Vantage CNM 2.0

Centralized Network management Quick Start Guide

Version: 2.0.00.81.10

July 2004

QSG Overview

Introduction to Vantage... 4 Vantage Requirements.... 4 2.1 Vantage Server Requirements.. 4 2.2 Vantage Client Requirements... 4 2.3 ZyXEL device requirements.... 5 Vantage Installation Procedure... 6 3.1 Extracting Vantage... 7 3.2 Installation Wizard.... 9 Starting and Stopping Vantage... 23 4.1 Vantage Status Screen.... 24 Accessing Vantage... 25 5.1 IP Address.... 25 5.2 Login.... 25 5.3 Install Java Plug In.... 26 5.4 HTTPS Certificates... 28 5.5 Activate Vantage.... 29 MyZyXEL.com.... 31 6.1 A Note on Numbers.... 31 6.2 Login.... 32 6.3 Register Vantage... 33 6.4 Generate Keys to Activate Vantage... 36 6.5 Reinstall Vantage... 37 Uninstalling Vantage... 38

List of Figures

Figure 1 Extracting Vantage... 7 Figure 2 Extracting Vantage Icon.... 7 Figure 3 Vantage Pings Hostname... 8 Figure 4 Vantage CNM Logo.... 9 Figure 5 Wizard 1: Before You Begin... 10 Figure 6 Existing MySQL Server Detected... 10 Figure 7 Path Space Error.... 11
Figure 8 Select Folder.... 12 Figure 9 Existing syslog Found... 13 Figure 10 Configure the syslog Server Found... 14 Figure 11 Not Using the syslog Server Found... 16 Figure 12 Configure FTP Server.... 17 Figure 13 Configure Mail Server... 18 Figure 14 Configure Vantage Server Public IP Address... 19 Figure 15 Server Configuration Summary... 20 Figure 16 Pre-Installation Summary... 21 Figure 17 Vantage Installing.... 22 Figure 18 Install Complete... 23 Figure 19 Starting & Stopping Vantage... 24 Figure 20 Vantage Status.... 24 Figure 21 Security Alert.... 25 Figure 22 Login.... 26 Figure 23 Java Plug-in.... 26 Figure 24 Typical Plug-in Installation... 27 Figure 25 Plug-in Installing.... 28 Figure 26 Security Warning 1... 29 Figure 27 Security Warning 2... 29 Figure 28 Activate Vantage.... 30 Figure 29 Main Screen.... 31 Figure 30 myZyXEL.com Login Page... 32 Figure 31 E-Mail Subscription Notice... 33 Figure 32 Logged Into myZyXEL.com... 33 Figure 33 Product Registration.... 34 Figure 34 Add New Product.... 35 Figure 35 Product Registered.... 35 Figure 36 Product Service Management.... 36 Figure 37 Generate Keys to Activate Vantage... 37 Figure 38 Reinstall Product.... 38 Figure 39 Uninstall Folder... 38 Figure 40 Remove Vantage.... 39 Figure 41 Uninstall Wait.... 39 Figure 42 Uninstall Components.... 40 Figure 43 Uninstall Complete... 40
1 Introduction to Vantage
Vantage Centralized Network Management 2.0 (CNM) is a browser-based, management solution that allows you to easily configure, manage and monitor ZyXEL devices from any location. Vantage Centralized Network Management 2.0 will be referred to as Vantage CNM or simply Vantage in this document. This Quick Start Guide shows you to install and configure Vantage CNM on Redhat Linux 9.0. See Vantage CNM 2.0 Centralized Network management Quick Start Guide, version: 2.0.00.61.00 for information on how to install and configure Vantage CNM on Windows XP professional.

2 Vantage Requirements

2.1 Vantage Server Requirements
CPU RAM Hard Drive Operating System Intel Pentium 4, 2.6 GHz or faster 1GB or more 80GB Linux Redhat 9.0
2.2 Vantage Client Requirements
CPU RAM Web Browser Intel Pentium III, 450MHz or faster 256MB or more
Internet Explorer 6.0 or later
2.3 ZyXEL device requirements
Firmware This Vantage release can manage up to 300 ZyXEL devices. The ZyXEL device must have Vantage CNM-enabled firmware. At the time of writing, devices supported were ZyWALL 2, ZyWALL 2X, ZyWALL 5, ZyWALL 10W, ZyWALL 35, ZyWALL 70 and Prestige 652HW-31/33/37. For more details, see the Vantage software release notes. Please read the device release note carefully if you have to upload new device firmware. How to activate Vantage on a device using commands. Go to command mode (SMT menu 24.8 of most ZyXEL devices) and issue the following two commands: 1. Enable Vantage on the device by entering CNM active 1. 2. If the Vantage server is on the same subnet as the ZyXEL device enter "CNM ManagerIp x.x.x.x" on the ZyXEL device where x.x.x.x is the IP address (private or public) the Vantage server. If the Vantage server is on a different subnet to the ZyXEL device, enter "CNM ManagerIp x.x.x.x" on the ZyXEL device where x.x.x.x is the public IP address of the Vantage server. If the Vantage CNM server is on a different subnet to the ZyWALL and is behind a NAT router, enter the WAN IP address of the NAT router here and configure the NAT router to forward UDP port 1864 traffic to the Vantage CNM server. If the ZyXEL device is behind a firewall, you may have to create a rule on the firewall to allow UDP port 1864 traffic through to the Vantage CNM server (most (new) ZyXEL firewalls automatically allow this).

Encrypt traffic between Vantage and the device by doing the following: 1. Go to CI (Command Interface) mode (SMT 24.8 for devices with SMT menus) 2. Type 'CNM encrymode X' where X = 0 is no encryption, X =1 is DES encryption, X = 2 is 3DES encryption. The ZyXEL device must use the same encryption method as Vantage. 3.To set the encryption key (if X = 1 or 2) on the ZyXEL device, type 'CNM encrykey xxxxxxxxx' where xxxxxxxxx is the alphanumeric encryption key (0 to 9, a to z or A to Z) in the Vantage server. Type an eight-character alphanumeric (0 to 9, a to z or "A" to "Z") for DES encryption and a 24character alphanumeric for 3DES encryption. The ZyXEL device must use the same encryption key as Vantage How to activate Vantage on a device and encrypt traffic 1 using the web configurator. Log into the device web configurator, click Remote Management from the navigation panel and then click the CNM tab. Select Enable, enter the Vantage CNM Server (IP) Address and select an Encryption Algorithm and Encryption Key if desired. o o o The Vantage CNM server is down. The Vantage CNM server IP address is incorrect. The Vantage CNM server is behind a NAT router or firewall that does not forward packets through to the Vantage CNM server. The encryption algorithms and/or encryption keys do not match between the ZyXEL device and Vantage.
The ZyXEL device will not be able to register with Vantage if:
3 Vantage Installation Procedure
Use the Vantage installation wizard to install Vantage CNM 2.0 server software. In each wizard screen, click Next to proceed to the next screen in the wizard, click Back to return to the previous screen or click Cancel to abort the installation and exit the wizard.
Not available at the time of writing
You should uninstall any previous versions of Vantage before beginning.

3.1 Extracting Vantage

1. 2. Insert the Vantage CD into the CD-ROM or download the Vantage software and save it to a folder, for example, /usr/Vantage-2.0. Navigate to this folder using the cd command and type the following to extract the Vantage files.

./Vantage_CNM_2_0.bin

(You may need to make the file executable first using chmod +x Vantage_CNM_2_0.bin)
Figure 1 Extracting Vantage Alternatively, double-click the Vantage_CNM_2_0.bin icon.
Figure 2 Extracting Vantage Icon 3. Vantage must be able to ping the hostname of your computer; otherwise you see the next screen.
Figure 3 Vantage Pings Hostname 4. The Vantage CNM logo appears briefly when extraction begins.
Figure 4 Vantage CNM Logo

3.2 Installation Wizard

5. The first wizard screen appears after successful extraction. You should uninstall any existing MySQL servers and remove the /etc/my.cnf directory. You should prepare all FTP, SMTP and syslog server IP addresses and login names/passwords (for syslog on Windows, you need a Telnet login name and password, for syslog on Linux, you need an SSH login name and password. You can configure these servers during the wizard installation or after you install Vantage in the System > Preferences > Servers screen.
Figure 5 Wizard 1: Before You Begin If a MySQL server is detected, you see the following screen.
Figure 6 Existing MySQL Server Detected
6. Select a folder where you would like to install Vantage. Spaces in the folder name or path are not allowed.
Figure 3 Choose Installation Folder You will see an error screen as shown next if your installation folder or path has a space.
Figure 7 Path Space Error
7. The next screen asks you where you want to create a Vantage link or shortcut. After you install Vantage you will see a Launch Vantage icon in this folder.
Figure 8 Select Folder 8. You next configure a syslog server. syslog is a logging system that is used by most versions of UNIX. If Vantage finds an existing syslog server on your computer, you see the next screen asking you if this is the syslog server you wish to use. If not, choose No. See the Users Guide Appendices for examples of setting up syslog and FTP servers.
Figure 9 Existing syslog Found 9. If you choose Yes in Figure 9, you will then see the next screen. You must create a Telnet account set up on the syslog server. Vantage (on Linux) uses SSH (on Windows, Vantage uses Telnet) to communicate with the syslog server to instruct it to send files to an FTP server for retrieval. See the appendices in the Users Guide for details. Follow the instructions as shown in the screen.
Figure 10 Configure the syslog Server Found If you choose No in Figure 9, you will then see the next screen asking you to select the platform (Linux or Windows) on which the syslog server us running. Then click Next to continue to the screen shown in Figure 10. 10. The syslog server must be either a syslog server running on Linux or a Kiwi syslog server for Windows2 (see the Kiwi website for details). Vantage communicates with a Linux syslog server using SSH (Secure SHell), so you must enable the SSH daemon on the Linux syslog server. This allows the Linux syslog server to receive logs. For Vantage to receive logs from the Linux syslog server, you must do the following on the Linux syslog server: Find row:

/etc/syslog.conf

Add this row after it: At the time of writing, only these syslog servers are supported and they are not bundled with Vantage CNM 2.0.
local2.* /var/log/vantage.log
Modify the following row:
*.info;mail.none;authpriv.none;cron.none /var/log/messages
*.info;mail.none;authpriv.none;cron.none;local2.none /var/log/messages
Syslogd must support the "-r" option so you need to edit /etc/sysconfig/syslog as follows find the row,
SYSLOGD_OPTIONS=""

Modify it as follows:

SYSLOGD_OPTIONS="-r"
Then run "/etc/init.d/syslog stop" and "/etc/init.d/syslog start to restart syslog. Vantage communicates with a Windows (Kiwi) syslog server using Telnet, so you must enable Telnet on the Windows (Kiwi) syslog server (see the QSG for Vantage CNM on Windows). See the Users Guide appendices for information on setting up a Kiwi server on Windows.
Figure 11 Not Using the syslog Server Found 11. The next screen asks you configure an FTP server. The FTP server is used for syslog log file downloads to Vantage and firmware uploads from Vantage to ZyXEL device(s). Follow the instructions in the screen.
Figure 12 Configure FTP Server 12. The next screen asks you to configure a mail server. The mail server is used to send notifications. Follow the instructions in the screen.
Figure 13 Configure Mail Server 13. The next screen asks you to configure the Vantage server public address. This is the IP address that the ZyXEL devices use to communicate with Vantage. Follow the instructions in the screen. If Vantage is behind a NAT router, then you need to enter the public IP address (WAN) of the NAT router.
Figure 14 Configure Vantage Server Public IP Address 14. The next screen is a summary of the servers you configured in this wizard. Click Next to continue.
Figure 15 Server Configuration Summary 15. The next screen asks you to review everything you configured in this wizard before continuing. Click Install if everything is as intended.
Figure 16 Pre-Installation Summary 16. Wait while Vantage installs.
Figure 17 Vantage Installing 17. Vantage has installed successfully when you then see the next screen. It is recommended you restart your computer.
Figure 18 Install Complete
4 Starting and Stopping Vantage

1. 2. 3. Or

./start-graphic.sh
Navigate to the folder you saved Vantage (for example, /usr/Vantage-2.0) Go to ZYCNM_DEPLOY_BED/bin Type this command.

./start.sh

Go the link folder you created in the screen shown in Figure 8.
Figure 19 Starting & Stopping Vantage ii. Double-click the start.sh icon to launch Vantage (or the stop.sh icon to quit Vantage).
4.1 Vantage Status Screen
You see the following Vantage screen indicating the status (started or stopped) of Vantage. Use the Stop and Start buttons to exit or resume Vantage.

Figure 20 Vantage Status

5 Accessing Vantage

5.1 IP Address

1. From the Vantage client computer, open Internet Explorer 6 and type http://{Vantage server IP address}/vantage or simply http://{Vantage server IP address}. If the Vantage server and client is the same computer, you can enter localhost instead of the IP address. When the login screen appears, type root as Username, root as the Password (factory defaults) and then click OK. You may see a screen asking you if Windows should remember this password. If this is a shared computer, Windows should not remember your password. You may see another screen advising that this is a HTTPS connection. Click Yes to continue.

Figure 21 Security Alert

5.2 Login
4. Enter root for both username and password and then click OK. You should change your password after first login.

Figure 22 Login

5.3 Install Java Plug In
5. You may be asked to install a Java plug-in on the Vantage client computer. Install it. The Vantage server must be connected to the Internet to download the plug-in.

Figure 23 Java Plug-in

6. Click Typical and then click Next to begin the Java plug-in installation.
Figure 24 Typical Plug-in Installation 7. Wait for the Java plug-in to finish installing.
Figure 25 Plug-in Installing

5.4 HTTPS Certificates

8. HTTPS is used to access the Vantage server. A series of warning screens related to HTTPS certificate information appears. Click Yes (or Always) in each to continue.
Figure 26 Security Warning 1
Figure 27 Security Warning 2

5.5 Activate Vantage

9. The next screen eventually appears asking you to enter the Activation Key and Service Set Key generated at www.myZyXEL.com. See the myZyXEL.com section in this Quick Start Guide if you have not yet registered and activated Vantage there. Afterwards, enter these fields and then click Next to continue to the main screen.
Figure 28 Activate Vantage 10. See the Users Guide for more details on the Vantage main screen.

Figure 29 Main Screen

6 MyZyXEL.com
http://www.myZyXEL.com/is ZyXELs online services center where you must register Vantage and generate an Activation Key and Services Set Key that you enter in Figure 28.

6.1 A Note on Numbers

You need the following (unique) numbers to install and activate Vantage CNM.

Table 6-1 Numbers

Serial Number Authentication Code License Key Activation Key Service Set Key You need the serial number to install the Vantage CNM software. This is a unique number that is generated after you install Vantage. You need this number to register Vantage at myZyXEL.com. You need a license key to manage up to a specified number (see the license key envelope) of ZyXEL devices. The activation key is generated online at the myZyXEL.com (after you register Vantage) and is needed to activate Vantage. The Service Set Key is generated online at the myZyXEL.com (after you register Vantage) and is needed to activate Vantage.

6.2 Login

1. 2. Go to http://www.myZyXEL.com using your web browser. Create a new account (if you havent already one) with a user name and password by filling in an account registration form at myZyXEL.com.
Click here to create a new myZyXEL.com account.
Figure 30 myZyXEL.com Login Page
3. You will receive an e-mail from myZyXEL.com containing a hyperlink. You must paste this hyperlink into your web browser within three days in order to activate your account.
Figure 31 E-Mail Subscription Notice

6.3 Register Vantage

4. After you have created a myZyXEL.com account, log in and register Vantage by clicking the hyperlink as shown in the next screen.
Click here to register a new product.
Figure 32 Logged Into myZyXEL.com
5. Click Add in the next screen.

Click Add.

Figure 33 Product Registration 6. Enter the following information in the next screen and then click Register. o o Product serial number: This is a 12-digit number found on the Vantage CNM 2.0 product label. It identifies the model type within myZyXEL.com. Type the number exactly as shown on the label. Authentication Code: This is a generated number that is displayed after you install Vantage as shown in the screen in Figure 28. Type the information exactly as displayed or copy and paste it into the screen as shown in Figure 34; be careful to avoid pasting trailing spaces. Friendly Name: This is an alias you give the product to identify it.
Fill in these fields. Then click Register.

Figure 34 Add New Product 7. After you have registered Vantage, you can view it in the screen shown next.
This is the product you just registered. Click the name hyperlink.
Figure 35 Product Registered
6.4 Generate Keys to Activate Vantage
8. The product is now registered but not activated. You need to activate Vantage before you can use it to manage zyxel devices. Click the name hyperlink to display its details.
Click Transfer to change ownership of the product to another already registered myZyXEL.com
Click Activate to generate an Activation Key and Service Set Key.
Click Reinstall to reinstall Vantage CNM 2.0. You may do this up to three times.
Figure 36 Product Service Management 9. Click Activate to display the next screen. You use this screen to generate an Activation Key and Service Set Key. You need these keys to activate Vantage standard software, upgrade software or trial software.

Enter the license key.

Figure 37 Generate Keys to Activate Vantage 10. Enter the license key exactly as displayed on the label and click Submit. A screen then displays showing you the Activation Key and Service Set Key that you enter in Figure 28. The keys are also sent to your myZyXEL.com registered e-mail address.

6.5 Reinstall Vantage

If you reinstall Vantage, a new Authentication Code is generated. A new authentication code will not work with the previously myZyXEL.com-assigned Activation Key and Service Set Key, thereby disallowing the activation of the reinstalled Vantage. However, using myZyXEL.com, you are allowed to reinstall Vantage CNM 2.0, up to three times (at the time of writing). If you need to reinstall Vantage more than three times, then you will have to send an e-mail to myZyXEL-admin@zyxel.com.tw. To reinstall Vantage, click Reinstall in the screen shown in Figure 36. Enter the new authentication code in the following screen (Figure 38) and click Next. The new Activation and Service Set keys are then displayed in a subsequent screen and are also sent to your myZyXEL.com-registered e-mail address.
Enter the new authentication code.
Figure 38 Reinstall Product

7 Uninstalling Vantage

Follow this procedure to uninstall Vantage. 1. 2. You should first stop Vantage by clicking Stop in the screen shown in Figure 20. Double-click the icon as shown in the next screen or type./Uninstall_Vantage_CNM_2.0 in terminal mode.
Figure 39 Uninstall Folder
3. The following screen then displays. Click Uninstall to being uninstalling.
Figure 40 Remove Vantage 4. Click OK to continue removing Vantage. You will then see the next screens.

Figure 41 Uninstall Wait

Figure 42 Uninstall Components 5. The next screen displays when Vantage has been removed from your computer.
Figure 43 Uninstall Complete

9.3.3 Configuring SUA Servers Prestige..140 9.3.4 Full Feature Address Mapping...141 9.3.5 Edit Full Feature Address Mapping...142 9.4 Trigger Port Forwarding ZyWALL...143 9.4.1 Configuring Trigger Port...144 9.4.2 Edit Trigger Port...146
Chapter 10 Configuration > Static Route... 148
10.1 Static Route Overview...148 10.1.1 Static Route Summary...148 10.1.2 Edit Static Route...149
Chapter 11 Configuration > VPN.... 152
11.1 VPN Overview...152 11.1.1 IPSec....152 11.1.2 Security Association...152 11.1.3 Encryption...152 11.1.4 Data Confidentiality...152 11.1.5 Data Integrity....152 11.1.6 Data Origin Authentication...153 11.1.7 IPSec Algorithms....153 11.1.7.1 AH (Authentication Header) Protocol..153 11.1.7.2 ESP (Encapsulating Security Payload) Protocol..153 11.1.8 Key Management....154 11.1.9 Encapsulation....154 11.1.9.1 Transport Mode...154 11.1.9.2 Tunnel Mode...154 11.1.10 IPSec and NAT...155 11.1.11 Keep Alive...155 11.1.12 NAT Traversal...156 11.1.12.1 NAT Traversal Configuration...156 11.1.13 ID Type and Content...156 11.1.14 IKE Phases....157 11.1.15 Negotiation Mode...158 11.1.16 Diffie-Hellman (DH) Key Groups..158 11.1.17 Perfect Forward Secrecy (PFS)...159 11.1.18 Pre-Shared Key....159 11.2 VPN Tunnel Summary...159 11.2.1 Add a VPN Tunnel...160 11.2.2 Manual VPN Tunnel...165 11.3 VPN and NetBIOS...168
Chapter 12 Configuration > Firewall... 170
12.1 Firewall Overview...170 12.2 Types of Firewalls...170 12.2.1 Packet Filtering Firewalls...170 12.2.2 Application-level Firewalls...170 12.2.3 Stateful Inspection Firewalls...171 12.3 Introduction to ZyXELs Firewall...171 12.3.1 Denial of Service...172 12.3.2 Basics....172 12.3.3 Types of DoS Attacks...172 12.4 Stateful Inspection...174 12.4.1 Stateful Inspection Process...175 12.4.2 Stateful Inspection and the ZyXEL device..176 12.4.3 TCP Security....176 12.4.4 UDP/ICMP Security...177 12.4.5 Upper Layer Protocols...177 12.4.6 Firewall Policies Overview...177 12.4.7 Rule Checklist....179 12.4.8 Security Ramifications...179 12.4.9 Key Fields For Configuring Rules..180 12.4.9.1 Action...180 12.4.9.2 Service...180 12.4.9.3 Source Address...180 12.4.9.4 Destination Address...180 12.4.10 Alerts....180 12.4.11 Services and Port Numbers...180 12.5 Firewall Configuration Screens...181 12.5.1 Firewall Summary Screen...181 12.5.1.1 Ordering Rules...181 12.5.2 DoS Settings....183 12.5.3 Add/Edit a Firewall Rule...185 12.5.4 Add/Edit Source/Destination IP Addresses..187 12.5.5 Custom Ports...188

Figure 166 FTP Service Top Sites... 284 Figure 167 Mail Service Top Sites... 286 Figure 168 VPN Service Top Sites... 287 Figure 169 Custom Service Top Sites... 288 Figure 170 All Services Top Users... 290 Figure 171 Top Site Service Settings... 291 Figure 172 Top Users of Web Services.... 292 Figure 173 Top Users of FTP Services... 293 Figure 174 Top Users of Mail Services... 294 Figure 175 Top Users of VPN Tunnels.... 296 Figure 176 Top Users of Custom Services.. 297 Figure 177 Web Filter Summary... 300 Figure 178 Web Filter Top Sites.... 302 Figure 179 Web Filter Top Users.... 303 Figure 180 Web Filter By User... 304 Figure 181 Attack Summary.... 306 Figure 182 Attack Categories.... 307 Figure 183 Attack Category Settings... 309 Figure 184 Source of Attacks... 309 Figure 185 Attack Category Settings... 311 Figure 186 Attack Errors and Exceptions... 311 Figure 187 Successful Logins.... 314 Figure 188 Failed Logins.... 315 Figure 189 Log Monitor.... 317 Figure 190 Log Search.... 319 Figure 191 General System Configuration... 320 Figure 192 Schedule Reports.... 321 Figure 193 Schedule Daily Reports... 322 Figure 194 Schedule Weekly Reports... 324 Figure 195 CSV Import.... 326 Figure 196 About Reports... 326 Figure 197 Daily Reports.... 329 Figure 198 Over Time Report.... 331 Figure 199 Setup.... 334 Figure 200 Wizard 1.... 334 Figure 201 Information... 335 Figure 202 Installation Type.... 335 Figure 203 Installation Directory... 336 Figure 204 Create Directory.... 336 Figure 205 Begin Installation... 336 Figure 206 Run WFTPD.... 337 Figure 207 WFTPD Main Screen.... 337 Figure 208 Windows Services... 338
Figure 209 WFTPD Properties... 338 Figure 210 WFTPD Pro Log On.... 339 Figure 211 Kiwi Syslog Daemon Installation: License Agreement.. 340 Figure 212 Kiwi Installation: Installation Options... 341 Figure 213 Kiwi Installation: Installation Directory... 341 Figure 214 Kiwi Syslog Daemon Setup.... 342 Figure 215 Kiwi Syslog Daemon Setup: Import Configuration File. 342 Figure 216 Kiwi Syslog Daemon Setup: Import Configuration File: Confirm. 343 Figure 217 Windows XP: My Computer.... 343 Figure 218 Windows XP: Computer Management... 344 Figure 219 Vantage System Servers... 345 Figure 220 Vantage, syslog and FTP Servers... 346 Figure 221 Control Panel Java Plug-in Icon... 348 Figure 222 Java Plug-in Control Panel... 349 Figure 223 Java Plug-in Icon... 349 Figure 224 Open Control Panel.... 349 Figure 225 Java Console.... 350 Figure 226 WIndows 95/98/Me: Network: Configuration... 361 Figure 227 Windows 95/98/Me: TCP/IP Properties: IP Address.. 362 Figure 228 Windows 95/98/Me: TCP/IP Properties: DNS Configuration.. 363 Figure 229 Windows XP: Start Menu... 364 Figure 230 Windows XP: Control Panel.... 364 Figure 231 Windows XP: Control Panel: Network Connections: Properties.. 365 Figure 232 Windows XP: Local Area Connection Properties.. 365 Figure 233 Windows XP: Advanced TCP/IP Settings... 366 Figure 234 Windows XP: Internet Protocol (TCP/IP) Properties.. 367 Figure 235 Macintosh OS 8/9: Apple Menu... 368 Figure 236 Macintosh OS 8/9: TCP/IP... 368 Figure 237 Macintosh OS X: Apple Menu... 369 Figure 238 Macintosh OS X: Network... 370 Figure 239 Virtual Circuit Topology... 372 Figure 240 Peer-to-Peer Communication in an Ad-hoc Network.. 375 Figure 241 ESS Provides Campus-Wide Coverage... 376 Figure 242 Sequences for EAP MD5Challenge Authentication.. 379

If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Note: Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy.
6.2.4 Fragmentation Threshold
A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the ZyXEL device will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS Threshold size.

6.2.5 WEP

WEP provides a mechanism for encrypting data using encryption keys. Both the AP and the wireless stations must use the same WEP key to encrypt and decrypt data. The ZyXEL device allows you to configure up to four 64-bit or 128-bit WEP keys, but only one key can be enabled at any one time.
6.3 Configuring Wireless LAN
If you are configuring the ZyXEL device from a computer connected to the wireless LAN and you change the ZyXEL devices ESSID or WEP settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the ZyXEL devices new settings. Select a device, and then click Configuration > WLAN. Wireless is the first screen.

6.3.1 WLAN Wireless

Figure 42 Configuration > WLAN > Wireless
Table 20 Configuration > WLAN > Wireless
LABEL Enable Wireless LAN DESCRIPTION The wireless LAN is turned off by default; before you enable the wireless LAN you should configure some security by setting MAC filters and/or 802.1x security; otherwise your wireless LAN will be vulnerable upon enabling it. Select the check box to enable the wireless LAN. (Extended Service Set IDentification) The ESSID identifies the Service Set the station is to connect to. Wireless clients associating to the Access Point must have the same ESSID. Enter a descriptive name (up to 32 characters) for the wireless LAN. Select to hide the ESSID in the outgoing beacon frame so a station cannot obtain the ESSID through passive scanning. This allows you to set the operating frequency/channel depending on your particular region. Select a channel from the drop-down list box. CHMHz / CHMHz ~ CHMHz (North America/FCC) CHMHz / CHMHz ~ CHMHz (Europe CE/ ETSI) CHMHz / CHMHz ~ ChMHz (Japan) CHMHz / CHMHz (Spain)

Reauthentication Timer

6.5.2 Configuring 802.1x Prestige
Select a Prestige device and then click Configuration > WLAN > 802.1x. The screen appears as shown next.
Figure 45 Configuration > WLAN > 802.1x Prestige
Table 23 Configuration > WLAN > 802.1x Prestige
LABEL Authentication Control. DESCRIPTION Select Authentication Required to authenticate all wireless clients before they can access the wired network. Select No Authentication Required to allow all wireless clients to access your wired network without authentication. Select No Access to deny all wireless clients access to your wired network Specify the time interval between the RADIUS servers authentication checks of wireless users connected to the network. This field is activated only when you select Authentication Required in the Authentication Type field. The Prestige automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed. This field is activated only when you select Authentication Required in the Wireless Port Control field. The default time interval is 3600 seconds (or 1 hour).

Idle Timeout

Table 23 Configuration > WLAN > 802.1x Prestige (continued)
LABEL Authentication Databases DESCRIPTION The authentication database contains wireless station login information. The local user database is the built-in database on the Prestige. The RADIUS is an external server. Use this drop-down list box to select which database the Prestige should use (first) to authenticate a wireless station. Before you specify the priority, make sure you have set up the corresponding database correctly first. Select Local User Database Only to have the Prestige just check the built-in user database on the Prestige for a wireless station's username and password. Select RADIUS Only to have the Prestige just check the user database on the specified RADIUS server for a wireless station's username and password. Select Local first, then RADIUS to have the Prestige first check the user database on the Prestige for a wireless station's username and password. If the user name is not found, the Prestige then checks the user database on the specified RADIUS server. Select RADIUS first, then Local to have the Prestige first check the user database on the specified RADIUS server for a wireless station's username and password. If the Prestige cannot reach the RADIUS server, the Prestige then checks the local user database on the Prestige. When the user name is not found or password does not match in the RADIUS server, the Prestige will not check the local user database and the authentication fails. Click Apply to save your changes back to the ZyXEL device. Click Reset to begin configuring this screen afresh.

Active Backup Gateway IP Address Check WAN IP Address
Table 27 Configuration > WAN > General ZyWALL (continued)
LABEL Fail Tolerance Period (sec) DESCRIPTION Type the number of times the ZyXEL device may attempt and fail to connect to the Internet before traffic is forwarded to the backup gateway. Type the number of seconds for the ZyXEL device to wait between checks to see if it can connect to the WAN IP address (Check WAN IP Address field) or default gateway. Allow more time if your destination IP address handles lots of traffic. Type the number of seconds for the ZyXEL device to wait for a ping response from the IP Address in the Check WAN IP Address field before it times out. The WAN connection is considered "down" after the ZyXEL device times out the number of times specified in the Fail Tolerance field. Use a higher value in this field if your network is busy or congested. Click Apply to save your changes back to the ZyXEL device. Click Reset to begin configuring this screen afresh.

Timeout (sec)

8.1.2 WAN ISP ZyWALL
The screen differs by the encapsulation type chosen.
Figure 50 Configuration > WAN > ISP (Ethernet) ZyWALL
8.1.2.1 Ethernet Encapsulation
The following table describes the labels in the Ethernet encapsulation screen.
Table 28 Configuration > WAN > ISP (Ethernet) ZyWALL
LABEL Encapsulation Service Type DESCRIPTION You must choose the Ethernet option when the WAN port is used as a regular Ethernet. Choose from Standard, Telstra (RoadRunner Telstra authentication method), RR-Manager (Roadrunner Manager authentication method), RR-Toshiba (Roadrunner Toshiba authentication method) or Telia Login. The following fields do not appear with the Standard service type. Click Apply to save your changes back to the ZyXEL device. Click Reset to begin configuring this screen afresh.
8.1.2.2 PPPoE Encapsulation
The ZyXEL device supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection. The PPPoE option is for a dial-up connection using PPPoE. For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example Radius). PPPoE provides a login and authentication method that the existing Microsoft Dial-Up Networking software can activate, and therefore requires no new learning or procedures for Windows users. One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for individuals. Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no specific configuration of the broadband modem at the customer site. By implementing PPPoE directly on the ZyXEL device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL device does that part of the task. Furthermore, with NAT, all of the LANs computers will have access.

Perfect Forward Secrecy (PFS)

Apply Cancel

11.2.2 Manual VPN Tunnel
Select Manual from Figure 74 on page 161to proceed to the next screen.
Figure 75 Configuration > VPN > Manual Tunnel IPSec Detail
Table 57 Configuration > VPN >Manual Tunnel IPSec Detail
LABEL Name DESCRIPTION Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the ZyXEL device drops trailing spaces. Select this check box to activate this VPN policy. Select IKE or Manual. Manual is a useful option for troubleshooting if you have problems using IKE key management. Type a domain name (up to 31 characters) by which to identify the local or remote IPSec router. Local / Remote IP addresses must be static and correspond to the remote IPSec router's configured remote IP addresses. Two active SAs cannot have the local and remote IP address(es) both the same. Two active SAs can have the same local or remote IP address, but not both. You can configure multiple SAs between the same local and remote IP addresses, as long as only one is active at any time. A-End / Z-End Device My IP Select the name of the ZyXEL device from the pull-down list. This is the IP address of the local and remote computer(s) of the VPN tunnel.
Enable IKE / Manual DNS Address A-End / Z-End
Table 57 Configuration > VPN >Manual Tunnel IPSec Detail (continued)
LABEL Peer IP DESCRIPTION Type the IP address of the computer with which you will make the VPN connection or leave the field blank to have the ZyXEL device automatically use the address in the Secure Gateway field. When the Address Type field is configured to Single, enter a (static) IP address on the LAN behind the ZyXEL device. When the Address Type field is configured to Range, enter the beginning (static) IP address, in a range of computers on the LAN behind the ZyXEL device. When the Address Type field is configured to Subnet, this is a (static) IP address on the LAN behind the ZyXEL device. When the Address Type field is configured to Single, this field is N/A. When the Address Type field is configured to Range, enter the end (static) IP address, in a range of computers on the LAN behind the ZyXEL device. When the Address Type field is configured to Subnet, this is a subnet mask on the LAN behind the ZyXEL device. Type a number (base 10) from 1 to 999999 for the Security Parameter Index. Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH. If you select ESP here, you must select options from the Encryption Algorithm and Authentication Algorithm fields. Select AH if you want to use AH (Authentication Header Protocol). The AH protocol (RFC 2402) was designed for integrity, authentication, sequence integrity (replay resistance), and non-repudiation but not for confidentiality, for which the ESP was designed. If you select AH here, you must select options from the Authentication Algorithm field. Select Tunnel mode or Transport mode from the drop-down list box. Select DES, 3DES or NULL from the drop-down list box. When you use DES or 3DES, both sender and receiver must know the Encryption Key, which can be used to encrypt and decrypt the messages. The DES encryption algorithm uses a 56-bit key. Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a result, 3DES is more secure than DES. It also requires more processing power, resulting in increased latency and decreased throughput. Select NULL to set up a tunnel without encryption. When you select NULL, you do not enter an encryption key. When you use SHA1 or MD5, both sender and receiver must know the Authentication Key, which can be used to generate and verify a message authentication code. Select SHA1 or MD5 from the dropdown list box. MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. The SHA1 algorithm is generally considered stronger than MD5, but is slower. Select MD5 for minimal security and SHA-1 for maximum security. This field only applies when you select ESP. With DES, type a unique key 8 ASCII characters long. With 3DES, type a unique key 24 ASCII characters long. Any characters may be used, including spaces, but trailing spaces are truncated. Type a unique authentication key to be used by IPSec if applicable. Enter 16 characters for MD5 authentication or 20 characters for SHA-1 authentication. Any characters may be used, including spaces, but trailing spaces are truncated.

DATA RATE/STANDARD ADSL ADSL2 ADSL2+ UPSTREAM 832 Kips 3.5Mbps 3.5Mbps DOWNSTREAM 8Mbps 12Mbps 24Mbps
14.2 Configuring ADSL Monitor
Select an ADSL device and click Configuration > ADSL Monitor. Click a label to have the information displayed in the text box.
Chapter 14 Configuration > ADSL Monitor
Figure 85 Configuration > ADSL Monitor
Table 72 Configuration > ADSL Monitor
ADSL Link Status This is the status of your ADSL link. ADSL Standard Mode This refers to the operational protocol the Prestige and the DSLAM (Digital Subscriber Line Access Multiplexer) are using. The standard the ISP supports determines the maximum upstream and downstream speeds attainable. Actual speeds attained also depend on the distance from your ISP, noise, line quality, etc. Click this button to reinitialize the ADSL line. The large text box above then displays the progress and results of this operation, for example: "Start to reset ADSL Loading ADSL modem F/W. Reset ADSL Line Successfully!" Click this button to display the upstream noise margin. Click this button to display the downstream noise margin. Click this button to display the upstream and downstream rates of your ADSL link. Click this computer to have your device perform a Cyclic Redundancy Checksum. The Prestige sends a sequence of bits to every block of data or frame. This is called a frame check sequence (FCS). The receiving computer uses a predetermined number to divide the frame. If there is a remainder, then the frame is considered corrupted and a retransmission is requested. Click this button to view ATM status. Click this button to start the ATM loopback test. Make sure you have configured at least one PVC with proper VPIs/VCIs before you begin this test. The Prestige sends an OAM F5 packet to the DSLAM/ATM switch and then returns it (loops it back) to the Prestige. The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM network.

Reset ADSL Line

Upstream Noise Margin Downstream Noise Margin ADSL Line Rate ADSL CRC Error Counter

Password Password Retype E-mail Address Contact Address Telephone Number Note Apply Cancel
17.3.2 Administrator Permissions
You may select which permissions (privileges) an administrator may have from the next screen.
Figure 105 System > Administrator Permissions
Table 90 System > Administrator Permissions
LABEL State User Group DESCRIPTION Select Disable to prohibit Administrator access to Vantage without deleting her profile. A user group is a pre-defined Administrator permission set. Select from Custom, Super and Normal. Super and Normal user groups permission sets are not editable, Custom user group permissions are editable. See section 1.1 for more information. You may select the following permissions for Custom. This permission allows the Administrator to register and delete devices as well as associate and disassociate devices to a folder. This permission allows the Administrator to create, edit and delete Administrators as well as associate and disassociate Administrators to a folder. This permission allows the Administrator access to all the System > Configuration screens. This permission allows the Administrator access to the Device > Synchronize screen. See that screen information in this Users Guide for more details. This permission allows the Administrator to upload device firmware and configuration files to Vantage, download device firmware and configuration files as well as remove them from Vantage. This permission allows the Administrator access to the Monitor screens.
Device registration, deletion, mapping, unmapping Administrator Management Device Configuration Device data synchronization Firmware Management, upgrade and ROM file Management Monitor Management
Table 90 System > Administrator Permissions (continued)
LABEL System Management DESCRIPTION System Management is defined as follows: Vantage Upgrade License Preference Log option and purge log Maintenance
Click Apply to save your settings in Vantage. Click Cancel to begin configuring the screen afresh.

CHAPTER 18

Other System Screens
Only the root administrator can view the System > Upgrade to System > Data Maintenance screens as only the root administrator can perform these duties.

18.1 Status

Click System > Status to view the current Vantage system status. This is a read-only screen.
Figure 106 System > Vantage Status
Table 91 System > Vantage Status
LABEL Vantage CNM Server public IP FTP server Mail Server Syslog Server DESCRIPTION This field displays the IP address of the communications server. If the COM server is on the same computer as Vantage, then this address is the same IP address as that of the Vantage server computer. This field displays the IP address of the FTP server. Click the Check button to test if the connection to the server is up. This field displays the IP address of the Mail Server. Click the Check button to test if the connection to the server is up. This field displays the IP address of the Syslog Server. Click the Check button to test if the connection to the server is up.

Chapter 21 Introduction to Reports

21.1 Bandwidth Reports

Use the bandwidth reports to view bandwidth handled by selected ZyXEL device(s), view real time bandwidth usage and who used the most bandwidth over the specified time period.
Figure 140 Bandwidth Reports

21.2 Service Reports

Use the service reports to monitor service usage over time handled by the selected ZyXEL devices, create TCP/UDP custom services, view bandwidth consumed by a service, what sites were accessed using the service and who used a service.
Figure 141 Service Reports

21.3 Web Filter Reports

Use the web filter reports to view statistics on who attempted to access what blocked sites and when via the selected ZyXEL device(s).
Figure 142 Web Filter Reports

21.4 Attack Reports

Use the attack reports to view statistics on who performed what kind of attacks on selected ZyXEL devices and information on packets dropped by those ZyXEL devices.
Figure 143 Attack Reports
21.5 Authentication Reports
Use the authentication reports screens to view successful and failed logins to selected ZyXEL devices over the specified period of time.
Figure 144 Authentication Reports

21.6 Log Viewer Reports

Use these reports to view, purge and search for logs from the selected ZyXEL device(s).
Figure 145 Log Viewer Reports

21.7 System Reports

Use these screens to configure global reporting parameters such as refresh intervals, syslog retrieval intervals, days to keep logs and default chart types (pie or chart). You can also schedule reports to be sent by e-mail and import a Comma-Separated Value (CSV) text file (of purged logs).
Figure 146 System Reports

21.8 Reports

Use these screens to configure e-mail details, report types to be sent and report sending schedule.
Figure 147 Schedule Reports

CHAPTER 22

Bandwidth Reports

22.1 Introduction

The Bandwidth Summary report contains information on the amount of traffic handled by a selected ZyXEL device(s) over the specified time period.
Chapter 22 Bandwidth Reports
To view the Bandwidth Summary report, select ZyXEL device(s) and click Report, Bandwidth, Summary.
Figure 148 Bandwidth Summary
Table 115 Bandwidth Summary

Table 129 FTP Service Top Sites (continued)
LABEL Color Events MBytes % of MBytes DESCRIPTION You can color code individual items for better graphical representation. This field displays the number of events or "hits." This field displays the number of megabytes consumed by the FTP service through the selected ZyXEL device(s) in the last hour or day. This field shows the percentage of megabytes consumed by the FTP service during this hour, compared to the whole day when one day is is selected. It shows the percentage of megabytes consumed by the service(s) during this day, compared to the total number of days selected when more than one day is selected. This field displays totals for measurable items in this screen.
23.5.5 Mail Service Top Sites
To view sites visited when using mail services through selected ZyXEL device(s), during the specified time, select a ZyXEL device(s) and then click Report, Service, Top Sites, MAIL.
Figure 167 Mail Service Top Sites
Table 130 Mail Service Top Sites
LABEL Chart Type List Top 10 Last Days Settings Site Color Events KBytes % of KBytes DESCRIPTION Select PIE or BAR chart from the Chart Type list box. You can select the default for all screens in the Report, System, General Config screen. Select the number of sites to view from the drop-down list box The report displays information per hour when you select one day and information per day when you select more than one day. Click Settings to view reports for more sites visited, or for days (up to 31 days) than the previous list box allows or for an earlier time range. This field displays the URL or IP address of the site visited. You can color code individual items for better graphical representation. This field displays the number of events or "hits." This field displays the number of kilobytes consumed by the mail service through the selected ZyXEL device(s) in the last hour or day. This field shows the percentage of kilobytes consumed by the mail service during this hour, compared to the whole day when one day is is selected. It shows the percentage of kilobytes consumed by the service(s) during this day, compared to the total number of days selected when more than one day is selected. This field displays totals for measurable items in this screen.
23.5.6 VPN Traffic Top Sites
To view sites visited via VPN tunnels through selected ZyXEL device(s), during the specified time, select a ZyXEL device(s) and then click Report, Service, Top Sites, VPN.
Figure 168 VPN Service Top Sites
Table 131 VPN Service Top Sites
LABEL Chart Type List Top 10 Last Days Settings Sites Color Connections MBytes DESCRIPTION Select PIE or BAR chart from the Chart Type list box. You can select the default for all screens in the Report, System, General Config screen. Select the number of sites to view from the drop-down list box The report displays information per hour when you select one day and information per day when you select more than one day. Click Settings to view reports for more sites visited, or for days (up to 31 days) than the previous list box allows or for an earlier time range. This field displays the destination IP address of the VPN tunnel through the selected ZyXEL devices. You can color code individual items for better graphical representation. This field displays the number of VPN connections through the selected ZyXEL device(s). This field displays the number of megabytes via VPN tunnels through the selected ZyXEL device(s) in the last hour or day.

Figure 218 Windows XP: Computer Management
After you have installed and configure the Kiwi Syslog Daemon and started the Telnet service on the computer, configure the syslog settings in Vantage CNM. Set the syslog server username and password to be the same as the Windows username and password in the Vantage system Server screen.
Setting Up the Syslog Server in Vantage
1 Log in to Vantage using the root account. 2 Go to System>Preferences>Server screen.
Figure 219 Vantage System Servers
3 Select Syslog Server, then enter the IP address of the computer on which you installed the Syslog server and the user name and password that you configured 4 Click Apply.
Appendix C FTP and syslog Server Overview

Introduction

The following graphic displays the Vantage server, syslog server and FTP server interrelationships.Any combination of these servers (or all three) may be on the same computer.
Figure 220 Vantage, syslog and FTP Servers.
Table 158 FTP and syslog Server Overview
LABEL A B C D 3 DESCRIPTION This is the Vantage CNM server. This is any ZyXEL device. This is a syslog server This is an FTP server Vantage sends syslog server and FTP server information to the device when you register the device with Vantage. The syslog server must receive the log at local facility 2a and then writes the log file to /var/log/vantage.log. Vantage communicates with the syslog server using Telnet if Vantage is installed on Windows XP Professional and using SSH (SecureSHell) if Vantage is installed on Redhat Linux 9.0. In either case, you need a Telnet account with a username and password
LABEL 4 DESCRIPTION After a successful communication link has been established between Vantage and the syslog server, Vantage instructs the syslog server to send the vantage.log (ZyXEL devices logs) from the syslog server to an FTP server for retrieval. Vantage uses the FTP protocol to retrieve the vantage.log (ZyXEL devices logs) from the FTP server.
a. This is how it works at the time of writing.
Note: Vantage instructs the syslog server to send the vantage.log (ZyXEL devices logs) from the syslog server to an FTP server for retrieval once every ten minutes.see footnote a
Appendix D Java Console Debug Messages
If you have problems with Vantage, customer support may ask you to find Java console debug messages. This appendix shows you how to do this. 1 Click Start, Control Panel and double-click on Java Plug-in.

Version 1.1 Copyright (c) 1999-2003 The Apache Software Foundation. All rights reserved.
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. The end-user documentation included with the redistribution, if any, must include the following acknowledgment: This product includes software developed by the Apache Software Foundation (http://www.apache.org/). Alternately, this acknowledgment may appear in the software itself, if and wherever such third-party acknowledgments normally appear. The names Apache and Apache Software Foundation must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact apache@apache.org. Products derived from this software may not be called Apache, nor may Apache appear in their name, without prior written permission of the Apache Software Foundation.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This software consists of voluntary contributions made by many individuals on behalf of the Apache Software Foundation. For more information on the Apache Software Foundation, please see <http://www.apache.org/>.
Portions of this software are based upon public domain software originally written at the National Center for Supercomputing Applications, University of Illinois, Urbana-Champaign.
NOTE: Some components of the Vantage CNM software incorporate source code covered under the Apache License. To obtain the source code covered under the Apache License, please contact ZyXEL customer support.
Copyright (c) 2002, 2003 Gargoyle Software Inc. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The end-user documentation included with the redistribution, if any, must include the following acknowledgment: "This product includes software developed by Gargoyle Software Inc. (http://www.GargoyleSoftware.com/) Alternately, this acknowledgment may appear in the software itself, if and wherever such third-party acknowledgments normally appear. 4. The name "Gargoyle Software" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact info@GargoyleSoftware.com. 5. Products derived from this software may not be called "HtmlUnit", nor may "HtmlUnit" appear in their name, without prior written permission of Gargoyle Software Inc. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GARGOYLE SOFTWARE INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.