Zyxel P-660HN-F1Z Router Manual PDF (Setup & Configuration Guide)

Page 246 / 421 Scroll up to view Page 241 - 245

P-660HN-FxZ Series User’s Guide

243

C

HAPTER

17

Remote Management

17.1

Overview

Remote management allows you to determine which services/protocols can access which

ZyXEL Device interface (if any) from which computers.

The following figure shows remote management of the ZyXEL Device coming in from the

WAN.

Figure 143

Remote Management From the WAN

"

When you configure remote management to allow management from the

WAN, you still need to configure a firewall rule to allow access.

You may manage your ZyXEL Device from a remote location via:

•

Internet (WAN only)

•

ALL (LAN and WAN)

•

LAN only,

•

Neither (Disable).

To disable remote management of a service, select

Disable

in the corresponding

Access

Status

field.

You may only have one remote management session running at a time. The ZyXEL Device

automatically disconnects a remote management session of lower priority when another

remote management session of higher priority starts. The priorities for the different types of

remote management sessions are as follows.

LAN

WAN

HTTP

Telnet

Page 247 / 421

Chapter 17 Remote Management

P-660HN-FxZ Series User’s Guide

244

1

Telnet

2

HTTP

17.1.1

What You Can Do in the Remote Management Screens

•

Use the

WWW

screen (

Section 17.2 on page 245

) to configure through which interface(s)

and from which IP address(es) users can use HTTP to manage the ZyXEL Device.

•

Use the

Telnet

screen (

Section 17.3 on page 247

) to configure through which interface(s)

and from which IP address(es) users can use Telnet to manage the ZyXEL Device.

•

Use the

FTP

screen (

Section 17.4 on page 248

) to configure through which interface(s)

and from which IP address(es) users can use FTP to access the ZyXEL Device.

•

Use the

SNMP

screen (

Section 17.5 on page 248

) to configure your ZyXEL Device’s

settings for Simple Network Management Protocol management.

•

Use the

DNS

screen (

Section 17.6 on page 252

) to configure through which interface(s)

and from which IP address(es) users can send DNS queries to the ZyXEL Device.

•

Use the

ICMP

screen (

Section 17.7 on page 252

) to set whether or not your ZyXEL

Device will respond to pings and probes for services that you have not made available.

17.1.2

What You Need to Know About Remote Management

Remote Management Limitations

Remote management does not work when:

•

You have not enabled that service on the interface in the corresponding remote

management screen.

•

You have disabled that service in one of the remote management screens.

•

The IP address in the

Secured Client IP

field does not match the client IP address. If it

does not match, the ZyXEL Device will disconnect the session immediately.

•

There is already another remote management session with an equal or higher priority

running. You may only have one remote management session running at one time.

•

There is a firewall rule that blocks it.

Remote Management and NAT

When NAT is enabled:

•

Use the ZyXEL Device’s WAN IP address when configuring from the WAN.

•

Use the ZyXEL Device’s LAN IP address when configuring from the LAN.

System Timeout

There is a default system management idle timeout of five minutes (three hundred seconds).

The ZyXEL Device automatically logs you out if the management session remains idle for

longer than this timeout period. The management session does not time out when a statistics

screen is polling.

Page 248 / 421

Chapter 17 Remote Management

P-660HN-FxZ Series User’s Guide

245

17.2

The WWW Screen

Use this screen to specify how to connect to the ZyXEL Device from a web browser, such as

Internet Explorer.

17.2.1

WWW and HTTPS

HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web

protocol that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application-

level protocol that enables secure transactions of data by ensuring confidentiality (an

unauthorized party cannot read the transferred data), authentication (one party can identify the

other party) and data integrity (you know if data has been changed).

It relies upon certificates, public keys, and private keys (see

Chapter 12 on page 185

for more

information).

HTTPS on the ZyXEL Device is used so that you may securely access the ZyXEL Device

using the web configurator. The SSL protocol specifies that the SSL server (the ZyXEL

Device) must always authenticate itself to the SSL client (the computer which requests the

HTTPS connection with the ZyXEL Device), whereas the SSL client only should authenticate

itself when the SSL server requires it to do so (select

Authenticate Client Certificates

in the

Remote MGMT > WWW

screen).

Authenticate Client Certificates

is optional and if

selected means the SSL-client must send the ZyXEL Device a certificate. You must apply for a

certificate for the browser from a CA that is a trusted CA on the ZyXEL Device.

Please refer to the following figure.

1

HTTPS connection requests from an SSL-aware web browser go to port 443 (by default)

on the ZyXEL Device’s WS (web server).

2

HTTP connection requests from a web browser go to port 80 (by default) on the ZyXEL

Device’s WS (web server).

Figure 144

HTTPS Implementation

"

If you disable the

WWW

service in the

Remote MGMT > WWW

screen, then

the ZyXEL Device blocks all HTTP connection attempts.

Page 249 / 421

Chapter 17 Remote Management

P-660HN-FxZ Series User’s Guide

246

17.2.2

Configuring the WWW Screen

Click

Advanced > Remote MGMT

to display the

WWW

screen.

Figure 145

Advanced > Remote Management > WWW

The following table describes the labels in this screen.

Table 90

Advanced > Remote Management > WWW

LABEL

DESCRIPTION

WWW

Port

You may change the server port number for a service, if needed. However, you

must use the same port number in order to use that service for remote

management.

Access Status

Select the interface(s) through which a computer may access the ZyXEL Device

using this service.

Secured Client IP

A secured client is a “trusted” computer that is allowed to communicate with the

ZyXEL Device using this service.

Select

All

to allow any computer to access the ZyXEL Device using this service.

Choose

Selected

to just allow the computer with the IP address that you specify to

access the ZyXEL Device using this service.

HTTPS

Server Host Key

Select the

Server Host Key

that the ZyXEL Device will use to identify itself. The

ZyXEL Device is the SSL server and must always authenticate itself to the SSL

client (the computer which requests the HTTPS connection with the ZyXEL

Device).

Authenticate

Client Certificates

Select

Authenticate Client Certificates

(optional) to require the SSL client to

authenticate itself with the ZyXEL Device by sending the ZyXEL Device a

certificate. To do that the SSL client must have a CA-signed certificate from a CA

that has been imported as a trusted CA on the ZyXEL Device.

Port

You may change the server port number for a service if needed, however you must

use the same port number in order to use that service for remote management.

Access Status

Select the interface(s) through which a computer may access the ZyXEL Device

using this service.

Page 250 / 421

Chapter 17 Remote Management

P-660HN-FxZ Series User’s Guide

247

17.3

The Telnet Screen

You can use Telnet to access the ZyXEL Device’s command line interface. Specify which

interfaces allow Telnet access and from which IP address the access can come.

Click

Advanced > Remote MGMT

>

Telnet

tab to display the screen as shown.

Figure 146

Advanced > Remote Management > Telnet

The following table describes the labels in this screen.

Secured Client IP

A secured client is a “trusted” computer that is allowed to communicate with the

ZyXEL Device using this service.

Select

All

to allow any computer to access the ZyXEL Device using this service.

Choose

Selected

to just allow the computer with the IP address that you specify to

access the ZyXEL Device using this service.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Table 90

Advanced > Remote Management > WWW

LABEL

DESCRIPTION

Table 91

Advanced > Remote Management > Telnet

LABEL

DESCRIPTION

Port

You may change the server port number for a service if needed, however you must

use the same port number in order to use that service for remote management.

Access Status

Select the interface(s) through which a computer may access the ZyXEL Device

using this service.

Secured Client

IP

A secured client is a “trusted” computer that is allowed to communicate with the

ZyXEL Device using this service.

Select

All

to allow any computer to access the ZyXEL Device using this service.

Choose

Selected

to just allow the computer with the IP address that you specify to

access the ZyXEL Device using this service.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share