37

6.3

WPS

–

WIFI PROTECTED SETUP

1.

Click on [Wireless]

–

[WPS] tab. You will see the following screen.

To connect a computer using WPS, click

Push Button

. Then you will have two minutes to go to your computer, select the

wireless network and connect. If your computer asks for a WPS PIN Code, that can be generated by clicking the

Generate

PIN Code

button. If you are connecting to a device that has a WPS button, first click the WPS

Push Button

and then press

the WPS button on that device within 2 minutes. This will connect the two devices together.

WPS Enable

Select Enable or Disable to activate or deactivate WPS.

WPS Router PIN Code

Click ―Generate PIN Code‖ to automatically generate a random WPS PIN code.

WPS Push Button

Click this button to start the WPS process.

WPS Client PIN Code Connect

Use this to manually connect a client that has generated a PIN code.

38

CHAPTER7 SECURITY SETTINGS

7.1

FIREWALL SETUP

1.

Click on [Security]

–

[Firewall] tab. You will see the following screen.

2.

Configure Security Settings following the instructions below.

SPI Firewall Protection

Select Enable to enable SPI Firewall Protection.

Select Disable to disable SPI Firewall Protection.

TCP SYN DoS

Protection

Check to enable TCP SYN DoS Protection.

Uncheck to disable TCP SYN DoS Protection.

TCP SYN DoS attack sends a flood of TCP/SYN packets. Each of these packets

are like a connection request, causing the server to consume computing

resources (e.g. memory, CPU) to reply and to continuously wait for the incoming

packets. Without TCP SYN Dos Protection, the resources in the server will be

easily consumed completely. This will then consequently result in the dysfunction

of the server.

The ZyXEL VFG6005 Series VPN Firewall Gateway is able to detect TCP SYN

DoS attacks and limits the resource consumption by lowering the incoming

request rate by fast recycling the resource. Therefore, the ZyXEL VFG6005

Series VPN Firewall Gateway is still able to serve normal traffic while it is under

such an attack.

ICMP Broadcasting

Protection

Check to enable ICMP Broadcasting Protection.

Uncheck to disable ICMP Broadcasting Protection.

ICMP broadcasting attack is a type of DoS attacks. A flood of ICMP broadcasting

packets is generated and sent to a server (like the ZyXEL VFG6005 Series VPN

39

Firewall Gateway). Consequently, this server will suffer from a huge amount of

interruptions and consumption of computing resources.

The ZyXEL VFG6005 Series VPN Firewall Gateway is able to stop responding to

ICMP broadcasting echo packets in order to avoid a potential ICMP broadcasting

DoS attack.

ICMP Redirect

Protection

Check to enable ICMP Redirect Protection.

Uncheck to disable ICMP Redirect Protection.

An ICMP redirect message is a way to change the existing routing path.

Generally, ICMP redirect packets should not be sent, and so when there is the

occurrence that ICMP redirect packets are sent, it is important to note that it is

very likely to be used as a means for a network attack.

40

7.2

ACCESS CONTROL LIST (ACL) SETUP

7.2.1

ACL Settings

1.

Click on [Security]

–

[Access Control] tab. You will see the following screen.

Please do not change the parameters unless you wish to customize it by yourself.

2.

Configure Access Control List (ACL) Settings following the instructions below.

ACL

Select Enable to enable ACL.

Select Disable to disable ACL.

Default ACL

Action

Check Enable to enable a specific MAC Filter rule.

Uncheck Enable to disable a specific MAC Filter rule.

Type the MAC address to permit a device to access to the network.

* Enabling MAC filtering blocks all MAC addresses which are not listed in the MAC Filter Rule.

Be aware that adding the MAC address of your managing computer is required in order to

access to the ZyXEL VFG6005 Series VPN Firewall Gateway.

41

3.

Click on [Add] tab. You will see the following screen.

4.

Configure [Add Access Control List (ACL)] Settings following the instructions below

Sequence Number

This defines the sequence of the ACL rules. If a packet fits the conditions set

by the ACL rules, the packet will then be sorted according to the first ACL rule

from the top of the list.

Rule Name

Name of the ACL rule.

Rule Enable

Enable/Disable this ACL rule

External Interface

Please select which External Interface (WAN1 or WAN2) you want a packet to

go through, IF the packet fits the condition of this ACL rule.

Internal IP Range

Set up the internal IP range for this ACL rule.

External IP Range

Set up the external IP range for this ACL rule.

Protocol

Set up the protocol (TCP or UDP) for the ACL to be enabled.

Service Port Range

Set up the Service Port Range (e.g., HTTP is TCP/80) for the ACL to be

enabled.

Action

Select ALLOW / DENY

。