ZyXEL Router Prestige 334 User Manual
Have a look at the manual ZyXEL Router Prestige 334 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 3 ZyXEL manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Prestige 334 User’s Guide Chapter 11 Firewall130 • Configuring WA N or LAN & WAN access for services in the Remote Management screens or SMT menus. When you allow remote management from the WAN, you are actually configuring WAN-to-WAN/Prestige firewall rules. WAN-to-WAN/Prestige firewall rules are Internet to the Prestige WAN interface firewall rules. The default is to block all such traffic. When you decide what WAN-to-LAN packets to log, you are in fact deciding what WAN-to-LAN and WAN-to-WAN/Prestige packets to log. • Allow NetBIOS traffic from the WAN to the LAN using the WA N I P web screen or SMT menu 24.8 commands. Forwarded WAN-to-LAN packets are not considered alerts. 11.4 Services Click on the Services tab. The screen appears as shown next. Use this screen to enable service blocking, enter/delete/modify the services you want to block and the date/time you want to block them.
Prestige 334 User’s Guide 131Chapter 11 Firewall Figure 46 Firewall: Service The following table describes the labels in this screen. Table 36 Firewall: Service LABELDESCRIPTION Enable Services BlockingSelect this check box to enable this feature. Available ServiceThis is a list of pre-defined services (ports) you may prohibit your LAN computers from using. Select the port you want to block using the drop-down list and click Add to add the port to the Blocked Service field. Blocked ServiceThis is a list of services (ports) that will be inaccessible to computers on your LAN once you enable service blocking. Choose the IP port (TCP, UDP or TCP/ UDP) that defines your customized port from the drop down list box. Custom PortA custom port is a service that is not available in the pre-defined Available Services list and you must define using the next two fields. Ty p eServices are either TCP and/or UDP. Select from either TCP or UDP. Port NumberEnter the port number range that defines the service. For example, suppose you want to define the Gnutella service. Select TCP type and enter a port range from 6345-6349. AddSelect a service from the Available Services drop-down list and then click Add to add a service to the Blocked Service. DeleteSelect a service from the Blocked Services List and then click Delete to remove this service from the list.
Prestige 334 User’s Guide Chapter 11 Firewall132 Clear AllClick Clear All to empty the Blocked Service. Day to Block:Select a check box to configure which days of the week (or everyday) you want the content filtering to be active. Time of Day to Block (24-Hour Format)Select the time of day you want service blocking to take effect. Configure blocking to take effect all day by selecting the All Day check box. You can also configure specific times that by entering the start time in the Start (hr) and Start (min) fields and the end time in the End (hr) and End (min) fields. Enter times in 24-hour format, for example, 3:00pm should be entered as 15:00. ApplyClick Apply to save the settings. ResetClick Reset to start configuring this screen again. Table 36 Firewall: Service LABELDESCRIPTION
Prestige 334 User’s Guide Chapter 12 Content Filtering134 CHAPTER12 Content Filtering This chapter provides a brief overview of content filtering using the embedded WebGUI. 12.1 Introduction to Content Filtering Internet content filtering allows you to create and enforce Internet access policies tailored to their needs. Content filtering is the ability to block certain web features or specific URL keywords and should not be confused with packet filtering via SMT menu 21.1. To access these functions, from the Main Menu, click Content Filter to expand the Content Filter menus. 12.2 Restrict Web Features The Prestige can block web features such as ActiveX controls, Java applets, cookies and disable web proxies. 12.3 Days and Times The Prestige also allows you to define time periods and days during which the Prestige performs content filtering. 12.4 Configure Content Filtering Click Content Filter on the navigation panel, to open the following screen.
Prestige 334 User’s Guide 135Chapter 12 Content Filtering Figure 47 Content Filter The following table describes the labels in this screen. Table 37 Content Filter LABELDESCRIPTION Restrict Web FeaturesSelect the box(es) to restrict a feature. When you download a page containing a restricted feature, that part of the web page will appear blank or grayed out. ActiveX A tool for building dynamic and active Web pages and distributed object applications. When you visit an ActiveX Web site, ActiveX controls are downloaded to your browser, where they remain in case you visit the site again. JavaA programming language and development environment for building downloadable Web components or Internet and intranet business applications of all kinds. CookiesUsed by Web servers to track usage and provide service based on ID. Web ProxyA server that acts as an intermediary between a user and the Internet to provide security, administrative control, and caching service. When a proxy server is located on the WAN it is possible for LAN users to circumvent content filtering by pointing to this proxy server. Enable URL Keyword BlockingThe Prestige can block Web sites with URLs that contain certain keywords in the domain name or IP address. For example, if the keyword bad was enabled, all sites containing this keyword in the domain name or IP address will be blocked, e.g., URL http://www.website.com/bad.html would be blocked. Select this check box to enable this feature.
Prestige 334 User’s Guide Chapter 12 Content Filtering136 KeywordType a keyword in this field. You may use any character (up to 64 characters). Wildcards are not allowed. You can also enter a numerical IP address. Keyword ListThis list displays the keywords already added. Add Click Add after you have typed a keyword. Repeat this procedure to add other keywords. Up to 64 keywords are allowed. When you try to access a web page containing a keyword, you will get a message telling you that the content filter is blocking this request. DeleteHighlight a keyword in the lower box and click Delete to remove it. The keyword disappears from the text box after you click Apply. Clear AllClick this button to remove all of the listed keywords. Day to BlockSelect check boxes for the days that you want the Prestige to perform content filtering. Select the Everyday check box to have content filtering turned on all days of the week. Time of Day to BlockTime of Day to Block allows the administrator to define during which time periods content filtering is enabled. Time of Day to Block restrictions only apply to the keywords (see above). Restrict web server data, such as ActiveX, Java, Cookies and Web Proxy are not affected. Enter the time period, in 24-hour format, during which content filtering will be enforced. Select the All Day check box to have content filtering always active on the days selected in Day to Block with time of day limitations not enforced. ApplyClick Apply to save your changes. ResetClick Reset to begin configuring this screen afresh Table 37 Content Filter LABELDESCRIPTION
Prestige 334 User’s Guide 137Chapter 12 Content Filtering
Prestige 334 User’s Guide Chapter 13 Remote Management Screens 138 CHAPTER13 Remote Management Screens This chapter provides information on the Remote Management screens. 13.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. You may manage your Prestige from a remote location via: To disable remote management of a service, select Disable in the corresponding Server Access field. You may only have one remote management session running at a time. The Prestige automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts. The priorities for the different types of remote management sessions are as follows. 1Te l n e t 2HTTP 13.1.1 Remote Management Limitations Remote management over LAN or WAN will not work when: 1A filter in SMT menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service. Note: When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access. See the firewall chapters for details on configuring firewall rules • Internet (WAN only)• ALL (LAN and WAN) • LAN only• Neither (Disable). Note: When you Choose WAN only or ALL (LAN & WAN), you still need to configure a firewall rule to allow access.
Prestige 334 User’s Guide 139 Chapter 13 Remote Management Screens 2You have disabled that service in one of the remote management screens. 3The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the Prestige will disconnect the session immediately. 4There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time. 5There is a firewall rule that blocks it. 13.1.2 Remote Management and NAT When NAT is enabled: • Use the Prestige’s WAN IP address when configuring from the WAN. • Use the Prestige’s LAN IP address when configuring from the LAN. 13.1.3 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The Prestige automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling. You can change the timeout period in the System screen 13.2 Configuring WWW To change your Prestige’s World Wide Web settings, click REMOTE MGMT to display the WWW screen.