table Overview ................................................................................................................... 116
15.1.1 How ARP Works .................................................................................................................. 116
15.2 ARP Table .................................................................................................................................... 117
Chapter 16
Routing Table....................................................................................................................................118
LTE Series User’s Guide
8
Table of Contents
16.1 Routing Table Overview ............................................................................................................ 118
16.2 Routing Table .............................................................................................................................. 118
Chapter 17
Cellular WAN Status ........................................................................................................................121
17.1 Cellular WAN Status Overview .................................................................................................. 121
17.2 Cellular WAN Status .................................................................................................................... 121
Chapter 18
System...............................................................................................................................................125
18.1 System Overview ........................................................................................................................ 125
18.2 System .......................................................................................................................................... 125
Chapter 19
User Account.............................................................. ... .... ............................................ ...................126
19.1 User Account Overview ............................................................................................................. 126
19.2 User Account .............................................................................................................................. 126
19.2.1 User Account Add/Edit .................................................................................................... 127
Chapter 20
Remote Management.....................................................................................................................129
20.1 Overview ..................................................................................................................................... 129
20.2 MGMT Services ............................................................................................................................ 129
20.3 MGMT Services for IP Passthrough ............................................................................................ 130
20.4 Trust Domain ................................................................................................................................ 131
20.5 Add Trust Domain ....................................................................................................................... 131
Chapter 21
Time Settings.....................................................................................................................................133
21.1 Time Settings Overview .............................................................................................................. 133
21.2 Time .............................................................................................................................................. 133
Chapter 22
E-mail Notification ...........................................................................................................................136
22.1 E-mail Notification Overview ..................................................................................................... 136
22.2 E-mail Notification ...................................................................................................................... 136
22.2.1 E-mail Notification Edit ...................................................................................................... 137
Chapter 23
Log Setting ................................ ... .... .... ............................................ ... .............................................139
23.1 Log Setting Overview ................................................................................................................. 139
23.2 Log Setting ................................................................................................................................... 139
LTE Series User’s Guide
9
Table of Contents
Chapter 24
Firmware Upgrade........................................................................... ... .... .........................................142
24.1 Overview ..................................................................................................................................... 142
24.2 Firmware Upgrade ...................................................................................................................... 142
Chapter 25
Backup/Restore ...............................................................................................................................144
25.1 Backup/Restore Overview ........................................................................................................ 144
25.2 Backup/Restore .......................................................................................................................... 144
25.3 Reboot ......................................................................................................................................... 145
Chapter 26
Diagnostic.........................................................................................................................................147
26.1 Diagnostic Overview .................................................................................................................. 147
26.2 Ping/TraceRoute/Nslookup Test ................................................................................................ 147
Part III: Troubleshooting & Appendices ......................................................149
Chapter 27
Troubleshooting................................................................................................................................150
27.1 Overview ..................................................................................................................................... 150
27.2 Power and Hardware Connections ......................................................................................... 150
27.3 Zyxel Device Access and Login ................................................................................................ 150
27.4 Internet Access ........................................................................................................................... 152
27.5 UPnP ............................................................................................................................................. 153
27.6 SIM Card ...................................................................................................................................... 154
27.7 Cellular Signal ............................................................................................................................. 154
Appendix A Customer Support ..................................................................................................... 156
Appendix B IPv6............................................................................................................................... 162
Appendix C Legal Information ...................................................................................................... 168
Index.................................................................................................................................................175
LTE Series User’s Guide
10
PART I

User’s Guide

11

1.1 Overview

Zyxel Device refers to these models as outlined below.
The following table describes the feature differences of the Zyxel Device by model.
Table 1 Zyxel Device Comparison Table
Gigabit Ethernet Port V V
2.4G WLAN - -
LTE Speed FDD-LTE
• LTE7461-M602
• LTE7480-S905
• Downlink: 400 Mbps (Optional: 256QAM support)
• Uplink: 50 Mbps
CHAPTER 1

Introduction

LTE7461-M602 LTE7480-S905
TDD-LTE config. #2
• Downlink: 573 Mbps
• Uplink: 15.1 Mbps
Note: These are the theoretical downlink and uplink rates. LTE speed is
affected by strength of signal, network congestion, LTE band(s) or frequency(-ies) to which your Zyxel Device is connected, and so forth.
LTE Band B2/4/5/7/12/13/25/26/29/66 B48
WCDMA B2/4/5 -
Wall Mount V V
Pole Mount V V
The Zyxel Device is an outdoor LTE (Long Term Evolution) router that supports (but not limited to) the following:
• Gigabit Ethernet connection
• DHCP (Dynamic Host Configuration Protocol) server
• NAT (Network Address Translation)
• DMZ (Demilitarized Zone)
• Port Forwarding/Triggering
• ALG (Application Layer Gateway)
• Embedded Bridge/Router mode
• Dynamic DNS (Domain Name System) for the first APN (Access Point Name)
• Static/Dynamic Route setting for RIP (Routing Information Protocol)
• Remote Management under Bridge mode
LTE Series User’s Guide
12
Chapter 1 Introduction
LTE (4G)/3G/2G
WiFi
• Address Resolution Protocol (ARP)
• Firewall that uses Stateful Packet Inspection (SPI) technology
• Protects against Denial of Service (DoS) attacks
• Filter of LAN MAC address, LAN IP address and URLs
• Local and remote device management
• Firmware upgrade via Web Configurator
The embedded Web-based Configurator enables straightforward management and maintenance. Just insert the SIM card (with an active data plan) and make the hardware connections. See the Quick Start Guide for how to do the hardware installation, wall mounting, Internet setup and turning on/off WiFi (optional).

1.2 Application for the Zyxel Device

Wireless WAN
TheZyxel Device can connect to the Internet through a 2G/3G/4G LTE SIM card to access a wireless WAN connection. Just insert a SIM card into the SIM card slot at the bottom of the Zyxel Device.
Note: You must insert the SIM card into the card slot before turning on the Zyxel Device.
Internet Access
Your Zyxel Device provides shared Internet access by connecting to an LTE network. A computer can connect to the Zyxel Device’s PoE injector for configuration via the Web Configurator.
Figure 1 Zyxel Device’s Internet Access Application

1.3 Manage the Zyxel Device

Use the Web Configurator for management of the Zyxel Device using a (supported) web browser.
LTE Series User’s Guide
13
Chapter 1 Introduction

1.4 Good Habits for Managing the Zyxel Device

Do the following things regularly to make the Zyxel Device more secure and to manage the Zyxel Device more effectively.
• Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.
• Write down the password and put it in a safe place.
• Back up the configuration (and make sure you know how to restore it). Refer to Section 25.2 on page
144. Restoring an earlier working configuration may be useful if the Zyxel Device becomes unstable or
even crashes. If you forget your password to access the Web Configurator, you will have to reset the Zyxel Device to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the Zyxel Device. You could simply restore your last configuration. Write down any information your ISP provides you.

1.5 Front and Bottom Panels

The LED indicators are located on bottom panel.
Figure 2 Bottom Panel
1.5.1 LEDs (Lights)
None of the LEDs are on if the Zyxel Device is not receiving power.
LED Descriptions
COLOR STATUS DESCRIPTION
Red Blinking The Zyxel Device is booting or self-testing.
On The Zyxel Device encountered an error.
Green Blinking The Zyxel Device is trying to connect to the Internet.
On The Zyxel Device is connected to the Internet.
Amber Blinking The Zyxel Device WiFi is on.
1.5.2 Bottom Panels
The connection ports are located on the bottom panel.
LTE Series User’s Guide
14
Chapter 1 Introduction
The following table describes the items on the bottom panel.
Table 2 Panel Ports and Buttons
LABEL DESCRIPTION
LAN Connect a computer via the PoE injector for configuration.
Connect the PoE injector to a power outlet to start the device.
WiFi Press the WLAN button for more than five seconds to enable the wireless function.
WPS After the wireless function is enabled, press the WLAN button for more than one second but less
than five seconds to quickly set up a secure wireless connection between the device and a WPS­compatible client.
Reset Press the button for more than five seconds to return the Zyxel Device to the factory defaults. Reboot Press the RESET button for more than 2 seconds but less than 5 seconds, it will cause the system to
reboot.
SIM card Insert a micro-SIM card into the slot with the chip facing down and the beveled corner in the top
left corner.

1.6 Using the WiFi Button

The wireless network is turned off by default.
You can use the wireless function for 30 minutes by default after the Zyxel Device finishes rebooting or when the wireless function is turned on.
Figure 3 WiFi Button
To turn on WiFi:
1 Make sure the POWER LED is on and not blinking.
2 Press the WiFi button for more than 5 seconds and release it.
Once WiFi is turned on, the LED blinks amber.
To activate WPS (WiFi must be already on):
1 Press the WiFi button for more than 1 second but less than 5 seconds and release it (pressing more than
5 seconds will turn off WiFi).
2 Press the WPS button on another WPS-enabled device within range of the Zyxel Device.
To turn off the wireless network, press the WiFi button for more than 5 seconds.
The amber LED turns off.
LTE Series User’s Guide
15
Note: Use the WiFi function of the Zyxel Device for configuration (for example, connect to the
LTE Ally app of your mobile device to nd the optimal LTE signal strength and manage your Zyxel Device).

1.7 The RESET Button

If you forget your password or cannot access the Web Configurator, you will need to use the RESET button of the Zyxel Device as shown in the following figure to reload the factory-default configuration file. This means that you will lose all configurations that you had previously saved, the password will be reset to the default password shown on the device label and the IP address will be reset to 192.168.1.1.
Figure 4 Reset Button
Chapter 1 Introduction
1 Make sure the Zyxel Device is connected to power and POWER LED is on.
2 To set the Zyxel Device back to the factory default settings, press the RESET button for 5 seconds.
Note: If you press the RESET button for more than 2 seconds but less than 5 seconds, it will
cause the system to reboot.
LTE Series User’s Guide
16

2.1 Overview

The Web Configurator is an HTML-based management interface that allows easy Zyxel Device setup and management via Internet browser. Use Internet Explorer 8.0 and later versions or Mozilla Firefox 3 and later versions or Safari 2.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
In order to use the Web Configurator you need to allow:
• Web browser pop-up windows from your Zyxel Device. Web pop-up blocking is enabled by default in Windows 10.
• JavaScript (enabled by default).
• Java permissions (enabled by default).
CHAPTER 2

The Web Configurator

2.1.1 Access the Web Configurator
1 Make sure your Zyxel Device hardware is properly connected (refer to the Quick Start Guide).
2 Launch your web browser. If the Zyxel Device does not automatically re-direct you to the login screen,
go to http://192.168.1.1.
3 A password screen displays. Select the language you prefer (upper right).
4 To access the Web Configurator and manage the Zyxel Device, type the default username admin and
the randomly assigned default password (see the Zyxel Device label) in the Login screen and click Login. If you have changed the password, enter your password and click Login.
Figure 5 Password Screen
LTE Series User’s Guide
17
Chapter 2 The Web Configurator
Note: The first time you enter the password, you will be asked to change it. Make sure the new
password must contain at least one uppercase letter, one lowercase letter and one number.
5 The Connection Status screen appears. Use this screen to configure basic Internet access, wireless
settings, and parental control settings. Figure 6 Connection Status
LTE Series User’s Guide
18
Chapter 2 The Web Configurator
C
A
B

2.2 Web Configurator Layout

Figure 7 Screen Layout
As illustrated above, the main screen is divided into these parts:
A - Settings Icon (Navigation Panel & Side Bar)
B - Widget Icon
C - Main Window
2.2.1 Settings Icon
Click this icon ( ) to see the side bar and navigation panel.
LTE Series User’s Guide
19
2.2.1.1 Side Bar
The side bar provides some icons on the right hand side.
Chapter 2 The Web Configurator
The icons provide the following functions.
Table 3 Web Configurator Icons in the Title Bar
ICON DESCRIPTION
Wizard: Click this icon to open screens where you can configure the Zyxel Device’s time zone and wireless settings. See Chapter 3 on page 24 for more information about the Wizard screens.
Theme: Click this icon to select a color that you prefer and apply it to the Web Configurator.
Language: Select the language you prefer.
Restart: Click this icon to reboot the Zyxel Device without turning the power off.
Logout: Click this icon to log out of the Web Configurator.
LTE Series User’s Guide
20
2.2.1.2 Navigation Panel
Use the menu items on the navigation panel to open screens to configure Zyxel Device features. The following tables describe each menu item.
Table 4 Navigation Panel Summary
LINK TAB FUNCTION
Home Use this screen to configure basic Internet access and wireless settings.
Network Setting
Broadband Cellular WAN Use this screen to configure an LTE WAN connection that includes the
Home Networking
Routing Static Route Use this screen to view and set up static routes on the Zyxel Device.
NAT Port Forwarding Use this screen to make your local servers visible to the outside world.
DNS DNS Entry Use this screen to view and configure DNS routes.
Security
Firewall General Use this screen to configure the security level of your firewall.
MAC Filter MAC Filter Use this screen to block or allow traffic from devices of certain MAC
Chapter 2 The Web Configurator
This screen also shows the network status of the Zyxel Device and computers/devices connected to it.
Access Point Name (APN) provided by your service provider.
Cellular SIM Use this screen to enter a PIN for your SIM card to prevent others from
using it.
Cellular Band Use this screen to configure the LTE frequency bands that can be used
Cellular PLMN Use this screen to view available PLMNs and select your preferred
Cellular IP Passthrough
LAN Setup Use this screen to configure LAN TCP/IP settings, and other advanced
Static DHCP Use this screen to assign specific IP addresses to individual MAC
UPnP Use this screen to turn UPnP and UPnP NAT-T on or off.
DNS Route Use this screen to forward DNS queries for certain domain names through
Policy Route
RIP Use this screen to configure Routing Information Protocol to exchange
Port Triggering Use this screen to change your Zyxel Device’s port triggering settings.
DMZ Use this screen to configure a default server which receives packets from
ALG Use this screen to enable or disable SIP ALG.
Dynamic DNS Use this screen to allow a static hostname alias for a dynamic IP address.
Protocol Use this screen to add Internet services and configure firewall rules.
Access Control Use this screen to enable specific traffic directions for network services.
DoS Use this screen to activate protection against Denial of Service (DoS)
for Internet access as provided by your service provider.
network.
Use this screen to enable IP Passthrough mode (bridge mode).
properties.
addresses.
a specific WAN interface to its DNS server(s).
Use this screen to configure policy routing on the Zyxel Device.
routing information with other routers.
ports that are not specified in the Port Forwarding screen.
attacks.
addresses to the Zyxel Device.
LTE Series User’s Guide
21
Chapter 2 The Web Configurator
Table 4 Navigation Panel Summary (continued)
LINK TAB FUNCTION
Certificates Local Certificates Use this screen to view a summary list of certificates and manage
certificates and certification requests.
Trusted CA
System Monitor
Log System Log Use this screen to view the status of events that occurred to the Zyxel
Security Log Use this screen to view all security related events. You can select the
Use this screen to view and manage the list of the trusted CAs.
Device. You can export or email the logs.
level and category of the security events in their proper drop-down list window.
Levels include:
•Emergency
•Alert
• Critical
• Error
• Warning
•Notice
• Informational
•Debugging
Categories include:
• Account
• Attack
•Firewall
• MAC Filter
Traffic Status WAN Use this screen to view the status of all network traffic going through the
LAN Use this screen to view the status of all network traffic going through the
ARP table ARP table Use this screen to view the ARP table. It displays the IP and MAC address
Routing Table Routing Table Use this screen to view the routing table on the Zyxel Device.
Cellular WAN Status
Maintenance
System System
User Account User Account Use this screen to change the user password on the Zyxel Device.
Remote Management
Time Time Use this screen to change your Zyxel Device’s time and date.
E-mail Notification
Log Setting Log Setting Use this screen to change your Zyxel Device’s log settings.
Firmware Upgrade
Cellular Statistics Use this screen to look at the cellular Internet connection status.
MGMT Services Use this screen to enable specific traffic directions for network services.
MGMT Services for IP Passthrough
Trust Domain Use this screen to view a list of public IP addresses which are allowed to
E-mail Notification
Firmware Upgrade
WAN port of the Zyxel Device.
LAN ports of the Zyxel Device.
of each DHCP connection.
Use this screen to set the Zyxel Device name and Domain name.
Use this screen to enable various approaches to access this Zyxel Device remotely from a WAN and/or LAN connection.
access the Zyxel Device through the services configured in the Maintenance > Remote Management screen.
Use this screen to configure up to two mail servers and sender addresses on the Zyxel Device.
Use this screen to upload firmware to your Zyxel Device.
LTE Series User’s Guide
22
Table 4 Navigation Panel Summary (continued)
LINK TAB FUNCTION
Backup/Restore Backup/Restore Use this screen to backup and restore your Zyxel Device’s configuration
Reboot Reboot Use this screen to reboot the Zyxel Device without turning the power off.
Diagnostic Ping&Traceroute
2.2.2 Widget Icon
Click this icon ( ) to arrange the screen order. Select a block and hold it to move around. Click the Check icon ( ) in the lower left corner to save the changes.
&Nslookup
Chapter 2 The Web Configurator
(settings) or reset the factory default settings.
Use this screen to identify problems with the DSL connection. You can use Ping, TraceRoute, or Nslookup to help you identify problems.
LTE Series User’s Guide
23

3.1 Overview

Use the Wizard screens to configure the Zyxel Device’s time zone and wireless settings.
Note: See the technical reference chapters (starting on Chapter 4 on page 27) for
background information on the features in this chapter.

3.2 Quick Start Setup

You can click the Wizard icon in the side bar to open the Wizard screens. See Section 2.2.1.1 on page 20 for more information about the side bar. After you click the Wizard icon, the following screen appears. Click Let’s Go to proceed with settings on time zone and wireless networks. It will take you a few minutes to complete the settings on the Wizard screens. You can click Skip to leave the Wizard screens.
CHAPTER 3

Quick Start

Figure 8 Wizard - Home

3.3 Time Zone

Select the time zone of your location. Click Next.
Figure 9 Wizard - Time Zone
LTE Series User’s Guide
24

3.4 WiFi Setup

Turn WiFi on or off. If you keep it on, record the WiFi Name and Password in this screen so you can configure your wireless clients to connect to the Zyxel Device. If you want to show or hide your WiFi password, click the Eye icon ( ). Click Done.
Figure 10 Wizard - Wireless
Chapter 3 Quick Start
Note: Press the WiFi button (see Section 1.6 on page 15 for the location and for how long the
wireless function is turned on) for one second.

3.5 Quick Start Setup-Finish

Your Zyxel Device saves your settings and attempts to connect to the Internet.
LTE Series User’s Guide
25
PART II

Technical Reference

26

Connection Status

4.1 Connection Status Overview

After you log into the Web Configurator, the Connection Status screen appears. You can configure basic Internet access and wireless settings in this screen. It also shows the network status of the Zyxel Device and computers/devices connected to it.
4.1.1 Connectivity
Use this screen to view the network connection status of the Zyxel Device and its clients.
Figure 11 Connectivity
CHAPTER 4
Click the Arrow icon ( ) to view IP addresses and MAC addresses of the wireless and wired devices connected to the Zyxel Device.
Figure 12 Connectivity: Connected Devices
You can change the icon and name of a connected device. Place your mouse within the device block, and an Edit icon ( ) will appear. Click the Edit icon, and you’ll see there are several icon choices for you to select. Enter a name in the Device Name field for a connected device. Click to enable
() i Internet Blocking for a connected device. Click Save to save your changes.
LTE Series User’s Guide
27
Figure 13 Connectivity: Edit
4.1.2 System Info
Chapter 4 Connection Status
Use this screen to view the basic system information of the Zyxel Device.
Figure 14 System Info
Click the Arrow icon ( ) to view the more information on the status of your firewall and interfaces (WAN, LAN, and WLAN).
LTE Series User’s Guide
28
Chapter 4 Connection Status
Figure 15 System Info: Detailed Information
Each field is described in the following table.
Table 5 System Info: Detailed Information
LABEL DESCRIPTION
Host Name This field displays the Zyxel Device system name. It is used for identification.
Model Name This shows the model number of your Zyxel Device.
Serial Number This field displays the serial number of the Zyxel Device.
Firmware Version This is the current version of the firmware inside the Zyxel Device.
System Up Time This field displays how long the Zyxel Device has been running since it last started up. The
Zyxel Device starts up when you plug it in, when you restart it (Maintenance > Reboot), or when you reset it.
Interface Status
Virtual ports are shown here. You can see the ports in use and their transmission rate.
WAN Information (These fields display when you have a WAN connection.)
Mode This field displays the current mode of your Zyxel Device.
IP Address This field displays the current IP address of the Zyxel Device in the WAN.
IP Subnet Mask This field displays the current subnet mask in the WAN.
IPv6 Address This field displays the current IPv6 address of the Zyxel Device in the WAN.
Primary DNS server
This field displays the first DNS server address assigned by the ISP.
LTE Series User’s Guide
29
Chapter 4 Connection Status
Table 5 System Info: Detailed Information (continued)
LABEL DESCRIPTION
Secondary DNS server
Primary DNSv6 server
Secondary DNSv6 server
LAN Information
IP Address This is the current IP address of the Zyxel Device in the LAN.
Subnet Mask This is the current subnet mask in the LAN.
DHCP This field displays what DHCP services the Zyxel Device is providing to the LAN. The possible
Security
Firewall This displays the firewall’s current security level.
WLAN Information
MAC Address This shows the wireless adapter MAC (Media Access Control) Address of the wireless
Status This displays whether the WLAN is activated.
SSID This is the descriptive name used to identify the Zyxel Device in a wireless LAN.
Channel This is the channel number currently used by the wireless interface.
Security This displays the type of security mode the wireless interface is using in the wireless LAN.
802.11 Mode This displays the type of 802.11 mode the wireless interface is using in the wireless LAN.
WPS This displays whether WPS is activated on the wireless interface.
This field displays the second DNS server address assigned by the ISP.
This field displays the first DNS server IPv6 address assigned by the ISP.
This field displays the second DNS server IPv6 address assigned by the ISP.
values are: Server - The Zyxel Device is a DHCP server in the LAN. It assigns IP addresses to other
computers in the LAN. Relay - The Zyxel Device acts as a surrogate DHCP server and relays DHCP requests and
responses between the remote server and the clients. None - The Zyxel Device is not providing any DHCP services to the LAN.
interface.
4.1.3 WiFi Settings
Use this screen to enable or disable the main 2.4 GHz wireless network. When the switch turns blue ( ), the function is enabled. Otherwise, it is not. You can use this screen or the QR code on the upper right corner to check the SSIDs (WiFi network name) and passwords of the main wireless networks. If you want to show or hide your WiFi passwords, click the Eye icon ( ).
LTE Series User’s Guide
30
Chapter 4 Connection Status
Figure 16 WiFi Settings
Click the Arrow icon ( ) to configure the SSIDs and/or passwords for your main wireless networks. Click the Eye icon ( ) to display the characters as you enter the WiFi Password.
Figure 17 WiFi Settings: Configuration
Each field is described in the following table.
Table 6 WiFi Settings: Configuration
LABEL DESCRIPTION
2.4G WiFi Click this switch to enable or disable the 2.4 GHz wireless network. When the switch turns blue , the function is enabled. Otherwise, it’s not.
WiFi Name The SSID (Service Set IDentity) identifies the service set with which a wireless device is
associated. Wireless devices associating to the access point (AP) must have the same SSID.
Enter a descriptive name (up to 32 English keyboard characters) for the wireless LAN.
WiFi Password If you selected Random Password, this field displays a pre-shared key generated by the Zyxel
Device. If you did not select Random Password, you can manually type a pre-shared key from 8 to 64
case-sensitive keyboard characters.
Click the Eye icon to show or hide the password for your wireless network. When the Eye icon is slashed , you will see the password in plain text. Otherwise, it is hidden.
LTE Series User’s Guide
31
Table 6 WiFi Settings: Configuration (continued)
4.1.4 LAN
Use this screen to view the LAN IP address, subnet mask, and DHCP settings of your Zyxel Device.
Figure 18 LAN
Chapter 4 Connection Status
LABEL DESCRIPTION
Random Password Select this option to have the Zyxel Device automatically generate a password. The WiFi
Password field will not be configurable when you select this option.
Hide WiFi network name
Save Click Save to save your changes.
Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool.
Note: Disable WPS in the Network Setting > Wireless > WPS screen to hide the SSID.
Click the Arrow icon ( ) to configure the LAN IP settings and DHCP setting for your Zyxel Device.
Figure 19 LAN Setup
LTE Series User’s Guide
32
Chapter 4 Connection Status
Each field is described in the following table.
Table 7 Status Screen
LABEL DESCRIPTION
LAN IP Setup
IP Address Enter the LAN IPv4 IP address you want to assign to your Zyxel Device in dotted decimal
Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example 255.255.255.0
IP Addressing Values
Beginning IP Address
Ending IP Address
DHCP Server State
DHCP Server Lease Time
Days/Hours/ Minutes
Save Click Save to save your changes.
notation, for example, 192.168.1.1 (factory default).
(factory default). Your Zyxel Device automatically computes the subnet mask based on the IP Address you enter, so do not change this field unless you are instructed to do so.
This field specifies the first of the contiguous addresses in the IP address pool.
This field specifies the last of the contiguous addresses in the IP address pool.
This is the period of time DHCP-assigned addresses is used. DHCP automatically assigns IP addresses to clients when they log in. DHCP centralizes IP address management on central computers that run the DHCP server program. DHCP leases addresses, for a period of time, which means that past addresses are “recycled” and made available for future reassignment to other systems.
Enter the lease time of the DHCP server.
LTE Series User’s Guide
33

5.1 Overview

This chapter discusses the Zyxel Device’s Broadband screens. Use these screens to configure your Zyxel Device for Internet access.
A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks, such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Figure 20 LAN and WAN
CHAPTER 5

Broadband

5.1.1 What You Can Do in this Chapter
• Use the Cellular WAN screen to configure an LTE WAN connection (Section 5.2 on page 35).
• Use the Cellular SIM screen to enter the PIN of your SIM card (Section 5.3 on page 37).
• Use the Cellular Band screen to view or edit an LTE WAN interface. You can also configure the WAN
settings on the Zyxel Device for Internet access (Section 5.4 on page 38).
• Use the Cellular PLMN screen to display available Public Land Mobile Networks (Section 5.5 on page
39).
• Use the Cellular IP Passthrough screen to configure an LTE WAN connection (Section 5.6 on page 41).
5.1.2 What You Need to Know
The following terms and concepts may help as you read this chapter.
LTE Series User’s Guide
34
WAN IP Address
The WAN IP address is an IP address for the Zyxel Device, which makes it accessible from an outside network. It is used by the Zyxel Device to communicate with other devices in other networks. The ISP dynamically assigns it each time the Zyxel Device tries to access the Internet.
APN
Access Point Name (APN) is a unique string which indicates an LTE network. An APN is required for LTE stations to enter the LTE network and then the Internet.
5.1.3 Before You Begin
You may need to know your Internet access settings such as LTE APN, WAN IP address and SIM card’s PIN code if the INTERNET light on your Zyxel Device is off. Get this information from your service provider.

5.2 Cellular WAN

Chapter 5 Broadband
Click Network Setting > Broadband > Cellular WAN to display the following screen. Configure an LTE connection, including the Access Point Name (APN) provided by your service provider.
Note: APN information can be obtained from the service provider.
Roaming charges may apply when Data Roaming is enabled. Automatic APN Mode is not supported when operating in 3G only mode.
LTE Series User’s Guide
35
Chapter 5 Broadband
Figure 21 Network Setting > Broadband > Cellular WAN
The following table describes the fields in this screen.
Table 8 Network Setting > Broadband > Cellular WAN
LABEL DESCRIPTION
Roaming
Data Roaming Click this to enable ( ) data roaming on the Zyxel Device.
4G roaming is to use your mobile device in an area which is not covered by your service provider. Enable roaming to ensure that your Zyxel Device is kept connected to the Internet when you are traveling outside the geographical coverage area of the network to which you are registered.
APN Settings
APN Manual Mode
APN This field allows you to display the Access Point Name (APN) in the profile.
Username This field allows you to display the user name in the profile.
Password This field allows you to set the password in the profile.
Disable this to have the Zyxel Device configure the APN (Access Point Name) of an LTE network automatically. Otherwise, Click this to enable ( ) and enter the APN manually in the field below.
Enter the Access Point Name (APN) provided by your service provider. Connections with different APNs may provide different services (such as Internet access or MMS (Multi-Media Messaging Service)) and charging method.
You can enter up to 30 printable ASCII characters. Spaces are allowed.
Type the user name (up to 31 printable ASCII characters) given to you by your service provider.
Type the password (up to 31 printable ASCII characters) associated with the user name above.
LTE Series User’s Guide
36
Chapter 5 Broadband
Table 8 Network Setting > Broadband > Cellular WAN (continued)
LABEL DESCRIPTION
Authentication Type
PDP Type Select IPv4 if you want the Zyxel Device to run IPv4 (Internet Protocol version 4 addressing system)
Cancel Click this to exit this screen without saving any changes.
Apply Click this to save your changes.
Select the type of authentication method peers use to connect to the Zyxel Device in LTE connections.
In Password Authentication Protocol (PAP) peers identify themselves with a user name and password. In Challenge Handshake Authentication Protocol (CHAP) additionally to user name and password the Zyxel Device sends regular challenges to make sure an intruder has not replaced a peer. Otherwise select PAP/CHAP or None.
only. Select IPv4/IPv6 if you want the Zyxel Device to run both IPv4 and IPv6 (Internet Protocol version 4
and 6 addressing system) at the same time.

5.3 Cellular SIM Configuration

Enter a PIN for your SIM card to prevent others from using it.
Entering the wrong PIN code 3 consecutive times locks the SIM card after which you need a PUK (Personal Unlocking Key) from the service provider to unlock it.
Click Network Setting > Broadband > Cellular SIM. The following screen opens.
Figure 22 Network Setting > Broadband > Cellular SIM
Note: The PIN is automatically saved in the Zyxel Device.
Entering the wrong PIN exceeding a set number of times will lock the SIM card.
LTE Series User’s Guide
37
Chapter 5 Broadband
The following table describes the fields in this screen.
Table 9 Network Setting > Broadband > Cellular SIM
LABEL DESCRIPTION
PIN Management
PIN Protection A PIN (Personal Identification Number) code is a key to a SIM card. Without the PIN code, you
PIN If you enabled PIN verification, enter the 4-digit PIN code (0000 for example) provided by your ISP.
Attempts Remaining
Cancel Click Cancel to return to the previous screen without saving any changes. Apply Click Apply to save your changes.
cannot use the SIM card.
Click to enable ( ) if the service provider requires you to enter a PIN to use the SIM card.
Click to disable if the service provider lets you use the SIM without inputting a PIN.
If you enter the PIN code incorrectly too many times, the ISP may block your SIM card and not let you use the account to access the Internet.
This is how many more times you can try to enter the PIN code before the ISP blocks your SIM card.

5.4 Cellular Band Configuration

Either select Auto to have the Zyxel Device connect to an available network using the default settings on the SIM card or select the type of the network (4G, 3G, or 2G) to which you want the Zyxel Device to connect.
Click Network Setting > Broadband > Cellular Band. The following screen opens.
Figure 23 Network Setting > Broadband > Cellular Band
LTE Series User’s Guide
38
Chapter 5 Broadband
The following table describes the fields in this screen.
Table 10 Network Setting > Broadband > Cellular Band
LABEL DESCRIPTION
Access Technology
Preferred Access Technology
Band Management
Band Auto Selection Select the LTE bands to use for the Zyxel Device’s WAN connection. Click to enable ( )
Cancel Click this to exit this screen without saving any changes.
Apply Click this to save your changes.
Select the type of the network (4G, 3G, or 2G) to which you want the Zyxel Device to connect and click Apply to save your settings.
Otherwise, select Auto to have the Zyxel Device connect to an available network using the default settings on the SIM card. If the currently registered mobile network is not available or the mobile network’s signal strength is too low, the Zyxel Device switches to another available mobile network.
automatic LTE frequency band selection as provided by your service provider. Otherwise, select disabled.

5.5 PLMN Configuration

Each service provider has its own unique Public Land Mobile Network (PLMN) number. Either select PLMN Auto Selection to have the Zyxel Device connect to the service provider using the default settings on the
SIM card or manually view available PLMNs and select your service provider. Click Network Setting > Broadband > Cellular PLMN. The screen appears as shown next.
Figure 24 Network Setting > Broadband > Cellular PLMN
The following table describes the labels in this screen.
Table 11 Network Setting > Broadband > Cellular PLMN
LABEL DESCRIPTION
PLMN Management
PLMN Auto Selection Click to enable ( ) and have the Zyxel Device automatically connect to the first
available mobile network.
Select disabled to display the network list and manually select a preferred network.
Cancel Click Cancel to exit this screen without saving any changes. Apply Click Apply to save your changes back to the Zyxel Device.
After selecting to disable the following warning appears. Click OK to continue.
LTE Series User’s Guide
39
Chapter 5 Broadband
Figure 25 Network Setting > Broadband > Cellular PLMN > Manual Scan Warning
When the next screen appears, clicking Scan will allow the Zyxel Device to check for available PLMNs in its surroundings and display the network list.
Figure 26 Network Setting > Broadband > Cellular PLMN > Manual Scan
LTE Series User’s Guide
40
The following table describes the labels in this screen.
Table 12 Network Setting > Broadband > Cellular PLMN > Manual Scan
LABEL DESCRIPTION
# Click the radio button so the Zyxel Device connects to this ISP. Status This shows Current to show the ISP the Zyxel Device is currently connected to.
Name This shows the ISP name.
Type This shows the type of network the ISP provides.
PLMN This shows the PLMN number. Cancel Click Cancel to exit this screen without saving any changes. Apply Click Apply to save your changes back to the Zyxel Device.
Select from the network list and click Apply.

5.6 IP Passthrough

Chapter 5 Broadband
This shows Forbidden to indicate the Zyxel Device cannot connect to this ISP. This shows Available to indicate an available ISP your Zyxel Device can connect to.
Enable IP Passthrough to allow Internet traffic to go to a LAN computer behind the Zyxel Device without going through NAT.
Click Network Setting > Broadband > Cellular IP Passthrough to display the following screen.
Figure 27 Network Setting > Broadband > Cellular IP Passthrough
Note: Changing the IP Passthrough settings may affect the network setting of client devices.
After selecting to enable the following warning appears. Click OK to continue.
LTE Series User’s Guide
41
Chapter 5 Broadband
Figure 28 Network Setting > Broadband > Cellular IP Passthrough > Enable Warning
The following table describes the fields in this screen.
Table 13 Network Setting > Broadband > IP Passthrough
LABEL DESCRIPTION
IP Passthrough Management
IP Passthrough IP Passthrough allows a LAN computer on the local network of the Zyxel Device to have access to
web services using the public IP address. When IP Passthrough is configured, all traffic is forwarded to the LAN computer and will not go through NAT.
Passthrough Mode
Select Dynamic to allow traffic to be forwarded to any LAN computer on the local network of the Zyxel Device. Select Fixed to allow traffic to be forwarded to a specific LAN computer on the local network of the Zyxel Device.
Note: This field will show upon enabling IP Passthrough in the previous field.
Passthrough to fixed MAC
Enter the MAC address of a LAN computer on the local network of the Zyxel Device upon selecting Fixed in the previous field.
Note: This field will show upon selecting Fixed in the previous field.
Cancel Click this to exit this screen without saving any changes.
Apply Click this to save your changes.
LTE Series User’s Guide
42

6.1 Overview

A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is usually located in one immediate area such as a building or floor of a building.
The LAN screens can help you configure a LAN DHCP server and manage IP addresses.
CHAPTER 6

Home Networking

6.1.1 What You Can Do in this Chapter
• Use the LAN Setup screen to set the LAN IP address, subnet mask, and DHCP settings (Section 6.2 on
page 44).
• Use the Static DHCP screen to assign IP addresses on the LAN to specific individual computers based
on their MAC addresses (Section 6.3 on page 48).
• Use the UPnP screen to enable UPnP (Section 6.4 on page 50).
6.1.2 What You Need To Know
The following terms and concepts may help as you read this chapter.
6.1.2.1 About LAN IP Address
Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. This is known as an Internet Protocol address.
Subnet Mask
The subnet mask specifies the network number portion of an IP address. Your Zyxel Device will compute the subnet mask automatically based on the IP address that you entered. You do not need to change the subnet mask computed by the Zyxel Device unless you are instructed to do otherwise.
LTE Series User’s Guide
43
DHCP
DHCP (Dynamic Host Configuration Protocol) allows clients to obtain TCP/IP configuration at start-up from a server. This Zyxel Device has a built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability.
DNS
DNS (Domain Name System) maps a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The DNS server addresses you enter when you set up DHCP are passed to the client machines along with the assigned IP address and subnet mask.
6.1.2.2 About UPnP How do I know if I'm using UPnP?
UPnP hardware is identified as an icon in the Network Connections folder (Windows 7). Each UPnP compatible device installed on your network will appear as a separate icon. Selecting the icon of a UPnP device will allow you to access the information and properties of that device.
Chapter 6 Home Networking
Cautions with UPnP
The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments.
When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the Zyxel Device allows multicast messages on the LAN only.
All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention.
UPnP and Zyxel
Zyxel has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC). Zyxel's UPnP implementation supports Internet Gateway Device (IGD) 1.0.
See Section 6.6 on page 52 for examples on installing and using UPnP.

6.2 LAN Setup

A LAN IP address is the IP address of a networking device in the LAN. You can use the Zyxel Device's LAN IP address to access its Web Configurator from the LAN. The DHCP server settings define the rules on assigning IP addresses to LAN clients on your network. Set the Local Area Network IP address and subnet mask of your Zyxel Device and configure the DNS server information that the Zyxel Device sends to the DHCP clients on the LAN in this screen. Click Network Setting > Home Networking to open the LAN Setup screen.
LTE Series User’s Guide
44
Chapter 6 Home Networking
Figure 29 Network Setting > Home Networking > LAN Setup
LTE Series User’s Guide
45
Chapter 6 Home Networking
The following table describes the fields in this screen.
Table 14 Network Setting > Home Networking > LAN Setup
LABEL DESCRIPTION
Interface Group
Group Name This displays the name of the group that your Zyxel Device belongs to.
LAN IP Setup
IP Address Enter the LAN IP address you want to assign to your Zyxel Device in dotted decimal notation,
Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example 255.255.255.0
DHCP Server State DHCP Select Enable to have your Zyxel Device assign IP addresses, an IP default gateway and DNS
IP Addressing Values
Beginning IP Address
Ending IP Address This field specifies the last of the contiguous addresses in the IP address pool.
Auto reserve IP for the same host
DHCP Server Lease Time
Days/Hours/Minutes DHCP server leases an address to a new device for a period of time, called the DHCP lease
DNS Values
DNS The Zyxel Device supports DNS proxy by default. The Zyxel Device sends out its own LAN IP
for example, 192.168.1.1 (factory default).
(factory default). Your Zyxel Device automatically computes the subnet mask based on the IP address you enter, so do not change this field unless you are instructed to do so.
servers to LAN computers and other devices that are DHCP clients. If you select Disable, you need to manually configure the IP addresses of the computers and
other devices on your LAN. If you select DHCP Relay, the Zyxel Device acts as a surrogate DHCP server and relays DHCP
requests and responses between the remote server and the clients.
When DHCP is used, the following fields need to be set:
This field specifies the first of the contiguous addresses in the IP address pool.
Enable this if you want to reserve the IP address for the same host.
time. When the lease expires, the DHCP server might assign the IP address to a different device.
address to the DHCP clients as the first DNS server address. DHCP clients use this first DNS server to send domain-name queries to the Zyxel Device. The Zyxel Device sends a response directly if it has a record of the domain-name to IP address mapping. If it does not, the Zyxel Device queries an outside DNS server and relays the response to the DHCP client.
Select From ISP if your ISP dynamically assigns DNS server information (and the Zyxel Device's WAN IP address).
Select Static if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right.
Select DNS Proxy to have the DHCP clients use the Zyxel Device’s own LAN IP address. The Zyxel Device works as a DNS relay.
LAN IPv6 Mode Setup IPv6 Active Use this field to Enable or Disable IPv6 activation on the Zyxel Device.
When IPv6 activation is used, the following fields need to be set:
LTE Series User’s Guide
46
Chapter 6 Home Networking
Table 14 Network Setting > Home Networking > LAN Setup (continued)
LABEL DESCRIPTION
Link Local Address Type
A link-local address uniquely identifies a device on the local network (the LAN). It is similar to a “private IP address” in IPv6. You can have the same link-local address on multiple interfaces on a device. A link-local unicast address has a predefined prefix of fe80::/10. The link-local unicast address format is as follows. Select EU generate an interface ID for the LAN interface’s link-local address using the EU Otherwise, enter an interface ID for the LAN interface’s link-local address if you select Manual.
I64 to allow the Zyxel Device to
I-64 format.
LAN Global Identifier Type
LAN IPv6 Prefix Setup
LAN IPv6 Address Assign Setup
LAN IPv6 DNS Assign Setup
DHCPv6 Configuration
IPv6 Router Advertisement State
IPv6 DNS Values
IPv6 DNS Server 1~3
Select EU global address. Select Manual to manually enter an interface ID for the LAN interface’s global IPv6 address.
Select Delegate prefix from WAN to automatically obtain an IPv6 network prefix from the service provider or an uplink router. Select Static to configure a fixed IPv6 address for the Zyxel Device’s LAN IPv6 address.
Select how you want to obtain an IPv6 address: Stateless: The Zyxel Device uses IPv6 stateless autoconfiguration. RADVD (Router
Advertisement Daemon) is enabled to have the Zyxel Device send IPv6 prefix information in router advertisements periodically and in response to router solicitations. DHCPv6 server is disabled.
Stateful: The Zyxel Device uses IPv6 stateful autoconfiguration. The DHCPv6 server is enabled to have the Zyxel Device act as a DHCPv6 server and pass IPv6 addresses to DHCPv6 clients.
Select how the Zyxel Device provide DNS server and domain name information to the clients:
From Router Advertisement: The Zyxel Device provides DNS information through router advertisements.
From DHCPv6 Server: The Zyxel Device provides DNS information through DHCPv6. From RA & DHCPv6 Server: The Zyxel Device provides DNS information through both router
advertisements and DHCPv6. DHCPv6 Active shows the status of the DHCPv6. DHCPv6 Server displays if you configured the
Zyxel Device to act as a DHCPv6 server which assigns IPv6 addresses and/or DNS information to clients.
RADVD Active shows whether RADVD is enabled or not.
Specify the IP addresses up to three DNS servers for the DHCP clients to use. Use one of the following ways to specify these IP addresses.
User Defined - Select this if you have the IPv6 address of a DNS server. Enter the DNS server IPv6 addresses the Zyxel Device passes to the DHCP clients.
From ISP - Select this if your ISP dynamically assigns IPv6 DNS server information. Proxy - Select this if the DHCP clients use the IP address of this interface and the Zyxel Device
works as a DNS relay. Otherwise, select None if you do not want to configure IPv6 DNS servers.
I64 to have the Zyxel Device generate an interface ID using the EUI-64 format for its
LTE Series User’s Guide
47
Table 14 Network Setting > Home Networking > LAN Setup (continued)
LABEL DESCRIPTION
DNS Query Scenario Select how the Zyxel Device handles clients’ DNS information requests.
Cancel Click Cancel to restore your previously saved settings. Apply Click Apply to save your changes.

6.3 Static DHCP

Chapter 6 Home Networking
IPv4/IPv6 DNS Server: The Zyxel Device forwards the requests to both the IPv4 and IPv6 DNS servers and sends clients the first DNS information it receives.
IPv6 DNS Server Only: The Zyxel Device forwards the requests to the IPv6 DNS server and sends clients the DNS information it receives.
IPv4 DNS Server Only: The Zyxel Device forwards the requests to the IPv4 DNS server and sends clients the DNS information it receives.
IPv6 DNS Server First: The Zyxel Device forwards the requests to the IPv6 DNS server first and then the IPv4 DNS server. Then it sends clients the first DNS information it receives.
IPv4 DNS Server First: The Zyxel Device forwards the requests to the IPv4 DNS server first and then the IPv6 DNS server. Then it sends clients the first DNS information it receives.
When any of the LAN clients in your network want an assigned fixed IP address, add a static lease for each LAN client. Knowing the LAN client’s MAC addresses is necessary. Assign IP addresses on the LAN to specific individual computers based on their MAC addresses.
Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
6.3.1 Before You Begin
Find out the MAC addresses of your network devices if you intend to add them to the Static DHCP screen.
Use this screen to change your Zyxel Device’s static DHCP settings. Click Network Setting > Home
Networking > Static DHCP to open the following screen.
Figure 30 Network Setting > Home Networking > Static DHCP
LTE Series User’s Guide
48
Chapter 6 Home Networking
The following table describes the labels in this screen.
Table 15 Network Setting > Home Networking > Static DHCP
LABEL DESCRIPTION
Static DHCP Configuration
# This is the index number of the entry.
Status Active
MAC Address The MAC (Media Access Control) or Ethernet address on a LAN (Local Area Network) is
IP Address This field displays the IP address relative to the # field listed above. Modify Click the Edit icon to configure the connection.
Click this to configure a static DHCP entry.
unique to your computer (six pairs of hexadecimal notation).
A network interface card such as an Ethernet adapter has a hardwired address that is assigned at the factory. This address follows an industry standard that ensures no other adapter has a similar address.
If you click Static DHCP Configuration in the Static DHCP screen, the following screen displays.
Figure 31 Static DHCP: Static DHCP Configuration
The following table describes the labels in this screen.
Table 16 Static DHCP: Configuration
LABEL DESCRIPTION
Active Enable static DHCP in your Zyxel Device. Group Name This displays the Group Name, usually Default. IP Type The IP Type is normally IPv4 (non-configurable). Select Device Info Select between Manual Input which allows you to enter the next two fields (MAC Address
MAC Address Enter the MAC address of a computer on your LAN if you select Manual Input in the previous
IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC
and IP Address); or selecting an existing device would show its MAC address and IP address.
field.
address that you will also specify if you select Manual Input in the previous field.
LTE Series User’s Guide
49
Table 16 Static DHCP: Configuration
LABEL DESCRIPTION
Cancel Click Cancel to exit this screen without saving any changes. OK Click OK to save your changes.

6.4 UPnP

Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between networking devices and software that also have UPnP enabled. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. A device can leave a network smoothly and automatically when it is no longer in use.
See Section 6.6 on page 52 for more information on UPnP.
Use the following screen to configure the UPnP settings on your Zyxel Device. Click Network Setting > Home Networking > UPnP to display the screen shown next.
Chapter 6 Home Networking
Figure 32 Network Setting > Home Networking > UPnP
The following table describes the labels in this screen.
Table 17 Network Settings > Home Networking > UPnP
LABEL DESCRIPTION
UPnP State UPnP Select Enable to activate UPnP. Be aware that anyone could use a UPnP application to open
the Web Configurator's login screen without entering the Zyxel Device's IP address (although you must still enter the password to access the Web Configurator).
UPnP NAT-T State
LTE Series User’s Guide
50
Chapter 6 Home Networking
Table 17 Network Settings > Home Networking > UPnP
LABEL DESCRIPTION
UPnP NAT-T Select Enable to activate UPnP with NAT enabled. UPnP NAT traversal automates the process
of allowing an application to operate through NAT. UPnP network devices can automatically configure network addressing, announce their presence in the network to other UPnP devices and enable exchange of simple product and service descriptions.
# This field displays the index number of the entry.
Description This field displays the description of the UPnP NAT-T connection.
Destination IP Address
External Port This field displays the external port number that identifies the service.
Internal Port This field displays the internal port number that identifies the service.
Protocol This field displays the protocol of the NAT mapping rule (TCP or UDP). Cancel Click Cancel to restore your previously saved settings. Apply Click Apply to save your changes.
This field displays the IP address of the other connected UPnP-enabled device.

6.5 Technical Reference

This section provides some technical background information about the topics covered in this chapter.
LANs, WANs and the Zyxel Device
The actual physical connection determines whether the Zyxel Device ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next.
Figure 33 LAN and WAN IP Addresses
Private IP Addresses
Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the
LTE Series User’s Guide
51
Chapter 6 Home Networking
hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks:
• 10.0.0.0 — 10.255.255.255
• 172.16.0.0 — 172.31.255.255
• 192.168.0.0 — 192.168.255.255
You can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.
Note: Regardless of your particular situation, do not create an arbitrary IP address; always
follow the guidelines above. For more information on address assignment, please refer to RFC 1597, “Address Allocation for Private Internets” and RFC 1466, “Guidelines for Management of IP Address Space.”

6.6 Turn on UPnP in Windows 7 Example

This section shows you how to use the UPnP feature in Windows 7. UPnP server is installed in Windows 7. Activate UPnP on the Zyxel Device by clicking Network Setting > Home Networking > UPnP.
Make sure the computer is connected to the LAN port of the Zyxel Device. Turn on your computer and the Zyxel Device.
1 Click the start icon, Control Panel and then the Network and Sharing Center.
2 Click Change Advanced Sharing Settings.
LTE Series User’s Guide
52
Chapter 6 Home Networking
3 Select Turn on network discovery and click Save Changes. Network discovery allows your computer to
find other computers and devices on the network and other computers on the network to find your computer. This makes it easier to share files and printers.
6.6.1 Auto-discover Your UPnP-enabled Network Device
Before you follow these steps, make sure you already have UPnP activated on the Zyxel Device and in your computer.
Make sure your computer is connected to the LAN port of the Zyxel Device.
LTE Series User’s Guide
53
Chapter 6 Home Networking
1 Open Windows Explorer and click Network.
2 Right-click the Zyxel Device icon and select Properties.
Figure 34 Network Connections
3 In the Internet Connection Properties window, click Settings to see port mappings.
Figure 35 Internet Connection Properties
4 You may edit or delete the port mappings or click Add to manually add port mappings.
LTE Series User’s Guide
54
Chapter 6 Home Networking
Figure 36 Internet Connection Properties: Advanced Settings
Figure 37 Internet Connection Properties: Advanced Settings: Add
Note: When the UPnP-enabled device is disconnected from your computer, all port
mappings will be deleted automatically.
5 Click OK. Check the network icon on the system tray to see your Internet connection status.
Figure 38 System Tray Icon
6 To see more details about your current Internet connection status, right click the network icon in the
system tray and click Open Network and Sharing Center. Click Local Area Network.
LTE Series User’s Guide
55
Chapter 6 Home Networking
Figure 39 Internet Connection Status

6.7 Turn on UPnP in Windows 10 Example

This section shows you how to use the UPnP feature in Windows 10. UPnP server is installed in Windows 10. Activate UPnP on the Zyxel Device by clicking Network Setting > Home Networking > UPnP.
Make sure the computer is connected to the LAN port of the Zyxel Device. Turn on your computer and the Zyxel Device.
1 Click the start icon, Settings and then Network & Internet.
2 Click Network and Sharing Center.
LTE Series User’s Guide
56
Chapter 6 Home Networking
3 Click Change advanced sharing settings.
4 Under Domain, select Turn on network discovery and click Save C hanges. Network discovery allows your
computer to find other computers and devices on the network and other computers on the network to find your computer. This makes it easier to share files and printers.
LTE Series User’s Guide
57
Chapter 6 Home Networking
6.7.1 Auto-discover Your UPnP-enabled Network Device
Before you follow these steps, make sure you already have UPnP activated on the Zyxel Device and in your computer.
Make sure your computer is connected to the LAN port of the Zyxel Device.
1 Open File Explorer and click Network.
2 Right-click the Zyxel Device icon and select Properties.
LTE Series User’s Guide
58
Figure 40 Network Connections
Chapter 6 Home Networking
3 In the Internet Connection Properties window, click Settings to see port mappings.
Figure 41 Internet Connection Properties
4 You may edit or delete the port mappings or click Add to manually add port mappings.
LTE Series User’s Guide
59
Chapter 6 Home Networking
Figure 42 Internet Connection Properties: Advanced Settings
Figure 43 Internet Connection Properties: Advanced Settings: Add
Note: When the UPnP-enabled device is disconnected from your computer, all port
mappings will be deleted automatically.
5 Click OK. Check the network icon on the system tray to see your Internet connection status.
Figure 44 System Tray Icon
6 To see more details about your current Internet connection status, right click the network icon in the
system tray and click Open Network & Internet settings. Click Network and Sharing Center and click the Connections.
LTE Series User’s Guide
60
Chapter 6 Home Networking
Figure 45 Internet Connection Status

6.8 Web Configurator Easy Access in Windows 7

With UPnP, you can access the Web-based Configurator on the Zyxel Device without needing to find out the IP address of the Zyxel Device first. This comes helpful if you do not know the IP address of the Zyxel Device.
Follow the steps below to access the Web Configurator.
1 Open Windows Explorer.
2 Click Network.
LTE Series User’s Guide
61
Figure 46 Network Connections
Chapter 6 Home Networking
3 An icon with the description for each UPnP-enabled device displays under Network Infrastructure.
4 Right-click the icon for your Zyxel Device and select View device webpage. The Web Configurator login
screen displays. Figure 47 Network Connections: My Network Places
5 Right-click the icon for your Zyxel Device and select Properties. Click the Network Device tab. A window
displays with information about the Zyxel Device.
LTE Series User’s Guide
62
Chapter 6 Home Networking
Figure 48 Network Connections: My Network Places: Properties: Example

6.9 Web Configurator Easy Access in Windows 10

Follow the steps below to access the Web Configurator.
1 Open File Explorer.
2 Click Network.
LTE Series User’s Guide
63
Figure 49 Network Connections
Chapter 6 Home Networking
3 An icon with the description for each UPnP-enabled device displays under Network Infrastructure.
4 Right-click the icon for your Zyxel Device and select View device webpage. The Web Configurator login
screen displays. Figure 50 Network Connections: Network Infrastructure
5 Right-click the icon for your Zyxel Device and select Properties. Click the Network Device tab. A window
displays information about the Zyxel Device.
LTE Series User’s Guide
64
Chapter 6 Home Networking
Figure 51 Network Connections: Network Infrastructure: Properties: Example
LTE Series User’s Guide
65

7.1 Overview

WAN
R1
R2
A
R3
LAN
The Zyxel Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the Zyxel Device send data to devices not reachable through the default gateway, use static routes.
For example, the next figure shows a computer (A) connected to the Zyxel Device’s LAN interface. The Zyxel Device routes most traffic from A to the Internet through the Zyxel Device’s default gateway (R1). You create one static route to connect to services offered by your ISP behind router R2. You create another static route to communicate with a separate network behind a router R3 connected to the LAN.
Figure 52 Example of Static Routing Topology
CHAPTER 7

Routing

7.2 Configure Static Route

View and configure static route rules on the Zyxel Device. The purpose of a static route is to save time and bandwidth usage when LAN devices within an Intranet are transferring files or packets, especially when there are more than two Internet connections in your home or office network. Click Network Setting > Routing to open the Static Route screen.
LTE Series User’s Guide
66
Chapter 7 Routing
Figure 53 Network Setting > Routing > Static Route
The following table describes the labels in this screen.
Table 18 Network Setting > Routing > Static Route
LABEL DESCRIPTION
Add New Static Route
# This is the number of an individual static route.
Status This field indicates whether the rule is active (yellow bulb) or not (gray bulb).
Name This is the name of the static route.
Destination IP This parameter specifies the IP network address of the final destination. Routing is always based
Subnet Mask/ Prefix Length
Gateway This is the IP address of the gateway. The gateway is a router or switch on the same network
Interface This is the WAN interface through which the traffic is routed. Modify Click the Edit icon to go to the screen where you can set up a static route on the Zyxel Device.
Click this to set up a new static route on the Zyxel Device.
on network number.
This parameter specifies the IP network subnet mask of the final destination.
segment as the Zyxel Device's LAN or WAN port. The gateway helps forward packets to their destinations.
Click the Delete icon to remove a static route from the Zyxel Device.
7.2.1 Add/Edit Static Route
Click Add New Static Route in the Static Route screen, the following screen appears. Configure the required information for a static route.
Note: The Gateway IP Address must be within the range of the selected interface in Use
Interface.
LTE Series User’s Guide
67
Chapter 7 Routing
Figure 54 Routing: Add New Static Route
The following table describes the labels in this screen.
Table 19 Routing: Add/Edit
LABEL DESCRIPTION
Active Activates static route.
Route Name Assign a name for your static route (up to 15 characters). Special characters are allowed
IP Type Select between IPv4 or IPv6. Compared to IPv4, IPv6 (Internet Protocol version 6), is designed to
Destination IP Address
IP Subnet Mask Enter the IP subnet mask here.
Use Gateway IP Address
Gateway IP Address
Use Interface You can decide if you want to forward packets to a gateway IP address (Default) or a bound
Cancel Click this to exit this screen without saving any changes.
OK Click this to save your changes.
except the following: double quote (") back quote (`) apostrophe or single quote (') less than (<) greater than (>) caret or circumflex accent (^) dollar sign ($) vertical bar (|) ampersand (&) semicolon (;)
enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32­bit IPv4 address) allows up to 3.4 x 1038 IP addresses. The Zyxel Device can use IPv4/IPv6 dual stack to connect to IPv4 and IPv6 networks, and supports IPv6 rapid deployment (6RD).
This parameter specifies the IP network address of the final destination. Routing is always based on network number. If you need to specify a route to a single host, use a subnet mask of
255.255.255.255 in the subnet mask field to force the network number to be identical to the host ID.
Enables forwarding packets to a gateway IP address or a bound interface.
You can decide if you want to forward packets to a gateway IP address or a bound interface. If you want to configure Gateway IP Address, enter the IP address of the next-hop gateway. The
gateway is a router or switch on the same network segment as the Zyxel Device's LAN or WAN port. The gateway helps forward packets to their destinations.
interface (Cellular WAN).
If you want to configure bound interface, choose an interface through which the traffic is sent. You must have the WAN interfaces already configured in the Broadband screen.
LTE Series User’s Guide
68

7.3 DNS Route

Configure how domain name - IP address mapping queries are forwarded from the Zyxel Device to a DNS (Domain Name System) server if your Zyxel Device has multiple WAN interfaces. Click Network
Setting > Routing > DNS Route to open the DNS Route screen.
Figure 55 Network Setting > Routing > DNS Route
The following table describes the labels in this screen.
Table 20 Network Setting > Routing > DNS Route
LABEL DESCRIPTION
Add New DNS Route
# This is the number of an individual DNS route.
Status This field indicates whether the rule is active (yellow bulb) or not (gray bulb).
Domain Name This is the domain name to which the DNS route applies.
WAN Interface This is the WAN interface through which the matched DNS request is routed.
Subnet Mask This parameter specifies the IP network subnet mask. Modify Click the Edit icon to configure a DNS route on the Zyxel Device.
Chapter 7 Routing
Click this to create a new entry.
Click the Delete icon to remove a DNS route from the Zyxel Device.
7.3.1 Add/Edit DNS Route
Click Add New DNS Route in the DNS Route screen, use this screen to configure the required information for a DNS route.
LTE Series User’s Guide
69
Chapter 7 Routing
Figure 56 Add New DNS Route
The following table describes the labels in this screen.
Table 21 DNS Route: Add/Edit
LABEL DESCRIPTION
Active Enable DNS route in your Zyxel Device.
Domain Name Enter the domain name you want to resolve.
You can use the wildcard character, an “*” (asterisk) as the left most part of a domain name, such as *.example.com. The Zyxel Device forwards DNS queries for any domain name ending in example.com to the WAN interface specified in this route.
Subnet Mask Type the subnet mask of the network for which to use the DNS route in dotted decimal notation,
WAN Interface Select a WAN interface through which the matched DNS query is sent. You must have the WAN
Cancel Click this to exit this screen without saving any changes.
OK Click this to save your changes.
for example 255.255.255.255.
interface(s) already configured in the Broadband screen.

7.4 Policy Route

Traditionally, routing is based on the destination address only and the Zyxel Device takes the shortest path to forward a packet. Policy routes allow you to override the default routing behavior. Policy-based routing is applied to outgoing packets, and is especially useful when there are more than two Internet connections available in your home or office network.
You can use source-based policy forwarding to direct traffic from different users through different connections or distribute traffic among multiple paths for load sharing.
LTE Series User’s Guide
70
Chapter 7 Routing
The Policy Route screen let you view and configure routing policies on the Zyxel Device. Click Network
Setting > Routing > Policy Route to open the following screen.
Figure 57 Network Setting > Routing > Policy Route
The following table describes the labels in this screen.
Table 22 Network Setting > Routing >Policy Route
LABEL DESCRIPTION
Add New Policy Route
# This is the index number of the entry.
Status This field displays whether the DNS route is active or not. A yellow bulb signifies that this DNS route
Name This is the name of the rule.
Source IP This is the source IP address.
Source Subnet Mask
Protocol This is the transport layer protocol.
Source Port This is the source port number.
Source MAC This is the source MAC address.
Source Interface
WAN Interface This is the WAN interface through which the traffic is routed. Modify Click the Edit icon to edit this policy.
Click this to create a new policy forwarding rule.
is active. A gray bulb signifies that this DNS route is not active.
This is the source subnet mask address.
This is the interface from which the matched traffic is sent.
Click the Delete icon to remove a policy from the Zyxel Device. A window displays asking you to confirm that you want to delete the policy.
LTE Series User’s Guide
71
7.4.1 Add/Edit Policy Route
Click Add New Policy Route in the Policy Route screen or click the Edit icon next to a policy. Use this screen to configure the required information for a policy route.
Figure 58 Policy Route: Add/Edit
Chapter 7 Routing
The following table describes the labels in this screen.
Table 23 Policy Route: Add/Edit
LABEL DESCRIPTION
Active Click this to enable (turns blue) activation of the policy route. Otherwise, click to disable (turns
Route Name Enter a descriptive name of up to 8 printable English keyboard characters, not including spaces.
Source IP Address
Source Subnet Mask
Protocol Select the transport layer protocol (TCP or UDP).
Source Port Enter the source port number.
Source MAC Enter the source MAC address.
Source Interface (ex: br0 or LAN1~LAN4)
WAN Interface Select a WAN interface through which the traffic is sent. You must have the WAN interface(s)
Cancel Click Cancel to exit this screen without saving any changes. OK Click OK to save your changes.
gray).
Enter the source IP address.
Enter the source subnet mask address.
Type the name of the interface from which the matched traffic is sent.
already configured in the Broadband screens.
LTE Series User’s Guide
72

7.5 RIP Overview

Routing Information Protocol (RIP, RFC 1058 and RFC 1389) allows a Zyxel Device to exchange routing information with other routers. To activate RIP for the WAN interface, select the supported RIP version and operation.
7.5.1 RIP
Click Network Setting > Routing > RIP to open the RIP screen. Select the desired RIP version and operation by clicking the check box. To stop RIP on the WAN interface, clear the check box. Click the
Apply button to start/stop RIP and save the configuration.
Figure 59 Network Setting > Routing > RIP
Chapter 7 Routing
The following table describes the labels in this screen.
Table 24 Network Setting > Routing > RIP
LABEL DESCRIPTION
# This is the index of the interface in which the RIP setting is used.
Interface This is the name of the interface in which the RIP setting is used.
Version The RIP version controls the format and the broadcasting method of the RIP packets that the
Zyxel Device sends (it recognizes both formats when receiving). RIP version 1 is universally supported but RIP version 2 carries more information. RIP version 1 is probably adequate for most networks, unless you have an unusual network topology.
Operation Select Passive to have the Zyxel Device update the routing table based on the RIP packets
received from neighbors but not advertise its route information to other routers in this interface. Select Active to have the Zyxel Device advertise its route information and also listen for routing
updates from neighboring routers.
Enable Select the check box to activate the settings.
Disable Default Gateway
Cancel Click Cancel to exit this screen without saving any changes. Apply Click Apply to save your changes back to the Zyxel Device.
Select the check box to set the Zyxel Device to not send the route information to the default gateway.
LTE Series User’s Guide
73
CHAPTER 8
Network Address Translation
(NAT)

8.1 Overview

NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
8.1.1 What You Can Do in this Chapter
• Use the Port Forwarding screen to configure forward incoming service requests to the servers on your
local network (Section 8.2 on page 75).
• Use the Port Triggering screen to add and configure the Zyxel Device’s trigger port settings (Section
8.3 on page 78).
• Use the DMZ screen to configure a default server (Section 8.4 on page 81).
• Use the ALG screen to enable or disable the SIP ALG (Section 8.5 on page 82).
8.1.2 What You Need To Know
The following terms and concepts may help as you read this chapter.
Inside/Outside and Global/Local
Inside/outside denotes where a host is located relative to the Zyxel Device, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side.
NAT
In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
LTE Series User’s Guide
74
Chapter 8 Network Address Translation (NAT)
Port Forwarding
A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world.
Find Out More
See Section on page 83 for advanced technical information on NAT.

8.2 Port Forwarding Overview

Use Port Forwarding to forward incoming service requests from the Internet to the server(s) on your local network. Port forwarding is commonly used when you want to host online gaming, P2P file sharing, or other servers on your network.
You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers. You can allocate a server IP address that corresponds to a port or a range of ports. Please refer to RFC 1700 for further information about port numbers.
Note: Many residential broadband ISP accounts do not allow you to run any server processes
(such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location. If you are unsure, refer to your ISP.
Configure Servers Behind Port Forwarding (Example)
Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example), a default server IP address of 192.168.1.35 to a third (C in the example), and a default server IP address of 192.168.1.36 to a fourth (D in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet.
LTE Series User’s Guide
75
Figure 60 Multiple Servers Behind NAT Example
8.2.1 Port Forwarding
Click Network Setting > NAT to open the Port Forwarding screen.
Chapter 8 Network Address Translation (NAT)
Note: TCP port 7547 is reserved for TR-069 requests.
Figure 61 Network Setting > NAT > Port Forwarding
The following table describes the fields in this screen.
Table 25 Network Setting > NAT > Port Forwarding
LABEL DESCRIPTION
Add New Rule Click this to add a new port forwarding rule.
# This is the index number of the entry.
Status This field indicates whether the rule is active or not.
A yellow bulb signifies that this rule is active. A gray bulb signifies that this rule is not active.
Service Name This is the service’s name. This shows User Defined if you manually added a service. You can
change this by clicking the edit icon.
Originating IP This is the source’s IP address.
WAN Interface Select the WAN interface for which to configure NAT port forwarding rules.
Server IP Address This is the server’s IP address.
Start Port This is the first external port number that identifies a service.
End Port This is the last external port number that identifies a service.
LTE Series User’s Guide
76
Chapter 8 Network Address Translation (NAT)
Table 25 Network Setting > NAT > Port Forwarding (continued)
LABEL DESCRIPTION
Translation Start Port
Translation End Port
Protocol This field displays the protocol (TCP, UDP, TCP+UDP) used to transport the packets for which
Modify Click the Edit icon to edit the port forwarding rule.
This is the first internal port number that identifies a service.
This is the last internal port number that identifies a service.
you want to apply the rule.
Click the Delete icon to delete an existing port forwarding rule. Note that subsequent address mapping rules move up by one when you take this action.
8.2.2 Add/Edit Port Forwarding
Create or edit a port forwarding rule. Specify either a port or a range of ports, a server IP address, and a protocol to configure a port forwarding rule.Click Add New Rule in the Port Forwarding screen or the Edit icon next to an existing rule to open the following screen.
Figure 62 Port Forwarding: Add/Edit
LTE Series User’s Guide
77
Chapter 8 Network Address Translation (NAT)
Note: To configure port forwarding, you need to have the same configurations in the Start
Port, End Port, Translation Start Port, and Translation End Port fields. To configure port translation, you need to have different configurations in the Start Port, End Port, Translation Start Port, and Translation End Port fields.
Note: TCP port 7547 is reserved for system use.
The following table describes the labels in this screen.
Table 26 Port Forwarding: Add/Edit
LABEL DESCRIPTION
Active Select or clear this field to turn the port forwarding rule on or off. Service Name Select a service to forward or select User Defined and enter a name in the field to the right.
WAN Interface Select the WAN interface for which to configure NAT port forwarding rules.
Start Port Configure this for a user-defined entry. Enter the original destination port for the packets.
To forward only one port, enter the port number again in the End Port field.
To forward a series of ports, enter the start port number here and the end port number in the End Port field.
End Port Configure this for a user-defined entry. Enter the last port of the original destination port range.
To forward only one port, enter the port number in the Start Port field above and then enter it again in this field.
To forward a series of ports, enter the last port number in a series that begins with the port number in the Start Port field above.
Translation Start Port
Translation End Port
Server IP Address Enter the inside IP address of the virtual server here.
Configure Originating IP
Originating IP Enter the originating IP address here.
Protocol
Cancel Click this to exit this screen without saving any changes.
OK Click this to save your changes.
Configure this for a user-defined entry. This shows the port number to which you want the Zyxel Device to translate the incoming port. For a range of ports, enter the first number of the range to which you want the incoming ports translated.
Configure this for a user-defined entry. This shows the last port of the translated port range.
Click the Enable check box to enter the originating IP in the next field.
Select the protocol supported by this virtual server. Choices are TCP, UDP, or TCP/UDP.

8.3 Port Triggering

Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding, you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address. In order to use the same service on a different LAN computer, you have to manually replace the LAN computer's IP address in the forwarding port with another LAN computer's IP address.
LTE Series User’s Guide
78
Chapter 8 Network Address Translation (NAT)
Unlike port forwarding that only forwards a service to a single LAN IP address, trigger port forwarding allows computers on the LAN to dynamically take turns using a service. Doing away the need to configure a new IP address each time you want a different LAN computer to use a service.
The Zyxel Device records the IP address of a LAN computer that sends traffic to the WAN to request a service with a specific port number and protocol (a "trigger" port). When the Zyxel Device's WAN port receives a response with a specific port number and protocol ("open" port), the Zyxel Device forwards the traffic to the LAN IP address of the computer that sent the request. After the computer’s connection for that service closes, another computer on the LAN can use the service in the same manner.
For example:
Figure 63 Trigger Port Forwarding Process: Example
1 Jane requests a file from the Real Audio server (port 7070).
2 Port 7070 is a “trigger” port and causes the Zyxel Device to record Jane’s computer IP address. The Zyxel
Device associates Jane's computer IP address with the "open" port range of 6970-7170.
3 The Real Audio server responds using a port number ranging between 6970-7170.
4 The Zyxel Device forwards the traffic to Jane’s computer IP address.
5 Only Jane can connect to the Real Audio server until the connection is closed or times out. The Zyxel
Device times out in three minutes with UDP (User Datagram Protocol) or two hours with TCP/IP (Transfer Control Protocol/Internet Protocol).
Click Network Setting > NAT > Port Triggering to open the following screen. Use this screen to view your Zyxel Device’s trigger port settings.
Note: TCP port 7547 is reserved for system use.
Note: The maximum number of trigger ports for a single rule or all rules is 999.
The maximum number of open ports for a single rule or all rules is 999.
LTE Series User’s Guide
79
Chapter 8 Network Address Translation (NAT)
Figure 64 Network Setting > NAT > Port Triggering
The following table describes the labels in this screen.
Table 27 Network Setting > NAT > Port Triggering
LABEL DESCRIPTION
Add New Rule Click this to create a new rule.
# This is the index number of the entry.
Status This field displays whether the port triggering rule is active or not. A yellow bulb signifies that this
Service Name This field displays the name of the service used by this rule.
WAN Interface This field shows the WAN interface through which the service is forwarded.
Trigger Start Port The trigger port is a port (or a range of ports) that causes (or triggers) the Zyxel Device to record
Trigger End Port This is the last port number that identifies a service.
Trigger Proto. This is the trigger transport layer protocol.
Open Start Port The open port is a port (or a range of ports) that a server on the WAN uses when it sends out a
Open End Port This is the last port number that identifies a service.
Open Protocol This is the open transport layer protocol. Modify Click the Edit icon to edit this rule.
rule is active. A gray bulb signifies that this rule is not active.
the IP address of the LAN computer that sent the traffic to a server on the WAN.
This is the first port number that identifies a service.
particular service. The Zyxel Device forwards the traffic with this port (or range of ports) to the client computer on the LAN that requested the service.
This is the first port number that identifies a service.
Click the Delete icon to delete an existing rule.
8.3.1 Add/Edit Port Triggering Rule
This screen lets you create new port triggering rules. Click Add New Rule in the Port Triggering screen or click a rule’s Edit icon to open the following screen. Use this screen to configure a port or range of ports and protocols for sending out requests and for receiving responses.
LTE Series User’s Guide
80
Chapter 8 Network Address Translation (NAT)
Figure 65 Port Triggering: Add/Edit
The following table describes the labels in this screen.
Table 28 Port Triggering: Configuration Add/Edit
LABEL DESCRIPTION
Active Click to enable (blue switch) or disable (gray switch) to activate or deactivate the rule.
Service Name Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on).
WAN Interface Select a WAN interface for which you want to configure port triggering rules.
Trigger Start Port The trigger port is a port (or a range of ports) that causes (or triggers) the Zyxel Device to record
the IP address of the LAN computer that sent the traffic to a server on the WAN.
Type a port number or the starting port number in a range of port numbers.
Trigger End Port Type a port number or the ending port number in a range of port numbers. Trigger Protocol Select the transport layer protocol from TCP, UDP, or TCP/UDP.
Open Start Port The open port is a port (or a range of ports) that a server on the WAN uses when it sends out a
particular service. The Zyxel Device forwards the traffic with this port (or range of ports) to the client computer on the LAN that requested the service.
Type a port number or the starting port number in a range of port numbers.
Open End Port Type a port number or the ending port number in a range of port numbers. Open Protocol Select the transport layer protocol from TCP, UDP, or TCP/UDP. Cancel Click Cancel to exit this screen without saving any changes. OK Click OK to save your changes.

8.4 DMZ

A client in the Demilitarized Zone (DMZ) is no longer behind the Zyxel Device and can therefore run any Internet application such as video conferencing and Internet gaming without restrictions. This, however, may pose a security threat to the Zyxel Device. Use this screen to specify the IP address of a default
LTE Series User’s Guide
81
Chapter 8 Network Address Translation (NAT)
server to receive packets from ports not specified in the Port Triggering screen. Click Network Setting > NAT > DMZ to open the DMZ screen.
Note: Use an IPv4 address for the DMZ server.
Note: Enter the IP address and click Apply to activate the DMZ host.
Otherwise, clear the IP address field and click Apply to de-activate the DMZ host.
Figure 66 Network Setting > NAT > DMZ
The following table describes the fields in this screen.
Table 29 Network Setting > NAT > DMZ
LABEL DESCRIPTION
Default Server Address
Cancel Click Cancel to restore your previously saved settings.
Apply Click this to save your changes back to the Zyxel Device.

8.5 ALG

Click Network Setting > NAT > ALG to open the ALG screen. Use this screen to enable and disable the NAT Application Layer Gateway (ALG) in the Zyxel Device.
Application Layer Gateway (ALG) allows certain applications such as File Transfer Protocol (FTP), Session Initiation Protocol (SIP), or file transfer in Instant Messaging (IM) applications to pass through the Zyxel Device.
Enter the IP address of the default server which receives packets from ports that are not specified in the Port Forwarding screen.
Note: If you do not assign a default server, the Zyxel Device discards all packets
received for ports not specified in the virtual server configuration.
LTE Series User’s Guide
82
Chapter 8 Network Address Translation (NAT)
Figure 67 Network Setting > NAT > ALG
The following table describes the fields in this screen.
Table 30 Network Setting > NAT > ALG
LABEL DESCRIPTION
SIP ALG Click this (switch turns blue) to make sure SIP (VoIP) works correctly with port-forwarding and
address-mapping rules. Otherwise, click this to turn off (switch turns gray) the SIP ALG.
PPTP ALG Click this to turn on (switch turns blue) the PPTP ALG on the Zyxel Device to detect PPTP traffic
and help build PPTP sessions through the Zyxel Device’s NAT.
Cancel Click Cancel to restore your previously saved settings. Apply Click Apply to save your changes back to the Zyxel Device.
LTE Series User’s Guide
83

9.1 DNS Overview

DNS
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it.
In addition to the system DNS server(s), each WAN interface (service) is set to have its own static or dynamic DNS server list. You can configure a DNS static route to forward DNS queries for certain domain names through a specific WAN interface to its DNS server(s). The Zyxel Device uses a system DNS server (in the order you specify in the Broadband screen) to resolve domain names that do not match any DNS routing entry. After the Zyxel Device receives a DNS reply from a DNS server, it creates a new entry for the resolved IP address in the routing table.
CHAPTER 9

Dynamic DNS Setup

Dynamic DNS
Dynamic DNS allows you to use a dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect. Your friends or relatives will always be able to call you even if they don't know your IP address.
You first need to have registered a dynamic DNS account with www.dyndns.org. This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name. The Dynamic DNS service provider will give you a password or key.
9.1.1 What You Can Do in this Chapter
• Use the DNS Entry screen to view, configure, or remove DNS routes (Section 9.2 on page 85).
• Use the Dynamic DNS screen to enable DDNS and configure the DDNS settings on the Zyxel Device
(Section 9.3 on page 86).
9.1.2 What You Need To Know
DYNDNS Wildcard
Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname.
LTE Series User’s Guide
84
If you have a private WAN IP address, then you cannot use Dynamic DNS.

9.2 DNS Entry

DNS (Domain Name System) is used for mapping a domain name to its corresponding IP address and vice versa. Use this screen to view and configure DNS routes on the Zyxel Device. Click Network Setting > DNS to open the DNS Entry screen.
Note: The host name should consist of the host’s local name and the domain name. For
example, Mycomputer.home is a host name where Mycomputer is the host’s local name, and .home is the domain name.
Figure 68 Network Setting > DNS > DNS Entry
Chapter 9 Dynamic DNS Setup
The following table describes the fields in this screen.
Table 31 Network Setting > DNS > DNS Entry
LABEL DESCRIPTION
Add New DNS Entry
# This is the index number of the entry.
Hostname This indicates the host name or domain name.
IP Address This indicates the IP address assigned to this computer. Modify Click the Edit icon to edit the rule.
Click this to create a new DNS entry.
Click the Delete icon to delete an existing rule.
9.2.1 Add/Edit DNS Entry
You can manually add or edit the Zyxel Device’s DNS name and IP address entry. Click Add New DNS Entry in the DNS Entry screen or the Edit icon next to the entry you want to edit. The screen shown next
appears.
LTE Series User’s Guide
85
Chapter 9 Dynamic DNS Setup
Figure 69 DNS Entry: Add/Edit
The following table describes the labels in this screen.
Table 32 DNS Entry: Add/Edit
LABEL DESCRIPTION
Host Name Enter the host name of the DNS entry.
IPv4 Address Enter the IPv4 address of the DNS entry. Cancel Click Cancel to exit this screen without saving any changes. OK Click OK to save your changes.

9.3 Dynamic DNS

Dynamic DNS can update your current dynamic IP address mapping to a hostname. Configure a DDNS service provider on your Zyxel Device. Click Network Setting > DNS > Dynamic DNS. The screen appears as shown.
LTE Series User’s Guide
86
Chapter 9 Dynamic DNS Setup
Figure 70 Network Setting > DNS > Dynamic DNS
The following table describes the fields in this screen.
Table 33 Network Setting > DNS > > Dynamic DNS
LABEL DESCRIPTION
Dynamic DNS Setup
Dynamic DNS Select Enable to use dynamic DNS.
Service Provider Select your Dynamic DNS service provider from the drop-down list box.
Host Name Type the domain name assigned to your Zyxel Device by your Dynamic DNS provider.
You can specify up to two host names in the field separated by a comma (",").
Username Type your user name.
Password Type the password assigned to you.
Enable Wildcard Option
Enable Off Line Option (Only applies to custom DNS)
Dynamic DNS Status
User Authentication Result
Last Updated Time This shows the last time the IP address the Dynamic DNS provider has associated with the
Current Dynamic IPThis shows the IP address your Dynamic DNS provider has currently associated with the
Cancel Click Cancel to exit this screen without saving any changes. Apply Click Apply to save your changes.
Select the check box to enable DynDNS Wildcard.
Check with your Dynamic DNS service provider to have traffic redirected to a URL (that you can specify) while you are off line.
This shows Success if the account is correctly set up with the Dynamic DNS provider account.
hostname was updated.
hostname.
LTE Series User’s Guide
87

10.1 Overview

This chapter shows you how to enable the Zyxel Device firewall. Use the firewall to protect your Zyxel Device and network from attacks by hackers on the Internet and control access to it. The firewall:
• allows traffic that originates from your LAN computers to go to all other networks.
• blocks traffic that originates on other networks from going to the LAN.
By default, the Zyxel Device blocks DoS attacks whether the firewall is enabled or disabled.
The following figure illustrates the firewall action. User A can initiate an IM (Instant Messaging) session from the LAN to the WAN (1). Return traffic for this session is also allowed (2). However other traffic initiated from the WAN is blocked (3 and 4).
Figure 71 Default Firewall Action
CHAPTER 10

Firewall

10.1.1 What You Need to Know About Firewall
DoS
Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The Zyxel Device is pre-configured to automatically detect and thwart all known DoS attacks.
ICMP
Internet Control Message Protocol (ICMP) is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user.
LTE Series User’s Guide
88
Chapter 10 Firewall
DoS Thresholds
For DoS attacks, the Zyxel Device uses thresholds to determine when to drop sessions that do not become fully established. These thresholds apply globally to all sessions. You can use the default threshold values, or you can change them to values more suitable to your security requirements.

10.2 Firewall

10.2.1 What You Can Do in this Chapter
• Use the General screen to configure the security level of the firewall on the Zyxel Device (Section 10.3
on page 89).
• Use the Protocol screen to add or remove predefined Internet services and configure firewall rules
(Section 10.4 on page 91).
• Use the Access Control screen to view and configure incoming/outgoing filtering rules (Section 10.5
on page 92).
• Use the DoS screen to activate protection against Denial of Service (DoS) attacks (Section 10.6 on
page 95).

10.3 Firewall General Settings

Use the firewall to protect your Zyxel Device and network from attacks by hackers on the Internet and control access to it. Use this screen to set the security level of the firewall on the Zyxel Device. Firewall rules are grouped based on the direction of travel of packets. A higher firewall level means more restrictions on the Internet activities you can perform. Click Security > Firewall > General to display the following screen. Use the slider to select the level of firewall protection.
LTE Series User’s Guide
89
Chapter 10 Firewall
Figure 72 Security > Firewall > General
Note: LAN to WAN is your access to all Internet services. WAN to LAN is the access of other
computers on the Internet to devices behind the Zyxel Device. When the security level is set to High, access to Telnet, FTP, HTTP, HTTPS, DNS, IMAP, POP3, SMTP, and IPv6 Ping are still allowed from the LAN.
The following table describes the labels in this screen.
Table 34 Security > Firewall > General
LABEL DESCRIPTION
IPv4 Firewall
IPv6 Firewall
High This setting blocks all traffic to and from the Internet. Only local network traffic and LAN to WAN service
Medium This is the recommended setting. It allows traffic to the Internet but blocks anyone from the Internet
Low This setting allows traffic to the Internet and also allows someone from the Internet to access services on
Cancel Click this to restore your previously saved settings.
Apply Click this to save your changes.
Enable firewall protection when using IPv4 (Internet Protocol version 4).
Enable firewall protection when using IPv6 (Internet Protocol version 6).
(Telnet, FTP, HTTP, HTTPS, DNS, POP3, SMTP) is permitted.
from accessing any services on your local network.
your local network. This would be used with Port Forwarding, Default Server.
LTE Series User’s Guide
90
Chapter 10 Firewall

10.4 Protocol (Customized Services)

A protocol is a port number rule which defines a service. Services include Email, File sharing, Instant messaging, Online games, Print servers, Voice over IP and so on. Define services in this screen that you want to apply access control rules to in the Firewall > Access Control screen. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. Click Security > Firewall > Protocol to display the following screen.
Note: Removing a protocol rule will also remove associated ACL rules.
Figure 73 Security > Firewall > Protocol
The following table describes the labels in this screen.
Table 35 Security > Firewall > Protocol
LABEL DESCRIPTION
Add New Protocol Entry
Name This is the name of your customized service.
Description This is a description of your customized service.
Ports/ Protocol Number
Modify Click this to edit a customized service.
Click this to configure a customized service.
This shows the port number or range and the IP protocol (TCP or UDP) that defines your customized service.
10.4.1 Add Customized Service
Add a customized rule or edit an existing rule by specifying the protocol and the port number(s). Click Add New Protocol Entry in the Protocol screen to display the following screen.
LTE Series User’s Guide
91
Chapter 10 Firewall
Figure 74 Security > Firewall > Protocol: Add New Protocol Entry
The following table describes the labels in this screen.
Table 36 Security > Firewall > Protocol: Add New Protocol Entry
LABEL DESCRIPTION
Service Name Type a unique name for your custom port.
Description Enter a description for your custom port. Protocol Choose the protocol (TCP, UDP, ICMP, ICMPv6, Other) that defines your customized port from
Protocol Number Type a single port number or the range of port numbers (0-255) that define your customized
Cancel Click this to exit this screen without saving any changes.
OK Click this to save your changes.
the drop down list box.
service.

10.5 Access Control (Rules)

An Access Control List (ACL) rule is a manually-defined rule that can accept, reject, or drop incoming or outgoing packets from your network based on the type of service. For example, you could block users using Instant Messaging in your network. This screen displays a list of the configured incoming or outgoing filtering rules. Note the order in which the rules are listed. Click Security > Firewall > Access Control to display the following screen.
Note: The ordering of your rules is very important as rules are applied in turn.
LTE Series User’s Guide
92
Chapter 10 Firewall
Figure 75 Security > Firewall > Access Control
The following table describes the labels in this screen.
Table 37 Security > Firewall > Rules
LABEL DESCRIPTION
Rules Storage Space Usage
Add New ACL Rule Select an index number and click Add to add a new firewall rule after the selected index
# This field displays the rule index number. The ordering of your rules is important as rules are
Name This field displays the rule name.
Src IP This field displays the source IP addresses to which this rule applies.
Dest IP This field displays the destination IP addresses to which this rule applies.
Service This field displays the protocol (TCP, UDP, TCP+UDP or any) used to transport the packets
Action Displays whether the firewall silently discards packets (Drop), discards packets and sends
Modify Click the Edit icon to edit the firewall rule.
This read-only bar shows how much of the Zyxel Device's memory for recording firewall rules it is currently using. When you are using 80% or less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red.
number. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8.
applied in turn.
for which you want to apply the rule.
a TCP reset packet or an ICMP destination-unreachable message to the sender (Reject), or allow the passage of (Accept) packets that match this rule.
Click the Delete icon to delete an existing firewall rule.
10.5.1 Access Control Add New ACL Rule
Use this screen to configure firewall rules. In the Access Control screen, select an index number and click Add New ACL Rule or click a rule’s Edit icon to display this screen and refer to the following table for
information on the labels.
LTE Series User’s Guide
93
Chapter 10 Firewall
Figure 76 Security > Firewall > Access Control > Add New ACL Rule
The following table describes the labels in this screen.
Table 38 Security > Firewall > Access Control > Add New ACL Rule
LABEL DESCRIPTION
Filter Name Type a unique name for your filter rule.
Order Assign the order of your rules as rules are applied in turn.
Select Source IP Address
Source IP Address If you selected Specific IP Address in the previous item, enter the source device’s IP
Select Destination Device
Destination IP Address If you selected Specific IP Address in the previous item, enter the destination device’s IP
IP Type Select between IPv4 or IPv6. Compared to IPv4, IPv6 (Internet Protocol version 6), is
Select Service Select a service from the Select Service box. Protocol Select the protocol (ALL, TCP/UDP, TCP, UDP, ICMP, ICMPv6) used to transport the packets
If you want the source to come from a particular (single) IP, select Specific IP Address. If not, select from a detected device.
address here. Otherwise this field will be hidden if you select the detected device. If you want your rule to apply to packets with a particular (single) IP, select Specific IP
Address. If not, select a detected device.
address here. Otherwise this field will be hidden if you select the detected device.
designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 1038 IP addresses. The Zyxel Device can use IPv4/IPv6 dual stack to connect to IPv4 and IPv6 networks, and supports IPv6 rapid deployment (6RD).
for which you want to apply the rule.
LTE Series User’s Guide
94
Chapter 10 Firewall
Table 38 Security > Firewall > Access Control > Add New ACL Rule (continued)
LABEL DESCRIPTION
Custom Source Port This is a single port number or the starting port number of a range that defines your rule.
Custom Destination Port
Policy Use the drop-down list box to select whether to discard (Drop), deny and send an ICMP
Direction Select WAN to LAN to apply the rule to traffic from WAN to LAN. Select LAN to WAN to
Enable Rate Limit Click to enable (switch turns blue) the setting of maximum number of packets per
Scheduler Rules
packet(s) per (1-512)
Add New Rule Select a schedule rule for this ACL rule form the drop-down list box. You can configure a
Cancel Click this to exit this screen without saving any changes.
OK Click this to save your changes.
This is a single port number or the ending port number of a range that defines your rule.
destination-unreachable message to the sender (Reject), or allow the passage of (Accept) packets that match this rule.
apply the rule to traffic from LAN to WAN. Select WAN to Router to apply the rule to traffic from WAN to router. Select LAN to Router to apply the rule to traffic from LAN to router.
maximum number of minute/second to limit the throughput of traffic that matches this rule. If not, the next item will be disabled.
Enter the maximum number of packets (1-512) per minute/second.
new schedule rule by clicking Add New Rule.

10.6 DoS

Activate protection against DoS attacks. DoS (Denial of Service) attacks can flood your Internet connection with invalid packets and connection requests, using so much bandwidth and so many resources that Internet access becomes unavailable.
Click Security > Firewall > DoS to display the following screen.
Figure 77 Security > Firewall > DoS
The following table describes the labels in this screen.
Table 39 Security > Firewall > DoS
LABEL DESCRIPTION
DoS Protection Blocking
Cancel Click this to restore your previously saved settings.
Apply Click this to save your changes.
Enable this to protect against DoS attacks. The Zyxel Device will drop sessions that surpass maximum thresholds.
LTE Series User’s Guide
95
Chapter 10 Firewall

10.7 Firewall Technical Reference

This section provides some technical background information about the topics covered in this chapter.
10.7.1 Firewall Rules Overview
Your customized rules take precedence and override the Zyxel Device’s default settings. The Zyxel Device checks the source IP address, destination IP address and IP protocol type of network traffic against the firewall rules (in the order you list them). When the traffic matches a rule, the Zyxel Device takes the action specified in the rule.
Firewall rules are grouped based on the direction of travel of packets to which they apply:
• LAN to Router • WAN to LAN
• LAN to WAN • WAN to Router
By default, the Zyxel Device’s stateful packet inspection allows packets traveling in the following directions:
• LAN to Router
These rules specify which computers on the LAN can manage the Zyxel Device (remote management).
Note: You can also configure the remote management settings to allow only a specific
computer to manage the Zyxel Device.
• LAN to WAN
These rules specify which computers on the LAN can access which computers or services on the WAN.
By default, the Zyxel Device’s stateful packet inspection drops packets traveling in the following directions:
•WAN to LAN
These rules specify which computers on the WAN can access which computers or services on the LAN.
Note: You also need to configure NAT port forwarding (or full featured NAT address mapping
rules) to allow computers on the WAN to access devices on the LAN.
•WAN to Router
By default the Zyxel Device stops computers on the WAN from managing the Zyxel Device. You could configure one of these rules to allow a WAN computer to manage the Zyxel Device.
Note: You also need to configure the remote management settings to allow a WAN
computer to manage the Zyxel Device.
You may define additional rules and sets or modify existing ones but please exercise extreme caution in doing so.
For example, you may create rules to:
LTE Series User’s Guide
96
Chapter 10 Firewall
• Block certain types of traffic, such as IRC (Internet Relay Chat), from the LAN to the Internet.
• Allow certain types of traffic, such as Lotus Notes database synchronization, from specific hosts on the
Internet to specific hosts on the LAN.
• Allow everyone except your competitors to access a web server.
• Restrict use of certain protocols, such as Telnet, to authorized users on the LAN.
These custom rules work by comparing the source IP address, destination IP address and IP protocol type of network traffic to rules set by the administrator. Your customized rules take precedence and override the Zyxel Device’s default rules.
10.7.2 Guidelines For Security Enhancement With Your Firewall
1 Change the default password via the Web Configurator.
2 Think about access control before you connect to the network in any way.
3 Limit who can access your router.
4 Don't enable any local service (such as telnet or FTP) that you don't use. Any enabled service could
present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network.
5 For local services that are enabled, protect against misuse. Protect by configuring the services to
communicate only with specific peers, and protect by configuring rules to block packets for the services at specific interfaces.
6 Protect against IP spoofing by making sure the firewall is active.
7 Keep the firewall in a secured (locked) room.
10.7.3 Security Considerations
Note: Incorrectly configuring the firewall may block valid access or introduce security risks to
the Zyxel Device and your protected network. Use caution when creating or deleting firewall rules and test your rules after you configure them.
Consider these security ramifications before creating a rule:
1 Does this rule stop LAN users from accessing critical resources on the Internet? For example, if IRC
(Internet Relay Chat) is blocked, are there users that require this service?
2 Is it possible to modify the rule to be more specific? For example, if IRC is blocked for all users, will a rule
that blocks just certain users be more effective?
3 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For
example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers.
4 Does this rule conflict with any existing rules?
LTE Series User’s Guide
97
Chapter 10 Firewall
Once these questions have been answered, adding rules is simply a matter of entering the information into the correct fields in the Web Configurator screens.
LTE Series User’s Guide
98

11.1 MAC Filter Overview

You can configure the Zyxel Device to permit access to clients based on their MAC addresses in the MAC Filter screen. This applies to wired and wireless connections. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the LAN client to configure this screen.

11.2 MAC Filter

Enable MAC Address Filter and add the host name and MAC address of a LAN client to the table if you wish to allow or deny them access to your network. Select Security > MAC Filter. The screen appears as shown.
CHAPTER 11

MAC Filter

Figure 78 Security > MAC Filter
You can choose to enable or disable the filters per entry; make sure that the check box under Active is selected if you want to use a filter, as shown in the example below.
LTE Series User’s Guide
99
Chapter 11 MAC Filter
Figure 79 Enabling individual MAC Filters
The following table describes the labels in this screen.
Table 40 Security > MAC Filter
LABEL DESCRIPTION
MAC Address Filter Select Enable to activate the MAC filter function. MAC Restrict Mode Select Allow to only permit the listed MAC addresses access to the Zyxel Device. Select
Deny to permit anyone access to the Zyxel Device except the listed MAC addresses.
Add New Rule Click this button to create a new entry.
Set This is the index number of the MAC address. Active Select Active to enable the MAC filter rule. The rule will not be applied if Allow is not
selected under MAC Restrict Mode.
Host Name Enter the host name of the wireless or LAN clients that are allowed access to the Zyxel
MAC Address Enter the MAC addresses of the wireless or LAN clients that are allowed access to the Zyxel
Delete Click the Delete icon to delete an existing rule. Cancel Click Cancel to restore your previously saved settings. Apply Click Apply to save your changes.
Device.
Device in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc.
LTE Series User’s Guide
100
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use