1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. P-660HN-F1Z
    5. /
  5. 35
Page 171 / 421 Scroll up to view Page 166 - 170
Chapter 9 Firewalls
P-660HN-FxZ Series User’s Guide
169
Figure 92
Ideal Firewall Setup
9.5.4.1
The “Triangle Route” Problem
A traffic route is a path for sending or receiving data packets between two Ethernet devices.
You may have more than one connection to the Internet (through one or more ISPs). If an
alternate gateway is on the LAN (and its IP address is in the same subnet as the ZyXEL
Device’s LAN IP address), the “triangle route” (also called asymmetrical route) problem may
occur. The steps below describe the “triangle route” problem.
1
A computer on the LAN initiates a connection by sending out a SYN packet to a
receiving server on the WAN.
2
The ZyXEL Device reroutes the SYN packet through Gateway
A
on the LAN to the
WAN.
3
The reply from the WAN goes directly to the computer on the LAN without going
through the ZyXEL Device.
As a result, the ZyXEL Device resets the connection, as the connection has not been
acknowledged.
Figure 93
“Triangle Route” Problem
9.5.4.2
Solving the “Triangle Route” Problem
If you have the ZyXEL Device allow triangle route sessions, traffic from the WAN can go
directly to a LAN computer without passing through the ZyXEL Device and its firewall
protection.
Another solution is to use IP alias. IP alias allows you to partition your network into logical
sections over the same Ethernet interface. Your ZyXEL Device supports up to three logical
LAN interfaces with the ZyXEL Device being the gateway for each logical network.
1
2
WAN
LAN
1
2
3
WAN
LAN
A
ISP 1
ISP 2
Page 172 / 421
Chapter 9 Firewalls
P-660HN-FxZ Series User’s Guide
170
It’s like having multiple LAN networks that actually use the same physical cables and ports.
By putting your LAN and Gateway
A
in different subnets, all returning network traffic must
pass through the ZyXEL Device to your LAN. The following steps describe such a scenario.
1
A computer on the LAN initiates a connection by sending a SYN packet to a receiving
server on the WAN.
2
The ZyXEL Device
reroutes the packet to Gateway A, which is in Subnet 2.
3
The reply from the WAN goes to the ZyXEL Device.
4
The ZyXEL Device then sends it to the computer on the LAN in Subnet 1.
Figure 94
IP Alias
1
2
3
LAN
A
ISP 1
ISP 2
4
WAN
Subnet 1
Subnet 2
Page 173 / 421
P-660HN-FxZ Series User’s Guide
171
C
HAPTER
10
Content Filtering
10.1
Overview
Internet content filtering allows you to block web sites based on keywords in the URL.
See
Section 10.1.4 on page 171
for an example of setting up content filtering.
10.1.1
What You Can Do in the Content Filter Screens
Use the
Keyword
screen (
Section 10.2 on page 173
) to block web sites based on a
keyword in the URL.
Use the
Schedule
screen (
Section 10.3 on page 174
) to specify the days and times
keyword blocking is active.
Use the
Trusted
screen (
Section 10.4 on page 175
) to exclude computers and other
devices on your LAN from the keyword blocking filter.
10.1.2
What You Need to Know About Content Filtering
URL
The URL (Uniform Resource Locator) identifies and helps locates resources on a network. On
the Internet the URL is the web address that you type in the address bar of your Internet
browser, for example “http://www.zyxel.com”.
10.1.3
Before You Begin
To use the
Trusted
screen, you need the IP addresses of devices on your network. See the
LAN
section (
Section 10.4 on page 175
) for more information.
10.1.4
Content Filtering Example
The following shows the steps required for a parent (Bob) to set up content filtering on a home
network in order to limit his children’s access to certain web sites. In the following example,
all URLs containing the word ‘bad’ are blocked.
1
Click
Security > Content Filter
to display the following screen.
2
Select
Active Keyword Blocking
.
3
In the
Keyword
field type keywords to identify websites to be blocked.
4
Click
Add Keyword
for each keyword to be entered.
5
Click
Apply
.
Page 174 / 421
Chapter 10 Content Filtering
P-660HN-FxZ Series User’s Guide
172
Figure 95
Security > Content Filter > Keyword: Example
Bob’s son arrives home from school at four, while his parents arrive later, at about 7pm. So
keyword blocking is enabled for these times on weekdays and not on the weekend when the
parents are at home.
1
Click
Security > Content Filter > Schedule
to display the following screen.
2
Click
Edit Daily to Block
and select all weekdays.
3
Under
Start Time
and
End Time
, type the times for blocking to begin and end (4pm ~
7pm in this example).
4
Click
Apply
.
Figure 96
Security > Content Filter > Schedule: Example
The children can access the family computer in the living room, while only the parents use
another computer in the study room. So keyword blocking is only needed on the family
computer and the study computer can be excluded from keyword blocking. Bob’s home
network is on the domain “192.168.1.xxx”. Bob gave his home computer a static IP address of
192.168.1.2 and the study computer a static IP address of 192.168.1.3. To exclude the study
computer from keyword blocking he follows these steps.
1
Click
Security > Content Filter
>
Trusted
to display the following screen.
Page 175 / 421
Chapter 10 Content Filtering
P-660HN-FxZ Series User’s Guide
173
2
In the
Start IP Address
and
End IP Address
fields, type 192.168.1.3.
3
Click
Apply
.
Figure 97
Security > Content Filter > Trusted: Example
That finishes setting up keyword blocking on the home computer.
10.2
The Keyword Screen
Use this screen to block sites containing certain keywords in the URL. For example, if you
enable the keyword "bad", the ZyXEL Device blocks all sites containing this keyword
To have your ZyXEL Device block websites containing keywords in their URLs, click
Security >
Content Filter
. The screen appears as shown.
Figure 98
Security > Content Filtering > Keyword
The following table describes the labels in this screen.
Table 58
Security > Content Filtering > Keyword
LABEL
DESCRIPTION
Active Keyword Blocking
Select this check box to enable this feature.
Block Websites that
contain these keywords in
the URL:
This box contains the list of all the keywords that you have configured the
ZyXEL Device to block.
Delete
Highlight a keyword in the box and click this to remove it.

Rate

4 / 5 based on 1 vote.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top