How it Works
ZyXEL
Loading...
NBG-410W3G
specifications
2 pgs309.23 Kb0
User Manual
230 pgs4.3 Mb0
User Manual
430 pgs13.36 Mb0
User Manual
55 pgs15.88 Mb0
User Manual [ru]
88 pgs3.08 Mb0
Table of contents
Loading...

ZyXEL NBG410W3G User Manual

Download
NBG410W3G Series
3G Wireless Router
User’s Guide
Version 4.03 2/2009 Edition 2
www.zyxel.com
About This User's Guide
Intended Audience
This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology.
Related Documentation
• Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains
information on setting up your network and configuring for Internet access.
• Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary
information.
• Supporting Disk Refer to the included CD for support documents.
• ZyXEL Web Site Please refer to www.zyxel.com
certifications.
for additional support documentation and product
User Guide Feedback
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you!
The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
E-mail: techwriters@zyxel.com.tw
NBG410W3G Series User’s Guide
3

Document Conventions

Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this User’s Guide.
1 Warnings tell you about things that could harm you or your device.
" Notes tell you other important information (for example, other things you may
need to configure or helpful tips) or recommendations.
Syntax Conventions
• The NBG410W3G and NBG412W3G may be referred to as the “ZyXEL Device”, the “device”, the “system”, or the “NBG410W3G Series” in this User’s Guide.
• Product labels, screen names, field labels and field choices are all in bold font.
• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the “enter” or “return” key on your keyboard.
• “Enter” means for you to type one or more characters and then press the [ENTER] key. “Select” or “choose” means for you to use one of the predefined choices.
• A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that screen.
• Units of measurement may denote the “metric” value or the “scientific” value. For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on.
• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.
4
NBG410W3G Series User’s Guide
Document Conventions
Icons Used in Figures
Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device.
ZyXEL Device Computer Notebook computer
Server DSLAM Firewall
Telephone Switch Router
NBG410W3G Series User’s Guide
5

Safety Warnings

Safety Warnings
1 For your safety, be sure to read and follow all warning notices and instructions.
• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT store things on the device.
• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.
• Connect ONLY suitable accessories to the device.
• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information.
• Make sure to connect the cables to the correct ports.
• Place connecting cables carefully so that no one will step on them or stumble over them.
• Always disconnect all cables from this device before servicing or disassembling.
• Use ONLY an appropriate power adaptor or cord for your device.
• Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).
• Do NOT remove the plug and connect it to a power outlet by itself; always attach the plug to the power adaptor first before connecting it to a power outlet.
• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.
• Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.
• If the power adaptor or cord is damaged, remove it from the power outlet.
• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.
• Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.
• Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s). Only use the included antenna(s).
• If you wall mount your device, make sure that no electrical lines, gas or water pipes will be damaged.
6
This product is recyclable. Dispose of it properly.
NBG410W3G Series User’s Guide
Safety Warnings
NBG410W3G Series User’s Guide
7
Safety Warnings
8
NBG410W3G Series User’s Guide

Contents Overview

Contents Overview
Introduction ............................................................................................................................33
Getting to Know Your ZyXEL Device ......................................................................................... 35
Introducing the Web Configurator .............................................................................................. 43
Wizard Setup ............................................................................................................................. 59
Tutorials ..................................................................................................................................... 65
Network ...................................................................................................................................99
LAN Screens ........................................................................................................................... 101
WAN Screens ........................................................................................................................... 111
DMZ Screens ........................................................................................................................... 135
Wireless ................................................................................................................................145
Wi-Fi ........................................................................................................................................ 147
Security .................................................................................................................................165
Firewall .................................................................................................................................... 167
Authentication Server .............................................................................................................. 191
Certificates ............................................................................................................................... 195
Advanced ..............................................................................................................................223
Network Address Translation (NAT) ........................................................................................ 225
Static Route ............................................................................................................................. 243
DNS ......................................................................................................................................... 247
Remote Management ..............................................................................................................259
UPnP ....................................................................................................................................... 281
Custom Application .................................................................................................................. 291
ALG Screen ............................................................................................................................. 293
Logs and Maintenance ........................................................................................................ 299
Logs Screens ........................................................................................................................... 301
Maintenance ............................................................................................................................ 325
Troubleshooting and Specifications ..................................................................................337
Troubleshooting ....................................................................................................................... 339
Product Specifications ............................................................................................................. 345
Appendices and Index ......................................................................................................... 351
NBG410W3G Series User’s Guide
9
Contents Overview
10
NBG410W3G Series User’s Guide

Table of Contents

Table of Contents
About This User's Guide ..........................................................................................................3
Document Conventions............................................................................................................4
Safety Warnings........................................................................................................................6
Contents Overview ...................................................................................................................9
Table of Contents....................................................................................................................11
List of Figures .........................................................................................................................21
List of Tables...........................................................................................................................29
Part I: Introduction................................................................................. 33
Chapter 1
Getting to Know Your ZyXEL Device ....................................................................................35
1.1 Overview .............................................................................................................................. 35
1.2 Applications for the ZyXEL Device ...................................................................................... 35
1.2.1 3G WAN Application ................................................................................................... 35
1.2.2 Secure Broadband Internet Access via Cable or DSL Modem .................................. 36
1.3 Ways to Manage the ZyXEL Device .................................................................................... 36
1.4 Configuring Your ZyXEL Device’s Security Features .......................................................... 37
1.4.1 Control Access to Your Device ................................................................................... 37
1.4.2 Wireless Security ....................................................................................................... 37
1.4.3 Firewall ...................................................................................................................... 37
1.4.4 NAT ............................................................................................................................ 38
1.4.5 UPnP .......................................................................................................................... 38
1.5 Maintaining Your ZyXEL Device .......................................................................................... 38
1.5.1 Front Panel Lights ...................................................................................................... 39
Chapter 2
Introducing the Web Configurator ........................................................................................43
2.1 Web Configurator Overview ................................................................................................. 43
2.2 Accessing the ZyXEL Device Web Configurator ................................................................. 43
2.3 Resetting the ZyXEL Device ................................................................................................ 45
2.3.1 Procedure To Use The Reset Button ......................................................................... 45
2.3.2 Uploading a Configuration File Via Console Port ....................................................... 45
NBG410W3G Series User’s Guide
11
Table of Contents
2.4 Navigating the ZyXEL Device Web Configurator ................................................................. 46
2.4.1 Title Bar ...................................................................................................................... 46
2.4.2 Main Window ..............................................................................................................47
2.4.3 HOME Screen ........................................................................................................... 47
2.4.4 Navigation Panel ........................................................................................................ 52
2.4.5 Port Statistics ........................................................................................................... 54
2.4.6 Show Statistics: Line Chart ........................................................................................ 55
2.4.7 DHCP Table Screen ................................................................................................ 56
Chapter 3
Wizard Setup ...........................................................................................................................59
3.1 Wizard Setup Overview ...................................................................................................... 59
3.2 Internet Access ................................................................................................................... 59
3.2.1 ISP Parameters .......................................................................................................... 59
3.2.2 Internet Access Wizard Setup Complete ................................................................... 64
Chapter 4
Tutorials ................................................................................................................................... 65
4.1 DMZ Overview ..................................................................................................................... 65
4.2 DMZ Setup Example ........................................................................................................... 66
4.2.1 Basic Setup ................................................................................................................ 66
4.2.2 Advanced Setup ......................................................................................................... 68
4.3 Firewall Rule Setup ............................................................................................................. 69
4.4 Setting Up a VoIP Phone with H.323 ................................................................................... 72
4.5 Using NAT with Multiple Public IP Addresses ...................................................................... 77
4.5.1 Example Parameters and Scenario ........................................................................... 77
4.5.2 Configuring the WAN Connection with a Static IP Address ........................................ 78
4.5.3 Public IP Address Mapping ........................................................................................ 82
4.5.4 Forwarding Traffic from the WAN to a Local Computer .............................................. 87
4.5.5 Allow WAN-to-LAN Traffic through the Firewall .......................................................... 89
4.5.6 Testing the Connections ............................................................................................. 96
4.6 Using NAT with Multiple Game Players ............................................................................... 96
Part II: Network....................................................................................... 99
Chapter 5
LAN Screens..........................................................................................................................101
12
5.1 LAN, WAN and the ZyXEL Device ..................................................................................... 101
5.2 IP Address and Subnet Mask ............................................................................................ 101
5.2.1 Private IP Addresses ................................................................................................ 102
5.3 DHCP ................................................................................................................................ 102
NBG410W3G Series User’s Guide
Table of Contents
5.3.1 IP Pool Setup ........................................................................................................... 103
5.4 RIP Setup .......................................................................................................................... 103
5.5 Multicast ............................................................................................................................ 103
5.6 WINS ................................................................................................................................. 104
5.7 LAN .................................................................................................................................... 104
5.8 LAN Static DHCP ............................................................................................................... 106
5.9 LAN IP Alias .................................................................................................................... 107
5.10 LAN Port Roles ................................................................................................................ 109
Chapter 6
WAN Screens......................................................................................................................... 111
6.1 WAN Overview ................................................................................................................... 111
6.2 Multiple WAN ......................................................................................................................111
6.3 TCP/IP Priority (Metric) .......................................................................................................112
6.4 WAN General ......................................................................................................................112
6.5 WAN IP Address Assignment .............................................................................................115
6.6 DNS Server Address Assignment ......................................................................................116
6.7 WAN MAC Address ............................................................................................................116
6.8 WAN 1 ...............................................................................................................................117
6.8.1 WAN Ethernet Encapsulation ....................................................................................117
6.8.2 PPPoE Encapsulation .............................................................................................. 120
6.8.3 PPTP Encapsulation ................................................................................................ 123
6.9 3G (WAN 2) ...................................................................................................................... 126
6.10 Traffic Redirect ............................................................................................................... 132
6.11 Configuring Traffic Redirect ............................................................................................. 133
Chapter 7
DMZ Screens .........................................................................................................................135
7.1 DMZ .................................................................................................................................. 135
7.2 Configuring DMZ ............................................................................................................... 135
7.3 DMZ Static DHCP ............................................................................................................ 138
7.4 DMZ IP Alias .................................................................................................................... 139
7.5 DMZ Public IP Address Example ...................................................................................... 141
7.6 DMZ Private and Public IP Address Example ................................................................... 141
7.7 DMZ Port Roles ............................................................................................................... 142
Part III: Wireless ................................................................................... 145
Chapter 8
Wi-Fi .......................................................................................................................................147
8.1 Wi-Fi Introduction .............................................................................................................. 147
NBG410W3G Series User’s Guide
13
Table of Contents
8.2 Wireless Security Overview ............................................................................................... 148
8.2.1 SSID ......................................................................................................................... 148
8.2.2 MAC Address Filter .................................................................................................. 148
8.2.3 User Authentication .................................................................................................. 149
8.2.4 Encryption ................................................................................................................ 149
8.2.5 Additional Installation Requirements for Using 802.1x ............................................. 151
8.3 Wireless Card ................................................................................................................... 151
8.3.1 SSID Profile ............................................................................................................. 153
8.4 Configuring Wireless Security ........................................................................................... 154
8.4.1 No Security ............................................................................................................... 156
8.4.2 Static WEP ...............................................................................................................156
8.4.3 IEEE 802.1x Only ..................................................................................................... 157
8.4.4 IEEE 802.1x + Static WEP ....................................................................................... 158
8.4.5 WPA, WPA2, WPA2-MIX .......................................................................................... 160
8.4.6 WPA-PSK, WPA2-PSK, WPA2-PSK-MIX ................................................................. 161
8.5 MAC Filter ......................................................................................................................... 162
Part IV: Security ................................................................................... 165
Chapter 9
Firewall...................................................................................................................................167
9.1 Firewall Overview ............................................................................................................. 167
9.2 Packet Direction Matrix ...................................................................................................... 168
9.3 Packet Direction Examples ................................................................................................ 169
9.4 Security Considerations ..................................................................................................... 170
9.5 Firewall Rules Example .....................................................................................................171
9.6 Asymmetrical Routes ......................................................................................................... 173
9.6.1 Asymmetrical Routes and IP Alias ........................................................................... 173
9.7 Firewall Default Rule ......................................................................................................... 173
9.8 Firewall Rule Summary .................................................................................................... 175
9.8.1 Firewall Edit Rule ................................................................................................. 177
9.9 Anti-Probing .................................................................................................................... 180
9.10 Firewall Thresholds ...................................................................................................... 181
9.10.1 Threshold Values ................................................................................................... 182
9.11 Threshold Screen ............................................................................................................. 182
9.12 Service ............................................................................................................................ 184
9.12.1 Firewall Edit Custom Service ................................................................................ 185
9.13 My Service Firewall Rule Example .................................................................................. 186
Chapter 10
Authentication Server...........................................................................................................191
14
NBG410W3G Series User’s Guide
Table of Contents
10.1 Authentication Server Overview ...................................................................................... 191
10.2 Local User Database .....................................................................................................191
10.3 RADIUS ......................................................................................................................... 193
Chapter 11
Certificates ............................................................................................................................195
11.1 Certificates Overview ....................................................................................................... 195
11.1.1 Advantages of Certificates ..................................................................................... 196
11.2 Self-signed Certificates .................................................................................................... 196
11.3 Verifying a Certificate ....................................................................................................... 196
11.3.1 Checking the Fingerprint of a Certificate on Your Computer .................................. 196
11.4 Configuration Summary ................................................................................................... 197
11.5 My Certificates ................................................................................................................ 198
11.6 My Certificate Details ..................................................................................................... 200
11.7 My Certificate Export ....................................................................................................... 202
11.7.1 Certificate File Export Formats ............................................................................... 202
11.8 My Certificate Import ...................................................................................................... 203
11.8.1 Certificate File Formats .......................................................................................... 203
11.9 My Certificate Create ..................................................................................................... 205
11.10 Trusted CAs ................................................................................................................. 209
11.11 Trusted CA Details .........................................................................................................211
11.12 Trusted CA Import ........................................................................................................ 214
11.13 Trusted Remote Hosts ................................................................................................. 215
11.14 Trusted Remote Hosts Import ...................................................................................... 217
11.15 Trusted Remote Host Certificate Details ...................................................................... 218
11.16 Directory Servers .......................................................................................................... 220
11.17 Directory Server Add or Edit ........................................................................................ 221
Part V: Advanced ................................................................................. 223
Chapter 12
Network Address Translation (NAT)....................................................................................225
12.1 NAT Overview ................................................................................................................ 225
12.1.1 NAT Definitions ...................................................................................................... 225
12.1.2 What NAT Does ..................................................................................................... 226
12.1.3 How NAT Works ..................................................................................................... 226
12.1.4 NAT Application ...................................................................................................... 227
12.1.5 Port Restricted Cone NAT ...................................................................................... 228
12.1.6 NAT Mapping Types ............................................................................................... 229
12.2 Using NAT ........................................................................................................................ 230
12.2.1 SUA (Single User Account) Versus NAT ................................................................ 230
NBG410W3G Series User’s Guide
15
Table of Contents
12.3 NAT Overview Screen ..................................................................................................... 230
12.4 NAT Address Mapping ................................................................................................... 232
12.4.1 What NAT Does ..................................................................................................... 232
12.4.2 NAT Address Mapping Edit ................................................................................... 234
12.5 Port Forwarding .............................................................................................................. 235
12.5.1 Default Server IP Address ...................................................................................... 235
12.5.2 Port Forwarding: Services and Port Numbers ........................................................ 236
12.5.3 Configuring Servers Behind Port Forwarding (Example) ....................................... 236
12.5.4 NAT and Multiple WAN ........................................................................................... 237
12.5.5 Port Translation ...................................................................................................... 237
12.6 Port Forwarding Screen ................................................................................................... 238
12.7 Port Triggering ............................................................................................................... 240
Chapter 13
Static Route ........................................................................................................................... 243
13.1 IP Static Route .............................................................................................................. 243
13.2 IP Static Route ................................................................................................................. 244
13.2.1 IP Static Route Edit .............................................................................................. 245
Chapter 14
DNS ........................................................................................................................................247
14.1 DNS Overview ................................................................................................................ 247
14.2 DNS Server Address Assignment ................................................................................... 247
14.3 DNS Servers .................................................................................................................... 247
14.4 Address Record ............................................................................................................... 248
14.4.1 DNS Wildcard ......................................................................................................... 248
14.5 Name Server Record ....................................................................................................... 248
14.5.1 Private DNS Server ................................................................................................ 248
14.6 System Screen ................................................................................................................ 248
14.6.1 Adding an Address Record .................................................................................. 250
14.6.2 Inserting a Name Server Record .......................................................................... 251
14.7 DNS Cache .................................................................................................................... 252
14.8 Configure DNS Cache ..................................................................................................... 252
14.9 Configuring DNS DHCP ................................................................................................. 254
14.10 Dynamic DNS .............................................................................................................. 255
14.10.1 DYNDNS Wildcard ............................................................................................... 255
14.10.2 High Availability .................................................................................................... 256
14.11 Configuring Dynamic DNS ............................................................................................. 256
Chapter 15
Remote Management............................................................................................................ 259
15.1 Remote Management Overview ...................................................................................... 259
15.1.1 Remote Management Limitations .......................................................................... 260
16
NBG410W3G Series User’s Guide
Table of Contents
15.1.2 System Timeout ..................................................................................................... 260
15.2 WWW (HTTP and HTTPS) ............................................................................................. 260
15.3 WWW .............................................................................................................................. 261
15.4 HTTPS Example .............................................................................................................. 263
15.4.1 Internet Explorer Warning Messages ..................................................................... 263
15.4.2 Netscape Navigator Warning Messages ................................................................ 263
15.4.3 Avoiding the Browser Warning Messages .............................................................. 264
15.4.4 Login Screen .......................................................................................................... 265
15.5 SSH ............................................................................................................................... 267
15.6 How SSH Works .............................................................................................................. 267
15.7 SSH Implementation on the ZyXEL Device ..................................................................... 268
15.7.1 Requirements for Using SSH ................................................................................. 268
15.8 Configuring SSH .............................................................................................................. 269
15.9 Secure Telnet Using SSH Examples ............................................................................... 270
15.9.1 Example 1: Microsoft Windows .............................................................................. 270
15.9.2 Example 2: Linux .................................................................................................... 270
15.10 Secure FTP Using SSH Example .................................................................................. 271
15.11 Telnet ............................................................................................................................ 272
15.12 Configuring TELNET ..................................................................................................... 272
15.13 FTP .............................................................................................................................. 273
15.14 SNMP .......................................................................................................................... 274
15.14.1 Supported MIBs .................................................................................................. 275
15.14.2 SNMP Traps ......................................................................................................... 276
15.14.3 REMOTE MANAGEMENT: SNMP ....................................................................... 276
15.15 DNS ............................................................................................................................. 277
15.16 Introducing Vantage CNM ............................................................................................. 278
15.17 Configuring CNM ........................................................................................................... 278
15.17.1 Additional Configuration for Vantage CNM .......................................................... 280
Chapter 16
UPnP ......................................................................................................................................281
16.1 Universal Plug and Play Overview ................................................................................. 281
16.1.1 How Do I Know If I'm Using UPnP? ....................................................................... 281
16.1.2 NAT Traversal ........................................................................................................ 281
16.1.3 Cautions with UPnP ............................................................................................... 281
16.1.4 UPnP and ZyXEL ................................................................................................... 282
16.2 Configuring UPnP ............................................................................................................ 282
16.3 Displaying UPnP Port Mapping .................................................................................... 283
16.4 Installing UPnP in Windows Example .............................................................................. 284
16.4.1 Installing UPnP in Windows Me ............................................................................. 285
16.4.2 Installing UPnP in Windows XP ............................................................................. 286
16.5 Using UPnP in Windows XP Example ............................................................................. 286
16.5.1 Auto-discover Your UPnP-enabled Network Device .............................................. 287
NBG410W3G Series User’s Guide
17
Table of Contents
16.5.2 Web Configurator Easy Access ............................................................................. 288
Chapter 17
Custom Application ..............................................................................................................291
17.1 Custom Application ......................................................................................................... 291
17.2 Custom Application Configuration ................................................................................... 291
Chapter 18
ALG Screen ...........................................................................................................................293
18.1 ALG Introduction ............................................................................................................. 293
18.1.1 ALG and NAT ......................................................................................................... 293
18.1.2 ALG and the Firewall .............................................................................................. 293
18.1.3 ALG and Multiple WAN .......................................................................................... 294
18.2 FTP .................................................................................................................................. 294
18.3 H.323 ............................................................................................................................... 294
18.4 RTP .................................................................................................................................. 294
18.4.1 H.323 ALG Details ................................................................................................. 294
18.5 SIP ................................................................................................................................... 295
18.5.1 STUN ..................................................................................................................... 295
18.5.2 SIP ALG Details ..................................................................................................... 296
18.5.3 SIP Signaling Session Timeout .............................................................................. 296
18.5.4 SIP Audio Session Timeout .................................................................................... 296
18.6 ALG Screen ..................................................................................................................... 296
Part VI: Logs and Maintenance........................................................... 299
Chapter 19
Logs Screens ........................................................................................................................301
19.1 Configuring View Log ...................................................................................................... 301
19.2 Log Description Example ................................................................................................. 302
19.2.1 About the Certificate Not Trusted Log .................................................................... 303
19.3 Configuring Log Settings ................................................................................................ 304
19.4 Configuring Reports ........................................................................................................ 307
19.4.1 Viewing Web Site Hits ............................................................................................ 309
19.4.2 Viewing Host IP Address ........................................................................................ 309
19.4.3 Viewing Protocol/Port ............................................................................................. 310
19.4.4 System Reports Specifications ............................................................................... 312
19.5 Log Descriptions .............................................................................................................. 312
19.6 Syslog Logs ..................................................................................................................... 323
Chapter 20
Maintenance ..........................................................................................................................325
18
NBG410W3G Series User’s Guide
Table of Contents
20.1 Maintenance Overview .................................................................................................... 325
20.2 General Setup and System Name ................................................................................... 325
20.2.1 General Setup ....................................................................................................... 325
20.3 Configuring Password .................................................................................................... 326
20.4 Time and Date ................................................................................................................ 327
20.5 Pre-defined NTP Time Server Pools ............................................................................... 330
20.5.1 Resetting the Time ................................................................................................. 330
20.5.2 Time Server Synchronization ................................................................................. 330
20.6 F/W Upload Screen ........................................................................................................331
20.7 Backup and Restore .......................................................................................................333
20.7.1 Backup Configuration ............................................................................................. 334
20.7.2 Restore Configuration ............................................................................................ 334
20.7.3 Back to Factory Defaults ........................................................................................ 335
20.8 Restart Screen ................................................................................................................ 336
Part VII: Troubleshooting and Specifications ................................... 337
Chapter 21
Troubleshooting....................................................................................................................339
21.1 Power, Hardware Connections, and LEDs ...................................................................... 339
21.2 ZyXEL Device Access and Login .................................................................................... 340
21.3 Internet Access ................................................................................................................ 342
21.4 3G Connection ................................................................................................................. 343
Chapter 22
Product Specifications.........................................................................................................345
22.1 General ZyXEL Device Specifications ............................................................................. 345
22.2 Wall-mounting Instructions .............................................................................................. 347
22.3 Power Adaptor Specifications .......................................................................................... 349
Part VIII: Appendices and Index ......................................................... 351
Appendix A Pop-up Windows, JavaScripts and Java Permissions ......................................353
Appendix B Setting up Your Computer’s IP Address............................................................361
Appendix C IP Addresses and Subnetting ...........................................................................377
Appendix D Common Services ............................................................................................385
Appendix E Wireless LANs ..................................................................................................389
NBG410W3G Series User’s Guide
19
Table of Contents
Appendix F Importing Certificates ........................................................................................403
Appendix G Legal Information ..............................................................................................415
Appendix H Customer Support............................................................................................. 419
Index.......................................................................................................................................425
20
NBG410W3G Series User’s Guide

List of Figures

List of Figures
Figure 1 3G WAN Application ................................................................................................................. 36
Figure 2 Secure Internet Access via Cable or DSL Modem ................................................................... 36
Figure 3 Front Panel ............................................................................................................................... 39
Figure 4 Login Screen ............................................................................................................................ 44
Figure 5 Change Password Screen ........................................................................................................ 44
Figure 6 Replace Certificate Screen ....................................................................................................... 44
Figure 7 Example Xmodem Upload ........................................................................................................ 46
Figure 8 HOME Screen .......................................................................................................................... 46
Figure 9 Web Configurator HOME Screen ............................................................................................ 47
Figure 10 HOME > Show Statistics ........................................................................................................ 55
Figure 11 HOME > Show Statistics > Line Chart .................................................................................... 56
Figure 12 HOME > DHCP Table ............................................................................................................. 57
Figure 13 Wizard Setup Welcome .......................................................................................................... 59
Figure 14 ISP Parameters: Ethernet Encapsulation ...............................................................................60
Figure 15 ISP Parameters: PPPoE Encapsulation ................................................................................. 61
Figure 16 ISP Parameters: PPTP Encapsulation ...................................................................................63
Figure 17 Internet Access Setup Complete ............................................................................................ 64
Figure 18 DMZ Overview ........................................................................................................................ 65
Figure 19 DMZ Tutorial: DMZ Setup ....................................................................................................... 66
Figure 20 DMZ Tutorial: NETWORK > DMZ > Static DHCP ................................................................. 67
Figure 21 DMZ Tutorial: NETWORK > DMZ .........................................................................................67
Figure 22 DMZ Tutorial: ADVANCED > NAT Overview .......................................................................... 68
Figure 23 DMZ Tutorial: ADVANCED > ALG .......................................................................................... 68
Figure 24 DMZ Tutorial: ADVANCED > NAT > Port Forwarding ............................................................ 69
Figure 25 DMZ Tutorial: SECURITY > Firewall > Rule Summary .......................................................... 70
Figure 26 DMZ Tutorial: NETWORK > Firewall > Rule Summary: Firewall - Edit ................................. 71
Figure 27 DMZ Tutorial: SECURITY > Firewall > Rule Summary Example ........................................... 72
Figure 28 Tutorial: H.323 Phone Setup .................................................................................................. 72
Figure 29 H.323 Tutorial: NETWORK > LAN > Static DHCP ................................................................. 73
Figure 30 H.323 Tutorial: ADVANCED > ALG ........................................................................................ 73
Figure 31 H.323 Tutorial: ADVANCED > NAT > Port Forwarding ........................................................... 74
Figure 32 H.323 Tutorial: SECURITY > Firewall > Rule Summary ........................................................ 74
Figure 33 H.323 Tutorial: SECURITY > Firewall > Rule Summary ....................................................... 76
Figure 34 H.323 Tutorial: SECURITY > Firewall > Rule Summary ........................................................ 77
Figure 35 Tutorial Example: Using NAT with Static Public IP Addresses ............................................... 78
Figure 36 Tutorial Example: WAN Connection with a Static Public IP Address ..................................... 79
Figure 37 Tutorial Example: WAN 1 Screen .......................................................................................... 79
Figure 38 Tutorial Example: DNS > System ........................................................................................... 80
NBG410W3G Series User’s Guide
21
List of Figures
Figure 39 Tutorial Example: DNS > System Edit-1 ...............................................................................80
Figure 40 Tutorial Example: DNS > System Edit-2 ...............................................................................81
Figure 41 Tutorial Example: DNS > System: Done ............................................................................... 81
Figure 42 Tutorial Example: Status ......................................................................................................... 82
Figure 43 Tutorial Example: Mapping Multiple Public IP Addresses to Inside Servers .......................... 83
Figure 44 Tutorial Example: NAT > NAT Overview ................................................................................84
Figure 45 Tutorial Example: NAT > Address Mapping ............................................................................ 85
Figure 46 Tutorial Example: NAT Address Mapping Edit: One-to-One (1) ............................................ 85
Figure 47 Tutorial Example: NAT Address Mapping Edit: One-to-One (2) ............................................ 86
Figure 48 Tutorial Example: NAT Address Mapping Edit: Many-to-One ............................................... 86
Figure 49 Tutorial Example: NAT Address Mapping Done ................................................................... 87
Figure 50 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer ............................ 88
Figure 51 Tutorial Example: NAT Address Mapping Edit: Server ......................................................... 88
Figure 52 Tutorial Example: NAT Port Forwarding ................................................................................. 89
Figure 53 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer ............................ 89
Figure 54 Tutorial Example: Firewall Default Rule ................................................................................ 90
Figure 55 Tutorial Example: Firewall Rule: WAN1 to LAN ..................................................................... 90
Figure 56 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Web Server ........................ 91
Figure 57 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Web Server ......................... 92
Figure 58 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Mail Server ......................... 93
Figure 59 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Mail Server .......................... 93
Figure 60 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for FTP Server ......................... 94
Figure 61 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for FTP Server .......................... 95
Figure 62 Tutorial Example: Firewall Rule Summary ............................................................................. 95
Figure 63 Tutorial Example: NAT Address Mapping Done: Game Playing .......................................... 97
Figure 64 LAN and WAN ..................................................................................................................... 101
Figure 65 NETWORK > LAN ................................................................................................................ 104
Figure 66 NETWORK > LAN > Static DHCP ........................................................................................ 107
Figure 67 Physical Network & Partitioned Logical Networks ................................................................ 108
Figure 68 NETWORK > LAN > IP Alias ................................................................................................ 108
Figure 69 NETWORK > LAN > Port Roles ............................................................................................110
Figure 70 Port Roles Change Complete ................................................................................................110
Figure 71 NETWORK > WAN General .................................................................................................113
Figure 72 NETWORK > WAN > WAN 1 (Ethernet Encapsulation) .....................................................117
Figure 73 NETWORK > WAN > WAN 1 (PPPoE Encapsulation) ........................................................ 121
Figure 74 NETWORK > WAN > WAN 1 (PPTP Encapsulation) .......................................................... 124
Figure 75 NETWORK > WAN > 3G (WAN 2) .................................................................................... 128
Figure 76 Traffic Redirect WAN Setup .................................................................................................. 132
Figure 77 Traffic Redirect LAN Setup ................................................................................................... 132
Figure 78 NETWORK > WAN > Traffic Redirect .................................................................................. 133
Figure 79 NETWORK > DMZ .............................................................................................................. 136
Figure 80 NETWORK > DMZ > Static DHCP ...................................................................................... 138
Figure 81 NETWORK > DMZ > IP Alias .............................................................................................. 140
22
NBG410W3G Series User’s Guide
List of Figures
Figure 82 DMZ Public Address Example .............................................................................................. 141
Figure 83 DMZ Private and Public Address Example .......................................................................... 142
Figure 84 NETWORK > DMZ > Port Roles ......................................................................................... 143
Figure 85 Example of a Wireless Network ........................................................................................... 147
Figure 86 WIRELESS > Wi-Fi > Wireless Card ................................................................................... 151
Figure 87 WIRELESS > Wi-Fi > Configuring SSID .............................................................................. 154
Figure 88 WIRELESS > Wi-Fi > Security ............................................................................................. 155
Figure 89 WIRELESS > Wi-Fi > Security: None ................................................................................... 156
Figure 90 WIRELESS > Wi-Fi > Security: WEP ................................................................................... 157
Figure 91 WIRELESS > Wi-Fi > Security: 802.1x Only ....................................................................... 158
Figure 92 WIRELESS > Wi-Fi > Security: 802.1x + Static WEP .......................................................... 159
Figure 93 WIRELESS > Wi-Fi > Security: WPA, WPA2 or WPA2-MIX ................................................ 160
Figure 94 WIRELESS > Wi-Fi > Security: WPA(2)-PSK ....................................................................... 161
Figure 95 WIRELESS > Wi-Fi > MAC Filter ......................................................................................... 163
Figure 96 Default Firewall Action .......................................................................................................... 167
Figure 97 SECURITY > FIREWALL > Default Rule ............................................................................ 168
Figure 98 Default Block Traffic From WAN1 to DMZ Example ......................................................... 169
Figure 99 Blocking All LAN to WAN IRC Traffic Example .................................................................... 171
Figure 100 Limited LAN to WAN IRC Traffic Example .......................................................................... 172
Figure 101 Using IP Alias to Solve the Triangle Route Problem .......................................................... 173
Figure 102 SECURITY > FIREWALL > Default Rule .......................................................................... 174
Figure 103 SECURITY > FIREWALL > Rule Summary ....................................................................... 176
Figure 104 SECURITY > FIREWALL > Rule Summary > Edit ............................................................ 178
Figure 105 SECURITY > FIREWALL > Anti-Probing ........................................................................... 180
Figure 106 Three-Way Handshake ....................................................................................................... 181
Figure 107 SECURITY > FIREWALL > Threshold ............................................................................ 182
Figure 108 SECURITY > FIREWALL > Service ................................................................................... 184
Figure 109 Firewall Edit Custom Service ............................................................................................. 185
Figure 110 My Service Firewall Rule Example: Service ...................................................................... 186
Figure 111 My Service Firewall Rule Example: Edit Custom Service .................................................. 187
Figure 112 My Service Firewall Rule Example: Rule Summary ........................................................... 187
Figure 113 My Service Firewall Rule Example: Rule Edit: Source and Destination Addresses .......... 188
Figure 114 My Service Firewall Rule Example: Edit Rule: Service Configuration ................................ 189
Figure 115 My Service Firewall Rule Example: Rule Summary: Completed ........................................ 190
Figure 116 SECURITY > AUTH SERVER > Local User Database ...................................................... 192
Figure 117 SECURITY > AUTH SERVER > RADIUS .......................................................................... 193
Figure 118 Certificates on Your Computer ............................................................................................ 196
Figure 119 Certificate Details ............................................................................................................... 197
Figure 120 Certificate Configuration Overview ..................................................................................... 197
Figure 121 SECURITY > CERTIFICATES > My Certificates ............................................................... 198
Figure 122 SECURITY > CERTIFICATES > My Certificates > Details ................................................. 200
Figure 123 SECURITY > CERTIFICATES > My Certificates > Export ................................................. 202
Figure 124 SECURITY > CERTIFICATES > My Certificates > Import ................................................. 204
NBG410W3G Series User’s Guide
23
List of Figures
Figure 125 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 ............................... 204
Figure 126 SECURITY > CERTIFICATES > My Certificates > Create (Basic) .................................... 205
Figure 127 SECURITY > CERTIFICATES > My Certificates > Create (Advanced) ............................. 206
Figure 128 SECURITY > CERTIFICATES > Trusted CAs ................................................................... 210
Figure 129 SECURITY > CERTIFICATES > Trusted CAs > Details .................................................... 212
Figure 130 SECURITY > CERTIFICATES > Trusted CAs > Import ..................................................... 215
Figure 131 SECURITY > CERTIFICATES > Trusted Remote Hosts .................................................... 216
Figure 132 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import ..................................... 217
Figure 133 SECURITY > CERTIFICATES > Trusted Remote Hosts > Details ..................................... 218
Figure 134 SECURITY > CERTIFICATES > Directory Servers ............................................................ 220
Figure 135 SECURITY > CERTIFICATES > Directory Server > Add ................................................... 221
Figure 136 How NAT Works ................................................................................................................. 227
Figure 137 NAT Application With IP Alias ............................................................................................ 228
Figure 138 Port Restricted Cone NAT Example ................................................................................... 229
Figure 139 ADVANCED > NAT > NAT Overview .................................................................................. 231
Figure 140 ADVANCED > NAT > Address Mapping ............................................................................. 233
Figure 141 ADVANCED > NAT > Address Mapping > Edit .................................................................. 234
Figure 142 Multiple Servers Behind NAT Example .............................................................................. 237
Figure 143 Port Translation Example ................................................................................................... 238
Figure 144 ADVANCED > NAT > Port Forwarding ............................................................................... 239
Figure 145 Trigger Port Forwarding Process: Example ........................................................................ 240
Figure 146 ADVANCED > NAT > Port Triggering ................................................................................. 241
Figure 147 Example of Static Routing Topology ................................................................................... 243
Figure 148 ADVANCED > STATIC ROUTE > IP Static Route .............................................................. 244
Figure 149 ADVANCED > STATIC ROUTE > IP Static Route > Edit .................................................... 245
Figure 150 ADVANCED > DNS > System DNS ................................................................................... 249
Figure 151 ADVANCED > DNS > Add (Address Record) .................................................................... 250
Figure 152 ADVANCED > DNS > Insert (Name Server Record) .......................................................... 251
Figure 153 ADVANCED > DNS > Cache ............................................................................................. 253
Figure 154 ADVANCED > DNS > DHCP .............................................................................................. 254
Figure 155 ADVANCED > DNS > DDNS .............................................................................................. 256
Figure 156 Secure and Insecure Remote Management From the WAN .............................................. 259
Figure 157 HTTPS Implementation ...................................................................................................... 261
Figure 158 ADVANCED > REMOTE MGMT > WWW .......................................................................... 262
Figure 159 Security Alert Dialog Box (Internet Explorer) ...................................................................... 263
Figure 160 Security Certificate 1 (Netscape) ........................................................................................ 264
Figure 161 Security Certificate 2 (Netscape) ........................................................................................ 264
Figure 162 Example: Lock Denoting a Secure Connection .................................................................. 265
Figure 163 Replace Certificate ............................................................................................................. 266
Figure 164 Device-specific Certificate .................................................................................................. 266
Figure 165 Common ZyXEL Device Certificate .................................................................................... 267
Figure 166 SSH Communication Over the WAN Example .................................................................. 267
Figure 167 How SSH Works ................................................................................................................. 268
24
NBG410W3G Series User’s Guide
List of Figures
Figure 168 ADVANCED > REMOTE MGMT > SSH ............................................................................. 269
Figure 169 SSH Example 1: Store Host Key ........................................................................................ 270
Figure 170 SSH Example 2: Test ........................................................................................................ 270
Figure 171 SSH Example 2: Log in ...................................................................................................... 271
Figure 172 Secure FTP: Firmware Upload Example ............................................................................ 272
Figure 173 ADVANCED > REMOTE MGMT > Telnet .......................................................................... 272
Figure 174 ADVANCED > REMOTE MGMT > FTP ............................................................................. 273
Figure 175 SNMP Management Model ................................................................................................ 275
Figure 176 ADVANCED > REMOTE MGMT > SNMP .......................................................................... 276
Figure 177 ADVANCED > REMOTE MGMT > DNS ............................................................................. 278
Figure 178 ADVANCED > REMOTE MGMT > CNM ............................................................................ 279
Figure 179 ADVANCED > UPnP .......................................................................................................... 282
Figure 180 ADVANCED > UPnP > Ports .............................................................................................. 283
Figure 181 ADVANCED > Custom APP ..............................................................................................292
Figure 182 H.323 ALG Example .......................................................................................................... 295
Figure 183 H.323 with Multiple WAN IP Addresses
Figure 184 SIP ALG Example ............................................................................................................. 296
Figure 185 ADVANCED > ALG ........................................................................................................... 297
Figure 186 LOGS > View Log ........................................................................................................... 301
Figure 187 myZyXEL.com: Download Center ...................................................................................... 303
Figure 188 myZyXEL.com: Certificate Download ................................................................................. 304
Figure 189 LOGS > Log Settings ......................................................................................................... 305
Figure 190 LOGS > Reports ................................................................................................................ 308
Figure 191 LOGS > Reports: Web Site Hits Example .......................................................................... 309
Figure 192 LOGS > Reports: Host IP Address Example ...................................................................... 310
Figure 193 LOGS > Reports: Protocol/Port Example ............................................................................311
Figure 194 MAINTENANCE > General Setup ...................................................................................... 326
Figure 195 MAINTENANCE > Password ............................................................................................ 327
Figure 196 MAINTENANCE > Time and Date ...................................................................................... 328
Figure 197 Synchronization in Process ................................................................................................ 330
Figure 198 Synchronization is Successful ............................................................................................ 331
Figure 199 Synchronization Fail ........................................................................................................... 331
Figure 200 MAINTENANCE > Firmware Upload .................................................................................. 332
Figure 201 Firmware Upload In Process .............................................................................................. 332
Figure 202 Network Temporarily Disconnected ....................................................................................333
Figure 203 Firmware Upload Error ....................................................................................................... 333
Figure 204 MAINTENANCE > Backup and Restore ............................................................................. 334
Figure 205 Configuration Upload Successful ....................................................................................... 335
Figure 206 Network Temporarily Disconnected ....................................................................................335
Figure 207 Configuration Upload Error ................................................................................................. 335
Figure 208 Reset Warning Message .................................................................................................... 336
Figure 209 MAINTENANCE > Restart ................................................................................................. 336
Figure 210 Wall-mounting Example ...................................................................................................... 348
............................................................................ 295
NBG410W3G Series User’s Guide
25
List of Figures
Figure 211 Masonry Plug and M4 Tap Screw .......................................................................................348
Figure 212 Pop-up Blocker ................................................................................................................... 353
Figure 213 Internet Options: Privacy .................................................................................................... 354
Figure 214 Internet Options: Privacy .................................................................................................... 355
Figure 215 Pop-up Blocker Settings ..................................................................................................... 355
Figure 216 Internet Options: Security ................................................................................................... 356
Figure 217 Security Settings - Java Scripting ....................................................................................... 357
Figure 218 Security Settings - Java ...................................................................................................... 357
Figure 219 Java (Sun) .......................................................................................................................... 358
Figure 220 Mozilla Firefox: Tools > Options ......................................................................................... 359
Figure 221 Mozilla Firefox Content Security ......................................................................................... 359
Figure 222 WIndows 95/98/Me: Network: Configuration ...................................................................... 362
Figure 223 Windows 95/98/Me: TCP/IP Properties: IP Address .......................................................... 363
Figure 224 Windows 95/98/Me: TCP/IP Properties: DNS Configuration .............................................. 364
Figure 225 Windows XP: Start Menu .................................................................................................... 365
Figure 226 Windows XP: Control Panel ............................................................................................... 365
Figure 227 Windows XP: Control Panel: Network Connections: Properties ......................................... 366
Figure 228 Windows XP: Local Area Connection Properties ............................................................... 366
Figure 229 Windows XP: Internet Protocol (TCP/IP) Properties .......................................................... 367
Figure 230 Windows XP: Advanced TCP/IP Properties ....................................................................... 368
Figure 231 Windows XP: Internet Protocol (TCP/IP) Properties .......................................................... 369
Figure 232 Macintosh OS 8/9: Apple Menu .......................................................................................... 370
Figure 233 Macintosh OS 8/9: TCP/IP ................................................................................................. 370
Figure 234 Macintosh OS X: Apple Menu ............................................................................................ 371
Figure 235 Macintosh OS X: Network .................................................................................................. 372
Figure 236 Red Hat 9.0: KDE: Network Configuration: Devices ......................................................... 373
Figure 237 Red Hat 9.0: KDE: Ethernet Device: General .................................................................. 373
Figure 238 Red Hat 9.0: KDE: Network Configuration: DNS ............................................................... 374
Figure 239 Red Hat 9.0: KDE: Network Configuration: Activate ........................................................ 374
Figure 240 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 ................................................ 375
Figure 241 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 ................................................... 375
Figure 242 Red Hat 9.0: DNS Settings in resolv.conf ........................................................................ 375
Figure 243 Red Hat 9.0: Restart Ethernet Card .................................................................................. 375
Figure 244 Red Hat 9.0: Checking TCP/IP Properties ....................................................................... 376
Figure 245 Network Number and Host ID ............................................................................................ 378
Figure 246 Subnetting Example: Before Subnetting ............................................................................ 380
Figure 247 Subnetting Example: After Subnetting ............................................................................... 381
Figure 248 Peer-to-Peer Communication in an Ad-hoc Network ......................................................... 389
Figure 249 Basic Service Set ............................................................................................................... 390
Figure 250 Infrastructure WLAN ........................................................................................................... 391
Figure 251 RTS/CTS ........................................................................................................................... 392
Figure 252 WPA(2) with RADIUS Application Example ....................................................................... 399
Figure 253 WPA(2)-PSK Authentication ............................................................................................... 400
26
NBG410W3G Series User’s Guide
List of Figures
Figure 254 Security Certificate ............................................................................................................. 403
Figure 255 Login Screen ...................................................................................................................... 404
Figure 256 Certificate General Information before Import .................................................................... 404
Figure 257 Certificate Import Wizard 1 ................................................................................................. 405
Figure 258 Certificate Import Wizard 2 ................................................................................................. 405
Figure 259 Certificate Import Wizard 3 ................................................................................................. 406
Figure 260 Root Certificate Store ......................................................................................................... 406
Figure 261 Certificate General Information after Import ....................................................................... 407
Figure 262 ZyXEL Device Trusted CA Screen ..................................................................................... 408
Figure 263 CA Certificate Example ...................................................................................................... 409
Figure 264 Personal Certificate Import Wizard 1 .................................................................................. 409
Figure 265 Personal Certificate Import Wizard 2 .................................................................................. 410
Figure 266 Personal Certificate Import Wizard 3 .................................................................................. 410
Figure 267 Personal Certificate Import Wizard 4 ...................................................................................411
Figure 268 Personal Certificate Import Wizard 5 ...................................................................................411
Figure 269 Personal Certificate Import Wizard 6 ...................................................................................411
Figure 270 Access the ZyXEL Device Via HTTPS ............................................................................... 412
Figure 271 SSL Client Authentication ................................................................................................... 412
Figure 272 ZyXEL Device Secure Login Screen .................................................................................. 412
NBG410W3G Series User’s Guide
27
List of Figures
28
NBG410W3G Series User’s Guide

List of Tables

List of Tables
Table 1 NBG410W3G Front Panel Lights .............................................................................................. 39
Table 2 NBG412W3G Front Panel Lights .............................................................................................. 40
Table 3 Title Bar: Web Configurator Icons ............................................................................................. 47
Table 4 Web Configurator HOME Screen .............................................................................................. 47
Table 5 Screens Summary .................................................................................................................... 52
Table 6 HOME > Show Statistics ........................................................................................................... 55
Table 7 HOME > Show Statistics > Line Chart ...................................................................................... 56
Table 8 HOME > DHCP Table ............................................................................................................... 57
Table 9 ISP Parameters: Ethernet Encapsulation ................................................................................. 60
Table 10 ISP Parameters: PPPoE Encapsulation ................................................................................. 61
Table 11 ISP Parameters: PPTP Encapsulation .................................................................................... 63
Table 12 NETWORK > LAN ................................................................................................................. 105
Table 13 NETWORK > LAN > Static DHCP ........................................................................................ 107
Table 14 NETWORK > LAN > IP Alias ................................................................................................ 109
Table 15 NETWORK > LAN > Port Roles .............................................................................................110
Table 16 NETWORK > WAN General ..................................................................................................114
Table 17 Private IP Address Ranges ....................................................................................................115
Table 18 NETWORK > WAN > WAN 1 (Ethernet Encapsulation) ........................................................118
Table 19 NETWORK > WAN > WAN 1 (PPPoE Encapsulation) ......................................................... 121
Table 20 NETWORK > WAN > WAN 1 (PPTP Encapsulation) ............................................................ 124
Table 21 2G, 2.5G, 2.75G, 3G and 3.5G Wireless Technologies ......................................................... 127
Table 22 NETWORK > WAN > 3G (WAN 2) ........................................................................................ 129
Table 23 NETWORK > WAN > Traffic Redirect ................................................................................... 133
Table 24 NETWORK > DMZ ................................................................................................................ 136
Table 25 NETWORK > DMZ > Static DHCP ........................................................................................ 138
Table 26 NETWORK > DMZ > IP Alias ............................................................................................... 140
Table 27 NETWORK > DMZ > Port Roles ...........................................................................................143
Table 28 Types of Encryption for Each Type of Authentication ........................................................... 150
Table 29 WIRELESS > Wi-Fi > Wireless Card .................................................................................... 152
Table 30 WIRELESS > Wi-Fi > Configuring SSID ............................................................................... 154
Table 31 Security Modes ..................................................................................................................... 155
Table 32 WIRELESS > Wi-Fi > Security .............................................................................................. 155
Table 33 WIRELESS > Wi-Fi > Security: None ................................................................................... 156
Table 34 WIRELESS > Wi-Fi > Security: WEP .................................................................................... 157
Table 35 WIRELESS > Wi-Fi > Security: 802.1x Only ......................................................................... 158
Table 36 WIRELESS > Wi-Fi > Security: 802.1x + Static WEP ........................................................... 159
Table 37 WIRELESS > Wi-Fi > Security: WPA, WPA2 or WPA2-MIX ................................................. 160
Table 38 WIRELESS > Wi-Fi > Security: WPA(2)-PSK ....................................................................... 161
NBG410W3G Series User’s Guide
29
List of Tables
Table 39 WIRELESS > Wi-Fi > MAC Filter .......................................................................................... 163
Table 40 Blocking All LAN to WAN IRC Traffic Example ..................................................................... 171
Table 41 Limited LAN to WAN IRC Traffic Example ............................................................................ 172
Table 42 SECURITY > FIREWALL > Default Rule .............................................................................. 174
Table 43 SECURITY > FIREWALL > Rule Summary .......................................................................... 176
Table 44 SECURITY > FIREWALL > Rule Summary > Edit ................................................................ 179
Table 45 SECURITY > FIREWALL > Anti-Probing .............................................................................. 181
Table 46 SECURITY > FIREWALL > Threshold .................................................................................. 183
Table 47 SECURITY > FIREWALL > Service ...................................................................................... 185
Table 48 SECURITY > FIREWALL > Service > Add ........................................................................... 186
Table 49 SECURITY > AUTH SERVER > Local User Database ......................................................... 193
Table 50 SECURITY > AUTH SERVER > RADIUS ............................................................................ 193
Table 51 SECURITY > CERTIFICATES > My Certificates .................................................................. 198
Table 52 SECURITY > CERTIFICATES > My Certificates > Details ................................................... 200
Table 53 SECURITY > CERTIFICATES > My Certificates > Export .................................................... 202
Table 54 SECURITY > CERTIFICATES > My Certificates > Import .................................................... 204
Table 55 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 .................................. 204
Table 56 SECURITY > CERTIFICATES > My Certificates > Create ................................................... 206
Table 57 SECURITY > CERTIFICATES > Trusted CAs ...................................................................... 210
Table 58 SECURITY > CERTIFICATES > Trusted CAs > Details ....................................................... 212
Table 59 SECURITY > CERTIFICATES > Trusted CAs Import ........................................................... 215
Table 60 SECURITY > CERTIFICATES > Trusted Remote Hosts ...................................................... 216
Table 61 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import ........................................ 217
Table 62 SECURITY > CERTIFICATES > Trusted Remote Hosts > Details ....................................... 219
Table 63 SECURITY > CERTIFICATES > Directory Servers .............................................................. 221
Table 64 SECURITY > CERTIFICATES > Directory Server > Add ..................................................... 221
Table 65 NAT Definitions ..................................................................................................................... 225
Table 66 NAT Mapping Types .............................................................................................................. 230
Table 67 ADVANCED > NAT > NAT Overview .................................................................................... 231
Table 68 ADVANCED > NAT > Address Mapping ............................................................................... 233
Table 69 ADVANCED > NAT > Address Mapping > Edit ..................................................................... 235
Table 70 Services and Port Numbers .................................................................................................. 236
Table 71 ADVANCED > NAT > Port Forwarding .................................................................................. 239
Table 72 ADVANCED > NAT > Port Triggering ................................................................................... 241
Table 73 ADVANCED > STATIC ROUTE > IP Static Route ................................................................ 245
Table 74 ADVANCED > STATIC ROUTE > IP Static Route > Edit ...................................................... 245
Table 75 ADVANCED > DNS > Add (Address Record) ....................................................................... 251
Table 76 ADVANCED > REMOTE MGMT > WWW ............................................................................. 262
Table 77 ADVANCED > REMOTE MGMT > SSH ............................................................................... 269
Table 78 ADVANCED > REMOTE MGMT > Telnet ............................................................................. 273
Table 79 ADVANCED > REMOTE MGMT > FTP ................................................................................ 274
Table 80 SNMP Traps .......................................................................................................................... 276
Table 81 ADVANCED > REMOTE MGMT > SNMP ............................................................................ 277
30
NBG410W3G Series User’s Guide
List of Tables
Table 82 ADVANCED > REMOTE MGMT > DNS ............................................................................... 278
Table 83 ADVANCED > REMOTE MGMT > CNM ............................................................................... 279
Table 84 ADVANCED > UPnP ............................................................................................................. 282
Table 85 ADVANCED > UPnP > Ports ................................................................................................ 283
Table 86 ADVANCED > Custom APP .................................................................................................. 292
Table 87 ADVANCED > ALG ............................................................................................................... 297
Table 88 LOGS > View Log ................................................................................................................. 302
Table 89 Log Description Example ...................................................................................................... 302
Table 90 LOGS > Log Settings ............................................................................................................ 306
Table 91 LOGS > Reports ................................................................................................................... 308
Table 92 LOGS > Reports: Web Site Hits Report ................................................................................ 309
Table 93 LOGS > Reports: Host IP Address ....................................................................................... 310
Table 94 LOGS > Reports: Protocol/ Port .............................................................................................311
Table 95 Report Specifications ............................................................................................................ 312
Table 96 System Maintenance Logs .................................................................................................... 312
Table 97 System Error Logs ................................................................................................................ 313
Table 98 Access Control Logs ............................................................................................................. 314
Table 99 TCP Reset Logs .................................................................................................................... 314
Table 100 Packet Filter Logs ............................................................................................................... 315
Table 101 ICMP Logs .......................................................................................................................... 315
Table 102 Remote Management Logs ................................................................................................. 315
Table 103 CDR Logs ........................................................................................................................... 316
Table 104 PPP Logs ............................................................................................................................ 316
Table 105 UPnP Logs .......................................................................................................................... 316
Table 106 Attack Logs ......................................................................................................................... 317
Table 107 3G Logs .............................................................................................................................. 318
Table 108 PKI Logs ............................................................................................................................. 319
Table 109 ACL Setting Notes .............................................................................................................. 321
Table 110 ICMP Notes ......................................................................................................................... 321
Table 111 Syslog Logs ......................................................................................................................... 323
Table 112 RFC-2408 ISAKMP Payload Types .................................................................................... 324
Table 113 MAINTENANCE > General Setup ....................................................................................... 326
Table 114 MAINTENANCE > Password ..............................................................................................327
Table 115 MAINTENANCE > Time and Date ....................................................................................... 328
Table 116 MAINTENANCE > Firmware Upload ................................................................................... 332
Table 117 Restore Configuration ......................................................................................................... 334
Table 118 Typical 3G transmission speeds ......................................................................................... 344
Table 119 Hardware Specifications ...................................................................................................... 345
Table 120 Firmware Specifications ...................................................................................................... 346
Table 121 Feature Specifications ......................................................................................................... 347
Table 122 IP Address Network Number and Host ID Example ........................................................... 378
Table 123 Subnet Masks ..................................................................................................................... 379
Table 124 Maximum Host Numbers .................................................................................................... 379
NBG410W3G Series User’s Guide
31
List of Tables
Table 125 Alternative Subnet Mask Notation ....................................................................................... 379
Table 126 Subnet 1 .............................................................................................................................. 381
Table 127 Subnet 2 .............................................................................................................................. 382
Table 128 Subnet 3 .............................................................................................................................. 382
Table 129 Subnet 4 .............................................................................................................................. 382
Table 130 Eight Subnets ...................................................................................................................... 382
Table 131 24-bit Network Number Subnet Planning ............................................................................ 383
Table 132 16-bit Network Number Subnet Planning ............................................................................ 383
Table 133 Commonly Used Services ................................................................................................... 385
Table 134 IEEE 802.11g ...................................................................................................................... 393
Table 135 Wireless Security Levels ..................................................................................................... 394
Table 136 Comparison of EAP Authentication Types .......................................................................... 397
Table 137 Wireless Security Relational Matrix .................................................................................... 400
32
NBG410W3G Series User’s Guide
PART I

Introduction

Getting to Know Your ZyXEL Device (35)
Introducing the Web Configurator (43)
Wizard Setup (59)
Tutorials (65)
33
34
CHAPTER 1
Getting to Know Your ZyXEL
Device
This chapter introduces the main features and applications of the ZyXEL Device.

1.1 Overview

The ZyXEL Device is a high-security 3G router with wireless capability.
Access the Internet with the 3G connection from any location with 3G coverage, with the option of using a wired WAN connection at the same time.
Enhance network security by adding a De-Militarized Zone (DMZ) to your network. This separates devices that are publicly accessible (and less secure) from your LAN.
Set up a local network with the four LAN ports and set up a wireless network with IEEE
802.11b or IEEE 802.11g compatible wireless devices. The ZyXEL Device provides the option to easily move devices from your LAN or wireless network to the DMZ.
The ZyXEL Device also provides NAT, port forwarding, DHCP server and many other powerful features.
The NBG410W3G and NBG412W3G offer similar features. However, the NBG410W3G also supports an internal 3G interface.
See Chapter 22 on page 345 for a complete list of features for both devices.

1.2 Applications for the ZyXEL Device

Here are some examples of what you can do with your ZyXEL Device.

1.2.1 3G WAN Application

With an activated, correctly inserted 3G SIM card you can use the ZyXEL Device to wirelessly access the Internet via a 3G base station. See Section 6.9 on page 126 for more information about 3G.
With both the primary WAN (physical WAN port) and 3G connections enabled, you can set one of the WAN connections as a backup.
NBG410W3G Series User’s Guide
35
Chapter 1 Getting to Know Your ZyXEL Device
Figure 1 3G WAN Application

1.2.2 Secure Broadband Internet Access via Cable or DSL Modem

For Internet access, connect the WAN Ethernet port to your existing Internet access gateway (company network, or your cable or DSL modem for example). Connect computers or servers to the LAN or DMZ ports for shared Internet access.
The ZyXEL Device guarantees not only high speed Internet access, but secure internal network protection and traffic management as well.
Figure 2 Secure Internet Access via Cable or DSL Modem

1.3 Ways to Manage the ZyXEL Device

Use any of the following methods to manage the ZyXEL Device.
36
• Web Configurator. This is recommended for everyday management of the ZyXEL Device using a (supported) web browser.
• Command Line Interface. Line commands are mostly used for troubleshooting by service engineers.
• FTP for firmware upgrades and configuration backup/restore.
NBG410W3G Series User’s Guide
Chapter 1 Getting to Know Your ZyXEL Device

1.4 Configuring Your ZyXEL Device’s Security Features

Your ZyXEL Device comes with a variety of security features. This section summarizes these features and provides links to sections in the User’s Guide to configure security settings on your ZyXEL Device. Follow the suggestions below to improve security on your ZyXEL Device and network.

1.4.1 Control Access to Your Device

Ensure only people with permission can access your ZyXEL Device.
• Control physical access by locating devices in secure areas, such as locked rooms. Most ZyXEL Devices have a reset button. If an unauthorized person has access to the reset button, they can then reset the device’s password to its default password, log in and reconfigure its settings.
• Change any default passwords on the ZyXEL Device, such as the password used for accessing the ZyXEL Device’s web configurator (if it has a web configurator). Use a password with a combination of letters and numbers and change your password regularly. Write down the password and put it in a safe place.
• Avoid setting a long timeout period before the ZyXEL Device’s web configurator automatically times out. A short timeout reduces the risk of unauthorized person accessing the web configurator while it is left idle.
See Chapter 20 on page 325 for instructions on changing your password and setting the timeout period.
• Configure remote management to control who can manage your ZyXEL Device. See
Section 15.1 on page 259 for more information. If you enable remote management, ensure
you have enabled remote management only on the IP addresses, services or interfaces you intended and that other remote management settings are disabled.

1.4.2 Wireless Security

Wireless devices are especially vulnerable to attack. If your ZyXEL Device has a wireless function, take the following measures to improve wireless security.
• Enable wireless security on your ZyXEL Device. Choose the most secure encryption method that all devices on your network support. If you have a RADIUS server, enable IEEE 802.1x or WPA(2) user identification on your network so users must log in. This method is more common in business environments.
• Hide your wireless network name (SSID). The SSID can be regularly broadcast and unauthorized users may use this information to access your network.
• Enable the MAC filter to allow only trusted users to access your wireless network or deny unwanted users access based on their MAC address.
See Section 8.2 on page 148 for directions on these wireless security measures.

1.4.3 Firewall

See Section 9.1 on page 167 for more information on the following security measures
• Ensure the firewall is turned on. Traffic initiated from your WAN is blocked by default.
NBG410W3G Series User’s Guide
37
Chapter 1 Getting to Know Your ZyXEL Device
• Set the firewall to block ICMP requests.
• Enable do not respond to requests for unauthorized services.
• If you have a backup gateway (for example, backup Internet access) on your network, disable the Bypass Triangle Routes feature and enable IP Alias to put your backup gateway on a different subnet.
• Avoid raising the maximum number of NAT sessions per host unnecessarily as it increases the possibility of unauthorized connections, such as connections caused by a computer virus.

1.4.4 NAT

• Enable NAT (Network Address Translation) to make devices on your network “invisible” to those outside your network (unless you configure port-forwarding rules for them).
• Applications such as games or file-sharing can be configured so they are visible from other networks by using port-forwarding. Ensure only applications you want are configured to port-forward.
See Section 12.1 on page 225 for instructions on these measures.

1.4.5 UPnP

• Disable UPnP (Universal Plug and Play) unless you specifically want applications (for example, games or file-sharing applications) on your network to pass through your firewall unchecked.
See Section 16.1 on page 281 for instructions on this measure.

1.5 Maintaining Your ZyXEL Device

Do the following things regularly to keep your ZyXEL Device running.
• Check the ZyXEL website (www.zyxel.com.tw) regularly for new firmware for your ZyXEL Device.
" Ensure you download the correct firmware for your model.
• Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes. If you forget your password, you will have to reset the ZyXEL Device to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the ZyXEL Device. You could simply restore your last configuration.
38
NBG410W3G Series User’s Guide
Chapter 1 Getting to Know Your ZyXEL Device

1.5.1 Front Panel Lights

Figure 3 Front Panel
The following tables describe the lights. Table 1 describes the light features in NBG410W3G, and Table 2 describes the light features in NBG412W3G.
Table 1 NBG410W3G Front Panel Lights
LED ICONS COLOR STATUS DESCRIPTION
POWER Off The ZyXEL Device is turned off.
Green On The ZyXEL Device is ready and running.
Flashing The ZyXEL Device is restarting.
Red On The power to the ZyXEL Device is too low.
LAN/DMZ 10/ 100
WAN Off The WAN connection is not ready, or has failed.
Wi-Fi Green Off The wireless connection through the built-in Wi-Fi card is not
Green On The ZyXEL Device has a successful 10Mbps Ethernet
Orange On The ZyXEL Device has a successful 100Mbps Ethernet
Green On The ZyXEL Device has a successful 10Mbps WAN
Orange On The ZyXEL Device has a successful 100Mbps WAN
Off The LAN/DMZ is not connected.
connection.
Flashing The 10M LAN is sending or receiving packets.
connection.
Flashing The 100M LAN is sending or receiving packets.
connection.
Flashing The 10M WAN is sending or receiving packets.
connection.
Flashing The 100M WAN is sending or receiving packets.
ready, or has failed.
On The wireless LAN through the built-in wireless LAN card is
ready.
Flashing The wireless LAN through the built-in wireless LAN card is
sending or receiving packets.
NBG410W3G Series User’s Guide
39
Chapter 1 Getting to Know Your ZyXEL Device
Table 1 NBG410W3G Front Panel Lights (continued)
LED ICONS COLOR STATUS DESCRIPTION
3G OPERATION
3G SIGNAL STRENGTH
Green On The ZyXEL Device has a successful 3G connection.
Flashing The ZyXEL Device has detected an available 3G network,
but has not yet connected to it.
Blue On The ZyXEL Device has a successful 3.5G connection
Flashing The ZyXEL Device has detected an available 3.5G network,
but has not yet connected to it.
Orange On The ZyXEL Device has a successful 2G or 2.5G connection
Flashing The ZyXEL Device has detected an available 2G or 2.5G
network, but has not yet connected to it.
Off One (or more) of the following has occurred.
The 3G function is not activated.
The ZyXEL Device is not registered with a 3G network.
Blue On The 3G signal is strong.
Green The 3G signal is moderate.
Orange The 3G signal is weak.
Off If the 3G OPERATION LED is not off, no 3G signal is
detected.
Table 2 NBG412W3G Front Panel Lights
LED ICONS COLOR STATUS DESCRIPTION
POWER Off The ZyXEL Device is turned off.
Green On The ZyXEL Device is ready and running.
Flashing The ZyXEL Device is restarting.
Red On The power to the ZyXEL Device is too low.
LAN/DMZ 10/ 100
WAN Off The WAN connection is not ready, or has failed.
Wi-Fi Green Off The wireless connection through the built-in Wi-Fi card is not
Green On The ZyXEL Device has a successful 10Mbps Ethernet
Orange On The ZyXEL Device has a successful 100Mbps Ethernet
Green On The ZyXEL Device has a successful 10Mbps WAN
Orange On The ZyXEL Device has a successful 100Mbps WAN
Off The LAN/DMZ is not connected.
connection.
Flashing The 10M LAN is sending or receiving packets.
connection.
Flashing The 100M LAN is sending or receiving packets.
connection.
Flashing The 10M WAN is sending or receiving packets.
connection.
Flashing The 100M WAN is sending or receiving packets.
ready, or has failed.
On The wireless LAN through the built-in wireless LAN card is
ready.
Flashing The wireless LAN through the built-in wireless LAN card is
sending or receiving packets.
40
NBG410W3G Series User’s Guide
Chapter 1 Getting to Know Your ZyXEL Device
Table 2 NBG412W3G Front Panel Lights (continued)
LED ICONS COLOR STATUS DESCRIPTION
3G MODE Green On The 3G function is activated.
Off The 3G function is not activated.
3G LINK Green On The ZyXEL Device has a successful 3G connection.
Off There is no 3G connection.
NBG410W3G Series User’s Guide
41
Chapter 1 Getting to Know Your ZyXEL Device
42
NBG410W3G Series User’s Guide
CHAPTER 2
Introducing the Web
Configurator
This chapter describes how to access the ZyXEL Device web configurator and provides an overview of its screens.

2.1 Web Configurator Overview

The web configurator is an HTML-based management interface that allows easy ZyXEL Device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
In order to use the web configurator you need to allow:
• Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2.
• JavaScripts (enabled by default).
• Java permissions (enabled by default).
See Appendix A on page 353 if you want to make sure these functions are allowed in Internet Explorer or Netscape Navigator.

2.2 Accessing the ZyXEL Device Web Configurator

1 Make sure your ZyXEL Device hardware is properly connected and prepare your
computer/computer network to connect to the ZyXEL Device (refer to the Quick Start Guide).
2 Launch your web browser. 3 Type "192.168.1.1" as the URL. 4 Type "1234" (default) as the password and click Login. In some versions, the default
password appears automatically - if this is the case, click Login.
NBG410W3G Series User’s Guide
43
Chapter 2 Introducing the Web Configurator
Figure 4 Login Screen
5 You should see a screen asking you to change your password (highly recommended) as
shown next. Type a new password (and retype it to confirm) and click Apply or click Ignore.
Figure 5 Change Password Screen
6 Click Apply in the Replace Certificate screen to create a certificate using your ZyXEL
Device’s MAC address that will be specific to this device.
" If you do not replace the default certificate here or in the CERTIFICATES
screen, this screen displays every time you access the web configurator.
Figure 6 Replace Certificate Screen
7 You should now see the HOME screen (see Figure 9 on page 47).
44
NBG410W3G Series User’s Guide
Chapter 2 Introducing the Web Configurator
" The management session automatically times out when the time period set in
the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyXEL Device if this happens to you.

2.3 Resetting the ZyXEL Device

If you forget your password or cannot access the web configurator, you will need to reload the factory-default configuration file or use the RESET button on the back of the ZyXEL Device. Uploading this configuration file replaces the current configuration file with the factory­default configuration file. This means that you will lose all configurations that you had previously and the speed of the console port will be reset to the default of 9600bps with 8 data bit, no parity, one stop bit and flow control set to none. The password will be reset to 1234, also.

2.3.1 Procedure To Use The Reset Button

Make sure the POWER LED is on (not blinking) before you begin this procedure.
1 Press the RESET button for ten seconds, and then release it. If the POWER LED begins
to blink, the defaults have been restored and the ZyXEL Device restarts. Otherwise, go to step 2.
2 Turn the ZyXEL Device off. 3 While pressing the RESET button, turn the ZyXEL Device on. 4 Continue to hold the RESET button. The POWER LED will begin to blink and flicker
very quickly after about 20 seconds. This indicates that the defaults have been restored and the ZyXEL Device is now restarting.
5 Release the RESET button and wait for the ZyXEL Device to finish restarting.

2.3.2 Uploading a Configuration File Via Console Port

1 Download the default configuration file from the ZyXEL FTP site, unzip it and save it in
a folder.
2 Turn off the ZyXEL Device, begin a terminal emulation software session and turn on the
ZyXEL Device again. When you see the message "Press Any key to enter Debug Mode within 3 seconds", press any key to enter debug mode.
3 Enter "y" at the prompt below to go into debug mode. 4 Enter "atlc" after "Enter Debug Mode" message. 5 Wait for "Starting XMODEM upload" message before activating Xmodem upload on
your terminal. This is an example Xmodem configuration upload using HyperTerminal.
NBG410W3G Series User’s Guide
45
Chapter 2 Introducing the Web Configurator
Figure 7 Example Xmodem Upload
Type the configuration file’s location, or click Browse to search for it.
Choose the Xmodem protocol.
Then click Send.
6 After successful firmware upload, enter "atgo" to restart the router.

2.4 Navigating the ZyXEL Device Web Configurator

The following summarizes how to navigate the web configurator from the HOME screen.
Figure 8 HOME Screen
A
C
B
D
As illustrated above, the main screen is divided into these parts:
A - title bar
B - main window
C - navigation panel
D - status bar

2.4.1 Title Bar

The title bar provides some icons in the upper right corner.
46
NBG410W3G Series User’s Guide
The icons provide the following functions.
Table 3 Title Bar: Web Configurator Icons
ICON DESCRIPTION

2.4.2 Main Window

The main window shows the screen you select in the navigation panel. It is discussed in more detail in the rest of this document.
Right after you log in, the HOME screen is displayed.
2.4.3 HOME Screen
This screen displays general status information about the ZyXEL Device.
Chapter 2 Introducing the Web Configurator
Wizard
Click this icon to open one of the web configurator wizards. See Chapter 3 on page
59 for more information.
Help
Click this icon to open the help page for the current screen.
WAN 2 refers to the 3G feature on the supported ZyXEL Device.
Figure 9 Web Configurator HOME Screen
The following table describes the labels in this screen.
Table 4 Web Configurator HOME Screen
LABEL DESCRIPTION
Automatic Refresh Interval
Refresh Click this button to update the status screen statistics immediately.
Select a number of seconds or None from the drop-down list box to update all screen statistics automatically at the end of every time interval or to not update the screen statistics.
NBG410W3G Series User’s Guide
47
Chapter 2 Introducing the Web Configurator
Table 4 Web Configurator HOME Screen (continued)
LABEL DESCRIPTION
System Information
System Name This is the System Name you enter in the MAINTENANCE > General screen. It
is for identification purposes. Click the field label to go to the screen where you can specify a name for this ZyXEL Device.
Model This is the model name of your ZyXEL Device.
Bootbase Version This is the bootbase version and the date created.
Firmware Version This is the ZyNOS firmware version and the date created. ZyNOS is ZyXEL's
proprietary Network Operating System design. Click the field label to go to the screen where you can upload a new firmware file.
Up Time This field displays how long the ZyXEL Device has been running since it last
started up. The ZyXEL Device starts up when you turn it on, when you restart it (MAINTENANCE > Restart), or when you reset it (see Section 2.3 on page 45).
System Time This field displays your ZyXEL Device’s present date (in yyyy-mm-dd format) and
time (in hh:mm:ss format) along with the difference from the Greenwich Mean Time (GMT) zone. The difference from GMT is based on the time zone. It is also adjusted for Daylight Saving Time if you set the ZyXEL Device to use it. Click the field label to go to the screen where you can modify the ZyXEL Device’s date and time settings.
Firewall This displays whether or not the ZyXEL Device’s firewall is activated. Click the
field label to go to the screen where you can turn the firewall on or off.
System Resources
Flash The first number shows how many megabytes of the flash the ZyXEL Device is
using.
Memory The first number shows how many megabytes of the heap memory the ZyXEL
Device is using. Heap memory refers to the memory that is not used by ZyNOS (ZyXEL Network Operating System) and is thus available for running processes like NAT and the firewall.
The second number shows the ZyXEL Device's total heap memory (in megabytes).
The bar displays what percent of the ZyXEL Device's heap memory is in use. The bar turns from green to red when the maximum is being approached.
Sessions The first number shows how many sessions are currently open on the ZyXEL
Device. This includes all sessions that are currently traversing the ZyXEL Device, terminating at the ZyXEL Device or Initiated from the ZyXEL Device
The second number is the maximum number of sessions that can be open at one time.
The bar displays what percent of the maximum number of sessions is in use. The bar turns from green to red when the maximum is being approached.
CPU This field displays what percentage of the ZyXEL Device’s processing ability is
Interfaces This is the port type.
currently used. When this percentage is close to 100%, the ZyXEL Device is running at full load, and the throughput is not going to improve anymore. If you want some applications to have more throughput, you should turn off other applications.
Click "+" to expand or "-" to collapse the IP alias drop-down lists. Hold your cursor over an interface’s label to display the interface’s MAC address. Click an interface’s label to go to the screen where you can configure settings for
that interface.
48
NBG410W3G Series User’s Guide
Chapter 2 Introducing the Web Configurator
Table 4 Web Configurator HOME Screen (continued)
LABEL DESCRIPTION
Status For the LAN and DMZ ports, this displays the port speed and duplex setting.
Ethernet port connections can be in half-duplex or full-duplex mode. Full-duplex refers to a device's ability to send and receive simultaneously, while half-duplex indicates that traffic can flow in only one direction at a time. The Ethernet port must use the same speed or duplex mode setting as the peer Ethernet port in order to connect.
For the WAN 1 port, it displays the port speed and duplex setting if you’re using Ethernet encapsulation or the remote node name for a PPP connection and Down (line is down or not connected), Idle (line (ppp) idle), Dial (starting to trigger a call) or Drop (dropping a call) if you’re using PPPoE encapsulation.
For the WAN 2 interface, it displays Connected when the 3G connection is up, Connecting when the 3G card is trying to connect to a network but has not received a response from the base station, Ready to Connect when the 3G connection is idle, Initializing when the ZyXEL Device is configuring the 3G card with AT commands, Disconnecting when the ZyXEL Device is dropping the 3G connection or Down when the 3G connection is down.
IP/Netmask This shows the port’s IP address and subnet mask.
IP Assignment For the WAN, if the ZyXEL Device gets its IP address automatically from an ISP,
this displays DHCP client when you’re using Ethernet encapsulation and IPCP Client when you’re using PPPoE or PPTP encapsulation. Static displays if the WAN port is using a manually entered static (fixed) IP address.
For the LAN or DMZ, DHCP server displays when the ZyXEL Device is set to automatically give IP address information to the computers connected to the LAN. DHCP relay displays when the ZyXEL Device is set to forward IP address assignment requests to another DHCP server. Static displays if the LAN port is using a manually entered static (fixed) IP address. In this case, you must have another DHCP server on your LAN, or else the computers must be manually configured.
Renew If you are using Ethernet encapsulation and the WAN port is configured to get the
IP address automatically from the ISP, click Renew to release the WAN port’s dynamically assigned IP address and get the IP address afresh. Click Dial to dial up the PPTP, PPPoE or 3G WAN connection. Click Drop to disconnect the PPTP, PPPoE or 3G WAN connection.
3G WAN Interface Status
show detail.../hide detail...
3G Connection Status
Service Provider This displays the name of your network service provider or Limited Service when
The fields below display when a 3G card is inserted and WAN 2 is enabled.
Click show detail... to see more information about the 3G connection and 3G card. Click hide detail... to display less information about the 3G connection and 3G card.
This displays Down when the 3G connection is down or not activated. This displays Initializing when the ZyXEL Device is configuring the 3G card with
AT commands. This displays Ready to Connect when the 3G connection is idle before the
ZyXEL Device triggers a call. This displays Connecting when the 3G card is trying to connect to a network but
has not received a response from the base station. This displays Connected when the 3G connection is up. This displays Disconnecting when the ZyXEL Device is dropping the 3G
connection. This field also displays the type of the network to which the ZyXEL Device is
connected. The network type varies depending on the 3G card you inserted and could be UMTS, HSDPA, GPRS or EDGE when you insert a GSM 3G card, or 1xRTT, EVDO Rev.0 or EVDO Rev.A when you insert a CDMA 3G card.
the signal strength is too low or the ISP is limiting your access.
NBG410W3G Series User’s Guide
49
Chapter 2 Introducing the Web Configurator
Table 4 Web Configurator HOME Screen (continued)
LABEL DESCRIPTION
Roaming Network This field is available only when you insert a 3G card that supports the roaming
feature. This displays whether the card is able to connect to other ISPs’ base stations.
Dormant State This field is available only when you insert a 3G card that supports the dormant
state. This displays whether the card is in dormant state. When there is no data
transmitting, a card does not send a radio signal and is in dormant state to reduce bandwidth usage.
Signal Strength This displays the signal strength of the wireless network in dBm. The status bar
shows the strength of the signal. The signal strength mainly depends on the antenna output power and the distance between your ZyXEL Device and the service provider’s base station. You can see a signal strength indication even when the ZyXEL Device does not have a 3G connection (because the signal is still there even when the ZyXEL Device is not using it).
Last Connection Up Time
Tx Bytes This displays the total number of data frames transmitted.
Rx Bytes This displays the total number of data frames received.
3G Card Manufacturer
3G Card Model This displays the model name of your 3G card.
3G Card Firmware Revision
3G Card IMEI This field is available only when you insert a GSM (Global System for Mobile
SIM Card IMSI This field is available only when you insert a GSM or UMTS 3G card.
3G Card ESN This field is available only when you insert a CDMA (Code Division Multiple
Enter PIN code again
Apply Click Apply to save the correct PIN code and replace the one you specified in the
PUK Code If you enter the PIN code incorrectly three times, the SIM card will be blocked by
This displays how long the 3G connection has been up.
This displays the manufacturer of your 3G card.
This displays the version of the firmware currently used in the 3G card.
Communications) or UMTS (Universal Mobile Telecommunications System) 3G card.
This displays the International Mobile Equipment Identity (IMEI) which is the serial number of the GSM or UMTS 3G wireless card. The IMEI is a unique 15­digit number used to identify a mobile device.
This displays the International Mobile Subscriber Identity (IMSI) stored in the SIM (Subscriber Identity Module) card. The SIM card is installed in a mobile device and used for authenticating a customer to the carrier network. The IMSI is a unique 15-digit number used to identify a user on a network.
Access) 3G card. This shows the ESN (Electronic Serial Number) of the inserted CDMA 3G card.
The ESN is the serial number of a CDMA 3G card and is similar to the IMEI on a GSM or UMTS 3G card.
If the PIN code you specified in the 3G (WAN 2) screen is not the right one for the card you inserted, this field displays allowing you to enter the correct PIN code. Enter the PIN code (four to eight digits) for the inserted 3G card.
3G (WAN 2) screen.
your ISP and you cannot use the account to access the Internet. You should get the PUK (Personal Unblocking Key) code (four to eight digits) from your ISP. Enter the PUK code to enable the SIM card. If an incorrect PUK code is entered 10 times, the SIM card will be disabled permanently. You then need to contact your ISP for a new SIM card.
50
NBG410W3G Series User’s Guide
Chapter 2 Introducing the Web Configurator
Table 4 Web Configurator HOME Screen (continued)
LABEL DESCRIPTION
New PIN Code Configure a PIN code for the SIM card. You can specify any four to eight digits to
have a new PIN code or enter the previous PIN code.
Confirm New PIN Code
Apply Click Apply to save your changes in this section.
Reset budget counters, resume budget control
Resume budget control
Disable budget control
Apply Click Apply to save your changes in this section.
Enter modem unlock code
Apply Click Apply to save your changes in this section.
Remaining Time Budget
Remaining Data Budget
Enter the PIN code again for confirmation.
This field displays if you have enabled budget control but insert a 3G card with a different user account from the one for which you configured budget control.
Select this option to have the ZyXEL Device do budget calculation starting from 0 but use the previous settings.
This field displays if you have enabled budget control but insert a 3G card with a different user account from the one for which you configured budget control.
Select this option to have the ZyXEL Device keep the existing statistics and continue counting.
This field displays if you have enabled budget control but insert a 3G card with a different user account from the one for which you configured budget control.
Select this option to disable budget control. If you want to enable and configure new budget control settings for the new user
account, go to the 3G (WAN 2) screen. The ZyXEL Device keeps the existing statistics if you do not change the budget
control settings. You could reinsert the original card and enable budget control to have the ZyXEL Device continue counting the budget control statistics.
This field only displays when you insert a 3G card and the internal modem on the 3G card is blocked.
Enter a key to enable the internal modem on your 3G card. By default, the key is the last four digits of your phone number used to dial up the 3G connection. Otherwise, you need to get the key from your service provider.
This field is available only when you enable budget control in the 3G (WAN 2) screen.
This shows the amount of time (in hours and minutes) the 3G connection can still be used before the ZyXEL Device takes the actions you specified in the 3G (WAN
2) screen.
This field is available only when you enable budget control in the Network > WAN > 3G (WAN 2) screen.
This shows how much data (in bytes) can still be transmitted through the 3G connection before the ZyXEL Device takes the actions you specified in the 3G (WAN 2) screen.
Note: The budget counters will not be reset when you restore the
Reset time and data budget counters
NBG410W3G Series User’s Guide
This button is available only when you enable budget control in the 3G (WAN 2) screen.
Click this button to reset the time and data budgets. The count starts over with the 3G connection’s full configured monthly time and data budgets. This does not affect the normal monthly budget restart.
factory defaults. The budget counters are saved to the flash every hour or when the 3G connection is dropped. If you restart the ZyXEL Device within one hour, any change in the counters will not be saved.
51
Chapter 2 Introducing the Web Configurator
Table 4 Web Configurator HOME Screen (continued)
LABEL DESCRIPTION
Latest Alerts This table displays the five most recent alerts recorded by the ZyXEL Device. You
can see more information in the View Log screen, such as the source and destination IP addresses and port numbers of the incoming packets.
Date/Time This is the date and time the alert was recorded.
Message This is the reason for the alert.
System Status
Port Statistics Click Port Statistics to see router performance statistics such as the number of
packets sent and number of packets received for each port.
DHCP Table Click DHCP Table to show current DHCP client information.
Bandwidth Click Bandwidth to view the ZyXEL Device’s bandwidth usage and allotments.

2.4.4 Navigation Panel

After you enter the password, use the sub-menus on the navigation panel to configure ZyXEL Device features.
The following table describes the sub-menus.
Table 5 Screens Summary
LINK TAB FUNCTION
HOME This screen shows the ZyXEL Device’s general device and
NETWORK
LAN LAN Use this screen to configure LAN DHCP and TCP/IP settings.
Static DHCP Use this screen to assign fixed IP addresses on the LAN.
IP Alias Use this screen to partition your LAN interface into subnets.
Port Roles Use this screen to change the LAN/DMZ port roles.
WAN General This screen allows you to configure operation mode, route priority
WAN1 Use this screen to configure the WAN1 connection for Internet
3G (WAN2) Use this screen to configure the WAN2 connection for Internet
Traffic Redirect
DMZ DMZ Use this screen to configure your DMZ connection.
Static DHCP Use this screen to assign fixed IP addresses on the DMZ.
IP Alias Use this screen to partition your DMZ interface into subnets.
Port Roles Use this screen to change the LAN/DMZ port roles on the ZyXEL
WIRELESS
3G (WAN2) 3G (WAN2) Use this screen to configure the WAN2 connection for Internet
network status information. Use this screen to access the wizards, statistics and DHCP table.
and connection test.
access.
access.
Use this screen to configure your traffic redirect properties and parameters.
Device.
access.
52
NBG410W3G Series User’s Guide
Chapter 2 Introducing the Web Configurator
Table 5 Screens Summary (continued)
LINK TAB FUNCTION
Wi-Fi Wireless Card Use this screen to configure the wireless LAN settings.
Security Use this screen to configure the Wi-Fi security settings.
MAC Filter Use this screen to change MAC filter settings on the ZyXEL
Device
SECURITY
FIREWALL Default Rule Use this screen to activate/deactivate the firewall and the direction
Rule Summary This screen shows a summary of the firewall rules, and allows you
Anti-Probing Use this screen to change your anti-probing settings.
Threshold Use this screen to configure the threshold for DoS attacks.
Service Use this screen to configure custom services.
CERTIFICATES My Certificates Use this screen to view a summary list of certificates and manage
Trusted CAs Use this screen to view and manage the list of the trusted CAs.
Trusted Remote Hosts
Directory Servers
AUTH SERVER Local User
Database
RADIUS Configure this screen to use an external server to authenticate
ADVANCED
NAT NAT Overview Use this screen to enable NAT.
Address Mapping
Port Forwarding
Port Triggering
STATIC ROUTE IP Static Route Use this screen to configure IP static routes.
DNS System Use this screen to configure the address and name server
Cache Use this screen to configure the DNS resolution cache.
DHCP Use this screen to configure LAN/DMZ DNS information.
DDNS Use this screen to set up dynamic DNS.
of network traffic to which to apply the rule
to edit/add a firewall rule.
certificates and certification requests.
Use this screen to view and manage the certificates belonging to the trusted remote hosts.
Use this screen to view and manage the list of the directory servers.
Use this screen to configure the local user account(s) on the ZyXEL Device.
wireless users.
Use this screen to configure network address translation mapping rules.
Use this screen to configure servers behind the ZyXEL Device.
Use this screen to change your ZyXEL Device’s port triggering settings.
records.
NBG410W3G Series User’s Guide
53
Chapter 2 Introducing the Web Configurator
Table 5 Screens Summary (continued)
LINK TAB FUNCTION
REMOTE MGMT
UPnP UPnP Use this screen to enable UPnP on the ZyXEL Device.
Custom APP Custom APP Use this screen to specify port numbers for the ZyXEL Device to
ALG ALG Use this screen to allow certain applications to pass through the
LOGS View Log Use this screen to view the logs for the categories that you
MAINTENANCE General This screen contains administrative.
LOGOUT Click this label to exit the web configurator.
WWW Use this screen to configure through which interface(s) and from
SSH Use this screen to configure through which interface(s) and from
TELNET Use this screen to configure through which interface(s) and from
FTP Use this screen to configure through which interface(s) and from
SNMP Use this screen to configure your ZyXEL Device’s settings for
DNS Use this screen to configure through which interface(s) and from
CNM Use this screen to configure and allow your ZyXEL Device to be
Ports Use this screen to view the NAT port mapping rules that UPnP
Log Settings Use this screen to change your ZyXEL Device’s log settings.
Reports Use this screen to have the ZyXEL Device record and display the
Password Use this screen to change your password.
Time and Date Use this screen to change your ZyXEL Device’s time and date.
F/W Upload Use this screen to upload firmware to your ZyXEL Device
Backup & Restore
Restart This screen allows you to reboot the ZyXEL Device without turning
which IP address(es) users can use HTTPS or HTTP to manage the ZyXEL Device.
which IP address(es) users can use Secure Shell to manage the ZyXEL Device.
which IP address(es) users can use Telnet to manage the ZyXEL Device.
which IP address(es) users can use FTP to access the ZyXEL Device.
Simple Network Management Protocol management.
which IP address(es) users can send DNS queries to the ZyXEL Device.
managed by the Vantage CNM server.
creates on the ZyXEL Device.
monitor for FTP, HTTP, SMTP, POP3, H323, and SIP traffic.
ZyXEL Device.
selected.
network usage reports.
Use this screen to backup and restore the configuration or reset the factory defaults to your ZyXEL Device.
the power off.
2.4.5 Port Statistics
Click Port Statistics in the HOME screen. Read-only information here includes port status and packet specific statistics. The Automatic Refresh Interval field is configurable.
54
NBG410W3G Series User’s Guide
Chapter 2 Introducing the Web Configurator
Figure 10 HOME > Show Statistics
The following table describes the labels in this screen.
Table 6 HOME > Show Statistics
LABEL DESCRIPTION
Click the icon to display the chart of throughput statistics.
Port These are the ZyXEL Device’s interfaces.
Status For the WAN interface(s), this displays the port speed and duplex setting if you’re
using Ethernet encapsulation or the remote node name for a PPP connection and Down (line is down or not connected), Idle (line (ppp) idle), Dial (starting to trigger a call) or Drop (dropping a call) if you’re using PPPoE encapsulation.
For the LAN or DMZ ports, this displays the port speed and duplex setting. For the Wi-Fi card, this displays the transmission rate when Wi-Fi is enabled or
Down when Wi-Fi is disabled.
TxPkts This is the number of transmitted packets on this port.
RxPkts This is the number of received packets on this port.
Tx B/s This displays the transmission speed in bytes per second on this port.
Rx B/s This displays the reception speed in bytes per second on this port.
Up Time This is the total amount of time the line has been up.
System Up Time This is the total time the ZyXEL Device has been on.
Automatic Refresh Interval
Refresh Click this button to update the screen’s statistics immediately.
Select a number of seconds or None from the drop-down list box to update all screen statistics automatically at the end of every time interval or to not update the screen statistics.
2.4.6 Show Statistics: Line Chart
Click the icon in the Show Statistics screen. This screen shows you a line chart of each port’s throughput statistics.
NBG410W3G Series User’s Guide
55
Chapter 2 Introducing the Web Configurator
Figure 11 HOME > Show Statistics > Line Chart
The following table describes the labels in this screen.
Table 7 HOME > Show Statistics > Line Chart
LABEL DESCRIPTION
Click the icon to go back to the Show Statistics screen.
Port Select the check box(es) to display the throughput statistics of the corresponding
B/s Specify the direction of the traffic for which you want to show throughput statistics in
Throughput Range
interface(s).
this table. Select Tx to display transmitted traffic throughput statistics and the amount of traffic
(in bytes). Select Rx to display received traffic throughput statistics and the amount of traffic (in bytes).
Set the range of the throughput (in B/s, KB/s or MB/s) to display. Click Set Range to save this setting back to the ZyXEL Device.
2.4.7 DHCP Table Screen
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another DHCP server on your LAN, or else the computer must be manually configured.
Click Show DHCP Table in the HOME screen. Read-only information here relates to your DHCP status. The DHCP table shows current DHCP client information (including IP Address, Host Name and MAC Address) of all network clients using the ZyXEL Device’s DHCP server.
56
NBG410W3G Series User’s Guide
Chapter 2 Introducing the Web Configurator
Figure 12 HOME > DHCP Table
The following table describes the labels in this screen.
Table 8 HOME > DHCP Table
LABEL DESCRIPTION
Interface Select LAN or DMZ to show the current DHCP client information for the specified
interface.
# This is the index number of the host computer.
IP Address This field displays the IP address relative to the # field listed above.
Host Name This field displays the computer host name.
MAC Address The MAC (Media Access Control) or Ethernet address on a LAN (Local Area
Network) is unique to your computer (six pairs of hexadecimal notation). A network interface card such as an Ethernet adapter has a hardwired address that is
assigned at the factory. This address follows an industry standard that ensures no other adapter has a similar address.
Reserve Select the check box in the heading row to automatically select all check boxes or
select the check box(es) in each entry to have the ZyXEL Device always assign the selected entry(ies)’s IP address(es) to the corresponding MAC address(es) (and host name(s)). You can select up to 128 entries in this table. After you click Apply, the MAC address and IP address also display in the corresponding LAN or DMZ Static DHCP screen (where you can edit them).
Refresh Click Refresh to reload the DHCP table.
NBG410W3G Series User’s Guide
57
Chapter 2 Introducing the Web Configurator
58
NBG410W3G Series User’s Guide
CHAPTER 3

Wizard Setup

This chapter provides information on the Wizard Setup screens in the web configurator.

3.1 Wizard Setup Overview

The web configurator's setup wizards help you configure Internet connection settings.
In the HOME screen, click the wizard icon screen. The following summarizes the wizards you can select:
• Internet Access Setup
Click this link to open a wizard to set up an Internet connection for WAN 1 (the WAN port) on the ZyXEL Device.
Figure 13 Wizard Setup Welcome

3.2 Internet Access

to open the Wizard Setup Welcome
The Internet access wizard screen has three variations depending on what encapsulation type you use. Refer to information provided by your ISP to know what to enter in each field. Leave a field blank if you don’t have that information.

3.2.1 ISP Parameters

The ZyXEL Device offers three choices of encapsulation. They are Ethernet, PPTP or PPPoE.
NBG410W3G Series User’s Guide
59
Chapter 3 Wizard Setup
The wizard screen varies according to the type of encapsulation that you select in the Encapsulation field.
3.2.1.1 Ethernet
For ISPs (such as Telstra) that send UDP heartbeat packets to verify that the customer is still online, please create a WAN-to-WAN/ZyXEL Device firewall rule for those packets. Contact your ISP to find the correct port number.
Choose Ethernet when the WAN port is used as a regular Ethernet port.
Figure 14 ISP Parameters: Ethernet Encapsulation
60
The following table describes the labels in this screen.
Table 9 ISP Parameters: Ethernet Encapsulation
LABEL DESCRIPTION
ISP Parameters for Internet Access
Encapsulation You must choose the Ethernet option when the WAN port is used as a regular
Ethernet. Otherwise, choose PPPoE or PPTP for a dial-up connection.
WAN IP Address Assignment
IP Address Assignment
My WAN IP Address
My WAN IP Subnet Mask
Select Dynamic If your ISP did not assign you a fixed IP address. This is the default selection.
Select Static If the ISP assigned a fixed IP address. The fields below are available only when you select Static.
Enter your WAN IP address in this field.
Enter the IP subnet mask in this field.
NBG410W3G Series User’s Guide
Table 9 ISP Parameters: Ethernet Encapsulation
LABEL DESCRIPTION
Gateway IP Address
First DNS Server Second DNS
Server
Back Click Back to return to the previous wizard screen.
Finish Click Finish to save your changes and go to the next screen.
Enter the gateway IP address in this field.
Enter the DNS server's IP address(es) in the field(s) to the right. Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do not
configure a DNS server, you must know the IP address of a machine in order to access it.
3.2.1.2 PPPoE Encapsulation
Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an IETF (Internet Engineering Task Force) standard specifying how a host personal computer interacts with a broadband modem (for example DSL, cable, wireless, etc.) to achieve access to high-speed data networks.
Figure 15 ISP Parameters: PPPoE Encapsulation
Chapter 3 Wizard Setup
The following table describes the labels in this screen.
Table 10 ISP Parameters: PPPoE Encapsulation
LABEL DESCRIPTION
ISP Parameter for Internet Access
Encapsulation Choose an encapsulation method from the pull-down list box. PPP over Ethernet
forms a dial-up connection.
Service Name Type the name of your service provider.
NBG410W3G Series User’s Guide
61
Chapter 3 Wizard Setup
Table 10 ISP Parameters: PPPoE Encapsulation (continued)
LABEL DESCRIPTION
User Name Type the user name given to you by your ISP.
Password Type the password associated with the user name above.
Retype to Confirm
Nailed-Up Select Nailed-Up if you do not want the connection to time out.
Idle Timeout Type the time in seconds that elapses before the router automatically disconnects
WAN IP Address Assignment
IP Address Assignment
My WAN IP Address
First DNS Server Second DNS
Server
Back Click Back to return to the previous wizard screen.
Finish Click Finish to save your changes and go to the next screen.
Type your password again for confirmation.
from the PPPoE server. The default time is 100 seconds.
Select Dynamic If your ISP did not assign you a fixed IP address. This is the default selection.
Select Static If the ISP assigned a fixed IP address. The fields below are available only when you select Static.
Enter your WAN IP address in this field.
Enter the DNS server's IP address(es) in the field(s) to the right. Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do not
configure a DNS server, you must know the IP address of a machine in order to access it.
3.2.1.3 PPTP Encapsulation
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfers of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/ IP-based networks.
PPTP supports on-demand, multi-protocol, and virtual private networking over public networks, such as the Internet.
" The ZyXEL Device supports one PPTP server connection at any given time.
62
NBG410W3G Series User’s Guide
Figure 16 ISP Parameters: PPTP Encapsulation
Chapter 3 Wizard Setup
The following table describes the labels in this screen.
Tabl e 11 ISP Parameters: PPTP Encapsulation
LABEL DESCRIPTION
ISP Parameters for Internet Access
Encapsulation Select PPTP from the drop-down list box. To configure a PPTP client, you must
configure the User Name and Password fields for a PPP connection and the PPTP parameters for a PPTP connection.
User Name Type the user name given to you by your ISP.
Password Type the password associated with the User Name above.
Retype to Confirm Type your password again for confirmation.
Nailed-Up Select Nailed-Up if you do not want the connection to time out.
Idle Timeout Type the time in seconds that elapses before the router automatically
disconnects from the PPTP server.
PPTP Configuration
My IP Address Type the (static) IP address assigned to you by your ISP.
My IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).
Server IP Address Type the IP address of the PPTP server.
NBG410W3G Series User’s Guide
63
Chapter 3 Wizard Setup
Tabl e 11 ISP Parameters: PPTP Encapsulation
LABEL DESCRIPTION
Connection ID/ Name
WAN IP Address Assignment
IP Address Assignment
My WAN IP Address
First DNS Server Second DNS
Server
Back Click Back to return to the previous wizard screen.
Finish Click Finish to save your changes and go to the next screen.
Enter the connection ID or connection name in this field. It must follow the "c:id" and "n:name" format. For example, C:12 or N:My ISP. This field is optional and depends on the requirements of your xDSL modem.
Select Dynamic If your ISP did not assign you a fixed IP address. This is the default selection.
Select Static If the ISP assigned a fixed IP address. The fields below are available only when you select Static.
Enter your WAN IP address in this field.
Enter the DNS server's IP address(es) in the field(s) to the right. Leave the field as 0.0.0.0 if you do not want to configure DNS servers. If you do
not configure a DNS server, you must know the IP address of a machine in order to access it.
3.2.2 Internet Access Wizard Setup Complete
The congratulations screen displays. Click Close to complete the Internet access setup.
Figure 17 Internet Access Setup Complete
64
NBG410W3G Series User’s Guide
CHAPTER 4

Tutorials

This section describes how to do the following.
1 Set up a DMZ (De-Militarized Zone). 2 Use an H.323 VoIP phone on your LAN. 3 Use NAT (Network Address Translation) with multiple public IP addresses. 4 Allow multiple game players to connect to the same server.

4.1 DMZ Overview

The DMZ is a separate network for devices that provide services to users on the Internet. Devices such as a web or e-mail server are more prone to security threats as they are more visible from the Internet and more frequently accessed than devices on your LAN. By placing such devices on a DMZ, you can better restrict access to the devices on your LAN.
The diagram shows servers on the DMZ which are open to public access but protected by the ZyXEL Device’s firewall. Devices which require greater security are located on the LAN.
Figure 18 DMZ Overview
DMZ
LAN
In this situation a file server is located in the DMZ. The file server is available for public access from the Internet and also from computers located on the LAN.
Internet
You can use either public or private IP addresses for your DMZ, however the DMZ must be on a different subnet or network from the LAN.
NBG410W3G Series User’s Guide
65
Chapter 4 Tutorials

4.2 DMZ Setup Example

In this example the DMZ uses private IP addresses and the default subnet mask of
255.255.255.0. (See Appendix C on page 377 for information on subnetting.) You can also use a static public IP address for your file server.
Figure 19 DMZ Tutorial: DMZ Setup
DMZ
192.168.2.0
LAN
192.168.1.0
Host
192.168.1.33
File server
192.168.2.33
Internet
WAN1: 123.11.11.11

4.2.1 Basic Setup

Follow these steps to set up your DMZ with a private or a public IP address.
4.2.1.1 Private IP Address
1 Click NETWORK > DMZ to open the DMZ screen. In the DMZ TCP/IP field type
your DMZ IP address in the IP address field. In the IP Subnet Mask field type the same subnet mask as that used on the LAN.
2 Select Server from the drop-down list in the DHCP field to have the ZyXEL Device
dynamically assign IP addresses to devices on the DMZ. In the IP Pool Starting Address field type the first available IP address for the DMZ subnetwork. In this example 192.168.2.33 is used. Skip to Section 4.2.1.3 on page 67.
4.2.1.2 Public IP Address
Either configure a static IP address on the server directly using the server’s operating system, or follow these steps to set up static DHCP on the ZyXEL Device.
1 Click NETWORK > DMZ > Static DHCP to open the Static DHCP screen. 2 Type the MAC address of the file server in the MAC Address field and a valid IP
address on your DMZ in the IP Address field. In this example the MAC address is 00:A0:C5:00:00:02 and the IP address is 192.168.2.33.
3 Click Apply. That completes setup of static DHCP on the ZyXEL Device.
66
NBG410W3G Series User’s Guide
Figure 20 DMZ Tutorial: NETWORK > DMZ > Static DHCP
4.2.1.3 Public and Private IP Addresses
1 In Windows Networking (NetBIOS over TCP/IP) select Allow between DMZ and
LAN. In this example, both the file server on the DMZ and a computer on the LAN use a Windows OS. Enable NetBIOS to allow LAN computers to use Windows programs such as Windows Explorer to access the server on the DMZ.
2 Click Apply.
Chapter 4 Tutorials
Figure 21 DMZ Tutorial: NETWORK > DMZ
3 Ensure NAT (Network Address Translation) is enabled on your WAN to allow the
ZyXEL Device to manage the IP addresses of traffic it routes between networks. Click ADVANCED > NAT. For your WAN connection select . In this example NAT is enabled in the Enable NAT field on WAN1 and SUA is selected. For more information on this screen see Chapter 12 on page 225.
NBG410W3G Series User’s Guide
67
Chapter 4 Tutorials
Figure 22 DMZ Tutorial: ADVANCED > NAT Overview
This completes basic setup of your DMZ.

4.2.2 Advanced Setup

In this scenario the file server runs an FTP (File Transfer Protocol) download service. Since FTP is not compatible with NAT, you can use the ALG (Application Layer Gateway) to manage FTP. (See Chapter 18 on page 293 for more information.)
To allow FTP sessions to be initiated by users on the WAN, port-forwarding is also required (see Section 12.5 on page 235 for more information) and for port-forwarding the file server needs a static IP address.
ALG Setup
To turn on the ZyXEL Device’s FTP ALG, click ADVANCED > ALG. Select Enable FTP ALG and click Apply.
Figure 23 DMZ Tutorial: ADVANCED > ALG
68
NBG410W3G Series User’s Guide
Chapter 4 Tutorials
Port Forwarding Setup
1 To configure port forwarding, first configure a static IP on the file server if you haven’t
already. See Section 4.2.1.2 on page 66.
2 Click ADVANCED > NAT > Port Forwarding to open the Port Forwarding screen. 3 In the WAN Interface field select the correct WAN for your network. This example uses
WAN1.
4 In the rule row you are configuring select Active. 5 In the Name field type a descriptive name for the port forwarding rule. This example
uses FTP.
6 In the Incoming Port(s) field type the port number used by the FTP application. This
example uses 69.
7 In the Server IP Address field type the IP address of your file server. This example uses
192.168.1.33.
8 Click Apply.
Figure 24 DMZ Tutorial: ADVANCED > NAT > Port Forwarding
This completes setup of NAT-incompatible services on the server in your DMZ. Now users can access the file server on your DMZ from the Internet.

4.3 Firewall Rule Setup

Your ZyXEL Device’s firewall default settings provide network security by allowing traffic from the WAN to your DMZ, and blocking traffic from the DMZ to the LAN. However, you can further enhance network security by defining firewall rules specifically for traffic from the WA N t o th e D MZ .
NBG410W3G Series User’s Guide
69
Chapter 4 Tutorials
You need to define two rules - one to drop all traffic from the WAN to the DMZ, the other to permit HTTP and FTP traffic from the WAN to the DMZ. This ensures that only HTTP and FTP traffic from the WAN to the DMZ is permitted and all other traffic is blocked.
If you have not already done so, define a static IP address for the file server (see step 1 on
page 69 for instructions).
1 Click SECURITY > Firewall > Rule Summary to display the Rule Summary screen.
2 The Rule Summary screen appears. Select WAN1 and DMZ from the drop-down list in
Figure 25 DMZ Tutorial: SECURITY > Firewall > Rule Summary
Use this screen to configure firewall rules on traffic between the file server and the WAN. In this example, traffic from WAN1 to the the file server is restricted to HTTP and FTP traffic.
the Packet Direction field and click Refresh. Click the Modify ( ) icon to add a new rule.
3 The Firewall - Edit screen appears. Type the name of the firewall rule in the Rule Name
field. In this example WAN12DMZ - DENY is used.
4 In the Edit Source Address section select Any Address in the drop-down box in the
Address Type field to define the source address of traffic from the Internet as any IP address.
5 In the Edit Destination Address section select Single Address in the drop-down box in
the Address Type field. Type the destination address of traffic in the Start IP Address field. In this case the WAN1 IP address is used - 123.23.23.23. If you are using a public static IP address for your web server, type the server’s IP address in this field.
6 Click Add so that the IP address appears in the Destination Address(es) field. 7 In the Edit Service section of the Firewall - Edit screen select Any so that they appear
in the Selected Service(s) field.
8 In the Action for Matched Packets field select Drop from the drop-down box. 9 In the Edit Service section select FTP and click the arrow icon. Then select HTTP and
click the arrow icon again so that FTP and HTTP appear in the Selected Service(s) field.
10 Click Apply.
70
NBG410W3G Series User’s Guide
Chapter 4 Tutorials
Figure 26 DMZ Tutorial: NETWORK > Firewall > Rule Summary: Firewall - Edit
11 Repeat the firewall rule setup procedure to set up a rule for WAN1 to DMZ traffic with
the same source and destination addresses. In the Edit Service section of the Firewall ­Edit screen select HTTP and FTP so that they appear in the Selected Service(s) field.
12 In the Action for Matched Packets field select Permit from the drop-down list and
click Apply.
13 In the Rule Summary screen select Any and Any from the drop-down list in the Packet
Direction fields and click Refresh to check your firewall rule settings.
NBG410W3G Series User’s Guide
71
Chapter 4 Tutorials
Figure 27 DMZ Tutorial: SECURITY > Firewall > Rule Summary Example
This completes setup of a firewall rules for the file server on your DMZ.

4.4 Setting Up a VoIP Phone with H.323

You can use the ZyXEL Device to manage calls from your VoIP enabled phone using H.323. The following diagram shows an example of a VoIP phone configured to make calls over the Internet.
Figure 28 Tutorial: H.323 Phone Setup
Internet
LAN: WAN:
192.168.1.33 123.23.23.23
To configure your ZyXEL Device to allow VoIP phone calls using your H.323 phone, you need to set up the H.323 ALG (Application Layer Gateway) and port forwarding, which in turn requires a fixed IP address for your phone.
IP Address Settings
Follow these steps to give your phone a fixed IP address.
1 Click NETWORK > LAN > Static DHCP to open the Static DHCP screen. 2 Type the MAC address of your device in the MAC Address field and a valid IP address
on your LAN in the IP Address field. In this example the MAC address is 00:A0:C5:00:00:02 and the IP address is 192.168.1.33.
3 Click Apply.
72
NBG410W3G Series User’s Guide
Chapter 4 Tutorials
Figure 29 H.323 Tutorial: NETWORK > LAN > Static DHCP
4 Click NETWORK > LAN to display the LAN screen. Ensure that Server is selected in
the drop-down box in the DHCP field.
Set up ALG
Follow these steps to set up ALG (Application Layer Gateway) to let your ZyXEL Device manage H.323 traffic. (For more information on ALG see Chapter 18 on page 293.)
1 Click ADVANCED > ALG to display the ALG screen. Select Enable H.323 ALG and
click Apply. This configures ALG (Application Layer Gateway) to manage H.323 traffic through your ZyXEL Device.
2 Click Apply.
Figure 30 H.323 Tutorial: ADVANCED > ALG
Set up Port Forwarding
1 Click ADVANCED > NAT > Port Forwarding to display the Port Forwarding screen. 2 Select the correct WAN for your network in the WAN Interface field. 3 Select Active in the rule row you are configuring. 4 Type a descriptive name for the port forwarding rule in the Name field. In this example
H.323 is used.
5 Type 1720 in the Incoming Port(s) field. This port number is used for the H.323
services.
NBG410W3G Series User’s Guide
73
Chapter 4 Tutorials
6 Type the IP address of your VoIP phone in the Server IP Address field. In this example
7 Click Apply.
Figure 31 H.323 Tutorial: ADVANCED > NAT > Port Forwarding
192.168.1.33 is used.
Set up a Firewall Rule
1 Click SECURITY > Firewall > Rule Summary to display the Rule Summary screen
and to configure firewall rules on traffic between the VoIP phone and the WAN. In this example, traffic between the file server and WAN1 is restricted to H.323 traffic.
2 The Rule Summary screen appears. Select DMZ and WAN1 from the drop-down list in
the Packet Direction field and click Refresh. Click the Modify ( ) icon to add a new rule.
Figure 32 H.323 Tutorial: SECURITY > Firewall > Rule Summary
3 The Firewall - Edit screen appears. Type the name of the firewall rule in the Rule Name
field. In this example LAN2WAN1 - H.323 is used.
4 In the Edit Source Address section select Single Address in the drop-down box in the
Address Type field. Type the source address of H.323 traffic in the Start IP Address
74
NBG410W3G Series User’s Guide
Chapter 4 Tutorials
field - 123.23.23.23 and click Add so that the IP address appears in the Destination Address(es) field. If you are using a H.323 server, use its IP address instead.
5 In the Edit Destination Address section select Single Address in the drop-down box in
the Address Type field. Type the destination address of H.323 traffic in the Start IP Address field - 192.168.1.33 and click Add so that the IP address appears in the Source Address(es) field.
6 In the Edit Service section select H.323 and click the arrow icon so that H.323 appears
in the Selected Service(s) field.
7 Click Apply.
NBG410W3G Series User’s Guide
75
Chapter 4 Tutorials
Figure 33 H.323 Tutorial: SECURITY > Firewall > Rule Summary
76
8 Repeat the firewall rule setup procedure to add a similar firewall rule for H.323 traffic
from the WAN to the LAN, using the same WAN IP address and LAN IP address settings.
9 In the Rule Summary screen select Any and Any from the drop-down list in the Packet
Direction fields and click Refresh to check your firewall rule settings.
NBG410W3G Series User’s Guide
Figure 34 H.323 Tutorial: SECURITY > Firewall > Rule Summary
That completes setup of your H.323 VoIP phone.

4.5 Using NAT with Multiple Public IP Addresses

This section shows you examples of how to set up your ZyXEL Device if you have more than one fixed (static) IP address from your ISP.
Chapter 4 Tutorials

4.5.1 Example Parameters and Scenario

The following table shows the public IP addresses from your ISP and your ZyXEL Device’s LAN IP address.
Public IP Addresses 1.2.3.4 to 1.2.3.7
ZyXEL Device’s LAN IP Address 192.168.1.1
The following figure shows the network you want to set up in this example.
• Assign the first public address (1.2.3.4) to the ZyXEL Device’s WAN 1 port.
• Map the second and third public IP addresses (1.2.3.5 and 1.2.3.6) to the web and mail servers (192.168.1.12 and 192.168.1.13) respectively for traffic in both directions.
• Map the first public address (1.2.3.4) to outgoing traffic from other local computers.
• Map the first public address (1.2.3.4) to incoming traffic from WAN 1.
• Forward FTP traffic using port 21 from WAN 1 to a specific local computer (192.168.1.39).
• The last public IP address (1.2.3.7) is not mapped to any device and is reserved for future use.
NBG410W3G Series User’s Guide
77
Chapter 4 Tutorials
Figure 35 Tutorial Example: Using NAT with Static Public IP Addresses
LAN
192.168.1.39
192.168.1.39
Web
192.168.1.12
FTP
Mail
192.168.1.13
Mapping rules:
192.168.1.12 <---> 1.2.3.5 (1-1)
192.168.1.13 <---> 1.2.3.6 (1-1) Other outgoing LAN traffic ---> 1.2.3.4 (M-1) Incoming traffic <--- 1.2.3.4 (Server)
192.168.1.1
FTP
1.2.3.4
1.2.3.5
1.2.3.6
1.2.3.7
WAN
To set up this network, we are going to:
1 Configure the WAN 1 connection to use the first public IP address (1.2.3.4). 2 Configure NAT address mapping for other public IP addresses (1.2.3.5 and 1.2.3.6). 3 Configure NAT port forwarding to forward FTP traffic from WAN 1 to a specific
computer on your local network.

4.5.2 Configuring the WAN Connection with a Static IP Address

The following table shows the information your ISP gave you for Internet connection.
Encapsulation PPPoE
Public IP Addresses 1.2.3.4
1.2.3.5
1.2.3.6
1.2.3.7
Gateway IP Address 1.2.3.89
Subnet Mask 255.255.255.0
User Name exampleuser
Password abcd1234
DNS Server 1.2.1.1
1.2.1.2
Follow the steps below to configure your ZyXEL Device for Internet access using PPPoE in this example.
78
NBG410W3G Series User’s Guide
Chapter 4 Tutorials
Figure 36 Tutorial Example: WAN Connection with a Static Public IP Address
LAN
192.168.1.1
1 Click NETWORK > WAN > WAN 1. 2 Select PPPoE (PPP over Ethernet) from the Encapsulation drop-down list box. 3 In the ISP Parameters for Internet Access section, enter the information (such as the
user name and password) provided by your ISP. If your ISP didn’t give you the service name, leave the field blank.
4 In the WA N IP Address Assignment section, select Use Fixed IP Address and enter
the first fixed public IP address (1.2.3.4 in this example).
5 Click Apply.
Figure 37 Tutorial Example: WAN 1 Screen
1.2.3.4
WAN
6 Click ADVANCED > DNS.
NBG410W3G Series User’s Guide
79
Chapter 4 Tutorials
7 The System screen displays. Click the Insert button to configure the IP address of the
Figure 38 Tutorial Example: DNS > System
8 Select Public DNS Server and enter the first DNS server’s IP address given by your ISP.
DNS server the ZyXEL Device can query to resolve domain names.
Click Apply.
Figure 39 Tutorial Example: DNS > System Edit-1
9 Enter the rule number (2) where you want to put the second record and click the Insert
button to configure the second DNS server’s IP address as follows. Click Apply.
" To resolve a domain name, theZyXEL Device checks it against the name
server record entries in the order that they appear in this list.
80
NBG410W3G Series User’s Guide
Figure 40 Tutorial Example: DNS > System Edit-2
10 The DNS > System screen should look as shown.
Figure 41 Tutorial Example: DNS > System: Done
Chapter 4 Tutorials
11 Go to the Home screen to check your WAN connection status. Make sure the status is
not down.
NBG410W3G Series User’s Guide
81
Chapter 4 Tutorials
Figure 42 Tutorial Example: Status

4.5.3 Public IP Address Mapping

To have the local computers and servers use specific WAN IP addresses, you need to map static public IP addresses to them.
" The one-to-one NAT address mapping rules are for both incoming and
outgoing connections. The ZyXEL Device forwards traffic that is initiated from either the LAN or the WAN to the destination IP address.
" The many-to-one or many-to-many NAT address mapping rules are for
outgoing connections only. That means only traffic initiated from the LAN or returned packets are allowed to go through the ZyXEL Device.
In this example, you create two one-to-one rules to map the internal web server (192.168.1.12) and mail server (192.168.1.13) to different static public IP addresses. The many-to-one rule maps a public IP address (1.2.3.4, that is, the ZyXEL Device’s WAN 1 IP address) to outgoing LAN traffic. It allows other local computers on the same subnet as the ZyXEL Device’s LAN IP address to use this IP address to access the Internet.
82
NBG410W3G Series User’s Guide
Chapter 4 Tutorials
Figure 43 Tutorial Example: Mapping Multiple Public IP Addresses to Inside Servers
LAN
192.168.1.39
192.168.1.39
Web
192.168.1.12
Mapping rules:
192.168.1.12 <---> 1.2.3.5 (1-1)
192.168.1.13 <---> 1.2.3.6 (1-1) Other outgoing LAN traffic ---> 1.2.3.4 (M-1)
1.2.3.4
1.2.3.5
1.2.3.6
1.2.3.7
Mail
192.168.1.13
WAN
" The ZyXEL Device applies the rules in the order that you specify. You should
put any one-to-one rules before a many-to-one rule.
1 Click ADVANCED > NAT. 2 Enable NAT and select Full Feature for the WAN 1 interface as you have multiple
public IP addresses to map to private IP addresses. Click Apply.
NBG410W3G Series User’s Guide
83
Chapter 4 Tutorials
Figure 44 Tutorial Example: NAT > NAT Overview
3 Click the Address Mapping tab. 4 Select WAN 1. 5 Click the first rule’s Edit icon ( ) in the Modify column to display the Address
Mapping Rule screen.
84
NBG410W3G Series User’s Guide
Figure 45 Tutorial Example: NAT > Address Mapping
Chapter 4 Tutorials
6 Map a public IP address to the web server.
Select the One-to-One type and enter 192.168.1.12 as the local start IP address and
1.2.3.5 as the global start IP address. Click Apply.
Figure 46 Tutorial Example: NAT Address Mapping Edit: One-to-One (1)
7 Click the second rule’s Edit icon ( ). 8 Map a public IP address to the mail server.
Select the One-to-One type and enter 192.168.1.13 as the local start IP address and
1.2.3.6 as the global start IP address. Click Apply.
NBG410W3G Series User’s Guide
85
Chapter 4 Tutorials
Figure 47 Tutorial Example: NAT Address Mapping Edit: One-to-One (2)
9 Click the third rule’s Edit icon ( ). 10 Map a public IP address to other outgoing LAN traffic.
Figure 48 Tutorial Example: NAT Address Mapping Edit: Many-to-One
Select the Many-to-One type and enter 192.168.1.1 as the local start IP address,
192.168.1.254 as the local end IP address and 1.2.3.4 as the global start IP address. Click Apply.
86
11 After the configurations, the Address Mapping screen looks as shown. You still have
one IP address (1.2.3.7) that can be assigned to another internal server when you expand your network.
NBG410W3G Series User’s Guide
Figure 49 Tutorial Example: NAT Address Mapping Done
Chapter 4 Tutorials
" To allow traffic from the WAN to be forwarded through the ZyXEL Device, you
must also create a firewall rule. Refer to Section 4.5.5 on page 89 for more information.

4.5.4 Forwarding Traffic from the WAN to a Local Computer

A server NAT address mapping rule allows computers behind the NAT be accessible to the outside world. To have the ZyXEL Device forward incoming traffic to a specific computer on your local network, you should also create a port forwarding (server mapping) rule.
In this example, you want to forward FTP traffic using port 21 to the computer with the IP address of 192.168.1.39.
NBG410W3G Series User’s Guide
87
Chapter 4 Tutorials
Figure 50 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer
LAN
192.168.1.39
192.168.1.39
Web
192.168.1.12
FTP
Mail
192.168.1.13
Mapping rules:
Incoming traffic <--- 1.2.3.4 (Server)
FTP
1.2.3.4
1.2.3.5
1.2.3.6
1.2.3.7
1 Click ADVANCED > NAT > Address Mapping. 2 Click the forth rule’s Edit icon ( ) to configure a server rule.
Figure 51 Tutorial Example: NAT Address Mapping Edit: Server
WAN
88
3 Click the Port Forwarding tab. 4 Select WAN 1. 5 Select the Active check box, enter a descriptive name (FTP for example), incoming port
number (21) and 192.168.1.39 as the server IP address. Click Apply.
NBG410W3G Series User’s Guide
Figure 52 Tutorial Example: NAT Port Forwarding
Chapter 4 Tutorials

4.5.5 Allow WAN-to-LAN Traffic through the Firewall

By default, the ZyXEL Device blocks any traffic initiated from the WAN to the LAN. To have the ZyXEL Device forward traffic initiated from WAN 1 to a local computer or server on the LAN, you need to configure a firewall rule to allow it.
In this example, you create the firewall rules to allow traffic from the WAN to the following servers on the LAN:
• Web server
• Mail server
• FTP server
Figure 53 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer
LAN
192.168.1.39
FTP
192.168.1.39
FTP
WAN
Web
192.168.1.12
NBG410W3G Series User’s Guide
192.168.1.13
Mail
89
Chapter 4 Tutorials
1 Click SECURITY > FIREWALL. 2 Make sure the firewall is enabled and traffic from WAN 1 to the LAN is dropped.
Figure 54 Tutorial Example: Firewall Default Rule
90
3 Go to the Rule Summary screen. 4 Select WAN1 to LAN as the packet direction and click Refresh. 5 Click the insert icon to create a new firewall rule.
Figure 55 Tutorial Example: Firewall Rule: WAN1 to LAN
NBG410W3G Series User’s Guide
Chapter 4 Tutorials
6 Configure a firewall rule to allow HTTP traffic from the WAN to the web server.
Enter a descriptive name (W-L_Web for example). Select Any in the Destination Address(es) box and click Delete. Select Single Address as the destination address type. Enter 192.168.1.12 and click Add.
Figure 56 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Web Server
7 Select HTTP(TCP:80) and HTTPS(TCP:443) in the Available Services box on the left,
and click >> to add them to the Selected Service(s) box on the right. Click Apply.
NBG410W3G Series User’s Guide
91
Chapter 4 Tutorials
Figure 57 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Web Server
8 Click the insert icon to configure a firewall rule to allow traffic from the WAN to the mail
server.
Enter a descriptive name (W-L_Mail for example). Select Any in the Destination Address(es) box and click Delete. Select Single Address as the destination address type. Enter 192.168.1.13 and click Add.
92
NBG410W3G Series User’s Guide
Chapter 4 Tutorials
Figure 58 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Mail Server
9 Select Any(All) in the Available Services box on the left, and click >> to add it to the
Selected Service(s) box on the right. Click Apply.
Figure 59 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Mail Server
NBG410W3G Series User’s Guide
93
Chapter 4 Tutorials
10 Click the insert icon to configure a firewall rule to allow FTP traffic from the WAN to
Enter a descriptive name (W-L_FTP for example). Select Any in the Destination Address(es) box and click Delete. Select Single Address as the destination address type. Enter 192.168.1.39 and click Add.
Figure 60 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for FTP Server
the FTP server.
11 Select FTP(TCP:20,21) in the Available Services box on the left, and click >> to add it
to the Selected Service(s) box on the right. Click Apply.
94
NBG410W3G Series User’s Guide
Chapter 4 Tutorials
Figure 61 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for FTP Server
12 When you are done, the Rule Summary screen looks as shown.
Figure 62 Tutorial Example: Firewall Rule Summary
NBG410W3G Series User’s Guide
95
Chapter 4 Tutorials

4.5.6 Testing the Connections

1 Open the web browser on one of the local computers and enter any web site’s URL in the
address bar. If you can access the web site, your WAN 1 connection and NAT address mapping are configured successfully. If you cannot access it, make sure you entered the correct information in the WAN and NAT Address Mapping screens. Also check that the Internet account is active and the computer’s IP address is in the same subnet as the ZyXEL Device.
2 Open your web browser and try accessing the web server (1.2.3.5) from the outside
network. If you cannot access the web server, make sure the NAT address mapping rule is configured correctly and there is a firewall rule to allow HTTP traffic from the WAN to the web server.
3 Try accessing the FTP server (1.2.3.4) from the outside network to send or retrieve a file.
If you cannot access the FTP server, make sure the NAT port forwarding rule is active and there is a firewall rule to allow FTP traffic from the WAN to FTP server.

4.6 Using NAT with Multiple Game Players

If two users (behind the ZyXEL Device) want to connect to the same server to play online games at the same time, but the server does not allow more than one login from the same IP address, you can configure a many-to-many rule instead of a many-to-one rule.
In this example, you have four static IP addresses (1.2.3.4 to 1.2.3.7) from your ISP. After you set up your WAN connection (see Section 4.5.2 on page 78), use the NAT > Address Mapping screen to map the third and forth public IP addresses to the mail server (192.168.1.12) and web server (192.168.1.13) respectively. The first and second public IP addresses are mapped to other outgoing LAN traffic. See Section 4.5.3 on page 82 for more information about IP address mapping.
When you finish configuration, the screen looks as shown.
96
NBG410W3G Series User’s Guide
Figure 63 Tutorial Example: NAT Address Mapping Done: Game Playing
Chapter 4 Tutorials
" To allow traffic from the WAN to be forwarded through the ZyXEL Device, you
must also create a firewall rule. Refer to Section 4.5.5 on page 89 for more information.
NBG410W3G Series User’s Guide
97
Chapter 4 Tutorials
98
NBG410W3G Series User’s Guide
PART II
LAN Screens (101)
WAN Screens (111)
DMZ Screens (135)

Network

99
100
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use