ZyXEL Communications ISG50 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of ZyXEL Communications ISG50, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of ZyXEL Communications ISG50 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of ZyXEL Communications ISG50. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of ZyXEL Communications ISG50 should contain:
- informations concerning technical data of ZyXEL Communications ISG50
- name of the manufacturer and a year of construction of the ZyXEL Communications ISG50 item
- rules of operation, control and maintenance of the ZyXEL Communications ISG50 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of ZyXEL Communications ISG50 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of ZyXEL Communications ISG50, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the ZyXEL Communications service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of ZyXEL Communications ISG50.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the ZyXEL Communications ISG50 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    www .zyxel.com www .zyxel.com ISG50 Integrated Service Gateway IMPORT ANT! READ CAREFULL Y BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Copyright © 2012 ZyXEL Communications Corporation V ersion 2.30 Edition 3, 05/2012 Default Login Details LAN IP Address https://192.168.1.1 User Name admin Pa ss wo rd 1234[...]

  • Page 2

    ISG50 User’s Guide 2 IMPORT ANT! READ CAREFULL Y BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Graphics in this book ma y differ slightly from the product due to difference s in oper ating systems, operating system versions, or if y ou installed updated firmware/software fo r your device. Every effort has been made to ensure that the informat[...]

  • Page 3

    Contents Overview ISG50 User’s Guide 3 Contents Overview User ’ s Guide ......................................................................................... ......................... ..................... 25 Introducing the ISG50 ............... ............. ................ ................ ............. ................ ................[...]

  • Page 4

    Contents Overview ISG50 User’s Guide 4 Meet-me Conference ... ............. ................ ................ ................ ............. ................ ............... ........... ..... 547 Paging Group ........ ... .... ............. ... ... ... .... ... ... ... ... ............. .... ... ... ... .... ... ... ............. ... ... .... .. [...]

  • Page 5

    Table of Contents ISG50 User’s Guide 5 Table of Contents Contents Overview .............................................................................. ............................... ................. 3 Table of Contents ................................................. ..................................................... ........... ........[...]

  • Page 6

    Table of Contents ISG50 User’s Guide 6 4.1.1 Internet Access Se tup - WAN Interface ....................... ............. ................ ............. ................ . 59 4.1.2 Internet Access: Ethernet ...... ... ... ... ... ............. ............. ................ ............. ................ .............. 60 4.1.3 Internet Access: P[...]

  • Page 7

    Table of Contents ISG50 User’s Guide 7 6.5.2 NA T T able Checking Flow ................ ... .... ... ... ... .... ... ... ... .... ... ... ............. ... ... .... ... ... ... ... .... ... ...... . 96 6.6 Other Features Configuration Overview . ... ... .... ... ... ... .... ... ... ... ............. ... .... ... ... ... .... ... ... ... ... ...[...]

  • Page 8

    Table of Contents ISG50 User’s Guide 8 7.5.2 Set Up Us er Groups ........... ................ ............. ................. ............ ................. ................ ...... .. 1 18 7.5.3 Set Up Us er Authen ticati on Using the RADIUS Server ............. ................ ................ ............ 1 18 7.6 How to Use a RADI US Server t[...]

  • Page 9

    Table of Contents ISG50 User’s Guide 9 8.7 Using Call Features ............. ... ... ... ............. ... .... ... ... ... .... ... ............. ... ... ... .... ... ... ... .... ...... .......... ........ 163 8.7.1 Customizing Feature Codes ............ ............. ................ ............. ................ ............. ............ ..[...]

  • Page 10

    Table of Contents ISG50 User’s Guide 10 10.7 IP/MAC Binding Monitor .......................... ... ............. ................. ............ ................. ........... ........... .. 205 10.8 The Login Users Screen .. ... ... ... .... ... ... ... ... .... ............. ... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ...... ..[...]

  • Page 11

    Table of Contents ISG50 User’s Guide 11 12.6 VLAN Interfaces ........ ... ............. ................ ............. ................. ............ ............. .......... .................. 259 12.6.1 VLAN Summary Screen .......... ... ... ... .... ... ............. ............. ................ ............. ................ ... .. 261 12.6[...]

  • Page 12

    Table of Contents ISG50 User’s Guide 12 16.1 Zones Overview ...... ...... ....... ............. ................ ............. ................ ............. ................ . ................. 313 16.1.1 What Y ou Can Do in this Chapter ......... ................ ............. ................ ............. ................ ..... 313 16.1.2 Wha[...]

  • Page 13

    Table of Contents ISG50 User’s Guide 13 21.1.1 What Y ou Can Do in this Chapter ......... ................ ............. ................ ............. ................ ..... 341 21.1.2 What Y ou Need to Know .......... ............. ............. ............. ............ ............. .......... ............. . .... 341 21.2 IP/MAC Binding Sum[...]

  • Page 14

    Table of Contents ISG50 User’s Guide 14 25.1 Overview . ................ ............. ................ ............. ................ ................ ............. ......... ................. ..... 397 25.1.1 What Y ou Can Do in this Chapter ......... ................ ............. ................ ............. ................ ..... 397 25.1.[...]

  • Page 15

    Table of Contents ISG50 User’s Guide 15 28.1 Overview . ................ ............. ................ ............. ................ ................ ............. ......... ................. ..... 448 28.1.1 What Y ou Can Do in this Chapter ......... ................ ............. ................ ............. ................ ..... 448 28.1.[...]

  • Page 16

    Table of Contents ISG50 User’s Guide 16 30.2.10 Auto-Attendant for Incoming BRI Calls .. ................ ............. ................ ................ ............. .. 502 Chapter 31 Auto-attendant ....................... ............................................................... ........................... ................. 503 31.1 Over[...]

  • Page 17

    Table of Contents ISG50 User’s Guide 17 34.3 The Call Park Screen . ... ............. ................ ............. ................. ............ ................. ......... ............... 534 34.3.1 Configuring the Call Park Screen ......... ................ ............. ................ ............. ................ .... . 535 34.4 The Cal[...]

  • Page 18

    Table of Contents ISG50 User’s Guide 18 38.6.1 The Skill Menu Settings Sc reen .......... ............. ................ ............. ................ ............. ....... . 565 38.6.2 Add/Edit Skill Menu Action Screen ......... ...... ............. ................ ............. ................ ............ 566 Chapter 39 Sound Files ........[...]

  • Page 19

    Table of Contents ISG50 User’s Guide 19 42.5.1 Local Phonebook Add/Edit Screen ...................... ... ... .... ............ .... ... ... ... .... ... ... ... ... .... ... ... .. 59 2 Chapter 43 Office Hours ................................................ ............................................................... .... ................. .[...]

  • Page 20

    Table of Contents ISG50 User’s Guide 20 Chapter 47 Schedules ......................................... ..................................................... ........................ .................... 625 47.1 Overview . ................ ............. ................ ............. ................ ................ ............. ......... .....[...]

  • Page 21

    Table of Contents ISG50 User’s Guide 21 50.3.2 The T rusted Certificates Im port Screen ............ ............. ................ ................ ............. ........ 65 9 50.4 Certificates T echnical R eference .......... ................ ................ ................ ................. ............ .. .......... 659 Chapter 51 ISP Accou[...]

  • Page 22

    Table of Contents ISG50 User’s Guide 22 52.8.4 Configuring SSH ......... ... ............. ................ ............. ................ ............. ................ ..... .......... 695 52.8.5 Secure T eln et Using SSH Examples .... ................ ................ ................ ................ ............... 696 52.9 T elnet ...... ..[...]

  • Page 23

    Table of Contents ISG50 User’s Guide 23 56.1 Overview . ................ ............. ................ ............. ................ ................ ............. ......... ................. ..... 737 56.1.1 What Y ou Can Do in this Chapter ......... ................ ............. ................ ............. ................ ..... 737 56.2 [...]

  • Page 24

    Table of Contents ISG50 User’s Guide 24 61.1 Resetting the ISG50 ................... ................ ............. ................. ................ ................ ..... ................ 774 61.2 Getting More Troubleshooting Help ........... ................. ............. ............ ................. ............ ...... ...... 774 Appendix[...]

  • Page 25

    25 P ART I User ’ s Guide[...]

  • Page 26

    26[...]

  • Page 27

    ISG50 User’s Guide 27 C HAPTER 1 Introducing the ISG50 This chapter gives an overview of the ISG50. It ex plains the front panel ports, LEDs, introduces the management methods, and lists different wa ys to start or stop the ISG50. 1.1 Overview The ISG50 combines an IP PBX with powerful routing and security features. Its flexible configuration hel[...]

  • Page 28

    Chapter 1 Introduci ng the ISG50 ISG50 User’s Guide 28 company can call each other by dialing extensions. Calls to the outside world go through the IP PBX to the PSTN, ITSP , or ISDN. Figure 1 IP PBX Example The ISG50 can function as a stand alone telephone switchboard for a small organization. It can also supplement a legacy PBX within an organi[...]

  • Page 29

    Chapter 1 Introducing th e ISG50 ISG50 User’s Guide 29 1.1.3.1 All-in-one Use the ISG50 to provide V oIP and security services. Figure 2 All-in-one Application Scenario V oIP Services: • V oIP phones and smartphones can make internal calls and external calls. • Least Cost R outing (LCR) dialing rules put calls through the appropriate outbound[...]

  • Page 30

    Chapter 1 Introduci ng the ISG50 ISG50 User’s Guide 30 provides the V oIP services listed in the previo us scenario, and the USG provides the security services. Here is an example. Figure 3 DMZ Installation 1.1.3.3 Parall el to a USG Connect the ISG50 to the Internet and a USG model’ s LAN to give the V oIP a physically separate Internet connec[...]

  • Page 31

    Chapter 1 Introducing th e ISG50 ISG50 User’s Guide 31 1.1.3.4 N-site In addition to one of the application scenarios alre ady described, you can also use site-to-site VPNs to connect ISG50s at multiple locations. This allo ws peer to peer V oIP calling and faxes over IP without using an ITSP and remote dial-out to make local calls in different a[...]

  • Page 32

    Chapter 1 Introduci ng the ISG50 ISG50 User’s Guide 32 Use a #2 Phillips screwdriver to install the screws. Note: F ailure to use the proper screws may damage the unit . 1.2.1 Rack-Mounted In st allation Procedure 1 Align one brack et with the holes on one side of th e ISG50 and secure it with the included bracket screws (smaller than the rack -m[...]

  • Page 33

    Chapter 1 Introducing th e ISG50 ISG50 User’s Guide 33 Connect the frame ground before you connect any other cables or wiring. Figure 8 Frame Ground 1.4 Front Panel This section introduces the ISG50’ s front panel. Figure 9 ISG50-PSTN Front P anel Figure 10 ISG50-ISDN Front Panel 1.4.1 Front Panel LEDs The followi ng table descri bes the LEDs .[...]

  • Page 34

    Chapter 1 Introduci ng the ISG50 ISG50 User’s Guide 34 1.5 3G PCMCIA Card Inst allation Only insert a compatible 3G card. Slide th e connector end of the card into the slot. Do not force, bend or twist the card. 1.6 Management Overview Y ou can use the following ways to manage the ISG50. WAN P1/P2 Off There is no tr a ffic on this port. Green On [...]

  • Page 35

    Chapter 1 Introducing th e ISG50 ISG50 User’s Guide 35 Web Configurator The W eb Configurator allows easy ISG50 setup and management using an Internet browser . This User’s Guide provides informat ion about the W eb Configurator . Figure 1 1 Managing the ISG50: W eb Configurator Command-Line Interface (CLI) The CLI allows you to use text -based[...]

  • Page 36

    Chapter 1 Introduci ng the ISG50 ISG50 User’s Guide 36 Always use Maintena nce > Shut down > Shut down or the shutdown command before you turn off the IS G50 or remove th e power . Not doing so can cause the firmware to become corrupt. The ISG50 does not stop or start the system processes when you apply configur ation files or run shell scr[...]

  • Page 37

    ISG50 User’s Guide 37 C HAPTER 2 Features and Applications This chapter introduces the main features and applications of the ISG50. 2.1 Features V oice over Internet Pro toc ol (V oIP) Implementation The ISG50 uses SIP (Session Initiation Protocol) to communicate with other SIP devices. SIP is an internationally-recognized standard for implementi[...]

  • Page 38

    Chapter 2 Features an d Applications ISG50 User’s Guide 38 F: SIP Servers - Servers ( D ) located at your Internet T elephony Service Provider (ITSP) which process outgoing calls from the ISG50 and direct them to IP phones on the Internet or tr aditional phones on the PSTN. Figure 12 SIP Devices and the ISG50 PBX T elephony Features The ISG50 all[...]

  • Page 39

    Chapter 2 Features and Applica ti ons ISG50 User’s Guide 39 • B - Connecting sever al ISG50s together to manage a larger telephone network. Figure 13 Scalable Design Automatic Call Distribution Automatic Call Distribution (ACD) allows you to di stribute incoming calls to specific groups of phones connected to your telephone network. Distribu te[...]

  • Page 40

    Chapter 2 Features an d Applications ISG50 User’s Guide 40 Set up multiple connections to the Internet on th e same port, or set up multiple connections on different ports. In either case, you can balance the loads between them. Figure 14 Applications: Multiple WAN Interfaces Virtual Private Networks (VPN) Use IPSec VPN to provide secure communic[...]

  • Page 41

    Chapter 2 Features and Applica ti ons ISG50 User’s Guide 41 trav e lers to provide secure access to your network. Y ou can also set up additional connections to the Internet to provide better service. Figure 15 Applications: VPN Connectivity Flexible Security Zones Many security settings are made by zone, not by inte rface, port, or network. As a[...]

  • Page 42

    Chapter 2 Features an d Applications ISG50 User’s Guide 42 User-A ware Access Control Set up security policies that restrict access to sensitive information and shared resources based on the user who is trying to access it. Figure 16 Applications: User-A ware Access Control Firewall The ISG50’s firew a ll is a stateful inspection firewall. The [...]

  • Page 43

    ISG50 User’s Guide 43 C HAPTER 3 Web Configurator The ISG50 W eb Configurator allows easy ISG50 se tup and management using an Internet brow ser . 3.1 W eb Configurator Requirement s In order to use the W eb Configurator , you must • Use Internet Explorer 7 or later , or Firefox 1.5 or later • Allow pop-up windows (blocked by de fault in Wind[...]

  • Page 44

    Chapter 3 Web Configurator ISG50 User’s Guide 44 3 T ype the user name (default: “adm in”) and password (default: “1234”). If your account is configured to use an AS AS authentication serv er , use the OTP (One- Time Password) tok en to generate a number . Enter it in the One-Time Password field. The number is only good for one login. Y o[...]

  • Page 45

    Chapter 3 Web Configurator ISG50 User’s Guide 45 3.3 W eb Configurator Screens Overview Figure 19 Dashboard The W eb Configurator screen is divided into these parts (as illustrated in Figure 19 on page 45 ): • A - title bar • B - navigation panel • C - main window 3.3.1 T itle Bar The title bar provides some icons in the upper right corner [...]

  • Page 46

    Chapter 3 Web Configurator ISG50 User’s Guide 46 3.3.1.1 About Click this to display basic information ab out the ISG5 0. Figure 21 Title Bar The following table describes labels that can appear in this screen. 3.3.2 Navigation Panel Use the menu items on the navigation panel to open screens to configure ISG50 features. Click the arrow in the mid[...]

  • Page 47

    Chapter 3 Web Configurator ISG50 User’s Guide 47 drag it to resize them. The following se ctions introduce the ISG50’s navigation panel menus and their screens. Figure 22 Navigation Panel 3.3.2.1 Dashboard The dashboard displays general device information, system status, system resource usage, licensed service status, and interface status in wi[...]

  • Page 48

    Chapter 3 Web Configurator ISG50 User’s Guide 48 3.3.2.3 Configuration Menu Use the configur ation menu screens to configure the ISG50’ s features. BRI T runk Displays status informat ion about ISDN BR I outbound line groups configured on t he ISG50. ACD Queue Monitor phone call activity for Automatic Call Distri bution (ACD) agents. Log Syst e[...]

  • Page 49

    Chapter 3 Web Configurator ISG50 User’s Guide 49 VPN IPSec VPN VPN Connection Configure IPSec tunnels . VPN Gateway Configure IKE tunnels. BWM Control bandwidth for services passing through the ISG50. Anti- X ADP General Display and manage ADP bindings. Profile Create and manage ADP profiles. PBX Global SIP Server Configure global SI P server set[...]

  • Page 50

    Chapter 3 Web Configurator ISG50 User’s Guide 50 Call Service Auto Callback Automatically call an ext ension once it becomes avai lable (ends an existing con versation). Call P ark Allow users to p ut a call on hold at o ne extension and pick up the call from another extens ion in y our organization. Call W aiting Allow users t o put a call on ho[...]

  • Page 51

    Chapter 3 Web Configurator ISG50 User’s Guide 51 Address Address Create and manage host, range, and network (subnet) addresses. Address Group Create and manage groups of addresses. Service Service Create and manage TC P and UDP services. Service Group Create and manage groups of services. Schedule Create on e-time and recurring schedules. AAA Ser[...]

  • Page 52

    Chapter 3 Web Configurator ISG50 User’s Guide 52 3.3.2.4 Maintenance Menu Use the maintenance menu screens to manage configur ation and firmware files, run diagnostics, and reboot or shut down the ISG50. 3.3.3 Main Window The main window shows the screen you select in the navigation panel. The main window screens are discussed in the rest of this[...]

  • Page 53

    Chapter 3 Web Configurator ISG50 User’s Guide 53 3.3.3.2 Site Map Click Site MAP to see an overview of links to the W eb Configur ator screens. Click a screen’ s link to go to that screen. Figure 24 Site Map 3.3.3.3 Object Reference Click Object Refe rence to open the Object Reference screen. Select the type of object and the individual object [...]

  • Page 54

    Chapter 3 Web Configurator ISG50 User’s Guide 54 The fields vary with the type of object. The followi ng table des cribes labels that can appear in this screen. 3.3.3.4 CLI Messages Click CLI to look at the CLI commands sent by the W eb Configurator . These commands appear in a popup window , suc h as the following. Figure 26 CLI Messages Click C[...]

  • Page 55

    Chapter 3 Web Configurator ISG50 User’s Guide 55 1 Click a column heading to sort the table’ s en tries according to that column’ s crite ria. Figure 27 Sorting T able Entries by a Column’s Criteria 2 Click the down arrow next to a column heading fo r more options about how to displa y the entries. The options av ailable vary depending on t[...]

  • Page 56

    Chapter 3 Web Configurator ISG50 User’s Guide 56 4 Select a column heading and drag an d drop it to change the column order . A green check mark displays next to the column’ s title when you dr ag the column to a valid new location. Figure 30 Changing the Column Order 5 Use the icons and fields at the bottom of the tabl e to na vigate to differ[...]

  • Page 57

    Chapter 3 Web Configurator ISG50 User’s Guide 57 3.3.4.3 Working with List s When a list of available entries displays next to a list of selected entries, you can often just double- click an entry to mov e it from one list to the other . In some lists you can also use the [Shift] or [Ctrl] key to select multiple entries, and then use the arrow bu[...]

  • Page 58

    Chapter 3 Web Configurator ISG50 User’s Guide 58 3.3.4.5 iNotes The iNote icon is a green square with an ‘i’ . Hover your cursor over the icon to display information. Figure 34 iNotes[...]

  • Page 59

    ISG50 User’s Guide 59 C HAPTER 4 Installation Setup Wizard 4.1 Inst allation Setup Wizard Screens If you log into the W eb Configurator when the IS G50 is using its default configur ation, the first Installation Setup Wizard screen displays. This wizard helps you configure Internet connection settings and activate subscription services. This chap[...]

  • Page 60

    Chapter 4 Installati on Setup Wi zard ISG50 User’s Guide 60 Note: Enter the Internet access information exactly as your ISP gave i t to you. Figure 36 Internet Access: Step 1 • I have two ISPs : Select this option to configure two Internet connections. Lea ve it cleared to configure just one. This option appears when y ou are configuring the fi[...]

  • Page 61

    Chapter 4 Installation Setup Wizard ISG50 User’s Guide 61 Note: Enter the Internet access informatio n exactly as given to you by y our ISP . Figure 37 Internet Access: Ethernet Encapsulation • Encapsulation : This displays the type of Internet connection you are configuring. • First WAN Interface : This is the number of the interface that wi[...]

  • Page 62

    Chapter 4 Installati on Setup Wi zard ISG50 User’s Guide 62 4.1.3 Internet Access: PPPoE Note: Enter the Internet access informatio n exactly as given to you by y our ISP . Figure 38 Internet Access: PPPoE Encapsulation 4.1.3.1 ISP Parameters • T ype the PPPoE Service Nam e from your service provider . PPPoE uses a service name to identify and [...]

  • Page 63

    Chapter 4 Installation Setup Wizard ISG50 User’s Guide 63 • First / Second DNS Serve r : These fields displa y if you selected static IP address assignment. The Domain Name System (DNS) maps a domain na me to an IP address and vice v e rsa. Enter a DNS serv er's IP addr ess(es). The DNS server is extremely impo rtant because withou t it, y[...]

  • Page 64

    Chapter 4 Installati on Setup Wi zard ISG50 User’s Guide 64 •S e l e c t Nailed-Up if you do not want the connection to tim e out. Otherwise, type the Id le Timeout in seconds that elapses before the router automatically disconnects from the PPTP server . 4.1.5.1 PPTP Configuration • Base Interface : This identifies the Ethernet interfa ce yo[...]

  • Page 65

    Chapter 4 Installation Setup Wizard ISG50 User’s Guide 65 4.1.6 Internet Access Setu p - Second W AN Interface If you selected I have two ISPs , after you configure the First WAN Interface , you can configure the Second WAN Interface . The screens for configuring the second W AN interface are similar to the first (see Section 4.1.1 on page 59 ). [...]

  • Page 66

    Chapter 4 Installati on Setup Wi zard ISG50 User’s Guide 66 4.1.7 Internet Access - Finish Y ou ha ve set up your ISG50 to access the Intern et. After configuring the WA N interface(s), a screen displays with your settings. If they are no t correct, click Back . Figure 41 Internet Access: Ethernet Encapsulation Note : If you have n ot a lre a dy [...]

  • Page 67

    Chapter 4 Installation Setup Wizard ISG50 User’s Guide 67 Use the Registration > Service screen to update your service subscription status. Figure 42 Re g i s t ra t i o n •S e l e c t new myZyXE L.com account if you haven’t created an account at myZ y XEL.com, selec t this option and configure the following fields to create an account and[...]

  • Page 68

    Chapter 4 Installati on Setup Wi zard ISG50 User’s Guide 68 • Country Code : Select your country from the drop-down bo x list. Figure 43 Registr ation: Registered Device[...]

  • Page 69

    ISG50 User’s Guide 69 C HAPTER 5 Quick Setup 5.1 Quick Setup Overview The W eb Configurator's quick setup wizards help you configure Internet and VPN connection settings. This chapter provides information on configuring the quick setup screens in the W eb Configurator . See the feature-specific chapters in this User’s Guide for backgroun d[...]

  • Page 70

    Chapter 5 Quick Setup ISG50 User’s Guide 70 5.2 W AN Interface Quick Setup Click WAN Interface in the main Qu ick Setup screen to open the WAN Interface Q uick Setup Wizard Welcome screen. Use these screens to configure an interface to connect to the internet. Click Next . Figure 45 WAN Interface Quick Setup Wizard 5.2.1 Choose an Ethernet Interf[...]

  • Page 71

    Chapter 5 Q uick Setup ISG50 User’s Guide 71 5.2.2 Select W AN T ype WAN Type Selection : Select the type of encapsulation this connection is to use. Ch oose Ethernet when the W AN port is used as a regular Ethernet. Otherwise, choose PPPoE or PPTP for a dial-up connection according to the inf ormation from y our ISP . Figure 47 WAN Interface Set[...]

  • Page 72

    Chapter 5 Quick Setup ISG50 User’s Guide 72 5.2.3 Configure W AN Settings Use this screen to select whether the interface should use a fixed or dynamic IP address. Figure 48 WAN Interface Setup: Step 2 • WAN Interface : This is the interface you are configuring for Internet access. • Zone : This is the security zone to which this interface an[...]

  • Page 73

    Chapter 5 Q uick Setup ISG50 User’s Guide 73 Note: Enter the Internet access information exactly as your ISP gave i t to you. Figure 49 WAN and ISP Connection Settings: (PPTP Shown) The following table describes the labels in this screen. Ta b l e 1 1 WAN and ISP Connection Settings LABEL DESCRIPTION ISP Pa rameter This section appear s if the in[...]

  • Page 74

    Chapter 5 Quick Setup ISG50 User’s Guide 74 Ret y p e to Confirm T ype your password again for confirmation. Nailed-Up Sele ct Nailed-Up if you do not w ant the connection to tim e out. Idle Timeout T ype the time in s econds that elapse s before the router autom atically disconnect s from the PPP oE server . 0 means no timeout. PPTP Configuratio[...]

  • Page 75

    Chapter 5 Q uick Setup ISG50 User’s Guide 75 5.2.5 Quick Setup Interface Wizard: Summary This screen displays the W AN interface’s settings. Figure 50 Interface Wizard: Summary WAN (PPTP Shown) The following table describes the labels in this screen. T able 12 Interface Wizard: Summary WAN LABEL DESCRIPTION Encapsulation This displa ys what enc[...]

  • Page 76

    Chapter 5 Quick Setup ISG50 User’s Guide 76 5.3 VPN Quick Setup Click VPN Setup in the main Quick Setup screen to open the VPN Setup Wizard Welcome screen. The VPN wizard creates corresponding VPN connection and VPN gatewa y settings and address objects that you can use later in configur ing more VPN connection s or other features. Click Next . F[...]

  • Page 77

    Chapter 5 Q uick Setup ISG50 User’s Guide 77 5.4 VPN Setup Wizard: W izard T ype A VPN (Virtual Private Netw ork) tunnel is a secure connection to another computer , smartphone, or network. Use this screen to select which type of VPN connection y ou want to configure. Figure 52 VPN Setup Wizard: Wizard T ype Express : Use this wizard to create a [...]

  • Page 78

    Chapter 5 Quick Setup ISG50 User’s Guide 78 5.5 VPN Express Wizard - Scenario Click the Express radio button as shown in Figure 52 on page 77 to display the following screen. Figure 53 VPN Express Wizard: Step 2 Rule Name : T y pe the name used to identify this VPN connection (and VPN gateway). Y ou may use 1-31 alphanumeric char acters, undersco[...]

  • Page 79

    Chapter 5 Q uick Setup ISG50 User’s Guide 79 5.5.1 VPN Express Wi zard - Configuration Figure 54 VPN Express Wizard: Step 3 • Secure Gateway : If Any displays in this field, it is not configur able for the chosen scenario. If this field is configurable, enter the WAN IP addr ess or domain name of the remote IPSec device (secure gateway) to iden[...]

  • Page 80

    Chapter 5 Quick Setup ISG50 User’s Guide 80 5.5.2 VPN Express Wizard - Summary This screen provides a read-only summary of the VPN tunnel’s configur ation and also commands that you can copy and paste into another IS G50’ s command line interface to configure it. Figure 55 VPN Express Wizard: Step 4 • Rule Name : Identifies the VPN gatewa y[...]

  • Page 81

    Chapter 5 Q uick Setup ISG50 User’s Guide 81 5.5.3 VPN Express Wizard - Finish Now you can use the VPN tunnel. Figure 56 VPN Express Wizard: Finish Note: If you have not already done so , use the myZ yXEL.com link and register your ISG50 with myZ yXEL.com. Click Close to exit the wizard.[...]

  • Page 82

    Chapter 5 Quick Setup ISG50 User’s Guide 82 5.5.4 VPN Advanced Wizard - Scenario Click the Advanced radio button as shown in Figu re 52 on page 77 to display the following screen. Figure 57 VPN Advanced Wizard: Scenario Rule Name : T y pe the name used to identify this VPN connection (and VPN gateway). Y ou may use 1-31 alphanumeric char acters, [...]

  • Page 83

    Chapter 5 Q uick Setup ISG50 User’s Guide 83 5.5.5 VPN Advanced Wiza rd - Phase 1 Settings There are two phases to every IKE (Internet Ke y E xchange) negotiation – ph ase 1 (Authentication) and phase 2 (K ey Exchange). A phase 1 exchange establishes an IKE SA (Security Association). Figure 58 VPN Advanced Wizard: Phase 1 Settings • Secure Ga[...]

  • Page 84

    Chapter 5 Quick Setup ISG50 User’s Guide 84 • SA Life Time : Set how often the ISG50 renegotiates the IKE SA. A short S A life time increases security , but renegotiation tempor arily disconnects the VPN tunnel. • NAT Traversal : Select this if the VPN tunnel must pa ss through NA T (there is a NA T router between the IPSec devices). Note: Th[...]

  • Page 85

    Chapter 5 Q uick Setup ISG50 User’s Guide 85 • Perfect F orward Secrecy (PFS): Disabling PFS allows faster IPSec setup, but is less secure. Select DH1, DH2 or DH5 to enable PFS. DH5 is more secure than DH 1 or DH2 (although it ma y affect throughput). DH1 refers to Diffie-Hellman Group 1 a 768 bit random number . DH2 refers to Diffie-Hellman Gr[...]

  • Page 86

    Chapter 5 Quick Setup ISG50 User’s Guide 86 5.5.8 VPN Advanced Wizard - Finish Now you can use the VPN tunnel. Figure 61 VPN Wizard: Step 6: Ad vanced Note : If you have n ot a lre a dy d o ne s o, yo u can register your ISG50 with myZ yXEL.com and activ ate trials of services. Click Close to exit the wizard.[...]

  • Page 87

    ISG50 User’s Guide 87 C HAPTER 6 Configuration Basics This information is provided to help you configure the ISG50 effectively . Some of it is helpful when you are just getting started. Som e of it is prov ided for your referen ce when you configure v arious features in the ISG50. • Section 6.2 on page 91 introduces the ISG50’s object -based [...]

  • Page 88

    Chapter 6 Configuration Basics ISG50 User’s Guide 88 • FXS (Foreign Exchange Subscriber) Extension - This is an extension assigned to an analog phone directly connected to an FXS port on the ISG50 (See Figure 62 on page 88 ). The FXS ports on the ISG50 work the same way as the phone sockets in your home. In your home you are a subscriber to the[...]

  • Page 89

    Chapter 6 Configuration Basics ISG50 User’s Guide 89 • Auto-Attendant - This is a feature which routes incoming calls to their proper extension. An auto-attendant is assigned to each outbound line group and it services incoming calls on those lines. If your organiz ation has two outbound line groups, each with a specific telephone number for in[...]

  • Page 90

    Chapter 6 Configuration Basics ISG50 User’s Guide 90 In the most basic setup example an organization has one authority group (with all of the company’ s extensions), one outbound line group an d an LCR which gr ants the authority group access to outbound lines. Everyone in the organization has the same rights to use outbound lines. Figure 64 Ou[...]

  • Page 91

    Chapter 6 Configuration Basics ISG50 User’s Guide 91 6.2 Object-based Configuration The ISG50 stores information or settings as objects. Y ou use these objects to configure many of the ISG50’ s features and settings. Once you configure an object, you can reuse it in configuring other features. When you change an object’s settings, the ISG5 0 [...]

  • Page 92

    Chapter 6 Configuration Basics ISG50 User’s Guide 92 6.3 Zones, Interfaces, and Physical Port s Z ones (groups of interfaces and VPN tunnels) simp lify security settings. Here is an overview of zones, interfaces, and physical ports in the ISG50. Figure 66 Zones, Interfaces, an d Physical Ethernet Ports 6.3.1 Interface T ypes There are many types [...]

  • Page 93

    Chapter 6 Configuration Basics ISG50 User’s Guide 93 • Virtual interfaces increase the amount of routing info rmation in the ISG50. There are three types: v irt ual Ethernet int erfaces (also known as IP alias), virtual VL AN interfaces , and virtual bridge interfaces . 6.3.2 Default Interface and Zone Configuration This section introduces the [...]

  • Page 94

    Chapter 6 Configuration Basics ISG50 User’s Guide 94 6.4 T erminology in the ISG50 This section highlights some terminol ogy or organization for the ISG50. 6.5 Packet Flow Here is the order in which the ISG50 applies its features and checks. T raffic in > Defragmentation > Destination NA T > Routing > Stateful Firewall > ADP > S[...]

  • Page 95

    Chapter 6 Configuration Basics ISG50 User’s Guide 95 • Automatic SNA T and W AN tru nk routing for tr affic go ing from internal to external interfaces (you don’t need to configure anything to all LAN to W AN traffic). The ISG50 automatically adds all of the external interfaces to the default W AN trunk. External interfaces include ppp and ce[...]

  • Page 96

    Chapter 6 Configuration Basics ISG50 User’s Guide 96 2 Policy Routes : These are the user-configu red policy routes. Configure policy routes to send packets through the appropriate interface or VPN tunnel. See Chapter 14 on page 289 for more on policy routes. 3 1 to 1 and Many 1 to 1 NAT : The se are the 1 to 1 NA T and many 1 to 1 NA T rules. If[...]

  • Page 97

    Chapter 6 Configuration Basics ISG50 User’s Guide 97 1 SNA T defined in the policy routes. 2 1 to 1 SNA T (including Many 1 to 1) is also included in the NA T table. 3 NA T loopback is now included in the NA T table instead of requiring a separ ate policy route. 4 SNA T is also now performed by default and included in the NA T table. 6.6 Other Fe[...]

  • Page 98

    Chapter 6 Configuration Basics ISG50 User’s Guide 98 6.6.2 Licensing Registration Use these screens to register your ISG50 and subscr ibe to services. Y ou must have Internet access to myZ yXEL.com. 6.6.3 Interface See Section 6.3 on page 92 for background information. Note: When you create an interface, there is no security applied on it until y[...]

  • Page 99

    Chapter 6 Configuration Basics ISG50 User’s Guide 99 Example: Y ou have an FTP server connected to P6 (in the DMZ zone). Y ou want to limit the amount of FTP traffic that go es out from the FTP server through your WAN connection. 1 Create an address object for the FTP server ( Object > Address ). 2 Click Configuration > Network > Routing[...]

  • Page 100

    Chapter 6 Configuration Basics ISG50 User’s Guide 100 Z ones cannot overlap. Each interface and VPN tunnel can be assigned to at most on e zone. Virtual interfaces are automatically assigned to the same zone as the interface on which they run. When you create a zone, the ISG50 does not create any firewall rule or configure remote management for t[...]

  • Page 101

    Chapter 6 Configuration Basics ISG50 User’s Guide 101 6.6.10 HTTP Redirect Configure this feature to hav e the ISG50 transparen tly forw ard HTTP (web) tr affic to a proxy serv er . This can speed up web browsing because the proxy serv er keeps copies of the web pages that hav e been accessed so they are readily av ailable the next time one of yo[...]

  • Page 102

    Chapter 6 Configuration Basics ISG50 User’s Guide 102 T o-ISG50 firewall rules control access to the ISG50. Configure to-ISG50 firewall rules for remote management. By default, the firewall only allows management connections from the LAN or WAN zone. Example: Suppose you have a SIP proxy server conn ected to the DMZ zone for V oIP calls. Y ou cou[...]

  • Page 103

    Chapter 6 Configuration Basics ISG50 User’s Guide 103 Examples: Suppose you w ant to give a user named Bob FTP access but with a limited download speed of 200 kbps from LAN (F TP client) to WAN (FTP server). 1 Create us er acc ount fo r Bob. 2 Click BWM > Add New Policy . Select the user account that you created for Bob. 3 Select from LAN zone[...]

  • Page 104

    Chapter 6 Configuration Basics ISG50 User’s Guide 104 6.7.1 User/Group Use these screens to configure the ISG50’s admini str ator and user accounts. The ISG50 provides the following user types. If you want to force users to log in to the ISG50 before the ISG50 routes traffic for them, you might have to configure prerequisites first. 6.8 System [...]

  • Page 105

    Chapter 6 Configuration Basics ISG50 User’s Guide 105 3 Click Co nfiguration > Sys tem > WWW to configure the HTTP management access. Enable HT TPS and add an administrator service control en try . • Select the address object for the ad m in i st ra t or ’s c o mp u te r . • Select the WAN zone. • Set the action to Accept . 6.8.2 Lo[...]

  • Page 106

    Chapter 6 Configuration Basics ISG50 User’s Guide 106[...]

  • Page 107

    ISG50 User’s Guide 107 C HAPTER 7 General Tutorials Here are examples of using the W eb Configurator to configure general settings in the ISG50. See Chapter 8 on page 135 for how to configure PBX settings. Note: The tutorials featured here require a basic understanding of connecting to and using the W eb Configurator , see Chapter 3 on page 43 fo[...]

  • Page 108

    Chapter 7 Gene ral Tutorials ISG50 User’s Guide 108 7.1.1 Configure a W AN Ethernet Interface Y ou need to assign the ISG50’ s wan1 interface a static IP address of 1.2.3.4. Click Configuration > Network > Interface > Ethernet and double-click the wan1 interface’s entry . Select Use Fixed IP Address and configure the IP address, subn[...]

  • Page 109

    Chapter 7 General Tuto ri als ISG50 User’s Guide 109 2 Select WIZ_VPN and move it to the Member box and click OK . Figure 74 Configuration > Network > Z one > IPSec_VPN Edit 7.2 How to Configure a Cellular Interface Use 3G cards for cellular WAN (Internet) co nnections. See www .zyxel.com for a list of the compatible 3G devices. In this [...]

  • Page 110

    Chapter 7 Gene ral Tutorials ISG50 User’s Guide 11 0 Figure 76 Configuration > Network > Interface > Cellular > Edit Note: The Network Selection is set to Auto by default. Thi s means that the 3G USB modem may connect to another 3G net work when your service provider is not in rang e or when necessary . Select Home t o h a v e t h e 3[...]

  • Page 111

    Chapter 7 General Tuto ri als ISG50 User’s Guide 111 T o fine-tune the load balancing configuration, see Chapter 13 on page 281 . See also Section 7.3 on page 111 for an example. 7.3 How to Configure Load Balancing This example shows how to configure a trunk for two W AN connections (to the Internet). The av ailable bandwidth for the connections [...]

  • Page 112

    Chapter 7 Gene ral Tutorials ISG50 User’s Guide 11 2 Figure 79 Configuration > Network > In terface > Ethernet > Edit (wan1) 2 Repeat the process to set the egress bandwidth for wan2 to 512 Kbps. 7.3.2 Configure the W AN T runk 1 Click Configuration > Network > Interface > Trunk . Click the Add icon. 2 Name the trunk and set [...]

  • Page 113

    Chapter 7 General Tuto ri als ISG50 User’s Guide 11 3 Figure 80 Configuration > Network > In terface > T runk > Add 3 Select the trunk as the default trunk and click Apply . Figure 81 Configuration > Network > In terface > T runk 7.4 How to Set Up an IPSec VPN T unnel This example shows how to use the IPSec VPN conf igur atio[...]

  • Page 114

    Chapter 7 Gene ral Tutorials ISG50 User’s Guide 11 4 Figure 82 VPN Example In this exampl e, the ISG50 is rou ter X (1.2.3.4), and the remote IPSec router is router Y (2.2.2.2). Create the VPN tunnel between ISG50 X ’s L AN subnet (192.168.1.0/24 ) and the LAN subnet behind peer IPSec router Y (172.16.1. 0/24 ). 7.4.1 Set Up the VPN Gateway The[...]

  • Page 115

    Chapter 7 General Tuto ri als ISG50 User’s Guide 11 5 Figure 83 Configuration > VPN > IPSec VPN > VPN Gateway > Add 7.4.2 Set Up the VPN Connection The VPN connection manages the IPSec SA. Y ou have to set up the address objects for the local network and remote network before you can set up the VPN connection. 1 Click Configuration &g[...]

  • Page 116

    Chapter 7 Gene ral Tutorials ISG50 User’s Guide 11 6 4 Enable the VPN connection and name it (“VPN_CONN_EXAMPLE”). Under VPN Gateway select Site-to-site and the VPN gateway ( VPN_GW_EXAMPLE ). Under Policy , select LAN1_SUBNET for the local network and VPN_REMOTE_SUBNET for the remote. Click OK . Figure 85 Configuration > VPN > IPSec VP[...]

  • Page 117

    Chapter 7 General Tuto ri als ISG50 User’s Guide 11 7 example that does not include priorities for different types of traffic. See Chapter 25 on page 397 for more on bandwidth management. The users are authenticated by an external RADIUS server at 192.168.1.200 . First, set up the user accounts and user groups in the ISG50. Then, set up user auth[...]

  • Page 118

    Chapter 7 Gene ral Tutorials ISG50 User’s Guide 11 8 7.5.2 Set Up User Group s Set up the user groups and assign the users to the user groups. 1 Click Configuration > Object > User/Group > Group . Click the Add icon. 2 Enter the name of the group that is used in the exam ple in T abl e 18 on page 117 . In this exampl e, it is “Finance?[...]

  • Page 119

    Chapter 7 General Tuto ri als ISG50 User’s Guide 11 9 Figure 88 Configuration > Object > AA A Server > RADIUS > Add 2 Click Configuration > Object > A uth. method . Double-click the default entry . Click the Add icon. Select group radius because the ISG50 should use the specified RADIUS server for authentication. Click OK . Figu[...]

  • Page 120

    Chapter 7 Gene ral Tutorials ISG50 User’s Guide 120 Figure 90 Configuration > Object > User/Group > Setting > Add (F orce User Authentication P olicy) When the users try to browse the web (or u se any HT TP/HTTPS application), the Login screen appears. They have to log in using the user name and password in the RADIUS server . 7.6 How[...]

  • Page 121

    Chapter 7 General Tuto ri als ISG50 User’s Guide 121 Figure 91 Configuration > Object > AA A Server > RADIUS > Add 2 Now you ad d ext -group-user us er objects to iden ti fy groups based on the group identifier values. Set up one user account for each group of user accounts in the RADIUS server . Click Configuration > Object > U[...]

  • Page 122

    Chapter 7 Gene ral Tutorials ISG50 User’s Guide 122 7.7 How to Use Authentication Policies Here is how to use authentication policies to mak e sure that users log in before they are allowed to access the network. 7.7.1 Configure the Authentication Policy Click Confi guration > Auth. Policy and then the Authentication Policy Summary ’s Add ic[...]

  • Page 123

    Chapter 7 General Tuto ri als ISG50 User’s Guide 123 Figure 94 Configuration > Auth. P olicy 7.8 How to Configure Service Control Service control lets you configure rules that co ntrol HT TP and HTTPS management access (to the W eb Configu rator) and separ ate rules that control HT TP and HT TPS user access. See Chapter 52 on page 665 for more[...]

  • Page 124

    Chapter 7 Gene ral Tutorials ISG50 User’s Guide 124 Figure 95 Configuration > System > WWW 3 In the Zone field select LAN1 and click OK . Figure 96 Configuration > System > WWW > Service Control Rule Edit 4 Select the new rule and click the Add icon. Figure 97 Configuration > System > WWW (First Example Admin Service Rule Con[...]

  • Page 125

    Chapter 7 General Tuto ri als ISG50 User’s Guide 125 Figure 98 Configuration > System > WWW > Service Control Rule Edit 6 Click Apply . Figure 99 Configuration > System > WWW (Second Ex ample A dmin Service Rule Configured) Now administrator access to the W eb Configurator can only come from the LAN1 zone. Non- admin users can stil[...]

  • Page 126

    Chapter 7 Gene ral Tutorials ISG50 User’s Guide 126 Figure 100 WAN to LAN H.323 P e er-to-p eer Calls Example 7.9.1 T urn On the A LG Click Configuration > Network > ALG . Select Enable H. 323 ALG and Enabl e H.323 transformations and click Ap ply . Figure 101 Configuration > Network > ALG 7.9.2 Set Up a NA T Policy Fo r H.323 In this[...]

  • Page 127

    Chapter 7 General Tuto ri als ISG50 User’s Guide 127 Figure 102 Create Address Objects 2 Click Configuration > Network > NAT > Add. Configure a name for the rule (WAN-LAN_H323 here). Y ou want the LAN H.323 device to receive peer-to- peer calls from the WAN and also be able to initiate calls to the W AN so you set the Classification to N[...]

  • Page 128

    Chapter 7 Gene ral Tutorials ISG50 User’s Guide 128 Figure 103 Configuration > Network > NA T > Add 7.9.3 Set Up a Firewall Rule For H.323 The default firewall rule for WA N-to-LAN traffic drops all tr affic. Here is how to configure a firewall rule to allow H.323 (TCP port 1720) tr affic receiv ed on the WAN_IP-for-H323 IP address to go[...]

  • Page 129

    Chapter 7 General Tuto ri als ISG50 User’s Guide 129 Figure 104 Configuration > Firewall > Add 7.10 How to Allow Publ ic Access to a W eb Server This is an example of making an HT TP (web) serv er in the DMZ zone accessible from the Internet (the WAN z one). In this example you have pub lic IP address 1.1.1.1 that you will use on the wan1 i[...]

  • Page 130

    Chapter 7 Gene ral Tutorials ISG50 User’s Guide 130 Figure 106 Creating the Address Object for the HTTP Server’ s Private IP Address 2 Create a host address object named Public_HTTP_Server_IP for the public WA N IP address 1.1.1.1. Figure 107 Creating the Address Object for the Public IP Address 7.10.2 Configure NA T Y ou need a NA T rule to se[...]

  • Page 131

    Chapter 7 General Tuto ri als ISG50 User’s Guide 131 Figure 108 Creating the NA T Entry 7.10.3 Set Up a Firewall Rule The firewall blocks tr affic from the WAN zon e to th e DMZ zone by default so you need to create a firewall rule to allow the public to send HT TP traffic to IP address 1.1.1.1 in order to access the HTT P se r ve r . I f a do m [...]

  • Page 132

    Chapter 7 Gene ral Tutorials ISG50 User’s Guide 132 Figure 109 Configuration > Firewall > Add 7.1 1 How to Use Multiple St atic Public W AN IP Addresses for LAN to W AN T raffic If your ISP gave you a r ange of static public IP ad dresses, here is how to configure a policy route to have the ISG50 u se them for tr affic it sends out from the[...]

  • Page 133

    Chapter 7 General Tuto ri als ISG50 User’s Guide 133 Although adding a description is optional, it is recommende d. This ex ample uses LA N-to-W AN- Range. Specify ing a Source Address is also optional although recommended. This example uses LAN_SUBNET1 . Set the Source N etwork A ddress Translation to Public-IPs and click OK . F i g u r e 111 Co[...]

  • Page 134

    Chapter 7 Gene ral Tutorials ISG50 User’s Guide 134 7.12 Initial Setup V i deo Use Adobe Reader 9 or later or a recent v ersion of Fo xit Reader to play this video. After clicking play , you may need to confirm that you want to play the content and click pla y again.[...]

  • Page 135

    ISG50 User’s Guide 135 C HAPTER 8 PBX Tutorials Here are examples of using the web configurator to set up and use the ISG50 for a telephone network as shown in the following figure. Figure 1 12 T utorial Overview The tutorials include: T able 19 Tutorials Overview T UTORIAL GOAL STEP S Making Internal Calls • Configure SIP Extensions • Connec[...]

  • Page 136

    Chapter 8 PBX Tutorials ISG50 User’s Guide 136 Note: This chapter assumes that you have al ready configured your network settings. See the QSG, the installation wizard Chapter 4 on page 59 , Chapter 5 on page 69 , and Chapter 7 on page 107 for more information. 8.1 Making Internal Calls This tutorial sets up the internal telephone extensions on y[...]

  • Page 137

    Chapter 8 PBX Tutorials ISG50 User’s Guide 137 1 In the web configurator , click Configuration > PBX > Extension Management > Authority Group to open the Authority Grou p screen. 2 Click the Add icon to open the Add screen. Enter the name of the group ( Basic in this example) and type 1-5 digits to use as an ID for this authority group ([...]

  • Page 138

    Chapter 8 PBX Tutorials ISG50 User’s Guide 138 The SIP user na me for ext en sion 1001 is 1001 and the SIP password for this extension is 11100199 . Y ou do not need to configure the Prefix and Postfix values as long as the SIP password length is at least four digits long. Click OK and wait for the ISG50 to create the extensions.[...]

  • Page 139

    Chapter 8 PBX Tutorials ISG50 User’s Guide 139 5 The SIP extensions display in the Edit Authority Group Basic screen. Click OK . 6 K eep a list of the SIP passwords (the Prefix + Extension Number + Postfix combinations). When you deploy the network’ s IP phones, you will need this information for SIP registration. See Section 8.1.2 on page 140 [...]

  • Page 140

    Chapter 8 PBX Tutorials ISG50 User’s Guide 140 8.1.2 Connect IP Phones Y ou can now set up your IP phones. F or example, you can connect all of the IP phones and the ISG50 to an Ethernet switch and assign all the IP phones IP addresses in the same subnet. Figure 1 14 Connect IP Phones 8.1.3 Register IP Phones After your network connections ha ve [...]

  • Page 141

    Chapter 8 PBX Tutorials ISG50 User’s Guide 141 Complete the SIP registration for all the IP phon es on your network. When all the phones are registered, you can make internal calls by dialin g the extension number assigned to each phone. 8.2 Auto Provisioning Y ou can hav e snom V oIP phones get a configuration text file from the ISG50. The conf [...]

  • Page 142

    Chapter 8 PBX Tutorials ISG50 User’s Guide 142 1 Click Configuration > PBX > Auto Provision . Then double-click a SIP extension entry . 2 Enter the SIP device’ s MAC address and select what model it is. Click OK . 3 Repeat these steps to map each SIP extension to a sno m device’s MAC. 8.2.1 Configuring the sno m V oIP Phones for Auto Pr[...]

  • Page 143

    Chapter 8 PBX Tutorials ISG50 User’s Guide 143 8.3 Making PSTN Calls The following section shows you how to make and receiv e calls via a connection to the PSTN. This example covers: • The PSTN Connection - configuring the outbound line group (connection settings) from the FXO ports to the PSTN. • Creating a Dialing Rule for PSTN - creating a[...]

  • Page 144

    Chapter 8 PBX Tutorials ISG50 User’s Guide 144 1 In the web configurator , click Configuration > PBX > Outb ound Line Management > Outbound Trunk Group to open the Outbound Trunk Group screen. 2 In the FXO Settings section click the Add icon to open the following screen. Enter the name of the group ( PSTN1 in this example) and select the[...]

  • Page 145

    Chapter 8 PBX Tutorials ISG50 User’s Guide 145 The LCRs determine which outside line the ISG50 sh ould use to complete outbound calls. In our example we want to use the PSTN1 outbound line group to complete local calls. Figure 1 19 Outbound Calls via PSTN 1 In the web configurator , click Configuration > PBX > Outbound Line Management > [...]

  • Page 146

    Chapter 8 PBX Tutorials ISG50 User’s Guide 146 • Click OK . 3 Click OK again and you are do ne configuring the L CR. Howev er , before it can be used by any of the phones connected to the ISG50, the LCR needs to be assigned to an appropriate authority group. 8.3.3 Assigning an LCR to an Authority Group Now add the LCR to an authorit y group to [...]

  • Page 147

    Chapter 8 PBX Tutorials ISG50 User’s Guide 147 2 Select the LocalCall entry’s Association checkbox. Click OK . 3 Y ou can now use the telephones that are part of the FXOTrunk authority group to make outbound calls using the PSTN connection. The following figure summarizes the outbound call process for this example. 8.4 Making ITSP Calls The fol[...]

  • Page 148

    Chapter 8 PBX Tutorials ISG50 User’s Guide 148 • Assigning an L CR to an Authority G roup - giving extensions the right to mak e outbound calls via the ITSP connection. 8.4.1 The ITSP Connection The following section introduces how to configure a connection to the ITSP . This example assumes that the ISG50 has a network connection to the SIP se[...]

  • Page 149

    Chapter 8 PBX Tutorials ISG50 User’s Guide 149 1 In the web configurator , click Configuration > PBX > Outb ound Line Management > Outbound Line Group .[...]

  • Page 150

    Chapter 8 PBX Tutorials ISG50 User’s Guide 150 2 Click the Add icon in the SIP Trunk section. Enter the name of the group (“ ITSP1 ” in this example). Fill in the other fields with the informat ion provided by your ITSP (in our example we use the sample information as shown in T able 20 on page 148 ). Click OK when you are done.[...]

  • Page 151

    Chapter 8 PBX Tutorials ISG50 User’s Guide 151 3 People from the outside world can now call the ISG50 using the numbers provid ed by your ITSP . The default AA prompts the callers to dial the extension they would like to reach. See Section 8 .4.2 on page 151 for information on how to set up a dialing rule so that the extensions on your network ca[...]

  • Page 152

    Chapter 8 PBX Tutorials ISG50 User’s Guide 152 2 The Dial Condition screen appears. •T y p e 1XXXXX followed by a period ( . ) in the Dial Condition field. This means that this LCR will be used when callers dial any 7 or greater digit numb er that begins with a 1 . The X stands for any digit 0 to 9 and is used to create a min imum length condit[...]

  • Page 153

    Chapter 8 PBX Tutorials ISG50 User’s Guide 153 1 Click Configuration > PBX > Group Manage ment and double-click the Basic entry . 2 Select the LongDistance entry’s checkbo x in the Association column and click OK .[...]

  • Page 154

    Chapter 8 PBX Tutorials ISG50 User’s Guide 154 3 Y ou can now use the telephones that are part of the Basic authority gr oup to make long distance calls using the ITSP connection. The following figu re summariz e s the outbound call process for this example. 8.5 Making ISDN Calls The following section shows you how to make and receiv e calls via [...]

  • Page 155

    Chapter 8 PBX Tutorials ISG50 User’s Guide 155 8.5.1 The ISDN Connection R efer to the Quick Start Guide to connect your tele phone cables to the outlets that connect to y our local telephone company . The front of your ISG50 should look as shown in the following figure. Figure 123 BRI Connection 1 In the web configurator , click Configuration &g[...]

  • Page 156

    Chapter 8 PBX Tutorials ISG50 User’s Guide 156 2 Enter the name of the group ( BRI1 in this example). Assume you want calls to be answered by the Auto-A ttendant, so select AA . Select the BRI ports that are to be members and click OK . 3 People from the outside world can now call the ISG50 using the ISDN numbers provided by your local telephone [...]

  • Page 157

    Chapter 8 PBX Tutorials ISG50 User’s Guide 157 1 In the web configurator , click Configuration > PBX > Outbound Line Management > LCR > Add . Enter a name and description for the dialing rule (the L CR is named ISDN_c all in this example). Select the outbound line group from the pool column that you want to add to this LCR (in our exa[...]

  • Page 158

    Chapter 8 PBX Tutorials ISG50 User’s Guide 158 • Click OK . 3 Click OK again and you are do ne configuring the L CR. Howev er , before it can be used by any of the phones connected to the ISG50, the LCR needs to be assigned to an appropriate authority group. 8.5.3 Assigning an LCR to an Authority Group The Group Management screen allows you to [...]

  • Page 159

    Chapter 8 PBX Tutorials ISG50 User’s Guide 159 2 Select the ISDN_cal l entry’s checkbox in the Association column and click OK . 3 Y ou can now use the telephones that are part of the Ba sic authority group to mak e outbound calls using the ISDN connection. The following figure summarizes the outbound call process for this example. 8.6 ISDN Net[...]

  • Page 160

    Chapter 8 PBX Tutorials ISG50 User’s Guide 160 The following figure shows the three examples ( 1 ~ 3 ). Figure 125 ISDN Network Configur ation 8.6.1 Example 1: Small/Medium Business For a small/m edium company , the ISG50 is the only device that forw ards ISDN calls between the company and the telephone service provider . • For an example of co[...]

  • Page 161

    Chapter 8 PBX Tutorials ISG50 User’s Guide 161 • If you w ant outsiders to dial in directly to ex tensions without going through the Auto- Attendant, follow the instructions until step 2 , select DDI/DID and configure the settings as following. In the DDI/DID Mapping Setting section, define D DI/DID Mask (the digits of the Directory Number on t[...]

  • Page 162

    Chapter 8 PBX Tutorials ISG50 User’s Guide 162 • If you don’t want incoming calls to go through the Auto-A ttendan t, select Direct . • If you are using BRI line(s) and you want to ha ve multiple subscriber numbers on one port, select MSN and config ure the set tings. Note: W e don’t use DDI/DID in this type of example because DDI/DID is [...]

  • Page 163

    Chapter 8 PBX Tutorials ISG50 User’s Guide 163 • Like Example 2, you can also select Direct (if you want the callers from the PBX’ s extensions to the ISG50’ s not to go through the Auto- Attendant) or MSN (if you are using BRI line(s) and you want to hav e multiple subscriber numbers on one port). Note: Like Example 2 , we don’t use DDI/[...]

  • Page 164

    Chapter 8 PBX Tutorials ISG50 User’s Guide 164 8.8 Using the Extension Port al Every phone user has a personal extension portal on the ISG50. Y ou can log in and make changes to your account setup , and IP phone users also use the web phone. The web phone is just like the telephone you usually use to make calls fro m this extension; you can call [...]

  • Page 165

    Chapter 8 PBX Tutorials ISG50 User’s Guide 165 Continue past any warnin g messages to the Login screen. Click the Extension Portal tab. Figure 128 Extension P ortal Log In Enter your extension number (“1001”) in the Extension Number field, and enter your PIN code (“5678”) in the PIN Co de field. Click SIP Login . 8.8.3 Using the Web Phon [...]

  • Page 166

    Chapter 8 PBX Tutorials ISG50 User’s Guide 166 The Web Phone screen displays. Figure 130 T utorial: The We b Phon e Note: Make sure you have a headset (or speakers and a microphone) connected to your computer , and that your sound card is work ing correctly (t ry listening to an audio file or recording a voice note to check, if there is a problem[...]

  • Page 167

    Chapter 8 PBX Tutorials ISG50 User’s Guide 167 Note: The SIP Auth Password field does not display if you connect to the ISG50 using a regular analog telephone syst em. Figure 131 T utorial: Changing Security Infor mation •E n t e r t h e n e w SIP Auth Password and enter it again in the next field. Click Apply . •E n t e r t h e n e w Web/VM [...]

  • Page 168

    Chapter 8 PBX Tutorials ISG50 User’s Guide 168 The following screen displays. Figure 132 T utorial: Configuring Call Settings EXAMPLE[...]

  • Page 169

    Chapter 8 PBX Tutorials ISG50 User’s Guide 169 The following table shows the example call setting information. Y ou can also use this table to make a note of the call settings y ou want to configure, if you like. T ake the following steps to configure this screen. 1 Office Hours : Ensure that the Mon through Fri boxes are check ed. Clear the Sat [...]

  • Page 170

    Chapter 8 PBX Tutorials ISG50 User’s Guide 170 8.8.6 Setting Up V oicemail Next, you can set up your voicemail inbox to automatically send your received messages as audio files to your email inbox. It is recommended that you do this so that your voicemail inbox does not fill up (if it fills up , no new messages can be recorded). Click the Voice M[...]

  • Page 171

    Chapter 8 PBX Tutorials ISG50 User’s Guide 171 8.9 Capturing Packet s Using the Web Configurator The following section shows you how to capture packets using the ISG50 web configurator . Y ou may need to do this if there are problems. For example, suppose a SIP phone ( P ) fails to register to the ISG50. Figure 134 T utorial: Basic T roubleshooti[...]

  • Page 172

    Chapter 8 PBX Tutorials ISG50 User’s Guide 172 • Duratio n: 10 seconds Then click Capture . 2 Re-initialize the SIP phone. This helps to get a complete packet capturing. 3 W ait ten seconds, then use the Files tab to sav e the file to your computer . 4 Use a packet capturing tool (such as Ethereal) to open the file and analyze the possible root[...]

  • Page 173

    Chapter 8 PBX Tutorials ISG50 User’s Guide 173 If you cannot solve the problem, contact customer support and send this file. Y ou may be asked to provide another file containi ng more real-time system information. Select Maintenance > Diagnostics > Collect and click Collect Now . W ait several seconds, then use the Files tab to save the fil[...]

  • Page 174

    Chapter 8 PBX Tutorials ISG50 User’s Guide 174 In order to do this, he must map his connections: • The first menu and the submenus both utilize an auto-attendant. Auto- atte ndants are set up in the Configuration > PBX > Outbound Line Ma nagement > Auto-Attendant > Customized screen. This portion of the tutorial is described in Sect[...]

  • Page 175

    Chapter 8 PBX Tutorials ISG50 User’s Guide 175 1 Log into the ISG50, then go to the Con figuration > PBX > ACD > Agent screen. 2 F or each of you r agents, clic k the Add button to open the Agent Settings screen, and configure the following items: Agent ID : Enter between 3 and 20 digits to serve as the agent’ s identification number .[...]

  • Page 176

    Chapter 8 PBX Tutorials ISG50 User’s Guide 176 “T echnical Support” as a skill, then any caller wh o presses the key for that skill is immediately forwarded to the first av ailable person whose ag ent identity appears on that skill’ s rule list. T o create a new skill: 1 Go to the Configuration > ACD > Skill screen.[...]

  • Page 177

    Chapter 8 PBX Tutorials ISG50 User’s Guide 177 2 For each skill, click the Add button to open the Add New Skill screen, and assign configure the following items: Number : Enter an identification number of this skill. This is required to link the skill to a skill menu in the next section. Y ou can use between 3 and 20 digits. Skill Name : Enter a [...]

  • Page 178

    Chapter 8 PBX Tutorials ISG50 User’s Guide 178 having two agents linked to this skill (P am and Steven). He decides that the person who has received the fewest number of incoming calls since logging in should alw ays be the first to answer the next incoming call. He therefore sets the Ring Strategy option to Fewest Calls . For more information ab[...]

  • Page 179

    Chapter 8 PBX Tutorials ISG50 User’s Guide 179 2 Click the Add button. 3 On the Add Customized Auto-Attendant screen, enter a Name and a Description (optional) for your first auto-attendant. The compan y ma nager of the Acme W idget company enters Language_Select , since this will be the first automated menu where callers choose either English or[...]

  • Page 180

    Chapter 8 PBX Tutorials ISG50 User’s Guide 180 4 In the Office Hour tab provide an audio file saying something lik e “Press 1 for English or 2 for Spanish” to tell callers to select a lang uage. Either upload an audio file (see Section 31.3.2 on page 509 ) or record one on the extension set as the recording peer (see Section 39.4 on page 571 [...]

  • Page 181

    Chapter 8 PBX Tutorials ISG50 User’s Guide 181 5 In the Add Option screen, enter a keypad number and action for your auto- attendant. Because this is the language selection auto-attendant for the Acme Widget company , the company manager enters “1” for Key , “English” for Description , and selects “ Forward t o a sub menu ” for Acti o[...]

  • Page 182

    Chapter 8 PBX Tutorials ISG50 User’s Guide 182 8 On the Add Option screen, enter the keypad number and action for the submenu item. The company manager for the Acme Widget company enters “1” for Key , selects “Forward to a skill” for Action , selects “766/Order Status” from th e list of configured skills for the ACD , and enters “Or[...]

  • Page 183

    183 P ART II Technical Reference[...]

  • Page 184

    184[...]

  • Page 185

    ISG50 User’s Guide 185 C HAPTER 9 Dashboard 9.1 Overview Use the Dashboard screens to check status information about the ISG50. 9.1.1 What Y ou Can Do in this Ch ap ter Use the Dashboard screens for the following. •U s e t h e m a i n Dashboar d screen (see Section 9.2 on page 185 ) to see the ISG50’s general device information, system status[...]

  • Page 186

    Chapter 9 Dashboa rd ISG50 User’s Guide 186 licensed service status, and interface status in widgets that you can re-arr ange to suit your needs. Y ou can also collapse, refresh, and close individual widgets. Figure 135 Dashboard The following table describes the labels in this screen. T able 26 Dashboard LABEL DESCRIPTION Widget Settings (A) Use[...]

  • Page 187

    Chapter 9 Dashboard ISG50 User’s Guide 187 Virtual Device Hover y our cursor over a LED, interface or slot to view details about the status of the ISG50 connect ions. See Section 1.4.1 on page 33 for LED descriptions. An unconnected interface or slot appears gra yed out. Device This identifies a devic e installe d in one of the ISG50’s USB port[...]

  • Page 188

    Chapter 9 Dashboa rd ISG50 User’s Guide 188 Current Date/ Time This field displays the current date and ti me in the ISG50. The format is yyyy -mm-dd hh:mm:ss. VPN Status Click this to look at the VPN tunnels that ar e currently esta blished. See Section 9.2.1 on page 190 . DHCP T abl e Click this to lo ok at the IP addresses c urrently assigned [...]

  • Page 189

    Chapter 9 Dashboard ISG50 User’s Guide 189 Action Use this field to get or to update t he IP address for the i nte rface. Click Renew to send a new DHCP request to a DHCP server . Click the Connect icon to have the ISG5 0 try to connec t a PPPoE/PPTP interface. If th e interface cannot use one of these ways to get or to update its IP address, thi[...]

  • Page 190

    Chapter 9 Dashboa rd ISG50 User’s Guide 190 9.2.1 The CPU Usage Screen Use this screen to look at a chart of the ISG50’ s recent CPU usage. T o access this screen, click Show CPU Usage in the dashboard. Figure 136 Dashboard > Show CPU Usage The following table describes the labels in this screen. 9.2.2 The Memory Usage Screen Use this screen[...]

  • Page 191

    Chapter 9 Dashboard ISG50 User’s Guide 191 The following table describes the labels in this screen. 9.2.3 The Active Sessions Screen Use this screen to look at a chart of the ISG50’s recent tr affic session usage. T o access this screen, click Show Active Sessions in the dashboard. Figure 138 Dashboard > Show Active Sessions The following ta[...]

  • Page 192

    Chapter 9 Dashboa rd ISG50 User’s Guide 192 9.2.4 The VPN St atus Screen Use this screen to look at the VPN tu nnels that are currently established. T o access this screen, click VPN Status in the dashboard. Figure 139 Dashboard > VPN Status The following table describes the labels in this screen. 9.2.5 The DHCP T able Screen Use this screen t[...]

  • Page 193

    Chapter 9 Dashboard ISG50 User’s Guide 193 The following table describes the labels in this screen. 9.2.6 The Number of Login Users Screen Use this screen to look at a list of the users curre ntly logged into the ISG50. T o access this screen, click the dashboard’ s Number of Logi n Users icon. Figure 141 Dashboard > Number of Login Users Th[...]

  • Page 194

    Chapter 9 Dashboa rd ISG50 User’s Guide 194 IP address This field displays the IP address of the computer used to log in to th e ISG50. Force Logout Click this icon to end a user’ s session. T able 32 Dashboard > Number of Login Users (continued) LABEL DESCRIPTION[...]

  • Page 195

    ISG50 User’s Guide 195 C HAPTER 10 Monitor 10.1 Overview Use the Monitor screens to check status and statistics information. 10.1.1 What Y ou Can Do in this Chapter Use the Monitor screens for the following. •U s e t h e System Status > Port Statistics screen (see Section 10.2 on page 196 ) to look at packet statistics for each physical port[...]

  • Page 196

    Chapter 10 Monitor ISG50 User’s Guide 196 •U s e t h e PBX > BRI Trunk screen ( Section 10.17 on page 218 ) to display status information about external connections via BRI interfaces. •U s e t h e PBX > ACD Queue screen ( Section 10.18 on page 219 ) to monitor phone call activity for Automatic Call Distribution (ACD) agents. •U s e t[...]

  • Page 197

    Chapter 10 Monitor ISG50 User’s Guide 197 10.2.1 The Port S t atistics Graph Screen Use this screen to look at a line gr aph of packet statistics for each physical port. T o access this screen, click Port Statistics in the Status screen and then the Switch to Graphic View Button . Figure 143 Monitor > System Status > P ort Statistics > S[...]

  • Page 198

    Chapter 10 Monitor ISG50 User’s Guide 198 The following table describes the labels in this screen. 10.3 Interface S t atus Screen This screen lists all of the ISG50’ s interfaces and gives packet statistics for them. Click Monitor > System Status > Interface Status to access this screen. Figure 144 Monitor > System Status > Interfac[...]

  • Page 199

    Chapter 10 Monitor ISG50 User’s Guide 199 Each field is described in the following table. T able 35 Monitor > System Status > Interface Status LABEL DESCRIPTION Interface Status If an Ethern et interface does not ha ve any physi cal ports associated with it, it s entry is displayed in light gr ay text. Expand/Close Click this button to show[...]

  • Page 200

    Chapter 10 Monitor ISG50 User’s Guide 200 10.4 The T raffic St atistics Screen Click Monitor > System Status > Traffic Statist ics to display the Traffic Statistics screen. This screen provides basic information about the following for example: • Most- visited Web sites and the number of times each one was visited. This count may not be a[...]

  • Page 201

    Chapter 10 Monitor ISG50 User’s Guide 201 Y ou use the Traffic Statistics screen to tell the ISG50 when to start and when to stop collecting information for these reports. Y ou cannot schedule data collection; you have to start and stop it manually in the Traffic Statistics screen. Figure 145 Monitor > System Status > T raffic Statistics Th[...]

  • Page 202

    Chapter 10 Monitor ISG50 User’s Guide 202 T op Select the type of report to display . Choices are: Host IP Address/User - displays the IP addresses or us ers with the most traffic and how much traffic has been sent to and from each one. Service/Port - displays the most -used protocols or service ports an d the amount of traffic for each one. Web [...]

  • Page 203

    Chapter 10 Monitor ISG50 User’s Guide 203 The following table displays the maximum number of records shown in the report, the byte count limit, and the hit count limit. 10.5 The Session Monitor Screen The Session Monito r screen displays information about active sessions for debugging or statistical analysis. It is not possible to manage sessions[...]

  • Page 204

    Chapter 10 Monitor ISG50 User’s Guide 204 The following table describes the labels in this screen. T able 38 Monitor > System Status > Session Monitor LABEL DESCRIPTION View Select how you want the in formation to be displayed. Choice s are: sessions by users - display all active sessions grouped by user sessions by services - display all a[...]

  • Page 205

    Chapter 10 Monitor ISG50 User’s Guide 205 10.6 The DDNS S t atus Screen The DDNS Status scre en shows the status of the ISG50’s DDNS domain names. Click Monitor > System Status > DDNS St atus to open the following screen. Figure 147 Monitor > System Status > DDNS Status The following table describes the labels in this screen. 10.7 I[...]

  • Page 206

    Chapter 10 Monitor ISG50 User’s Guide 206 IP/MAC binding enabled and hav e ever establishe d a session with the ISG50. Devices that hav e never established a session with the ISG50 do not display in the list. Figure 148 Monitor > System Status > IP/MAC Binding The following table describes the labels in this screen. 10.8 The Login Users Scr[...]

  • Page 207

    Chapter 10 Monitor ISG50 User’s Guide 207 The following table describes the labels in this screen. 10.9 Cellular S t atus Screen This screen displays your 3G connection status. click Monitor > System St atus > Cellular Status to display this screen. Figure 150 Monitor > System Status > Cellular S tatus The following table describes th[...]

  • Page 208

    Chapter 10 Monitor ISG50 User’s Guide 208 Status No device - no 3G device is connected to the ISG50. No Service - no 3G network is av ailable in the area; y ou c ann ot connect to th e In t ern et . Limited Service - returned by the service provider in cases where the SIM card is expired, the user failed to pay for the se rvice and so on; you can[...]

  • Page 209

    Chapter 10 Monitor ISG50 User’s Guide 209 10.9.1 More Information This screen displays more information on your 3G, such as the signal strength, IMEA/ESN and IMSI that helps identify your 3G device and SIM card. Cli ck Monitor > System St atus > More Information to display this screen. Note: This screen is only available when the 3G devi ce[...]

  • Page 210

    Chapter 10 Monitor ISG50 User’s Guide 210 10.10 USB S torage Screen This screen displays information about a connected USB stor age device. Click Monitor > System Status > USB Storage to display this screen. Figure 152 Monitor > System Status > USB Stor age The following table describes the labels in this screen. Device Firmware This [...]

  • Page 211

    Chapter 10 Monitor ISG50 User’s Guide 21 1 10.1 1 The IPSec Monitor Screen Y ou can use th e IPSec Monitor screen to display and to manage activ e IPSec SAs. T o access this screen, click Monitor > VPN Monitor > IPSec . The following screen appears. Click a column’s heading cell to sort the table entries by that co lumn’ s criteria. Cli[...]

  • Page 212

    Chapter 10 Monitor ISG50 User’s Guide 212 Each field is described in the following table. 10.1 1.1 Regular Expression s in Searching IPSec SAs A question mark (?) lets a single character in th e VPN connection or policy name v ary . For example, use “a?c” (without the quotation marks) to specify abc, acc and so on. Wildcards (*) let multiple [...]

  • Page 213

    Chapter 10 Monitor ISG50 User’s Guide 213 The whole VPN connection or policy nam e has to match if you do not use a question mark or asterisk. 10.12 SIP Peer Screen This screen displays information about the ISG50’ s SIP extensions. Click Monitor > PBX > SIP Peer to display this screen. Figure 154 Monitor > PBX > SIP P eer The follo[...]

  • Page 214

    Chapter 10 Monitor ISG50 User’s Guide 214 10.13 FXS Peer Screen This screen displays information abou t th e ISG50’ s FXS extensions. Click Monitor > PBX > FXS Peer to display this screen. Figure 155 Monitor > PBX > FXS P eer The following table describes the labels in this screen. Reg is t rat io n Status This field displa ys onlin[...]

  • Page 215

    Chapter 10 Monitor ISG50 User’s Guide 215 10.14 SIP T runk Screen This screen displays status information about external connections to other SIP serv e rs. Click Monitor > PBX > SIP Trunk to display this screen. Figure 156 Monitor > PBX > SIP T runk The following table describes the labels in this screen. Call S tatus This field disp[...]

  • Page 216

    Chapter 10 Monitor ISG50 User’s Guide 216 10.15 CTI Peer Screen This screen displays status information about th e ISG50’s Computer T elephony Integration (CTI) connections. This screen displays which clients are registered through CTI. Click Monitor > PBX > CTI Peer to display this screen. Figure 157 Monitor > PBX > CTI P eer The f[...]

  • Page 217

    Chapter 10 Monitor ISG50 User’s Guide 217 10.16 FXO T runk Screen This screen displays status information about external connections via FXO interfaces. Click Monitor > PBX > FXO Trunk to display this screen. Figure 158 Monitor > PBX > FXO T runk The following table describes the labels in this screen. T able 50 Monitor > PBX > [...]

  • Page 218

    Chapter 10 Monitor ISG50 User’s Guide 218 10.17 BRI T runk Screen This screen displays status information about external connections via BRI interfaces. Click Monitor > PBX > BRI Trunk to display this screen. Figure 159 Monitor > PBX > BRI T runk The following table describes the labels in this screen. T able 51 Monitor > PBX > [...]

  • Page 219

    Chapter 10 Monitor ISG50 User’s Guide 219 10.18 ACD Queue Screen Use this screen to monitor phone call activity fo r Au tomatic Call Distribution (ACD) agents. Click Monitor > PBX > ACD Queue to display this screen. Figure 160 Monitor > PBX > ACD Queue The following table describes the labels in this screen. T able 52 Monitor > PBX[...]

  • Page 220

    Chapter 10 Monitor ISG50 User’s Guide 220 10.19 Log Screen Log messages are stored in two separate logs, one for regular log message s and one for debugging messages. In the regular log, you can look at all the log messages by se lecting All Logs , or you can select a specific category of log messages (for exam ple, firewall or user). Y ou can al[...]

  • Page 221

    Chapter 10 Monitor ISG50 User’s Guide 221 The following table describes the labels in this screen. T able 53 Monitor > Log LABEL DESCRIPTION Show Fil ter / Hide Filte r Click this button to show or hide the filt er settings. If the filt er settings ar e hidden, the Di splay , Email Log Now , Refresh , and Clear Log fields are av ailable. If th[...]

  • Page 222

    Chapter 10 Monitor ISG50 User’s Guide 222 The W eb Configurator saves the filter settings if y ou leave the View Log screen and return to it later . 10.20 Querying Call Recordings Use this screen to search for call recordings on the ISG50. Click Monitor > Log > Call Recording to open the screen as following. Figure 162 Call Recording Query [...]

  • Page 223

    Chapter 10 Monitor ISG50 User’s Guide 223 10.20.1 Call Recordings File List This screen lists the call recordings that matched your specified criteria. Use this screen to listen to or delete individual call recordings. Click Monitor > Log > Call Recording and perform a query to open the screen as following. Figure 163 Call Recordings File L[...]

  • Page 224

    Chapter 10 Monitor ISG50 User’s Guide 224 Backup No w Click the Backup Now button to sav e a CDR backup file on the ISG50. Rem ov e If you no longer w ant to store a CDR file on the ISG50 then select the files you want to delete from the ISG50 and click the Remove button. # This is t he number of the entry in the li st. Filename This column displ[...]

  • Page 225

    Chapter 10 Monitor ISG50 User’s Guide 225 10.22 CDR Query Screen Use this screen to search for call records on the ISG50. Click Monitor > Log > CDR > Query to view the screen as shown next. See Viewing Aged Files on page 720 for details about extension “.tgz” files. Figure 165 Monitor > Log > CDR > Query Each field is descri[...]

  • Page 226

    Chapter 10 Monitor ISG50 User’s Guide 226 Call Ti me Call time is the time from when a caller fini shes dialing a number until one of the parties hangs up. Enter the range of seconds, minutes or hours to specify the le ngth of calls that you want t o s e a r c h f o r . I f y o u l e a v e t h i s f i e l d b l a n k , t h e n t h e l e n g t h o[...]

  • Page 227

    Chapter 10 Monitor ISG50 User’s Guide 227 10.23 CDR Query Result Screen This screen displays the results of your se arch for call records on the ISG50. Click Monitor > Log > CDR > Query and perform a search to view the screen as shown next. The details liste d depends on which details you selected in the query screen. See Section 10.22 o[...]

  • Page 228

    Chapter 10 Monitor ISG50 User’s Guide 228[...]

  • Page 229

    ISG50 User’s Guide 229 C HAPTER 11 Registration 1 1.1 Overview Use the Configuration > Licensing > Registration screens to registe r your ISG50 and manage its service subscriptions. 1 1.1.1 What Y ou Can Do in this Chapter •U s e t h e Registration screen (see Section 11.2 on page 230 ) to register your ISG50 with myZ yXEL.com and activat[...]

  • Page 230

    Chapter 11 Registration ISG50 User’s Guide 230 1 1.2 The Registration Screen Use this screen to register your ISG50 with myZ yXE L.com and activate a service, such as additional SIP extension numbers. Click Configuration > Licensing > Registration in the navigation panel to open the screen as shown next. Figure 167 Configuration > Licens[...]

  • Page 231

    Chapter 11 Registra tion ISG50 User’s Guide 231 Note: If the ISG50 is registered already , th is screen is read-only and indicates whether trial services are activ ated (if any). Y ou can still select the unchecked tri al service(s) to activ ate it after registr ation. Use the Service screen to update your service subscription status. Figure 168 [...]

  • Page 232

    Chapter 11 Registration ISG50 User’s Guide 232 (license key) in this screen. Click Configuration > Lice nsin g > Registration > Service to open the screen as shown next. Figure 169 Configuration > Licensing > R egistration > Service The following table describes the labels in this screen. T able 60 Configuration > Licensing &[...]

  • Page 233

    ISG50 User’s Guide 233 C HAPTER 12 Interfaces 12.1 Interface Overview Use the Interface screens to configure the ISG50’s interfaces. Y ou can also create interfaces on top of other interfaces. • Ports are the physical ports to which you connect cables. • Interfaces are used within the system operationally . Y ou use them in configuring vari[...]

  • Page 234

    Chapter 12 Interfaces ISG50 User’s Guide 234 • Many interfaces can share the same ph ysical port. • An interface belongs to at most one zone. • Many interfaces can belong to the same zone. • Layer-3 virtualization (IP alias, for example) is a kind of interface. T ypes of Interfaces Y ou can create several types of interfaces in the ISG50.[...]

  • Page 235

    Chapter 12 Interfaces ISG50 User’s Guide 235 - * The format of interface names other than the Ethernet and p pp interface names is strict. Each name con sists of 2-4 letters (interface type), followed by a number ( x ) . For most interfaces, x is limited by the maximum number of the type of interface. For VLAN interfaces, x is defined by t he num[...]

  • Page 236

    Chapter 12 Interfaces ISG50 User’s Guide 236 12.2 Port Role T o access this screen, click Configuration > Network > Interface > Port Role . Use the Port Role screen to set the ISG50’ s flexible ports as part of the lan1 , lan2 or dmz interfaces. This creates a hardware connection between the physical ports at the la yer-2 (data link, M[...]

  • Page 237

    Chapter 12 Interfaces ISG50 User’s Guide 237 12.3 Ethernet Summary Screen This screen lists every Ethernet interface and virtual interface created on top of Ethernet interfaces. T o access this screen, click Configuration > Network > Interface > Ethernet . Unlike other types of interfaces, you cannot create new Ethernet interfaces nor ca[...]

  • Page 238

    Chapter 12 Interfaces ISG50 User’s Guide 238 Each field is described in the following table. 12.3.1 Ethernet Edit The Ethernet Edit scree n lets you configure IP address assignment, interface parameters, RIP settings, OSPF settings, DHCP se ttings, connectivity check, and MAC address settings. T o access this screen, click an Edit icon in the Eth[...]

  • Page 239

    Chapter 12 Interfaces ISG50 User’s Guide 239 With OSPF , you can use Ethernet interfaces to do the following things. • Enable and disable OSPF in the underlying physical port or port group. • Select the area to which the interface belongs. • Override th e default link cost and authen tication method for the selected area. • Select in whic[...]

  • Page 240

    Chapter 12 Interfaces ISG50 User’s Guide 240 Figure 172 Configuration > Network > Interface > Ethernet > E dit (WAN)[...]

  • Page 241

    Chapter 12 Interfaces ISG50 User’s Guide 241 Figure 173 Configuration > Network > Interface > Ethern et > E dit (DMZ)[...]

  • Page 242

    Chapter 12 Interfaces ISG50 User’s Guide 242 This screen’ s fields are described in the table below. T able 65 Conf ig uration > Network > I n terface > Et h ernet > Edit LABEL DESCRIPTION Show Adv ance Settings / Hide Adv ance Se ttings Click this button to display a greater or lesser number of co nfiguration fields. General Settin[...]

  • Page 243

    Chapter 12 Interfaces ISG50 User’s Guide 243 MTU Maximum T ransmission Unit. T ype the maximum size of each data pack et, in bytes, that can move through this interface. If a larger pack et arrives, the IS G50 divides it into smaller fr agments. Allowed v alues are 576 - 1500. Usually , this value is 1 500. Connectivity Che ck These fields appear[...]

  • Page 244

    Chapter 12 Interfaces ISG50 User’s Guide 244 Pool Siz e Enter the number of IP addresses to allocate. This numb er must be at least one and is limited by the interface’ s Subne t Mask . For exampl e, if the Subnet Mask is 255.255.255.0 and IP Pool Start Address is 10.10.10.10, the ISG50 can allocate 10.10.10.10 to 10.10.10.254, or 245 IP addr e[...]

  • Page 245

    Chapter 12 Interfaces ISG50 User’s Guide 245 Send V ersion This field is effective when RIP is en abled. Select the RIP version(s) used for sending RIP packets. Ch oices are 1 , 2 , and 1 and 2 . Re ceive V ersion This field is effectiv e when RIP is enable d. Select th e RIP version(s) used for receiving RIP packets. Ch oices are 1 , 2 , and 1 a[...]

  • Page 246

    Chapter 12 Interfaces ISG50 User’s Guide 246 12.3.2 Object References When a configuration screen includes an Object Refer ences icon, select a conf iguration object and click Object Re ferences to open the Object References screen. This screen displays which configuration settings reference the se lected object. The fields shown v a ry with the [...]

  • Page 247

    Chapter 12 Interfaces ISG50 User’s Guide 247 Figure 175 Example: PPPoE/PPTP Interfaces PPPoE/PPTP interfaces are similar to other interfac es in some ways. They have an IP address, subnet mask, and gateway used to mak e routing decisions; they restrict bandwidth and packet size; and they can verify the gatewa y is availabl e. There are two main d[...]

  • Page 248

    Chapter 12 Interfaces ISG50 User’s Guide 248 Each field is described in the table below . 12.4.2 PPP Interface Add or Edit Note: Y ou have to set up an ISP account before you create a PPPoE/PPTP interface. This screen lets you configure a PPP oE or PPTP interface . T o access this screen, click the Add icon or an Edit icon in the PPP Interface sc[...]

  • Page 249

    Chapter 12 Interfaces ISG50 User’s Guide 249 Figure 177 Configuration > Network > Interface > PP P > Add Each field is explained in the following table. T able 68 Conf ig uration > Network > Interfac e > PPP > Add LABEL DESCRIPTION Show Adv ance Settings / Hide Adv ance Se ttings Click this button to display a greater or l[...]

  • Page 250

    Chapter 12 Interfaces ISG50 User’s Guide 250 Enable Interface Select this to enable this interface. Clear th is to disable this interface. Interface Properties Interface Name Specify a name for the interface. It can use alphanumeric ch ar acters, hyphens, and underscores, and it can be up to 11 characters long. Base Interface Select the interface[...]

  • Page 251

    Chapter 12 Interfaces ISG50 User’s Guide 251 12.5 Cellular Configuration Screen (3G) 3G (Third Generation) is a digital, packet -s witched wireless technology . Bandwidth usage is optimized as multiple users share the same channe l and bandwidth is only allocated to users when t h e y s e n d d a t a . I t a l l o w s f a s t t ra n s f e r o f v[...]

  • Page 252

    Chapter 12 Interfaces ISG50 User’s Guide 252 • Y ou can set the 3G device to connect only to the home network, which is the network to which you are originally subscribed. • Y ou can set the 3G device to connect to other networks if the signal strength of the home network is too low or it is unav ailable . Aside from selecting the 3G network,[...]

  • Page 253

    Chapter 12 Interfaces ISG50 User’s Guide 253 Figure 178 Configuration > Network > Interface > Cellular The following table describes the labels in this screen. 12.5.1 Cellular Add/Edit Screen T o change your 3G settings, click Configuration > Network > Interface > Cellular > Add (or Edit ) . I n t h e p o p - u p w i n d o w [...]

  • Page 254

    Chapter 12 Interfaces ISG50 User’s Guide 254 Figure 179 Configuration > Network > In terface > Cellular > Add[...]

  • Page 255

    Chapter 12 Interfaces ISG50 User’s Guide 255 The following table describes the labels in this screen. T able 71 Conf ig uration > Networ k > Interface > Cellular > Add LABEL DESCRIPTION Show Adv ance Settings / Hide Adv ance Se ttings Click this button to display a greater or lesser number of configuration fields. General Settings Ena[...]

  • Page 256

    Chapter 12 Interfaces ISG50 User’s Guide 256 User Name This field displays wh en you select an authentication type other than None . Thi s field is read-only if you sele cted Device in the profile selection. If this field is configur able, enter the user name for this 3G card exactly as the service provider ga ve it to you. Y ou can use 1 ~ 64 al[...]

  • Page 257

    Chapter 12 Interfaces ISG50 User’s Guide 257 Check F ail To l e r a n c e Enter the number of consecutive failures be fore the ISG 50 st ops routing through the gateway . Check Default Gateway Select this to use the default gateway for the connectivity ch eck. Check this address Select this t o s pecify a domain name or IP address for the conne c[...]

  • Page 258

    Chapter 12 Interfaces ISG50 User’s Guide 258 Network Selection Home network is th e network to which you are originally subsc ribed. Select Home to have the 3G device connect only to the home network. If the home network is down, the ISG50's 3G Inte rnet connection is also unavailable. Select Auto (Default) to allow t he 3G device to connect[...]

  • Page 259

    Chapter 12 Interfaces ISG50 User’s Guide 259 12.6 VLAN Interfaces A Virtual Local Area Netw ork (VLAN) divides a phys ical network into multiple logical networks. The standard is defined in IEEE 802.1q. Figure 180 Example: Before VL AN In this example, there are two phys ical networks and three departments A , B , and C . The ph ysical networks a[...]

  • Page 260

    Chapter 12 Interfaces ISG50 User’s Guide 260 Figure 181 Example: After VLAN Each VLAN is a separate network with separ ate IP addresses, subnet masks, and gatew ays. Each VLAN also has a unique identification number (ID). Th e ID is a 12-bit value that is stored in the MAC header . The VLANs are connected to switches, and the switches are connect[...]

  • Page 261

    Chapter 12 Interfaces ISG50 User’s Guide 261 Note: Each VLAN interface is created on top of only one Ethernet i nterface. Otherwise, VLAN interfaces are similar to other interfaces in many ways. They hav e an IP address, subnet mask, and gateway used to make routing decisions. They restrict bandwidth and pack et size. They can provide DHCP servic[...]

  • Page 262

    Chapter 12 Interfaces ISG50 User’s Guide 262 12.6.2 VLAN Add/Edit This screen lets you configure IP address assi gnment, interface bandwidth par amete rs, DHCP settings, and connectivity check for each VLAN interface. T o access this screen, click the Add icon at the top of the Add column or click an Edit icon next to a VLAN interface in the VLAN[...]

  • Page 263

    Chapter 12 Interfaces ISG50 User’s Guide 263 Figure 183 Configuration > Network > Interface > VLAN > Edit[...]

  • Page 264

    Chapter 12 Interfaces ISG50 User’s Guide 264 Each field is explained in the following table. T able 73 Conf ig uration > Network > Interfac e > VLAN > Edit LABEL DESCRIPTION Show Adv ance Settings / Hide Adv ance Se ttings Click this button to display a greater or lesser number of co nfiguration fields. General Settings Enable Interfa[...]

  • Page 265

    Chapter 12 Interfaces ISG50 User’s Guide 265 Connectivity Che ck The ISG5 0 c an re gularly check the connect ion to the gateway you specified to make sure it is still available. Y ou specify how often to check the connection, how long t o wait for a response before the atte mpt is a failure, and how ma n y consecutive failures are required befor[...]

  • Page 266

    Chapter 12 Interfaces ISG50 User’s Guide 266 Pool Siz e Enter the number of IP addresses to allocate. This numb er must be at least one and is limited by the interface’ s Subne t Mask . For exampl e, if the Subnet Mask is 255.255.255.0 and IP Pool Start Address is 10.10.10.10, the ISG50 can allocate 10.10.10.10 to 10.10.10.254, or 245 IP addr e[...]

  • Page 267

    Chapter 12 Interfaces ISG50 User’s Guide 267 12.7 Bridge Interfaces This section introduces bridges and bridge interf aces and then explains the screens for bridge interfaces. Send V ersion This field is effective when RIP is en abled. Select the RIP version(s) used for sending RIP packets. Ch oices are 1 , 2 , and 1 and 2 . Re ceive V ersion Thi[...]

  • Page 268

    Chapter 12 Interfaces ISG50 User’s Guide 268 Bridge Overview A bridge creates a connection between two or more network segments at the layer -2 (MAC address) lev el. In the following example, bridge X connects four network segments. When the bridge receives a pack et, the bridge records the source MAC address and the port on which it was received[...]

  • Page 269

    Chapter 12 Interfaces ISG50 User’s Guide 269 • Z ero or one VLAN interfaces (and any associated virtual VLAN interfaces) • Any number of Ethernet interfaces (and an y associated virtual Ethernet interfaces) When you create a bridge interface, the ISG50 removes the members’ entries from the routing table and adds the bridge interface’ s en[...]

  • Page 270

    Chapter 12 Interfaces ISG50 User’s Guide 270 12.7.2 Bridge Add/Edit This screen lets you configure IP address assi gnment, interface bandwidth par amete rs, DHCP settings, and connectivity check for each bridge interface. T o access this screen, click the Add icon at the top of the Add column in the Bridge Summary screen, or click an Edit icon in[...]

  • Page 271

    Chapter 12 Interfaces ISG50 User’s Guide 271 Figure 185 Configuration > Network > Interface > Bridge > Add[...]

  • Page 272

    Chapter 12 Interfaces ISG50 User’s Guide 272 Each field is described in the table below . T able 78 Conf ig uration > Networ k > Interface > Bridge > Ed it LABEL DESCRIPTION Show Adv ance Settings / Hide Adv ance Se ttings Click this button to display a greater or lesser number of co nfiguration fields. General Settings Enable Interfa[...]

  • Page 273

    Chapter 12 Interfaces ISG50 User’s Guide 273 Interface Para me t er s Egress Bandwidth Enter the maximum amount of tr affic, in kilobits per second, the ISG 50 ca n send through the interface to t he network. Allowed v alues are 0 - 1048576. Ingress Bandwidth This is reserved for future use. Enter the maximum amount of tr affic, in kilobits per s[...]

  • Page 274

    Chapter 12 Interfaces ISG50 User’s Guide 274 Lease time Specify how long each c omputer can use the information (especially th e IP address) before it has to request the information again. Choices are: infinite - se le ct this if IP addresses ne ver expire days, hours, and minutes - select this to enter how long IP addresses are v alid. Enable IP[...]

  • Page 275

    Chapter 12 Interfaces ISG50 User’s Guide 275 12.7.3 V irtual Interfaces Add/Edit This screen lets you configure IP address assignment and interface parameters for virtual interfaces. T o access this screen, click an Add i c o n n e x t t o a n E t h e r n e t i n t e r f a c e , V L A N i n t e r f a c e , o r bridge interface in the respec tive [...]

  • Page 276

    Chapter 12 Interfaces ISG50 User’s Guide 276 12.8 Interface T echnical Reference Here is more detailed information about interfaces on the ISG50. IP Address Assignment Most interfaces have an IP addre ss and a subnet ma sk. This information is used to create an entry in the routing table. Figure 187 Example: Entry in the Routing T able Derived fr[...]

  • Page 277

    Chapter 12 Interfaces ISG50 User’s Guide 277 In the example above, if the ISG50 gets a packet wi th a destination address of 5.5.5.5, it might not find any entries in the routing table. In this case , the packet is dropped. However , if the re is a default router to which the ISG50 should send this packet, you can specify it as a gateway in one o[...]

  • Page 278

    Chapter 12 Interfaces ISG50 User’s Guide 278 In the ISG50, some interfaces can provide DHCP se rv ices to the network. In this case, the interface can be a DHCP relay or a DHCP server . As a DHCP relay , the interface routes DHCP requ ests to DHCP servers on different networks. Y ou can specify more than one DHCP server . If you do , the interfac[...]

  • Page 279

    Chapter 12 Interfaces ISG50 User’s Guide 279 PPPoE/PPTP Overview Po int-to-P oint Protocol over Ethernet (PPP oE, RFC 2516) and Point -to-Point T unneling Protocol (PPTP , RFC 2637) are usually used to connect two computers over phone lines or broadband connections. PPP oE is often used with cable modems and DSL connections. It provides the follo[...]

  • Page 280

    Chapter 12 Interfaces ISG50 User’s Guide 280[...]

  • Page 281

    ISG50 User’s Guide 281 C HAPTER 13 Trunks 13.1 Overview Use trunks for WAN tr affic load balancing to increase over all network throughput and reliability . Load balancing divides traffic loads between multiple interfaces. This allows you to improve quality of service and maximize bandwidth utilization for multiple ISP links. Maybe you ha ve two [...]

  • Page 282

    Chapter 13 Trunks ISG50 User’s Guide 282 • Y ou can define multiple trunks for the same phy sical interfaces. Link Sticking Y ou can have the ISG50 send each local computer’ s traffic that is going to the same destination through a single W AN interface for a specified period of time. This is useful when a server requires authentication. For [...]

  • Page 283

    Chapter 13 Tr unks ISG50 User’s Guide 283 Least Load First The least load first algorithm uses the current (o r recent) outbound bandwidth utilization of each trunk member interface as the load balancing in dex(es) when making decisions about to which interface a new session is to be distributed. The outbound bandwidth utilization is defined as t[...]

  • Page 284

    Chapter 13 Trunks ISG50 User’s Guide 284 the weight of wan1 and wan2 to 2 and 1 respectively . The ISG50 assigns the traffic of two sessions to wan1 for every session's traffic assigned to wan2. Figure 190 W eighted Round R obin Algorithm Example Spillover The spillover load balancing algorithm sends networ k tr affic to the first interface [...]

  • Page 285

    Chapter 13 Tr unks ISG50 User’s Guide 285 13.2 The T runk Summary Screen Click Configuration > Networ k > Interface > Trunk to open the Trunk screen. This screen lists the configured trunks and the load balancing algorithm that each is configured to use. Figure 192 Configuration > Ne t work > Inter f ace > T runk[...]

  • Page 286

    Chapter 13 Trunks ISG50 User’s Guide 286 The following table describes the items in this screen. T able 84 Conf ig uration > Netwo rk > Interf ace > T runk LABEL DESCRIPTION Show Adv ance Settings / Hide Adv ance Se ttings Click this butto n t o display a great er or lesser nu mber of configu ration fields. Enable Link Sticking Enable li[...]

  • Page 287

    Chapter 13 Tr unks ISG50 User’s Guide 287 13.3 Configuring a T runk Click Configuration > Network > Interface > Trunk and then the Add (or Edit ) icon to open the Trunk Edit screen. Use this screen to create or edit a W AN trunk entry . Figure 193 Configuration > Ne t wo rk > Interf a ce > T runk > Add (o r Edit) Each field i[...]

  • Page 288

    Chapter 13 Trunks ISG50 User’s Guide 288 13.4 T runk T echnical Reference Round Robin Load Balancing Algorithm R ound Robin scheduling services qu eues on a rotating basis and is activ ated only when an interface has more traffic than it can handle. A queue is gi ven an amount of bandwidth irrespective of the incoming traffic on that interface. T[...]

  • Page 289

    ISG50 User’s Guide 289 C HAPTER 14 Policy and Static Routes 14.1 Policy and S t atic Routes Overview Use policy routes and static routes to override the ISG50’s defau lt routing behavior in order to send packets through the appropriate interface or VPN tun nel. For example, th e next figure shows a computer ( A ) connected to the ISG50’ s LAN[...]

  • Page 290

    Chapter 14 Policy and Static Routes ISG50 User’s Guide 290 14.1.2 What Y ou Need to Know Policy Routing T raditionally , routing is based on the destinatio n address only and the ISG50 takes the shortest path to forward a pack et. IP Policy R outing (IPPR) provides a mechanism to override the default routing behavior and alter the pack et forward[...]

  • Page 291

    Chapter 14 Policy and Static Routes ISG50 User’s Guide 291 DiffServ (Differentiated Services) is a class of se rv ice (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ-com pliant network devices along the route base d on the application types and traffic flow . Pack e ts are mark ed with DiffServ Code P oi[...]

  • Page 292

    Chapter 14 Policy and Static Routes ISG50 User’s Guide 292 Note: Policy routes do not apply to t he rou ting of PBX traffic. Figure 195 Configuration > Network > R outing > Policy R oute The following table describes the labels in this screen. T able 86 Configuration > Network > Routing > P olicy Route LABEL DESCRIPTION Show Adv[...]

  • Page 293

    Chapter 14 Policy and Static Routes ISG50 User’s Guide 293 Incoming This is the interface on wh ich the packets are received. Sourc e This is the name of the sour ce IP addres s (group) object. any means all IP addresses. Destinat ion This is the name of the destin at ion IP address (group) objec t. any means all IP addresses. DSCP Code This is t[...]

  • Page 294

    Chapter 14 Policy and Static Routes ISG50 User’s Guide 294 14.2.1 Policy Route Edit Screen Click Configuration > Network > Routin g to o pe n t h e Polic y Route screen. Then click the Add or Edit icon to open the Policy Route Edit screen. Use this screen to configure or edit a policy route. Figure 196 Configuration > Network > R o ut[...]

  • Page 295

    Chapter 14 Policy and Static Routes ISG50 User’s Guide 295 Incoming Select where the packets are coming from; any , an interface, a tunnel, or the ISG50 itself . For an interface or a tunnel, you also need to select the individual interface or VPN tu nnel connection. Source Address Sele ct a s ource IP address object from whi ch the packets are s[...]

  • Page 296

    Chapter 14 Policy and Static Routes ISG50 User’s Guide 296 Interface This field displays when you select Interface in the Type field. Select an interface to have the ISG50 send tr affi c that matches the policy route through the specifie d interfa ce. Auto-Disable This field displays when you select Interface or Trunk in t he Type field. Select t[...]

  • Page 297

    Chapter 14 Policy and Static Routes ISG50 User’s Guide 297 14.3 IP S t atic Route Screen Click Configuration > Network > Routing > Static Route to open the Static Route screen. This screen displays the configured static routes. Co nfigure static routes to be able to use RIP or OSPF to propagate the routing information to other rou ters. [...]

  • Page 298

    Chapter 14 Policy and Static Routes ISG50 User’s Guide 298 The following table describes the labels in this screen. 14.3.1 S t atic Route Add/Edit Screen Select a static route index number and click Add or Edit . The screen shown next appears. Use this screen to configure the required information for a static route. Figure 198 Configuration > [...]

  • Page 299

    Chapter 14 Policy and Static Routes ISG50 User’s Guide 299 14.4 Policy Routing T echnical Reference Here is more detailed information about some of the features you can configure in policy routing. NA T and SNA T NA T (Network Address T ranslation - NA T , RFC 1631) is the translation of the IP address in a packet in one network to a different IP[...]

  • Page 300

    Chapter 14 Policy and Static Routes ISG50 User’s Guide 300 to connect to the remote server without manually configuring a port forwarding rule for each client computer . Port triggering is used especially when the remote server responses using a different port from the port the client computer used to request a servic e. The ISG50 records the IP [...]

  • Page 301

    Chapter 14 Policy and Static Routes ISG50 User’s Guide 301 When multiple policy routes require more bandwi dth, the ISG50 gives the highest priority policy routes the av ailable bandwidth first (as much as they require, if there is enough av ailable bandwidth), and then to lower priority policy routes if there is still bandwidth av ailable. The I[...]

  • Page 302

    ISG50 User’s Guide 302 C HAPTER 15 Routing Protocols 15.1 Routing Protocols Overview R outing protocols give the ISG50 routing information about the network from other routers. The ISG50 stores this routing information in the routing table it uses to make routing decisions. In turn, the ISG50 can also use routing protocols to propagate routing in[...]

  • Page 303

    Chapter 15 Routing Protocols ISG50 User’s Guide 303 protocols, it uses hop count to decide which route is the shortest. U nfortunately , it also broadcasts its routes asynchronously to the network and con verges slowly . Therefore, RIP is more suitable for small networks (up to 15 routers). • In the ISG50, you can configure two sets of RIP sett[...]

  • Page 304

    Chapter 15 Routing Proto cols ISG50 User’s Guide 304 15.3 The OSPF Screen OSPF (Open Shortest P ath First, RFC 2328) is a link -state protocol designed to distribute routing information within a group of networks, called an Autonomous System (AS). OSPF of fers some advantages ov er vector -space routing protocols like RIP . • OSPF supports v ar[...]

  • Page 305

    Chapter 15 Routing Protocols ISG50 User’s Guide 305 • The backbone is the transit area that routes pack ets between other areas. All other areas are connected to the backbone. • A normal area is a group of ad jacent networks. A normal area has routing information about the OSPF AS, an y networks outside the OSPF AS to wh ich it is directly co[...]

  • Page 306

    Chapter 15 Routing Proto cols ISG50 User’s Guide 306 • An Area Border Router (ABR) connects two or more areas. It is a member of all the areas to which it is connected, and it filters, summari z es, and exchanges routing information between them. • An Autonomous Sy stem Boundary R outer (ASBR) exch anges routing information with routers in ne[...]

  • Page 307

    Chapter 15 Routing Protocols ISG50 User’s Guide 307 Virtual Links In some OSPF AS, it is not possible for an area to be directly connected to the backbone. In this case, you can create a virtual link thro ugh an interm ediate area to logically connect the area to the backbone. This is illustrated in the following example. Figure 203 OSPF: Virtual[...]

  • Page 308

    Chapter 15 Routing Proto cols ISG50 User’s Guide 308 Click Configuration > Network > Routing > OSPF to open the following screen. Figure 204 Configuration > Network > R o uting > OSPF The following table describes the labels in this screen. See Section 15.3.2 on page 309 for more information as well. T able 94 Configuration >[...]

  • Page 309

    Chapter 15 Routing Protocols ISG50 User’s Guide 309 15.3.2 OSPF Area Add/Edit Screen The OSPF Are a Add/Edit screen allows you to create a new area or edit an existing one. T o access this screen, go to the OSPF summary screen (see Section 15.3 on page 304 ), and click either the Add icon or an Edit icon. Figure 205 Configuration > Network >[...]

  • Page 310

    Chapter 15 Routing Proto cols ISG50 User’s Guide 310 The following table describes the labels in this screen. T able 95 Config uration > Networ k > Routing > OSPF > Add LABEL DESCRIPTION Area ID T ype the unique, 32 - bit identifier for the area in IP address format. T ype Select the type of OSPF area. Normal - This area is a normal a[...]

  • Page 311

    Chapter 15 Routing Protocols ISG50 User’s Guide 31 1 15.3.3 V irtual Link Add/Edit Screen The Virtual Link Add/Edit screen allows you to create a new vi rtual link or edit an existing one. When the OSPF add or edit screen (see Section 15.3 .2 on page 309 ) has the T ype set to Normal, a Virtual Link table displays. Click either the Add icon or an[...]

  • Page 312

    Chapter 15 Routing Proto cols ISG50 User’s Guide 312 Authentication T ypes Authentication is used to guarantee the integrit y , but not the confidentialit y , of routing updates. The transmitting router uses its key to encrypt the original message into a smaller message, and the smaller message is transmitted with the original message. Th e recei[...]

  • Page 313

    ISG50 User’s Guide 313 C HAPTER 16 Zones 16.1 Zones Overview Set up zones to configure network security and netw ork policies in the ISG50. A zone is a group of interfaces and/or VPN tunnels. The ISG50 uses z one s instead of interfaces in many security and policy settings, such as firewall rules and remote management. Z ones cannot overlap . Eac[...]

  • Page 314

    Chapter 16 Zones ISG50 User’s Guide 314 Intra-zone T raffic • Intra- zone traffic is traffic between interfaces or VPN tunnels in the same zone. F or example, in Figure 207 on page 313 , traffic between VLAN 2 and the Ethernet is intr a-zone traffic. • In each zone, you can either allow or prohibit all intr a-zone tr affic. F or example, in F[...]

  • Page 315

    Chapter 16 Zones ISG50 User’s Guide 315 The following table describes the labels in this screen. 16.3 Zone Edit The Zone Edit screen allows you to add or edit a zone. T o access this screen, go to the Zon e screen (see Section 16.2 on page 314 ), and click the Add icon or an Edit icon. Figure 209 Network > Z one > Add T able 97 Conf ig urat[...]

  • Page 316

    Chapter 16 Zones ISG50 User’s Guide 316 The following table describes the labels in this screen. T able 98 Network > Zone > Edit LABEL DESCRIPTION Name For a system default zone , the name is read only . For a user-configured zone, type the name used to refer to the zone. Y ou may use 1-31 alphanumeric ch aracters, underscores( _ ), or dash[...]

  • Page 317

    ISG50 User’s Guide 317 C HAPTER 17 DDNS 17.1 DDNS Overview Dynamic DNS (DDNS) services let you use a domain n ame with a dynamic IP address. 17.1.1 What Y ou Can Do in this Chapter •U s e t h e DDNS screen (see Section 17.2 on page 318 ) to view a list of the configured DDNS domain names and their details. •U s e t h e DDNS Add/Edit screen (s[...]

  • Page 318

    Chapter 17 DDNS ISG50 User’s Guide 318 Finding Out More See Section 6.6.8 on page 100 for related information on these screens. 17.2 The DDNS Screen The DDNS screen provides a summary of all DDNS domain names and their configuration. In addition, this screen allows you to add new doma in names, edit the configuration for existing domain names, an[...]

  • Page 319

    Chapter 17 DDNS ISG50 User’s Guide 319 17.2.1 The Dynamic DNS A dd /Edit Screen The DDNS Add/Edit screen allows you to add a domain name to the ISG50 or to edit the configuration of an existing domain name. Click Configuration > Network > DDNS and then an Add or Edit icon to open this screen. Figure 211 Configur ation > Network > DDNS[...]

  • Page 320

    Chapter 17 DDNS ISG50 User’s Guide 320 The following table describes the labels in this screen. T able 101 Configuration > Network > DDNS > Add LABEL DESCRIPTION Show Adv ance Settings / Hide Adv ance Settings Click this button to display a greater or lesser number of con figuration fields. Enable DDNS Profile Select this check box to us[...]

  • Page 321

    Chapter 17 DDNS ISG50 User’s Guide 321 IP Address The options available in this field v ary by DDNS provider . Interfa ce - The ISG50 uses the IP address of the specified interface. Thi s option appears when you select a specific i nterface in the Backup Binding Address Interfa ce field. Auto - The DDNS server checks the source IP address of the [...]

  • Page 322

    Chapter 17 DDNS ISG50 User’s Guide 322[...]

  • Page 323

    ISG50 User’s Guide 323 C HAPTER 18 NAT 18.1 NA T Overview NA T (Network Address T ranslation - NA T , RFC 1631) is the translation of the IP address of a host in a packet. F or example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network. Use Network Address T ranslat[...]

  • Page 324

    Chapter 18 NAT ISG50 User’s Guide 324 •S e e Section 7.10.2 on p age 130 for an example of how to configure NA T to allow web traffic from the WAN to a server on the DMZ. 18.2 The NA T Screen The NAT summary screen provides a summary of all NA T rules and their configur ation. In addition, this screen allows you to create new NA T rules and ed [...]

  • Page 325

    Chapter 18 NAT ISG50 User’s Guide 325 18.2.1 The NA T Add/Edit Screen The NAT Add/Ed it screen lets you create new NA T rules and edit e xisting ones. T o open this window, open the NAT summary screen. (See Section 18.2 on page 324 .) Then, click on an Add icon or Edit icon to open the following screen. Figure 214 Configuration > Network > [...]

  • Page 326

    Chapter 18 NAT ISG50 User’s Guide 326 Classification Select what kind of NA T this rule is to perform. Virtual Server - This makes compu te r s on a private network behind the ISG50 av ailable to a public network outs ide the ISG50 (lik e the Internet). 1:1 NAT - If the private network server will initiate sessions to the outside clients, select [...]

  • Page 327

    Chapter 18 NAT ISG50 User’s Guide 327 Port Mapping Ty p e Use the dr op-down list bo x to select how many original destination port s this NA T rule supports for the se le cted destination IP addres s ( Original IP ). Choices are: any - this NA T rule supports all the destination ports. Service - this NA T rule maps one service to another . Port [...]

  • Page 328

    Chapter 18 NAT ISG50 User’s Guide 328 18.3 NA T T echnical Reference Here is more detailed information about NA T on the ISG50. NA T Loopback Suppose a NA T 1:1 rule maps a public IP address to the private IP address of a LAN SMTP e-mail server to give W A N users access. NA T loopback allows other users to also use the rule’ s original IP to a[...]

  • Page 329

    Chapter 18 NAT ISG50 User’s Guide 329 The LAN user ’ s computer then sends traffic to IP address 1.1.1 .1. NA T loopback uses the IP address of the ISG50’s LAN interface (192.168.1.1) as the so urce address of the traffic going from the LAN users to the LAN SMTP server . Figure 216 LAN to LAN T raffic The LAN SM TP server re plies to the IS G[...]

  • Page 330

    Chapter 18 NAT ISG50 User’s Guide 330[...]

  • Page 331

    ISG50 User’s Guide 331 C HAPTER 19 HTTP Redirect 19.1 Overview HT TP redirect forwards the client’ s HTTP request (except HT TP traffic destined for the ISG50) to a web proxy server . In the following example, proxy server A is connected to the DMZ interface. When a client connected to the LAN1 zone wants to open a web page, its HTTP request is[...]

  • Page 332

    Chapter 19 HTTP Redirect ISG50 User’s Guide 332 A client connects to a web proxy server each time he/she wants to access the Internet. The web proxy provides caching service to allow quick ac cess and r educe network usage. The proxy checks its local cache for the requested web r esource first. If it is not found, the proxy gets it from the speci[...]

  • Page 333

    Chapter 19 HTTP R edirect ISG50 User’s Guide 333 Note: Y ou can configure up to one HTTP redi rect rule for each (incoming) interface. Figure 219 Configuration > Netw ork > HT TP Redirect The following table describes the labels in this screen. 19.2.1 The HTTP Redirect Edit Screen Click Network > HTTP Redirect to open the HTTP Redir ect [...]

  • Page 334

    Chapter 19 HTTP Redirect ISG50 User’s Guide 334 The following table describes the labels in this screen. T able 105 Network > HTTP R edirect > Edit LABEL DESCRIPTION Enable Use this option to turn t h e HT TP redirect rule on or off . Name Enter a name to identify this rule. Y o u may use 1-31 alphanumeric characters, underscores( _ ), or d[...]

  • Page 335

    ISG50 User’s Guide 335 C HAPTER 20 ALG 20.1 ALG Overview Application Layer Gatewa y (ALG) allows the following applications to oper ate properly through the ISG50’s NA T . • H.323 - A teleconferencing protocol suite that provides audio , data and video conferencing. • FTP - File T ransfer Protocol - an Internet file tr ansfer service. The A[...]

  • Page 336

    Chapter 20 ALG ISG50 User’s Guide 336 The following example shows H.323 signaling (1) and audio (2) sessions between H.323 devices A and B. Figure 221 H.323 ALG Example Peer-to-Peer Calls and the ISG50 The ISG50 ALG can allow peer-to-peer V oIP calls for H.323. Y ou must configure the firewall and NA T (port forwarding) to allow inco ming (peer-t[...]

  • Page 337

    Chapter 20 ALG ISG50 User’s Guide 337 address B to receive calls through public W AN IP addre ss 2 . Y ou configure corresponding policy ro ut e s t o h av e c al ls f ro m L AN I P a dd r es s A go out through W AN IP address 1 and calls from LAN IP address B go out through WAN IP address 2 . Figure 223 V oIP with Multiple WAN IP Addresses Findi[...]

  • Page 338

    Chapter 20 ALG ISG50 User’s Guide 338 20.2 The ALG Screen Click Configuration > Network > ALG to open the ALG screen. Us e this screen to turn ALGs o ff or on and configure the port numbers to which they apply . Figure 224 Configuration > Network > ALG The following table describes the labels in this screen. T able 106 Configuration &[...]

  • Page 339

    Chapter 20 ALG ISG50 User’s Guide 339 20.3 ALG T echnical Reference Here is more detailed information about the Application Layer Gatew ay . ALG Some applications cannot operate through NA T (are NA T un-friendly) because they embed IP addresses and port numbers in their packets’ da ta pa yload. The ISG 50 examines and us es IP address and port[...]

  • Page 340

    Chapter 20 ALG ISG50 User’s Guide 340 RTP When you make a V oIP call using H.323, the RTP (Real time T ransport Protocol) is used to handle voice data transfer . See RFC 1889 for details on RTP .[...]

  • Page 341

    ISG50 User’s Guide 341 C HAPTER 21 IP/MAC Binding 21.1 IP/MAC Binding Overview IP address to MAC address binding helps ensure that only the intended devices get to use privileged IP a d d re s s e s . T h e I SG 5 0 u se s D H CP t o a ss ig n I P addresses and records to MAC address it assigned each IP address. The ISG50 then checks incoming con[...]

  • Page 342

    Chapter 21 IP/MAC Binding ISG50 User’s Guide 342 Interfaces Used With IP/MAC Binding IP/MAC address bindings are grouped by inte rfac e. Y ou can use IP/MAC binding with Ethernet, bridge, and VLAN interfaces. Y ou can also enable or disable IP/MAC binding and logging in an interface’ s configuration screen. 21.2 IP/MAC Binding Summary Click Con[...]

  • Page 343

    Chapter 21 IP/MAC Binding ISG50 User’s Guide 343 21.2.1 IP/MAC Binding Edit Click Configuration > Network > IP/MAC Binding > Edit to open the IP/MAC Binding Edit screen. Use this screen to configure an interf ace’ s IP to MAC address binding settings. Figure 227 Configuration > Network > IP/MAC Binding > Edit The following tab[...]

  • Page 344

    Chapter 21 IP/MAC Binding ISG50 User’s Guide 344 21.2.2 S t atic DHCP Edit Click Configuration > Network > IP/MAC Binding > Edit to open the IP/MAC Binding Edit screen. Click the Add or Edit icon to open the following screen. Use this screen to configure an interface’ s IP to MAC address binding settings. Figure 228 Configuration > [...]

  • Page 345

    Chapter 21 IP/MAC Binding ISG50 User’s Guide 345 21.3 IP/MAC Binding Exempt List Click Configuration > Network > IP/MAC Binding > Exempt List to open the IP/MAC Binding Exempt List screen. Use this screen to configure ranges of IP addresses to which the ISG50 does not apply IP/MAC binding. Figure 229 Configuration > Network > IP/MA[...]

  • Page 346

    Chapter 21 IP/MAC Binding ISG50 User’s Guide 346[...]

  • Page 347

    ISG50 User’s Guide 347 C HAPTER 22 Authentication Policy 22.1 Overview Use authentication policies to control who can access the network. Y ou can authenticate users (require them to log in). 22.1.1 What Y ou Can Do in this Chapter Use the Configuration > Auth. Policy screens ( Section 22.2 on page 347 ) to create and manage authentication pol[...]

  • Page 348

    Chapter 22 Authentication Policy ISG50 User’s Guide 348 Click Configuration > Auth. Policy to display the screen. Figure 230 Configuration > Auth. P olicy[...]

  • Page 349

    Chapter 22 Authentication Policy ISG50 User’s Guide 349 The following table gives an ov erview of the objects you can configure. Ta b l e 111 Configuration > Auth. P olicy LABEL DESCRIPTION Enable Authentica tion Pol ic y Select this t o turn on the authenticati on policy feature. Exceptional Servi ces Use this table to li st services that use[...]

  • Page 350

    Chapter 22 Authentication Policy ISG50 User’s Guide 350 22.2.1 Creating/Editing an Authentication Policy Click Configuration > Auth. Policy and then the Add (or Edit ) icon to open the Auth. Policy Edit screen. Use this screen to configure an authentication policy . Figure 232 Configuration > Auth. P o licy > Add Destination This display[...]

  • Page 351

    Chapter 22 Authentication Policy ISG50 User’s Guide 351 The following table gives an ov erview of the objects you can configure. T able 1 12 Configuration > A uth. Policy > Add LABEL DESCRIPTION Create n ew Object Use to configure any new settings objects that you ne ed to use in this screen. Enable Policy Se lect this ch eck box to activat[...]

  • Page 352

    Chapter 22 Authentication Policy ISG50 User’s Guide 352[...]

  • Page 353

    ISG50 User’s Guide 353 C HAPTER 23 Firewall 23.1 Overview Use the firewall to block or allow services that use static port numbers. The firewall can also limit the number of user sessions. This figure shows the ISG50’s default firew all rules in action and demonstrates how stateful inspection works. User 1 can initiate a T elnet session from wi[...]

  • Page 354

    Chapter 23 Firewall ISG50 User’s Guide 354 23.1.2 What Y ou Need to Know St ateful Inspection The ISG50 has a stateful inspection firewall. The ISG50 restricts access by screening data packets against defined access rules. It also inspects sessi ons. For example, traffic from one z one is not allowed unless it is initiated by a computer in anothe[...]

  • Page 355

    Chapter 23 Firewall ISG50 User’s Guide 355 Y ou can configure a T o-ISG50 firewall rule (with From Any To Device direction) for traffic from an interface which is not in a zone. Global Firewall Rules Firewall rules with from any and/or to any as the packet direction are called global firewall rules. The global firewall rules are the only firew al[...]

  • Page 356

    Chapter 23 Firewall ISG50 User’s Guide 356 23.1.3 Firewall Rule Example Applications Suppose that your company decides to block all of the LAN users from using IRC (Internet R elay Chat) through the Internet. T o do this, you would configure a LAN to WAN firew all rule that blocks IRC traffic fro m any source IP address from going to any destinat[...]

  • Page 357

    Chapter 23 Firewall ISG50 User’s Guide 357 Now you configure a LAN1 to W AN fire wall rule that allows IRC tr affic from the IP address of the CEO’ s computer (192.168.1.7 for example) to go to any destination address. Y ou do not need to specify a schedule since you want the firewall rule to a l w a y s b e i n e f f e c t . T h e f o l l o w [...]

  • Page 358

    Chapter 23 Firewall ISG50 User’s Guide 358 The rule for the CEO must come before the rule that blocks all LAN1 to WAN IRC traffic. If the rule that blocks all LAN1 to W AN IRC traffic came first, the CEO’s IRC traffic would match that rule and the ISG50 would drop it and not check any other firewall rules. 23.1.4 Firewall Rule Configuration Exa[...]

  • Page 359

    Chapter 23 Firewall ISG50 User’s Guide 359 5 The screen for configuring a service object opens. Configure it as follows and click OK . Figure 238 Firewall Example: Create a Service Object 6 Select From WAN and To LAN1 . 7 Enter the name of the firewall rule. 8 Select Dest_1 is selected for the Destination an d Doom is selected as the Service . En[...]

  • Page 360

    Chapter 23 Firewall ISG50 User’s Guide 360 23.2 The Firewall Screen Asymmetrical Routes If an alternate gateway on the LAN has an IP ad dress in the same subnet as the ISG50’ s LAN IP address, return traffic may not go through the ISG 50. This is called an asymmetrical or “triangle” route. This causes the ISG50 to reset the connection, as t[...]

  • Page 361

    Chapter 23 Firewall ISG50 User’s Guide 361 • If you enable intr a- zone traffic blocking (see th e chapter about zones), the firew all automatically creates (implicit) rules to deny packet passage between the interfaces in the specified zone. • Besides configuring the firewall, you also need to configure NA T rules to allow computers on the W[...]

  • Page 362

    Chapter 23 Firewall ISG50 User’s Guide 362 From Z one / T o Zon e This is the direction of travel of packets. Select from wh ich zone the packets c ome and to which zone they go. Firewall rules are grouped base d on the direction of travel of pa ckets to which they apply . For example, fro m LAN1 to LAN1 m eans packets traveling from a compute r [...]

  • Page 363

    Chapter 23 Firewall ISG50 User’s Guide 363 23.2.2 The Firewall Add/Edit Screen In the Firewall screen, click the Edit or Add icon to display the Firewall Rule Edit screen. Figure 243 Configuration > Firewall > Add The following table describes the labels in this screen. T able 1 18 Configuration > Firewall > Add LABEL DESCRIPTION Crea[...]

  • Page 364

    Chapter 23 Firewall ISG50 User’s Guide 364 23.3 The Session Limit Screen Click Configuration > Firewall > Session Limit to display the Firewall Session Limit screen. Use this screen to limit the number of concurrent NA T/firewall sessions a client can use. Y o u can apply a default limit for all users and individual lim its for specific use[...]

  • Page 365

    Chapter 23 Firewall ISG50 User’s Guide 365 23.3.1 The Session Limit Add/Edit Screen Click Configuration > Firewall > Session Limit and the Add or Edit icon to display the Firewall Sessio n Limit Edit screen. Use this screen to configure rules that define a session limit for specific users or addresses. Figure 245 Configuration > Firewall[...]

  • Page 366

    Chapter 23 Firewall ISG50 User’s Guide 366 The following table describes the labels in this screen. T able 120 Configuration > Firewall > Session Limit > Edit LABEL DESCRIPTION Create n ew Object Use to configure any new settin gs objects that you need t o u s e in this screen. Enable Rule Sele ct this check box to turn on this session l[...]

  • Page 367

    ISG50 User’s Guide 367 C HAPTER 24 IPSec VPN 24.1 IPSec VPN Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a co mbination of tunneling, encryption, authentication, access control and auditing. It is used to tr ansport traffic o ver the Interne[...]

  • Page 368

    Chapter 24 IPSec VPN ISG50 User’s Guide 368 24.1.2 What Y ou Need to Know An IPSec VPN tunnel is usually established in two phases. Each phase establishes a security association (SA), a contr act indicating what security parameters the ISG50 and the remote IPSec router will use. The first phase establishes an In ternet K ey Exchange (IKE) S A bet[...]

  • Page 369

    Chapter 24 IPSec VPN ISG50 User’s Guide 369 Application Scenarios The ISG50’s application scenarios make it easi er to configure your VPN connection settings. Finding Out More •S e e Section 6. 6.1 4 on page 102 for related information on these screens. •S e e Section 24. 4 on page 38 6 for IPSec VPN background information. •S e e Section[...]

  • Page 370

    Chapter 24 IPSec VPN ISG50 User’s Guide 370 24.1.3 Before Y ou Begin This section briefly explains the relationship betw een VPN tunnels and other features. It also giv es some basic suggestions for troubleshooting. Y ou should set up the following featur es before y ou set up the VPN tunnel. • In any VPN connection, you ha v e to select addre [...]

  • Page 371

    Chapter 24 IPSec VPN ISG50 User’s Guide 371 Each field is discussed in the following table. See Section 24.2.2 on page 377 and Section 24.2.1 on page 371 for more information. 24.2.1 The VPN Connection Add/Edit (IKE) Screen The VPN Connection Add/Edit Gateway screen allows you to create a new VPN connection policy or edit an existing one. T o acc[...]

  • Page 372

    Chapter 24 IPSec VPN ISG50 User’s Guide 372 the Add icon, you hav e to select a specific VPN gateway in the VPN Gatew ay field before the following screen appears. Figure 249 Configuration > VPN > IPSec VPN > VPN Connection > Edit (IKE)[...]

  • Page 373

    Chapter 24 IPSec VPN ISG50 User’s Guide 373 Each field is described in the following table. T able 123 Configuration > VPN > IPSec VPN > VPN Connection > Edit LABEL DESCRIPTION Show Adv ance Settings / Hide Adv ance Se ttings Click this button to di spla y a greater or lesser number of configur ation fields. Create n ew Objec t Use to[...]

  • Page 374

    Chapter 24 IPSec VPN ISG50 User’s Guide 374 Pol i cy Enforcement Clear this to allow traffic with sou rce and destination IP addresses that d o not match the local an d remote policy to us e th e VPN tunnel. Le ave this cleared for free access between the local and remote networks. Selecting this re stricts who can us e th e VPN tunnel. The ISG5 [...]

  • Page 375

    Chapter 24 IPSec VPN ISG50 User’s Guide 375 Authentic ation Select which hash algorithm to use to au thenticate pack et data in the IPSec SA. Choices are SHA1 and MD5 . SHA1 is generally considered str onger than MD5 , but it is also s lower . The ISG50 and the remote IPSec router mu st both have a proposal that uses the same authen tication algo[...]

  • Page 376

    Chapter 24 IPSec VPN ISG50 User’s Guide 376 Source Select the address object that repr esents the origi nal source address (or select Create Object to configure a new one). This i s the address object for the computer or ne twork outside th e local netw ork . The size of the origi nal source address range ( Source ) must be e qual to the size of [...]

  • Page 377

    Chapter 24 IPSec VPN ISG50 User’s Guide 377 24.2.2 The VPN Connection Add/Edit Manual Key Screen The VPN Connection Add/Edit Manual Key screen allows you to create a new VPN connection or edit an existing one using a manual key . This is useful if you have pro blems with IKE key management. T o access this screen, go to the VPN Connection summ ar[...]

  • Page 378

    Chapter 24 IPSec VPN ISG50 User’s Guide 378 Secure Gateway Address T ype the IP address of the remote IPSec ro uter in the IPSec SA. SPI T ype a unique SPI (Security P arame ter Index) between 256 and 4095. The SPI is used to identify th e IS G50 during auth entication. The ISG50 and remote IPSec ro uter must use th e sam e SPI. Encapsulation Mod[...]

  • Page 379

    Chapter 24 IPSec VPN ISG50 User’s Guide 379 24.3 The VPN Gateway Screen The VPN Gateway summary screen displays the IPSec VPN gatewa y policies in the ISG50, as well as the ISG50’ s address, remote IPSec router’s ad dress, and associated VPN connections for each one. In addition, it also lets you activ ate and deactivate each VPN gatew ay . E[...]

  • Page 380

    Chapter 24 IPSec VPN ISG50 User’s Guide 380 T o access this screen, click Configuration > VPN > Network > IPSec VPN > VP N Gateway . The following screen appears. Figure 251 Configuration > VPN > IPSec VPN > VPN Gatewa y Each field is discussed in the following table. See Section 24.3.1 on page 381 for more information. T abl[...]

  • Page 381

    Chapter 24 IPSec VPN ISG50 User’s Guide 381 24.3.1 The VPN Gateway Add/Edit Screen The VPN Gateway Add/Edit screen allows you to create a new VPN gatew ay policy or edit an existing one. T o access this screen, go to the VPN Gateway summary screen (see Section 24.3 on page 379 ), and click either the Add icon or an Ed it icon. Figure 252 Configur[...]

  • Page 382

    Chapter 24 IPSec VPN ISG50 User’s Guide 382 Each field is described in the following table. T able 126 Configuration > VPN > IPSec VPN > VPN Gateway > Edit LABEL DESCRIPTION Show Adv ance Settings / Hide Adv ance Se ttings Click this button to display a greater or lesser number of co nfiguration fields. General Settings VPN Gateway Na[...]

  • Page 383

    Chapter 24 IPSec VPN ISG50 User’s Guide 383 Local ID T ype This field is read-only if the ISG 50 and remote IPSec router use certifi cates to identify each other . Select which type of identification is us ed to identify the ISG50 during authenti cat ion. Choices are: IP - the ISG50 is identified by an IP address DNS - the ISG50 is identified by [...]

  • Page 384

    Chapter 24 IPSec VPN ISG50 User’s Guide 384 Content This field is disabled if the Peer ID Type is Any . T ype the iden tity of the remote IPSec rout er during authen tication. The ident ity depends on the Peer ID Type . If the ISG50 and remote IPSec ro uter do not use ce rtificates, IP - type an IP address; see the no te at the e nd o f this desc[...]

  • Page 385

    Chapter 24 IPSec VPN ISG50 User’s Guide 385 # This field is a sequ ential value, and it is not associated with a specific proposal. The sequence of proposal s should not affe ct performance significantly . Encryption Select which k ey size and en c rypti on algori th m to use in the IKE S A. Choices are: DES - a 56-bit key with t he DES encrypti [...]

  • Page 386

    Chapter 24 IPSec VPN ISG50 User’s Guide 386 24.4 IPSec VPN Background Information Here is some more detailed IP Sec VPN background information. IKE SA Overview The IKE SA provides a secure connection between the ISG50 and remote IPSec router . It takes sever al steps to establish an IKE SA. The negotiation mode determines how many . There are two[...]

  • Page 387

    Chapter 24 IPSec VPN ISG50 User’s Guide 387 IKE SA Proposal The IKE SA proposal is used to identify the encr yption algorithm, authentication algorithm, and Diffie-Hellman (DH) key group that the ISG50 and re mote IPSec router use in the IKE SA. In main mode, this is done in steps 1 and 2, as illustr ated next. Figure 253 IKE SA: Main Negotiation[...]

  • Page 388

    Chapter 24 IPSec VPN ISG50 User’s Guide 388 Diffie-Hellman (DH) Key Exchange The ISG50 and the remote IPSec router use DH pu blic-key cryptogr aphy to establish a shared secret. The shared secret is then used to generate encryption keys for the IKE SA and IPSec S A. In main mode, this is done in steps 3 and 4, as illustr ated next. Figure 254 IKE[...]

  • Page 389

    Chapter 24 IPSec VPN ISG50 User’s Guide 389 Y ou have to create (and distribute) a pre-shared key. The ISG50 and remote IPSec router use it in the authentication process, though it is not actually tr ansmitted or exchanged. Note: The ISG50 and the remote IPSec rout er must use the same pre-shared key . Router ide nti ty co nsi sts of I D ty pe a [...]

  • Page 390

    Chapter 24 IPSec VPN ISG50 User’s Guide 390 Main mode takes six steps to establish an IKE S A. Steps 1 - 2: The ISG50 sends its proposals to th e remote IPSec router . Th e remote IPSec router selects an acceptable proposal and sends i t back to the ISG50. Steps 3 - 4: The ISG50 and the remote IPSec router exchange pre-shared keys for authenticat[...]

  • Page 391

    Chapter 24 IPSec VPN ISG50 User’s Guide 391 • Configure the NA T router to forward packets with the extr a header unchanged. (See the field description for detailed information about the extra header .) The extra header may be UDP port 500 or UDP port 4500, dependi ng on the standard(s) the ISG5 0 and remote IPSec router support. Extended Authe[...]

  • Page 392

    Chapter 24 IPSec VPN ISG50 User’s Guide 392 Active Protocol The active protocol controls the format of each packet. It also specifies how much of each packet is protected by the encryption and authentication algorithms. IPSec VPN inclu des two active protocols, AH (Authenti cation Heade r , RFC 24 02) and ESP (Enc a psulating Sec u rity Payload, [...]

  • Page 393

    Chapter 24 IPSec VPN ISG50 User’s Guide 393 If you enable PFS, the ISG50 and remote IPSec ro uter perform a DH key ex change every time an IPSec SA is established, changing the root key from which encryption keys are gener ated. As a result, if one encryption key is compromised, other encryption k eys remain secure. If you do not enable PFS, the [...]

  • Page 394

    Chapter 24 IPSec VPN ISG50 User’s Guide 394 • Destination address in inbound pack ets - this translation is used if y ou want to forw ard packets (for example, mail) from the remote network to a specific computer (like the mail serv er) in the local network. Each kind of tr anslation is explained below . The fo llowing example is used to help e[...]

  • Page 395

    Chapter 24 IPSec VPN ISG50 User’s Guide 395 Destination Address in Inbound Packets (Inbound T raffic, Destin ation NA T) Y ou can set up this tr anslation if you want the ISG50 to forward some packets from th e remote network to a specific computer in the local network. For example, in Figure 258 on page 394 , y ou can configure this kind of tr a[...]

  • Page 396

    Chapter 24 IPSec VPN ISG50 User’s Guide 396[...]

  • Page 397

    ISG50 User’s Guide 397 C HAPTER 25 Bandwidth Management 25.1 Overview Bandwidth management provides a con venient way to manage the use of v arious services on the network. It manages general protocols (for example, HT TP and F TP) and applies traffic prioritization to enhance the performance of delay-sensitiv e applications like voice and video.[...]

  • Page 398

    Chapter 25 Bandwi dth Management ISG50 User’s Guide 398 Connection and Packet Directions Bandwidth management looks at the connection direction, that is from w hich zone the connection was initiated and to which zone the connection is going. A connection has outbound and inbound packet flow s. The ISG5 0 controls the bandwidth of traffic of each [...]

  • Page 399

    Chapter 25 Bandwidth Management ISG50 User’s Guide 399 • Inbound traffic is limited to 500 kbs. The conne ction initiator is on the LAN1 so inbound means the traffic tr aveling from the W AN to the LAN1. Figure 260 LAN1 to WAN, Outbound 200 kbps, Inbound 500 kbps Bandwid th Management Priority • The ISG50 gives bandwidth to higher-priority tr[...]

  • Page 400

    Chapter 25 Bandwi dth Management ISG50 User’s Guide 400 1000 kbps, but the WAN is set to a maximum outg oing speed of 1000 kbps. Y ou configure policy A for server A ’s tr affic and policy B for server B ’ s traffic. Figure 261 Bandwidth Management Behavior Configured Rate Effect In the following table the configured r ates total less than th[...]

  • Page 401

    Chapter 25 Bandwidth Management ISG50 User’s Guide 401 Priority and Over Allotm ent of Ban dwidth Effect Server A has a configured r ate that equals the total amount of a vailable bandwidth and a higher priority . Y ou should regard extreme over allotment of traffic with different priorities (as shown here) as a configuration error . Even though [...]

  • Page 402

    Chapter 25 Bandwi dth Management ISG50 User’s Guide 402 • FTP traffic from the LAN1 to the DMZ can use more bandwidth since the interfaces support up to 1 Gbps connections, but it must be the lowest priori ty and limited so it does not interfere with SIP and HT TP traffic. Figure 262 Bandwidth Management Example 25.1.3.1 Setting the Interface?[...]

  • Page 403

    Chapter 25 Bandwidth Management ISG50 User’s Guide 403 • Enable maximize bandwidth usage so the SIP tr affic can borrow unused bandwidth. Figure 263 SIP Any to W AN Bandwidth Management Example 25.1.3.3 SIP W AN to Any Ba ndwidth Management Example Y ou also create a policy for calls coming in from the SIP serv er on the W AN. It is the same as[...]

  • Page 404

    Chapter 25 Bandwi dth Management ISG50 User’s Guide 404 • Disable maximize bandwidth usage since you do not want to give FTP more bandwidth. Figure 265 FTP WAN to DMZ Bandwidth Management Ex ample 25.1.3.6 FTP LAN to DMZ Ba ndwidth Management Example • The LAN and DMZ zone interfaces are connected to Ethernet networks (not an ADSL device) so [...]

  • Page 405

    Chapter 25 Bandwidth Management ISG50 User’s Guide 405 Click Configuration > Bandwidth Management to open the following screen. Figure 267 Configuration > Bandwidth Management The following table describes the labels in this screen. See Section 25.2.1 on page 406 for more information as well. T able 133 Configuration > Bandwidth Manageme[...]

  • Page 406

    Chapter 25 Bandwi dth Management ISG50 User’s Guide 406 25.2.1 The Bandwid th Ma nagement Add/Edit Screen The Configuration > Bandwi dth Manageme nt Add/Edit screen allows y ou to create a new condition or edit an existing one. T o access this screen, go to the Config uration > Bandwidth T o This is the destinati on zone of the tr affic to [...]

  • Page 407

    Chapter 25 Bandwidth Management ISG50 User’s Guide 407 Management screen (see Section 25.2 on page 404 ), and click either the Add icon or an Edit icon. Figure 268 Configuration > Bandwidth Management > Edit The following table describes the labels in this screen. T able 134 Configuration > Bandwidth Management LABEL DESCRIPTION Create n[...]

  • Page 408

    Chapter 25 Bandwi dth Management ISG50 User’s Guide 408 DSCP Marking Set ho w the ISG50 handle s the DSCP value of the o utgoing packets that m atch this policy . Inbound refers to the tra ffic the ISG50 sends to a con nec tion’s initiator . Outbound refers to the traff ic the ISG50 sends out fro m a connection’ s initiator . Select one of th[...]

  • Page 409

    Chapter 25 Bandwidth Management ISG50 User’s Guide 409 OK Click OK to sav e your changes back to the ISG50. Cancel Cl ick Cancel to exit this screen without saving your changes. T able 134 Configuration > Bandwidth Management LABEL DESCRIPTION[...]

  • Page 410

    Chapter 25 Bandwi dth Management ISG50 User’s Guide 410[...]

  • Page 411

    ISG50 User’s Guide 41 1 C HAPTER 26 ADP 26.1 Overview This chapter introduces ADP (Anomaly Detection an d Prevention), anomaly profiles and applying an ADP profile to a traffic direction. ADP protects against anomalies based on violations of protocol standards (RFCs – R equests for Comments) and abnormal flows such as port scans. 26.1.1 ADP 1 A[...]

  • Page 412

    Chapter 26 ADP ISG50 User’s Guide 412 Base ADP Profiles Base ADP profiles are templates that you use to create new ADP profile s.The ISG50 comes with several base pro files. See T able 136 on page 414 for details on ADP base profiles. ADP Policy An ADP policy refers to application of an ADP profile to a tr affic flow. Finding Out More •S e e Se[...]

  • Page 413

    Chapter 26 ADP ISG50 User’s Guide 413 26.3 The Profile Summary Screen Use this screen to: • Create a new profile using an existing base profile • Edit an existing profile Policies U se this li st to specify whi ch anomaly pro file the IS G50 uses for t raffic flowing in a specific direct ion. Edit the policies directly in the table. Add Click[...]

  • Page 414

    Chapter 26 ADP ISG50 User’s Guide 414 • Delete an existing profile 26.3.1 Base Profiles The ISG50 comes with base profiles. Y ou use ba se profiles to create new profiles. In the Configuration > Anti-X > ADP > Profile screen, click Add to display the following screen. Figure 270 Base Profiles These are the default base prof iles at the[...]

  • Page 415

    Chapter 26 ADP ISG50 User’s Guide 415 The following table describes the fields in this screen. 26.3.3 Creating New ADP Profiles Y o u may want to create a new profile if not all rules in a base profile are applicable to y our network. In this case you should disable non-applicable rules so as to improve ISG50 ADP processing efficiency . Y ou may [...]

  • Page 416

    Chapter 26 ADP ISG50 User’s Guide 416 Figure 272 Profiles: T raffic Anomaly[...]

  • Page 417

    Chapter 26 ADP ISG50 User’s Guide 417 The following table describes the fields in this screen. T able 138 Configuration > ADP > Profile > T raffic Anomaly LABEL DESCRIPTION Name This is the name of the ADP profile. Y ou may use 1-31 alphanumeric c haracters, underscores( _ ), or dashes (- ), but the first char acter cannot be a number . [...]

  • Page 418

    Chapter 26 ADP ISG50 User’s Guide 418 26.3.5 Protocol Anomaly Profiles Protocol anomaly is the third screen in an ADP profile. Protocol anomaly (PA) rules check for protocol compliance against the relevant RFC (Request for Commen ts). Protocol anomaly detection includes HT TP Inspection, TCP Decoder , UDP Decoder , and ICMP Decoder where each cat[...]

  • Page 419

    Chapter 26 ADP ISG50 User’s Guide 419 Figure 273 Profiles: Protocol Anomaly[...]

  • Page 420

    Chapter 26 ADP ISG50 User’s Guide 420 The following table describes the fields in this screen. T able 139 Configuration > ADP > Profile > Protocol Anomaly LABEL DESCRIPTION Name This is the name of the prof ile. Y ou may use 1-31 alphanumeric c haracters, underscores( _ ), or dashes (- ), but the first char acter cannot be a number . Thi[...]

  • Page 421

    Chapter 26 ADP ISG50 User’s Guide 421 26.4 ADP T echnical Reference This section is divided into traffic anomaly background information and protocol anomaly background information. T raffic Anomaly Background Information The following sections may help you configure the traffic anomaly profile screen ( Section 26.3.4 on page 415 ). Port Scanning [...]

  • Page 422

    Chapter 26 ADP ISG50 User’s Guide 422 Decoy Port Scans Decoy port scans are scans where the attacker has spoofed the source address. These are some decoy scan types: • T CP Deco y Po rtscan • UDP Decoy P ortscan • IP Decoy Portscan Distributed Port Scans Distributed port scans are many -to-one port scans. Distributed port scans occur when m[...]

  • Page 423

    Chapter 26 ADP ISG50 User’s Guide 423 Flood Detection Flood attacks saturate a network with useless data , use up all a vailable bandwidth, and therefore make communications in the network impossible. ICMP Flood Att ack An ICMP flood is broadcasting many pings or UDP packets so that so much data is sent to the system, that it slows it down or loc[...]

  • Page 424

    Chapter 26 ADP ISG50 User’s Guide 424 A SYN flood attack is when an attacker sends a series of SYN pack ets. Each packet causes the receiver to reply with a SYN- ACK response. The rece iver then waits for the ACK that follows the SYN-ACK, and stores all outstanding SYN-ACK resp onses on a backlog queue. SYN- ACKs are only moved off the queue when[...]

  • Page 425

    Chapter 26 ADP ISG50 User’s Guide 425 HTTP Inspection and TC P/UDP/ICMP Decoders The following table gives some information on th e HT TP inspection, TCP decoder , UDP de coder and ICMP decoder ISG50 protocol anomaly rules. T able 140 HTTP Inspection and TCP / UD P/ICMP Decoders LABEL DESCRIPTION HT TP Inspection APACHE- WHI TESPACE ATTA C K This[...]

  • Page 426

    Chapter 26 ADP ISG50 User’s Guide 426 OVERSIZE-REQU EST -URI- DIRECTOR Y A TT ACK This rule takes a non-zero positi ve integer as an argument. The argument specifie s the max char a cter directory length for URL directory . If a URL directory is la rger than this argument size, an alert is generated. A good argume nt v alue is 300 char acters. Th[...]

  • Page 427

    Chapter 26 ADP ISG50 User’s Guide 427 ICMP Decod er TRUNCA TED-ADDRES S- HEADER A TT ACK This is when an ICMP packet is sent which has an ICMP datagram length of less than the ICMP address header length. Thi s may cause some applicati ons to crash. TRUNCA TED-HEADER ATTA C K This is when an ICMP packet is sent which has an ICMP datagram length of[...]

  • Page 428

    Chapter 26 ADP ISG50 User’s Guide 428[...]

  • Page 429

    ISG50 User’s Guide 429 C HAPTER 27 Global PBX Settings 27.1 Overview This chapter shows you how to set up your ISG50- wide PBX settings including SIP server , feature code, email, fake IP , peer to peer , QoS and T API settings. The following diagram shows SIP devices communicating with the ISG50. In SIP some devices act as clients and others as [...]

  • Page 430

    Chapter 27 Global PBX Settings ISG50 User’s Guide 430 •U s e t h e Peer to peer screen to set up a direct connection between two IP phones on the same subnet. See Section 27.6 on page 436 . •U s e t h e QoS scre en to configure Quality of Service (QoS) settings. See Section 27.7 on page 440 . •U s e t h e TAPI screen to configure T API sett[...]

  • Page 431

    Chapter 27 Global PBX Settings ISG50 User’s Guide 431 The ISG50 can be configured to change the priority field of IP packets for all outgoing RTP (R eal Time Protocol) packets. The ISG50 supports Differ entiated Services (DiffServ) for implementing QoS. Configure the ISG50 with the QoS settings that your network uses for V oIP . TA P I Microsoft [...]

  • Page 432

    Chapter 27 Global PBX Settings ISG50 User’s Guide 432 See Section 13.2 on page 285 to set the WA N trunk the ISG50 uses for default traffic. Figure 278 Configuration > PB X > Global > SIP Server Each field is described in the following table. T able 141 Configuration > PBX > Global > SIP Server LABEL DESCRIPTION SIP Serv er R ea[...]

  • Page 433

    Chapter 27 Global PBX Settings ISG50 User’s Guide 433 27.3 The Feature Code Screen Use this screen to set values for the feature codes the ISG50 supports from an IP phone’ s extension. Users can dial these codes to enable or disable the features listed below for their extension settings by entering these codes on their phone’ s keypad. Click [...]

  • Page 434

    Chapter 27 Global PBX Settings ISG50 User’s Guide 434 The following table describes the labels in this screen. T able 142 Configuration > PBX > Global > Feature Code LABEL DESCRIPTION Group Pickup This code is used to pick up calls for your extension from a differe nt extension in the same authority group. Call T ran sfer This code is us[...]

  • Page 435

    Chapter 27 Global PBX Settings ISG50 User’s Guide 435 27.4 The E-Mail Screen Use this screen to configure the mail server info rmation through whic h the ISG50 sends voice mails and CDR (Call Detail R ecord) files to the email a ddresses which you configured in extension v oice mail (see Section 29.3. 3 on page 467 ) and CDR (see Section 54.2 on [...]

  • Page 436

    Chapter 27 Global PBX Settings ISG50 User’s Guide 436 Click Configuration > PBX > Global > Fake IP to view the screen as shown next. Figure 281 Configuration > PBX > Global > F ake IP Each field is described in the following table. 27.6 The Peer to Peer Screen Use this screen to allow the ISG50 to set up a di rect connection bet[...]

  • Page 437

    Chapter 27 Global PBX Settings ISG50 User’s Guide 437 Each field is described in the following table. 27.6.1 How the Peer-to-P eer SIP Connection W orks The following is a basic explanation of how the ISG50 creates a peer-to-peer SIP connection between two IP phones within the same host range. 1 The first phone ( A ) sends an invite for the other[...]

  • Page 438

    Chapter 27 Global PBX Settings ISG50 User’s Guide 438 Note: If either pho ne A or B re quests to use a feature specific to the ISG50, such as call parking or music on hold, the ISG50 inte rrupts the direct communication bridge and re-establishes control of the two SIP conne ctions. Figure 283 A Pe e r- t o - Pe e r E x a m p l e 27.6.2 Add Peer-t[...]

  • Page 439

    Chapter 27 Global PBX Settings ISG50 User’s Guide 439 Each field is described in the following table. 27.6.3 How Local Net and Peer-to-Peer Work T ogether Peer -to-peer calls can be made through the ISG50, but with certain limitations: 1 Peer -to-peer calls can be made between any devices on the LAN if they belong to a subnet listed in the same l[...]

  • Page 440

    Chapter 27 Global PBX Settings ISG50 User’s Guide 440 3 However , peer-to-peer calls cannot be made between devices if one of them belongs to a subnet listed in the localnet table and the other does not. Furthermore, the devices making a peer-to-peer connection: • Must have a common codec they can use between them. • Must use SIPInfo for DTMF[...]

  • Page 441

    Chapter 27 Global PBX Settings ISG50 User’s Guide 441 Each field is described in the following table. T able 147 Configuration > PBX > Global > Q oS LABEL DESCRIPTION SIP Select the DSCP value to mark o utgoing SI P control packets. Y ou can choose one of the AF (Assured Forw arding) values or select User Define to speci fy another DSCP [...]

  • Page 442

    Chapter 27 Global PBX Settings ISG50 User’s Guide 442 27.8 The T API Screen Use this screen to enable T API, configure T A PI line settings on the ISG50 and download the Z yXEL T API driver . T o access this screen, click Configuration > PBX > Global > TAPI . Figure 286 Configuration > PBX > Global > T API Each field is describe[...]

  • Page 443

    Chapter 27 Global PBX Settings ISG50 User’s Guide 443 27.8.1 Setting Up the T API Driv er and Utility on Y our Computer Y our computer needs to be running Windows XP , Windows Vista, Windows 7 or Windows Server 200x. Note: If your compu ter is on the ISG50's WAN an d you want to have a T API connection to th e I S G5 0, m ak e s ur e a f ir [...]

  • Page 444

    Chapter 27 Global PBX Settings ISG50 User’s Guide 444 1 Click Configuration > PBX > Global > TAPI . Click Download and save the file to your computer . 2 Unzip the file and run it, following the on -screen instructions to install it. 3 Open the Z yXEL_T API_for_ISG utility and click Configure... .[...]

  • Page 445

    Chapter 27 Global PBX Settings ISG50 User’s Guide 445 4 In the Server window , click Settings... . 5 Enter the ISG50’s host name and IP address. If you want the compu ter to work as a T API server and manage more than one extension , enter the user name and password for a server account already configured in the ISG50. If y ou want th e compute[...]

  • Page 446

    Chapter 27 Global PBX Settings ISG50 User’s Guide 446 6 In the Devices window, you can view the state and channel for the T API lines that you can control and manage. T o change the T API line state or make/answer a call, you need the CTI (Computer T elephony Integration) client or serv er software, such as xtelsio CTI Client or EST OS UCServer .[...]

  • Page 447

    Chapter 27 Global PBX Settings ISG50 User’s Guide 447 27.9 Network T echnical Reference This section contains background material relev ant to the Serve r screens. ISDN Overview ISDN (Integrated Service Digital Network) is a ci rcuit -switched telephone network system. In ISDN, there are two types of channels: B-channels and D- channels. ISDN all[...]

  • Page 448

    ISG50 User’s Guide 448 C HAPTER 28 Voice Interfaces 28.1 Overview This chapter shows you how to configure par ameters for FXO/FXS, and ISDN BRI channels. 28.1.1 What Y ou Can Do in this Chapter •U s e t h e FXS screen to configure the ISG50’ s FXS port s for connecting analog phones to your ISG50. See Se ction 28.2 on page 449 . •U s e t h [...]

  • Page 449

    Chapter 28 Voice Interfaces ISG50 User’s Guide 449 performance, monitoring, power transfer , and multip lexing of the channels. Y ou must connect a TE device to a NT device to access an IS DN network. The ISG50 is a TE device. T ypes of ISDN Switches There are many different ISDN switch types from different vendors in the world. The BRI interface[...]

  • Page 450

    Chapter 28 Voice Interfaces ISG50 User’s Guide 450 28.3 The FXO Screen Use this screen to configure settings related to th e FXO lines configured on the ISG50. T o access this screen, click Configuration > PBX > Voice Interfaces > FXO . Figure 288 Configuration > PBX > V o ice Interfaces > FXO Each field is described in the foll[...]

  • Page 451

    Chapter 28 Voice Interfaces ISG50 User’s Guide 451 28.4 The BRI Screen Use this screen to configure ISDN BRI interface settings on the ISG50. Click Configuration > PBX > Voice Interfaces > BRI to view the screen as shown next. Figure 289 Configuration > PBX > V o ice Interfaces > BRI Each field is described in the following tabl[...]

  • Page 452

    Chapter 28 Voice Interfaces ISG50 User’s Guide 452 Ty p e o f N u m b e r S elect the type for the prefix num ber wh ich might be required by your telephone company to m ake outgoing c alls. The options y ou can select are abbreviated , unknown , international , national , network-specific , and subscriber . Calling Party Number Prefix Enter a nu[...]

  • Page 453

    ISG50 User’s Guide 453 C HAPTER 29 Extension Management 29.1 Overview This chapter shows you how to configure settings for managing groups of extensions. 29.1.1 What Y ou Can Do in this Chapter •U s e t h e Authority Group screen to set up , configure and manage the ISG50’ s authority groups. See Section 29.2 on page 458 . •U s e t h e Grou[...]

  • Page 454

    Chapter 29 Extension Management ISG50 User’s Guide 454 The following figure shows the ISG50’s extensions divided into three authority groups ( AG1 , 2 and 3 ). Each authority group can ha ve different settings and privileges. Figure 290 Authority Group Overview The group access code allows you to use the outbound dialing rules assigned to you r[...]

  • Page 455

    Chapter 29 Extension Mana gement ISG50 User’s Guide 455 make long distance calls). She enters the code number and is able to place a call over the long distance connection. Figure 291 Call Access Code Overview Group Access Codes Group access codes allow your authority group members to use their gro up’s privileges with whichever extension they [...]

  • Page 456

    Chapter 29 Extension Management ISG50 User’s Guide 456 • Each extension can be a member of only one author ity group. • SIP and FXS extensions are treated the same within an authority group. Mobile Extensions A mobile extension is essentially call forwarding to both your IP phone extension and another phone. When you set up a mobile extension[...]

  • Page 457

    Chapter 29 Extension Mana gement ISG50 User’s Guide 457 Click-T o -T alk (CTT) A Click - T o- T alk (CTT) group allows visitors to your website to click an HTML link to use a web-based IP phone to connect to the CT T group’s extensions. Figure 293 A Click - T o- T alk Example F or example, users A and B click on an embedded Click - T o- T alk l[...]

  • Page 458

    Chapter 29 Extension Management ISG50 User’s Guide 458 29.2 The Authority Group Screen Use this screen to set up authority groups on the ISG50. T o access this screen, click Configuration > PBX > Extension Manag em en t > Au th or ity Gro u p . Figure 294 Configuration > PBX > Extension Management > A uthority Group Each field i[...]

  • Page 459

    Chapter 29 Extension Mana gement ISG50 User’s Guide 459 Each field is described in the following table. 29.2.2 The Authority Group Edit Screen Use this screen to manage extensions in the authority grou ps. In the Authority Group screen, double-click an authority group entry or select it and click Edit to open a screen where you can modify the ent[...]

  • Page 460

    Chapter 29 Extension Management ISG50 User’s Guide 460 Note: Y ou can use a subscription to increase the number of supported extensions. See Chapter 11 on page 229 . Figure 296 Authority Group Edit Each field is described in the following table. T able 154 Authority Group Edit LABEL DESCRIPTION Authority Group Name This field displays the name of[...]

  • Page 461

    Chapter 29 Extension Mana gement ISG50 User’s Guide 461 29.3 Extension Features Y ou can configure the following features on a per extension basis: Batch Add SIP Peer Click Batch Add if you want to configure multiple ex tensions for IP phone s connected to the ISG50. Edit Double-cli ck an entry or select it and cli ck Edit to open a screen where [...]

  • Page 462

    Chapter 29 Extension Management ISG50 User’s Guide 462 • Call Forwarding - set up call forwarding rules for the individual extension based on the following criteria: • Y our extension is busy . • Y ou turn on DND (Do Not Disturb). Y ou can set up a list of telephone nu mbers, referred to as the White List that ignore DND. • Unconditionall[...]

  • Page 463

    Chapter 29 Extension Mana gement ISG50 User’s Guide 463 29.3.2 The Extension Call Forward Screen Use this screen to set up call forwarding and call blocking rules for an extension. Note: The ISG50 checks any A uto-A ttendant call forwarding ( see Chapter 31 on page 503 ) and call blocking ( see Section 34.8 on page 542 ) settings b efore applying[...]

  • Page 464

    Chapter 29 Extension Management ISG50 User’s Guide 464 T o access this screen, click the Call Forward tab in any of the SIP extension configuration screens. Figure 298 Extension Add/Edit: Call Forward[...]

  • Page 465

    Chapter 29 Extension Mana gement ISG50 User’s Guide 465 Each field is described in the following table. T able 156 Extension Add/Edit: Call Forward LABEL DESCRIPTION Office Hour The ISG50 has separate rules for call forw ardi ng during office hours than after office hours. The settings you configure specify the office hours for this extension an [...]

  • Page 466

    Chapter 29 Extension Management ISG50 User’s Guide 466 No Answer Forw ard Select Disable to turn this feature off for this extension. Select Enable to forward all incoming calls to the extensions s pecified in the Find Me List when this extension is not answered within the default ri ng time. Use the Ad d , Edit , and Remove icons to create, modi[...]

  • Page 467

    Chapter 29 Extension Mana gement ISG50 User’s Guide 467 29.3.3 The Extension V o ice Mail Settings Screen Use this screen to configure voice mail settings for this extension. T o access this screen, click the Voice Mail tab in any of the SIP extension configur ation screens. Figure 299 Extension Add/Edit: V oice Mail Each field is described in th[...]

  • Page 468

    Chapter 29 Extension Management ISG50 User’s Guide 468 29.3.4 The Extension Advanced Screen Use this screen to configure adv anced settings fo r this ex tension. The f ields av ailable v aries depending on the extension type. Click the Advanced tab in any of the SIP extension configuration screens to view the screen as shown. Figure 300 Extension[...]

  • Page 469

    Chapter 29 Extension Mana gement ISG50 User’s Guide 469 29.3.5 The Batch Add SIP Screen Use this screen to configure a r ange of extensions for IP phones on your n etwork. T o access this screen, click the Batch Add button in the Authority Group Edit screen. Figure 301 Batch Add SIP Extensions Codec List This column in dic ates the codec types us[...]

  • Page 470

    Chapter 29 Extension Management ISG50 User’s Guide 470 Each field is described in the following table. T able 159 Batch Add SIP Extensions LABEL DESCRIPTION Batch Add SIP Peers Group Select the authority group you want these extension s to belong to. Start Num ber T ype the first extensio n num be r for this range of extensions. Extensions can be[...]

  • Page 471

    Chapter 29 Extension Mana gement ISG50 User’s Guide 471 29.4 The Group Ac cess Code Screen Use this screen to manage the access codes for authority groups on the ISG50. T o access this screen, click Configuration > PBX > Extension Management > Group Access Code . Figure 302 Configuration > PB X > Extension Management > Group Acc[...]

  • Page 472

    Chapter 29 Extension Management ISG50 User’s Guide 472 29.5 The Click T o T alk Group Screen This screen allows you to set up CT T groups and their associated extensions. A CT T group is not related to an Authority Groups; it is created solely for the purpose of connecting calls placed with the web-based utility on a web page to th e related exte[...]

  • Page 473

    Chapter 29 Extension Mana gement ISG50 User’s Guide 473 Click the Add or Edit icon in the Click To Talk Group screen to display the options as shown next . Figure 304 Click T o T alk Group Settings Each field is described in the following table. T able 162 Click To Talk Group Settings LABEL DESCRIPTION Group Name Enter a name for this CT T group,[...]

  • Page 474

    Chapter 29 Extension Management ISG50 User’s Guide 474 29.5.1.1 Sample HTML for a Click-T o-T alk Extension This is the basic JavaScript and HTML code used to embed the Zy XEL web-based IP phone client in a web page. Note: Y ou must replace both WEB_SERVER_ADDR strings in the sample code with y our own company’ s website. For example, “www .z[...]

  • Page 475

    Chapter 29 Extension Mana gement ISG50 User’s Guide 475 29.6 Authority Group T echnical Reference This section contains technical background information about the Authority Group screens. V oice Codecs A codec (coder/decoder) codes analog voice signals into digital signals and decodes the digital signals back into voice signals. The following tab[...]

  • Page 476

    Chapter 29 Extension Management ISG50 User’s Guide 476 into video signals. Although the ISG50 does not perform any video coding, it does support the pass through of the following video codecs. T able 164 Video Codecs S upported CODEC DESCRIPTION H.261 This is an ITU (Intern ational T elecom munication Uni on) video cod ing standard. H.261 was des[...]

  • Page 477

    ISG50 User’s Guide 477 C HAPTER 30 Outbound Trunk Group 30.1 Overview This covers you how to manage outside lines on the ISG50. The following diagram shows th e ISG50 connected to the various types of outside connections: • FXO/BRI T runk ( A ): shows the ISG50 connected to the PSTN (Public Switched T elephone Network) or ISDN (Integrated Servi[...]

  • Page 478

    Chapter 30 Outbound Trunk Group ISG50 User’s Guide 478 •U s e t h e LC R screens (starting in Section 31.2 on page 505 ) to configure the Configure Least Cost Routing (L CR) dialing rules. 30.1.2 What Y ou Need to Know The following terms and concepts may help you as y ou read through the chapter . Outbound T runk The outbound lines define a co[...]

  • Page 479

    Chapter 30 Outbound Trunk Gro up ISG50 User’s Guide 479 AA (Auto Attendant) After calling the number , the caller is pr ompted to dial the extension number . Figure 307 Auto Attendant (AA) Example DDI (Direct Dial In) DDI (also called DID, Direct Inw ard Dial) is a feature that maps a public number to an extension number . DDI enables a caller to[...]

  • Page 480

    Chapter 30 Outbound Trunk Group ISG50 User’s Guide 480 This example also shows three call examples. A - When an outsider calls 555-12 3457 , the call is mapped to the extension 1111 . B - When someone mak es an outgoing call from the extension 1111 , the caller ID shown to the callee is 555- 123457 . C - When you mak e a call over this outbound l[...]

  • Page 481

    Chapter 30 Outbound Trunk Gro up ISG50 User’s Guide 481 30.1.3 Before Y ou Begin Before you start to configure an outbound line group , please consider the following. • In order to create an FXO/BRI trunk the ISG5 0 must have a corresponding FXO or BRI port. • In order to create a SIP trunk you must already have a SIP account and a network co[...]

  • Page 482

    Chapter 30 Outbound Trunk Group ISG50 User’s Guide 482 Each field is described in the following table. T able 165 Outbound Line Management > Outbound Trunk Group LABEL DESCRIPTION S I P Tr u n k / Tr u s t Pee r / FX O / B RI Settings These headings divide the screen into sect ions based on the ty pe of outside line yo u have configured: • S[...]

  • Page 483

    Chapter 30 Outbound Trunk Gro up ISG50 User’s Guide 483 30.2.1 SIP T runk Add/Edit Use this screen to configure a SIP trunk. Click the Add or Edit icon in the SIP Trunk Settings section of the Outbound Trun k Group configuration screen to view the screen as shown. Figure 312 SIP T runk Add/Edit[...]

  • Page 484

    Chapter 30 Outbound Trunk Group ISG50 User’s Guide 484 Each field is described in the following table. T able 166 SIP Trunk Add/Edit LABEL DESCRIPTION Tr u n k N a m e T y p e t h e n a m e o f t h i s S I P t r u n k . T h i s f i e l d c a n b e 1 - 3 0 a l p h a n u m e r i c c h a r a c t e r s ( A - Z , a -z , 0-9) and underscores (_). The f[...]

  • Page 485

    Chapter 30 Outbound Trunk Gro up ISG50 User’s Guide 485 Minimum SE Enter the minimum session expiry time in se conds. The allow able rang e is 90~1800 seconds. When an incoming call requests a sess ion expiry time th at is lower than thi s, the ISG50 uses this v alue instead. Sessio n Expires Enter the session expiry time in seconds fo r all phon[...]

  • Page 486

    Chapter 30 Outbound Trunk Group ISG50 User’s Guide 486 30.2.2 SIP Auto Atten dant and DDI Setup Use this screen to select which auto-attendant shou ld be used with this outbound line group. See Chapter 31 on page 503 for information on configuring auto-attendan ts. Y ou can also configure Codec Setti ng Select the type of voice coder/decoder (cod[...]

  • Page 487

    Chapter 30 Outbound Trunk Gro up ISG50 User’s Guide 487 your DID (Direct Inw ard Dialing) settings. In the the Outbound Tru nk Group config uration screen, select a SIP trunk and click the Auto-Attendant icon to view the screen as shown. Figure 313 SIP Auto Attendant and DDI Setup Each field is described in the following table. T able 167 SIP Aut[...]

  • Page 488

    Chapter 30 Outbound Trunk Group ISG50 User’s Guide 488 30.2.3 Add DDI/DID Number Use this screen to add a DDI/DID number for an auto attendant to allow outsiders to call and reach an extension directly . In the auto attendant screen, click the DDI/DID Mapping Summary ’s Add icon to view the screen as shown. Figure 314 Add DDI/DID Number Enable [...]

  • Page 489

    Chapter 30 Outbound Trunk Gro up ISG50 User’s Guide 489 Each field is described in the following table. T able 168 Add DDI/DID Number LABEL DESCRIPTION DDI/DID Number Enter a DDI/DID nu mber which allows outside r s to call and reach an extension directly . The number of digits you can enter in th is field depends on what you set in the Represent[...]

  • Page 490

    Chapter 30 Outbound Trunk Group ISG50 User’s Guide 490 30.2.4 T rusted Peer T runk Add/Edit Use this screen to configure a trusted peer trunk. Click the Add or Edit icon in the Trust Peer Settings section of the Outbound Trunk Group configuration screen to view the screen as shown. Figure 315 T rusted Peer T runk Add/Edit[...]

  • Page 491

    Chapter 30 Outbound Trunk Gro up ISG50 User’s Guide 491 Each field is described in the following table. T able 169 Trusted Peer Trunk Ad d/Edit LABEL DESCRIPTION Tr u n k N a m e T ype the name of this trunk. This field can be 1- 30 alphanumeric ch ar acters (A- Z, a-z, 0- 9) and underscores (_). The firs t char acter must be a letter . Descripti[...]

  • Page 492

    Chapter 30 Outbound Trunk Group ISG50 User’s Guide 492 CallerI D Setting Configure this section to change the format of identification you want to send when you make V o IP phone calls. The default format is “From: “Extension”<Extension@Server IP>” . CallerID Viewer This field displays the caller ID format show n to the callees depe[...]

  • Page 493

    Chapter 30 Outbound Trunk Gro up ISG50 User’s Guide 493 30.2.5 T rusted Peer Auto Attendant and DDI Setup Use this screen to select which auto-attendant shou ld be used with this outbound line group. See Chapter 31 on page 50 3 for information on configuring auto-attendant. Y ou can also configure your Codec Setti ng Select the type of voice code[...]

  • Page 494

    Chapter 30 Outbound Trunk Group ISG50 User’s Guide 494 DID (Direct Inward Dialing) settings. In the the Outbound Trunk Group configur ation screen, select a trusted peer trunk and click the Auto-Attendant icon to view the screen as shown. Figure 316 T rusted Peer Au to Attendant and DDI Setup Each field is described in the following table. T able[...]

  • Page 495

    Chapter 30 Outbound Trunk Gro up ISG50 User’s Guide 495 30.2.6 Add/Edit FXO T runk The screens for editing or adding FXO trunks on th e ISG50 contain the same fields. Only the screen used to add FXO trunks is shown below . Click the Add (or Edit ) icon in the FXO Trunk section of the Outbound Trunk Group configuration screen to view the screen as[...]

  • Page 496

    Chapter 30 Outbound Trunk Group ISG50 User’s Guide 496 Each field is described in the following table. 30.2.7 FXO or BRI Auto Attendant Use this screen to select which auto-attendant shou ld be used with this outbound line group. See Chapter 31 on page 503 for information on configuring auto-attendant. In the Outbound Trunk Group configuration sc[...]

  • Page 497

    Chapter 30 Outbound Trunk Gro up ISG50 User’s Guide 497 Each field is described in the following table. 30.2.8 Add/Edit BRI T runk Use this screen to configure a BRI T runk. The fi elds vary depending on how the ISG50 handles incoming and outgoing calls y ou configured in the Option field. Click the Add icon in the BRI T able 172 AA for FXO or BR[...]

  • Page 498

    Chapter 30 Outbound Trunk Group ISG50 User’s Guide 498 Settings section of the Outbound Trunk Group configuration screen to view the screen as shown. Figure 319 BRI T runk - Add/Edit: AA Figure 320 BRI T runk - Add/Edit: MSN[...]

  • Page 499

    Chapter 30 Outbound Trunk Gro up ISG50 User’s Guide 499 Figure 321 BRI T runk - Add/Edit: DDI/DID[...]

  • Page 500

    Chapter 30 Outbound Trunk Group ISG50 User’s Guide 500 Figure 322 BRI T runk - Add/Edit: Direct Each field is described in the following table. T able 173 BRI Trunk Add/Edit LABEL DESCRIPTION General Settings Tr u n k N a m e T ype th e na me of thi s BR I i nt er fac e. Thi s f i eld can be 1-30 alphanum eric characters (A - Z , a-z, 0-9) and un[...]

  • Page 501

    Chapter 30 Outbound Trunk Gro up ISG50 User’s Guide 501 Ava il a bl e Interface Fo r DDI /DID , AA , and Direct , t his list displays the avai lable slots and ports on the ISG50. Click one slot and port and then click the Right icon if y ou want to add it to this outbound group. Used Interface For DDI/DID , AA , and Direct , this lis t displays t[...]

  • Page 502

    Chapter 30 Outbound Trunk Group ISG50 User’s Guide 502 30.2.9 Add BRI T runk DDI/DID Mapping Use this screen to add or edit DDI/DID mapping table entries. Click the Add icon in the DDI/DID Mapping Setting section of the BRI Trunk - Add configuration screen to view the screen as shown. Figure 323 Add BRI T runk DDI/DID Mapping Each field is descri[...]

  • Page 503

    ISG50 User’s Guide 503 C HAPTER 31 Auto-attendant 31.1 Overview This chapter shows you how to configure auto-attendant on the ISG50. An auto-attendant is softw are which acts as an automatic switchboard oper ator . Auto-attendants help route incoming calls to their proper extension. An auto-attendant is assigned to each outbou nd line group and i[...]

  • Page 504

    Chapter 31 Auto -attendant ISG50 User’s Guide 504 Default Auto-Attendant Structure The ISG50 comes with a default auto-attendant. Th e default auto- attendant simply prompts callers to enter the extension they wish to reach. Ther e is only one time when a caller has to make a decision. The following figure shows the default auto-attendant structu[...]

  • Page 505

    Chapter 31 Auto-a ttendant ISG50 User’s Guide 505 • Direct a call to an extension. “Dial 1 to reach the operator . ” • Direct a caller to the next menu. “Dial 2 to reach the sales department. ” • Allow the caller to listen to the current menu again. “Dial 3 to listen to this menu again. ” • Allow the caller to go back to the p[...]

  • Page 506

    Chapter 31 Auto -attendant ISG50 User’s Guide 506 Click Configuration > PBX > Outbound Line Management > Auto-Attendant to view the screen as shown next. Figure 328 Auto-A ttendant > Default Each field is described in the following table. T able 175 Auto-Attendant > Default LABEL DESCRIPTION Greeting Upload Audio Fil e Click Browse[...]

  • Page 507

    Chapter 31 Auto-a ttendant ISG50 User’s Guide 507 31.3 The Customized Auto-Attendant Screen Use this screen to view, add, edit or delete auto -attendants from the ISG50. T o access this screen, click Configuration > PBX > Outbound Line Ma nagement > Auto-Attendant > Customized . Figure 329 Auto-A ttendant > Customized Each field is[...]

  • Page 508

    Chapter 31 Auto -attendant ISG50 User’s Guide 508 31.3.1 The Add/Edit Auto-Attendant Screen Use this screen to add or edit an auto-a ttendant. T o access this screen, cl ick the Add or Edit icon in the Configuration > PBX > Outbound Line Managemen t > Auto-Attendant > Customized screen to view the screen as shown. Figure 330 Auto-A tt[...]

  • Page 509

    Chapter 31 Auto-a ttendant ISG50 User’s Guide 509 31.3.2 Auto Attendant Settings: Office Hours Use this screen to edit auto-attendant office hour settings. T o access this screen, click the Add or Edit icon in the Configuration > PBX > Outbound Line Management > Auto-Attendant > Customized screen and then click the Office Hour tab. Fi[...]

  • Page 510

    Chapter 31 Auto -attendant ISG50 User’s Guide 510 Auto-Attendant Audio Files Y ou can record your own custom auto- attendant messages. The audio files you record must meet the following criteria: • PCM format, 16 kHz, 16-bit, mon o mode (*.wav). • The total play time of all the AA audio files combi ned m ust be less than 30 minutes. Forw ard [...]

  • Page 511

    Chapter 31 Auto-a ttendant ISG50 User’s Guide 51 1 31.3.3 The Add/Edit Auto -Attendant Option Screen Use this screen to configure an option for an au to-attendant menu. T o access this screen, click the Add or Edit icon for an item in the office hour or night service Options list. Figure 332 Add/Edit Option Setting Each field is described in the [...]

  • Page 512

    Chapter 31 Auto -attendant ISG50 User’s Guide 512 31.3.4 The Auto-Attend ant Sub Menu Screen Use this screen to configure an option for an au to-attendant sub menu (child menu). T o access this screen, in the auto-attendant Office Hour or Night Service screen, select an option entry that displays sub-menu as the Action and click Add Child . Figur[...]

  • Page 513

    Chapter 31 Auto-a ttendant ISG50 User’s Guide 513 31.3.5 Auto Attendant Settings: Night Service Use this screen to configure Night Service settings for th is auto-attendant. Y ou only need to configure this screen if you w ant the auto- attendan t to perform different actions outside of regular office hours. In the Configuration > PBX > Out[...]

  • Page 514

    Chapter 31 Auto -attendant ISG50 User’s Guide 514 31.3.5.1 The Add/Edit Night Service Auto-Attendant Screen The Add/Edit Night Service Auto- Attendant screen is identical to the Add/Ed it Office Hours Auto- Attendant screen. See Section 31.3.3 on page 511 for details. Enable Dial Extension Number Select this to al low incoming cal ls to dial ex t[...]

  • Page 515

    Chapter 31 Auto-a ttendant ISG50 User’s Guide 515 31.3.6 Greeting Use this screen to set up custom auto-attendant messages. The Temporary Greeting can be played before the normal au to-attendant greeting. This can be used to broadcast special messages, such as spec ial operating hours for the office building (“W e’re sorry but the Acme Mail O[...]

  • Page 516

    Chapter 31 Auto -attendant ISG50 User’s Guide 516 Each field is described in the following table. 31.4 T echnical Reference The following section contains additional technica l information about the ISG50 features described in this chapter . How to Record Auto-Attendant Audio Files on Y our Computer Follow the steps in this section to record audi[...]

  • Page 517

    Chapter 31 Auto-a ttendant ISG50 User’s Guide 517 Note: Make sure you have a microphone connec ted to your computer or that y our system has an internal microphone (and that it is enabled). 1 Open your sound recording softw are (Sound Record er on Windows XP). From your desktop , click Start > All Programs > Accessories > En tertainmen t[...]

  • Page 518

    Chapter 31 Auto -attendant ISG50 User’s Guide 518 4 Specify the file format. In the Sound Selection window . Choose PCM in the Format field. Next, set the Attribut e s to 16,000 kHz, 16 Bit, Mono . Click OK when you are done. Figure 339 Audio File Settings 5 Confirm your settings. Specify a location for the audio file by browsing to a suitable lo[...]

  • Page 519

    ISG50 User’s Guide 519 C HAPTER 32 LCR 32.1 Overview This chapter shows you how to configure dialing rule s, also referred to as LCR (Least Cost Routing) on the ISG50. The following figure shows an example of two L CRs. LCR1 is composed of outbound line groups PSTN and ISDN along with the dial condition 01. (the period ( . ) is part of the dial c[...]

  • Page 520

    Chapter 32 LCR ISG50 User’s Guide 520 only has LCR1 assigned to it, so extensions that are part of Research cannot use outbound line group ITSP . Figure 342 LCR Components Example 32.1.1 What Y ou Can Do in this Chapter Use the LCR screen to configure settings for your dialing rules for outbound calls routing. See Section 32.2 on page 521 . 32.1.[...]

  • Page 521

    Chapter 32 LCR ISG50 User’s Guide 521 • Y o u have to define your o utbound dialing plan. For example, dial a number starting with “0” is for local calls, “200” is for international calls, “3” is a call to branch office, etc. • Y ou should define at least one outbound line group . See Section 30.2 on page 481 . 32.2 LCR Use this s[...]

  • Page 522

    Chapter 32 LCR ISG50 User’s Guide 522 Note: Only th e Add LCR screen is shown. In the Edit LCR screen, so me of the fields are read-only . Before you configure any dial conditions for an L CR, you must first configure a name for the LCR. Figure 344 Configuration > PBX > Outbound Line Management > L CR > Add Each field is described in [...]

  • Page 523

    Chapter 32 LCR ISG50 User’s Guide 523 32.2.2 Add/Edit LCR Dial Condition Use this screen to set up a di aling condition for an LCR. T o acc ess this screen, click the Add or Edit icon in the Dial Condition List section of the LCR screen you are configuring to view a screen as shown. Outbound Line Group Use this section to add or remove outbound l[...]

  • Page 524

    Chapter 32 LCR ISG50 User’s Guide 524 Note: Only the Add Dial Condition screen is shown. In the Edit Dial Condition screen, some of the fields are read-only . Figure 345 Configuration > PB X > Outbound Li ne Management > LC R > Add > Add Each field is described in the following table. T able 185 Configuration > PBX > Outbound[...]

  • Page 525

    Chapter 32 LCR ISG50 User’s Guide 525 Prefix S p e c i f y a n u m b e r w h i c h s h o u l d b e i n s e r t e d a t the beginning of the dialed number before it is sent out from the ISG50. Pos tf ix Specify a number which should be appended to the end of the dialed n umber before it is sent out from the ISG50. Dial Number This field displays t[...]

  • Page 526

    ISG50 User’s Guide 526 C HAPTER 33 Group Management 33.1 Overview This chapter shows you how to manage the ISG50’s authorit y groups and outbound line groups. Group management allows you to control the types of calls made via the ISG50. See the following figure for what you can configure in the group management. A - Y ou can allow or disallow a[...]

  • Page 527

    Chapter 33 Group Management ISG50 User’s Guide 527 33.1.1 What Y ou Can Do in this Chapter Use the Group Management screens to view and manage the associations for the authority and outbound line groups configured on the ISG50. See Section 33.2 on page 530 . 33.1.2 What Y ou Need to Know The following terms and concepts may help you as y ou read [...]

  • Page 528

    Chapter 33 Group Man agement ISG50 User’s Guide 528 and LCR2 (this could be an LCR for long distance calls via your V oIP service provider ITSP ). AG2 is associated with LCR1 only . In this case extensions belonging to AG1 can make calls via all outbound line groups, whereas extensions in AG2 are limited to calls to your local telephone company a[...]

  • Page 529

    Chapter 33 Group Management ISG50 User’s Guide 529 Note: Y ou must also configure aut o-attendant setting s before calls coming in from outside lines can call the extensions created on the ISG50. See Chapter 31 on page 503 . The following example shows a configuration with three outbound line groups. ITSP represents a SIP trunk to your V oIP serv[...]

  • Page 530

    Chapter 33 Group Man agement ISG50 User’s Guide 530 33.1.3 Before Y ou Begin Before you start to conf igure a group managemen t, you need to do the followin g. • Configure authority group(s). See Section 29.2 on page 458 . • Configure outbound line group(s) and the corresponding auto-attendant settings. See Section 30.2 on page 481 . 33.2 Gro[...]

  • Page 531

    Chapter 33 Group Management ISG50 User’s Guide 531 33.2.1 Edit Group Management Associations Use this screen to configure links from an author ity group or an outbound line group to authority groups, or LCRs configured on the ISG50. T o acce ss this screen, select the group you want to configure in the Configuration > PBX > Group Management[...]

  • Page 532

    ISG50 User’s Guide 532 C HAPTER 34 Call Services 34.1 Overview This chapter shows you how to configure and use ca ll services on the ISG50. There are a variety of call services that can be configured. 34.1.1 What Y ou Can Do in this Chapter •U s e t h e Auto Callb ack screen to configure the ISG50 to automatically call an extension once it beco[...]

  • Page 533

    Chapter 34 Call Services ISG50 User’s Guide 533 made from V oIP accounts to emergency dispatchers, but also provide information on the call’ s originating number and, usually , location information. However , this system still has disadvantages ov er traditional emergency call service. F or example, the physical location provided to the PSAP is[...]

  • Page 534

    Chapter 34 Call Services ISG50 User’s Guide 534 The following table describes the labels in this screen. 34.3 The Call Park Screen Call parking is similar to placing a call on hold. Th e difference is that you can pick the call up again from another telephone extension in your organization. The ISG50 allows you to configure a representative exten[...]

  • Page 535

    Chapter 34 Call Services ISG50 User’s Guide 535 34.3.1 Configuring the Call Park Screen Use this screen to configure ca ll parking on the ISG50. Click Configuration > PBX > Call Service > Call Park to open the screen. Figure 355 Configuration > PBX > Call Service > Call P ark The following table describes the labels in this scre[...]

  • Page 536

    Chapter 34 Call Services ISG50 User’s Guide 536 34.4 The Call W aiting Screen Call waiting allows y ou to put a present call on hold and answer a new call. When a second call comes in, the ISG50 sends a beep tone to you. Y ou can decide to ignore it or to switch to the second call using one of the following methods. • press the flash button on [...]

  • Page 537

    Chapter 34 Call Services ISG50 User’s Guide 537 However , for extensions for which you do not enable the call waiting feature, the following happens. Figure 357 The Flow to Check Whether The Receiv er Is Busy Or Not When B is busy , additional calls will hear a busy tone and then the ISG50 will handle the calls according to what you configured in[...]

  • Page 538

    Chapter 34 Call Services ISG50 User’s Guide 538 The following table describes the labels in this screen. 34.5 The Emerge ncy Call Screen The ISG50 allows you to specify and give higher pr iority to emergency calls to emergency services. Y ou can configure a list of emergency phon e numbers, for example police or fire department, on the ISG50. The[...]

  • Page 539

    Chapter 34 Call Services ISG50 User’s Guide 539 The following table describes the labels in this screen. 34.6 The Music on Hold Screen The ISG50 allows you to specify a music file to play when callers are placed on hold. This lets the callers know that they are still connected. Use this screen to customize the default music callers will hear when[...]

  • Page 540

    Chapter 34 Call Services ISG50 User’s Guide 540 Click Configuration > PBX > Call Service > Music On Hold to open the screen as shown. Figure 360 Configuration > PBX > Call Service > Music On Hold: The following table describes the labels in this screen. T able 195 Configuration > PBX > Call Service > Music On Hold LABEL[...]

  • Page 541

    Chapter 34 Call Services ISG50 User’s Guide 541 34.6.1 Add or Edit Custom Music On Hold Use this screen to create or edit a music on hold profile and upload an audio file to it. In the Configuration > PBX > Call Serv ice > Music On Hold screen, click Add or Edit to open the screen as shown. Figure 361 Add Customized Music on Hold The fol[...]

  • Page 542

    Chapter 34 Call Services ISG50 User’s Guide 542 34.7.1 Configuring the Call T ransfer Screen Use this screen to configure call transfer on the ISG50. Click Configuration > PBX > Call Service > Call Transfer to open the screen as following. Figure 362 Configuration > PBX > Call Service > Call T ransfer The following table describ[...]

  • Page 543

    Chapter 34 Call Services ISG50 User’s Guide 543 Each field is described in the following table. T able 198 Configuration > PBX > Call Service > Call Block LABEL DESCRIPTION Enable Anon ymous block Se lect this to block call s without caller ID from being r outed by the ISG50. Clear it to allow any incoming c alls routed by the ISG50. Bla[...]

  • Page 544

    ISG50 User’s Guide 544 C HAPTER 35 Call Recording 35.1 Overview Use the call recording feature to record all the calls going to or from specific extensions or trunks or let users record calls. This is useful if you need to monitor certain individuals’ calls. It is also useful for conference call recording, the administrato r may configure the I[...]

  • Page 545

    Chapter 35 Call Recording ISG50 User’s Guide 545 • The maximum call recording time depends on the stor age capacity o f the connected USB stor age device. • Once the IS G50 is recording the maximum numbe r of channels defined by the call recording license, it does not record additional concurrent calls. See Chapter 11 on page 229 . • The IS[...]

  • Page 546

    Chapter 35 Call Recording ISG50 User’s Guide 546 The following table describes the labels in this screen. T able 199 Configuration > PBX > Call Recording LABEL DESCRIPTION Quota Usage This bar displa ys what percentage of t he ISG50’ s call recording storage space is currently in use. When th e st orage space is almost full , you should c[...]

  • Page 547

    ISG50 User’s Guide 547 C HAPTER 36 Meet-me Conference The ISG50 allows you to set up specific extension numbers which callers can dial to join a conference call. This type of extension is referred to as a conference room number . Y ou can restrict the number of callers that can join the conference call. Y ou can also specify a PIN (Personal Ident[...]

  • Page 548

    Chapter 36 Meet-me Conference ISG50 User’s Guide 548 Note: The screen for editing an existing co nference room has the same fields as the screen shown below . Y ou can access the Conference Room Edit screen b y clicking the Edit icon in the Conference Room List screen. Figure 366 Conference R oom Add The following table describes the labels in th[...]

  • Page 549

    ISG50 User’s Guide 549 C HAPTER 37 Paging Group 37.1 Overview This chapter shows you how to create and manage paging groups on the ISG50. Paging groups are sets of extensions through which a caller can ma ke a one- way announcement by dialing a single number . It works much like a public address system. A caller wanting to make an announcement di[...]

  • Page 550

    Chapter 37 Paging Group ISG50 User’s Guide 550 Each field is described in the following table. 37.2.1 The Add/Edi t Paging Group Screen The screens for editing or adding page groups on the ISG50 contain the sam e fields. Only the screen used to add page groups is shown below. Click the Add (or Ed it ) icon in the Paging Group configuration screen[...]

  • Page 551

    Chapter 37 Paging Group ISG50 User’s Guide 551 Each field is described in the following table. T able 203 Add Paging Group LABEL DESCRIPTION Pag in g N um be r T ype the number you have to dial to call the extensions in this page group. This number can be from 3 to 10 digits long. PIN Code T ype the password you have to dial to call the extension[...]

  • Page 552

    Chapter 37 Paging Group ISG50 User’s Guide 552[...]

  • Page 553

    ISG50 User’s Guide 553 C HAPTER 38 ACD 38.1 Overview This chapter shows you how to configure Automatic Call Distribution (ACD). ACD utilizes Skill-Based R outing (SBR), which allows you to distribute incomi ng calls to specific groups of phones based on assigned skills. When the ISG50 receives an incoming call, the auto-attendant presents the cal[...]

  • Page 554

    Chapter 38 ACD ISG50 User’s Guide 554 •U s e t h e Skill Menu screen to create menus that a caller can use while in the que ue waiting for an agent to respond. S ee Section 38.6 on pag e 564 . 38.1.2 What Y ou Need to Know The following terms and concepts may help you as y ou read through the chapter . Agent An agent is a member of an Automated[...]

  • Page 555

    Chapter 38 ACD ISG50 User’s Guide 555 1 Create at least 2 agent identities in the ACD system ( Section 38.3 on page 556 ) to ultimately receive incoming calls after they have been routed by the ISG50. Y ou can click Configuration > PBX > ACD > Agent to open this screen. 2 Define at least 1 skill in the ACD system ( Secti on 38 . 4 on pag[...]

  • Page 556

    Chapter 38 ACD ISG50 User’s Guide 556 38.2 The ACD Global Screen Use this screen to set the global “wrap up” time for each extension in the ACD system. This is how long the ISG50 waits before sending new calls to the agent. Click Configuration > PBX > ACD > ACD Global to open this screen. Figure 371 ACD > ACD Global Setting Each f[...]

  • Page 557

    Chapter 38 ACD ISG50 User’s Guide 557 Each field is described in the following table. 38.3.1 The Agent Settings Screen Use this screen to create or edit an agent’ s settings. Click either the Add or Edit icons in the Agent Li st screen to display the options as shown next. Figure 373 Agent List > Agent Setting Each field is described in the [...]

  • Page 558

    Chapter 38 ACD ISG50 User’s Guide 558 38.4 The Skill Screen This screen allows you to manage the ACD skills . It can also serve as a jumping off point for creating new ones or editing ones previously created. Click Configuration > PBX > ACD > Skill to open this screen. Figure 374 ACD > Skill List Each field is described in the followi[...]

  • Page 559

    Chapter 38 ACD ISG50 User’s Guide 559 38.4.1 The Add/Edit Skill Screen Use this screen to create or edit a skill. A skill a llows you to create rules for routing calls to a specific group of agents. Y ou can also manage ho w calls to those agents are handled in the event that one or more of them is not logged on, or en gaged in a conv ersation, a[...]

  • Page 560

    Chapter 38 ACD ISG50 User’s Guide 560 Each field is described in the following table. T able 208 Add Skill LABEL DESCRIPTION Skill Sett ing Number Enter the number to be dialed that uses this skil l. It can be any combi nat ion of 3~10 digits (0-9). No spaces, unde rscores, or hyph ens are allowed. When this screen is in Edit mode, this number ca[...]

  • Page 561

    Chapter 38 ACD ISG50 User’s Guide 561 W aiting Timeo u t Enter the duration in seconds (up to 9 9999) that the call t o the agents associated wit h the skill rings before timi ng out. Once a call times out, the action defi ned in Timeout Action applies. This timeout only appl ies to calls i n th e queue that have n ot yet been routed to a particu[...]

  • Page 562

    Chapter 38 ACD ISG50 User’s Guide 562 38.5 The Hunt Group Screen Use this screen to manage hunt groups on the ISG50. T o access this screen, click Configuration > PBX > ACD > Hunt Group . Figure 376 Configuration > PBX > ACD > Hunt Group Each field is described in the following table. Member This l ist indicates all membe rs who[...]

  • Page 563

    Chapter 38 ACD ISG50 User’s Guide 563 38.5.1 The Add/Edit Hunt Group Screen The screens for editing or adding Hunt groups on the ISG50 contain the same fields. Click the Add (or Edit ) icon in the Hunt Group configuration screen to view the screen as shown. Figure 377 Add Hunt Group Each field is described in the following table. T able 210 Add H[...]

  • Page 564

    Chapter 38 ACD ISG50 User’s Guide 564 38.6 The Skill Menu Screen This screen allows you to create menus that a calle r can use while in the queue waiting for an agent to respond. Skill menus are self-contained auto-attendants limited to the ACD system. Timeout Acti on If a call to an extension of the hunt gr oup times out, then this item defines [...]

  • Page 565

    Chapter 38 ACD ISG50 User’s Guide 565 For example, if a caller enters the queue for th e “English” skill but an English-speaking sales representative hasn’t yet picked up, he will period ically hear “Press 0 to exit. Press 3 for a Spanish- speaking representative. Press 4 for a French-speaking representative. Press 5 for a Russian- speaki[...]

  • Page 566

    Chapter 38 ACD ISG50 User’s Guide 566 Click either the Add or Edit icon in the Skill Menu screen to display the options as shown next. Figure 379 Add Skill Menu Each field is described in the following table. 38.6.2 Add/Edit Skill Menu Action Screen Use this screen to create or edit a skill menu action. T able 212 Add Skill Menu LABEL DESCRIPTION[...]

  • Page 567

    Chapter 38 ACD ISG50 User’s Guide 567 Click either the Add or Edit icons in the Skill Menu Add or Edit screen to display the options as shown next. Figure 380 Add Skill Menu Action Each field is described in the following table. T able 213 Add Skill Menu Action LABEL DESCRIPTION Code Select a k eypad code that a caller can press to engage the ass[...]

  • Page 568

    ISG50 User’s Guide 568 C HAPTER 39 Sound Files Y ou can upload sound files for different lan guage menus. Y ou can also 39.1 Overview This chapter shows you how to change the language menus and some system sounds. Y ou can also select the extension to record for creating audio files. 39.1.1 What Y ou Can Do in this Chapter •U s e t h e System S[...]

  • Page 569

    Chapter 39 Sound Files ISG50 User’s Guide 569 Click Configuration > PBX > Sound File to open this screen. Figure 381 Configuration > PBX > Sound File > S y stem Sound Each field is described in the following table. 39.2.1 The Add/Edit Soun d File Screen Use this screen to upload a language sound file. T able 214 Configuration > [...]

  • Page 570

    Chapter 39 Sound File s ISG50 User’s Guide 570 Click either the Add or Edit icon in the System Sound screen to displa y the options as shown next. Figure 382 Add System Sound File Each field is described in the following table. 39.3 The S pecific Sound File Screen This screen lists the specific PBX functions for which you can upload a customiz ed[...]

  • Page 571

    Chapter 39 Sound Files ISG50 User’s Guide 571 Each field is described in the following table. 39.3.1 The Add/Edit Soun d File Screen Use this screen to upload a language sound file. Click either the Add or Edit icon in the System Sound screen to displa y the options as shown next. Figure 384 Add System Sound File Each field is described in the fo[...]

  • Page 572

    Chapter 39 Sound File s ISG50 User’s Guide 572 Click Configuration > PBX > Soun d File > Record Peer to open this screen. Figure 385 Configuration > PBX > Sound File > R ecord Peer Each field is described in the following table. T able 218 Configuration > PBX > Sound File > Record Peer LABEL DESCRIPTION Default Record P[...]

  • Page 573

    ISG50 User’s Guide 573 C HAPTER 40 Auto Provision 40.1 Overview This chapter shows you how to set up auto provisioning for the ISG50’ s supported SIP clients. Auto provisioning allows administrators to co nfigure V oIP related settings on snom or snom- compatible SIP clients from a central location. Y o u can set up and maintain a configuration[...]

  • Page 574

    Chapter 40 Auto Provisi on ISG50 User’s Guide 574 How to Configure Auto Provisioning T ake the following steps to configure auto provisio ning for the V oIP devices on your network. See also Section 8.2 on page 141 for an auto provisioning tutorial. 1 Configure SIP extensions that the snom V oIP devices will use. See Chapter 29 on page 453 . 2 In[...]

  • Page 575

    Chapter 40 Au to Provision ISG50 User’s Guide 575 40.2 Auto Provision Setup Use this screen to screens to configure auto provisioning for the snom V oIP devices connected to the ISG50. This screen disp lays the mapping betw een SIP extensions and snom V oIP device’s MAC addresses. T o access this screen, click Configuration > PBX > Auto P[...]

  • Page 576

    Chapter 40 Auto Provisi on ISG50 User’s Guide 576 40.2.1 snom Batch Configuration XML File Here is an example of the snom batch configur ation XML file. Rem ov e Customiz ed Config Select a snom VoIP device extension and click the Remove Config icon to remove any custom configuration for it. View Conf ig File Sel ect a snom VoIP device extension [...]

  • Page 577

    Chapter 40 Au to Provision ISG50 User’s Guide 577 40.2.2 Auto Provision Edit Use this screen to set up the auto provisioning settings for a snom extension on the ISG50. T o access this screen, click Configuration > PBX > Auto Provisio n and then click the Ed it button for a snom device’ s extension. Figure 387 Configuration > PBX > [...]

  • Page 578

    Chapter 40 Auto Provisi on ISG50 User’s Guide 578 40.3 Auto Provision Advanced Screen Use this screen to configure the feature key setting s and firmware upgrade URLs for the snom V oIP devices connected to the ISG50. T o access this screen, click Configuration > PBX > Auto Provision > Au to Provision Ad vanced then click the snom Fe atu[...]

  • Page 579

    Chapter 40 Au to Provision ISG50 User’s Guide 579 Firmware Upgrade File Location Settings This list corresponds to the snom products supported by the ISG50. Enter the firmware upgr ade URL for the type of device. Y ou can find this URL and any other upgr ade information at the prod uct page on the offi cial snom website . Apply Click this to save[...]

  • Page 580

    Chapter 40 Auto Provisi on ISG50 User’s Guide 580[...]

  • Page 581

    ISG50 User’s Guide 581 C HAPTER 41 Voice Mail 41.1 Overview This chapter shows you how to set up voice mail for the ISG50’ s calls. V oice mail messages on the ISG50 are stored on the built-in flash memory of the ISG50. T o ensure that one user does not utilize a disproportionate amount of voice mail capacity , you can limit the per user voice [...]

  • Page 582

    Chapter 41 Voice Mail ISG50 User’s Guide 582 41.2 The V oice Mail Screen Use this screen to set up the voice mail settings on the ISG50. T o access this screen, click Configuration > PBX > Voice Mail . Figure 389 Configuration > PBX > V oice Mail Each field is described in the following table. T able 222 Configuration > PBX > Vo[...]

  • Page 583

    Chapter 41 Voi c e Ma il ISG50 User’s Guide 583 41.3 Accessing V oice Mail Users can access their personal voice mail system by dialing the feature code for voice mail followed by their extension number . The feature code for voice mail is configured in the Configuration > PBX > Global > Feature Cod e screen (see Section 27.3 on page 433[...]

  • Page 584

    Chapter 41 Voice Mail ISG50 User’s Guide 584 Personal V oice Ma il Main Flow The following figure describes the main flow in the personal v oice mail system. Figure 390 Personal V oice Mail Flow V oice Mail Feature Co de Enter Password Authenti cation Exit Failure Success V oice Mail Main V oice Message Change Folder As sista nce 1 2 * Exit # + E[...]

  • Page 585

    Chapter 41 Voi c e Ma il ISG50 User’s Guide 585 V oice Message Menu The following figure describes the Voice Message Menu . From Voice Mail Main , press number 1 on your phone keypad to enter this menu. The ISG50 will play you a new message. Then you can choose either one of the following options for the next action. Figure 391 Personal V oice Ma[...]

  • Page 586

    Chapter 41 Voice Mail ISG50 User’s Guide 586 Mail Box Options Menu The following figure describes the Mail Box Options Menu . From Voice Mail Main , press number 0 on your ph one keypad to enter this menu. This menu allows you to record your messages which are played for the initial greeting or when you (y our extension) is unav ailable, busy . F[...]

  • Page 587

    ISG50 User’s Guide 587 C HAPTER 42 Phonebook 42.1 Overview This chapter shows you how to set up a phonebook for the ISG50. There are two ways to set up a phone book on the ISG50. • Y ou can create an LDAP (Lightweight Direct ory Access Protocol) phonebook, which imports entries from an LDAP directory on your network. • Y ou can also create lo[...]

  • Page 588

    Chapter 42 Phone book ISG50 User’s Guide 588 42.1.3 Before Y ou Begin If you intend to configure the ISG50 to use an LDAP phonebook, you need the following information about the LDAP server on your network to issue an LDAP query from the ISG50: • LDAP Server IP address - this is the IP ad dress of the LDAP server you w a nt to query . • Po rt[...]

  • Page 589

    Chapter 42 Phoneb ook ISG50 User’s Guide 589 42.3 The LDAP Phon ebook Summary Screen Use this screen to view the phonebook entries re trieved from the LDAP database. T o access this screen, click Configuration > PBX > Phonebook > LDAP Phon eb ook . Figure 395 Configuration > PB X > Phonebook > LDAP Phonebook > Summary Each fi[...]

  • Page 590

    Chapter 42 Phone book ISG50 User’s Guide 590 the LDAP phonebook search filter . T o access this screen, click Configuration > PBX > Phonebook > LDAP Phonebook > Settings . Figure 396 Configuration > PB X > Phonebook > LDAP Phonebook > Settings Each field is described in the following table. T able 225 Configuration > PB[...]

  • Page 591

    Chapter 42 Phoneb ook ISG50 User’s Guide 591 42.5 The Local Phonebook Screen Use this screen to imp ort or export your loca l phonebook and manage the ISG50’s local phonebook entries. T o access this screen, click Configuration > PBX > Phonebook > Local Phonebook . Figure 397 Configuration > PB X > Phonebook > Local Phonebook [...]

  • Page 592

    Chapter 42 Phone book ISG50 User’s Guide 592 Each field is described in the following table. 42.5.1 Local Phoneb ook Add/Edit Screen The screens for editing or adding entries to the local phonebook contain the same fields. Only the screen used to add local phonebook entries is shown below. Use this screen to configure phonebook T able 226 Configu[...]

  • Page 593

    Chapter 42 Phoneb ook ISG50 User’s Guide 593 entries on the ISG50. Click the Add (or Edit ) icon in the Local Phonebook screen to view the screen as shown. Figure 398 Local Phonebook Add/Edit Screen Each field is described in the following table. T able 227 Local Phonebook Add/Edit Screen LABEL DESCRIPTION Name Ty p e a Name value for this local [...]

  • Page 594

    Chapter 42 Phone book ISG50 User’s Guide 594[...]

  • Page 595

    ISG50 User’s Guide 595 C HAPTER 43 Office Hours 43.1 Overview This chapter shows you how to set the office hours for the ISG50. Y ou can use office hours to have the ISG50 deal with incoming calls differently at different times of da y and night. 43.1.1 What Y ou Can Do in this Chapter Use the Office H our screen to configure the da ys of the wee[...]

  • Page 596

    Chapter 43 Office Hours ISG50 User’s Guide 596 Note: The office hour configuration here is used as the default for all new extensions. T o customize office hours on a per-extension or per-authority group basis, you must go to those specific sc reens. F or more, see Chapt er 29 on page 453 . Figure 399 Configuration > PBX > Office Hour Each [...]

  • Page 597

    Chapter 43 Office Hours ISG50 User’s Guide 597 Edit Double-click an entry or select it and click Edit to modify it . Rem ov e T o remove an entry , select it and click Remove . The ISG50 confirms you want to remove it before doing so. # This field is a sequential value and is not associated with a specific entry . Date Enter a date in mm/dd forma[...]

  • Page 598

    Chapter 43 Office Hours ISG50 User’s Guide 598[...]

  • Page 599

    ISG50 User’s Guide 599 C HAPTER 44 User/Group 44.1 Overview This chapter describes how to set up user accounts, user groups, and user settings for the ISG50. Y ou can also set up rules that control when user s have to log in to the ISG50 before the ISG50 routes traffic for them . 44.1.1 What Y ou Can Do in this Chapter •T h e User screen (see S[...]

  • Page 600

    Chapter 44 User/Group ISG50 User’s Guide 600 Note: The de fa ult admin account i s always auth en ticated loc a ll y , reg ard le ss of the authentication method setting. (See Chapter 48 on page 631 for more information about authentication methods.) Ext-User Account s Set up an ext- user account if the user is authenticated by an external server[...]

  • Page 601

    Chapter 44 User/Group ISG50 User’s Guide 601 User A wareness By default, users do not ha ve to log into the IS G50 to use the network services it provides. The ISG50 automatically routes packets for everyone. If you want to restrict network services that certain users can use via the ISG50, you can require them to log in to the IS G50 first. The [...]

  • Page 602

    Chapter 44 User/Group ISG50 User’s Guide 602 44.2.1 User Add/Edit Screen The User Add/ Edit screen allows you to create a new user account or edit an existing one. 44.2.1.1 Rules for User Names Enter a user name from 1 to 31 char acters. The user name can only contain the following ch aracters: • Alphanum eric A-z 0-9 (there is no unicode s u p[...]

  • Page 603

    Chapter 44 User/Group ISG50 User’s Guide 603 The following table describes the labels in this screen. T able 231 Configuration > User/Group > User > Add LABEL DESCRIPTION User Name T ype the user name for this user account. Y ou may use 1-31 alphanumeric characters, underscores( _ ), or dashes (-), but the first char acter cannot be a nu[...]

  • Page 604

    Chapter 44 User/Group ISG50 User’s Guide 604 44.3 User Group Summary Screen User groups consist of access users and other user groups. Y ou cannot put admin users in user groups. The Grou p screen provides a summary of all user groups. In addition, this screen allows you to add, edit, and remove user groups. T o a ccess this screen, login to the [...]

  • Page 605

    Chapter 44 User/Group ISG50 User’s Guide 605 44.3.1 Group Add/Edit Screen The Group Add/Edit screen allows y ou to create a new user group or edit an existing one. T o access this screen, go to the Group screen (see Section 44.3 on page 604 ), and click either the Add icon or an Edit icon. Figure 403 Configuration > User/Group > Group > [...]

  • Page 606

    Chapter 44 User/Group ISG50 User’s Guide 606 T o access this screen, login to the W eb Configurator , and click Configuration > Object > User/ Group > Setting . Figure 404 Configuration > Object > User/Group > Setting The following table describes the labels in this screen. T able 234 Configuration > Object > User/Group &g[...]

  • Page 607

    Chapter 44 User/Group ISG50 User’s Guide 607 User T ype These are the kin ds of user account th e ISG5 0 supports. • admin - this user can look at and change the configuration of the ISG50 • limited-admin - this user can look at t he configur ation of the ISG50 but not to ch ange it • user - this user has access to the ISG50’s services bu[...]

  • Page 608

    Chapter 44 User/Group ISG50 User’s Guide 608 44.4.1 Default User Authenticati on T imeout Settings Edit Screens The Default Authentication Timeout Settings Edit screen allows you to set the default authentication timeout settings for the selected ty pe of user account. These default authentication timeout settings also control the settings for an[...]

  • Page 609

    Chapter 44 User/Group ISG50 User’s Guide 609 The following table describes the labels in this screen. 44.4.2 User A ware Login Example Access users cannot use the W eb Configurator to br owse the configur ation of the ISG5 0. Instead, after access users log into the ISG50, the following screen appears. Figure 406 W eb C onfigurator for No n-Admin[...]

  • Page 610

    Chapter 44 User/Group ISG50 User’s Guide 610 The following table describes the labels in this screen. 44.5 User /Group T echnical Reference This section provides some information on users wh o use an external authentication server in order to log in. Setting up User Attributes in an External Server T o set up user attributes, such as reauthentica[...]

  • Page 611

    Chapter 44 User/Group ISG50 User’s Guide 61 1 Creating a Large Number of Ext-User Account s If you plan to create a large number of Ext-User accounts, you might use CLI commands, instead of the W eb Configurator , to create the accounts. Extr act the user names from the LDAP or RADIUS server , and create a shell script that creates the user accou[...]

  • Page 612

    Chapter 44 User/Group ISG50 User’s Guide 612[...]

  • Page 613

    ISG50 User’s Guide 613 C HAPTER 45 Addresses 45.1 Overview Address objects can represent a single IP address or a range of IP addre sses. Address groups are composed of address objects and other address groups. 45.1.1 What Y ou Can Do in this Chapter •T h e Address screen ( Section 45.2 on page 613 ) provides a summary of all addresses in the I[...]

  • Page 614

    Chapter 45 Addresses ISG50 User’s Guide 614 The Addre ss screen provides a summary of all addresses in the ISG50. T o access this screen, click Configuration > Object > Address > Address . Click a column’ s heading cell to sort the table entries by that column’ s criteria. Click the heading cell again to reverse the sort order . Figu[...]

  • Page 615

    Chapter 45 Addresses ISG50 User’s Guide 615 The following table describes the labels in this screen. 45.3 Address Group Summary Screen The Address Group screen provides a summary of all address groups. T o access this screen, click Configuration > Object > Address > Address Group . Click a column’ s heading cell to sort the table entri[...]

  • Page 616

    Chapter 45 Addresses ISG50 User’s Guide 616 The following table describes the labels in this screen. See Section 45.3.1 on page 616 for more information as well. 45.3.1 Address Group Add/Edit Screen The Address Group Add/Edit screen allows you to create a new address group or edit an existing one. T o access this screen, go to the Address Group s[...]

  • Page 617

    Chapter 45 Addresses ISG50 User’s Guide 617 Member List The Member list disp lays the names of the address and address group objects that have been added to the address group. The order of members is not important. Select items from th e Available list that you want to be members and mo ve them to the Member li st. Y ou can double -click a single[...]

  • Page 618

    Chapter 45 Addresses ISG50 User’s Guide 618[...]

  • Page 619

    ISG50 User’s Guide 619 C HAPTER 46 Services 46.1 Overview Use service objects to define TCP applications, UD P applications, and ICMP messages. Y ou can also create service groups to refer to mult iple service objects in other features. 46.1.1 What Y ou Can Do in this Chapter •U s e t h e Service screens ( Section 46.2 on page 620 ) to view and[...]

  • Page 620

    Chapter 46 Services ISG50 User’s Guide 620 Service Object s and Service Group s Use service objects to define IP protocols. • TCP applications • UDP applications • ICMP messages • user-defined services (for other types of IP protocols) These objects are used in policy routes and firewall rules. Use service groups when you want to create t[...]

  • Page 621

    Chapter 46 Services ISG50 User’s Guide 621 T o access this screen, log in to the W eb Configurator , and click Configuration > Object > Service > Service . Click a column’ s heading cell to sort the tabl e entries by that column’ s criteria. Click the heading cell again to reverse the sort order . Figure 413 Configuration > Object[...]

  • Page 622

    Chapter 46 Services ISG50 User’s Guide 622 46.2.1 The Service Add/Edit Screen The Se rvice Add/Edit screen allows y ou to create a new service or edit an existing one. T o access this screen, go to the Service screen (see Section 46.2 on page 620 ), and click either the Add icon or an Edit icon. Figure 414 Configuration > Object > Service &[...]

  • Page 623

    Chapter 46 Services ISG50 User’s Guide 623 T o access this screen, log in to the W eb Configurator , and click Configuration > Object > Service > Service Group . Figure 415 Configuration > Object > Service > Service Group The following table describes the labels in this screen. See Section 46.3.1 on page 624 for more information[...]

  • Page 624

    Chapter 46 Services ISG50 User’s Guide 624 46.3.1 The Service Group Add/Edit Screen The Service Group Add/Edit screen allows you to create a new service group or edit an existing one. T o access this screen, go to the Service Group screen (see Section 46.3 on page 622 ), an d click either the Add icon or an Edit icon. Figure 416 Configuration >[...]

  • Page 625

    ISG50 User’s Guide 625 C HAPTER 47 Schedules 47.1 Overview Use schedules to set up one-time and recu rring schedules for policy routes and firewall rules. The ISG50 supports one-time and recurring schedules. One-time schedules are effective only once, while recurring schedules usually repeat. Both types of schedules are based on the current date [...]

  • Page 626

    Chapter 47 Schedul es ISG50 User’s Guide 626 47.2 The Schedule Summary Screen The Schedule summary screen provides a summary of all schedules in the ISG50. T o access this screen, click Configuration > Object > Schedule . Figure 417 Configuration > Object > Schedule The following table describes the labels in this screen. See Section [...]

  • Page 627

    Chapter 47 Schedules ISG50 User’s Guide 627 47.2.1 The One-T ime Schedule Add/Edit Screen The One-Time Schedule Add/Edit screen allows you to define a one-time schedule or edit an existing one. T o access this screen, go to the Schedule screen (see Section 47.2 on page 62 6 ), and click either the Add icon or an Edit icon in the One Time section.[...]

  • Page 628

    Chapter 47 Schedul es ISG50 User’s Guide 628 47.2.2 The Recurring Sc hedule Add/Edit Screen The Recurring Sche dule Add/Edit screen allows you to define a recurring schedule or edit an existing one. T o access this screen, go to the Schedule screen (see Section 47.2 on page 62 6 ), and click either the Add icon or an Edit icon in the Recurring se[...]

  • Page 629

    Chapter 47 Schedules ISG50 User’s Guide 629 StartTime Specify the hour and mi nute when the schedule begins each day . Hour - 0 - 23 Minute - 0 - 59 StopTime Specify the hour and m inute when the sche dul e ends each day . Hour - 0 - 23 Minute - 0 - 59 We e k l y W eek Days Select each day of the week the recurri ng sche dule is effective. OK Cli[...]

  • Page 630

    Chapter 47 Schedul es ISG50 User’s Guide 630[...]

  • Page 631

    ISG50 User’s Guide 631 C HAPTER 48 AAA Server 48.1 Overview Y ou can use a AAA (Authentication, Authorization, Accounting) server to provide access control to your network. The AAA server can be a Active Directory , LDAP , or RADIUS server . Use the AAA Server screens to cre ate and manage objects that contain settings for using AAA servers. Y ou[...]

  • Page 632

    Chapter 48 AAA Server ISG50 User’s Guide 632 user database that is limited to the memory capacity of the device. In essence, RADIUS authentication allows you to validate a large number of users from a central location. Figure 421 RADIUS Server Network Example 48.1.3 ASAS ASAS (Authenex Strong Au thentication System) is a RADIUS server that works [...]

  • Page 633

    Chapter 48 AAA Server ISG50 User’s Guide 633 • Directory Service (LDAP/AD) LDAP (Lightweight Directory Access Protocol)/AD (Act ive Directory) is a directory service that is both a directory and a protocol for controlling access to a network. The directory consists of a database specialized for fast information retriev al and filtering activiti[...]

  • Page 634

    Chapter 48 AAA Server ISG50 User’s Guide 634 Bind DN A bind DN is used to authenticate with an LDAP/AD serv er . For example a bind DN of cn=ISG50Admin allows the ISG50 to log into the LDAP/AD server using the user name of ISG50Admin . The bind DN is used in conjunction with a bind password. When a bind DN is not specified, the ISG50 will try to [...]

  • Page 635

    Chapter 48 AAA Server ISG50 User’s Guide 635 48.2.1 Adding an Active Directory or LDAP Server Click Object > AAA S erver > Active Directory (or LDAP ) to display the Active Directory (or LDAP ) screen. Click the Add icon or an Edit icon to display the following screen. Use this screen to create a new AD or LDAP entry or edit an existing one[...]

  • Page 636

    Chapter 48 AAA Server ISG50 User’s Guide 636 48.3 RADIUS Server Summary Use the RADIUS screen to manage the list of RADIUS servers the ISG50 can use in au thenticating users. Click Configuration > Object > AAA Server > RADIUS to display th e RADIUS screen. Figure 425 Configuration > Object > AAA Server > RADIUS Search time li mi[...]

  • Page 637

    Chapter 48 AAA Server ISG50 User’s Guide 637 The following table describes the labels in this screen. 48.3.1 Adding a RADIUS Server Click Configuration > Object > AAA Server > RADIUS to display the RADIUS screen. Click the Add icon or an Edit icon to display the following screen. Use this screen to create a new AD or LDAP entry or edit a[...]

  • Page 638

    Chapter 48 AAA Server ISG50 User’s Guide 638 The following table describes the labels in this screen. T able 252 Configuration > Object > AAA Serv er > RADIUS > Add LABEL DESCRIPTION Name E nter a descriptive name (up to 63 alph anumerical character s ) for identification purposes. Description Enter the de scription of each ser ver , [...]

  • Page 639

    ISG50 User’s Guide 639 C HAPTER 49 Authentication Method 49.1 Overview Authentication method objects set how the ISG50 authenticates wireless, HT TP/HT TPS clients, and peer IPSec routers (extended authentication) client s. Configure authentication method objects to have the ISG50 use the local user database, and/or the authentication serv ers an[...]

  • Page 640

    Chapter 49 Authenticati on Method ISG50 User’s Guide 640 4 Click OK to save the settings. Figure 427 Example: Using Authentication Method in VPN 49.2 Authentication Method Object s Click Configuration > Object > A uth. Method to display the screen as shown. Note: Y ou can create up to 16 authentication method objects. Figure 428 Configurati[...]

  • Page 641

    Chapter 49 Authentication Me th od ISG50 User’s Guide 641 49.2.1 Creating an Au thentication Method Object Follow th e steps below to create an authentication method object. 1 Click Configuration > Object > A uth. Method . 2 Click Add . 3 Specify a descriptive name for identification purposes in the Name field. Y ou may use 1-31 alphanumeri[...]

  • Page 642

    Chapter 49 Authenticati on Method ISG50 User’s Guide 642 Edit Double-cli ck an entry or select it and click Edit to o pen a screen where y ou can modify the entry’ s settings. Rem ov e T o remove an en try , se lect it and click Remove . The ISG 50 confirms you want to remove it before doi ng so. Move T o change a method’s position in the nu [...]

  • Page 643

    ISG50 User’s Guide 643 C HAPTER 50 Certificates 50.1 Overview The ISG50 can use ce rtificates (also called digital IDs) to aut henticate users. Certificates are based on public-priv ate key pairs. A certificate contains the certificate owner ’s identity and public k ey . Certificates provide a way to ex change public keys for use in authenticat[...]

  • Page 644

    Chapter 50 Certificates ISG50 User’s Guide 644 5 Additionally , Jenny uses her own priv ate key to sign a message and Tim uses Jenny’ s public key to verify the message. The ISG50 uses certificates based on public-key cryptology to authenticate users attempting to establish a connection, not to encrypt the data th at y ou send after establishin[...]

  • Page 645

    Chapter 50 Certificates ISG50 User’s Guide 645 • Binary PKCS#12: This is a format for tr ansferri ng public key and private ke y certificates.The private k ey in a PKCS #12 file is within a passw ord-encrypted envelope. The file’ s password is not connected to your certificate’ s public or private passwor ds. Exporting a PKCS #12 file creat[...]

  • Page 646

    Chapter 50 Certificates ISG50 User’s Guide 646 3 Double-click the certificate’ s icon to open the Certificate window. Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbp rint fiel ds. Figure 431 Certificate Details 4 Use a secure method to v erify that the cert ificate owner has the sa me information in the Thumbprin t [...]

  • Page 647

    Chapter 50 Certificates ISG50 User’s Guide 647 The following table describes the labels in this screen. T able 255 Configuration > Object > Certificate > My Certificates LABEL DESCRIPTION PKI Stor age Space in Use This bar displays the percentage of the ISG50’s PKI stor age space that is currently in use. When the stor age spac e is al[...]

  • Page 648

    Chapter 50 Certificates ISG50 User’s Guide 648 50.2.1 The My Certificates Add Screen Click Configuration > Object > Certifi cate > My Certificates and then the Add icon to open the My Certificates Add screen. Use this screen to have the ISG50 create a self -signed certificate, enroll a certificate with a certification authority or gener [...]

  • Page 649

    Chapter 50 Certificates ISG50 User’s Guide 649 The following table describes the labels in this screen. T able 256 Configuration > Object > Certificate > My Certificates > Add LABEL DESCRIPTION Name T ype a name to identify this certific ate. Y ou c an use up to 31 alphanumeric and ;‘~!@#$%^&() _+[]{}’ ,.=- characters. Subject[...]

  • Page 650

    Chapter 50 Certificates ISG50 User’s Guide 650 If you configured the My Certificate Create screen to have the ISG50 enroll a certificate and the certificate enrollment is not successful, you see a screen with a Return button that takes you back to the My Certificate Create screen. Click Return and check your information in the My Certificate Crea[...]

  • Page 651

    Chapter 50 Certificates ISG50 User’s Guide 651 50.2.2 The My Cert ificates Edit Screen Click Configuration > Object > Certifi cate > My Certificates and then the Edit icon to open the My Certificate Edit screen. Y ou can use this screen to vi ew in-depth certificate information and change the certificate’ s name. Figure 434 Configurati[...]

  • Page 652

    Chapter 50 Certificates ISG50 User’s Guide 652 The following table describes the labels in this screen. T able 257 Configuration > Object > Certificate > My Certificates > Edit LABEL DESCRIPTION Name This field displays the identifying name of this cer tificate. Y ou can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’ ,.=- c[...]

  • Page 653

    Chapter 50 Certificates ISG50 User’s Guide 653 50.2.3 The My Certif icates Import Screen Click Configuration > Object > Certifi cate > My Certificates > Import to open the My Certificate Impor t screen. F ollow the instructions in this screen to save an existing certificate to the ISG50. Note: Y ou can import a certificate that matche[...]

  • Page 654

    Chapter 50 Certificates ISG50 User’s Guide 654 The certificate you import replaces the corresponding request in the My Certificates screen. Y ou must remove any spaces from the certificate’ s filename before you can import it. Figure 435 Configuration > Object > Certificate > My Certificates > Import The following table describes th[...]

  • Page 655

    Chapter 50 Certificates ISG50 User’s Guide 655 as being trustworthy; thus you do not need to import any certificate that is sign ed by one of these certificates. Figure 436 Configuration > Object > Certificate > T rusted Certificates The following table describes the labels in this screen. T able 259 Configuration > Object > Certif[...]

  • Page 656

    Chapter 50 Certificates ISG50 User’s Guide 656 50.3.1 The T rusted C e rtificates Edit Screen Click Configuration > Object > Cert ific ate > Tru sted C ertif ic ates and then a certificate’ s Edit icon to open the Trusted Certificates Edit screen. Use this screen to view in-depth information about the certificate, change the certificat[...]

  • Page 657

    Chapter 50 Certificates ISG50 User’s Guide 657 The following table describes the labels in this screen. T able 260 Configuration > Object > Certificate > T ruste d Certificates > Edit LABEL DESCRIPTION Name This field displays the identif ying name of this certi ficate. Y ou can change the name. Y ou can use u p to 31 alphanumeric and[...]

  • Page 658

    Chapter 50 Certificates ISG50 User’s Guide 658 Issuer This field displays identifying information about the c ertificate’ s issuing certification authority , such as Common N ame, Organizat io nal Unit, Organization and Country . With self-signed cer ti ficates, thi s i s the same in formation as in the Subject Name field. Signature Algorithm T[...]

  • Page 659

    Chapter 50 Certificates ISG50 User’s Guide 659 50.3.2 The T rusted C ert ificates Import Screen Click Configuration > Object > Certificat e > Trusted Certificates > Import to open the Trusted Certificates Import screen. F ollow the instructions in this screen to sav e a trusted certificate to the ISG50. Note: Y ou mus t remove any spa[...]

  • Page 660

    Chapter 50 Certificates ISG50 User’s Guide 660[...]

  • Page 661

    ISG50 User’s Guide 661 C HAPTER 51 ISP Accounts 51.1 Overview Use ISP accounts to manage Internet Service Prov ider (ISP) account info rmation for PPPoE/PPTP interfaces. An ISP account is a profile of se ttings for Internet access using PPP oE or PPTP . Finding Out More •S e e Section 12. 4 on page 24 6 for information about PPPoE/PPTP interfac[...]

  • Page 662

    Chapter 51 ISP Accounts ISG50 User’s Guide 662 The following table describes the labels in this screen. See the ISP Account Add/Edit section below for more information as well. 51.2.1 ISP Account Add/Edit The ISP Account Add or Ed it screen lets you add information about new accounts an d edit information about existing accounts. T o open this wi[...]

  • Page 663

    Chapter 51 ISP Accounts ISG50 User’s Guide 663 The following table describes the labels in this screen. T able 263 Configuration > Object > ISP Account > Edit LABEL DESCRIPTION Profile Name This field is read-only if y ou are editing an exis ting account. T ype in the profile name of the ISP account. The profile name is used to refer to [...]

  • Page 664

    Chapter 51 ISP Accounts ISG50 User’s Guide 664 OK Click OK to sav e your changes back t o the ISG50. If there are no errors, the program returns to the ISP Account scre en. If there are errors, a message box explains the error , and the program stays in the IS P Ac co unt Edit screen. Cancel Click Cancel to return to the ISP Acco unt screen witho[...]

  • Page 665

    ISG50 User’s Guide 665 C HAPTER 52 System 52.1 Overview Use the system screens to configure general ISG50 settings. 52.1.1 What Y ou Can Do in this Chapter •U s e t h e System > Host Name screen (see Section 52. 2 on page 66 6 ) to configure a unique name for the ISG50 in your netwo rk. •U s e t h e System > USB Storage screen (see Sect[...]

  • Page 666

    Chapter 52 System ISG50 User’s Guide 666 52.2 Host Name A host name is the unique name by which a device is k nown on a network. Click Configuration > System > Host Name to open the Host Name screen. Figure 441 Configuration > System > Host Name The following table describes the labels in this screen. 52.3 USB S torage The ISG50 can u[...]

  • Page 667

    Chapter 52 System ISG50 User’s Guide 667 Click Configuration > System > USB Storage to open the screen as shown next. Figure 442 Configuration > System > USB Storage The following table describes the labels in this screen. 52.4 Date and T i me For effectiv e scheduling and logging, the ISG50 system time must be accurate. Th e ISG50’[...]

  • Page 668

    Chapter 52 System ISG50 User’s Guide 668 T o change your ISG50’ s time based on your local time zone and date, click Configuration > System > Date/Time . The screen displays as shown. Y ou can manually set the ISG50 ’ s time and date or have the ISG50 get the date and time from a time serv er . Figure 443 Configuration > System > [...]

  • Page 669

    Chapter 52 System ISG50 User’s Guide 669 Get from Time Serve r Select this radio bu tton to have the I SG50 get the time and date from the time server you specify below. The ISG50 requ ests time and date sett in gs from the time server under the followin g circ umstances. • When the ISG50 starts up. • When you click Apply or Synchronize Now i[...]

  • Page 670

    Chapter 52 System ISG50 User’s Guide 670 52.4.1 Pre-define d NTP Time Serv ers List When you turn on the ISG50 for the first time, the date and time start at 2003-01-01 00:00:00. The ISG50 then attempts to synchronize with one of the following pre-de fined list of Network Time Protocol (NTP) time servers. The ISG50 continues to use the following [...]

  • Page 671

    Chapter 52 System ISG50 User’s Guide 671 7 Click Apply . T o get the ISG50 date and time from a time server 1 Click System > Date/Time . 2 Select Get from T ime Server under Time and Date Setup . 3 Under Time Zone Setup , select y our Time Zone from the list. 4 As an option you can select the Enable Daylight Saving check box to adjust the ISG5[...]

  • Page 672

    Chapter 52 System ISG50 User’s Guide 672 52.6 DNS Overview DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, y ou must know the IP address of a machine before you can access it. 52.6.1 DNS Server Address Assignment The ISG50 can get the D[...]

  • Page 673

    Chapter 52 System ISG50 User’s Guide 673 The following table describes the labels in this screen. T able 269 Configuration > System > DNS LABEL DESCRIPTION Address/PTR Rec or d This record spe cifies the mappin g of a Fully-Qual ified Domain Name (FQDN) to an IP address. An FQDN consists of a host and domain name. For example, www.zyx el.co[...]

  • Page 674

    Chapter 52 System ISG50 User’s Guide 674 52.6.3 Address Record An address record contains the mapping of a Fully-Qualified Domain Name (FQDN) to an IP address. An FQDN consists of a host and doma in name. F or example, www.zyxel.com is a fully qualified domain name, where “www” is the host, “z yxel” is the second-level domain, and “com?[...]

  • Page 675

    Chapter 52 System ISG50 User’s Guide 675 52.6.4 PTR Record A PTR (pointer) record is also called a reverse record or a reverse lookup record. It is a mapping of an IP address to a domain name. 52.6.5 Adding an Address/PTR Record Click the Add icon in the Address/PTR Record table to add an address/ PTR record. Figure 447 Configuration > System [...]

  • Page 676

    Chapter 52 System ISG50 User’s Guide 676 52.6.7 Adding a Domain Zone Forwarder Click the Add icon in the Domain Zone Forwarder table to add a domain zone forw arder record. Figure 448 Configuration > System > DNS > Domain Z one Forw arder Add The following table describes the labels in this screen. 52.6.8 MX Record A MX (Mail eXchange) r[...]

  • Page 677

    Chapter 52 System ISG50 User’s Guide 677 be de li ve r ed to yo ur ma il s er ve r a n d v ic e v er s a. Ea c h h os t o r do ma in c an ha ve on ly o ne MX re c or d, that is, one domain is mapping to one host. 52.6.9 Adding a MX Record Click the Add icon in the MX Record table to add a MX record. Figure 449 Configuration > System > DNS &[...]

  • Page 678

    Chapter 52 System ISG50 User’s Guide 678 52.7 WWW Overview The following figure shows secure and insecure ma nagement of the ISG50 coming in from the WAN. HT TPS and SSH access are secure. HT TP and T elnet access are not secure. •S e e Section 6. 8.1 on page 104 for related information on these screens. Note: T o allow the ISG50 to be accessed[...]

  • Page 679

    Chapter 52 System ISG50 User’s Guide 679 E a c h u s e r i s a l s o f o r c e d t o l o g i n t h e I S G 5 0 f o r authentication again when the reauthentication time expires. Y ou can change the timeout settings in the User/Group screens. 52.7.3 HTTPS Y ou can set the ISG50 to use HTTP or HT TPS (HTTPS adds security) for W eb Configurator sess[...]

  • Page 680

    Chapter 52 System ISG50 User’s Guide 680 52.7.4 Configuring WWW Service Control Click Configuration > System > WWW to open the WWW screen. Use this screen to specify from which zones you can access the ISG50 using HT TP or HT TPS. Y ou can also specify which IP addresses the access can come from. Note: Admin Service Control deals with manag[...]

  • Page 681

    Chapter 52 System ISG50 User’s Guide 681 The following table describes the labels in this screen. T able 274 Configuration > System > WWW > Service Control LABEL DESCRIPTION HT TPS Enable Select the check box to al low or disallow the com puter with the IP addr ess that matches t he IP address(es) in the Service Contr ol table to access [...]

  • Page 682

    Chapter 52 System ISG50 User’s Guide 682 Enable Select the check box to al low or disallow the com puter with the IP addr ess that matches t he IP address(es) in the Service Contr ol table to access the ISG50 W eb Configur ator using HT TP connection s. Server Port Y o u may change the server port number for a service if needed, however you must [...]

  • Page 683

    Chapter 52 System ISG50 User’s Guide 683 52.7.5 Service Control Rules Click Add or Edit in the Service Cont rol table in a WWW , SSH , Telnet , FTP or SNMP screen to add a service control rule. Figure 453 Configuration > System > Service Control Rule > Edit The following table describes the labels in this screen. 52.7.6 Customizing the W[...]

  • Page 684

    Chapter 52 System ISG50 User’s Guide 684 displays after an access user logs into the W eb Configurator to access network services like the Internet. See Chapter 44 on page 599 for more on access user accounts. Figure 454 Configuration > System > WWW > Login Page[...]

  • Page 685

    Chapter 52 System ISG50 User’s Guide 685 The following figures identify the parts you can customize in the login and access pages. Figure 455 Login Page Customization Figure 456 Access Page Customization Y ou can specify colors in one of the following ways: • Click Color to display a screen of web-safe colors from which to choose. • Enter the[...]

  • Page 686

    Chapter 52 System ISG50 User’s Guide 686 • Enter a pound sign (#) followed by the six -d igit hexadecimal number th at represents the desired color . For example, use “#000000” for black. • Enter “rgb” followed by red , green, and blue va lues in parenthesis and separate by commas. F or example, use “rgb(0,0,0)” for black. Y our d[...]

  • Page 687

    Chapter 52 System ISG50 User’s Guide 687 52.7.7 HTTPS Example If you haven’t changed the default HT TPS port on the ISG50, then in your browser enter “https:// ISG50 IP Address/” as the web site ad dress where “ISG50 IP Address” is the IP address or d omain name of the ISG50 you wish to access. 52.7.7.1 Internet Explorer W arning Messag[...]

  • Page 688

    Chapter 52 System ISG50 User’s Guide 688 52.7.7.3 Login Screen After you accept the certificate, the ISG50 login scr een appears. The lock displayed in the bottom of the browser status bar denotes a secure connection. Figure 458 Login Screen (Internet Explorer) 52.7.7.4 Enrolling and Impor ting SSL Client Certifica tes The SSL client needs a cert[...]

  • Page 689

    Chapter 52 System ISG50 User’s Guide 689 52.7.7.4.1 Installing the CA ’s Certificate 1 Double click the CA ’s trusted certificate to produce a screen similar to the one shown next. Figure 460 CA Certificate Example 2 Click Install Certificate and follow the wizard as shown earlier in this appendix. 52.7.7.4.2 Installing Y our Personal Certifi[...]

  • Page 690

    Chapter 52 System ISG50 User’s Guide 690 1 Click Next to begin the wizard. Figure 461 Personal Certificate Import Wizard 1 2 The file name and path of the certificate you do uble-clicked should automatically appear in the File name text box. Click Browse if you wish to import a different certificate. Figure 462 Personal Certificate Import Wizard [...]

  • Page 691

    Chapter 52 System ISG50 User’s Guide 691 3 Enter the password given to you by the CA. Figure 463 Personal Certificate Import Wizard 3 4 Have the wizard determine where the certificate should be sav ed on y our computer or select Place all cert ificates i n the fo llowing st ore and choose a different location. Figure 464 Personal Certificate Impo[...]

  • Page 692

    Chapter 52 System ISG50 User’s Guide 692 5 Click Finish to complete the wizard and begin the import process. Figure 465 Personal Certificate Import Wizard 5 6 Y ou should see the following screen when the certificate is correctly installed on y our computer . Figure 466 Personal Certificate Import Wizard 6 52.7.7.5 Using a Certificate Wh en Acces[...]

  • Page 693

    Chapter 52 System ISG50 User’s Guide 693 2 When Authenticate Cli ent Certificates is selected on the ISG50, the following screen asks you to select a personal certificate to send to the ISG5 0. This screen displays even if you only have a single certificate as in the example. Figure 468 SSL Client Authentication 3 Y ou next see the W eb Configura[...]

  • Page 694

    Chapter 52 System ISG50 User’s Guide 694 following figure, computer A on the Internet uses S SH to securely connect to the WAN port of the ISG50 for a management session. Figure 470 SSH Communication Over the W AN Example 52.8.1 How SSH Works The following figure is an example of how a secure connection is estab lished between two remote hosts us[...]

  • Page 695

    Chapter 52 System ISG50 User’s Guide 695 3 Authentication and Data T ransmission After the identification is verified and data encr yption activated, a secure tunnel is established between the client and the server . The client th en sends its authentication information (user name and password) to the serv er to log in to the server . 52.8.2 SSH [...]

  • Page 696

    Chapter 52 System ISG50 User’s Guide 696 The following table describes the labels in this screen. 52.8.5 Secure T eln et Using SSH Examples This section shows two examples using a command interface and a gr aphical interface SSH client program to remotely access the ISG50. The configuration and connection steps are similar for most SSH client pro[...]

  • Page 697

    Chapter 52 System ISG50 User’s Guide 697 3 A window displays prompting you to store the host key in y ou computer . Click Yes to cont inue. Figure 473 SSH Example 1: Store Host K ey Enter the password to log in to the ISG50. The CLI screen displays next. 52.8.5.2 Example 2: Linux This section describes how to access the ISG50 us ing the OpenSS H [...]

  • Page 698

    Chapter 52 System ISG50 User’s Guide 698 52.9 T elnet Y ou can use T elnet to access the ISG50’s command line interface. Specify which zones allow T elnet access and from which IP address the access can come. 52.9.1 Configuring T elnet Click Configuration > System > TELNET to configure your ISG50 for remote T elnet access. Use this screen[...]

  • Page 699

    Chapter 52 System ISG50 User’s Guide 699 52.10 FTP Y ou can upload and download the ISG50’ s firmware and configuration files using FTP . T o use this feature, your computer must hav e an FTP client. Please see Chapter 55 on page 725 for more information about firmware and configuration files. 52.10.1 Configuring FTP T o change your ISG50’ s [...]

  • Page 700

    Chapter 52 System ISG50 User’s Guide 700 The following table describes the labels in this screen. 52.1 1 SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. Y our ISG50 supports SNMP agent functionality , which allows a manager station to manage and monitor the ISG50 through th[...]

  • Page 701

    Chapter 52 System ISG50 User’s Guide 701 one (SNMPv1) and version two (S NMPv2c). The next figure illustrates an SNMP management operation. Figure 478 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager . An agent is a management software module that reside s in a ma nag ed device (the ISG50[...]

  • Page 702

    Chapter 52 System ISG50 User’s Guide 702 52.1 1.1 Supported MIBs The ISG50 supports MIB II that is defined in RFC-1213 and RFC-1215. The ISG50 also supports private MIBs (ZYXEL -ES-SMI.mib and ZYXEL -ES_COMMON.mib) to collect information about CPU and memory usage and VPN total throughput. The focu s of the MIBs is to let administrators collect s[...]

  • Page 703

    Chapter 52 System ISG50 User’s Guide 703 The following table describes the labels in this screen. T able 281 Configuration > System > SNMP LABEL DESCRIPTION Enable Select the check box to allow or disallow the computer with the IP address that matches the IP addre ss(es) in the Service Control table t o access the ISG50 using this serv ic e[...]

  • Page 704

    Chapter 52 System ISG50 User’s Guide 704 52.12 Language Screen Click Configuration > System > Language to open the following screen. Use th is screen to select a display language for the ISG50’ s W eb Configurator screens. Figure 480 Configuration > System > Language The following table describes the labels in this screen. T able 28[...]

  • Page 705

    ISG50 User’s Guide 705 C HAPTER 53 Log and Report 53.1 Overview Use these screens to configure daily reporting and log settings. 53.1.1 What Y ou Can Do In this Chapter •U s e t h e Email Daily Re port screen ( Section 53.2 on page 705 ) t o configure where and how t o send daily reports and what reports to send. •U s e t h e Maintenanc e >[...]

  • Page 706

    Chapter 53 Log and Report ISG50 User’s Guide 706 Click Configuration > Log & Report > Email Daily Report to display the following screen. Configure this screen to have the ISG50 e-mail you system statistics every day . Figure 481 Configuration > Log & R eport > Email Daily Report[...]

  • Page 707

    Chapter 53 Log and Report ISG50 User’s Guide 707 The following table describes the labels in this screen. 53.3 Log Setting Screens The Log Setting screens control log messages and alerts. A log message stores the information for viewing (for example, in the View Log tab) or regular e -mailing later , and an alert is e-mailed immediately . Usually[...]

  • Page 708

    Chapter 53 Log and Report ISG50 User’s Guide 708 server names, etc.) for any log. Alternatively , if yo u want to edit what events is included in each log, you can also use the Ac t ive Log Summ ary screen to edit this information for all logs at the same time. 53.3.1 Log Setting Summary T o access this screen, click Configuration > Log & [...]

  • Page 709

    Chapter 53 Log and Report ISG50 User’s Guide 709 Log Format This field displays the format of the log. Intern al - system log; you can view t he log on the View Log tab. VRPT/Sysl og - ZyXEL ’s V antage Report, syslog-compatible format. CEF/Syslog - Common Event Format, s y slog-compatible format. Summary This field is a s ummary of the setting[...]

  • Page 710

    Chapter 53 Log and Report ISG50 User’s Guide 710 53.3.2 Edit System Log Settings The Log Settings Edit screen controls the detailed settings for each log in the system log (which includes the e-mail profiles). Go to the Log Settings Summary screen (see Section 53.3.1 on page 708 ), and click the system log Edit icon. Figure 483 Configuration >[...]

  • Page 711

    Chapter 53 Log and Report ISG50 User’s Guide 71 1 The following table describes the labels in this screen. T able 285 Configuration > Log & R eport > Log Setting > Edit (System Log) LABEL DESCRIPTION E-Mail Server 1/2 Active Select th is to send log messag es and al erts according to the information in this section. Y ou specify what[...]

  • Page 712

    Chapter 53 Log and Report ISG50 User’s Guide 712 E-mail Ser ver 2 Use th e E-Mail Server 2 drop-down list to change the settings for e-mailing logs to e-mail server 2 for all log categories. Using the System Log drop-down list to disa ble all logs overrides your e-mail server 2 settin g s. enable normal logs (green check mark) - e-mail log messag[...]

  • Page 713

    Chapter 53 Log and Report ISG50 User’s Guide 713 53.3.3 Edit Log on USB S torage Setting The Edit Log on USB Storage Set ting screen controls the detailed settings for saving logs to a connected USB storage device. Go to the Log Setting Summary screen (see Section 53.3.1 on page 708 , and click the USB storage Edit icon. Figure 484 Configuration [...]

  • Page 714

    Chapter 53 Log and Report ISG50 User’s Guide 714 Selection Select what information you want to lo g from each Log Category (except All Logs ; see below). Choices are: disable all logs (red X) - do not log any information from this category enable normal logs (green check mark) - log regular information and alerts from this category enable normal [...]

  • Page 715

    Chapter 53 Log and Report ISG50 User’s Guide 715 53.3.4 Edit Remote Server Log Settings The Log Settings Edit screen controls the detailed settings for each log in the remote server (syslog). Go to the Log Settings Summary screen (see Section 53.3.1 on page 708 ), and click a remote server Ed it icon. Figure 485 Configuration > Log & Repor[...]

  • Page 716

    Chapter 53 Log and Report ISG50 User’s Guide 716 The following table describes the labels in this screen. 53.3.5 Active Log Summary Screen The Active Log Summary screen allows you to view and to edit what information is included in the system log, e-mail profiles, and remote se rvers at the same time. It does not let you change other log settings[...]

  • Page 717

    Chapter 53 Log and Report ISG50 User’s Guide 717 names).T o access this screen, go to the Log Sett ings Summ ary screen (see Se ction 53 .3.1 on page 708 ), and click the Active Log Summary button. Figure 486 Active Log Summary This screen provides a different view and a different wa y of indicating which messages are included in each log and eac[...]

  • Page 718

    Chapter 53 Log and Report ISG50 User’s Guide 718 E-mail Server 1 Use the E-Mail Server 1 drop-down list to change the settings f or e-mailin g logs to e-m ail server 1 for all log categories. Using the System L og drop-down list to disable all logs overrides y our e-mail server 1 settings. enable normal logs (green check mark) - e-mail log mess a[...]

  • Page 719

    Chapter 53 Log and Report ISG50 User’s Guide 719 Remote Server 1~4 For e a c h r emo te se rv er , select what information yo u w ant to log from each Log Category (except All Logs ; see below). Choices are: disable all logs (red X) - do not log any information from this category enable normal logs (green check mark) - log regular information and[...]

  • Page 720

    ISG50 User’s Guide 720 C HAPTER 54 Call Detail Record (CDR) 54.1 Overview This chapter shows you how to collect and mana ge Call Detail R ecords (CDRs) on the ISG50. Call Detail R ecords (CDRs) are telephone records containing details such as the time of call, duration of call, source telephone number and so on. The ISG50 has a built in CDR datab[...]

  • Page 721

    Chapter 54 Call Detai l Record (CDR) ISG50 User’s Guide 721 CDR Dat abase Management via PostgreSQL Po stgreSQL is a database management system based on SQL (Structured Query Language). Y ou can configure a P ostgreSQL server to collect CD Rs from the ISG50 and expand the capacity of telephone records you can collect and review . 54.2 The CDR Con[...]

  • Page 722

    Chapter 54 Call Detail Record (CDR) ISG50 User’s Guide 722 Each field is described in the following table. 54.2.1 Configure Y our Remote Server The procedure to configure your remote server is as follows: 1 In the Report > LOGS > CDR > Configuration screen select Use remote server and click Download . 2 Save the cdr.sql file to your comp[...]

  • Page 723

    Chapter 54 Call Detai l Record (CDR) ISG50 User’s Guide 723 5 Move the cdr . sql file to “PostgreSQL installed di rectory”/bin and change to this directory and execute the following command: psql -h localhost -U sqlzyx el < cdr .sql 6 After the script is successfully applied, your P ostgreSQL server can work with the ISG50.[...]

  • Page 724

    Chapter 54 Call Detail Record (CDR) ISG50 User’s Guide 724[...]

  • Page 725

    ISG50 User’s Guide 725 C HAPTER 55 File Manager 55.1 Overview Configuration files define the ISG50’ s settings. Sh ell scripts are files of commands that you can store on the ISG50 and run when you need them. Y ou can apply a configuration file or run a shell script without the ISG50 restarting. Y ou can store mu ltiple configuration file s and[...]

  • Page 726

    Chapter 55 Fil e Manager ISG50 User’s Guide 726 These files have the same syntax, which is also identical to the w ay you run CLI commands manually . An example is shown below. While configuration files and shell scripts have the same syntax, the ISG50 applies configur ation files differently than it runs shell scripts. This is explained below . [...]

  • Page 727

    Chapter 55 File Manager ISG50 User’s Guide 727 Line 3 in the following exam ple exits sub command mode. Lines 1 and 3 in the following example are comments and line 4 exits sub command mode. Lines 1 and 2 are comments. Line 5 exits sub command mode. Errors in Configuration Files or Shell Script s When you apply a configur ation file or run a shel[...]

  • Page 728

    Chapter 55 Fil e Manager ISG50 User’s Guide 728 Configuration File Flow at Rest art • If there is not a startup-config.conf when you restart the ISG50 (whether through a management interface or by physically turning the power off and back on), the ISG50 uses the system-default.conf configur ation file with the ISG50’ s default settings. •I [...]

  • Page 729

    Chapter 55 File Manager ISG50 User’s Guide 729 The following table describes the labels in this screen. T able 291 Maintenance > File Manager > Configuration File LABEL DESCRIPTION Ren am e Use this button to ch ange the label of a configu ration file on the ISG50. Y ou can only rename manually saved configuration files. Y ou cannot rename [...]

  • Page 730

    Chapter 55 Fil e Manager ISG50 User’s Guide 730 Apply Use this but ton to have the IS G50 use a specif ic configuration file . Click a configuration file ’s row to select it and cl ick Apply to have the ISG50 us e that configuration file . The ISG50 does not have to restart in order to use a different configurat ion file , although y ou will ne[...]

  • Page 731

    Chapter 55 File Manager ISG50 User’s Guide 731 55.3 The Firmware Package Screen Click Maintenance > File Manager > Firmware Package to open the Firmware Package screen. Use the Firmware Package screen to check your current firmware v ersion and upload firmware to the ISG50. Note: The W e b Configurator is the rec ommended method for uploadi[...]

  • Page 732

    Chapter 55 Fil e Manager ISG50 User’s Guide 732 The firmware up date can take up to five minutes. Do not turn off or reset the ISG50 while the firmware update is in progress! Figure 493 Maintenance > File Manager > Firmware P ackage The following table describes the labels in this screen. After you see the Firmware Upload in Process screen,[...]

  • Page 733

    Chapter 55 File Manager ISG50 User’s Guide 733 After five minutes, log in again and check yo ur new firmware v ersion in the HOME screen. If the upload was not successful, the following messa ge appears in th e status bar at the bottom of the screen. Figure 496 Firmware Upload Error 55.4 The Shell Script Screen Use shell script files to have the [...]

  • Page 734

    Chapter 55 Fil e Manager ISG50 User’s Guide 734 Each field is described in the following table. T able 293 Maintenance > File Manager > Shell Script LABEL DESCRIPTION Ren am e Use th is button to chan ge the label of a shell script fi le on the ISG50. Y ou cannot renam e a shell script to the name of another shell script in the IS G50. Clic[...]

  • Page 735

    Chapter 55 File Manager ISG50 User’s Guide 735 Upload Shell Sc r ipt The bottom part of the screen allows you to upload a new or previously saved shell script file from your co mputer to y our ISG50. File Pat h T ype in the location of the f ile you wa nt t o upload in this field o r click Browse ... to find it. Browse... Click Browse... to find [...]

  • Page 736

    Chapter 55 Fil e Manager ISG50 User’s Guide 736[...]

  • Page 737

    ISG50 User’s Guide 737 C HAPTER 56 Diagnostics 56.1 Overview Use the diagnostics screens for troubleshooting. 56.1.1 What Y ou Can Do in this Chapter •U s e t h e Maintenance > Diagnostics screen (see Section 56.2 on page 737 ) to generate a file containing the ISG50’ s configuration and diagnostic information if y ou need to provide it to[...]

  • Page 738

    Chapter 56 Diagnostics ISG50 User’s Guide 738 The following table describes the labels in this screen. 56.2.1 The Diagnostics Files Screen Click Maintenance > Diagnostics > Files to open the diagnostic files screen. This screen lists the files of diagnostic information the ISG50 has co llected and stored in a connected USB stor age device. [...]

  • Page 739

    Chapter 56 Diagno stics ISG50 User’s Guide 739 56.3 The Packet Capture Screen Use this screen to capture network traffic going throu gh the ISG50’s interfaces. Studying these packet captures may help you identify network problems. Click Maintenance > Diagnostics > Packet Capture to open the packet capture screen. Note: New capture files o[...]

  • Page 740

    Chapter 56 Diagnostics ISG50 User’s Guide 740 Host Port This field is configurable when yo u set the IP Type to any , tcp , or udp . Specify the port number of traffic to capture. Continuously capture and overwrite old ones Sele ct this to have the ISG5 0 kee p capturing traffic and overwriting old packet capture entries when the available storag[...]

  • Page 741

    Chapter 56 Diagno stics ISG50 User’s Guide 741 56.3.1 The Packet Capture Files Screen Click Maintenance > Diagnostics > Packet Capture > File s to open the packet capture files screen. This screen lists the files of packet captures stored on the ISG50 or a connected USB storage device. Y ou can download the files to your computer where y[...]

  • Page 742

    Chapter 56 Diagnostics ISG50 User’s Guide 742 56.3.2 Example of V iew ing a Packet Captur e File Here is an example of a packet c apture file viewed in the Wireshark packet analyzer . Notice that the size of frame 15 on the wire is 1514 bytes while the captured size is only 15 00 bytes. The ISG50 truncated the frame because the capture screen’ [...]

  • Page 743

    Chapter 56 Diagno stics ISG50 User’s Guide 743 Click Maintenance > Diagnostics > Core Dump to open the following screen. Figure 505 Maintenance > Diagnostics > Core Dump The following table describes the labels in this screen. 56.4.1 Core Dump Files Screen Click Maintenance > Diagnostics > Core Dump > Files to open the core d[...]

  • Page 744

    Chapter 56 Diagnostics ISG50 User’s Guide 744 The following table describes the labels in this screen. 56.5 The System Log Screen Click Main tenance > Diagnostics > System Log to open the system log files screen. This screen lists the files of system logs stored on a conne cted USB stor age device. The files are in comma separated v alue (C[...]

  • Page 745

    ISG50 User’s Guide 745 C HAPTER 57 Packet Flow Explore 57.1 Overview Use this to get a clear picture on how the ISG50 determines whe re to forward a packet and how to change the source IP address of the packet according to your current settings. This function provides you a summary of all y our routing and SNA T settings and helps troubleshoot an[...]

  • Page 746

    Chapter 57 Packet Flow Explore ISG50 User’s Guide 746 Note: Once a packet matches the criteria of a routing rule, the ISG50 takes the corresponding action and does not perform any further flow checking. Figure 508 Maintenance > P acket Flow Explore > Routing Status (Direct R oute) Figure 509 Maintenance > P acket Flow Explore > Routin[...]

  • Page 747

    Chapter 57 Packet Flow Expl ore ISG50 User’s Guide 747 Figure 511 Maintenance > P acket Flow Explore > R outing Status (SitetoSite VPN) Figure 512 Maintenance > P acket Flow Explore > Routing Status (Dynamic VPN) Figure 513 Maintenance > P acket Flow Explore > Routing Status (Static -Dynamic Route)[...]

  • Page 748

    Chapter 57 Packet Flow Explore ISG50 User’s Guide 748 Figure 514 Maintenance > P acket Flow Explore > Routing Status (Defau lt WAN T runk) Figure 515 Maintenance > P acket Flow Explore > Routing Status (Main R oute) The following table describes the labels in this screen. T able 301 Maintenance > Packet Flow Explore > R outing S[...]

  • Page 749

    Chapter 57 Packet Flow Expl ore ISG50 User’s Guide 749 Metric This is the route’ s priority among the displayed routes. Flags This indicates additional information for th e route. Th e possible flags are: • A - this rou te is currently activated • S - this is a static route • C - this is a direct connected route • O - this is a dynamic [...]

  • Page 750

    Chapter 57 Packet Flow Explore ISG50 User’s Guide 750 57.3 The SNA T S t atus Screen The SNAT Status screen allows you to view and quickly link to specific source NA T (SNA T) settings. Click a function box in the SNAT Flow section, the related SNA T rules (activ ated) will display in the SNAT Table section. T o acce ss this screen, click Mainten[...]

  • Page 751

    Chapter 57 Packet Flow Expl ore ISG50 User’s Guide 751 Note: Once a packet matches the criteria of an SNA T rule, the ISG50 takes the corresponding action and does not perform any further flow checking. Figure 516 Maintenance > Pack et Flow Explor e > SNA T Status (Policy Route SNA T) Figure 517 Maintenance > Pack et Flow Expl ore > S[...]

  • Page 752

    Chapter 57 Packet Flow Explore ISG50 User’s Guide 752 The following table describes the labels in this screen. T able 302 Maintenance > Packet Flow Explore > SNA T Status LABEL DESCRIPTION SNA T Flow This se ction shows you the flow of how the ISG5 0 changes the source IP address for a packet according to the rules you hav e configured in t[...]

  • Page 753

    ISG50 User’s Guide 753 C HAPTER 58 Reboot 58.1 Overview Use this to restart the device (for example, if the device begins beha ving erratically). See also Section 1.7 on page 35 for information on different ways to start and stop th e ISG50. 58.1.1 What Y ou Need T o Know If you applied changes in the W eb configurator , these were saved automati[...]

  • Page 754

    Chapter 58 Reboo t ISG50 User’s Guide 754[...]

  • Page 755

    ISG50 User’s Guide 755 C HAPTER 59 Shutdown 59.1 Overview Use this to shutdown the device in preparation for disconnecting the power . See also Section 1.7 on page 35 for information on different ways to start and stop the ISG50. Always use the Maintenance > Shut down > Shut down screen or the “shut down” command before you tu rn off th[...]

  • Page 756

    Chapter 59 Shutdown ISG50 User’s Guide 756[...]

  • Page 757

    ISG50 User’s Guide 757 C HAPTER 60 Extension Portal 60.1 Overview Use the extension portal to make calls via the we b phone and manage settings for individual users. The extension portal is a HTML -based phone as well as a management tool that allows users to manage some of the settings related to their tele phone extension. Each extension create[...]

  • Page 758

    Chapter 60 Extension Portal ISG50 User’s Guide 758 •U s e t h e Call Recording screen to play back cal ls you re corded on your extension. See Section 60.6 on page 764 60.1.2 What Y ou Need to Know The following terms and concepts may help you as y ou read through the chapter . Extension Port al Login 1 Open Internet Explorer (the extension por[...]

  • Page 759

    Chapter 60 Extension Portal ISG50 User’s Guide 759 60.2 W eb Phone Use this screen to make calls from the we b phone. T o access this screen, click the Web Phone tab in the extension portal. Figure 525 We b P h o n e Each field is described in the following table. T able 303 Web Phone LABEL DESCRIPTION Phone Book Click th e Phone Book tab on the [...]

  • Page 760

    Chapter 60 Extension Portal ISG50 User’s Guide 760 60.3 Peer Info Use this screen to manage the passwords associated with your extension. T o access this scree n, click Peer info. Note: Some of the fi elds are not applicable for FXS extensions and do not display when analog phone users log into th e personal extension portal. Figure 526 Peer Info[...]

  • Page 761

    Chapter 60 Extension Portal ISG50 User’s Guide 761 60.4 Call Forw arding and Blocking Use this screen to set up call forwarding and call blocking rules for your extension. T o access this screen, click Forward/Block in the extension portal. Figure 527 For wa r d/ B l oc k[...]

  • Page 762

    Chapter 60 Extension Portal ISG50 User’s Guide 762 Each field is described in the following table. T able 305 Forward/Bloc k LABEL DESCRIPTION Call Forw ard Settings U se this section to configure call forw arding settings for your extension. Office Hour The ISG50 has separate rules for call forwardi ng during office hours than after office hours[...]

  • Page 763

    Chapter 60 Extension Portal ISG50 User’s Guide 763 60.5 V oice Mail Settings Use this screen to set up the voice mail settings for you r extension. T o access this screen, click the Voice Mail tab in the extension portal. Figure 528 Vo i c e M a i l No Answer For war d Select Disable to turn this feature off for this extension. Select Enable to f[...]

  • Page 764

    Chapter 60 Extension Portal ISG50 User’s Guide 764 Each field is described in the following table. 60.6 Call Recording Use this screen to play back calls you recorded on your extension. T o acce ss this screen, click the Call Recording tab in the extension portal. Figure 529 Call Recording Each field is described in the following table. T able 30[...]

  • Page 765

    ISG50 User’s Guide 765 C HAPTER 61 Troubleshooting This chapter offers some suggestions to solve problems you might encounter . • Y ou can also refer to the logs (see Chapter 10 on page 220 ). F or individual log descriptions, see the User’s Guide appendix Appendix A on page 775 . • For the order in which the ISG50 applies its features and [...]

  • Page 766

    Chapter 61 Troubleshooti n g ISG50 User’s Guide 766 • If you’ve forgotten the ISG50’ s IP address, yo u can use the commands through the console port to check it. Connect y our computer to the CONSOLE port using a console cable. Y our computer should have a terminal emulation communications progr am (such as HyperT erminal) set to VT100 ter[...]

  • Page 767

    Chapter 61 Troubl eshooting ISG50 User’s Guide 767 • The format of interface names other than the Ethe rnet interface names is very strict. Each name consists of 2-4 letters (interface type), followed by a number (x, limited by the maximum number of each type of interface ). For example, VL AN interfaces are vlan0, vlan1, vlan2, ...; and so on.[...]

  • Page 768

    Chapter 61 Troubleshooti n g ISG50 User’s Guide 768 • Make sure the cellular interface has the correct user name, password, and PIN code configured with the correct casing. • If the ISG50 has multiple WAN interfaces, make su re their IP addresses are on different subnets. I cannot configure a particular VLAN interface on top of an Ethernet in[...]

  • Page 769

    Chapter 61 Troubl eshooting ISG50 User’s Guide 769 • Y ou may need to configure the DDNS entry’ s IP Address setting to Auto if the interface has a dynamic IP address or there are one or more NA T routers between th e ISG50 and the DDNS server . • The ISG50 may not determine the proper IP addre ss if there is an HT TP proxy server between t[...]

  • Page 770

    Chapter 61 Troubleshooti n g ISG50 User’s Guide 770 • The ISG50’ s local and peer ID type and content must match the remote IPSec router’s peer and local ID type and content, respectively . • The ISG50 and remote IPSec router must use the same active protocol. • The ISG50 and remote IPSec router must use the same encapsulation. • The [...]

  • Page 771

    Chapter 61 Troubl eshooting ISG50 User’s Guide 771 The ISG50 automatically updates address objects ba sed on an interface’ s IP address, subnet, or gateway if the interface’s IP address settings ch ange. However , you need to manually edit any address objects for your LAN that are not based on the interface. I cannot get the RADIUS server to [...]

  • Page 772

    Chapter 61 Troubleshooti n g ISG50 User’s Guide 772 • Binary X.509: This is an ITU- T recommendation that defines the formats for X.509 certificates. • PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses lowercase letters, uppercase letters and numerals to convert a bina ry X.509 certificate into a printable form. • Binary P[...]

  • Page 773

    Chapter 61 Troubl eshooting ISG50 User’s Guide 773 The commands in my configur ation file or shell script are not working properly . • In a configuration file or shell script, use “#” or “! ” as the first character of a command line to have the ISG50 treat the line as a comm ent. • Y our configuration files or shell scripts can use ?[...]

  • Page 774

    Chapter 61 Troubleshooti n g ISG50 User’s Guide 774 61.1 Resetting the ISG50 If you cannot access the ISG50 by any method, try re starting it by turning the power off and then on again. If you still cannot access the ISG50 by any method or you forget the administrator password(s), you can reset the ISG50 to its factory-default settings. An y conf[...]

  • Page 775

    ISG50 User’s Guide 775 A PPENDIX A Log Descriptions This appendix provides descriptions of example log messages for the ISG50. The logs do not all apply to all of the ISG50s. Y ou will not necessarily see all of these logs in your device. The PBX call service logs deal with call service errors. T able 308 PBX Call Service Logs LOG MESSAGE DESCRIP[...]

  • Page 776

    Appendix A Log Descriptions ISG50 User’s Guide 776 The PBX supplemental service logs deal with supplemental service errors. The call was reject due to there are % memebrs in conference. Conference licenses have reached the maximu n number of %d. 1st %s: Conference license num ber The call was reject due to teher are % memebrs in conference room %[...]

  • Page 777

    Appendix A Log Descripti ons ISG50 User’s Guide 777 The PBX dialplan logs deal with dialplan information and errors.. T able 310 PBX Dialplan Logs LOG MESSAGE DESCRIPTION ACD agent %s called to extension %s has failed due to extension is busy. The call fail ed because the AC D agent was busy . 1st %s: Agent number 2nd %s: E xtension Num ber ACD a[...]

  • Page 778

    Appendix A Log Descriptions ISG50 User’s Guide 778 The call from extension %s was blocked due to no caller ID. A call from the sp ecified extensti on w as blocked because it did not provide caller ID. The call from extension was blocked due to caller id is in callee block list. A call was blocked because the cal le r ID is in the callee’s block[...]

  • Page 779

    Appendix A Log Descripti ons ISG50 User’s Guide 779 The incoming call dials number is an invalid number The incoming ca ll dialed an invalid number . The incoming call does not presses any number. The caller did not dial any numbe r in the Auto-Attendant menu before the time out period. The find-me list forward failed. There is no number configur[...]

  • Page 780

    Appendix A Log Descriptions ISG50 User’s Guide 780 Mobile extension %s logon failed. The inputing PIN code is incorrect. The listed mobile ext ension failed to log on bec ause the PIN cod e was not inp ut prope rly . 1st %s: Mobile extension numbe r Mobile extension %s logoff successfully. The li sted mobile exten sion logged off sucessfu lly . 1[...]

  • Page 781

    Appendix A Log Descripti ons ISG50 User’s Guide 781 The PBX SIP logs deal with SIP information and errors. T able 31 1 PBX SIP Logs LOG MESSAGE DESCRIPTION The call %s peer '%s' was rejected due to the call reaches the call limit of %d. The call was rejected be caure it exceeded t he call limit. 1st %s: Call direction, from or to 2nd%s:[...]

  • Page 782

    Appendix A Log Descriptions ISG50 User’s Guide 782 Call rejected due to SDP issue (Got "488 Not acceptable here"). There was an SDP proces sing error . Call rejected due to unacceptable codecs.. The call was rejected becaus e of unacceptable codecs ( received a 488 Not acceptable here SIP reply). Call rejected due to callee does not sup[...]

  • Page 783

    Appendix A Log Descripti ons ISG50 User’s Guide 783 Unknown SIP response. Response code: %d. Response method: %s. Address: %s. The ISG50 received an unknown SIP response. 1st %d: Response code 1st %s: R esponse method 2nd %s: Address Registration from extension '%s' failed for '%s'. Reason: %s. The listed extension’ s regist[...]

  • Page 784

    Appendix A Log Descriptions ISG50 User’s Guide 784 The PBX trunk logs deal with the SIP trunk being disconnected or reco vered. The PBX DSP logs deal with the Digital Signal P rocessor . The PBX physical port logs deal with the ISG50’ s phys ical PB X ports. T able 312 PBX Trunk Logs LOG MESSAGE DESCRIPTION The SIP trunk %s is disconnected. The[...]

  • Page 785

    Appendix A Log Descripti ons ISG50 User’s Guide 785 FXO port %u is down. The listed FXO port is offline. 1st %u: P ort number FXS initialization has succeeded. FXS module initiali zation succeeded. FXS initialization has failed. FXS module initializati on failed. T able 315 PBX Default Logs LOG MESSAGE DESCRIPTION Extension '%s' makes c[...]

  • Page 786

    Appendix A Log Descriptions ISG50 User’s Guide 786 Phonebook LDAP server Base DN is empty. The ISG5 0 tried to perform an au tomatic LDAP phone b o ok update and found that the LDAP server Base DN was not configured. LDAP phonebook refresh failed due to LDAP is not activate. The LDAP phonebook refresh failed because the LDAP serv er was not activ[...]

  • Page 787

    Appendix A Log Descripti ons ISG50 User’s Guide 787 The Z ySH logs deal with internal system errors. Failed login attempt to Extension Portal due to the extesion is blank An extension portal login attempt failed due to the extesion being blank. Extension [%s] has logged in Extension Portal The user of the spec ified extension {Extensi on Number} [...]

  • Page 788

    Appendix A Log Descriptions ISG50 User’s Guide 788 can't get reference count: %s! 1st:zysh list name can't print entry name: %s! 1st:zysh entry name Can't append entry: %s! 1st:zysh entry name Can't set entry: %s! 1st:zysh entry name Can't define entry: %s! 1st:zysh entry name %s: list is full! 1st :zysh list name Can&apo[...]

  • Page 789

    Appendix A Log Descripti ons ISG50 User’s Guide 789 T able 317 ADP Logs LOG MESSAGE DESCRIPTION from <zone> to <zone> [type=<type>] <message> , Action: <action>, Severity: <severity> The ISG50 detecte d an anomaly in traffic traveling between the specified zones. The <type> = {scan-dete ction(<attack&g[...]

  • Page 790

    Appendix A Log Descriptions ISG50 User’s Guide 790 T able 318 User Logs LOG MESSAGE DESCRIPTION %s %s from %s has logged in ISG50 A u ser logged into the IS G50. 1st %s: The ty pe of user account. 2nd %s: The user ’s user name. 3rd %s: The name of the s ervice the user is usin g (HTTP , HTTPS, FTP , T elnet, SSH, or console). %s %s from %s has [...]

  • Page 791

    Appendix A Log Descripti ons ISG50 User’s Guide 791 Failed login attempt to ISG50 from %s (reach the max. number of simultaneous logon) The ISG50 blocked a login beca use the maxi mum simultaneous login capacity for the administrator or access account has already been reached. %s: service na me User %s has been denied access from %s The ISG50 blo[...]

  • Page 792

    Appendix A Log Descriptions ISG50 User’s Guide 792 Trial service activation has failed. Because of lack must fields. The device receiv ed an incomplete response from the m yZyXEL.com server and it caused a parsing error for the device. Standard service activation has failed:%s. Standard service activ ation failed , this log will append an error m[...]

  • Page 793

    Appendix A Log Descripti ons ISG50 User’s Guide 793 Verify server's certificate has failed. Update stop. The device could not process an HT TPS connection becaus e it could not verify the myZ yXEL.com server 's certificate. The update has stopped. Send download request to update server has failed. The device’ s attempt to send a downl[...]

  • Page 794

    Appendix A Log Descriptions ISG50 User’s Guide 794 Expiration daily- check has failed:%s. The daily check for service expira tion failed, an err or message returned by the MyZ yXEL.com server will be appended to this log. %s: error message returned by myZ y XEL. com server Do expiration daily- check has failed. Because of lack must fields. The de[...]

  • Page 795

    Appendix A Log Descripti ons ISG50 User’s Guide 795 Certification verification failed: Depth: %d, Error Number(%d):%s. V erification of a server’ s certificat e failed while processing an HTTPS connection. This log identifies the reason for the fail ure. 1st %d: certi f icate chain level 2nd %d: error number %s: error message Certificate issuer[...]

  • Page 796

    Appendix A Log Descriptions ISG50 User’s Guide 796 [ID] : Tunnel [%s] Phase 2 Remote ID mismatch %s is the tunnel name . When negotiati ng Phase-2 and checking IPs ec SAs o r the ID i s IPv6 ID . [ID] : Tunnel [%s] Remote IP mismatch %s is the tunnel name. Wh en negotiating Phase-1, the peer tunnel IP did not match the secure gateway address in V[...]

  • Page 797

    Appendix A Log Descripti ons ISG50 User’s Guide 797 [SA] : Tunnel [%s] Phase 2 SA protocol mismatch %s is the tunnel name. W hen negotiating Phase-2, t he SA protocol did not match. [SA] : Tunnel [%s] SA sequence size mismatch %s is t he t unnel name. When negot iating Phase-2, the SA seque nce size did not match. [XCHG] exchange type is not IP, [...]

  • Page 798

    Appendix A Log Descriptions ISG50 User’s Guide 798 The cookie pair is : 0x%08x%08x / 0x%08x%08x Indicates the init iator/responder cookie pair . The IPSec tunnel "%s" is already established %s is the tunnel nam e. When dial ing a tunnel, the tunnel is already dialed. Tunnel [%s] built successfully %s is the tunnel name. The ph ase-2 tun[...]

  • Page 799

    Appendix A Log Descripti ons ISG50 User’s Guide 799 Tunnel [%s:%s] Sending IKE request The variables represent the phase 1 nam e and tunnel n a me . The device sent an IKE request. Tunnel [%s:0x%x] is disconnected The variables represent the tunnel name and the SPI of a tunnel that was disc onnected. Tunnel [%s] rekeyed successfully %s is the tun[...]

  • Page 800

    Appendix A Log Descriptions ISG50 User’s Guide 800 T able 322 Firewall Log s LOG MESSAGE DESCRIPTION priority:%lu, from %s to %s, service %s, %s 1st v ariable is the global index of rule, 2nd is the from zone, 3rd is the to z one, 4th is the se rvice name, 5th is ACCEPT/ DROP/ REJECT . %s:%d: in %s(): Firewall i s dead, trace to %s is wh ich file[...]

  • Page 801

    Appendix A Log Descripti ons ISG50 User’s Guide 801 T able 324 Policy Route Logs LOG MESSAGE DESCRIPTION Can't open bwm_entries Policy routin g can't activ ate BWM feature. Can't open link_down Policy routing can't dete ct link up/down status. Cannot get handle from UAM, user-aware PR is disabled User-aw are policy routing is [...]

  • Page 802

    Appendix A Log Descriptions ISG50 User’s Guide 802 Interface %s alive, related policy route rules will be re- enabled An interface came back up so the ISG5 0 will use the relat ed policy route ru les agai n. Interface %s dead, related policy route rules will be disabled An interface went down so the IS G50 will stop using the related policy route[...]

  • Page 803

    Appendix A Log Descripti ons ISG50 User’s Guide 803 TELNET port has been changed to port %s. An administrator changed th e port number for TELNET . %s is port number assigned by user TELNET port has been changed to default port. An administrator changed the port number for TELNET back to the default (23). FTP certificate:%s does not exist. An adm[...]

  • Page 804

    Appendix A Log Descriptions ISG50 User’s Guide 804 DNS access control rule %u has been appended An administ rator ap pended a new rule . %u is rule number DNS access control rule %u has been modified An administrator mo dified the rule %u. %u is rule number DNS access control rule %u has been deleted. An administrator re moved the rule %u. %u is [...]

  • Page 805

    Appendix A Log Descripti ons ISG50 User’s Guide 805 Access control rule %u of %s was appended. A new built-in service access control rule was appended. %u is the index of the access contro l rule. %s is HT TP/HTTPS/S SH/SNMP/FTP/TELNET . Access control rule %u of %s was inserted. An access co ntrol rule w as inserted succe ssfully . %u is the ind[...]

  • Page 806

    Appendix A Log Descriptions ISG50 User’s Guide 806 DHCP Server executed with cautious mode enabled DHCP Server executed with cautious mode ena bled. DHCP Server executed with cautious mode disabled DHCP Server executed with cautious mode disabled. Received packet is not an ARP response packet A packet was received but it is not an ARP response pa[...]

  • Page 807

    Appendix A Log Descripti ons ISG50 User’s Guide 807 NTP update failed The de vice was not able to synch r onize with the NTP ti me server successf ully . Device is rebooted by administrator! An administ rator restarte d the device. Insufficient memory. Cannot allocate syst em memory . Connect to dyndns server has failed. Cannot conn ect to member[...]

  • Page 808

    Appendix A Log Descriptions ISG50 User’s Guide 808 Update the profile %s has failed because the feature requested is only available to donators. Update profile failed because the fe ature requested is only av ailable to donators, %s is the profile name. Update the profile %s has failed because of error response. Update profile failed because the [...]

  • Page 809

    Appendix A Log Descripti ons ISG50 User’s Guide 809 DDNS profile %s has been renamed as %s. Rename DDNS profile, 1st % s is the original pr ofile name, 2nd %s is the new pr ofile name. DDNS profile %s has been deleted. Delete DDNS prof ile, %s is the pr ofile name , DDNS Initialization has failed. Initialize DDNS failed, All DDNS profiles are del[...]

  • Page 810

    Appendix A Log Descriptions ISG50 User’s Guide 810 The connectivity- check is activate for %s interface The link status of interface is still activ ate after check o f connectivity check process. %s: interfa ce name The connectivity- check is fail for %s interface The link status of interface is fa il after check of connectiv ity check process. %[...]

  • Page 811

    Appendix A Log Descripti ons ISG50 User’s Guide 81 1 The %s routing status seted ACTIVATE by connectivity-check The interface routing can forward packet. %s: interfa ce name The link status of %s interface is inactive The specified interface failed a con nec tivity check. T able 328 Routing Protocol Logs LOG MESSAGE DESCRIPTION RIP on all interfa[...]

  • Page 812

    Appendix A Log Descriptions ISG50 User’s Guide 812 RIP text authentication key has been deleted. RIP text authe ntication key has been de leted. RIP md5 authentication id and key have been deleted. RIP md5 authen tication id and k ey have been deleted. RIP global version has been deleted. RIP global version has been deleted. RIP redistribute OSPF[...]

  • Page 813

    Appendix A Log Descripti ons ISG50 User’s Guide 813 Invalid OSPF virtual- link %s authentication of area %s. Virtual-link %s authentication has been set to same -as-area but the area has invalid authentication co nfiguration. %s: Virtual-Link ID Invalid OSPF md5 authentication on interface %s. Invalid OSPF md5 authenticatio n is set on interface [...]

  • Page 814

    Appendix A Log Descriptions ISG50 User’s Guide 814 T able 330 PKI Logs LOG MESSAGE DESCRIPTION Generate X509certifiate "%s" successfully The router created an X509 format certificate with the spe cified name. Generate X509 certificate "%s" failed, errno %d The router was not able to create an X5 09 format certifica te with the[...]

  • Page 815

    Appendix A Log Descripti ons ISG50 User’s Guide 815 Import PKCS#7 certificate "%s" into "My Certificate" successfully The device imported a PKCS#7 format certificat e into My Certificates . %s is the certificate request name. Import PKCS#7 certificate "%s" into "Trusted Certificate" successfully The device [...]

  • Page 816

    Appendix A Log Descriptions ISG50 User’s Guide 816 T able 331 Certificate Path Verification Failure Reason Codes CODE DESCRIPTION 1 Algorithm mismatch bet ween the certif ica te and the search cons traints. 2 K e y usage mismatch between th e cert ificate and the se arch constraints. 3 Certificate was no t valid in the time in terval. 4 (Not used[...]

  • Page 817

    Appendix A Log Descripti ons ISG50 User’s Guide 817 Interface %s has been added. An administrator a dded a new interface. %s : interface name. Interface %s is enabled. An administrator enabled an interface. %s: interface name. Interface %s is disabled. An administrator di sabled an interface. %s: in terface name. %s MTU > (%s MTU - 8), %s may [...]

  • Page 818

    Appendix A Log Descriptions ISG50 User’s Guide 818 Interface %s connect failed: MS-CHAP authentication failed. MS-CHAP authenti cation failed (t he serv er must support MS-CHAP and verify that the au the ntication failed, this does n ot in clude cases where the serv er does not support MS-CHAP). %s: interface name. Interface %s connect failed: CH[...]

  • Page 819

    Appendix A Log Descripti ons ISG50 User’s Guide 819 "SIM card has been successfully unlocked by PUK code on interface cellular%d. Y ou entered the correct PUK code an d unlocked the SIM card fo r the cellular device associat ed with the listed cell ular interface (%d). "Incorrect PUK code of interface cellular%d. Please check the PUK co[...]

  • Page 820

    Appendix A Log Descriptions ISG50 User’s Guide 820 "Cellular device [%s %s] has been removed from %s. The cellular device (identified by its manufacturer an d mode l) has been removed from the specifie d slot. Interface cellular%d required authentication password.Please set password in cellular%d edit page. Y ou need to manually enter the pa[...]

  • Page 821

    Appendix A Log Descripti ons ISG50 User’s Guide 821 Configured interface name match reserved prefix. A reserved pre-fix was no t per mitted to be used i n an interface name. Duplicated interface name. A duplicate name was not pe rmitted f or an interface. This Interface can not be renamed. An interface’ s name cannot be changed. Virtual interfa[...]

  • Page 822

    Appendix A Log Descriptions ISG50 User’s Guide 822 name=%s,status=%s,TxP kts=%u, RxPkts=%u,Colli.=%u,T xB/s=%u, RxB/s=%u,UpTime=%s This log is sent to the VRPT server t o show the specified PPP/Cell ular interface’ s statis tics and uptime. The arguments re present the inte rface name, interface status, interface Tx packets, interface Rx packet[...]

  • Page 823

    Appendix A Log Descripti ons ISG50 User’s Guide 823 T able 335 Force Authentication Logs LOG MESSAGE DESCRIPTION Force User Authentication will be enabled due to http server is enabled. Force user authentication will be turned on because HTTP server w as turned on. Force User Authentication will be disabled due to http server is disabled. Force u[...]

  • Page 824

    Appendix A Log Descriptions ISG50 User’s Guide 824 T able 337 DHCP Logs LOG MESSAGE DESCRIPTION Can't find any lease for this client - %s , DH CP pool full! All of the IP addresses in the DH CP pool are already assigned to DHCP clients, so there is no IP address to give to the listed DHCP client. DHCP server offered %s to %s(%s) The DHCP ser[...]

  • Page 825

    Appendix A Log Descripti ons ISG50 User’s Guide 825 T able 339 IP-MAC Binding Logs LOG MESSAGE DESCRIPTION Drop packet %s- %u.%u.%u. %u- %02X:%02X:%02X:%02X: %02X:% 02X The IP-MAC binding feature dropped an Ethernet packet. The interface the packet came in throug h and the sender’s IP address and MAC address are also shown. Cannot bind ip-mac f[...]

  • Page 826

    Appendix A Log Descriptions ISG50 User’s Guide 826[...]

  • Page 827

    ISG50 User’s Guide 827 A PPENDIX B Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port number s, ICMP t ype/code numbers and services, visit the IANA (I nterne t Assigned Number Authority) web site. • Name : This is a short, descriptive name for [...]

  • Page 828

    Appendix B Common Services ISG50 User’s Guide 828 HT TP TC P 80 Hyper T ext T ransfer Protocol - a client/ server protocol for the worl d wide web. HT TPS TC P 443 HTTPS is a se cured http session often use d in e-commer ce . ICMP User-Defined 1 Internet Control Message Protocol is often used for diagnostic or routing purposes. ICQ UDP 4000 This [...]

  • Page 829

    Appendix B Common Services ISG50 User’s Guide 829 SMTP TCP 25 Simple Mail T ransfer Protocol is the message-exchange standard for the Internet. SMTP enab les y ou to move messages from one e-mail server to another . SNMP TCP /U D P 161 Simple Network Management Pro gram. SNMP- TRAPS TCP /U D P 162 T raps for use with t he SNMP (RFC:1215). SQL -NE[...]

  • Page 830

    Appendix B Common Services ISG50 User’s Guide 830[...]

  • Page 831

    ISG50 User’s Guide 831 A PPENDIX C Importing Certificates This appendix shows you how to import public key certificates into y our web browser . Public key certificates are used by web browsers to ensure that a secure web site is legitimate. When a certificate authority such as V e riSign, Comodo, or Network Solutions, to name a few , receives a [...]

  • Page 832

    Appendix C Importing Certificates ISG50 User’s Guide 832 1 If your device’ s W eb Configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification erro r . Figure 530 Internet Explorer 7: Certification Error 2 Click Continue to this website (not recommended) . Figure 531 Internet Explorer[...]

  • Page 833

    Appendix C Importing Certificates ISG50 User’s Guide 833 4 In the Certificate dialog box, click Install Cer t ificate . Figure 533 Internet Explorer 7: Certificate 5 In the Certificate Import Wizard , click Next . Figure 534 Internet Explorer 7: Certificate Import Wizard[...]

  • Page 834

    Appendix C Importing Certificates ISG50 User’s Guide 834 6 If you want Internet Explorer to Automatically select certificat e store based on the typ e of certificate , click Next again and then go to step 9. Figure 535 Internet Explorer 7: Certificate Import Wizard 7 Otherwise, select Place all certificates in the following store and then click B[...]

  • Page 835

    Appendix C Importing Certificates ISG50 User’s Guide 835 9 In the Completing the Certificate Import Wizard screen, click Finish . Figure 538 Internet Explorer 7: Certificate Import Wizard 10 If you are presented with another Security Warning , click Yes . Figure 539 Internet Explorer 7: Security W arning 11 Finally , click OK when presented with [...]

  • Page 836

    Appendix C Importing Certificates ISG50 User’s Guide 836 12 The next time you start Internet Explorer and go to a Z yXEL W eb Configurator page, a sealed padlock icon appears in the address bar . Click it to view the page’s Websit e Identification information. Figure 541 Internet Explorer 7: W ebsite Id entific ation Inst alling a St and-Alone [...]

  • Page 837

    Appendix C Importing Certificates ISG50 User’s Guide 837 2 In the security warning dialog box, click Open . Figure 543 Internet Explorer 7: Open File - Security W arning 3 Refer to steps 4-12 in the Internet Explorer procedure beginning on page 831 to complete the installation process. Removing a Certificate in Internet Explorer This section show[...]

  • Page 838

    Appendix C Importing Certificates ISG50 User’s Guide 838 2 In the Internet Options dialog box, click Content > Certificates . Figure 545 Internet Explorer 7: Internet Options 3 In the Certificates dialog box, click the Trusted Root Certif icates Authorities tab, select the certificate that you want to delete, and then click Remove . Figure 546[...]

  • Page 839

    Appendix C Importing Certificates ISG50 User’s Guide 839 4 In the Certificates confirmation, click Yes . Figure 547 Internet Explorer 7: Certificates 5 In the Root Certificate Store dialog box, click Yes . Figure 548 Internet Explorer 7: Root Certificate Store 6 The next time you go to the web site that issued the public key certificate you just [...]

  • Page 840

    Appendix C Importing Certificates ISG50 User’s Guide 840 2 Select Accept this certificate permanentl y and click OK. Figure 549 Firefox 2: W ebsite Certified by an Unknown Authority 3 The certificate is stored and you can now connect securely to the W eb Configurator . A sealed padlock appears in the address bar , which you can click to open the [...]

  • Page 841

    Appendix C Importing Certificates ISG50 User’s Guide 841 1 Open Firefox and click Tools > Options . Figure 551 Firefox 2: T ools Menu 2 In the Options dialog bo x, click Advanced > Encryption > View Certi ficates . Figure 552 Firefox 2: Options[...]

  • Page 842

    Appendix C Importing Certificates ISG50 User’s Guide 842 3 In the Certificate Manager dialog bo x, click Web Sites > Import . Figure 553 Firefox 2: Certificate Manager 4 Use the Select File dialog box to locate the certificate and then click Open . Figure 554 Firefox 2: Select File 5 The next time you visit the web site, click the padlock in t[...]

  • Page 843

    Appendix C Importing Certificates ISG50 User’s Guide 843 Removing a Certificate in Firefox This section shows you how to remov e a public key certificate in Firefox 2. 1 Open Firefox and click Tools > Options . Figure 555 Firefox 2: T ools Menu 2 In the Options dialog bo x, click Advanced > Encryption > View Certi ficates . Figure 556 Fi[...]

  • Page 844

    Appendix C Importing Certificates ISG50 User’s Guide 844 3 In the Certificate Manager dialog bo x, sele ct the Web Sites tab, select the certificate that you want to remov e, and then click Delete . Figure 557 Firefox 2: Certificate Manager 4 In the Delete Web Site Certificates dialog box, click OK . Figure 558 Firefox 2: Delete W eb Site Certifi[...]

  • Page 845

    Appendix C Importing Certificates ISG50 User’s Guide 845 2 Click Install to accept the certificate. Figure 559 Opera 9: Certificate signer not found 3 The next time you visit the web site, click the padlock in the address bar to open the Security information window to view the web page’ s security details. Figure 560 Opera 9: Security informati[...]

  • Page 846

    Appendix C Importing Certificates ISG50 User’s Guide 846 1 Open Opera and click Tools > Pref erences . Figure 561 Opera 9: T ools Menu 2 In Preferen ces , click Advanced > Security > Manage certificates . Figure 562 Opera 9: Preferences[...]

  • Page 847

    Appendix C Importing Certificates ISG50 User’s Guide 847 3 In the Certificat es Manager , click Authoriti es > Import . Figure 563 Opera 9: Certificate manager 4 Use the Import certificate dialog box to locate the certificate and then click Open. Figure 564 Opera 9: Import certificate[...]

  • Page 848

    Appendix C Importing Certificates ISG50 User’s Guide 848 5 In the Install authority certificate dialog box, click Install . Figure 565 Opera 9: Install authority certificate 6 Next, click OK . Figure 566 Opera 9: Install authority certificate 7 The next time you visit the web site, click the padlock in the address bar to open the Security informa[...]

  • Page 849

    Appendix C Importing Certificates ISG50 User’s Guide 849 1 Open Opera and click Tools > Pref erences . Figure 567 Opera 9: T ools Menu 2 In Preferen ces , Advanced > Security > Mana ge certific ates . Figure 568 Opera 9: Preferences[...]

  • Page 850

    Appendix C Importing Certificates ISG50 User’s Guide 850 3 In the Certificates manager , select the Authorities tab, select the certificate that you want to remove, and then click Delete . Figure 569 Opera 9: Certificate manager 4 The next time you go to the web site that issued the public key certificate you just remo ved, a certification error [...]

  • Page 851

    Appendix C Importing Certificates ISG50 User’s Guide 851 3 Click Forever when prompted to accept the certificate. Figure 571 K on queror 3.5: Server Authentication 4 Click the padlock in the address bar to open the KDE SSL Informati on window and vie w the web page’ s security details. Figure 572 K onqueror 3.5: KDE SSL Information Inst alling [...]

  • Page 852

    Appendix C Importing Certificates ISG50 User’s Guide 852 2 In the Certificate Import Result - Kleopatra dialog box, click OK . Figure 574 K onqueror 3.5: Certificate Import Result The public key certificate appears in the KDE certificate manager , Kle opatra . Figure 575 K onqueror 3.5: Kleopatra 3 The next time you visit the web site, click the [...]

  • Page 853

    Appendix C Importing Certificates ISG50 User’s Guide 853 1 Open Konqueror and click Settings > Configure Konqueror . Figure 576 K onqueror 3.5: Settings Menu 2 In the Configure dialog box, select Cryp to . 3 On the Peer SSL Certificates tab, select the certificate you want to delete and then click Remove . Figure 577 K onqueror 3.5: Configure [...]

  • Page 854

    Appendix C Importing Certificates ISG50 User’s Guide 854[...]

  • Page 855

    ISG50 User’s Guide 855 A PPENDIX D Legal Information Copyright Copyright © 2012 b y ZyXEL Communi cations Corpor ation. Th e co n te n ts o f t h is p ub l ic a t io n m a y n o t b e re p r od uc e d in a ny pa r t or as a w ho l e, t ra ns c ri b ed , st o re d in a re t ri e va l s y st e m, t r anslated into any language, or tr ansmitted in [...]

  • Page 856

    Appendix D Legal Info rmation ISG50 User’s Guide 856 Registration Register your product online t o receive e-ma il notices of firmware upgrades and inform ation at www.zyx el.com for global product s, or at www .us.zyxel.com fo r North Americ an products . Open Source Licenses This product contains in part some free software distribu ted under GP[...]

  • Page 857

    Index ISG50 User’s Guide 857 Index Symbols Numbers 3322 Dynamic DNS 317 3DES 387 3G 109 3G see also cellular 251 A AA 479 , 497 , 50 0 AAA Base DN 633 Bind DN 634 , 636 directory structure 633 Distinguished Name, see DN DN 633 , 634 , 635 , 636 password 636 port 635 , 638 search time limit 636 AAA server 631 AD 633 and users 600 directory service[...]

  • Page 858

    Index ISG50 User’s Guide 858 and SNMP 703 and SSH 696 and T elnet 699 and VPN connections 37 0 and WWW 683 HOST 613 RANGE 613 SUBNET 613 types of 613 where used 103 address record 674 admin user troubleshooting 771 admin users 599 multiple logins 607 see also users 599 ADP 41 1 base profiles 412 , 414 configuration o v erv iew 103 false negatives[...]

  • Page 859

    Index ISG50 User’s Guide 859 self-directory -traversal attack 426 truncated-address-header 427 truncated-header 426 , 427 truncated-options 426 truncated-timestamp-header 427 TTC P - d e t e c t e d 426 u-encoding 426 undersize-len 426 undersize-offset 426 UTF-8-encoding 426 audio files 532 , 533 for auto-attendant 510 recording 516 on hold 539 s[...]

  • Page 860

    Index ISG50 User’s Guide 860 bad-length-options attack 426 bandwidth 430 egress 256 ingress 256 bandwidth limit troubleshooting 768 bandwidth management and policy routes 297 interface, outbound, see interfaces maximize bandwidth usage 297 , 300 , 400 , 401 see also policy routes bare byte encoding 425 bare byte encoding attack 425 Base DN 633 ba[...]

  • Page 861

    Index ISG50 User’s Guide 861 CDR 720 aged file 720 backup results 223 executing SQL script 721 external server 721 local database 720 management 721 overview 720 Pos t g re S QL 721 query 225 , 227 remote server configuring procedure 722 types of files 720 CEF (Common Ev ent Format) 709 , 716 cellular 109 , 251 APN 255 band selection 257 interfac[...]

  • Page 862

    Index ISG50 User’s Guide 862 text file 141 configuration file troubleshooting 773 configuration files 725 at restart 728 backing up 727 downloading 729 downloading with FTP 699 editing 725 how applied 726 lastgood.conf 728 , 731 managing 727 not stopping or starting the device 36 startup-config.conf 731 startup-config-bad.conf 728 syntax 726 syst[...]

  • Page 863

    Index ISG50 User’s Guide 863 DiffServ 299 , 43 0 , 447 DiffServ C ode Point see DSCP digit handling 451 digital sampling 475 Digital Signature Algorithm public-key algorithm, see DSA direct pickup 433 direct routes 292 directory 631 directory service 631 file structure 633 directory trav ersal attack 425 directory trav ersals 425 disclaimer 855 D[...]

  • Page 864

    Index ISG50 User’s Guide 864 export phonebook 588 extended authentication and VPN gateways 370 IKE SA 391 extension portal 757 account settings 760 call forward and blocking 761 call recording 764 restrictions 760 voice mail 76 3 web phone dial 759 extensions 27 , 87 , 89 , 136 busy 532 call transfer 532 for analog phones 88 FXS 88 grouping 455 I[...]

  • Page 865

    Index ISG50 User’s Guide 865 forcing login 347 Foreign Ex change Office see FXO Foreign Ex change Subscriber see FXS forwarding calls 463 FQDN 674 fragmenting IPSec packets 371 FTP 699 additional signaling port 339 ALG 335 and address groups 700 and address objects 700 and certificates 700 and zones 700 signaling port 338 with T ransport Layer Se[...]

  • Page 866

    Index ISG50 User’s Guide 866 authenticating clients 679 avoiding warning messages 687 example 687 vs HTTP 679 with Internet Explorer 687 hunt group 562 HyperT ext T ransfer Protocol over Secure Socket Layer , see HTTPS I ICMP 619 datagram length 427 decoder 418 , 425 echo 423 flood attack 423 portsweep 422 Time Stamp header length 427 unreachable[...]

  • Page 867

    Index ISG50 User’s Guide 867 PPPoE/PPTP , see also PPPoE/PPTP interfaces. prerequisites 98 , 235 relationships between 235 static DHCP 278 subnet mask 276 trunks, see also trunks. types 234 virtual, see also virtual interfaces. VLAN, see also VLAN interfaces. where used 98 internal calls 89 routing 136 internal operator 433 internal telephone net[...]

  • Page 868

    Index ISG50 User’s Guide 868 Perfect F orward Secrecy (PFS) 392 proposal 392 remote policy 391 search by name 21 2 search by policy 212 Security Par ameter Inde x (SPI) (manual keys ) 393 see also IPSec see also VPN source NA T for inbound tr affic 394 source NA T for outbound tr affic 394 status 21 1 transport mode 392 tunnel mode 392 when IKE S[...]

  • Page 869

    Index ISG50 User’s Guide 869 search time limit 636 user attributes 610 Least Cost Routing see LCR least load first load balancing 28 3 LED troubleshooting 765 legacy PBX 28 license key 232 upgrading 232 licensing 229 Lightweight Directory Access Protocol see LDAP Lightweight Directory Access Protocol, see LDAP listening volume 450 load balancing [...]

  • Page 870

    Index ISG50 User’s Guide 870 ACD queue 219 BRI trunk 218 call recordings 222 CDR backup 223 CTI peer 216 FXO trunk 217 FXS peer 214 SA 21 1 SIP peer 213 SIP trunk 215 monitor profile ADP 415 Motion Picture Experts Group see MPEG mounting rac k 31 MPEG 476 MPPE (Microsoft P oint-to-P oint Encryption) 663 MSCHAP (Microsoft Challenge-Hands hake Auth[...]

  • Page 871

    Index ISG50 User’s Guide 871 addresses and address groups 613 authentication method 639 certificates 643 for configuration 91 introduction to 91 schedules 625 services and service groups 619 users, user groups 599 obsolete-options attack 426 office hours 465 , 595 after hours 46 6 , 763 One- Time Password (OTP) 632 Online Certificate Status Proto[...]

  • Page 872

    Index ISG50 User’s Guide 872 adding 550 , 563 editing 550 , 563 PAP (P assword Authentication Protocol) 663 parking lot extension 534 parking, call 532 Password Authentication Protocol (PAP) 663 PBX 27 , 429 ACD queue 219 BRI trunk monitor 218 call recording 764 call recordings 222 CTI peer 216 FXO trunk monitor 217 FXS peer monitor 214 global se[...]

  • Page 873

    Index ISG50 User’s Guide 873 subnet mask 276 PPPoE 279 and RADIUS 279 TCP port 1723 279 PPPoE/PPTP interfaces 23 4 , 246 and ISP accounts 24 7 , 661 basic characteristics 234 gateway 247 subnet mask 247 PPTP 279 and GRE 279 as VPN 279 precedence 447 priority 431 privileges 454 problems 765 product overview 28 product registration 856 protocol ano[...]

  • Page 874

    Index ISG50 User’s Guide 874 reports collecting data 201 configuration o v erv iew 105 daily 706 daily e-mail 706 specifications 203 traffic statistics 200 representative number 484 SIP trunk 484 reset 774 vs reboot 753 RESET button 36 , 774 restricting outgoing calls 455 resuming parked calls 532 RFC 1058 (RIP) 302 1389 (RIP) 302 1587 (OSPF area[...]

  • Page 875

    Index ISG50 User’s Guide 875 service groups 620 and firewall 363 and port triggering 297 where used 103 service objects 619 and firewall 620 and IP protocols 620 and policy routes 620 service subscription status 232 services 619 , 827 and firewall 363 and port triggering 297 where used 103 Session Initiation Protocol see SIP session limits 355 , [...]

  • Page 876

    Index ISG50 User’s Guide 876 SSL 679 stac compression 663 starting the device 35 , 36 startup-config.conf 731 if errors 728 missing at restart 728 present at restart 728 startup-config-bad.conf 728 static DHCP 344 static routes 290 and interfaces 298 and OSPF 306 and RIP 303 configuration o v erv iew 99 metric 299 prerequisites 99 statistics dail[...]

  • Page 877

    Index ISG50 User’s Guide 877 and OSPF 304 and remote management 354 and RIP 303 and service control 678 and VPN 770 global rules 354 see also firewall 35 4 token 632 tones 470 trademarks 855 traditional PBX 478 traffic forwarding 447 marking 447 traffic anomaly 41 1 , 415 traffic statistics 200 transferring call settings 542 T ransmission Control[...]

  • Page 878

    Index ISG50 User’s Guide 878 U UDP 619 decoder 418 , 425 decoy portscan 422 distributed portscan 422 flood attack 424 messages 619 port numbers 619 portscan 421 portsweep 422 u-encoding attack 426 u-law 470 undersize-len attack 426 undersize-offset attack 426 unreachables (ICMP) 42 2 upgrading firmware 731 licenses 232 uploading configuration fil[...]

  • Page 879

    Index ISG50 User’s Guide 879 Virtual Private Network, see VPN VLAN 259 advantages 260 and MAC address 260 ID 260 troubleshooting 768 VLAN interfaces 234 , 260 and Ethernet interfaces 261 , 768 basic characteristics 234 vocal synthesizer 475 voice codecs 468 , 470 , 475 voice coder/decoder 468 voice interfaces 448 voice mail 38 , 433 , 46 7 , 581 [...]

  • Page 880

    Index ISG50 User’s Guide 880 see also HTTP , HTTPS 123 , 680 Z zones 92 , 313 and firewall 354 , 362 and FTP 700 and interfaces 92 , 313 and SNMP 703 and SSH 696 and T elnet 699 and VPN 92 , 313 and WWW 683 block intra- zone traffic 316 , 361 configuration o v erv iew 99 default 93 extra- zone traffic 314 inter- zone traffic 314 intra- zone traff[...]