![Zyxel UAG4100 [353/617] Chapter 30 ipsec vpn](/img/pdf.png)
Zyxel UAG4100 [353/617] Chapter 30 ipsec vpn
![Zyxel UAG5100 [353/617] Chapter 30 ipsec vpn](/views2/1169090/page353/bg161.png)
Chapter 30 IPSec VPN
UAG Series User’s Guide
353
Encryption Select which key size and encryption algorithm to use in the IKE SA. Choices are:
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm
AES128 - a 128-bit key with the AES encryption algorithm
AES192 - a 192-bit key with the AES encryption algorithm
AES256 - a 256-bit key with the AES encryption algorithm
The UAG and the remote IPSec router must use the same key size and encryption
algorithm. Longer keys require more processing power, resulting in increased latency
and decreased throughput.
Authentication Select which hash algorithm to use to authenticate packet data in the IPSec SA.
Choices are SHA1, SHA256, SHA512 and MD5. SHA is generally considered stronger
than MD5, but it is also slower.
The remote IPSec router must use the same authentication algorithm.
Key Group Select which Diffie-Hellman key group (DHx) you want to use for encryption keys.
Choices are:
DH1 - use a 768-bit random number
DH2 - use a 1024-bit random number
DH5 - use a 1536-bit random number
The longer the key, the more secure the encryption, but also the longer it takes to
encrypt and decrypt information. Both routers must use the same DH key group.
NAT Traversal Select this if any of these conditions are satisfied.
• This IKE SA might be used to negotiate IPSec SAs that use ESP as the active
protocol.
• There are one or more NAT routers between the UAG and remote IPSec router, and
these routers do not support IPSec pass-thru or a similar feature.
The remote IPSec router must also enable NAT traversal, and the NAT routers have to
forward packets with UDP port 500 and UDP 4500 headers unchanged.
Dead Peer
Detection (DPD)
Select this check box if you want the UAG to make sure the remote IPSec router is
there before it transmits data through the IKE SA. The remote IPSec router must
support DPD. If there has been no traffic for at least 15 seconds, the UAG sends a
message to the remote IPSec router. If the remote IPSec router responds, the UAG
transmits the data. If the remote IPSec router does not respond, the UAG shuts down
the IKE SA.
If the remote IPSec router does not support DPD, see if you can use the VPN connection
connectivity check (see Section 30.2.1 on page 341).
X-Auth When multiple IPSec routers use the same VPN tunnel to connect to a single VPN tunnel
(telecommuters sharing a tunnel for example), use extended authentication to enforce
a user name and password check. This way even though they all know the VPN tunnel’s
security settings, each still has to provide a unique user name and password.
Enable Extended
Authentication
Select this if one of the routers (the UAG or the remote IPSec router) verifies a user
name and password from the other router using the local user database and/or an
external server.
Server Mode Select this if the UAG authenticates the user name and password from the remote
IPSec router. You also have to select the authentication method, which specifies how
the UAG authenticates this information.
Client Mode Select this radio button if the UAG provides a username and password to the remote
IPSec router for authentication. You also have to provide the User Name and the
Password.
Table 158 Configuration > VPN > IPSec VPN > VPN Gateway > Add/Edit (continued)
LABEL DESCRIPTION
Содержание
- Default login details 1
- Quick start guide 1
- Uag series 1
- Uag2100 uag4100 uag5100 1
- Unified access gateway 1
- User s guide 1
- Important 2
- Keep this guide for future reference 2
- Note it is recommended you use the web configurator to configure the uag 2
- Read carefully before use 2
- Related documentation 2
- Contents overview 3
- Chapter 1 introduction 0 5
- Chapter 2 hardware installation and connection 6 5
- Chapter 3 printer deployment 2 5
- Chapter 4 installation setup wizard 0 5
- Contents overview 5
- Table of contents 5
- Chapter 5 quick setup wizards 4 6
- Chapter 6 dashboard 0 6
- Chapter 7 monitor 1 7
- Chapter 8 licensing 31 7
- Chapter 10 interfaces 54 8
- Chapter 9 wireless 36 8
- Chapter 11 trunks 95 9
- Chapter 12 policy and static routes 03 9
- Chapter 13 ddns 14 9
- Chapter 14 nat 19 9
- Chapter 15 vpn 1 1 mapping 26 9
- Chapter 16 http redirect 31 10
- Chapter 17 smtp redirect 35 10
- Chapter 18 alg 39 10
- Chapter 19 upnp 41 10
- Chapter 20 ip mac binding 48 10
- Chapter 21 layer 2 isolation 53 11
- Chapter 22 ipnp 57 11
- Chapter 23 web authentication 59 11
- Chapter 24 rtls 86 11
- Chapter 25 security policy 89 12
- Chapter 26 billing 04 12
- Chapter 27 printer 22 12
- Chapter 28 free time 32 13
- Chapter 29 sms 36 13
- Chapter 30 ipsec vpn 38 13
- Chapter 31 bandwidth management 66 13
- Chapter 32 application patrol 76 13
- Chapter 33 content filtering 81 14
- Chapter 34 zones 95 14
- Chapter 35 user group 99 14
- Chapter 36 ap profile 14 14
- Chapter 37 mon profile 30 15
- Chapter 38 application 35 15
- Chapter 39 addresses 42 15
- Chapter 40 services 47 15
- Chapter 41 schedules 53 16
- Chapter 42 aaa server 59 16
- Chapter 43 authentication method 64 16
- Chapter 44 certificates 67 16
- Chapter 45 isp accounts 83 17
- Chapter 46 system 86 17
- Chapter 47 log and report 34 18
- Chapter 48 file manager 49 18
- Chapter 49 diagnostics 60 18
- Appendix a customer support 91 19
- Appendix b legal information 97 19
- Chapter 50 packet flow explore 72 19
- Chapter 51 reboot 81 19
- Chapter 52 shutdown 82 19
- Chapter 53 troubleshooting 83 19
- Index 04 19
- Introduction 20
- Overview 20
- Default zones interfaces and ports 21
- Management overview 21
- Uag2100 uag4100 21
- Uag5100 21
- Web configurator 21
- Command line interface cli 22
- Web configurator 22
- Web configurator access 23
- Web configurator screens overview 23
- B navigation panel 24
- C main window 24
- Chapter 1 introduction 24
- Click about to display basic information about the uag 24
- Figure 3 title bar 24
- Figure 4 about 24
- Label description 24
- Table 3 title bar web configurator icons 24
- Table 4 about 24
- The following table describes labels that can appear in this screen 24
- The title bar icons in the upper right corner provide the following functions 24
- Title bar 24
- Uag series user s guide 24
- Object reference 25
- Site map 25
- Chapter 1 introduction 26
- Cli messages 26
- Click clear to remove the currently displayed information 26
- Click cli to look at the cli commands sent by the web configurator open the pop up window and then click some menus in the web configurator to dislay the corresponding commands 26
- Figure 7 cli messages 26
- Label description 26
- Navigation panel 26
- See the command reference guide for information about the commands 26
- Table 5 object references 26
- The fields vary with the type of object the following table describes labels that can appear in this screen 26
- Uag series user s guide 26
- Use the navigation panel menu items to open status and configuration screens click the arrow in the middle of the right edge of the navigation panel to hide the panel or drag to resize it the following sections introduce the uag s navigation panel menus and their screens 26
- Chapter 1 introduction 27
- Dashboard 27
- Figure 8 navigation panel 27
- Folder or link tab function 27
- Monitor menu 27
- Table 6 monitor menu screens summary 27
- The dashboard displays general device information system status system resource usage licensed service status and interface status in widgets that you can re arrange to suit your needs see chapter 6 on page 80 for details on the dashboard 27
- The monitor menu screens display status and statistics information 27
- Uag series user s guide 27
- Chapter 1 introduction 28
- Configuration menu 28
- Folder or link tab function 28
- Table 6 monitor menu screens summary continued 28
- Table 7 configuration menu screens summary 28
- Uag series user s guide 28
- Use the configuration menu screens to configure the uag s features 28
- Chapter 1 introduction 29
- Folder or link tab function 29
- Table 7 configuration menu screens summary continued 29
- Uag series user s guide 29
- Chapter 1 introduction 30
- Folder or link tab function 30
- Table 7 configuration menu screens summary continued 30
- Uag series user s guide 30
- Chapter 1 introduction 31
- Folder or link tab function 31
- Maintenance menu 31
- Table 7 configuration menu screens summary continued 31
- Table 8 maintenance menu screens summary 31
- Uag series user s guide 31
- Use the maintenance menu screens to manage configuration and firmware files run diagnostics and reboot or shut down the uag 31
- Chapter 1 introduction 32
- Click a column heading to sort the table s entries according to that column s criteria 32
- Click the down arrow next to a column heading for more options about how to display the entries the options available vary depending on the type of fields in the column here are some examples of what you can do 32
- Figure 9 sorting table entries by a column s criteria 32
- Folder or link tab function 32
- Group entries by field 32
- Or or searching for text 32
- Select which columns to display 32
- Show entries in groups 32
- Sort in ascending or descending reverse alphabetical order 32
- Table 8 maintenance menu screens summary continued 32
- Tables and lists 32
- Uag series user s guide 32
- Web configurator tables and lists are flexible with several options for how to display their entries 32
- Chapter 1 introduction 34
- Figure 14 common table icons 34
- Figure 15 working with lists 34
- Here are descriptions for the most common table icons 34
- Label description 34
- Table 9 common table icons 34
- Uag series user s guide 34
- When a list of available entries displays next to a list of selected entries you can often just double click an entry to move it from one list to the other in some lists you can also use the shift or ctrl key to select multiple entries and then use the arrow button to move them to the other list 34
- Working with lists 34
- Stopping the uag 35
- Hardware installation and connection 36
- Rack mounting uag5100 36
- Be careful to avoid damaging pipes or cables located inside the wall when drilling holes for the screws 37
- Wall mounting uag2100 and uag4100 37
- Front panel 38
- Base t ports 39
- Console port uag5100 39
- Front panel leds 39
- Usb 2 ports 39
- Chapter 2 hardware installation and connection 40
- Led color status description 40
- Rear panel 40
- Table 11 front panel leds continued 40
- The following figure shows the rear panel of the uag 40
- The rear panel contains a console port a power switch and a connector for the power receptacle and four antennas 40
- Uag series user s guide 40
- Uag2100 or uag4100 40
- Console port 41
- Figure 20 rear panel uag5100 41
- Radio 1 2 ghz 41
- Radio 2 5 ghz 41
- Uag5100 41
- Attach the printer to the uag 42
- Overview 42
- Printer deployment 42
- Set up an internet connection on the uag 42
- Allow the uag to monitor and manage the printer 43
- General setting screen 46
- Turn on web authentication on the uag 46
- Generate a free guest account 47
- Installation setup wizard 50
- Internet settings 50
- Welcome screen 50
- Note enter the internet access information exactly as your isp gave it to you 51
- Internet settings ethernet 52
- Note enter the internet access information exactly as given to you by your isp 52
- Internet settings pppoe 53
- Isp parameters 53
- Note enter the internet access information exactly as given to you by your isp 53
- Internet settings pptp 54
- Note enter the internet access information exactly as given to you by your isp 54
- Wan ip address assignments 54
- Internet settings second wan interface 55
- Isp parameters 55
- Pptp configuration 55
- Wan ip address assignments 55
- Wireless and radio settings 56
- Wireless settings 56
- Note a view mobile version or view desktop version link displays on the login page if you enable web authentication 57
- Radio settings 57
- Web authentication settings 57
- Wireless settings 57
- Printer settings 58
- Billing settings 59
- Printer list 59
- Printer list and printout settings 59
- Printout 59
- Accounting method 60
- Accumulatio 60
- Billing profile 60
- Currency 60
- Account generator settings 61
- Free time settings 62
- Device registration 63
- Service screen to update your service subscription status 63
- Quick setup overview 64
- Quick setup wizards 64
- Choose an ethernet interface 65
- Select wan type 65
- Wan interface quick setup 65
- Configure wan ip settings 66
- Isp and wan connection settings 66
- Note enter the internet access information exactly as your isp gave it to you 66
- Assignment to static and or select pptp or pppoe enter the internet access information exactly as your isp gave it to you 67
- Chapter 5 quick setup wizards 67
- Figure 43 wan and isp connection settings pptp shown 67
- Label description 67
- Table 12 wan and isp connection settings 67
- The following table describes the labels in this screen 67
- Uag series user s guide 67
- Chapter 5 quick setup wizards 68
- Label description 68
- Quick setup interface wizard summary 68
- Table 12 wan and isp connection settings continued 68
- This screen displays the wan interface s settings 68
- Uag series user s guide 68
- Chapter 5 quick setup wizards 69
- Figure 44 interface wizard summary wan ethernet shown 69
- Label description 69
- Table 13 interface wizard summary wan 69
- The following table describes the labels in this screen 69
- Uag series user s guide 69
- Vpn setup wizard 70
- Welcome 70
- Vpn express wizard scenario 71
- Vpn setup wizard wizard type 71
- Vpn express wizard configuration 72
- Vpn express wizard summary 72
- Vpn express wizard finish 73
- Vpn advanced wizard scenario 74
- Note multiple sas connecting through a secure gateway must have the same negotiation mode 75
- Vpn advanced wizard phase 1 settings 75
- Note the remote ipsec device must also have nat traversal enabled see the help in the main ipsec vpn screens for more information 76
- Vpn advanced wizard phase 2 76
- Vpn advanced wizard summary 77
- Vpn advanced wizard finish 78
- Dashboard 80
- Overview 80
- The dashboard screen 80
- What you can do in this chapter 80
- Chapter 6 dashboard 81
- Figure 57 dashboard 81
- Label description 81
- Table 14 dashboard 81
- The following table describes the labels in this screen 81
- Uag series user s guide 81
- Chapter 6 dashboard 82
- Label description 82
- Table 14 dashboard continued 82
- Uag series user s guide 82
- Chapter 6 dashboard 83
- Label description 83
- Table 14 dashboard continued 83
- Uag series user s guide 83
- Chapter 6 dashboard 84
- Label description 84
- Table 14 dashboard continued 84
- Uag series user s guide 84
- Chapter 6 dashboard 85
- Label description 85
- Table 14 dashboard continued 85
- Uag series user s guide 85
- The cpu usage screen 86
- The memory usage screen 86
- The active sessions screen 87
- The dhcp table screen 88
- The vpn status screen 88
- Chapter 6 dashboard 89
- Dhcp table 89
- Label description 89
- The following table describes the labels in this screen 89
- The number of login users screen 89
- Uag series user s guide 89
- Use this screen to look at a list of the users currently logged into the uag users who close their browsers without logging out are still shown as logged in here to access this screen click number of login users in system status in the dashboard 89
- Chapter 6 dashboard 90
- Label description 90
- Number of login users 90
- The following table describes the labels in this screen 90
- Uag series user s guide 90
- Monitor 91
- Overview 91
- What you can do in this chapter 91
- The port statistics screen 92
- Chapter 7 monitor 93
- Label description 93
- Port statistics 93
- The following table describes the labels in this screen 93
- The port statistics graph screen 93
- Uag series user s guide 93
- Use this screen to look at a line graph of packet statistics for each physical port to access this screen click port statistics in the status screen and then the switch to graphic view button 93
- Chapter 7 monitor 94
- Interface status to access this screen 94
- Label description 94
- Switch to graphic view 94
- The following table describes the labels in this screen 94
- The interface status screen 94
- Uag series user s guide 94
- Chapter 7 monitor 95
- Each field is described in the following table 95
- Interface status 95
- Label description 95
- Uag series user s guide 95
- Chapter 7 monitor 96
- Interface status continued 96
- Label description 96
- Uag series user s guide 96
- The traffic statistics screen 97
- Chapter 7 monitor 98
- Label description 98
- Traffic statistics continued 98
- Uag series user s guide 98
- The session monitor screen 99
- Chapter 7 monitor 100
- Label description 100
- Session monitor 100
- The following table describes the labels in this screen 100
- Uag series user s guide 100
- The ddns status screen 101
- The ip mac binding monitor screen 101
- Chapter 7 monitor 102
- Ip mac binding 102
- Label description 102
- Login users 102
- The following table describes the labels in this screen 102
- The login users screen 102
- Uag series user s guide 102
- Chapter 7 monitor 103
- Dynamic guest accounts can be automatically generated for guest users by using a connected statement printer or the web configurator with the guest manager account see section 26 on page 308 for more information a dynamic guest account has a dynamically created user name 103
- Label description 103
- Login users 103
- Note you cannot use this button to terminate a user s session when he she accesses the uag through the console port 103
- The dynamic guest screen 103
- The following table describes the labels in this screen 103
- Uag series user s guide 103
- Chapter 7 monitor 104
- Dynamic guest 104
- Label description 104
- Note if you delete a valid user account which is in use the uag ends the user session 104
- Note once the time allocated to a dynamic account is used up or a dynamic account remains un used after the expiration time the account is deleted from the account list 104
- The following table describes the labels in this screen 104
- Uag series user s guide 104
- Chapter 7 monitor 105
- Dynamic guest icons 105
- Label description 105
- The following table describes the icons in this screen 105
- The following table describes the labels in this screen 105
- The upnp port status screen 105
- Uag series user s guide 105
- Upnp port status 105
- Chapter 7 monitor 106
- Label description 106
- The following table describes the labels in this screen 106
- The usb storage screen 106
- Uag series user s guide 106
- Upnp port status continued 106
- Usb storage 106
- Usb storage to display this screen 106
- Chapter 7 monitor 107
- Ethernet neighbor to see the following screen 107
- It uses smart connect that is link layer discovery protocol lldp for discovering and configuring lldp aware devices in the same broadcast domain as the uag that you re logged into using the web configurator 107
- Label description 107
- Lldp is a layer 2 protocol that allows a network device to advertise its identity and capabilities on the local network it also allows the device to maintain and store information from adjacent devices which are directly connected to the network device this helps you discover network changes and perform necessary network reconfiguration and management 107
- The ethernet neighbor screen 107
- The ethernet neighbor screen allows you to view the uag s neighboring devices in one place 107
- Uag series user s guide 107
- Usb storage continued 107
- Zon for more information on the zyxel one network zon utility that uses the zyxel discovery protocol zdp for discovering and configuring zdp aware zyxel devices in the same network as the computer on which the zon utility is installed 107
- Zon screen 107
- Chapter 7 monitor 108
- Ethernet neighbor 108
- Label description 108
- The following table describes the labels in this screen 108
- Uag series user s guide 108
- Ap list 109
- Chapter 7 monitor 109
- Label description 109
- The ap list screen 109
- The following table describes the labels in this screen 109
- Uag series user s guide 109
- Ap list continued 110
- Ap list icons 110
- Chapter 7 monitor 110
- Label description 110
- Station count of ap 110
- The following table describes the icons in this screen 110
- Uag series user s guide 110
- Use this screen to look at station statistics for the connected ap to access this screen select an entry and click the more information button in the ap list screen use this screen to look at 110
- Chapter 7 monitor 111
- Configuration information port status and station statistics for the connected ap to access this screen select an entry and click the more information button in the ap list screen 111
- Label description 111
- Station count of ap 111
- The following table describes the labels in this screen 111
- Uag series user s guide 111
- Chapter 7 monitor 112
- Label description 112
- Radio list 112
- Station count of ap continued 112
- The following table describes the labels in this screen 112
- The radio list screen 112
- Uag series user s guide 112
- Chapter 7 monitor 113
- Label description 113
- Radio list continued 113
- Uag series user s guide 113
- Ap mode radio information 114
- Ap mode radio information 115
- Chapter 7 monitor 115
- Label description 115
- Station info to access this screen 115
- Station list 115
- The following table describes the labels in this screen 115
- The station list screen 115
- Uag series user s guide 115
- Ap management screen in order to detect other wireless devices in its vicinity 116
- Chapter 7 monitor 116
- Detected device 116
- Detected device to access this screen 116
- Label description 116
- Station list 116
- The following table describes the labels in this screen 116
- Uag series user s guide 116
- Chapter 7 monitor 117
- Detected device 117
- Label description 117
- The following table describes the labels in this screen 117
- Uag series user s guide 117
- Chapter 7 monitor 118
- Label description 118
- Printer status 118
- Printer status to display this screen 118
- The following table describes the labels in this screen 118
- The printer status screen 118
- The vpn 1 1 mapping status screen 118
- This screen displays the status of the active users to which the uag applied a vpn 1 1 mapping rule 118
- Uag series user s guide 118
- Vpn 1 1 mapping to open the following screen 118
- Chapter 7 monitor 119
- Label description 119
- Statistics 119
- Statistics to display this screen 119
- The following table describes the labels in this screen 119
- Uag series user s guide 119
- Vpn 1 1 mapping 119
- Vpn 1 1 mapping statistics 119
- Chapter 7 monitor 120
- Each field is described in the following table 120
- Ipsec the following screen appears click a column s heading cell to sort the table entries by that column s criteria click the heading cell again to reverse the sort order 120
- Label description 120
- Statistics 120
- The following table describes the labels in this screen 120
- The ipsec monitor screen 120
- Uag series user s guide 120
- A in the middle of a vpn connection or policy name has the uag check the beginning and end and ignore the middle for example with abc 123 any vpn connection or policy name starting with abc and ending in 123 matches no matter how many characters are in between 121
- A question mark lets a single character in the vpn connection or policy name vary for example use a c without the quotation marks to specify abc acc and so on 121
- Application patrol provides a convenient way to manage the use of various applications on the network it manages general protocols for example http and ftp and instant messenger im peer to peer p2p voice over ip voip and streaming rstp applications you can even control 121
- Chapter 7 monitor 121
- Ipsec continued 121
- Label description 121
- Regular expressions in searching ipsec sas 121
- The app patrol screen 121
- The whole vpn connection or policy name has to match if you do not use a question mark or asterisk 121
- Uag series user s guide 121
- Wildcards let multiple vpn connection or policy names match the pattern for example use abc without the quotation marks to specify any vpn connection or policy name that ends with abc a vpn connection named testabc would match there could be any number of any type of characters in front of the abc at the end and the vpn connection or policy name would still match a vpn connection or policy name named testacc for example would not match 121
- App patrol 122
- App patrol to display the following screen this screen displays application patrol statistics based on the app patrol profiles bound to security policy profiles 122
- Chapter 7 monitor 122
- Label description 122
- The following table describes the labels in this screen 122
- The use of a particular application s individual features like text messaging voice video conferencing and file transfers 122
- Uag series user s guide 122
- Label description 123
- The content filter screen 123
- Chapter 7 monitor 124
- Content filter 124
- Label description 124
- The following table describes the labels in this screen 124
- Uag series user s guide 124
- Chapter 7 monitor 125
- Events that generate an alert as well as a log message display in red regular logs display in black click a column s heading cell to sort the table entries by that column s criteria click the heading cell again to reverse the sort order 125
- Label description 125
- Log messages are stored in two separate logs one for regular log messages and one for debugging messages in the regular log you can look at all the log messages by selecting all logs or you can select a specific category of log messages for example security policy control or user you can also look at the debugging log by selecting debug log all debugging messages have the same priority 125
- Log the log is displayed in the following screen 125
- Note when a log reaches the maximum number of log messages new log messages automatically overwrite existing log messages starting with the oldest existing log message first 125
- The following table describes the labels in this screen 125
- The log screen 125
- The maximum possible number of log messages in the uag varies by model 125
- Uag series user s guide 125
- Chapter 7 monitor 126
- Label description 126
- Log continued 126
- Uag series user s guide 126
- View ap log 127
- Chapter 7 monitor 128
- Label description 128
- Note this criterion only appears when you show filter 128
- The following table describes the labels in this screen 128
- Uag series user s guide 128
- View ap log 128
- Chapter 7 monitor 129
- Dynamic users log 129
- Dynamic users log to access this screen 129
- Label description 129
- The following table describes the labels in this screen 129
- Uag series user s guide 129
- View ap log continued 129
- Chapter 7 monitor 130
- Dynamic users log continued 130
- Label description 130
- Note once the time allocated to a dynamic account is used up or a dynamic account remains un used after the expiration time the account is deleted from the account list 130
- Uag series user s guide 130
- Licensing 131
- Overview 131
- What you can do in this chapter 131
- What you need to know 131
- Maximum number of managed aps 132
- Registration screen 132
- Service screen 132
- App patrol signature update screen 133
- Chapter 8 licensing 133
- Label description 133
- Service 133
- The following table describes the labels in this screen 133
- The uag comes with signatures for the application patrol feature these signatures are continually updated as new attack types evolve new signatures can be downloaded to the uag periodically if you have subscribed for the apppatrol signatures service 133
- Uag series user s guide 133
- Note the uag does not have to reboot when you upload new signatures 134
- App patrol continued 135
- Chapter 8 licensing 135
- Label description 135
- Uag series user s guide 135
- Overview 136
- What you can do in this chapter 136
- What you need to know 136
- Wireless 136
- Ap management screen 137
- Controller screen 137
- Ap management 138
- Chapter 9 wireless 138
- Controller screen you set the registration type to always accept then as soon as you remove an ap from this list it reconnects 138
- Each field is described in the following table 138
- Label description 138
- Uag series user s guide 138
- Ap management table to display this screen 139
- Chapter 9 wireless 139
- Each field is described in the following table 139
- Edit ap list 139
- Label description 139
- Uag series user s guide 139
- Chapter 9 wireless 140
- Edit ap list continued 140
- Edit ap list screen 140
- Label description 140
- Note ensure you restart the managed ap after you change its operating mode 140
- Port setting edit 140
- Uag series user s guide 140
- Use this screen to enable or disable a port on the managed ap and configure the port s pvid 140
- Vlan add edit 141
- Chapter 9 wireless 142
- Each field is described in the following table 142
- Edit vlan 142
- Label description 142
- Uag series user s guide 142
- Ap policy 143
- Ap policy to access this screen 143
- Chapter 9 wireless 143
- Each field is described in the following table 143
- Label description 143
- Uag series user s guide 143
- Chapter 9 wireless 144
- Each field is described in the following table 144
- Label description 144
- Mon mode 144
- Mon mode to access this screen 144
- Uag series user s guide 144
- Use this screen to assign aps either to the rogue ap list or the friendly ap list a rogue ap is a wireless access point operating in a network s coverage area that is not under the control of the network administrator and which can potentially open up holes in a network s security 144
- Add edit rogue friendly 145
- Add edit rogue friendly list 145
- Chapter 9 wireless 145
- Each field is described in the following table 145
- Label description 145
- Mon mode continued 145
- Mon mode table to display this screen 145
- Uag series user s guide 145
- Chapter 9 wireless 146
- Each field is described in the following table 146
- Label description 146
- Load balancing 146
- Load balancing to access this screen 146
- Note if you enable this function you should ensure that there are multiple aps within the broadcast radius that can accept any rejected or kicked wireless clients otherwise a wireless client attempting to connect to an overloaded ap will be kicked continuously and never be allowed to connect 146
- Uag series user s guide 146
- Disassociating and delaying connections 147
- Chapter 9 wireless 149
- Each field is described in the following table 149
- Label description 149
- Uag series user s guide 149
- Chapter 9 wireless 150
- Dcs continued 150
- Label description 150
- Uag series user s guide 150
- Auto healing 151
- Auto healing to access this screen 151
- Chapter 9 wireless 151
- Each field is described in the following table 151
- Label description 151
- Uag series user s guide 151
- Dynamic channel selection 152
- Technical reference 152
- Load balancing 153
- Interface overview 154
- Interfaces 154
- What you can do in this chapter 154
- What you need to know 154
- Bridge interfaces create a software connection between ethernet or vlan interfaces at the layer 2 data link mac address level unlike port groups bridge interfaces can take advantage of some security features in the uag you can also assign an ip address and subnet mask to the bridge 155
- Chapter 10 interfaces 155
- Characteristics ethernet ethernet ppp vlan bridge virtual 155
- Ethernet interfaces are the foundation for defining other interfaces and network policies 155
- Layer 3 virtualization ip alias for example is a kind of interface 155
- Port groups and trunks have a lot of characteristics that are specific to each type of interface see section 10 on page 156 and chapter 11 on page 195 for details the other types of interfaces ethernet ppp vlan bridge and virtual have a lot of similar characteristics these characteristics are listed in the following table and discussed in more detail below 155
- Port roles screen to set multiple physical ports to be part of the same interface 155
- Ppp interfaces support point to point protocols ppp isp accounts are required for pppoe pptp interfaces 155
- Table 64 ethernet ppp vlan bridge and virtual interface characteristics 155
- Trunk interfaces manage load balancing between interfaces 155
- Types of interfaces 155
- Uag series user s guide 155
- Virtual interfaces provide additional routing information in the uag there are three types virtual ethernet interfaces virtual vlan interfaces and virtual bridge interfaces 155
- Vlan interfaces receive and send tagged frames the uag automatically adds or removes the tags as needed each vlan can only be associated with one ethernet interface 155
- You can create several types of interfaces in the uag 155
- Chapter 10 interfaces 156
- Finding out more 156
- In the uag interfaces are usually created on top of other interfaces only ethernet interfaces are created directly on top of the physical ports or port groups the relationships between interfaces are explained in the following table 156
- Interface required port interface 156
- Port role screen 156
- Port role use the port role screen to set the uag s flexible ports as part of the lan1 lan2 or dmz interfaces this creates a hardware connection between the physical ports at the layer 2 data link mac address level this provides wire speed throughput but no security 156
- Relationships between interfaces 156
- See chapter 11 on page 195 to configure load balancing using trunks 156
- See section 10 on page 191 for background information on interfaces 156
- Table 65 relationships between different types of interfaces 156
- Uag series user s guide 156
- Ethernet summary screen 157
- Interfaces 157
- Physical ports 157
- Chapter 10 interfaces 158
- Each field is described in the following table 158
- Ethernet 158
- Ethernet interfaces are similar to other types of interfaces in many ways they have an ip address subnet mask and gateway used to make routing decisions they restrict the amount of bandwidth and packet size they can provide dhcp services and they can verify the gateway is available 158
- Label description 158
- On page 156 the ethernet interface is effectively removed from the uag but you can still configure it 158
- Uag series user s guide 158
- Use ethernet interfaces to control which physical ports exchange routing information with other routers and how much information is exchanged through each one the more routing information is exchanged the more efficient the routers should be however the routers also generate more network traffic and some routing protocols require a significant amount of configuration and management 158
- Chapter 10 interfaces 159
- Ethernet continued 159
- Ethernet edit 159
- Label description 159
- Note if you create ip address objects based on an interface s ip address subnet or gateway the uag automatically updates every rule or setting that uses the object whenever the interface s ip address settings change for example if you change the lan s ip address the uag automatically updates the corresponding interface based lan subnet address object 159
- The ethernet edit screen lets you configure ip address assignment interface parameters dhcp settings connectivity check and mac address settings to access this screen select an entry in the ethernet summary screen and click the edit icon see section 10 on page 157 159
- Uag series user s guide 159
- Chapter 10 interfaces 162
- Label description 162
- This screen s fields are described in the table below 162
- Uag series user s guide 162
- Chapter 10 interfaces 163
- Edit continued 163
- Label description 163
- Uag series user s guide 163
- Chapter 10 interfaces 164
- Edit continued 164
- Label description 164
- Uag series user s guide 164
- Chapter 10 interfaces 165
- Edit continued 165
- Label description 165
- Object references 165
- Uag series user s guide 165
- When a configuration screen includes an object reference icon select a configuration object and click object reference to open the object reference screen this screen displays which configuration settings reference the selected object the fields shown vary with the type of object 165
- Add edit dhcp extended options 166
- Add edit extended options 167
- Chapter 10 interfaces 167
- Label description 167
- The following table describes labels that can appear in this screen 167
- Uag series user s guide 167
- Add edit extended options 168
- Chapter 10 interfaces 168
- Label description 168
- Option name code description 168
- Ppp interfaces 168
- Table 70 dhcp extended options 168
- The following table lists the available dhcp extended options defined in rfcs on the uag see rfcs for more information 168
- Uag series user s guide 168
- Use pppoe pptp interfaces to connect to your isp this way you do not have to install or manage pppoe pptp software on each computer in the network 168
- Ppp interface summary 169
- Chapter 10 interfaces 170
- Each field is described in the table below 170
- Label description 170
- Note you have to set up an isp account before you create a pppoe pptp interface 170
- Ppp interface add or edit 170
- This screen lets you configure a pppoe or pptp interface to access this screen click the add icon or select an entry in the ppp interface summary screen and click the edit icon 170
- Uag series user s guide 170
- Chapter 10 interfaces 172
- Each field is explained in the following table 172
- Label description 172
- Note multiple ppp interfaces can use the same base interface 172
- Uag series user s guide 172
- Add continued 173
- Chapter 10 interfaces 173
- Label description 173
- Uag series user s guide 173
- Vlan interfaces 174
- Note each vlan interface is created on top of only one ethernet interface 175
- Vlan interface summary screen 175
- Vlan interfaces overview 175
- Chapter 10 interfaces 176
- Each field is explained in the following table 176
- Label description 176
- This screen lets you configure ip address assignment interface bandwidth parameters dhcp settings and connectivity check for each vlan interface to access this screen click the add icon 176
- Uag series user s guide 176
- Vlan interface add edit 176
- Chapter 10 interfaces 178
- Each field is explained in the following table 178
- Label description 178
- Uag series user s guide 178
- Chapter 10 interfaces 179
- Edit continued 179
- Label description 179
- Uag series user s guide 179
- Chapter 10 interfaces 180
- Edit continued 180
- Label description 180
- Uag series user s guide 180
- Bridge interfaces 181
- Chapter 10 interfaces 181
- Edit continued 181
- Label description 181
- This section introduces bridges and bridge interfaces and then explains the screens for bridge interfaces 181
- Uag series user s guide 181
- Bridge interface overview 182
- Bridge overview 182
- Bridge interface summary 183
- Bridge continued 184
- Bridge interface add edit 184
- Chapter 10 interfaces 184
- Label description 184
- This screen lets you configure ip address assignment interface bandwidth parameters dhcp settings and connectivity check for each bridge interface to access this screen click the add icon or select an entry in the bridge summary screen and click the edit icon the following screen appears 184
- Uag series user s guide 184
- Chapter 10 interfaces 186
- Each field is described in the table below 186
- Label description 186
- Uag series user s guide 186
- Chapter 10 interfaces 187
- Edit continued 187
- Label description 187
- Uag series user s guide 187
- Chapter 10 interfaces 188
- Edit continued 188
- Label description 188
- Uag series user s guide 188
- Chapter 10 interfaces 189
- Edit continued 189
- Label description 189
- Like other interfaces virtual interfaces have an ip address subnet mask and gateway used to make routing decisions however you have to manually specify the ip address and subnet mask virtual interfaces cannot be dhcp clients like other interfaces you can restrict bandwidth through virtual interfaces but you cannot change the mtu the virtual interface uses the same mtu that the 189
- Uag series user s guide 189
- Use virtual interfaces to tell the uag where to route packets 189
- Virtual interfaces 189
- Virtual interfaces can be created on top of ethernet interfaces vlan interfaces or bridge interfaces virtual vlan interfaces recognize and use the same vlan id otherwise there is no difference between each type of virtual interface network policies for example security policy control rules that apply to the underlying interface automatically apply to the virtual interface as well 189
- Chapter 10 interfaces 190
- Create virtual interface 190
- Each field is described in the table below 190
- Label description 190
- This screen lets you configure ip address assignment and interface parameters for virtual interfaces to access this screen click the create virtual interface icon in the ethernet vlan or bridge interface summary screen 190
- Uag series user s guide 190
- Underlying interface uses unlike other interfaces virtual interfaces do not provide dhcp services and they do not verify that the gateway is available 190
- Virtual interfaces add edit 190
- Interface technical reference 191
- Ip address assignment 191
- Dhcp settings 192
- Interface parameters 192
- Pppoe pptp overview 194
- Overview 195
- Trunks 195
- What you can do in this chapter 195
- What you need to know 195
- Least load first 196
- Load balancing algorithms 196
- Weighted round robin 196
- Spillover 197
- Chapter 11 trunks 198
- Label description 198
- The following table describes the items in this screen 198
- The trunk summary screen 198
- Trunk to open the trunk screen this screen lists the configured trunks and the load balancing algorithm that each is configured to use 198
- Uag series user s guide 198
- Add or edit 199
- Chapter 11 trunks 199
- Configuring a user defined trunk 199
- Label description 199
- Trunk continued 199
- Trunk in the user configuration table click the add or edit icon to open the following screen use this screen to create or edit a wan trunk entry 199
- Uag series user s guide 199
- Add or edit 200
- Chapter 11 trunks 200
- Each field is described in the table below 200
- Label description 200
- Note you can configure the bandwidth of an interface in the corresponding interface edit screen 200
- Uag series user s guide 200
- Add or edit continued 201
- Chapter 11 trunks 201
- Configuring the system default trunk 201
- Edit system default 201
- Label description 201
- Note the available bandwidth is allocated to each member interface equally and is not allowed to be changed for the default trunk 201
- Note you can configure the bandwidth of an interface in the corresponding interface edit screen 201
- Trunk screen and the system default section select the default trunk entry and click edit to open the following screen use this screen to change the load balancing algorithm and view the bandwidth allocations for each member interface 201
- Uag series user s guide 201
- Chapter 11 trunks 202
- Each field is described in the table below 202
- Edit system default 202
- Label description 202
- Uag series user s guide 202
- Policy and static routes 203
- Policy and static routes overview 203
- What you can do in this chapter 203
- What you need to know 203
- Diffserv 204
- How you can use policy routing 204
- Note the uag automatically uses snat for traffic it routes from internal interfaces to external interfaces for example lan to wan traffic 204
- Policy routes versus static routes 204
- Static routes 204
- Dscp marking and per hop behavior 205
- Finding out more 205
- Policy route screen 205
- Chapter 12 policy and static routes 206
- Label description 206
- Policy route 206
- The following table describes the labels in this screen 206
- Uag series user s guide 206
- Chapter 12 policy and static routes 207
- Label description 207
- Policy route add edit screen 207
- Policy route continued 207
- Routing to open the policy route screen then click the add icon or select an entry and click the edit icon the add policy route or policy route edit screen opens use this screen to configure or edit a policy route 207
- Uag series user s guide 207
- Add edit continued 209
- Chapter 12 policy and static routes 209
- Label description 209
- Uag series user s guide 209
- Add edit continued 210
- Chapter 12 policy and static routes 210
- Label description 210
- Uag series user s guide 210
- Add edit continued 211
- Chapter 12 policy and static routes 211
- Ip static route screen 211
- Label description 211
- Select a static route index number and click add or edit the screen shown next appears use this screen to configure the required information for a static route 211
- Static route 211
- Static route add edit screen 211
- Static route to open the static route screen this screen displays the configured static routes configure static routes to be able to propagate the routing information to other routers 211
- The following table describes the labels in this screen 211
- Uag series user s guide 211
- Assured forwarding af behavior is defined in rfc 2597 the af behavior group defines four af classes inside each class packets are given a high medium or low drop precedence the drop 212
- Assured forwarding af phb for diffserv 212
- Chapter 12 policy and static routes 212
- Here is more detailed information about some of the features you can configure in policy routing 212
- Label description 212
- Nat and snat 212
- Nat network address translation nat rfc 1631 is the translation of the ip address in a packet in one network to a different ip address in another network use snat source nat to change the source ip address in one network to a different ip address in another network 212
- Policy routing technical reference 212
- The following table describes the labels in this screen 212
- Uag series user s guide 212
- Chapter 12 policy and static routes 213
- Class 1 class 2 class 3 class 4 213
- Precedence determines the probability that routers in the network will drop packets when congestion occurs if congestion occurs between classes the traffic in the higher class smaller numbered class is generally given priority combining the classes and drop precedence produces the following twelve dscp encodings from af11 through af43 the decimal equivalent is listed in brackets 213
- Table 92 assured forwarding af behavior group 213
- Uag series user s guide 213
- Ddns overview 214
- What you can do in this chapter 214
- What you need to know 214
- Chapter 13 ddns 215
- Ddns to open the following screen 215
- Label description 215
- The ddns screen 215
- The following table describes the labels in this screen 215
- Uag series user s guide 215
- The dynamic dns add edit screen 216
- Add continued 217
- Chapter 13 ddns 217
- Label description 217
- Note the uag may not determine the proper ip address if there is an http proxy server between the uag and the ddns server 217
- Uag series user s guide 217
- Add continued 218
- Chapter 13 ddns 218
- Label description 218
- Note the uag may not determine the proper ip address if there is an http proxy server between the uag and the ddns server 218
- Uag series user s guide 218
- Nat overview 219
- What you can do in this chapter 219
- What you need to know 219
- Chapter 14 nat 220
- Label description 220
- Nat the following screen appears providing a summary of the existing nat rules 220
- The following table describes the labels in this screen 220
- The nat screen 220
- Uag series user s guide 220
- The nat add edit screen 221
- Add continued 222
- Chapter 14 nat 222
- Label description 222
- Uag series user s guide 222
- Add continued 223
- Chapter 14 nat 223
- Label description 223
- Uag series user s guide 223
- Nat loopback 224
- Nat technical reference 224
- Xxx lan smtp com 224
- Xxx lan smtp com 1 224
- Vpn 1 1 mapping 226
- Vpn 1 1 mapping overview 226
- What you can do in this chapter 226
- What you need to know 226
- The vpn 1 1 mapping general screen 227
- Chapter 15 vpn 1 1 mapping 228
- General screen then click the add or edit icon to open the vpn 1 1 mapping add edit policy screen where you can configure the rule 228
- Label description 228
- The vpn 1 1 mapping edit screen 228
- Uag series user s guide 228
- Vpn 1 1 mapping continued 228
- Chapter 15 vpn 1 1 mapping 229
- Label description 229
- Profile 229
- Profile the following screen appears providing a summary of the existing ip address pool profiles 229
- The following table describes the labels in this screen 229
- The vpn 1 1 mapping profile screen 229
- Uag series user s guide 229
- Chapter 15 vpn 1 1 mapping 230
- Label description 230
- Note it s recommended that the ip addresses of the selected address object and the wan interface are in the same subnet so that the uag can receive response packets from the remote node 230
- Note you cannot select an address group object at the time of writing 230
- Profile 230
- The following table describes the labels in this screen 230
- Uag series user s guide 230
- Http redirect 231
- Overview 231
- What you can do in this chapter 231
- What you need to know 231
- Http redirect security policy and policy route 232
- Note you can configure up to one http redirect rule for each incoming interface 232
- The http redirect screen 232
- Chapter 16 http redirect 233
- Http redirect 233
- Http redirect to open the http redirect screen then click the add or edit icon to open the http redirect edit screen where you can configure the rule 233
- Label description 233
- The following table describes the labels in this screen 233
- The http redirect edit screen 233
- Uag series user s guide 233
- Chapter 16 http redirect 234
- Label description 234
- The following table describes the labels in this screen 234
- Uag series user s guide 234
- Overview 235
- Smtp redirect 235
- What you can do in this chapter 235
- What you need to know 235
- Note you can configure up to one smtp redirect rule for each incoming interface 236
- Smtp redirect security policy and policy route 236
- The smtp redirect screen 236
- Chapter 17 smtp redirect 237
- Label description 237
- Smtp redirect 237
- Smtp redirect to open the smtp redirect screen then click the add or edit icon to open the smtp redirect edit screen where you can configure the rule 237
- The following table describes the labels in this screen 237
- The smtp redirect edit screen 237
- Uag series user s guide 237
- Chapter 17 smtp redirect 238
- Label description 238
- The following table describes the labels in this screen 238
- Uag series user s guide 238
- Alg overview 239
- What you can do in this chapter 239
- What you need to know 239
- Alg to open the alg screen use this screen to turn the alg off or on configure the port numbers to which it applies 240
- Before you begin 240
- Chapter 18 alg 240
- Label description 240
- The alg screen 240
- The following table describes the labels in this screen 240
- Uag series user s guide 240
- You must also configure the security policies and enable nat in the uag to allow sessions initiated from the wan 240
- Nat traversal 241
- Overview 241
- What you need to know 241
- Cautions with upnp 242
- Upnp screen 242
- Auto discover your upnp enabled network device 243
- Chapter 19 upnp 243
- Click start and control panel double click network connections an icon displays under internet gateway 243
- Label description 243
- Make sure the computer is connected to a lan port of the uag turn on your computer and the uag 243
- Right click the icon and select properties 243
- Technical reference 243
- The following table describes the fields in this screen 243
- The sections show examples of using upnp 243
- This section shows you how to use the upnp feature in windows xp you must already have upnp installed in windows xp and upnp activated on the uag 243
- Uag series user s guide 243
- Using upnp in windows xp example 243
- Note when the upnp enabled device is disconnected from your computer all port mappings will be deleted automatically 245
- Web configurator easy access 245
- Ip mac binding 248
- Ip mac binding overview 248
- What you can do in this chapter 248
- What you need to know 248
- Chapter 20 ip mac binding 249
- Interfaces used with ip mac binding 249
- Ip mac address bindings are grouped by interface you can use ip mac binding with ethernet bridge vlan interfaces you can also enable or disable ip mac binding and logging in an interface s configuration screen 249
- Ip mac binding summary 249
- Ip mac binding to open the ip mac binding summary screen this screen lists the total number of ip to mac address bindings for devices connected to each supported interface 249
- Label description 249
- Summary 249
- The following table describes the labels in this screen 249
- Uag series user s guide 249
- Chapter 20 ip mac binding 250
- Edit to open the ip mac binding edit screen use this screen to configure an interface s ip to mac address binding settings 250
- Ip mac binding edit 250
- Label description 250
- The following table describes the labels in this screen 250
- Uag series user s guide 250
- Ip mac binding exempt list 251
- Static dhcp edit 251
- Chapter 20 ip mac binding 252
- Exempt list 252
- Label description 252
- The following table describes the labels in this screen 252
- Uag series user s guide 252
- Layer 2 isolation 253
- Overview 253
- What you can do in this chapter 253
- Chapter 21 layer 2 isolation 254
- Ip addresses that are not listed in the white list are blocked from communicating with other devices in the layer 2 isolation enabled internal interface s except for broadcast packets 254
- Label description 254
- Layer 2 isolation 254
- Layer 2 isolation general screen 254
- Note you can enable this feature only when the security policy is enabled 254
- The following table describes the labels in this screen 254
- Uag series user s guide 254
- White list 254
- White list screen 254
- Add edit white list rule 255
- Chapter 21 layer 2 isolation 255
- Label description 255
- Note you can configure up to 100 white list rules on the uag 255
- Note you can enable this feature only when the security policy is enabled 255
- Note you need to know the ip address of each connected device that you want to allow to be accessed by other devices when layer 2 isolation is enabled 255
- The following table describes the labels in this screen 255
- This screen allows you to create a new rule in the white list or edit an existing one to access this screen click the add button or select an entry from the list and click the edit button 255
- Uag series user s guide 255
- White list 255
- Add edit 256
- Chapter 21 layer 2 isolation 256
- Label description 256
- The following table describes the labels in this screen 256
- Uag series user s guide 256
- Overview 257
- What you can do in this chapter 257
- Chapter 22 ipnp 258
- Ipnp screen 258
- Label description 258
- Note you can enable this feature only when the security policy is enabled 258
- The following table describes the labels in this screen 258
- Uag series user s guide 258
- Overview 259
- Web authentication 259
- What you can do in this chapter 259
- Finding out more 260
- Forced user authentication 260
- General screen 260
- Note this works with http traffic only the uag does not display the login screen when users attempt to send other kinds of traffic 260
- Web authentication 260
- What you need to know 260
- Chapter 23 web authentication 261
- Label description 261
- The following table gives an overview of the objects you can configure 261
- Uag series user s guide 261
- Web authentication general 261
- Add exceptional service 262
- Chapter 23 web authentication 262
- Label description 262
- Uag series user s guide 262
- Web authentication general continued 262
- Chapter 23 web authentication 263
- Creating editing an authentication policy 263
- General screen then click the add icon or select an entry and click the edit icon in the web authentication policy summary section to open the auth policy add edit screen use this screen to configure an authentication policy 263
- Label description 263
- Uag series user s guide 263
- Web authentication general continued 263
- Chapter 23 web authentication 264
- In this example the users are authenticated by an external radius server at 172 6 00 first set up the user accounts and user groups in the uag then set up user authentication using the radius server finally set up the policies in the table above 264
- Label description 264
- The following table gives an overview of the objects you can configure 264
- Uag series user s guide 264
- User aware access control example 264
- You can configure many policies and security settings for specific users or groups of users users can be authenticated locally by the uag or by an external radius authentication server 264
- Set up user accounts 265
- Set up user groups 265
- Set up user authentication using the radius server 266
- Enable web authenticatio 267
- Note the users must log in at the web configurator login screen before they can use http or msn 268
- User group authentication using the radius server 269
- Authentication type screen 271
- Add edit an authentication type profile 272
- Authentication type screen and click the edit icon to display the screen the screen differs depending on what you select in the type field 272
- Chapter 23 web authentication 272
- Label description 272
- Login page screen 272
- The following table describes the labels in this screen 272
- Uag series user s guide 272
- Web authentication authentication type 272
- Chapter 23 web authentication 274
- Label description 274
- Note you must select a custom file uploaded to the uag before you can preview the pages 274
- The following table describes the labels in this screen 274
- Uag series user s guide 274
- Web authentication authentication type add edit 274
- Web authentication authentication type add edit user agreement 274
- Web portal customize file screen 274
- Chapter 23 web authentication 275
- Label description 275
- Note you must select a custom file uploaded to the uag before you can preview the pages 275
- Uag series user s guide 275
- User agreement customize file screen 275
- Web authentication authentication type add edit continued 275
- Custom web portal user agreement file screen 276
- A user must log in before the uag allows the user s access to the internet however with a walled garden you can define one or more web site addresses that all users can access without logging in these can be used for advertisements for example 277
- Chapter 23 web authentication 277
- Label description 277
- The following table describes the labels in this screen 277
- Uag series user s guide 277
- Walled garden 277
- Web authentication custom user agreement file 277
- Web authentication custom web portal user agreement file 277
- General screen 278
- Note you can configure up to 20 walled garden web site links 278
- Note you must enable web authentication before you can access the walled garden screens 278
- Url base screen 278
- Adding editing a walled garden url 279
- Chapter 23 web authentication 279
- Label description 279
- The following table describes the labels in this screen 279
- Uag series user s guide 279
- Url base screen click add or select an entry and click the edit to open the add edit walled garden url screen use this screen to configure a walled garden web site url entry 279
- Walled garden url base 279
- Walled garden url based 279
- Chapter 23 web authentication 280
- Domain ip base screen 280
- Label description 280
- The following table describes the labels in this screen 280
- Uag series user s guide 280
- Use this screen to configure walled garden web site links which use a wildcard domain name or an ip address these links will not display in the login page 280
- Walled garden and then select the domain ip base tab to display the screen 280
- Walled garden url base add edit 280
- Adding editing a walled garden domain or ip 281
- Chapter 23 web authentication 281
- Domain ip base screen click add or select an entry and click the edit to open the add edit walled garden domain ip screen use this screen to configure the domain name or ip address entry for a walled garden web site 281
- Label description 281
- The following table describes the labels in this screen 281
- Uag series user s guide 281
- Walled garden domain ip base 281
- Walled garden domain ip based 281
- Chapter 23 web authentication 282
- Label description 282
- The following figure shows the user login screen with two walled garden links the links are named walledgardenlink1 through 2 for demonstration purposes 282
- The following table describes the labels in this screen 282
- Uag series user s guide 282
- Walled garden domain ip base add edit 282
- Walled garden login example 282
- Advertisement screen 283
- Add edit 284
- Adding editing an advertisement url 284
- Advertisement 284
- Advertisement and then the add or edit icon in the advertisement summary section to open the add edit advertisement url screen use this screen to configure an advertisement address entry 284
- Chapter 23 web authentication 284
- Label description 284
- Note this feature works only when you enable web authentication 284
- Note you can create up to 20 advertisement url entries the uag randomly picks one and open the specified web site in a new frame when an authenticated user is attempts to access the internet 284
- The following table gives an overview of the objects you can configure 284
- Uag series user s guide 284
- Add edit 285
- Chapter 23 web authentication 285
- Label description 285
- The following table gives an overview of the objects you can configure 285
- Uag series user s guide 285
- Overview 286
- What you can do in this chapter 286
- A dedicated rtls ssid is recommended 287
- At least three aps managed by the uag the more aps the better since it increases the amount of information the ekahau rtls controller has for calculating the location of the tags 287
- Before you begin 287
- Chapter 24 rtls 287
- Configuring rtls 287
- Ekahau rtls controller in blink mode with tzsp updater enabled 287
- For example if the ekahau rtls controller is behind a firewall open ports 8550 8553 and 8569 to allow traffic the aps send to reach the ekahau rtls controller 287
- Ip addresses for the ekahau wi fi tags 287
- Port number type description 287
- Rtls to open this screen use this screen to turn rtls real time location system on or off and specify the ip address and server port of the ekahau rtls controller 287
- Security policies to allow rtls traffic if the uag security policy control is enabled or the ekahau rtls controller is behind a firewall 287
- Table 127 rtls traffic port numbers 287
- The following table lists default port numbers and types of packets rtls uses 287
- Uag series user s guide 287
- You need 287
- Chapter 24 rtls 288
- Label description 288
- The following table describes the labels in this screen 288
- Uag series user s guide 288
- Overview 289
- Security policy 289
- What you can do in this chapter 289
- Default security policy behavior 290
- Note intra zone traffic such as lan to lan traffic or wan to wan traffic can also be blocked by the zone configuration see section 34 on page 397 for details 290
- Stateful inspection 290
- To device rules 290
- What you need to know 290
- Asymmetrical routes 291
- Finding out more 291
- Global security policies 291
- Security policy control screen 291
- Security policy rule criteria 291
- Session limits 291
- User specific security policies 291
- Configuring the security policy control screen 292
- Chapter 25 security policy 293
- Label description 293
- Note allowing asymmetrical routes may let traffic from the wan go directly to the lan without passing through the uag a better solution is to use virtual interfaces to put the uag and the backup gateway on separate subnets 293
- Policy control 293
- The following table describes the labels in this screen 293
- Uag series user s guide 293
- Add edit policy control rule 294
- Chapter 25 security policy 294
- In the policy control screen click the add icon or select a rule and click edit to display this screen 294
- Label description 294
- Policy control continued 294
- Uag series user s guide 294
- Add edit 295
- Chapter 25 security policy 295
- Label description 295
- The following table describes the labels in this screen 295
- Uag series user s guide 295
- Add edit continued 296
- Chapter 25 security policy 296
- Label description 296
- Note if you specified a source ip address group instead of any in the field below the user s ip address should be within the ip address range 296
- Session control screen 296
- Session control to display the security policy session control screen use this screen to limit the number of concurrent nat security policy sessions a client can use you can apply a default limit for all users and individual limits for specific users addresses or both the individual limit takes priority if you apply both 296
- Uag series user s guide 296
- Chapter 25 security policy 297
- Label description 297
- Session control 297
- The following table describes the labels in this screen 297
- Uag series user s guide 297
- Add edit 298
- Add edit a session limit rule 298
- Chapter 25 security policy 298
- Label description 298
- Session control continued 298
- Session control screen click the add icon or select an entry and click the edit icon to display the add edit session limit screen use this screen to configure rules that define a session limit for specific users or addresses 298
- The following table describes the labels in this screen 298
- Uag series user s guide 298
- Add edit continued 299
- Address to configure an address object configure it as follows and click ok 299
- Chapter 25 security policy 299
- Figure 211 security policy example security policy control screen 299
- Label description 299
- Note if you specified an ip address or address group instead of any in the field below the user s ip address should be within the ip address range 299
- Policy control in the summary of security policies click add to configure a new first entry the sequence priority of the policies is important since they are applied in order 299
- Security policy configuration example 299
- The following internet security policy example allows doom players from the wan to ip addresses 172 6 0 through 172 6 5 dest_1 on the lan 299
- Uag series user s guide 299
- Security policy example applications 301
- Chapter 25 security policy 303
- Table 136 limited lan1 to wan irc traffic example 2 303
- The first row allows any lan1 computer to access the irc service on the wan by logging into the uag with the ceo s user name 303
- The policy for the ceo must come before the policy that blocks all lan1 to wan irc traffic if the policy that blocks all lan1 to wan irc traffic came first the ceo s irc traffic would match that policy and the uag would drop it and not check any other security policies 303
- The second row blocks lan1 access to the irc service on the wan 303
- The third row is the security policy s default policy of allowing all traffic from the lan1 to go to the wan 303
- Uag series user s guide 303
- User source destination schedule service action 303
- Your security policy would have the following configuration 303
- Billing 304
- Overview 304
- What you can do in this chapter 304
- What you need to know 304
- The general screen 305
- Chapter 26 billing 306
- General continued 306
- Label description 306
- Note this works only for free guest accounts or when the accounting method is time to finish 306
- Uag series user s guide 306
- Billing profile 307
- Billing profile to open the following screen 307
- Chapter 26 billing 307
- Label description 307
- The billing profile screen 307
- The following table describes the labels in this screen 307
- Uag series user s guide 307
- Billing profile and then the preview button to open this screen you can also open this screen by logging into the web configurator with the guest manager account 308
- Billing profile continued 308
- Chapter 26 billing 308
- Label description 308
- The account generator screen 308
- The account generator screen allows you to automatically create dynamic guest accounts see section 7 on page 103 and dynamic guest accounts on page 400 for more information on dynamic guest accounts 308
- Uag series user s guide 308
- Chapter 26 billing 309
- Figure 220 account generator 309
- Label description 309
- Table 139 account generator 309
- The following table describes the labels in this screen 309
- Uag series user s guide 309
- Chapter 26 billing 310
- Label description 310
- Sms screen you can enter the user s mobile phone number and click send sms to send the account information in an sms text message to the user s mobile phone click cancel to close this window when you are finished viewing it 310
- Table 139 account generator continued 310
- Uag series user s guide 310
- The account redeem screen 311
- Chapter 26 billing 312
- Figure 221 account redeem 312
- Label description 312
- Note once the time allocated to a dynamic account is used up or a dynamic account remains un used after the expiration time the account is deleted from the account list 312
- Table 140 account redeem 312
- The following table describes the labels in this screen 312
- Uag series user s guide 312
- Add edit 313
- Billing profile and then an add or edit icon to open this screen 313
- Chapter 26 billing 313
- Label description 313
- Table 140 account redeem continued 313
- The billing profile add edit screen 313
- The following table describes the labels in this screen 313
- Uag series user s guide 313
- Add edit continued 314
- Chapter 26 billing 314
- Discount to open the following screen 314
- Label description 314
- Note the discount price plan does not apply to users who purchase access time online with a credit card 314
- Note the priority setting here has priority over the priority setting in a bandwidth management rule 314
- Note when the limit is exceeded the user is not allowed to access the internet through the uag 314
- The discount screen 314
- Uag series user s guide 314
- Chapter 26 billing 315
- Discount 315
- Label description 315
- The following table describes the labels in this screen 315
- Uag series user s guide 315
- The discount add edit screen 316
- The payment service general screen 316
- Chapter 26 billing 317
- General 317
- Label description 317
- Note after you set up web authentication policies and enable the online payment service on the uag a link displays in the login screen when users try to access the internet the link redirects users to a screen where they can make online payments by credit card to purchase access time and get dynamic guest account information 317
- The following table describes the labels in this screen 317
- Uag series user s guide 317
- The payment service desktop view mobile view screen 318
- Chapter 26 billing 321
- Desktop view or mobile view 321
- Label description 321
- The following table describes the labels in this screen 321
- Uag series user s guide 321
- Overview 322
- Printer 322
- The general setting screen 322
- What you can do in this chapter 322
- Chapter 27 printer 323
- General 323
- Label description 323
- The following table describes the labels in this screen 323
- Uag series user s guide 323
- Add edit printer rule 324
- Chapter 27 printer 324
- General add edit 324
- General continued 324
- General screen and click the edit icon to open the following screen use this screen to add a new printer or modify the printer s settings 324
- Label description 324
- The following table describes the labels in this screen 324
- Uag series user s guide 324
- Chapter 27 printer 325
- Label description 325
- Printout configuration 325
- Printout configuration to open the following screen 325
- The following table describes the labels in this screen 325
- The printout configuration screen 325
- Uag series user s guide 325
- Chapter 27 printer 326
- General setting to manually configure a printer s ip address and add it to the managed printer list when the printer is not detected or connected to the uag 326
- Label description 326
- Note you cannot edit an entry s settings when the printer status is sync fail or sync progressing 326
- Printer manager 326
- Printer manager to display this screen 326
- The following table describes the labels in this screen 326
- The printer manager screen 326
- Uag series user s guide 326
- Chapter 27 printer 327
- Edit printer manager 327
- Label description 327
- Printer manager continued 327
- Printer manager edit 327
- Printer manager screen and click the edit icon to open the following screen use this screen to modify the printer s nickname and ip address 327
- The following table describes the labels in this screen 327
- Uag series user s guide 327
- Daily account summary 328
- Key combinations 328
- Note you must press the key combination on the sp350e within five seconds to print 328
- Reports overview 328
- Chapter 27 printer 329
- Figure 233 daily account example 329
- Figure 234 monthly account example 329
- Key combination a b c b a 329
- Monthly account summary 329
- The following figure shows an example 329
- The monthly account report lists the accounts printed during the current month the current month s total number of accounts and the total charge it covers the accounts that have been printed during the current month starting from midnight of the first day of the current month not the past one month period for example if you press the monthly account key combination on 2013 05 17 at 20 00 00 the monthly account report includes the accounts created from 2013 05 01 at 00 00 01 to 2013 05 17 at 19 59 59 329
- Uag series user s guide 329
- Account report notes 330
- Chapter 27 printer 330
- Dynamic guest screen to see the accounts generated on another day or month up to 2000 entries total 330
- Figure 235 system status example 330
- For example if 2030 accounts each priced at 1 have been created from 2013 05 01 00 00 00 to 2013 05 31 19 59 59 the monthly account report includes the latest 2000 accounts so the total would be 2 000 instead of 2 030 330
- Key combination a b c c a 330
- Label description 330
- System status 330
- Table 152 system status 330
- The daily monthly or last month account report holds up to 2000 entries if there are more than 2000 accounts created in the same month or same day the account report s calculations only include the latest 2000 330
- The following figure shows an example 330
- The following table describes the labels in this report 330
- This report shows the current system information such as the host name and wan ip address 330
- Uag series user s guide 330
- Chapter 27 printer 331
- Label description 331
- Table 152 system status continued 331
- Uag series user s guide 331
- Free time 332
- Overview 332
- The free time screen 332
- What you can do in this chapter 332
- Chapter 28 free time 333
- Free time 333
- Label description 333
- Note after you set up web authentication policies and enable the free time feature on the uag a link displays in the login screen when users try to access the internet the link redirects users to a screen where they can get a free account 333
- Sms screen to send text messages to the user s mobile device 333
- The following table describes the labels in this screen 333
- Uag series user s guide 333
- Example 335
- Overview 336
- The sms screen 336
- What you can do in this chapter 336
- Chapter 29 sms 337
- Label description 337
- Note you must subscribe to the sms service before you can use the service to send a text message 337
- Sms uag2100 337
- The following table describes the labels in this screen 337
- Uag series user s guide 337
- Ipsec vpn 338
- Virtual private networks vpn overview 338
- What you can do in this chapter 338
- Before you begin 339
- Finding out more 339
- What you need to know 339
- Chapter 30 ipsec vpn 340
- Each field is discussed in the following table see section 30 on page 341 for more information 340
- In a vpn gateway the uag and remote ipsec router can use certificates to authenticate each other make sure the uag and the remote ipsec router will trust each other s certificates see chapter 44 on page 467 340
- Ipsec vpn to open the vpn connection screen the vpn connection screen lists the vpn connection policies and their associated vpn gateway s and various settings in addition it also lets you activate or deactivate and connect or disconnect each vpn connection each ipsec sa click a column s heading cell to sort the table entries by that column s criteria click the heading cell again to reverse the sort order 340
- Label description 340
- The vpn connection screen 340
- Uag series user s guide 340
- Vpn connection 340
- The vpn connection add edit screen 341
- Add edit 343
- Chapter 30 ipsec vpn 343
- Each field is described in the following table 343
- Label description 343
- Uag series user s guide 343
- Add edit continued 344
- Chapter 30 ipsec vpn 344
- Label description 344
- Uag series user s guide 344
- Add edit continued 345
- Chapter 30 ipsec vpn 345
- Label description 345
- Uag series user s guide 345
- Add edit continued 346
- Chapter 30 ipsec vpn 346
- Label description 346
- Uag series user s guide 346
- Chapter 30 ipsec vpn 347
- Each field is discussed in the following table see section 30 on page 348 for more information 347
- Label description 347
- The vpn gateway screen 347
- Uag series user s guide 347
- Vpn gateway 347
- Vpn gateway the following screen appears 347
- The vpn gateway add edit screen 348
- Add edit 350
- Chapter 30 ipsec vpn 350
- Each field is described in the following table 350
- Label description 350
- Note the uag and remote ipsec router must use the same authentication method to establish the ike sa 350
- Uag series user s guide 350
- Add edit continued 351
- Chapter 30 ipsec vpn 351
- Label description 351
- Note the ipsec routers must trust each other s certificates 351
- Uag series user s guide 351
- Add edit continued 352
- Chapter 30 ipsec vpn 352
- Label description 352
- Note if peer id type is ipv4 please read the rest of this section 352
- Uag series user s guide 352
- Add edit continued 353
- Chapter 30 ipsec vpn 353
- Label description 353
- Uag series user s guide 353
- Ike sa overview 354
- Ike sa proposal 354
- Ip addresses of the uag and remote ipsec router 354
- Ipsec vpn background information 354
- Note both routers must use the same negotiation mode 354
- Diffie hellman dh key exchange 355
- Note both routers must use the same encryption algorithm authentication algorithm and dh key group 355
- Authentication 356
- Note the uag and the remote ipsec router must use the same pre shared key 356
- Additional topics for ike sa 357
- Negotiation mode 357
- Note the uag s local and peer id type and content must match the remote ipsec router s peer and local id type and content respectively 357
- Extended authentication 358
- Vpn nat and nat traversal 358
- Active protocol 359
- Certificates 359
- Ipsec sa overview 359
- Local network and remote network 359
- Note the ipsec sa stays connected even if the underlying ike sa is not available anymore 359
- Note the uag and remote ipsec router must use the same active protocol 359
- Note you must set up the certificates for the uag and remote ipsec router first 359
- Encapsulation 360
- Ipsec sa proposal and perfect forward secrecy 360
- Note the uag and remote ipsec router must use the same encapsulation 360
- Additional topics for ipsec sa 361
- Nat for inbound and outbound traffic 361
- Source address in outbound packets outbound traffic source nat 361
- Destination address in inbound packets inbound traffic destination nat 362
- Ipsec vpn example 362
- Source address in inbound packets inbound traffic source nat 362
- 68 24 172 6 24 363
- Lan lan 363
- Set up the vpn gateway that manages the ike sa 363
- Set up the vpn connection that manages the ipsec sa 364
- Bandwidth management 366
- Overview 366
- What you can do in this chapter 366
- What you need to know 366
- Connection and packet directions 367
- Diffserv and dscp marking 367
- Bandwidth management priority 368
- Bwm bwm 368
- Connection 368
- Inbound 368
- Outbound 368
- Outbound and inbound bandwidth limits 368
- Bandwidth management behavior 369
- Bwm 1000 kbps 369
- Configured rate effect 369
- Maximize bandwidth usage 369
- Priority effect 369
- Finding out more 370
- Maximize bandwidth usage effect 370
- Priority and over allotment of bandwidth effect 370
- The bandwidth management screen 370
- Chapter 31 bandwidth management 371
- Label description 371
- The following table describes the labels in this screen see section 31 on page 372 for more information as well 371
- Uag series user s guide 371
- Bwm continued 372
- Bwm screen see section 31 on page 370 and click either the add icon or an edit icon 372
- Chapter 31 bandwidth management 372
- Label description 372
- The bandwidth management add edit screen 372
- Uag series user s guide 372
- Add edit 374
- Chapter 31 bandwidth management 374
- Label description 374
- The following table describes the labels in this screen 374
- Uag series user s guide 374
- Add edit 375
- Chapter 31 bandwidth management 375
- Label description 375
- Uag series user s guide 375
- Application patrol 376
- Overview 376
- What you can do in this chapter 376
- What you need to know 376
- Application patrol profile 377
- Custom ports for sip and the sip alg 377
- Finding out more 377
- Note the uag allows the first eight packets to go through the security policy regardless of the application patrol policy for the application the uag examines these first eight packets to identify the application 377
- Note you must register for the apppatrol signature service at least the trial before you can use it 377
- Add edit application patrol profile 378
- Chapter 32 application patrol 378
- Label description 378
- Profile 378
- Profile then click add to create a new profile rule or click an existing profile and click edit or double click it to open the following screen 378
- The following table describes the labels in this screen 378
- Uag series user s guide 378
- Add edit 379
- Chapter 32 application patrol 379
- Label description 379
- The following table describes the labels in this screen 379
- Uag series user s guide 379
- Add edit application 380
- Add edit application patrol profile rule application 380
- Add edit continued 380
- Chapter 32 application patrol 380
- Click add or edit under profile management in the previous screen to display the following screen 380
- Label description 380
- The following table describes the labels in this screen 380
- Uag series user s guide 380
- Content filtering 381
- Overview 381
- What you can do in this chapter 381
- What you need to know 381
- Before you begin 382
- Content filtering configuration guidelines 382
- External web filtering service 382
- Finding out more 382
- Keyword blocking url checking 382
- Content filter profile screen 383
- Chapter 33 content filtering 384
- Label description 384
- Profile continued 384
- Uag series user s guide 384
- Add edit content filter profile 385
- Category service 385
- Category service 386
- Chapter 33 content filtering 386
- Label description 386
- The following table describes the labels in this screen 386
- Uag series user s guide 386
- Category service continued 387
- Chapter 33 content filtering 387
- Label description 387
- Uag series user s guide 387
- Category service continued 388
- Chapter 33 content filtering 388
- Custom service 388
- Custom service to open the custom service screen you can create a list of good allowed web site addresses and a list of bad blocked web site addresses you can also block web sites based on whether the web site s address contains a keyword use this screen to add or remove specific sites or keywords from the filter list 388
- Label description 388
- Uag series user s guide 388
- Chapter 33 content filtering 389
- Custom service 389
- Label description 389
- The following table describes the labels in this screen 389
- Uag series user s guide 389
- Chapter 33 content filtering 390
- Custom service continued 390
- Label description 390
- Uag series user s guide 390
- Chapter 33 content filtering 391
- Content filter trusted web sites screen 391
- Custom service continued 391
- Label description 391
- Trusted web sites to open the trusted web sites screen you can create a common list of good allowed web site addresses when you configure filter profiles you can select the option to check the common trusted web sites list use this screen to add or remove specific sites from the filter list 391
- Uag series user s guide 391
- Chapter 33 content filtering 392
- Content filter forbidden web sites screen 392
- Forbidden web sites to open the forbidden web sites screen you can create a common list of bad blocked web site addresses when you configure filter profiles you can select the option to check the common forbidden web sites list use this screen to add or remove specific sites from the filter list 392
- Label description 392
- The following table describes the labels in this screen 392
- Trusted web sites 392
- Uag series user s guide 392
- Chapter 33 content filtering 393
- Content filter technical reference 393
- External content filter server lookup procedure 393
- Forbidden web sites 393
- Label description 393
- The content filter lookup process is described below 393
- The following table describes the labels in this screen 393
- This section provides content filtering background information 393
- Uag series user s guide 393
- What you can do in this chapter 395
- What you need to know 395
- Zones overview 395
- Extra zone traffic 396
- Inter zone traffic 396
- Intra zone traffic 396
- The zone screen 396
- Add edit zone 397
- Chapter 34 zones 397
- Label description 397
- The following table describes the labels in this screen 397
- The zone edit screen allows you to add or edit a zone to access this screen go to the zone screen see section 34 on page 396 and click the add icon or an edit icon 397
- Uag series user s guide 397
- Zone add 397
- Add edit 398
- Chapter 34 zones 398
- Label description 398
- The following table describes the labels in this screen 398
- Uag series user s guide 398
- Overview 399
- User group 399
- What you can do in this chapter 399
- What you need to know 399
- Dynamic guest accounts 400
- Ext group user accounts 400
- Ext user accounts 400
- Note if the uag tries to authenticate an ext user using the local database the attempt always fails 400
- Note the default admin account is always authenticated locally regardless of the authentication method setting see chapter 43 on page 464 for more information about authentication methods 400
- Finding out more 401
- Note you cannot put access users and admin users in the same user group 401
- Note you cannot put the default admin account into any user group 401
- Pre subscriber accounts 401
- User awareness 401
- User groups 401
- User summary screen 401
- Chapter 35 user group 402
- Enter a user name from 1 to 31 characters 402
- Label description 402
- Rules for user names 402
- The following table describes the labels in this screen 402
- The user add edit screen allows you to create a new user account or edit an existing one 402
- Uag series user s guide 402
- User add edit screen 402
- Add edit 403
- Alphanumeric a z 0 9 there is no unicode support 403
- Chapter 35 user group 403
- Dashes 403
- Here are the reserved user names 403
- The first character must be alphabetical a z a z an underscore _ or a dash other limitations on user names are 403
- The user name can only contain the following characters 403
- To access this screen go to the user screen see section 35 on page 401 and click either the add icon or an edit icon 403
- Uag series user s guide 403
- User names are case sensitive if you enter a user bob but use bob when connecting via cifs or ftp it will use the account settings used for bob not bob 403
- User names have to be different than user group names 403
- _ underscores 403
- Add edit 404
- Chapter 35 user group 404
- Label description 404
- The following table describes the labels in this screen 404
- Uag series user s guide 404
- Add edit continued 405
- Chapter 35 user group 405
- Group add edit screen 405
- Label description 405
- The following table describes the labels in this screen see section 35 on page 405 for more information as well 405
- The group add edit screen allows you to create a new user group or edit an existing one to access this screen go to the group screen see section 35 on page 405 and click either the add icon or an edit icon 405
- Uag series user s guide 405
- User group summary screen 405
- Chapter 35 user group 406
- Label description 406
- Setting 406
- The following table describes the labels in this screen 406
- The setting screen controls default settings login settings lockout settings and other user settings for the uag you can also use this screen to specify when users must log in to the uag before it routes traffic for them 406
- Uag series user s guide 406
- User group setting screen 406
- Chapter 35 user group 407
- Label description 407
- Setting 407
- The following table describes the labels in this screen 407
- Uag series user s guide 407
- Chapter 35 user group 408
- Label description 408
- Setting continued 408
- Uag series user s guide 408
- Chapter 35 user group 409
- Default user settings edit screens 409
- Label description 409
- Setting continued 409
- Setting screen see section 35 on page 406 and select one of the default settings section s entry and click the edit icons 409
- The edit user default settings screen allows you to set the default authentication timeout settings for the selected type of user account these default authentication timeout settings also control the settings for any existing user accounts that are set to use the default settings you can still manually configure any user account s authentication timeout settings 409
- Uag series user s guide 409
- Access users cannot use the web configurator to browse the configuration of the uag instead after access users log into the uag the following status screen appears 410
- Chapter 35 user group 410
- Figure 276 web configurator for non admin users 410
- Label description 410
- The following table describes the labels in this screen 410
- Uag series user s guide 410
- User aware login example 410
- Chapter 35 user group 411
- Label description 411
- Mac address 411
- Mac address screen 411
- Mac address to open this screen 411
- Note you need to configure an ssid security profile s mac authentication settings to have the ap use the uag s local database to authenticate wireless clients by their mac addresses 411
- Table 184 web configurator for non admin users 411
- The following table describes the labels in this screen 411
- Uag series user s guide 411
- Add edit 412
- Add edit mac address 412
- Chapter 35 user group 412
- Label description 412
- Mac address 412
- The following table describes the labels in this screen 412
- Uag series user s guide 412
- Use this screen to configure the wireless client s mac address and save it into the uag s local user database for mac authentication 412
- Creating a large number of ext user accounts 413
- Setting up user attributes in an external server 413
- User group technical reference 413
- Ap profile 414
- Overview 414
- What you can do in this chapter 414
- What you need to know 414
- Ieee 802 x 415
- Radio screen 415
- Wpa and wpa2 415
- Chapter 36 ap profile 416
- Label description 416
- The following table describes the labels in this screen 416
- Uag series user s guide 416
- Add edit radio profile 417
- Add edit radio profile 418
- Chapter 36 ap profile 418
- Label description 418
- The following table describes the labels in this screen 418
- Uag series user s guide 418
- Add edit radio profile continued 419
- Chapter 36 ap profile 419
- Label description 419
- Note reducing the output power also reduces the uag s effective broadcast radius 419
- Uag series user s guide 419
- Add edit radio profile continued 420
- Chapter 36 ap profile 420
- Label description 420
- Ssid list 420
- Ssid screen 420
- The ssid screens allow you to configure three different types of profiles for your networked aps an ssid list which can assign specific ssid configurations to your aps a security list which can assign specific encryption methods to the aps when allowing wireless clients to connect to them and a mac filter list which can limit connections to an ap based on wireless clients mac addresses 420
- This screen allows you to create and manage ssid configurations that can be used by the aps an ssid or service set identifier is basically the name of the wireless network to which a wireless client can connect the ssid appears as readable text to any device capable of scanning for wireless frequencies such as the wifi adapter in a laptop and is displayed as the wireless network name when a person makes a connection to it 420
- Uag series user s guide 420
- Chapter 36 ap profile 421
- Label description 421
- Ssid list 421
- The following table describes the labels in this screen 421
- Uag series user s guide 421
- Add edit ssid profile 422
- Chapter 36 ap profile 422
- Label description 422
- Note it is highly recommended that you create security profiles for all of your ssids to enhance your network security 422
- Ssid list add edit ssid profile 422
- The following table describes the labels in this screen 422
- This screen allows you to create a new ssid profile or edit an existing one to access this screen click the add button or select an ssid profile from the list and click the edit button 422
- Uag series user s guide 422
- Chapter 36 ap profile 423
- Label description 423
- Ssid list add edit ssid profile continued 423
- Uag series user s guide 423
- Chapter 36 ap profile 424
- Label description 424
- Security list 424
- Ssid list add edit ssid profile continued 424
- The following table describes the labels in this screen 424
- This screen allows you to manage wireless security configurations that can be used by your ssids wireless security is implemented strictly between the ap broadcasting the ssid and the stations that are connected to it 424
- Uag series user s guide 424
- Add edit security profile 425
- Note this screen s options change based on the security mode selected only the default screen is displayed here 425
- Add edit security profile 426
- Chapter 36 ap profile 426
- Label description 426
- Uag series user s guide 426
- Add edit security profile 427
- Chapter 36 ap profile 427
- Label description 427
- Uag series user s guide 427
- Add edit mac filter profile 428
- Mac filter list 428
- Add edit mac filter profile 429
- Chapter 36 ap profile 429
- Label description 429
- The following table describes the labels in this screen 429
- Uag series user s guide 429
- Mon profile 430
- Overview 430
- What you can do in this chapter 430
- What you need to know 430
- Add edit mon profile 431
- Chapter 37 mon profile 431
- Label description 431
- Mon profile 431
- The following table describes the labels in this screen 431
- This screen allows you to create a new monitor mode profile or edit an existing one to access this screen click the add button or select and existing monitor mode profile and click the edit button 431
- Uag series user s guide 431
- Add edit mon profile 432
- Chapter 37 mon profile 432
- Label description 432
- The following table describes the labels in this screen 432
- Uag series user s guide 432
- Rogue aps 433
- Technical reference 433
- Friendly aps 434
- Application 435
- Overview 435
- Application screen 436
- What you can do in this chapter 436
- Add application rule 437
- Application continued 437
- Application to create a new application rule in the first screen you type a name to identify this application object and write an optional brief description of it 437
- Chapter 38 application 437
- Label description 437
- Uag series user s guide 437
- You then click add again to choose the signatures that should go into this object 437
- Add application object by category or service 438
- Add application rule 438
- Add application rule use this screen to choose the signatures that should go into this object 438
- Add by category 438
- Chapter 38 application 438
- Label description 438
- The following table describes the labels in this screen 438
- Uag series user s guide 438
- Add application object 439
- Add by service 439
- Chapter 38 application 439
- Label description 439
- The following table describes the labels in this screen 439
- Uag series user s guide 439
- Application group 440
- Application group screen 440
- Chapter 38 application 440
- Label description 440
- The following table describes the labels in this screen 440
- Uag series user s guide 440
- Add application group rule 441
- Application group continued 441
- Application group use this screen to select already created application rules and combine them as a single new rule 441
- Chapter 38 application 441
- Label description 441
- The following table describes the labels in this screen 441
- Uag series user s guide 441
- Address summary screen 442
- Addresses 442
- Overview 442
- What you can do in this chapter 442
- What you need to know 442
- Address 443
- Address add edit screen 443
- Address add edit screen allows you to create a new address or edit an existing one to access this screen go to the address screen see section 39 on page 442 and click either the add icon or an edit icon in the configuration section 443
- Chapter 39 addresses 443
- Label description 443
- The following table describes the labels in this screen see section 39 on page 443 for more information as well 443
- Uag series user s guide 443
- Add edit 444
- Address group click a column s heading cell to sort the table entries by that column s criteria click the heading cell again to reverse the sort order 444
- Address group summary screen 444
- Chapter 39 addresses 444
- Label description 444
- Note the uag automatically updates address objects that are based on an interface s ip address subnet or gateway if the interface s ip address settings change for example if you change lan1 s ip address the uag automatically updates the corresponding interface based lan subnet address object 444
- The following table describes the labels in this screen 444
- Uag series user s guide 444
- Address group add edit screen 445
- Chapter 39 addresses 446
- Label description 446
- The following table describes the labels in this screen 446
- Uag series user s guide 446
- Overview 447
- Services 447
- What you can do in this chapter 447
- What you need to know 447
- Service objects and service groups 448
- The service summary screen 448
- Chapter 40 services 449
- Label description 449
- Service 449
- The following table describes the labels in this screen 449
- The service add edit screen 449
- The service add edit screen allows you to create a new service or edit an existing one to access this screen go to the service screen see section 40 on page 448 and click either the add icon or an edit icon 449
- Uag series user s guide 449
- Chapter 40 services 450
- Label description 450
- Service group 450
- The following table describes the labels in this screen 450
- The service group summary screen 450
- The service group summary screen provides a summary of all service groups in addition this screen allows you to add edit and remove service groups 450
- Uag series user s guide 450
- Chapter 40 services 451
- Label description 451
- Service group 451
- The following table describes the labels in this screen see section 40 on page 451 for more information as well 451
- The service group add edit screen 451
- The service group add edit screen allows you to create a new service group or edit an existing one to access this screen go to the service group screen see section 40 on page 450 and click either the add icon or an edit icon 451
- Uag series user s guide 451
- Chapter 40 services 452
- Label description 452
- The following table describes the labels in this screen 452
- Uag series user s guide 452
- Overview 453
- Schedules 453
- What you can do in this chapter 453
- What you need to know 453
- Chapter 41 schedules 454
- Label description 454
- Schedule 454
- The following table describes the labels in this screen see section 41 on page 455 and section 41 on page 456 for more information as well 454
- The schedule summary screen 454
- Uag series user s guide 454
- Chapter 41 schedules 455
- Edit one time 455
- Label description 455
- The following table describes the labels in this screen 455
- The one time schedule add edit screen 455
- The one time schedule add edit screen allows you to define a one time schedule or edit an existing one to access this screen go to the schedule screen see section 41 on page 454 and click either the add icon or an edit icon in the one time section 455
- Uag series user s guide 455
- Chapter 41 schedules 456
- Edit recurring 456
- Label description 456
- The recurring schedule add edit screen 456
- The recurring schedule add edit screen allows you to define a recurring schedule or edit an existing one to access this screen go to the schedule screen see section 41 on page 454 and click either the add icon or an edit icon in the recurring section 456
- The year month and day columns are not used in recurring schedules and are disabled in this screen the following table describes the remaining labels in this screen 456
- Uag series user s guide 456
- Chapter 41 schedules 457
- Label description 457
- Schedule group 457
- The following table describes the fields in the above screen 457
- The schedule group add edit screen 457
- The schedule group add edit screen allows you to define a schedule group or edit an existing one to access this screen go to the schedule screen see and click either the add icon or an edit icon in the schedule group section 457
- The schedule group summary screen 457
- Uag series user s guide 457
- Chapter 41 schedules 458
- Label description 458
- The following table describes the fields in the above screen 458
- Uag series user s guide 458
- Aaa server 459
- Overview 459
- Radius server 459
- What you can do in this chapter 459
- What you need to know 459
- Adding editing a radius server 460
- Radius server summary 460
- Add edit 461
- Chapter 42 aaa server 461
- Label description 461
- The following table describes the labels in this screen 461
- Uag series user s guide 461
- Add edit continued 462
- Chapter 42 aaa server 462
- Label description 462
- Uag series user s guide 462
- Add edit continued 463
- Chapter 42 aaa server 463
- Label description 463
- Uag series user s guide 463
- Authentication method 464
- Authentication method objects 464
- Before you begin 464
- Overview 464
- What you can do in this chapter 464
- Creating an authentication method object 465
- Note you can not select two server objects of the same type 465
- Chapter 43 authentication method 466
- Label description 466
- The following table describes the labels in this screen 466
- Uag series user s guide 466
- Certificates 467
- Overview 467
- What you can do in this chapter 467
- What you need to know 467
- Advantages of certificates 468
- Certificate file formats 468
- Factory default certificate 468
- Self signed certificates 468
- Note be careful not to convert a binary file to text during the transfer process it is easy for this to occur since many programs use text files by default 469
- Verifying a certificate 469
- Chapter 44 certificates 470
- Label description 470
- My certificates 470
- My certificates to open the my certificates screen this is the uag s summary list of certificates and certification requests 470
- The following table describes the labels in this screen 470
- The my certificates screen 470
- Uag series user s guide 470
- Use a secure method to verify that the certificate owner has the same information in the thumbprint algorithm and thumbprint fields the secure method may very based on your situation possible examples would be over the telephone or through an https connection 470
- Chapter 44 certificates 471
- Label description 471
- My certificates and then the add icon to open the my certificates add screen use this screen to have the uag create a self signed certificate enroll a certificate with a certification authority or generate a certification request 471
- My certificates continued 471
- The my certificates add screen 471
- Uag series user s guide 471
- Chapter 44 certificates 472
- Label description 472
- The following table describes the labels in this screen 472
- Uag series user s guide 472
- Add continued 473
- Chapter 44 certificates 473
- Label description 473
- My certificates and then the edit icon to open the my certificate edit screen you can use this screen to view in depth certificate information and change the certificate s name 473
- The my certificates edit screen 473
- Uag series user s guide 473
- Chapter 44 certificates 474
- Label description 474
- The following table describes the labels in this screen 474
- Uag series user s guide 474
- Chapter 44 certificates 475
- Edit continued 475
- Label description 475
- Uag series user s guide 475
- Chapter 44 certificates 476
- Edit continued 476
- Import to open the my certificate import screen follow the instructions in this screen to save an existing certificate to the uag 476
- Label description 476
- Note you can import a certificate that matches a corresponding certification request that was generated by the uag you can also import a certificate in pkcs 12 format including the certificate s public and private keys 476
- The certificate you import replaces the corresponding request in the my certificates screen 476
- The my certificates import screen 476
- Uag series user s guide 476
- You must remove any spaces from the certificate s filename before you can import it 476
- Chapter 44 certificates 477
- Import 477
- Label description 477
- The following table describes the labels in this screen 477
- The trusted certificates screen 477
- Trusted certificates to open the trusted certificates screen this screen displays a summary list of certificates that you have set the uag to accept as trusted the uag also accepts any valid certificate signed by a certificate on this list as being trustworthy thus you do not need to import any certificate that is signed by one of these certificates 477
- Uag series user s guide 477
- Chapter 44 certificates 478
- Label description 478
- The following table describes the labels in this screen 478
- Trusted certificates 478
- Uag series user s guide 478
- The trusted certificates edit screen 479
- Chapter 44 certificates 480
- Label description 480
- The following table describes the labels in this screen 480
- Uag series user s guide 480
- Chapter 44 certificates 481
- Edit continued 481
- Import 481
- Import to open the trusted certificates import screen follow the instructions in this screen to save a trusted certificate to the uag 481
- Label description 481
- Note you must remove any spaces from the certificate s filename before you can import the certificate 481
- The trusted certificates import screen 481
- Uag series user s guide 481
- Chapter 44 certificates 482
- Import 482
- Label description 482
- The following table describes the labels in this screen 482
- Uag series user s guide 482
- Isp account summary 483
- Isp accounts 483
- Overview 483
- What you can do in this chapter 483
- Isp account edit 484
- Chapter 45 isp accounts 485
- Edit continued 485
- Label description 485
- Uag series user s guide 485
- Overview 486
- System 486
- What you can do in this chapter 486
- Host name 487
- Note only connect one usb device it must allow writing it cannot be read only and use the fat16 fat32 ext2 or ext3 file system 487
- Note see each section for related background information and term definitions 487
- Usb storage 487
- Chapter 46 system 488
- Date and time 488
- Date time the screen displays as shown you can manually set the uag s time and date or have the uag get the date and time from a time server 488
- For effective scheduling and logging the uag system time must be accurate the uag s real time chip rtc keeps track of the time and date there is also a software mechanism to set the time manually or get the current time and date from an external server 488
- Label description 488
- The following table describes the labels in this screen 488
- Uag series user s guide 488
- Usb storage 488
- Chapter 46 system 489
- Date and time 489
- Label description 489
- The following table describes the labels in this screen 489
- Uag series user s guide 489
- Chapter 46 system 490
- Date and time continued 490
- Label description 490
- Uag series user s guide 490
- Pre defined ntp time servers list 491
- Time server synchronization 491
- Console port speed 492
- Configuring the dns screen 493
- Dns overview 493
- Dns server address assignment 493
- Chapter 46 system 494
- Label description 494
- The following table describes the labels in this screen 494
- Uag series user s guide 494
- Chapter 46 system 495
- Dns continued 495
- Label description 495
- Uag series user s guide 495
- A ptr pointer record is also called a reverse record or a reverse lookup record it is a mapping of an ip address to a domain name 496
- Adding an address ptr record 496
- Address record 496
- An address record contains the mapping of a fully qualified domain name fqdn to an ip address an fqdn consists of a host and domain name for example www zyxel com is a fully qualified domain name where www is the host zyxel is the second level domain and com is the top level domain mail myzyxel com tw is also a fqdn where mail is the host myzyxel is the third level domain com is the second level domain and tw is the top level domain 496
- Chapter 46 system 496
- Click the add icon in the address ptr record table to add an address ptr record 496
- Dns continued 496
- Label description 496
- Ptr record 496
- The uag allows you to configure address records about the uag itself or another device this way you can keep a record of dns names and addresses that people on your network may use frequently if the uag receives a dns query for an fqdn for which the uag has an address record the uag can send the ip address in a dns response without having to query a dns name server 496
- Uag series user s guide 496
- Adding a cname record 497
- Cname record 497
- A domain zone forwarder contains a dns server s ip address the uag can query the dns server to resolve domain zones for features like ddns and the time server a domain zone is a fully qualified domain name without the host for example zyxel com tw is the domain zone for the www zyxel com tw fully qualified domain name 498
- Adding a domain zone forwarder 498
- Chapter 46 system 498
- Click the add icon in the domain zone forwarder table to add a domain zone forwarder record 498
- Domain zone forwarder 498
- Label description 498
- The following table describes the labels in this screen 498
- Uag series user s guide 498
- 0 mx record 499
- A mx mail exchange record indicates which host is responsible for the mail for a particular domain that is controls where mail is sent for that domain if you do not configure proper mx records for your domain or other domain external e mail from other mail servers will not be able to be delivered to your mail server and vice versa each host or domain can have only one mx record that is one domain is mapping to one host 499
- Chapter 46 system 499
- Domain zone forwarder add 499
- Label description 499
- The following table describes the labels in this screen 499
- Uag series user s guide 499
- 1 adding a mx record 500
- 2 adding a dns service control rule 500
- Chapter 46 system 500
- Click the add icon in the mx record table to add a mx record 500
- Click the add icon in the service control table to add a service control rule 500
- Label description 500
- Mx record add 500
- Service control rule add 500
- The following table describes the labels in this screen 500
- Uag series user s guide 500
- Note to allow the uag to be accessed from a specified computer using a service make sure you do not have a service control rule or to device security policy to block that traffic 501
- Service access limitations 501
- System timeout 501
- Www overview 501
- Configuring www service control 502
- Note if you disable http in the www screen then the uag blocks all http connection attempts 502
- Note admin service control deals with management access to the web configurator user service control deals with user access to the uag logging into a web portal to access the internet for example 503
- Chapter 46 system 504
- Label description 504
- Service control continued 504
- Uag series user s guide 504
- Chapter 46 system 505
- Click add or edit in the service control table in a www ssh telnet ftp or snmp screen to add a service control rule 505
- Label description 505
- Service control continued 505
- Service control rules 505
- Uag series user s guide 505
- Chapter 46 system 506
- Customizing the www login page 506
- Label description 506
- Login page to open the login page screen use this screen to customize the web configurator login screen you can also customize the page that displays after an access user logs into the web configurator to access network services like the internet see chapter 35 on page 399 for more on access user accounts you can configure both the desktop and mobile versions of the the service pages users click a link in the pages to switch between the two versions 506
- The following table describes the labels in this screen 506
- Uag series user s guide 506
- Chapter 46 system 510
- Enter rgb followed by red green and blue values in parenthesis and separate by commas for example use rgb 0 0 0 for black 510
- Label description 510
- Login page 510
- Note use a gif jpg or png of 100 kilobytes or less 510
- The following table describes the labels in the screen 510
- Uag series user s guide 510
- Your desired color should display in the preview screen on the right after you click in another field click apply or press enter if your desired color does not display your browser may not support it try selecting another color 510
- Https example 511
- Internet explorer warning messages 511
- Mozilla firefox warning messages 511
- Avoiding browser warning messages 512
- Enrolling and importing ssl client certificates 513
- Login screen 513
- Installing the ca s certificate 514
- Installing your personal certificate s 514
- Using a certificate when accessing the uag example 517
- How ssh works 519
- Configuring ssh 520
- Requirements for using ssh 520
- Ssh implementation on the uag 520
- A window displays prompting you to store the host key in you computer click yes to continue 521
- Chapter 46 system 521
- Configure the ssh client to accept connection using ssh version 1 521
- Example 1 microsoft windows 521
- Label description 521
- Launch the ssh client and specify the connection information ip address port number for the uag 521
- Secure telnet using ssh examples 521
- Ssh continued 521
- This section describes how to access the uag using the secure shell client program 521
- This section shows two examples using a command interface and a graphical interface ssh client program to remotely access the uag the configuration and connection steps are similar for most ssh client programs refer to your ssh client program user s guide 521
- Uag series user s guide 521
- Example 2 linux 522
- Chapter 46 system 523
- Configuring telnet 523
- Label description 523
- Telnet 523
- Telnet to configure your uag for remote telnet access use this screen to specify from which zones telnet can be used to manage the uag you can also specify from which ip addresses the access can come 523
- The following table describes the labels in this screen 523
- Uag series user s guide 523
- You can use telnet to access the uag s command line interface specify which zones allow telnet access and from which ip address the access can come 523
- Chapter 46 system 524
- Configuring ftp 524
- Ftp tab the screen appears as shown use this screen to specify from which zones ftp can be used to access the uag you can also specify from which ip addresses the access can come 524
- Label description 524
- Telnet continued 524
- Uag series user s guide 524
- You can upload and download the uag s firmware and configuration files using ftp to use this feature your computer must have an ftp client please see chapter 48 on page 549 for more information about firmware and configuration files 524
- Chapter 46 system 525
- Label description 525
- Simple network management protocol is a protocol used for exchanging management information between network devices your uag supports snmp agent functionality which allows a manager station to manage and monitor the uag through the network the uag supports snmp version one snmpv1 and version two snmpv2c the next figure illustrates an snmp management operation 525
- The following table describes the labels in this screen 525
- Uag series user s guide 525
- Supported mibs 526
- Configuring snmp 527
- Snmp traps 527
- Auth server tab the screen appears as shown use this screen to enable the authentication server feature of the uag and specify the radius client s ip address 528
- Authentication server 528
- Chapter 46 system 528
- Label description 528
- The following table describes the labels in this screen 528
- Uag series user s guide 528
- Auth server 529
- Chapter 46 system 529
- Label description 529
- The following table describes the labels in this screen 529
- Uag series user s guide 529
- Add edit 530
- Add edit trusted radius client 530
- Auth server to display the auth server screen click the add icon or an edit icon to display the following screen use this screen to create a new entry or edit an existing one 530
- Chapter 46 system 530
- Label description 530
- The following table describes the labels in this screen 530
- Uag series user s guide 530
- Language 531
- Zyxel one network zon utility 531
- Chapter 46 system 532
- Icon description 532
- In the zon utility select a device and then use the icons to perform actions the following table describes the icons numbered from left to right in the zon utility screen 532
- Label description 532
- Table 252 zon utility icons 532
- Table 253 zon utility fields 532
- The following table describes the fields in the zon utility main screen 532
- Uag series user s guide 532
- Use this screen to enable zdp and smart connect 532
- Zyxel one network zon system screen 532
- Chapter 46 system 533
- Ethernet neighbor for information on using smart connect link layer discovery protocol lldp for discovering and configuring lldp aware devices in the same broadcast domain as the uag that you re logged into using the web configurator 533
- Label description 533
- The following table describes the labels in this screen 533
- Uag series user s guide 533
- Zon to open this screen 533
- Email daily report 534
- Log and report 534
- Overview 534
- What you can do in this chapter 534
- Chapter 47 log and report 536
- Email daily report 536
- Label description 536
- Log settings screens 536
- The following table describes the labels in this screen 536
- The log settings screens control log messages and alerts a log message stores the information for viewing or regular e mailing later and an alert is e mailed immediately usually alerts are used for events that require more serious attention such as system errors and attacks 536
- Uag series user s guide 536
- Log settings summary 537
- Chapter 47 log and report 538
- Edit system log settings 538
- Label description 538
- Log settings continued 538
- The log settings edit screen controls the detailed settings for each log in the system log which includes the e mail profiles go to the log settings summary screen see section 47 on page 537 and click the system log edit icon 538
- Uag series user s guide 538
- Chapter 47 log and report 540
- Edit system log 540
- Label description 540
- The following table describes the labels in this screen 540
- Uag series user s guide 540
- Chapter 47 log and report 541
- Edit system log continued 541
- Label description 541
- Uag series user s guide 541
- Edit log on usb storage setting 542
- Chapter 47 log and report 543
- Edit remote server log settings 543
- Edit usb storage continued 543
- Label description 543
- The log settings edit screen controls the detailed settings for each log in the remote server syslog go to the log settings summary screen see section 47 on page 537 and click a remote server edit icon 543
- Uag series user s guide 543
- Chapter 47 log and report 545
- Edit remote server 545
- Label description 545
- Log category settings screen 545
- The following table describes the labels in this screen 545
- This screen allows you to view and to edit what information is included in the system log usb storage e mail profiles and remote servers at the same time it does not let you change other log settings for example where and how often log information is e mailed or remote server names to access this screen go to the log settings summary screen see section 47 on page 537 and click the log category settings button 545
- Uag series user s guide 545
- Chapter 47 log and report 547
- Label description 547
- Log category settings 547
- The following table describes the fields in this screen 547
- Uag series user s guide 547
- Chapter 47 log and report 548
- Label description 548
- Log category settings continued 548
- Uag series user s guide 548
- File manager 549
- Overview 549
- What you can do in this chapter 549
- What you need to know 549
- Comments in configuration files or shell scripts 550
- Note exit or must follow sub commands if it is to make the uag exit sub command mode 550
- Errors in configuration files or shell scripts 551
- The configuration file screen 551
- Configuration file flow at restart 552
- Do not turn off the uag while configuration file upload is in progress 552
- Chapter 48 file manager 553
- Configuration file 553
- Label description 553
- Rename 553
- The following table describes the labels in this screen 553
- Uag series user s guide 553
- Chapter 48 file manager 554
- Configuration file continued 554
- Label description 554
- Uag series user s guide 554
- Note the web configurator is the recommended method for uploading firmware you only need to use the command line interface if you need to recover the firmware see the cli reference guide for how to determine if you need to recover the firmware and how to recover it 555
- The firmware package screen 555
- The firmware update can take up to five minutes do not turn off or reset the uag while the firmware update is in progress 555
- Note the uag automatically reboots after a successful upload 556
- Note you should include write commands in your scripts if you do not use the write command the changes will be lost when the uag restarts you could use multiple write commands in a long script 557
- The shell script screen 557
- Chapter 48 file manager 558
- Each field is described in the following table 558
- Label description 558
- Rename 558
- Shell script 558
- Uag series user s guide 558
- Chapter 48 file manager 559
- Label description 559
- Shell script continued 559
- Uag series user s guide 559
- Diagnostics 560
- Overview 560
- The diagnostics screen 560
- What you can do in this chapter 560
- Chapter 49 diagnostics 561
- Diagnostics 561
- Files to open the diagnostic files screen this screen lists the files of diagnostic information the uag has collected and stored in a connected usb storage device you may need to send these files to customer support for troubleshooting 561
- Label description 561
- The diagnostics files screen 561
- The following table describes the labels in this screen 561
- Uag series user s guide 561
- Chapter 49 diagnostics 562
- Label description 562
- Note new capture files overwrite existing files of the same name change the file suffix field s setting to avoid this 562
- Packet capture to open the packet capture screen 562
- The following table describes the labels in this screen 562
- The packet capture screen 562
- Uag series user s guide 562
- Chapter 49 diagnostics 563
- Label description 563
- Packet capture 563
- The following table describes the labels in this screen 563
- Uag series user s guide 563
- Chapter 49 diagnostics 564
- Label description 564
- Note if you have existing capture files and have not selected the continuously capture and overwrite old ones option you may need to set this size larger or delete existing capture files 564
- Note the uag reserves some onboard storage space as a buffer 564
- Note the uag reserves some usb storage space as a buffer 564
- Packet capture continued 564
- Uag series user s guide 564
- Chapter 49 diagnostics 565
- Files to open the packet capture files screen this screen lists the files of packet captures stored on the uag or a connected usb storage device you can download the files to your computer where you can study them using a packet analyzer also known as a network or protocol analyzer such as wireshark 565
- Label description 565
- Packet capture continued 565
- The following table describes the labels in this screen 565
- The packet capture files screen 565
- Uag series user s guide 565
- The core dump files screen 566
- The core dump screen 566
- Chapter 49 diagnostics 567
- Label description 567
- System log to open the system log files screen this screen lists the files of system logs stored on a connected usb storage device the files are in comma separated value csv format you can download them to your computer and open them in a tool like microsoft s excel 567
- The following table describes the labels in this screen 567
- The system log screen 567
- Uag series user s guide 567
- Chapter 49 diagnostics 568
- Label description 568
- Network tool to display this screen 568
- System log 568
- The following table describes the labels in this screen 568
- The network tool screen 568
- Uag series user s guide 568
- Use this screen to ping or traceroute an ip address 568
- Chapter 49 diagnostics 569
- Label description 569
- Network tool 569
- Note new capture files overwrite existing files of the same name change the file prefix field s setting to avoid this 569
- The following table describes the labels in this screen 569
- The wireless frame capture screen 569
- Uag series user s guide 569
- Use this screen to capture wireless network traffic going through the ap interfaces connected to your uag studying these frame captures may help you identify network problems 569
- Wireless frame capture to display this screen 569
- Capture 570
- Chapter 49 diagnostics 570
- Label description 570
- Note if you have existing capture files you may need to set this size larger or delete existing capture files 570
- The following table describes the labels in this screen 570
- Uag series user s guide 570
- Capture continued 571
- Chapter 49 diagnostics 571
- Files to open this screen this screen lists the files of wireless frame captures the uag has performed you can download the files to your computer where you can study them using a packet analyzer also known as a network or protocol analyzer such as wireshark 571
- Label description 571
- The following table describes the labels in this screen 571
- The wireless frame capture files screen 571
- Uag series user s guide 571
- Overview 572
- Packet flow explore 572
- The routing status screen 572
- What you can do in this chapter 572
- Chapter 50 packet flow explore 576
- Label description 576
- Routing status 576
- Routing status main route 576
- The following table describes the labels in this screen 576
- Uag series user s guide 576
- Chapter 50 packet flow explore 577
- Label description 577
- Routing status continued 577
- Uag series user s guide 577
- Note once a packet matches the criteria of an snat rule the uag takes the corresponding action and does not perform any further flow checking 578
- The snat status screen 578
- Chapter 50 packet flow explore 580
- Label description 580
- Snat status 580
- The following table describes the labels in this screen 580
- Uag series user s guide 580
- Overview 581
- Reboot 581
- The reboot screen 581
- What you need to know 581
- Overview 582
- Shutdown 582
- The shutdown screen 582
- What you need to know 582
- Troubleshooting 583
- I cannot enter the interface name i want 584
- I cannot set up a ppp interface virtual ethernet interface or virtual vlan interface on an ethernet interface 584
- I configured security settings but the uag is not applying them for certain interfaces 584
- The uag is not applying the custom policy route i configured 584
- The uag is not applying the custom security policy i configured 584
- I cannot configure a particular vlan interface on top of an ethernet interface even though i have it configured it on top of another ethernet interface 585
- I cannot get dynamic dns to work 585
- I cannot set up a ppp interface 585
- My rules and settings that apply to a particular interface no longer work 585
- The uag is not applying an interface s configured ingress bandwidth limit 585
- The uag routes and applies snat for traffic from some interfaces but not from others 585
- I cannot create a second http redirect rule for an incoming interface 586
- I cannot get the radius server to authenticate the uag s default admin account 586
- I changed the lan ip address and can no longer access the internet 586
- The uag fails to authentication the ext user user accounts i configured 586
- The uag keeps resetting the connection 586
- I cannot add the admin users to a user group with access users 587
- I cannot add the default admin account to a user group 587
- I cannot get a certificate to import into the uag 587
- Note be careful not to convert a binary file to text during the transfer process it is easy for this to occur since many programs use text files by default 587
- The schedule i configured is not being applied at the configured times 587
- I can only see newer logs older logs are missing 588
- I cannot access the uag from a computer connected to the internet 588
- I uploaded a logo to display on the upper left corner of the web configurator login screen and access page but it does not display properly 588
- I uploaded a logo to use as the screen or window background but it does not display properly 588
- Note exit or must follow sub commands if it is to make the uag exit sub command mode 588
- The commands in my configuration file or shell script are not working properly 588
- The uag s traffic throughput rate decreased after i started collecting traffic statistics 588
- I cannot get the firmware uploaded using the commands 589
- My earlier packet capture files are missing 589
- My packet capture captured less than i wanted or failed 589
- Note this procedure removes the current configuration 589
- Resetting the uag 589
- Getting more troubleshooting help 590
- Customer support 591
- Ppendi 591
- Austria 592
- Europe 592
- Malaysia 592
- Pakistan 592
- Philipines 592
- Singapore 592
- Taiwan 592
- Thailand 592
- Vietnam 592
- Belarus 593
- Belgium 593
- Bulgaria 593
- Denmark 593
- Estonia 593
- Finland 593
- France 593
- Germany 593
- Hungary 593
- Latvia 593
- Lithuania 594
- Netherlands 594
- Norway 594
- Poland 594
- Romania 594
- Russia 594
- Slovakia 594
- Sweden 594
- Switzerland 594
- Argentina 595
- Ecuador 595
- Latin america 595
- Middle east 595
- North america 595
- Turkey 595
- Ukraine 595
- Africa 596
- Australia 596
- Oceania 596
- South africa 596
- Legal information 597
- Ppendi 597
- Appendix b legal information 598
- Declaration of conformity with regard to eu directive 1999 5 ec r tte directive 598
- Déclaration d exposition aux radiations 598
- European union 598
- Industry canada radiation exposure statement 598
- Industry canada rss gen rss 210 statement 598
- Uag series user s guide 598
- Appendix b legal information 599
- National restrictions 599
- Uag series user s guide 599
- Appendix b legal information 600
- List of national codes 600
- Safety warnings 600
- Uag series user s guide 600
- Appendix b legal information 601
- Environment statement 601
- Erp energy related products 601
- Uag series user s guide 601
- Weee directive 601
- Environmental product declaration 602
- Appendix b legal information 603
- Open source licenses 603
- Registration 603
- Uag series user s guide 603
- Viewing certifications 603
- Zyxel limited warranty 603
- 台灣 603
- Numbers 604
- Symbols 604
Похожие устройства
- Zyxel UAG4100 Инструкция по монтажу
- Zyxel UAG4100 Технические характеристики
- Zyxel UAG4100 Рекомендации по настройке
- Zyxel UAG4100 Справочник командного интерфейса
- Zyxel UAG5100 Инструкция по эксплуатации
- Zyxel UAG5100 Справочник командного интерфейса
- Zyxel UAG5100 Технические характеристики
- Zyxel UAG5100 Инструкция по монтажу
- Zyxel UAG5100 Рекомендации по настройке
- Zyxel SP-300E Инструкция по эксплуатации
- HP envy 17-j111sr leap motion, f7t10ea Инструкция по эксплуатации
- HP pavilion 11-e100sr touchsmart, f5b63ea Инструкция по эксплуатации
- HP pavilion 15-n006sr, e9l07ea Инструкция по эксплуатации
- HP pavilion 15-n263sr, f7s40ea Инструкция по эксплуатации
- HP pavilion 15-n273sr, f8t38ea Инструкция по эксплуатации
- HP probook 430, f0x04ea Инструкция по эксплуатации
- HP probook 450, e9y09ea Инструкция по эксплуатации
- HP probook 450, h6r42ea Инструкция по эксплуатации
- HP probook 450, e9x95ea Инструкция по эксплуатации
- HP color laserjet enterprise 700 m750n Инструкция по эксплуатации