Page 1 FWX120 Firewall Operation Manual Thank you very much for purchasing Yamaha FWX120. Please carefully read this manual before use to ensure appropriate installation and configuration. Please be sure to follow all the warnings and precautions provided in this manual to ensure appropriate and safe use.
Page 2: Please Read This First
Please read this first Thank you very much for purchasing Yamaha FWX120. This product is a firewall that is suitable for use in small and medium-sized enterprise networks. Main content Information on connecting to a network • Connecting (to an existing network) as a transparent mode firewall ... 13 of this manual • Connecting to the Internet as a router ..........32 Information necessary for daily operations management • Operating and managing the product ..........142 Information on solving issues or problems if any occur • Troubleshooting ..................
Page 3: Table Of Contents
Connecting to the Checking the history of unauthorized access detection ........89 Internet as a router Allowing communication from registered terminals only (DHCP authentication) ........91 Flow of preparation steps.......... 32 Configuring the DHCP server ......92 Ensure the following are available before Registering all terminals to which IP addresses are beginning preparations ......33 assigned by the DHCP server function ..92 Cautions when installing the product ....33 Registering terminals one-by-one ....93 Preparation 1: Making connections ......34 Specifying how unregistered terminals are Preparation 2: Opening the “Basic configuration page” 36 handled ............. 93 FWX120 Operation Manual  3...
Page 4 Chapter 6 Lua scripts ............164 Custom GUI ............ 165 Maximizing use of the product Using a service requiring a global IP address within the LAN ..........129 Using the netvolante DNS service ......131 Publishing a server ..........133 Using mail notification ..........135 Using in the IPv6 environment ........ 137 Changing the operation settings of UPnP function . .. 139 Controlling Yamaha switches ........141 4  FWX120 Operation Manual...
Page 5 Q3:Internet connection cannot be established ..171 Q4:VPN communication cannot be established ..173 Q5:The DOWNLOAD button does not function ..177 Q6:Unable to use USB device ........ 178 Q7:Other problems ..........180 Communication charges of the USB data communication terminal are abnormal ... 181 Initializing the product settings ....... 185 If you have forgotten the password ......187 Chapter 9 Annex Changing the IP addresses of PCs ......188 Instructions on transferring/disposing of the product . .. 190 License terms and conditions ......... 191 FWX120 Operation Manual  5...
Page 6: Particular Usage In This Manual
If you need the latest version of the operation manual, you can download it from the Yamaha website. • Yamaha cannot accept any liability for any loss of or damage to information resulting from any use of the product. Please also note that the warranty only covers physical damage to the product.
Page 7: Important Notice
The outgoing restriction function may not therefore provider connection fees. always work as intended in actual use. If greater Please ensure to check the communication record accuracy is required you will need to conduct and verify whether any unintended communications tests over a certain period of time to check for any have taken place. In addition, we strongly recommend discrepancies. that you periodically visit the Yamaha Network Devices website (http://www.yamaha.com/products/ en/network/) to obtain the latest information on the configurations and revisions of the product. FWX120 Operation Manual  7...
Page 8: Concerning Software License Contracts When Using The Download Button
SOFTWARE. 1-4. Except as expressly provided herein, no license or right, express or implied, is hereby conveyed or granted by YAMAHA to you for any intellectual property of YAMAHA. 2. OWNERSHIP AND COPYRIGHT: The SOFTWARE is protected under the copyright laws and owned by YAMAHA.
Page 9 PARTICULAR PURPOSE. 7. SEPARABILITY: 5-2. IN NO EVENT SHALL YAMAHA, YAMAHA'S In the event that any provision of this AGREEMENT is S U B S I D I A R I E S A N D A F F I L I AT E S , T H E I R...
Page 10: Introduction
• POWER: Indicates the current power status of stick and a USB data communication terminal. Failure the product. to observe this could damage the product. • STATUS: Indicates the status of communication with connected equipment.  Ventilator • LAN1: Indicates the usage status of the LAN1 This is a hole to release the internal heat. port. • LAN2: Indicates the usage status of the LAN2 port. 10  FWX120 Operation Manual...
Page 11 Introduction Each lamp on the front panel indicates one of the three statuses ( Lit Flashing Off) POWER lamp The product is powered on. The product is starting up immediately after the power switch is turned on or shutting down immediately after the power switch is placed in the STANDBY position. The product is powered off or the power went out. STATUS lamp Communication is disabled. Refer to “When the STATUS lamp lights up” (page 154). Communication is enabled. LAN1 lamp LAN1 is enabled. Data is flowing through the LAN1. LAN1 is disabled. LAN2 lamp LAN2 is enabled. Data is flowing through the LAN2. LAN2 is disabled. microSD lamp A microSD card is inserted into the microSD slot but the product is not accessing it. The product is accessing the microSD card. No microSD card has been inserted into the microSD slot, or the microSD card inserted into the slot can be taken out. USB lamp A USB device is inserted into the USB port but the product is not accessing it. The product is accessing the USB device. A USB device is not inserted into the USB port, or the USB device inserted into the port can be taken out. FWX120 Operation Manual  11...
Page 12: Rear Panel
MAC line, connect it to a cable modem, ADSL modem, addresses on the LAN1 side and LAN2 side are or ONU with a LAN cable. as follows: You can find the LINK/DATA lamp (left) and the • MAC address on the LAN1 side: 00A0DE7EBF84 SPEED lamp (right) below the LAN2 port. • MAC address on the LAN2 side: 00A0DE7EBF85 The lamp works just like the lamps for the LAN1 ports. 12  FWX120 Operation Manual...
Page 13: Connecting (To An Existing Network) As A Transparent Mode Firewall
Opening the “Basic configuration Preparation 2 Page  page”  Setting the password of the Preparation 3 Page  product  Preparation 4 Setting the date and time Page   Configuring the transparent mode Preparation 5 Page  firewall FWX120 Operation Manual  13...
Page 14: Ensure The Following Are Available Before Beginning Preparations
Connecting (to an existing network) as a transparent mode firewall Ensure the following are available before beginning preparations LAN cables Provide LAN cables based on the number of PCs and distance. Up to four PCs can be directly connected to the LAN1 ports of the product. If you want to connect five or more PCs, use a hub (for example, a switching hub) that supports 10BASE-T, 100BASE-TX, or 1000BASE-T. Information regarding the network to which the product is connected Predetermine the IP address to be assigned to the LAN side of the product. NOTE To connect the product to a network that uses a DHCP server, you need to disable the DHCP server function of the product. To do this, refer to page 28. Cautions when installing the product Please carefully read and observe the “Safety precautions” of the User's Manual when installing the product. 14  FWX120 Operation Manual...
Page 15: Preparation 1: Making Connections
Connect the LAN port of your PC to one of the LAN1 ports of the product with a LAN cable. Connect the LAN port of the router or hub to the LAN2 port of the product with a LAN cable. FWX120 Operation Manual  15...
Page 16 If the LAN1 lamp does not light up or flash: • Check that the LAN cable is correctly connected and your PC or hub is powered on. • The LAN1 lamp does not light up or flash unless all the PCs and hubs that are connected to the product are powered on. If the LAN2 lamp does not light up or flash: Check that the product is connected correctly to the router (hub) and the router (hub) is powered on. Now, the connecting procedures are completed. See page  Proceed with other preparations. 16  FWX120 Operation Manual...
Page 17: Preparation 2: Opening The "Basic Configuration Page
Follow the steps below to open the “Basic configuration page”. NOTE • To use the “Basic configuration page”, we recommend that you use Windows Internet Explorer 11. • The descriptions in this manual use Internet Explorer 11 screens as examples. For other environments, you have slightly different screen displays, though operations stay the same. If you enter commands in a console window using Telnet software, you can configure settings in more detail compared to doing them in the “Basic configuration page” (console commands). For details on connecting to the product using Telnet software, please refer to page 144. For information on the commands available to the product, please refer to “Command reference” (included in the attached CD-ROM). FWX120 Operation Manual  17...
Page 18 Indicates the current Shows Help screen. screen name. Configure the settings as needed. Accept your entries and Return to the top page without save them in the product. saving your entries. Return to the previous page without saving your entries. 18  FWX120 Operation Manual...
Page 19: Preparation 3: Setting The Passwords
Connecting (to an existing network) as a transparent mode firewall Preparation 3 Setting the passwords In the factory defaults, the initial password is set to “doremi”. It is recommended that you set passwords to provide security measures. Once a password is set, anyone trying to access the product must enter it, which makes it difficult for third parties to modify the configurations of the product. It is recommended that you follow the steps on page 20 to set or change the password to prevent security issues. FWX120 Operation Manual  19...
Page 20 Connecting (to an existing network) as a transparent mode firewall Click Click Fill in Fill in Click 20  FWX120 Operation Manual...
Page 21 Type the password of the product in “Administration password”. Each password character entered is represented by a black dot. Retype the password you entered in Step 3. Click “Submit”. A confirmation screen appears. Click “Submit”. The password you have set takes effect. Click “Return to top”. The screen to enter a “User name” and “Password” appears. Type the password you entered in Step 3 in “Password” and then click “OK”. The top page of the “Basic configuration page” reappears. Set the login password of the product. Leave “User name” blank. FWX120 Operation Manual  21...
Page 22 Connecting (to an existing network) as a transparent mode firewall Click Click Click Fill in Fill in Click 22  FWX120 Operation Manual...
Page 23 TELNET, SSH, SFTP)” The “Configure users and access limits” screen appears. Click “Configure” to the right of “Nameless user”. The “Configure nameless user” screen appears. Type the login password in “login password”. Each password character entered is represented by a black dot. Retype the login password you entered in Step 12. Click “Submit”. A confirmation screen appears. Click “Submit”. The password you have set takes effect. Click “Return to top”. The top page of the “Basic configuration page” reappears. FWX120 Operation Manual  23...
Page 24: Preparation 4: Setting The Date And Time
Connecting (to an existing network) as a transparent mode firewall Preparation 4 Setting the date and time In the “Configure machine” screen, configure the date and time for the product. Click Click Select Fill in Click 24  FWX120 Operation Manual...
Page 25 Select “Change to the following date and time setting” under “Configure date and time”. Enter your local date and time. To set the exact time, enter a time several minutes ahead and click “Submit” simultaneously with a time signal. Click “Submit”. A confirmation screen appears. Click “Return to top”. The top page of the “Basic configuration page” reappears. To automatically set the time of the product: Using a NTP (network time protocol) server on the Internet allows you to automatically set the time of the product. NOTE Depending on the security settings of the product, PCs in the LAN as well as this product may not be able to synchronize their time with the NTP server. To use an external NTP server, change the filter settings (page 80). FWX120 Operation Manual  25...
Page 26: Mode Firewall
• When the transparent mode firewall is configured, some settings can no longer be configured. For more details, click “Help” on the setup screen and refer to the description displayed. To connect to an existing network, you are required to have the following information (some connection modes may not need all of the information). • IP address • Netmask • Name server addresses (DNS server address, name server IP address, and DNS server IP address) • Default gateway address 26  FWX120 Operation Manual...
Page 27 The “Configure firewall 1/6” screen appears. Specify the management IP address. To obtain the IP address from the DHCP server: Click “DHCP client” to select it. If the DHCP client identification name is assigned, enter that identification name in the “DHCP client identification name” (there is no need to enter it if it is not assigned). To use a fixed IP address: Click “Static IP address” to select it, and then configure the following settings: • IP address: Enter the IP address in numeric characters. • netmask: Select the netmask. • Default gateway: Enter the default gateway address in numeric characters. Click “Next”. The “Configure firewall 3/6” screen appears. FWX120 Operation Manual  27...
Page 28 Enable the DHCP server functions. NOTE If “DHCP client” is selected in the “Configure firewall 1/6” screen, “Disable DHCP server function” will be selected. If the product is not used as a DHCP server: Click “Disable DHCP server function” to select it. If the product is used as a DHCP server: Click “Use DHCP server function” to select it, and then configure the following settings: • Assigned IP address range: Enter the range of IP addresses that do not overlap with the IP address of the product in numeric characters. • netmask: Select the same value as the netmask of the product. Click “Next”. The “Configure firewall 4/6” screen appears. 28  FWX120 Operation Manual...
Page 29 If the DNS server address is not specified: Click “Do not specify DNS server address or auto-retrieve from DHCP server” to select it. If the DNS server address is specified: Click “Specify DNS server” to select it, and then configure the following settings: • Primary DNS server address: Type the DNS server address in numeric characters. • Secondary DNS server address: Fill out the field if you have two DNS server addresses (leave this field blank if you have only one address specified). Click “Next”. The “Configure firewall 5/6” screen appears. FWX120 Operation Manual  29...
Page 30 Connecting (to an existing network) as a transparent mode firewall Enabling the filter function Select Specify Click Select the applications to be used. For more details on the settings, click “Help” on the setup screen and refer to the description displayed. Enable network sharing. If you do not use Windows network sharing, clear the “Use Windows network sharing” check box. Click “Next”. The “Configure firewall 6/6” screen appears. 30  FWX120 Operation Manual...
Page 31 “Basic configuration page”. NOTE If you have specified the management IP address or changed a management IP address setting in “1 Specifying the management IP address”, the product restarts automatically. After the restart, enter the specified IP address or new IP address in the address bar of Internet Explorer to re-open the “Basic configuration page”. Check whether the product is connected to the existing network. Check that the product is connected to the existing network by viewing the status of connection on the lower part of the screen.  If you cannot connect to the Internet: Configurations Check 1 Check the connection between the product and the router are completed. or hub. Check 2 Check the entries again on pages between 27 and 30. Configuration settings for Check 3 If you still have difficulties, refer to “Troubleshooting” for your Internet connection solutions (page 166). are now complete. FWX120 Operation Manual  31...
Page 32: Connecting To The Internet As A Router
  Configuring the IP address on the Preparation 5 Page  LAN1 side of the product  Changing the IP addresses of PCs in Preparation 6 Page  the LAN  Preparation 7 Configuring provider information Page  32  FWX120 Operation Manual...
Page 33: Ensure The Following Are Available Before Beginning Preparations
Connecting to the Internet as a router Ensure the following are available before beginning preparations LAN cables Provide LAN cables based on the number of PCs and distance. Up to four PCs can be directly connected to the LAN1 ports of the product. If you want to connect five or more PCs, use a hub (for example, a switching hub) that supports 10BASE-T, 100BASE-TX, or 1000BASE-T. Information regarding the network to which the product is connected Predetermine the IP address to be assigned to the LAN side of the product. NOTE To connect the product to a network that uses a DHCP server, you need to disable the DHCP server function of the product. To do this, refer to page 92. Cautions when installing the product Please carefully read and observe the “Safety precautions” of the User's Manual when installing the product. FWX120 Operation Manual  33...
Page 34: Preparation 1: Making Connections
Connect the LAN port of your cable modem, ADSL modem, or ONU to the LAN2 port of the product with a LAN cable. Please also refer to the document provided by your provider and instruction manuals for ADSL modem and ONU. NOTE If you switch an environment in which a cable modem, an ADSL modem, or an ONU is directly connected to a PC to a connection with the product, or an installed router is replaced with the product, proper connections may not be made because, for instance, addresses cannot be obtained. Therefore, you may need to configure some settings, to perform a reset, or to wait for a specified period of time (e.g., at least 20 minutes). For more information, follow the instructions in the relevant manuals. 34  FWX120 Operation Manual...
Page 35 If the LAN1 lamp does not light up or flash: • Check that the LAN cable is correctly connected and your PC or hub is powered on. • The LAN1 lamp does not light up or flash unless all the PCs and hubs that are connected to the product are powered on. If the LAN2 lamp does not light up or flash: Check that the ADSL modem (or cable modem or ONU) is correctly connected to the product and the ADSL modem (or cable modem or ONU) is powered on. Now, the connecting procedures are completed. See page  Proceed with other preparations. FWX120 Operation Manual  35...
Page 36: Preparation 2: Opening The "Basic Configuration Page
If you enter commands in a console window using Telnet software, you can configure settings in more detail compared to doing them in the “Basic configuration page” (console commands). For details on connecting to the product using Telnet software, please refer to page 144. For information on the commands available to the product, please refer to “Command reference” (included in the attached CD-ROM). 36  FWX120 Operation Manual...
Page 37 Indicates the current screen name. Shows Help screen. Configure the settings as needed. Accept your entries and Return to the top page without save them in the product. saving your entries. Return to the previous page without saving your entries. FWX120 Operation Manual  37...
Page 38: Preparation 3: Setting The Passwords
Preparation 3 Setting the passwords In the factory defaults, the initial password is set to “doremi”. It is recommended that you set passwords to provide security measures. Once a password is set, anyone trying to access the product must enter it, which makes it difficult for third parties to modify the configurations of the product. It is recommended that you follow the steps on page 39 to set or change the password to prevent security issues. 38  FWX120 Operation Manual...
Page 39 Connecting to the Internet as a router Click Click Fill in Fill in Click FWX120 Operation Manual  39...
Page 40 Each password character entered is represented by a black dot. Retype the password you entered in Step 3. Click “Submit”. A confirmation screen appears. Click “Submit”. The password you have set takes effect. Click “Return to top”. The screen to enter a “User name” and “Password” appears. Type the password you entered in Step 3 in “Password” and then click “OK”. The top page of the “Basic configuration page” reappears. Set the login password of the product. Leave “User name” blank. 40  FWX120 Operation Manual...
Page 41 Connecting to the Internet as a router Click Click Click Fill in Fill in Click FWX120 Operation Manual  41...
Page 42 Click “Configure” to the right of “Nameless user”. The “Configure nameless user” screen appears. Type the login password in “login password”. Each password character entered is represented by a black dot. Retype the login password you entered in Step 12. Click “Submit”. A confirmation screen appears. Click “Submit”. The password you have set takes effect. Click “Return to top”. The top page of the “Basic configuration page” reappears. 42  FWX120 Operation Manual...
Page 43: Preparation 4: Setting The Date And Time
Connecting to the Internet as a router Preparation 4 Setting the date and time In the “Configure machine” screen, configure the date and time for the product. Click Click Select Fill in Click FWX120 Operation Manual  43...
Page 44 Select “Change to the following date and time setting” under “Configure date and time”. Enter your local date and time. To set the exact time, enter a time several minutes ahead and click “Submit” simultaneously with a time signal. Click “Submit”. A confirmation screen appears. Click “Return to top”. The top page of the “Basic configuration page” reappears. To automatically set the time of the product: Using a NTP (network time protocol) server on the Internet allows you to automatically set the time of the product. NOTE Depending on the security settings of the product, PCs in the LAN as well as this product may not be able to synchronize their time with the NTP server. To use an external NTP server, change the filter settings (page 80). 44  FWX120 Operation Manual...
Page 45: The Lan1 Side
LANs do not overlap. Determine a new network address for each LAN and configure the IP address and netmask according to the new network address on the product and PC. NOTE If a different network address has already been configured, give the product the IP address and netmask according to that network address. Make sure the product has an IP address that does not overlap with the one assigned to other devices installed within the LAN. Click Click Click “Advanced settings” on the top page of “Basic configuration page”. The “Advanced settings” screen appears. Click “Configure” to the right of “Configure LAN (IP address, DHCP server)”. The “Configure LAN” screen appears. FWX120 Operation Manual  45...
Page 46 Enter the IP address according to the new network address you determined, and select the netmask. For more details on the settings, click “Help” on the setup screen and refer to the description displayed. Click “Submit”. A confirmation screen appears. Click “Execute” before changing the IP addresses of PCs. For information on changing the IP addresses of PCs, refer to the description on page 47 onward. 46  FWX120 Operation Manual...
Page 47: Pcs In The Lan
If you change a LAN network address, you also need to change IP addresses and netmasks of PCs in the LAN. If you have devices other than PCs in the LAN, you also need to change their IP addresses and netmasks. For information on setting these devices, please refer to their instruction manuals. NOTE If you do not change the network address of the LAN to which the product is attached, you do not need to change IP addresses of PCs in the LAN. The way to change the IP address of a PC depends on the version of the operating system. Refer to “Changing the IP addresses of PCs” (page 188) for more details. FWX120 Operation Manual  47...
Page 48: Preparation 7: Configuring Provider Information
Permanently connecting to the Internet using network connection service Page  • Network PPPoE connection: Page 59 • unnumbered connection: Page 59 Connecting to the Internet using a USB data Page  communication terminal NOTE • After canceling/changing your provider contract please be sure to delete or reconfigure the connection configuration of the product. Failure to observe this could result in unexpected charges from your telephone carrier or provider. • Before using the product as a router (or before signing a new contract with your provider), be sure to determine whether simultaneous connections of multiple PCs through a router are permitted by your provider. Some providers do not allow simultaneous connections or require that you sign a separate contract. If you use the product in violation of the terms and conditions of the contract with your provider, you may be charged unexpected fees. If simultaneous connections are prohibited by your provider, sign a separate contract with your provider or sign a contact with a provider that allows simultaneous connections. 48  FWX120 Operation Manual...
Page 49 You need the setup document supplied by the provider. To configure destinations and connect to the Internet, you are required to have the following information provided by your provider (some connection modes may not need all of the information). • User ID (authentication ID and account name) • Passwords (authentication password and initial password) • IP address • Netmask • Name server addresses (DNS server address, name server IP address, and DNS server IP address) • Default gateway address FWX120 Operation Manual  49...
Page 50 1  Checking the connection mode Click The line type is automatically detected. Click Click “Configure provider” on the top page of “Basic configuration page”. The broadband line auto-distinction function works to show the screen for the connection mode selected for the connected line. NOTE Note that the broadband line auto-distinction process takes place only once. Be sure to check that the broadband line is connected to the LAN2 port of the product before performing this function. 50  FWX120 Operation Manual...
Page 51 Failed to automatically determine broadband line.  Select “Terminal broadband connection over PPPoE” or “Terminal broadband connection over DHCP or static IP address” to your connection type and then click “Next”. If you are not sure which connection type you use currently, check the contract or contact your provider. When “Terminal broadband connection over See page  PPPoE” is selected: When “Terminal broadband connection over See page  DHCP or static IP address” is selected: FWX120 Operation Manual  51...
Page 52 Enter a descriptive destination name. It is a good idea to name the configuration so that you can easily identify it when it needs to be modified. Enter the user ID. Enter the connection user ID specified by the provider. Be sure to check the relevant document when entering it. Enter your connect password. Enter the password specified by the provider (or the password you changed). The password is case sensitive and should be in alphanumeric characters. Each password character entered is represented by a black dot. Click “Next”. The “Configure provider 3/4” screen appears. 52  FWX120 Operation Manual...
Page 53 If the DNS server address is not assigned by your provider: Click “Do not specify DNS server address and auto-retrieve from the provider” to select it. If the DNS server address is assigned by your provider: Click “The contract with the provider stipulates a DNS server address designation” to select it and then set the following addresses. • Primary DNS server address: Enter the DNS server address assigned by your provider in numeric characters. • Secondary DNS server address: Enter the secondary DNS server address if your provider provides you with two DNS server addresses (if your provider provides you with only one DNS server address, leave this field blank). Click “Next”. The “Configure provider 4/4” screen appears. FWX120 Operation Manual  53...
Page 54 Connecting to the Internet as a router 4  Checking the setting information Terminal broadband connection over PPPoE (from page 51) Check Click Ensure that the entries displayed on the screen agree with the information provided by your provider. If an incorrect setting has been made, click “Back” to bring up the necessary setting screen to set it correctly. Click “Submit”. The “Register provider” screen appears. 54  FWX120 Operation Manual...
Page 55 Check whether the product is connected to the Internet. Check that the product is connected to the Internet by viewing the status of Internet connection on the lower part of the screen. Configurations  If you cannot connect to the Internet: are completed. Check 1 Check the connection between the product and your PC, ADSL modem or ONU. Check 2 Check the entries again on pages 52 and 53. Configuration settings for Check 3 If you still have difficulties, refer to “Troubleshooting” for your Internet connection solutions (page 166). are now complete. FWX120 Operation Manual  55...
Page 56 If the IP address is not assigned by your provider: Click “DHCP client” to select it. If the DHCP client identification name is assigned by your provider, enter that identification name in the “DHCP client identification name” (there is no need to enter it if it is not assigned by your provider). If the IP address is assigned by your provider: Click “Static IP address” and then configure the following settings. • WAN IP address: Enter the IP address assigned by your provider in numeric characters. • netmask: Select the netmask assigned by your provider. • Default gateway: Enter the default gateway address assigned by your provider in numeric characters. Click “Next”. The “Configure provider 3/4” screen appears. 56  FWX120 Operation Manual...
Page 57 If the DNS server address is not assigned by your provider: Click “Do not specify DNS server address and auto-retrieve from the provider” to select it. If the DNS server address is assigned by your provider: Click “The contract with the provider stipulates a DNS server address designation” to select it and then set the following addresses. • Primary DNS server address: Enter the DNS server address assigned by your provider in numeric characters. • Secondary DNS server address: Enter the secondary DNS server address if your provider provides you with two DNS server addresses (if your provider provides you with only one DNS server address, leave this field blank). Click “Next”. The “Configure provider 4/4” screen appears. FWX120 Operation Manual  57...
Page 58 Check whether the product is connected to the Internet. Check that the product is connected to the Internet by viewing the status of Internet connection on the lower part of the screen. Configurations  If you cannot connect to the Internet: are completed. Check 1 Check the connection between the product and your PC, ADSL modem or cable modem. Check 2 Check the entries again on pages 56 and 57. Configuration settings for Check 3 If you still have difficulties, refer to “Troubleshooting” for your Internet connection solutions (page 166). are now complete. 58  FWX120 Operation Manual...
Page 59 • After canceling/changing your provider contract please be sure to delete or reconfigure the connection configuration of the product. Failure to observe this could result in unexpected charges from your telephone carrier or provider. • A constant Internet connection increases the risk of illegal access or attack via the Internet. Be sure to use the product with extra attention to your network security. Refer to “Enhancing security” (page 73) for more details. • The descriptions in this manual use Internet Explorer 11 screens as examples. For other environments, you have slightly different screen displays, though operations stay the same. To configure destinations and connect to the Internet, you are required to have the following information provided by your provider (some connection modes may not need all of the information). • User ID (authentication ID and account name) • Passwords (authentication password and initial password) • IP address • Netmask • Name server addresses (DNS server address, name server IP address, and DNS server IP address) • Default gateway address FWX120 Operation Manual  59...
Page 60 Connecting to the Internet as a router 1  Specifying the connection mode Click Click Click “Advanced settings”. The “Advanced settings” screen appears. Click “Configure” to the right of “Detailed basic connection setting”. The “Detailed basic connection setting” screen appears. 60  FWX120 Operation Manual...
Page 61 Connecting to the Internet as a router Click Click Click Click “Add”. The “Register provider” screen appears. Click the “Network broadband connection over PPPoE”. Click “Next”. The “Register provider” screen appears. FWX120 Operation Manual  61...
Page 62 2  Specifying your provider information Fill in Fill in Fill in Enter the configuration name. Enter a descriptive destination name. It is a good idea to name the configuration so that you can easily identify it when it needs to be modified. Enter the user ID. Enter the connection user ID specified by the provider. Be sure to check the relevant document when entering it. Enter your connect password. Enter the password specified by the provider (or the password you changed). The password is case sensitive and should be in alphanumeric characters. Each password character entered is represented by a black dot. 62  FWX120 Operation Manual...
Page 63 If the DNS server address is not assigned by your provider: Select “Automatically retrieve upon connecting”. If the DNS server address is assigned by your provider: Select “Specify IP address” and then configure the following settings. • Primary DNS server address: Enter the DNS server address assigned by your provider in numeric characters. • Secondary DNS server address: Enter the secondary DNS server address if your provider provides you with two DNS server addresses (if your provider provides you with only one DNS server address, leave this field blank). If a domain name is assigned by your provider: Enter the specified domain name in the “DNS domain name” field. FWX120 Operation Manual  63...
Page 64  If you cannot connect to the Internet: are completed. Check 1 Check the connection between the product and your PC, ADSL modem or ONU. Check 2 Check the entries again on pages 62 and 63. Configuration settings for Check 3 If you still have difficulties, refer to “Troubleshooting” for your Internet connection solutions (page 166). are now complete. 64  FWX120 Operation Manual...
Page 65 You need the setup document supplied by the provider. To configure destinations and connect to the Internet, you are required to have the following information provided by your provider (some connection modes may not need all of the information). • User ID (authentication ID and account name) • Passwords (authentication password and initial password) • IP address • Netmask • Name server addresses (DNS server address, name server IP address, and DNS server IP address) • Default gateway address • Access point name • CID (Context Identifier) FWX120 Operation Manual  65...
Page 66 Connecting to the Internet as a router 1  Connecting a USB data communication terminal Connect a USB data communication terminal to the USB port of the product. The USB lamp lights up and flashes. A buzzer beeps when the USB data communication terminal is connected. For details on the buzzer sound, refer to “Changing the buzzer settings” (page 150). For a list of the latest USB data communication terminals that are known to work, visit http://www.yamaha.com/products/en/network/ and go to the product information page of this product. 66  FWX120 Operation Manual...
Page 67 Connecting to the Internet as a router 2  Specifying the connection mode Click Click Click Click “Configure provider” on the top page of “Basic configuration page”. The “Configure provider 1/4” screen appears. Click “Mobile Internet connection”. Click “Next”. The “Configure provider 2/4” screen appears. FWX120 Operation Manual  67...
Page 68 Enter the configuration name. Enter a descriptive destination name. It is a good idea to name the configuration so that you can easily identify it when it needs to be modified. Enter the access point name. Enter the access point name provided by your carrier or provider. Entries may vary depending on your contract plan. Be sure to check the relevant document when entering it. Enter the CID (Context Identifier). Enter the CID number provided by your carrier or provider. Entries may vary depending on your contract plan. Be sure to check the relevant document when entering it. Enter the user ID. If you need to specify a user ID, enter the user ID provided by your provider. Be sure to check the relevant document when entering it. 68  FWX120 Operation Manual...
Page 69 Connecting to the Internet as a router Enter your connect password. If you need to specify a connect password, enter the password specified by the provider (or the password you changed). The password is case sensitive and should be in alphanumeric characters. Each password character entered is represented by a black dot. Select outgoing restrictions. Configure the outgoing restrictions based on the cumulative send/received data and the cumulative connection period. Depending on your contract plan, unusual billing can occur due to long connection times. Be sure to check your contract plan before configuring it. Click “Next”. The “Configure provider 3/4” screen appears. FWX120 Operation Manual  69...
Page 70 If the DNS server address is not assigned by your provider: Click “Do not specify DNS server address and auto-retrieve from the provider” to select it. If the DNS server address is assigned by your provider: Click “The contract with the provider stipulates a DNS server address designation” to select it and then set the following addresses. Primary DNS server address: Enter the DNS server address assigned by your • provider in numeric characters. Secondary DNS server address: Enter the secondary DNS server address • if your provider provides you with two DNS server addresses (if your provider provides you with only one DNS server address, leave this field blank). Click “Next”. The “Configure provider 4/4” screen appears. 70  FWX120 Operation Manual...
Page 71 Connecting to the Internet as a router 5  Checking the setting information Check Click Ensure that the entries displayed on the screen agree with the information provided by your provider. If an incorrect setting has been made, click “Back” to bring up the necessary setting screen to set it correctly. Click “Submit”. The “Register provider” screen appears. FWX120 Operation Manual  71...
Page 72  If you cannot connect to the Internet: Check 1 Check the connection between the product and your PC are completed. and between the product and the USB data communication terminal. Configuration settings for Check 2 Check the entries again on pages between 68 and 70. your Internet connection Check 3 If you still have difficulties, refer to “Troubleshooting” for are now complete. solutions (page 166). 72  FWX120 Operation Manual...
Page 73: Enhancing Security
• In addition to unauthorized accesses via the Internet, you should also be aware of the risk of Using the product without setting a password attacks by computer viruses. will pose great security risks. Be sure to set the • Should the settings of the product be modified or password, and change it periodically. the PC system or data be destroyed, a massive amount of data and monetary damages would be resulted. You must configure filter settings of the product or take other security measures to protect your system. FWX120 Operation Manual  73...
Page 74: Addressing Unauthorized Accesses
This type of unauthorized access can be prevented under your own responsibility. at a high rate by upgrading the operating system • Please note that Yamaha cannot accept any liability or server software, configuring proper settings, or for any losses or damage resulting from incorrect conducting adequate management. use. Measures to be taken in the product • Changing a product setting by malicious third 1. Intrusions using invalid packets...
Page 75: Outline Of Security Functions Provided By The Product
Security functions against external attacks To protect the LANs connected to the product against external attacks, the product provides various filter functions and Intrusion Detection System. Internet Packet processing flow Provider UP LINK Filter function The product has the following two filters: • Inbound filter (page 77): Used to discard needless packets early. • Policy filter (page 80): Performs stateful inspection filtering (dynamic filter). It can control access on a connection basis. Intrusion Detection System (page 88) When incoming packets are checked through the inbound filter, the function detects illegal packets for potential external attacks. You can specify whether detected packets are discarded immediately after received or can pass through the function, depending on the types of packets. FWX120 Operation Manual  75...
Page 76: Security Functions For Managing Terminals In The Lan
When Intrusion Detection System is enabled, the product can detect packets used by “Winny” and “Share”, discard those packets, and break their communication. In addition, if “Winny” or “Share” packets are detected, they are logged to the history records for Intrusion Detection System. Thus, the product can identify terminals that have used “Winny” or “Share”. 76  FWX120 Operation Manual...
Page 77: Discarding Needless Packets (Inbound Filter)
Enhancing security Discarding needless packets (inbound filter) The inbound filter enables incoming packets to be discarded or blocked based on their source or destination IP addresses, protocols, and port numbers. Compared with the policy filter, this filter can dispose of needless packets at an earlier stage, without putting much load on the product. Note that the inbound filter can be set for each interface. × Source: xxx.xxx.xxx.xxx Destination: 192.168.100.10 Internet Block Port: 443 Source: xxx.xxx.xxx.xxx Destination: 192.168.100.10 Pass Port: 80 Source: yyy.yyy.yyy.yyy Provider Destination: 192.168.100.10 Pass Port: 80 UP LINK FWX120 Operation Manual  77...
Page 78: Creating An Inbound Filter
To open the “Regist inbound filter” screen - To add a filter below the selected filter From “Basic configuration page”, click the buttons (meaning that the added filter is processed on the setup screen in the following order: later): Select “Add to under”.  “Advanced settings” in the top page • Click (move up) or (move down) to move the position of a filter up (processed first) or down  “Configure” in “Configure inbound filter” (processed later).  “Execute” of the interface for which you want to set an inbound filter For more details on the settings, click “Help” on the (Click “Execute” of “IPv4 inbound filter” if IPv4 setup screen and refer to the description displayed. addresses are used for connection, or “Execute” of “IPv6 inbound filter” if IPv6 addresses are used.)  “Add” in the “List of IPv4 inbound filter” screen 78  FWX120 Operation Manual...
Page 79: Viewing How Inbound Filters Are Working
 “Execute” of the interface for which you want to have worked. edit the inbound filter (Click “Execute” of “IPv4 inbound filter” if IPv4 addresses are used for connection, or “Execute” of “IPv6 inbound filter” if IPv6 addresses are used.) To open the “View the log of inbound filter” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Execute” in “Information of inbound filter”  “Execute” of the interface for which you want to view information on the inbound filters (Click “Execute” of “View the log of IPv4 inbound filter” if IPv4 addresses are used for connection, or “Execute” of “View the log of IPv6 inbound filter” if IPv6 addresses are used.) FWX120 Operation Manual  79...
Page 80: Passing Only Necessary Packets Through A Dynamic Filter (Policy Filter)
(page 85). For example, you can create a “WAN” group and add “LAN2, PP1, and TUNNEL1” interfaces to that group. Specifying this “WAN” group as an interface on creation of a policy filter can save time and effort to create the policy filter for each of LAN2, PP1, and TUNNEL1 interfaces. • Basically, a service conceptually refers to an application, which includes TELNET, SMTP, POP, FTP, and WWW. In addition, you can specify a protocol and port to define a given service (user definition service). This service is available in policy filters that you create (page 87). • Another applicable access management example can be: You apply a policy filter to a group of IP addresses for registered terminals (page 91). You can then allow only part of the registered terminals to access specific networks (such as an internal network with a higher security level). 80  FWX120 Operation Manual...
Page 81: Viewing Or Editing A Policy Set
- To modify an existing policy setting: Select “Configure”. - To delete a policy: Select “Delete”. - To add a policy as a sibling of the selected policy: Select “Add to parallel”. Refer to “Adding a policy to the same level” (page 83) for more details. - To add a policy as a child of the selected policy: Select “Add to under”. Refer to “Adding a policy to the child level” (page 83) for more details. - To temporarily enable or disable a policy: Select either “Disable” or “Enable”. FWX120 Operation Manual  81...
Page 82: Adding A Policy
• Policies are sequentially processed from the top of IPv4 policy filter” if IPv4 addresses are used of the policy list. The product does not allow the for connection, or “Execute” of “Configure and types of connections that are not registered with the view status of IPv6 policy filter” if IPv6 addresses policy. Therefore, you must create a policy to allow are used.) all connections at the end of the list.  Selecting a policy set in which you want to set • However, if no policy is created at all, the product a policy in the “Detail of policy set” section and allows all connections. then clicking “Add” When adding a policy, you can also specify a set of interfaces, addresses, and services as a group. For more details, refer to “Managing interfaces, addresses, and services in a group” (page 85). For more details on the settings, click “Help” on the setup screen and refer to the description displayed. 82  FWX120 Operation Manual...
Page 83: Managing Multiple Policy Sets
To open the “Configure policy set” screen On the row of the policy of which you want to add From “Basic configuration page”, click the buttons a policy to the child level, click and then select on the setup screen in the following order: “Add to under”.  “Advanced settings” in the top page When you finish configuring the policy in the  “Configure” in “Configure policy filter” “Configure policy filter” screen, the configured  “Execute” of the interface for which you want to policy is added to the row immediately below where view the policy filter you clicked , at the child level. (Click “Execute” of “Configure and view status of IPv4 policy filter” if IPv4 addresses are used for connection, or “Execute” of “Configure and view status of IPv6 policy filter” if IPv6 addresses are used.)  “Add” in “List of policy set” FWX120 Operation Manual  83...
Page 84 To open the “Configure policy set switching” screen  “Advanced settings” in the top page From “Basic configuration page”, click the buttons  “Configure” in “Configure policy filter” on the setup screen in the following order:  “Execute” of the interface for which you want to  “Advanced settings” in the top page view the policy filter  “Configure” in “Configure policy filter” (Click “Execute” of “Configure and view status  “Execute” of the interface for which you want to of IPv4 policy filter” if IPv4 addresses are used view the policy filter for connection, or “Execute” of “Configure and (Click “Execute” of “Configure and view status view status of IPv6 policy filter” if IPv6 addresses of IPv4 policy filter” if IPv4 addresses are used are used.) for connection, or “Execute” of “Configure and view status of IPv6 policy filter” if IPv6 addresses are used.)  “Add” of the policy set you want to set criteria in the “List of policy set” section 84  FWX120 Operation Manual...
Page 85: Managing Interfaces, Addresses, And Services In A Group
 “Execute” of the interface for which you want to Types of groups you can create view the policy filter (Click “Execute” of “Configure and view status In this product, you can create the following three of IPv4 policy filter” if IPv4 addresses are used groups: interface, address, and service (protocol) for connection, or “Execute” of “Configure and groups. You can define up to 100 groups for each view status of IPv6 policy filter” if IPv6 addresses group type. are used.) NOTE  “Configure” in “List of group and user definition service” • You can also define hierarchical groups up to two levels.  “Add” in “Configure interface group” • Different types of groups cannot be mixed. For example, an address group cannot contain a service group. FWX120 Operation Manual  85...
Page 86 From “Basic configuration page”, click the buttons  “Advanced settings” in the top page on the setup screen in the following order:  “Configure” in “Configure policy filter”  “Advanced settings” in the top page  “Execute” of the interface for which you want to  “Configure” in “Configure policy filter” view the policy filter  “Execute” of the interface for which you want to (Click “Execute” of “Configure and view status view the policy filter of IPv4 policy filter” if IPv4 addresses are used (Click “Execute” of “Configure and view status for connection, or “Execute” of “Configure and of IPv4 policy filter” if IPv4 addresses are used view status of IPv6 policy filter” if IPv6 addresses for connection, or “Execute” of “Configure and are used.) view status of IPv6 policy filter” if IPv6 addresses  “Configure” in “List of group and user definition are used.) service”  “Configure” in “List of group and user definition  “Add” in “Configure service group” service”  “Add” in “Configure address group” 86  FWX120 Operation Manual...
Page 87: Creating A User Definition Service
To create a user definition service, specify the name of the service, a protocol, and a port in the “Configure user definition service” screen. For more details on the settings, click “Help” on the setup screen and refer to the description displayed. To open the “Configure user definition service” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Configure” in “Configure policy filter”  “Execute” of the interface for which you want to view the policy filter (Click “Execute” of “Configure and view status of IPv4 policy filter” if IPv4 addresses are used for connection, or “Execute” of “Configure and view status of IPv6 policy filter” if IPv6 addresses are used.)  “Configure” in “List of group and user definition service”  “Add” in “Configure user definition service” FWX120 Operation Manual  87...
Page 88: Detecting Unauthorized Accesses And Warning
• As this function detects accesses that are similar to intrusions/attack patterns, some Server unauthorized accesses may not be detected due to timing or a range of other reasons. On the other hand, a detected pattern does not automatically mean that a serious unauthorized access has occurred. Please understand this and use this function only as a guide for your security management. • This function can apply to each interface. • Using this function decreases the speed of accessing the Internet, etc. 88  FWX120 Operation Manual...
Page 89: Configuring Intrusion Detection System
The detection results of unauthorized access attempts are also output to Syslog in Info level (page 160). For more details on the types of unauthorized access that this function can detect and its settings, click “Help” on the setup screen and refer to the description displayed. To open the “Configure Intrusion Detection System” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Configure” in “Configure Intrusion Detection System”  “Configure” of the interface for which you want to configure Intrusion Detection System FWX120 Operation Manual  89...
Page 90 Enhancing security To open the “Status of Intrusion Detection System” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Execute” in “Status of Intrusion Detection System”  “Execute” of the interface for which you want to view the status of Intrusion Detection System 90  FWX120 Operation Manual...
Page 91: Allowing Communication From Registered Terminals Only (Dhcp Authentication)
Fixed IP address Fixed IP address Assigned by DHCP NOTE The DHCP authentication function uses MAC address filtering together, which blocks communication that is not allowed even if unregistered terminals have fixed IP addresses configured. • You can configure two logical networks (primary and secondary networks) in one physical network that clients connect to. In this situation, use the dhcp scope lease type command to assign IP addresses for the primary network to registered terminals and ones for the secondary network to unregistered terminals. By doing so, you can separate the registered and unregistered terminals. • With this function, each client can be configured to have different access rights. For example, registered terminals can be configured to allow access to all networks in and outside of the company, whereas unregistered terminals can be configured to allow access to only specific segments in the company network. • Refer to “Command reference” (included in the attached CD-ROM) for more details on the dhcp scope lease type command. FWX120 Operation Manual  91...
Page 92: Configuring The Dhcp Server
From “Basic configuration page”, click the buttons on the setup screen in the following on the setup screen in the following order: order:  “Advanced settings” in the top page  “Advanced settings” in the top page  “Configure” in “Configure DHCP”  “Configure” in “Configure DHCP” In the “Terminal management” section of the “Configure DHCP authentication” screen, select “Enable” and then click “Submit” . 92  FWX120 Operation Manual...
Page 93: Registering Terminals One-By-One
For more details on the settings, click “Help” on the setup screen and refer to the description displayed. To open the “Regist the terminal for DHCP authentication” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page For more details on the settings, click “Help” on the setup screen and refer to the description displayed.  “Configure” in “Configure DHCP”  “Configure” in “Configure DHCP authentication” To open the “Configure DHCP authentication”  “Add” in the “Terminal management” section screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Configure” in “Configure DHCP”  “Configure” in “Configure DHCP authentication” FWX120 Operation Manual  93...
Page 94: Viewing The Connection Status Of Terminals
Viewing the connection status of terminals In the “Terminal management” section of the “Configure DHCP authentication” screen, you can view the current status of terminals. For more details on the status of terminals, click “Help” on the setup screen and refer to the description displayed. To open the “Configure DHCP authentication” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Configure” in “Configure DHCP”  “Configure” in “Configure DHCP authentication” 94  FWX120 Operation Manual...
Page 95: Limiting Web Access (Url Filter)
Enhancing security Limiting Web access (URL filter) The product can use URL filters to limit Web access from clients within the network. URL filter The filter uses all or parts of a given URL specified by your administrator as a keyword to limit access to URLs containing the string that matches the keyword. It can also block Web access over HTTPS when the product runs as a proxy server. Internet Pass × A URL that includes the keyword “adult” Block Internal database Provider UP LINK FWX120 Operation Manual  95...
Page 96: Configuring A Url Filter
For more details on the settings, click “Help” on the setup screen and refer to the description displayed. For more details on the settings, click “Help” on the To open the “Common URL filter setting” setup screen and refer to the description displayed. screen From “Basic configuration page”, click the buttons To open the “Configure URL filter proxy” on the setup screen in the following order: screen From “Basic configuration page”, click the buttons  “Advanced settings” in the top page on the setup screen in the following order:  “Configure” in “Configure URL filter”  “Advanced settings” in the top page  “Configure” in “Common URL filter setting”  “Configure” in “Configure URL filter”  “Configure” in “Configure URL filter proxy” 96  FWX120 Operation Manual...
Page 97: Configuring A Url Filter For Each Interface
Viewing the operating networks, such as the IN direction of the LAN1 interface or the OUT direction of the LAN2 interface. status of URL filters Configure a URL filter The “URL filter status” screen enables you to view In the “[Register URL filter]” screen, add keywords how many times the URL filters worked. or URLs used to limit access. The operating status of the URL filters is also output to Syslog in Notice level (page 160). For more details on the settings, click “Help” on the setup screen and refer to the description displayed. To open the “URL filter status” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Execute” in “View URL filter statistics”  “Execute” of the interface for which you want to view the status of a URL filter FWX120 Operation Manual  97...
Page 98: Running A Port Scan To Determine Which Ports Are Open Or Closed
To open the “One click diagnosis” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Execute” in “Security diagnosis”  “Execute” in “One click diagnosis” For more details on the settings, click “Help” on the setup screen and refer to the description displayed. To open the “Base configuration of security diagnosis” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Execute” in “Security diagnosis”  “Configure” in “Base configuration of security diagnosis” 98  FWX120 Operation Manual...
Page 99 Verify the setting by specifying information such as interfaces, protocols, and source IP addresses (custom diagnosis) Verify the settings in the “Custom diagnosis” screen. This function is useful if you check whether a specific problem occurs when, for example, a new service is installed in the network or the network configuration has been changed. For more details on the settings, click “Help” on the setup screen and refer to the description displayed. To open the “Custom diagnosis” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Execute” in “Security diagnosis”  “Execute” in “Custom diagnosis” FWX120 Operation Manual  99...
Page 100: Restricting Hosts That Can Change Product Settings
IP addresses of hosts that can access the product for each individual service, you can also restrict the number of users allowed to connect simultaneously. For more details on the settings, click “Help” on the setup screen and refer to the description displayed. To open the “Configure users and access limits” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Configure” of “Configure users and access limits(HTTP, TELNET, SSH, SFTP)” 100  FWX120 Operation Manual...
Page 101: Registering Users Logging In The Product
To open the “Configure nameless user” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page For more details on the settings, click “Help” on the setup screen and refer to the description displayed.  “Configure” of “Configure users and access limits(HTTP, TELNET, SSH, SFTP)” To open the “Add user” screen  “Configure” of the “Nameless user” field From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Configure” of “Configure users and access limits(HTTP, TELNET, SSH, SFTP)”  “Configure” of the “Number of registered users” field FWX120 Operation Manual  101...
Page 102: Implementing Site-To-Site Vpn Connections
Creating a Virtual Private Network (VPN) using IPsec (IPsec LAN-to-LAN connection) NOTE This function cannot be used if the product is used as a transparent mode firewall. You can create a Virtual Private Network (VPN) to connect LANs if the product is connected to a broadband Internet connection. LAN-to-LAN connection using IPsec ensures secure connection via the Internet. A VPN can be created using conventional broadband connections such as ADSL. Thus, VPNs are cheaper than real private networks using dedicated lines. The LAN-to-LAN connection of the product supports TCP/IP server software. Internet Create a VPN using IPsec. 102  FWX120 Operation Manual...
Page 103 • The product supports both Main Mode and Aggressive Mode. However, you cannot freely choose a mode. - If the both routers that form a VPN have fixed global IP addresses, use the Main Mode. If only one router has a fixed global IP address (e.g., a dial-up VPN), use the Aggressive Mode. - When using the Main Mode, it will be necessary to configure the IP address of the router on the other side. - When using the Aggressive Mode, the settings depend on whether or not the routers have fixed global IP addresses. • For information on the IPsec specifications and configuration commands of the product, please refer to “Command reference” (included in the attached CD-ROM). FWX120 Operation Manual  103...
Page 104 Transport mode This is a special communications mode that ensures the security of communications in which the router itself is the start or end point. This mode can be used in a special case where a router accesses a remote router using telnet. Before configuring the settings • To connect LANs, it will be necessary to configure a different network address for each LAN to avoid overlapping. Change the product's LAN network address in advance. • To attach the product to a LAN with a different network address assigned, change the configuration of the product according to the network you install. Refer to “Configuring the IP address on the LAN1 side” (page 45) for more details. 104  FWX120 Operation Manual...
Page 105 • For the IPsec connection, both sites must have the same pre-shared key. • A pre-shared key is a password that provides Configure the required settings and then important information. Any pre-shared key must be click “Submit”. long and not easily guessed by outsiders. Use a combination of alphanumeric characters, lower and The connection destination is registered. upper case, and symbols. Great care is needed in For more details on the settings, click “Help” managing these keys. on the setup screen and refer to the description displayed. FWX120 Operation Manual  105...
Page 106: Gaining Remote Access Using L2Tp/Ipsec
Implementing site-to-site VPN connections Gaining remote access using L2TP/IPsec NOTE This function cannot be used if the product is used as a transparent mode firewall. The product supports L2TP (Layer-2 Tunneling Protocol)/IPsec. If it is connected to a broadband connection, it works as a virtual private network (VPN), allowing users in remote locations (like on the road) to access to a PC on the LAN. IPsec VPN connections are more secure than PPTP. For remote access, register remote users' user IDs and passwords with the product and configure VPN connections on a remote PC. Internet Gain remote access using L2TP/IPsec. 106  FWX120 Operation Manual...
Page 107 - 10.0.0.0 - 10.255.255.255 - 172.16.0.0 - 172.31.255.255 - 192.168.0.0 - 192.168.255.255 • Change the settings of a smartphone that • When using the remote access, be sure to configure remotely accesses a PC (pages 110 and 112). adequate security settings to maintain data integrity. Inadequate security settings may cause PCs in the LAN to be hacked, sniffed, intercepted, or destroyed, or their data to be lost. • The remote access function of the product does not support Windows NetBEUI protocol or Apple's Mac OS AppleTalk protocol. • To share files in Windows, you need to use NetBIOS over TCP/IP protocol or have a Windows Internet Name Service (WINS) server. • To share files in Macintosh, open System Preferences, select “Sharing” and select “Personal File Sharing” check box. FWX120 Operation Manual  107...
Page 108 IPsec tunnel connections at a time, including the used for authentication. ones used in PP connections. On the top page of “Basic configuration page”, click “Advanced settings”, then click “Configure” to the right of “Configure VPN connection”. Click “Add ” to the right of the destination you want to register. 108  FWX120 Operation Manual...
Page 109 PCs on the LAN to gain external access. Changing the settings of the file server software Configure a network share on a server or a PC exposed to the Internet and set folders, user IDs and passwords exposed to the Internet. (Example of screen displayed when “PP” is selected in Step 3) FWX120 Operation Manual  109...
Page 110 Gaining remote Tap on “VPN”. access via iOS NOTE Some screens may differ depending on the version of your terminal. Changing the settings for a device (such as a smartphone) that remotely accesses a PC Tap on “Settings”. Tap on “Add VPN Configuration”. Tap on “General”. 110  FWX120 Operation Manual...
Page 111 Now, the setting up of a remote access connection is complete. Description Type “Yamaha-vpn” as the L2TP client name. Server Enter the host address obtained with the netvolante DNS service or the WAN IP address of the product. Account Enter the connection user ID you set in Step 4 on page 109. RSA SecurID Set it to Off. Password Enter the connect password you set in Step 4 on page 109. Secret Enter the pre-shared key that is configured on the product. Send All Traffic Set it to On. Proxy Set it to Off. FWX120 Operation Manual  111...
Page 112 Some of the screens on your terminal may differ from Tap on “General”. the screens used to describe the operations on Android. Tap on “VPN”. Changing the settings for a device Tap on “Yamaha-vpn” and slide “VPN” (such as a smartphone) that remotely accesses a PC Press the Home icon, press “Menu” and tap on “Settings”. VPN connection to the product now begins.
Page 113 Tap on “+” to display the screen for adding the VPN profile. Enter necessary setup information. Name Type “Yamaha-vpn” as the L2TP client name. Server address Enter the host address obtained with the netvolante DNS service or the WAN IP address of the product. IPSec pre-shared key Enter the pre-shared key that is configured on the product. FWX120 Operation Manual  113...
Page 114 Implementing site-to-site VPN connections Gaining remote access using L2TP/IPsec (Continued from the previous page) Tap on “Save”. The “Connect to Yamaha-vpn” screen is displayed. Now, the setting up of a remote access connection is complete. Accessing the product Connect the product to the broadband network.
Page 115: Gaining Remote Access Using Pptp
Implementing site-to-site VPN connections Gaining remote access using PPTP NOTE This function cannot be used if the product is used as a transparent mode firewall. The product supports PPTP (Point to Point Tunneling Protocol). If it is connected to a broadband connection, you can use it as a virtual private network (VPN) router to access to a PC on the LAN from a remote location. For remote access, register remote users' user IDs and passwords with the product and configure VPN connections on a remote PC. Internet Gain remote access using PPTP. FWX120 Operation Manual  115...
Page 116 TCP/IP protocol or have a Windows Internet When a PPTP server is installed inside of a Name Service (WINS) server. firewall or when using NAT in combination with a • To share files in Macintosh, open System Preferences, remote access VPN server, be sure to pass TCP select “Sharing” and select “Personal File Sharing” port number 1723 and GRE protocol number 47. check box. For details, contact your network administrator. • A disconnection timer monitors the communication and a PPTP session is disconnected if data does not pass through a PPTP tunnel for a certain amount of time. • The product does not support PPP forwarding. 116  FWX120 Operation Manual...
Page 117 LAN • Configure a fixed private IP address. • Change the settings of the file server software. Click “Add ” to the right of the destination you want to register. Settings required for a PC for remote accessing • Changing the configurations of a PC that is remotely accessed (pages 119 and 122). FWX120 Operation Manual  117...
Page 118 Changing the settings of the file server software Configure the settings required and then Configure a network share on a server or a PC click “Submit”. exposed to the Internet and set folders, user IDs and passwords exposed to the Internet. The connection destination is registered. For more details on the settings, click “Help” on the setup screen and refer to the description displayed. (Example of screen displayed when “PP” is selected in Step 3) 118  FWX120 Operation Manual...
Page 119 Select “Don't connect now, just set it up so I can connect later” and then click “Next”. Click “Create” button. Click “Close” button. Now, the setting up of a remote access connection is complete. Click “Use my Internet connection (VPN)”. FWX120 Operation Manual  119...
Page 120 DNS service or the WAN encryption (disconnect if server declines)”. IP address of the product has been • If “Non-encrypted access allowed” is entered in “Host name or IP address of selected with the product: Select your destination”. desired encryption level. If you selected “Anonymous” as an encryption mode you want to use in Step 3 on page 118, select your desired encryption level. 120  FWX120 Operation Manual...
Page 121 To disconnect the connection Unchecked Clicking “Disconnect” ends the connection with the product. NOTE Windows 7 does not support Microsoft CHAP Version 1 (MS-CHAP). Check the settings you configured in Step 4 on page 118. Click “OK” in the “VPN_PPTP Properties” window and close the window. FWX120 Operation Manual  121...
Page 122 Select “Don't connect now, just set it up so I can connect later” and then click “Next”. Click “Create” button. Click “Close” button. Now, the setting up of a remote access connection is complete. Click “Use my Internet connection (VPN)”. 122  FWX120 Operation Manual...
Page 123 IP address of the product has been encryption (disconnect if server declines)”. entered in “Host name or IP address of • If “Non-encrypted access allowed” is destination”. selected with the product: Select your desired encryption level. If you selected “Anonymous” as an encryption mode you want to use in Step 3 on page 118, select your desired encryption level. FWX120 Operation Manual  123...
Page 124 Clicking “Disconnect” ends the connection with Windows Vista does not support Microsoft CHAP the product. Version 1 (MS-CHAP). Check the settings you configured in Step 4 on page 118. Click “Networking” tab and then select “Automatic” for “Type of VPN”. Click “OK” in the “VPN_PPTP Properties” window and close the window. 124  FWX120 Operation Manual...
Page 125: Creating A Virtual Private Network (Vpn) Using Pptp (Pptp-Lan-To-Lan Connection)
Creating a Virtual Private Network (VPN) using PPTP (PPTP-LAN-to-LAN connection) NOTE This function cannot be used if the product is used as a transparent mode firewall. You can create a Virtual Private Network (VPN) through PPTP to connect LANs if the product is connected to a broadband Internet connection. A VPN can be created using conventional broadband connections such as ADSL. Thus, VPNs are cheaper than real private networks using dedicated lines. The LAN-to-LAN connection of the product supports TCP/IP server software. Internet Create a Virtual Private Network (VPN) using PPTP. FWX120 Operation Manual  125...
Page 126 NOTE configuration of the product according to the • Because PPTP tunnels are to be configured with network you install. Refer to “Configuring the IP the product connected to a broadband connection, it will be necessary to configure the broadband address on the LAN1 side” (page 45) for more connections before setting up the LAN-to-LAN details. 126  FWX120 Operation Manual...
Page 127: Product
“Advanced settings”, then click “Configure” to the right of “Configure VPN connection”. Configure the required settings and then click “Submit”. The connection destination is registered. For more details on the settings, click “Help” on the setup screen and refer to the description displayed. Click “Add ” to the right of the destination you want to register. FWX120 Operation Manual  127...
Page 128: Product
On the top page of “Basic configuration page”, click “Connect” to the right of the PPTP settings you want connect to under “LAN-to-LAN connection”. Connect to the registered PPTP server to create a PPTP-LAN-to-LAN connection. To disconnect a PPTP-LAN-to-LAN connection: Click “Disconnect” under “LAN-to-LAN connection” on the top page of “Basic configuration page”. NOTE Clicking “Disconnect” only ends a PPTP session and the connection with your provider is not terminated. 128  FWX120 Operation Manual...
Page 129: Maximizing Use Of The Product
 “Advanced settings” in the top page • So far as representative software programs are  “Configure” of “Detailed basic connection setting” concerned, you can click “Help” in the “Register  “Configure” of the destination of which settings static IP masquerade” screen to confirm the port number to be used and other setting examples. you want to change from “Configured providers list”  “Add” in the “Static IP masquerade” field FWX120 Operation Manual  129...
Page 130 To open the “Register/Modify provider” screen Assign a fixed private IP address to the PC for From “Basic configuration page”, click the buttons which you want to permit external access. on the setup screen in the following order:  “Advanced settings” in the top page 2. Specify the address of the DMZ  “Configure” of “Detailed basic connection setting” host.  “Configure” of the destination of which settings you want to change from “Configured providers In the “Register/Modify provider” screen, set the list” DMZ host IP address. For more details on the settings, click “Help” on the setup screen and refer to the description displayed. 130  FWX120 Operation Manual...
Page 131: Using The Netvolante Dns Service
IP address to the netvolante DNS service. If the server IP address has changed, the new address is notified to the netvolante DNS service. Users who want to access the server do not have to xxx.netvolante.jp concern about the IP address. xxx.xxx.xxx.xxx FWX120 Operation Manual  131...
Page 132 It cannot be set for network connection or LAN-to-LAN connection. Even for terminal CATV provider connection, it cannot be set if the IP address is fixed on the WAN side. • Only a single host address can be obtained for a unit of the product. • Note that your desired host name is not always available. • Lookup of the obtained host address is possible, but reverse lookup is not possible. • The netvolante DNS service uses a Yamaha original protocol, and the obtained host address cannot be For more details on the settings, click “Help” on the registered with external dynamic DNS servers. setup screen and refer to the description displayed. • The netvolante DNS service can be used only in an environment where a global IP address is assigned by a provider. Note that the following IP addresses To open the “Configure NetVolante DNS host are not global IP addresses: - 10.0.0.0 - 10.255.255.255...
Page 133: Publishing A Server
You can use the netvolante DNS service to publish number and the server IP address (Static IP and operate a server even when using a connection masquerade, page 134). service that cannot assign a fixed global IP address. Please refer to “Using the netvolante DNS service” (page 131) for more information. Server settings: • Set the server IP address. • Change the settings of Web, ftp, and other file server software programs according to the services to be published. FWX120 Operation Manual  133...
Page 134 “Help” in the “Register static IP masquerade” screen to confirm the port number to be used and other setting examples. For more details on the settings, click “Help” on the setup screen and refer to the description displayed. To open the “Register static IP masquerade” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Configure” of “Detailed basic connection setting”  “Configure” of the destination of which settings you want to change from “Configured providers list”  “Add” in the “Static IP masquerade” field 134  FWX120 Operation Manual...
Page 135: Using Mail Notification
For the authentication methods that the provider Mail server Router supports, contact your provider. Relatively safe • If your e-mail software is configured to leave password flow e-mails on the server, it means that new e-mails arrive every time e-mails are checked. If you Risk of information FWX120 want to know exactly whether new e-mails are on leakage Risky the server, make a change to the configuration password flow of your e-mail software so that received e-mails are removed from the server. FWX120 Operation Manual  135...
Page 136 From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page To open the “Configure content of  “Configure” of “Configure mail notifications” notifications” screen  “Add” in the “Configure mail server” field From “Basic configuration page”, click the buttons on the setup screen in the following order: To delete the registration of mail  “Advanced settings” in the top page server  “Configure” of “Configure mail notifications”  “Add” in the “Configure content of notifications” In the “Configure mail notifications” screen, click field “Delete” of the mail server of which registration you want to delete. 136  FWX120 Operation Manual...
Page 137: Using In The Ipv6 Environment
IPv4 to IPv6, and an appropriate transition technology is required for each step. As transition technologies, the product supports “IPv6 over IPv4 tunneling” for connecting an IPv6 network via an IPv4 network, and “IPv4 over IPv6 tunneling” for connecting an IPv4 network via an IPv6 network. Check configuration information from the provider When you contract an IPv6 connection service, the provider provides the following information: • Prefix (Address block) • Connection method (native connection/dual- stack connection/tunnel connection) • Tunnel terminal address (for tunnel connection) • Routing control method (whether to use RIPng. RIPng is not used unless specifically described.) • Method to check connection (address of the other side of ping, website to be browsed, etc.) FWX120 Operation Manual  137...
Page 138 • T he LAN1 address is “fec0:12ab::1/64”. • T o execute ping to the LAN1 address of the From “Basic configuration page”, click the buttons product, enter “ping fec0:12ab::1” from the on the setup screen in the following order: command prompt of the PC and press the Enter  “Advanced settings” in the top page key.  “Configure” of “Configure IPv6” Check the connection between LAN and WAN. Execute ping to the provider, view the special website, or take other checking procedure specified by the provider. 138  FWX120 Operation Manual...
Page 139: Changing The Operation Settings Of Upnp Function
Windows Live Messenger that on the setup screen in the following order: requires the UPnP environment, it may take some time to communicate with the product. In this case,  “Advanced settings” in the top page register the connection provider or stop the UPnP  “Configure” of “Configure UPnP” function. • If Windows Live Messenger is exited and started repeatedly, or the UPnP function information becomes different between the PC and the product after the product has been restarted or the line has been disconnected, the connection may not be established normally. In this case, sign out Windows Live Messenger once with the line connected, and then restart it. If you still cannot establish the connection, restart the PC. FWX120 Operation Manual  139...
Page 140 Click “Change advanced sharing • If this option is selected, the UPnP function settings”, and confirm whether “Turn is available in the PC. on network discovery” is selected under • If this option is not selected, select it and “Network discovery”. then click “Apply”. • If this option is selected, the UPnP function is available in the PC. • If this option is not selected, select it and then click “Save changes”. 140  FWX120 Operation Manual...
Page 141: Controlling Yamaha Switches
Maximizing use of the product Controlling Yamaha switches From the setup screen of the product, you can Click “Submit”, then click “Return to change settings or check the status of Yamaha top”. switches. To change settings or check the status of Yamaha In the “Switch control” screen, click switches, take the following steps. “Execute” of the LAN interface to which Yamaha switches are connected.
Page 142: Operating And Managing The Product
Using the Web browser of PC (pages 17 and 36) If a PC is connected to the product, you can use the Web browser to open “Basic configuration page” included in the product to view the product status or configure various function settings. Using console commands (page 143) You can use TELNET or SSH software to enter commands from the console screen to check the product status or configure various functions. You can also enter commands from a PC connected to the console port of the product using a serial cable. Using console commands enables you to configure more detailed settings than using other methods. 142  FWX120 Operation Manual...
Page 143: Configuring Setting With Console Commands
Please refer to “Command reference” (included in the attached CD-ROM) for more details on console commands. NOTE For more details on the settings, click “Help” on the setup screen and refer to the description displayed. You should fully understand the behavior of a console command before using it. After configuring a setting in To open the “Add user” screen “Basic configuration page”, if you change the setting with a console command, an unintended operation may From “Basic configuration page”, click the buttons be resulted. Be sure to check whether the command on the setup screen in the following order: behaves as you intended after changing the setting.  “Advanced settings” in the top page  “Configure” of “Configure users and access The product can be configured with console commands limits(HTTP, TELNET, SSH, SFTP)” from a PC that is connected to the console port of the  “Configure” of “Number of registered users” in product using a serial cable (page 146). the “Configure user and password” field FWX120 Operation Manual  143...
Page 144 When “Password:” is displayed, type in  “Advanced settings” in the top page the login password and press the Enter  “Configure” of “Configure users and access key. limits(HTTP, TELNET, SSH, SFTP)” If nothing appears on the screen, press the Connect with SSH Enter key once. The password to be entered here for TELNET Follow the instructions of the SSH software to be is the login password for anonymous users. used. 144  FWX120 Operation Manual...
Page 145 • To view the command list, type in “show command” and press the Enter key. Type in “administrator”, and press the Enter key. When “Password:” is displayed, enter the administration password. For more details on the settings, click “Help” on the When “#” is displayed, you can enter various setup screen and refer to the description displayed. types of console commands. To open the “Execute command” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Execute” of “Execute command” FWX120 Operation Manual  145...
Page 146: Using The Console Port
Connect the console port of the product to the serial port of your PC with a cross type serial cable. STANDBY LAN 1 LAN 2 CONSOLE LINK/DATA SPEED Console port One of the connectors attached to the serial cable must match the 9-pin D-sub male connector of the product, and the other connector must match the port type of your PC. 146  FWX120 Operation Manual...
Page 147: Using An External Memory Device
Hold down the USB button or microSD button for two seconds. The USB lamp or microSD lamp of the product goes off. Remove the external memory device. To open the “Configure external device” screen NOTE From “Basic configuration page”, click the buttons If loading the configuration file from the external device on the setup screen in the following order: fails, refer to “Unable to use USB device” (page 178).  “Advanced settings” in the top page  “Configure” of “Configure external device” FWX120 Operation Manual  147...
Page 148 From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Execute” of “Copy configuration and firmware files” In the “Copied file name” field, select “Internal non-volatile memory” and specify a config number. If you specify another external memory device instead of “Internal non-volatile memory”, you can copy the configuration file to the external device using the product. 148  FWX120 Operation Manual...
Page 149: Operating The Product Using A Configuration File In An External Memory Device
After the restart, the product automatically product can be started by using loads the configuration file specified in Step 1. a configuration file in an external device The content of the configuration file stored in the product is not overwritten. However, if you change In the “Startup via external memory” field on the a setting after the restart, the changed setting is “Configure external device” screen, select “allow”. overwritten to the configuration file stored in the product. NOTE If loading the configuration file from the external device fails, refer to “Unable to use USB device” (page 178). To open the “Configure external device” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Configure” of “Configure external device” FWX120 Operation Manual  149...
Page 150: Changing The Buzzer Settings
• When the status of a USB device changes • When the status of a microSD device changes For details on other buzzer settings, refer to various alarm settings in “Command reference” (included in the attached CD-ROM). You can change the buzzer settings on the “Configure machine” screen. For more details on the settings, click “Help” on the setup screen and refer to the description displayed. To open the “Configure machine” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Configure” of “Configure machine(Date/Time, buzzer)” 150  FWX120 Operation Manual...
Page 151: Viewing Statistics Graphs For Operating Status
CPU and internal memory, the number of FLOWs and routes, and the number of NAT entries, for the last 30 days. Configure resource statistics For more details on the settings, click “Help” on the setup screen and refer to the description displayed. The resource statistics is not displayed by default. In the “Configure resource statistics” screen, change the settings so that resource statistics is displayed, To open the “View resource statistics” and specify what information is displayed. screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Execute” of “View statistics”  “Execute” of the “Resource statistics” field For more details on the settings, click “Help” on the setup screen and refer to the description displayed. To open the “Configure resource statistics” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Configure” of “Configure statistics”  “Configure” of the “Resource statistics” field  “Configure” of “Configure resource statistics” FWX120 Operation Manual  151...
Page 152: Viewing Traffic Statistics
In the “View traffic statistics” screen, you can view traffic statistics. You can view statistics on traffic passing through each interface of the product for the last 30 days. Configure traffic statistics The traffic statistics is not displayed by default. In the “Configure traffic statistics” screen, change the settings so that traffic statistics is displayed. For more details on the settings, click “Help” on the setup screen and refer to the description displayed. For more details on the settings, click “Help” on the To open the “Configure traffic statistics” setup screen and refer to the description displayed. screen From “Basic configuration page”, click the buttons on the setup screen in the following order: To open the “View traffic statistics” screen  “Advanced settings” in the top page From “Basic configuration page”, click the buttons  “Configure” of “Configure statistics” on the setup screen in the following order:  “Configure” of the “Traffic statistics” field  “Advanced settings” in the top page  “Configure” of “Configure traffic statistics”  “Execute” of “View statistics”  “Execute” of the “Traffic statistics” field 152  FWX120 Operation Manual...
Page 153: Viewing How The Qos Function Is Working
(included in the attached CD-ROM) for more information. Configure QoS statistics For more details on the settings, click “Help” on the The QoS statistics is not displayed by default. In setup screen and refer to the description displayed. the “Configure QoS statistics” screen, change the settings so that QoS statistics is displayed. To open the “View QoS statistics” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Execute” of “View statistics”  “Execute” of the “QoS statistics” field For more details on the settings, click “Help” on the setup screen and refer to the description displayed. To open the “Configure QoS statistics” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Configure” of “Configure statistics”  “Configure” of the “QoS statistics” field  “Configure” of “Configure QoS statistics” FWX120 Operation Manual  153...
Page 154: Checking The Communication Status With The Status Lamp
• When you configure a provider connection or VPN When the problem is resolved connection (IPsec, L2TP/IPsec, or PPTP LAN-to- The STATUS lamp goes off. LAN connection) from “Basic configuration page”, the keep alive function is set to “enable” on the initial setup screen. • To check whether the keep alive function is enabled, view the setup screen of each connection. Example of setup screen for the “Terminal broadband connection over PPPoE” connection 154  FWX120 Operation Manual...
Page 155: Using The Latest Function (Revision Up)
Before upgrading the firmware, confirm “Concerning not formally assure normal operation. software license contracts when using the DOWNLOAD button” (page 8). If you change the “Allow for revision down” setting to “allow” on the “Execute revision up” screen of “Basic While upgrading the firmware using the DOWNLOAD configuration page”, you can downgrade the firmware button, you can check the status of the process with to an older version (Revision down). Please refer to the product lamps. the Help on the “Execute revision up” screen for more When a firmware upgrade process has begun after information. downloading the firmware, lamps on the front panel other than the POWER lamp flash in turn. FWX120 Operation Manual  155...
Page 156 You can hold down the DOWNLOAD button for down). three seconds to find a new revision of firmware. If a new revision of firmware is found, it is automatically downloaded to upgrade the existing firmware. To open the “Execute revision up” screen From “Basic configuration page”, click the buttons NOTE on the setup screen in the following order: If downloading the firmware or upgrading the existing  “Advanced settings” in the top page firmware fails, refer to “The DOWNLOAD button does not function” (page 177).  “Execute” of “Execute revision up” When the firmware has been upgraded When the firmware has been upgraded The product restarts. The product restarts. 156  FWX120 Operation Manual...
Page 157 Hold down the USB button or microSD button for two seconds. The USB lamp or microSD lamp of the product goes off. Remove the external memory device. NOTE To open the “Configure external device” screen If upgrading the firmware from the external device fails, refer to “Unable to use USB device” (page 178). From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Configure” of “Configure external device” FWX120 Operation Manual  157...
Page 158 If upgrading the firmware from the external device fails, refer to “Unable to use USB device” (page 178). To open the “Copy configuration and firmware files” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Execute” of “Copy configuration and firmware files” Click “Execute”. A confirmation screen appears. 158  FWX120 Operation Manual...
Page 159 In the “Startup via external memory” field on the The firmware stored in the product is not overwritten. “Configure external device” screen, select “allow”. NOTE If loading the firmware file from the external device fails, refer to “Unable to use USB device” (page 178). To open the “Configure external device” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Configure” of “Configure external device” FWX120 Operation Manual  159...
Page 160: Checking The Configuration Information And Log Of The Product
If you want to transfer the configuration file edited in your PC to the product, copy the content of the configuration file in text format to the clip board in advance, and then paste it to the “Execute command” screen (page 145). 160  FWX120 Operation Manual...
Page 161  “Advanced settings” in the top page  “Execute” of “Copy configuration and firmware files” In the “Copied file name” field, enter a file name used to save the configuration information of the product to the external memory device. Click “Execute”. A confirmation screen appears. FWX120 Operation Manual  161...
Page 162 To open the “Configure external device” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Configure” of “Configure external device” You can encrypt the log by selecting the “encrypt” check box. (The password entered on this screen will be required to load the encrypted log.) Click “Submit”. The product log is written to the external device. Subsequently, the product log continues to be written to the external memory until you stop saving the log. Refer to “Notes on the log to be saved” (page 163) for more details on the capacity and other information related to the log to be written. 162  FWX120 Operation Manual...
Page 163 NOTE • The log is not recorded immediately after the start, immediately after inserting a USB memory stick, and Restriction of backup file right before removing the USB memory stick. If the number of backup files has reached the • The log cannot be written to the USB memory stick until it is ready to be written. defined upper limit, or the memory in the external • If saving of the log to the external device fails, refer memory device is full, the oldest backup file is to “Unable to use USB device” (page 178). deleted. NOTE If the external memory device does not have sufficient free space, the defined log file size or number of backup files may be different from that actually generated. FWX120 Operation Manual  163...
Page 164: Customizing The Operation According To Your Environment (Lua Script/Custom Gui)
Please note that, Lua scripts if the internal non-volatile memory fails because of excessively frequent writing operation, in-warranty repair will not apply even within warranty period. You can run Lua scripts in the product. Embedding APIs unique to Yamaha routers into Lua scripts enables you to change settings or program actions • Please refer to http://www.lua.org/ for more details on according to the product status. Lua scripts. For more details on the specifications of the original Lua language, please refer to the Lua 5.1 Reference Manual (http://www.lua.org/manual/5.1/).
Page 165: Custom Gui
Operating and managing the product Custom GUI You can design original GUIs (user interfaces supporting your Web browser) for configuring the product settings, and embed them into the browser (Custom GUI). • As the product prepares the interface used for transferring settings from the host via HTTP, you can create GUIs using JavaScript. • Embedding multiple custom GUIs enables you to switch screens according to the logged-in user, for example. • This is convenient because you can control the rights to access to the product, and also use the restriction of access to functions by changing GUIs. • Please refer to the following URL for more details on how to specify custom GUIs: http://www.yamaha.com/products/en/network/ FWX120 Operation Manual  165...
Page 166: Troubleshooting
Refer to the individual pages that explain each symptom. • Q1: L amps are off (page 167) • Q2: S etting failed with the “Basic configuration page” (page 169) • Q3: I nternet connection cannot be established (page 171) • Q4: V PN communication cannot be established (page 173) • Q5: T he DOWNLOAD button does not function (page 177) • Q6: U nable to use USB device (page 178) • Q7: O ther problems (page 180) 166  FWX120 Operation Manual...
Page 167: Q1:Lamps Are Off
The LAN (network) card of Check that the LAN board (card) of • the PC does not function the PC is installed correctly, and it correctly, or the connection functions correctly. mode does not match with Check if the communication speed • that of the product. and connection (duplex) mode of the LAN board (card) of the PC matches with those of the product. FWX120 Operation Manual  167...
Page 168 The LAN2 lamp The ADSL modem, cable Power on. modem, or ONU is not does not light up. powered on. The product is not correctly Disconnect the plug from the LAN2 port connected to the ADSL of the product and from the ADSL, cable modem, cable modem, or modem, or ONU, and then reconnect ONU. the plugs until they clicks. The correct cable is not used. Use the same cable type that is used for connection of the ADSL modem, cable modem or ONU with the PC. 168  FWX120 Operation Manual...
Page 169: Q2:Setting Failed With The "Basic Configuration Page
The URL of the product is When the product is used for the first time, inappropriate. or after it has been restored to the factory default, access “http://192.168.100.1”. LAN is not specified for the In case of the Windows version of Internet connection path setting of the Explorer, if the dial-up connection Web browser of the PC. is enabled in “Internet Options” - “Connection” tab, you cannot access the “Basic configuration page”. Therefore, select “Never dial a connection”. Proxy server is used in the If the proxy setting is incorrect, the “Basic Web browser of the PC. configuration page” cannot be displayed. Check the proxy setting. FWX120 Operation Manual  169...
Page 170 You have entered an invalid Enter a correct value. value or one that is outside the allowable range. The password The “User name” field Some Web browsers require user name is empty in the screen entry to save password. In this case, cannot be prompting you to enter the enter an arbitrary character string. saved in the user name and password. Web browser when opening the “Basic configuration page”. 170  FWX120 Operation Manual...
Page 171: Q3:Internet Connection Cannot Be Established
(page 80) or whether unnecessary policies are applied, and if necessary, make modifications to the application of the policies. • Check whether inbound filters (page 77) and policy filters (page 80) block ports for http communication or whether URL filters (page 95) filter websites you specified for viewing, and if necessary, make modifications to filter settings. FWX120 Operation Manual  171...
Page 172 (page 45). In this case, various filters of the product must be applied again. The network setting of the PC • Try again to set the LAN board and is inappropriate. LAN card settings, and restart the • Reacquire the IP address. The line, provider, or the Web Transmission rate is very slow in some server is overloaded. time zones. If the rate remains very slow for a long period of time compared to the line speed, contact your carrier or provider. 172  FWX120 Operation Manual...
Page 173: Q4:Vpn Communication Cannot Be Established
• Check the setting of the application in the PC connected to the software used for communication. destination LAN. • If the Firewall function is enabled in the PC, change the Firewall setting so as not to block packets used for communication. In Windows 7, on the window that appears by clicking “Start” - “Help and Support”, enter “Firewall” in the search field, and carry out a search. Relevant information is displayed. Troubleshoot according to the instruction. FWX120 Operation Manual  173...
Page 174 PPP authentication are correct. If user ID or password is not correct, change to the correct one. • For the configuration of the terminal, refer to the manual of the terminal. Communication with the Execute the ping command to the destination c annot be destination IP address, and check established. whether a response is returned. If no response is returned, check whether communication is enabled in the destination device. 174  FWX120 Operation Manual...
Page 175 “Q3 Internet the PPTP tunnel connection cannot be established” connection. (page 171). Communication cannot Execute the ping command to the be established with the destination IP address of PPTP, and destination of PPTP check whether a response is returned. connection. If no response is returned, check whether communication is enabled in the destination device. FWX120 Operation Manual  175...
Page 176 Configure the correct destination has been configured. LAN network address for the routing information. The setting is not correct • Check the setting of the application in the PC connected to the software used for communication. destination LAN. • If the Firewall function is enabled in the PC, change the Firewall setting so as not to block packets used for communication. In Windows 7, on the window that appears by clicking “Start” - “Help and Support”, enter “Firewall” in the search field, and carry out a search. Relevant information is displayed. Troubleshoot according to the instruction. 176  FWX120 Operation Manual...
Page 177: Q5:The Download Button Does Not Function
DOWNLOAD button”, and change the setting to permit upgrading. The latest version of the Use as it is. firmware is used. The lamps in the The firmware is being written Wait a while. Do not disconnect the to the non-volatile memory cable or power off. front side start to (normal operation). light up in turn. FWX120 Operation Manual  177...
Page 178: Q6:Unable To Use Usb Device
The amount of data in the Reduce the amount of data in the syslog syslog is too large to write by changing the save mode of log or to the USB memory stick in others. time. If a USB 1.1-compatible USB memory stick is used, the symptom may be improved by using a USB 2.0-compatible USB memory stick. 178  FWX120 Operation Manual...
Page 179 Manually copy the firmware, and then configuration file manually restart the product. configuration by entering a command, the file has been setting is not reflected in the copied manually actual operation. by entering a command, the setting is not reflected. FWX120 Operation Manual  179...
Page 180: Q7:Other Problems
IP address is assigned to the product. Communication Internet connection may Troubleshoot according to the be made automatically by explanation of “Communication charges charges are software or a device of the of the USB data communication terminal abnormal. PC (if the Internet connection are abnormal” (page 181). is made by the auto-connect function). You have forgotten Troubleshoot by referring to “If you have forgotten the password” (page 187). the password. 180  FWX120 Operation Manual...
Page 181: Communication Charges Of The Usb Data Communication Terminal Are Abnormal
Failure to observe this could result in unexpected charges from your telephone carrier or provider. • Unexpected communication charges could occur according to the status (change in access point, maintenance, error, etc.) of the provider side. Please be sure to pay constant attention to any notifications you receive from your provider. • The screen and settings used here may vary by software version. FWX120 Operation Manual  181...
Page 182 192.168.100.2) reverse chronological order. If the communication • PP [01]: Provider No. class appears as PPxx, it is connected to the • 192.168.100.2: IP address of PC provider (or LAN-to-LAN connection pair). • xxx.xxx.xxx.xxx: Access destination IP address In this example, when a PC (192.168.100.2) in the LAN issues an inquiry for the host (windowsmedia. com) IP address of the Internet to the DNS server, auto connection to the provider is triggered. Access example 2 PP[01] IP Commencing : TCP 192.168. 100.2:1311 > xxx.xxx.xxx.xxx:80 In this example, when a PC (192.168.100.2) in the LAN issues an access request for the Internet host (xxx.xxx.xxx.xxx), auto connection to the provider is triggered. 182  FWX120 Operation Manual...
Page 183 PC is started fees each time. Close the Web browser each time, to prevent unintended Internet access. If there is any software that is started at the same time with the start of PC, depending on the setting, Internet access may be made every time the PC Subscription of contents is started. Check the software setting, and if auto If Internet Explorer feeds and Web Slices are used, update or other functions are enabled, change Internet connection is made at specified intervals the setting. to update the contents. You will be charged every time the contents are updated. Therefore, when you subscribe to any content, check the update intervals carefully. If you do not need such setting, cancel it. FWX120 Operation Manual  183...
Page 184 Automatic updating of operating system time the software is started, and you will be charged If the automatic updating function of the operating each time. system is enabled, access to the server on the If you do not need such setting, cancel it. Internet is made at regular intervals, and you will be charged each time. If you do not need such setting, Windows Media Player operating environment change it to manual update, and manually update setting while Internet connection is established. If you have installed Windows Media Player, Internet connection is made every time Media Player is opened to obtain the information in the guide page. Therefore, you will be charged each time. If you do not need such setting, cancel it according to the help page. 184  FWX120 Operation Manual...
Page 185: Initializing The Product Settings
Press the Enter key before the count If you want to restore the product settings to their down of “Will start automatically in ...” factory defaults, you can initialize the setting in the ends. “Restore default factory setting” screen. If the count down of “Will start automatically in ...” ends, the product will start with the normal procedure. If the product has started, power off the product once, wait for 10 seconds or more, and then power on again to operate. For more details on the settings, click “Help” on the setup screen and refer to the description displayed. To open the “Restore default factory setting” From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Execute” of “Restore default factory setting” FWX120 Operation Manual  185...
Page 186 When “#” appears, type in “cold start” microSD and then press the Enter key. button USB button The lamp at the front side of the main unit lights up and flashes several times. Turn the power on, wait for 3 seconds, and then press the three buttons; DOWNLOAD, microSD, and USB buttons. The product settings are initialized. 186  FWX120 Operation Manual...
Page 187: If You Have Forgotten The Password
“on” in the security class command. In this case, initialize the product settings according to “Initialize through button operation of the product” (page 186). Please refer to “Command reference” (included in the attached CD-ROM) for more details on the security class command. FWX120 Operation Manual  187...
Page 188: Annex
In the “This connection uses the Repeat Steps 1 to 10 on all PCs in the following items” field, click to select LAN, so that all PCs have different IP “Internet Protocol Version 4 (TCP/IPv4)”, addresses. and then click “Properties”. 188  FWX120 Operation Manual...
Page 189 Type in “ipconfig /renew”, and press the following items” field, click to select Enter key. “Internet Protocol Version 4 (TCP/IPv4)”, New IP address is assigned to the PC. and then click “Properties”. Repeat Steps 1 to 12 on all PCs in the LAN, so that all PCs have different IP addresses. FWX120 Operation Manual  189...
Page 190: Instructions On Transferring/Disposing Of The Product
For effective operation of the netvolante DNS service, your cooperation would be appreciated to delete the unnecessary netvolante DNS before transferring/disposing of the product. In the “Configure NetVolante DNS host address service” screen, click “Delete”. To open the “Configure NetVolante DNS host address service” screen From “Basic configuration page”, click the buttons on the setup screen in the following order:  “Advanced settings” in the top page  “Configure” of “Configure NetVolante DNS host address service” 190  FWX120 Operation Manual...
Page 191: License Terms And Conditions
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF or promote products derived from this software without MERCHANTABILITY AND FITNESS FOR A PARTICULAR specific prior written permission. PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXEMPLARY, OR CONSEQUENTIAL DAMAGES EXPRESS OR IMPLIED WARRANTIES, INCLUDING, (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, MERCHANTABILITY AND FITNESS FOR A PARTICULAR DATA, OR PROFITS; OR BUSINESS INTERRUPTION) PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE HOWEVER CAUSED AND ON ANY THEORY OF COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) EXEMPLARY, OR CONSEQUENTIAL DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THIS (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, OF SUCH DAMAGE. DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF Any feedback is very welcome. LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/emt.html OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) email: m-mat @ math.sci.hiroshima-u.ac.jp (remove space) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. FWX120 Operation Manual  191...
Page 192: Openssl License
Redistribution and use in source and binary forms, with (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT or without modification, are permitted provided that the OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, following conditions are met: DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 1. Redistributions of source code must retain the above LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, copyright notice, this list of conditions and the following OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) disclaimer. ARISING IN ANY WAY OUT OF THE USE OF THIS 2. Redistributions in binary form must reproduce the above SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY copyright notice, this list of conditions and the following OF SUCH DAMAGE. disclaimer in the documentation and/or other materials This product includes cryptographic software written by provided with the distribution. Eric Young (eay@cryptsoft.com). 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http:// www.openssl.org/)" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org. 5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project. 6. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)" 192  FWX120 Operation Manual...
Page 193 Permission to use, copy, modify, and distribute this following conditions are met: software and its documentation for any purpose and 1. Redistributions of source code must retain the copyright without fee is hereby granted, provided that the above notice, this list of conditions and the following disclaimer. copyright notice appear in all copies and that both that copyright notice and this permission notice appear in 2. Redistributions in binary form must reproduce the above supporting documentation, and that the name of CMU not copyright notice, this list of conditions and the following be used in advertising or publicity pertaining to distribution disclaimer in the documentation and/or other materials of the software without specific, written prior permission. provided with the distribution. CMU DISCLAIMS ALL WARRANTIES WITH REGARD 3. All advertising materials mentioning features or TO THIS SOFTWARE, INCLUDING ALL IMPLIED use of this software must display the following WARRANTIES OF MERCHANTABILITY AND FITNESS, IN acknowledgement: "This product includes NO EVENT SHALL CMU BE LIABLE FOR ANY SPECIAL, cryptographic software written by Eric Young (eay@ INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY cryptsoft.com)" The word 'cryptographic' can be left DAMAGES WHATSOEVER RESULTING FROM LOSS out if the rouines from the library being used are not OF USE, DATA OR PROFITS, WHETHER IN AN ACTION cryptographic related :-) . OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS 4. If you include any Windows specific code (or a derivative ACTION, ARISING OUT OF OR IN CONNECTION WITH thereof) from the apps directory (application code) THE USE OR PERFORMANCE OF THIS SOFTWARE. you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft. com)" FWX120 Operation Manual  193...
Page 194 Contact page http://www.yamaha.com/products/en/network/support/ Manual Development Department © 2016 Yamaha Corporation Published 03/2016 AB-A0...

Yamaha fwx120 Operation Manual

Chapter 1 Introduction

Chapter 2 Connecting (to an Existing Network) as a Transparent Mode Firewall

Chapter 3 Connecting to the Internet as a Router

Chapter 4 Enhancing Security

Chapter 5 Implementing Site-To-Site VPN Connections

Chapter 6 Maximizing Use of the Product

Chapter 7 Operating and Managing the Product

Chapter 8 Troubleshooting

Chapter 9 Annex

Quick Links

Related Manuals for Yamaha fwx120

Summary of Contents for Yamaha fwx120

Table of Contents