User manual AKAI GX-4000DB PARTS LIST

[. . . ] ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice. Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners. Copyright 3 P-334U/GX-4000DB User's Guide Certifications Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: · This device may not cause harmful interference. [. . . ] For example, if the keyword "bad" was enabled, all sites containing this keyword in the domain name or IP address will be blocked, e. g. , URL http://www. website. com/bad. html would be blocked. Select this check box to enable this feature. Restrict Web Features ActiveX Java Cookies Web Proxy Enable URL Keyword Blocking 134 Chapter 12 Content Filtering P-334U/GX-4000DB User's Guide Table 47 Content Filter: Filter LABEL Keyword Keyword List Add DESCRIPTION Type a keyword in this field. When you try to access a web page containing a keyword, you will get a message telling you that the content filter is blocking this request. Enter a message to be displayed when a user tries to access a restricted web site. Click Reset to begin configuring this screen afresh Delete Clear All Denied Access Message Apply Reset Message to display when a site is blocked. 12. 5 Schedule Click Security > Content Filter > Schedule. The following screen displays. Figure 81 Content Filter: Schedule Chapter 12 Content Filtering 135 P-334U/GX-4000DB User's Guide The following table describes the labels in this screen. Table 48 Content Filter: Schedule LABEL Day to Block DESCRIPTION Select check boxes for the days that you want the ZyXEL Device to perform content filtering. Select the Everyday check box to have content filtering turned on all days of the week. Time of Day to Block allows the administrator to define during which time periods content filtering is enabled. Time of Day to Block restrictions only apply to the keywords (see above). Restrict web server data, such as ActiveX, Java, Cookies and Web Proxy are not affected. Select All Day to have content filtering always active on the days selected in Day to Block with time of day limitations not enforced. The IPSec SA is established securely using the IKE SA that routers X and Y established first. The rest of this section discusses IKE SA and IPSec SA in more detail. 13. 1. 1 IKE SA (IKE Phase 1) Overview The IKE SA provides a secure connection between the ZyXEL Device and remote IPSec router. These modes are discussed in more detail in Negotiation Mode on page 143. 13. 1. 1. 1 IP Addresses of the ZyXEL Device and Remote IPSec Router In the ZyXEL Device, you have to specify the IP addresses of the ZyXEL Device and the remote IPSec router to establish an IKE SA. You can usually provide a static IP address or a domain name for the ZyXEL Device. Sometimes, your ZyXEL Device might also offer another alternative, such as using the IP address of a port or interface. You can usually provide a static IP address or a domain name for the remote IPSec router as well. Sometimes, you might not know the IP address of the remote IPSec router (for example, telecommuters). In this case, you can still set up the IKE SA, but only the remote IPSec router can initiate an IKE SA. 13. 1. 2 IKE SA Setup This section provides more details about IKE SAs. 140 Chapter 13 IPSec VPN P-334U/GX-4000DB User's Guide 13. 1. 2. 1 IKE SA Proposal The IKE SA proposal is used to identify the encryption algorithm, authentication algorithm, and Diffie-Hellman (DH) key group that the ZyXEL Device and remote IPSec router use in the IKE SA. In main mode, this is done in steps 1 and 2, as illustrated below. Figure 84 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal 1 2 The ZyXEL Device sends a proposal to the remote IPSec router. Each proposal consists of an encryption algorithm, authentication algorithm, and DH key group that the ZyXEL Device wants to use in the IKE SA. [. . . ] Threshold WEP 30500007 = 30500008 = 30500009 = 30500010 = 30500011 = 30500012 = 30500013 = Default Key WEP Key1 WEP Key2 WEP Key3 WEP Key4 Wlan Active Wlan 4X Mode <1|2|3|4> = 0 = = = = <0(Disable) | 1(Enable)> <0(Disable) | 1(Enable)> PVA <0(No) | 1(Yes)> <0(Allow) | 1(Deny)> =0 =0 */ MENU 3. 5. 1 WLAN MAC ADDRESS FILTER FIN 30501001 = 30501002 = 30501003 = FN Mac Filter Active Filter Action Address 1 INPUT =0 =0 = 00:00:00:00:0 0:00 = 00:00:00:00:0 0:00 = 00:00:00:00:0 0:00 . . . 32 = 00:00:00:00:0 0:00 30501004 = Address 2 30501005 = Address 3 Continued 30501034 = . . . Address Appendix H Internal SPTGEN 319 P-334U/GX-4000DB User's Guide Table 138 Menu 4 Internet Access Setup / Menu 4 Internet Access Setup FIN 40000000 = 40000001 = 40000002 = 40000003 = 40000004 = FN Configured ISP Active ISP's Name Encapsulation <2(PPPOE) | 3(RFC 1483)| 4(PPPoA )| 5(ENET ENCAP)> <1(LLC-based) | 2(VC-based) PVA <0(No) | 1(Yes)> <0(No) | 1(Yes)> <0(No) | 1(Yes)> INPUT =1 =1 =1 = ChangeMe =2 40000005 = 40000006 = 40000007 = 40000008 = 40000009 = 40000010 = 40000011 = 40000012 = 40000013 = 40000014 = 40000015 = 40000016 = 40000017 = 40000018 = 40000019 = 40000020 = 40000021 = 40000022 = 40000023 = 40000024 = 40000025 = 40000026 = Multiplexing VPI # VCI # Service Name My Login My Password Single User Account IP Address Assignment IP Address Remote IP address Remote IP subnet mask ISP incoming protocol filter set 1 ISP incoming protocol filter set 2 ISP incoming protocol filter set 3 ISP incoming protocol filter set 4 ISP outgoing protocol filter set 1 ISP outgoing protocol filter set 2 ISP outgoing protocol filter set 3 ISP outgoing protocol filter set 4 ISP PPPoE idle timeout Route IP Bridge =1 =0 = 35 <Str> <Str> <Str> <0(No) | 1(Yes)> = any = test@pqa = 1234 =1 <0(Static)|1(D = 1 ynamic)> = 0. 0. 0. 0 = 0. 0. 0. 0 =0 =6 = 256 = 256 = 256 = 256 = 256 = 256 = 256 =0 <0(No) | 1(Yes)> <0(No) | 1(Yes)> =1 =0 320 Appendix H Internal SPTGEN P-334U/GX-4000DB User's Guide Table 138 Menu 4 Internet Access Setup (continued) 40000027 = 40000028 = 40000029 = 40000030 = 40000031= ATM QoS Type Peak Cell Rate (PCR) Sustain Cell Rate (SCR) Maximum Burst Size(MBS) RIP Direction <0(None) | 1(Both) | 2(In Only) | 3(Out Only)> <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> <0(No) |1(Yes)> <0(CBR) | (1 (UBR)> =1 =0 =0 =0 =0 40000032= RIP Version =0 40000033= Nailed-up Connection =0 Table 139 Menu 12 / Menu 12. 1. 1 IP Static Route Setup FIN 120101001 = 120101002 = 120101003 = 120101004 = 120101005 = 120101006 = 120101007 = FIN 120108001 = 120108002 = 120108003 = 120108004 = 120108005 = 120108006 = 120108007 = FN IP Static Route set #1, Name IP Static Route set #1, Active IP Static Route set #1, Destination IP address IP Static Route set #1, Destination IP subnetmask IP Static Route set #1, Gateway IP Static Route set #1, Metric IP Static Route set #1, Private FN IP Static Route set #8, Name IP Static Route set #8, Active IP Static Route set #8, Destination IP address IP Static Route set #8, Destination IP subnetmask IP Static Route set #8, Gateway IP Static Route set #8, Metric IP Static Route set #8, Private <0(No) |1(Yes)> <0(No) |1(Yes)> PVA <Str> <0(No) |1(Yes)> PVA <Str> <0(No) |1(Yes)> INPUT = =0 = 0. 0. 0. 0 =0 = 0. 0. 0. 0 =0 =0 INPUT = =0 = 0. 0. 0. 0 =0 = 0. 0. 0. 0 =0 =0 / Menu 12. 1. 2 IP Static Route Setup Appendix H Internal SPTGEN 321 P-334U/GX-4000DB User's Guide Table 140 Menu 15 SUA Server Setup / Menu 15 SUA Server Setup FIN 150000001 = 150000002 = 150000003 = 150000004 = 150000005 = 150000006 = 150000007 = 150000008 = 150000009 = 150000010 = 150000011 = 150000012 = 150000013 = 150000014 = 150000015 = 150000016 = 150000017 = 150000018 = 150000019 = 150000020 = 150000021 = 150000022 = 150000023 = 150000024 = 150000025 = 150000026 = 150000027 = 150000028 = 150000029 = 150000030 = FN SUA Server IP address for default port SUA Server #2 Active SUA Server #2 Protocol SUA Server #2 Port Start SUA Server #2 Port End SUA Server #2 Local IP address SUA Server #3 Active SUA Server #3 Protocol SUA Server #3 Port Start SUA Server #3 Port End SUA Server #3 Local IP address SUA Server #4 Active SUA Server #4 Protocol SUA Server #4 Port Start SUA Server #4 Port End SUA Server #4 Local IP address SUA Server #5 Active SUA Server #5 Protocol SUA Server #5 Port Start SUA Server #5 Port End SUA Server #5 Local IP address SUA Server #6 Active SUA Server #6 Protocol SUA Server #6 Port Start SUA Server #6 Port End SUA Server #6 Local IP address SUA Server #7 Active SUA Server #7 Protocol SUA Server #7 Port Start SUA Server #7 Port End <0(No) | 1(Yes)> <0(All)|6(TCP)|17(U DP)> <0(No) | 1(Yes)> = 0 <0(All)|6(TCP)|17(U DP)> <0(No) | 1(Yes)> <0(All)|6(TCP)|17(U DP)> <0(No) | 1(Yes)> <0(All)|6(TCP)|17(U DP)> <0(No) | 1(Yes)> <0(All)|6(TCP)|17(U DP)> <0(No) | 1(Yes)> <0(All)|6(TCP)|17(U DP)> PVA INPUT = 0. 0. 0. 0 =0 =0 =0 =0 = 0. 0. 0. 0 =0 =0 =0 =0 = 0. 0. 0. 0 =0 =0 =0 =0 = 0. 0. 0. 0 =0 =0 =0 =0 = 0. 0. 0. 0 =0 =0 =0 =0 = 0. 0. 0. 0 =0 = 0. 0. 0. 0 =0 =0 322 Appendix H Internal SPTGEN P-334U/GX-4000DB User's Guide Table 140 Menu 15 SUA Server Setup (continued) 150000031 = 150000032 = 150000033 = 150000034 = 150000035 = 150000036 = 150000037 = 150000038 = 150000039 = 150000040 = 150000041 = 150000042 150000043 = 150000044 = 150000045 = 150000046 = 150000047 = 150000048 = 150000049 = 150000050 = 150000051 = 150000052 = 150000053 = 150000054 = 150000055 = 150000056 = SUA Server #7 Local IP address SUA Server #8 Active SUA Server #8 Protocol SUA Server #8 Port Start SUA Server #8 Port End SUA Server #8 Local IP address SUA Server #9 Active SUA Server #9 Protocol SUA Server #9 Port Start SUA Server #9 Port End SUA Server #9 Local IP address = SUA Server #10 Active SUA Server #10 Protocol SUA Server #10 Port Start SUA Server #10 Port End SUA Server #10 Local IP address SUA Server #11 Active SUA Server #11 Protocol SUA Server #11 Port Start SUA Server #11 Port End SUA Server #11 Local IP address SUA Server #12 Active SUA Server #12 Protocol SUA Server #12 Port Start SUA Server #12 Port End SUA Server #12 Local IP address <0(No) | 1(Yes)> <0(All)|6(TCP)|17(U DP)> <0(No) | 1(Yes)> <0(All)|6(TCP)|17(U DP)> <0(No) | 1(Yes)> <0(All)|6(TCP)|17(U DP)> <0(No) | 1(Yes)> <0(All)|6(TCP)|17(U DP)> <0(No) | 1(Yes)> <0(All)|6(TCP)|17(U DP)> = 0. 0. 0. 0 =0 =0 =0 =0 = 0. 0. 0. 0 =0 =0 =0 =0 = 0. 0. 0. 0 =0 =0 =0 =0 = 0. 0. 0. 0 =0 =0 =0 =0 = 0. 0. 0. 0 =0 =0 =0 =0 = 0. 0. 0. 0 Table 141 Menu 21. 1 Filter Set #1 / Menu 21 Filter set #1 FIN 210100001 = FIN 210101001 = FN Filter Set 1, Name FN IP Filter Set 1, Rule 1 Type PVA <Str> PVA <2(TCP/IP)> INPUT = INPUT =2 / Menu 21. 1. 1. 1 set #1, rule #1 Appendix H Internal SPTGEN 323 P-334U/GX-4000DB User's Guide Table 141 Menu 21. 1 Filter Set #1 (continued) 210101002 = 210101003 = 210101004 = 210101005 = 210101006 = 210101007 = IP Filter Set 1, Rule 1 Active IP Filter Set 1, Rule 1 Protocol IP Filter Set 1, Rule 1 Dest IP address IP Filter Set 1, Rule 1 Dest Subnet Mask IP Filter Set 1, Rule 1 Dest Port IP Filter Set 1, Rule 1 Dest Port Comp <0(none)|1(equal) |2(not equal)| 3(less)| 4(greater)> <0(No)|1(Yes)> =1 =6 = 0. 0. 0. 0 =0 = 137 =1 210101008 = 210101009 = 210101010 = 210101011 = IP Filter Set 1, Rule 1 Src IP address IP Filter Set 1, Rule 1 Src Subnet Mask IP Filter Set 1, Rule 1 Src Port IP Filter Set 1, Rule 1 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> <1(check next)|2(forward)| 3(drop)> <1(check next)|2(forward)| 3(drop)> PVA <2(TCP/IP)> <0(No)|1(Yes)> = 0. 0. 0. 0 =0 =0 =0 210101013 = IP Filter Set 1, Rule 1 Act Match =3 210101014 = IP Filter Set 1, Rule 1 Act Not Match =1 / Menu 21. 1. 1. 2 set #1, rule #2 FIN 210102001 = 210102002 = 210102003 = 210102004 = 210102005 = 210102006 = 210102007 = FN IP Filter Set 1, Rule 2 Type IP Filter Set 1, Rule 2 Active IP Filter Set 1, Rule 2 Protocol IP Filter Set 1, Rule 2 Dest IP address IP Filter Set 1, Rule 2 Dest Subnet Mask IP Filter Set 1, Rule 2 Dest Port IP Filter Set 1, Rule 2 Dest Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> INPUT =2 =1 =6 = 0. 0. 0. 0 =0 = 138 =1 210102008 = 210102009 = 210102010 = 210102011 = IP Filter Set 1, Rule 2 Src IP address IP Filter Set 1, Rule 2 Src Subnet Mask IP Filter Set 1, Rule 2 Src Port IP Filter Set 1, Rule 2 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> = 0. 0. 0. 0 =0 =0 =0 324 Appendix H Internal SPTGEN P-334U/GX-4000DB User's Guide Table 141 Menu 21. 1 Filter Set #1 (continued) 210102013 = IP Filter Set 1, Rule 2 Act Match <1(check next)|2(forward)| 3(drop)> <1(check next)|2(forward)| 3(drop)> =3 210102014 = IP Filter Set 1, Rule 2 Act Not Match =1 Table 142 Menu 21. 1 Filer Set #2, / Menu 21. 1 filter set #2, FIN 210200001 = FN Filter Set 2, Nam PVA <Str> INPUT = NetBIOS_WAN INPUT =1 =6 = 0. 0. 0. 0 =0 = 137 <0(none)|1(equal)|2 = 1 (not equal)|3(less)|4(gr eater)> = 0. 0. 0. 0 =0 =0 <0(none)|1(equal)|2 = 0 (not equal)|3(less)|4(gr eater)> <1(check =3 next)|2(forward)|3( drop)> <1(check =1 next)|2(forward)|3( drop)> PVA INPUT / Menu 21. 1. 2. 1 Filter set #2, rule #1 FIN 210201001 = 210201002 = 210201003 = 210201004 = 210201005 = 210201006 = 210201007 = FN IP Filter Set 2, Rule 1 Type IP Filter Set 2, Rule 1 Active IP Filter Set 2, Rule 1 Protocol IP Filter Set 2, Rule 1 Dest IP address IP Filter Set 2, Rule 1 Dest Subnet Mask IP Filter Set 2, Rule 1 Dest Port IP Filter Set 2, Rule 1 Dest Port Comp PVA <0(No)|1(Yes)> <0(none)|2(TCP/IP)> = 2 210201008 = 210201009 = 210201010 = 210201011 = IP Filter Set 2, Rule 1 Src IP address IP Filter Set 2, Rule 1 Src Subnet Mask IP Filter Set 2, Rule 1 Src Port IP Filter Set 2, Rule 1 Src Port Comp 210201013 = IP Filter Set 2, Rule 1 Act Match 210201014 = IP Filter Set 2, Rule 1 Act Not Match / Menu 21. 1. 2. 2 Filter set #2, rule #2 FIN FN Appendix H Internal SPTGEN 325 P-334U/GX-4000DB User's Guide Table 142 Menu 21. 1 Filer Set #2, (continued) 210202001 = 210202002 = 210202003 = 210202004 = 210202005 = 210202006 = 210202007 = IP Filter Set 2, Rule 2 Type IP Filter Set 2, Rule 2 Active IP Filter Set 2, Rule 2 Protocol IP Filter Set 2, Rule 2 Dest IP address IP Filter Set 2, Rule 2 Dest Subnet Mask IP Filter Set 2, Rule 2 Dest Port IP Filter Set 2, Rule 2 Dest Port Comp <0(none)|2(TCP/IP)> = 2 <0(No)|1(Yes)> =1 =6 = 0. 0. 0. 0 =0 = 138 <0(none)|1(equal)|2 = 1 (not equal)|3(less)|4(gr eater)> = 0. 0. 0. 0 =0 =0 <0(none)|1(equal)|2 = 0 (not equal)|3(less)|4(gr eater)> <1(check =3 next)|2(forward)|3( drop)> <1(check =1 next)|2(forward)|3( drop)> 210202008 = 210202009 = 210202010 = 210202011 = IP Filter Set 2, Rule 2 Src IP address IP Filter Set 2, Rule 2 Src Subnet Mask IP Filter Set 2, Rule 2 Src Port IP Filter Set 2, Rule 2 Src Port Comp 210202013 = IP Filter Set 2, Rule 2 Act Match 210202014 = IP Filter Set 2, Rule 2 Act Not Match Table 143 Menu 23 System Menus */ Menu 23. 1 System Password Setup FIN 230000000 = FIN 230200001 = 230200002 = 230200003 = 230200004 = FN System Password FN Authentication Server Configured Authentication Server Active Authentication Server IP Address Authentication Server Port PVA <0(No) | 1(Yes)> <0(No) | 1(Yes)> PVA INPUT = 1234 INPUT =1 =1 = 192. 168. 1. 32 = 1822 */ Menu 23. 2 System security: radius server 326 Appendix H Internal SPTGEN P-334U/GX-4000DB User's Guide Table 143 Menu 23 System Menus (continued) 230200005 = Authentication Server Shared Secret = 111111111111 111 111111111111 1111 <0(No) | 1(Yes)> <0(No) | 1(Yes)> =1 =1 = 192. 168. 1. 44 = 1823 = 1234 PVA <0(Authentication Required) |1(No Access Allowed) |2(No Authentication Required)> INPUT =2 230200006 = 230200007 = 230200008 = 230200009 = 230200010 = FIN 230400001 = Accounting Server Configured Accounting Server Active Accounting Server IP Address Accounting Server Port Accounting Server Shared Secret FN Wireless Port Control */ Menu 23. 4 System security: IEEE802. 1x 230400002 = 230400003 = 230400004 = ReAuthentication Timer (in second) Idle Timeout (in second) Authentication Databases <0(Local User Database Only) |1(RADIUS Only) |2(Local, RADIUS) |3(RADIUS, Local)> <0(8021x) |1(WPA) |2(WPAPSK)> <0(Disable) |1(64bit WEP) |2(128-bit WEP)> <0(Disable) |1(Enable)> <0(TKIP) |1(WEP)> = 555 = 999 =1 230400005 = 230400006 = Key Management Protocol Dynamic WEP Key Exchange =0 =0 230400007 = 230400008 = 230400009 = 230400010 = PSK = = =0 =0 =0 WPA Mixed Mode Data Privacy for Broadcast/ Multicast packets WPA Broadcast/Multicast Key Update Timer Table 144 Menu 24. 11 Remote Management Control / Menu 24. 11 Remote Management Control FIN 241100001 = FN TELNET Server Port PVA INPUT = 23 Appendix H Internal SPTGEN 327 P-334U/GX-4000DB User's Guide Table 144 Menu 24. 11 Remote Management Control (continued) 241100002 = 241100003 = 241100004 = 241100005 = 241100006 = 241100007 = 241100008 = 241100009 = TELNET Server Access TELNET Server Secured IP address FTP Server Port FTP Server Access FTP Server Secured IP address WEB Server Port WEB Server Access WEB Server Secured IP address <0(all)|1(none)|2(L = 0 an)|3(Wan)> = 0. 0. 0. 0 = 21 <0(all)|1(none)|2(L = 0 an)|3(Wan)> = 0. 0. 0. 0 = 80 <0(all)|1(none)|2(L = 0 an) |3(Wan)> = 0. 0. 0. 0 Command Examples The following are example Internal SPTGEN screens associated with the Prestige's command interpreter commands. Table 145 Command Examples FIN FN PVA INPUT /ci command (for annex a): wan adsl opencmd FIN 990000001 = FN ADSL OPMD PVA <0(glite)|1(t1. 413 )|2(gdmt)|3(multim ode)> PVA <0(etsi)|1(normal) |2(gdmt)|3(multimo de)> INPUT =3 /ci command (for annex B): wan adsl opencmd FIN 990000001 = FN ADSL OPMD INPUT =3 328 Appendix H Internal SPTGEN P-334U/GX-4000DB User's Guide APPENDIX I Triangle Route The Ideal Setup When the firewall is on, your Prestige acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the Prestige to protect your LAN against attacks. Figure 201 Ideal Setup The "Triangle Route" Problem A traffic route is a path for sending or receiving data packets between two Ethernet devices. [. . . ]