Getting Started
Getting Started Overview
This chapter shows you how to use the Zyxel Device’s various features.
• WiFi Network Setup - Choose the operation mode and set up a WiFi network.
• Limit Network Bandwidth for Each WiFi Client - Restrict the network bandwidth on a WiFi client.
• Network Security - Change the WiFi security, set up a RADIUS server, a rogue AP list, a friendly AP list, and a MAC filter list, and restrict users’ access on the network.
• Device Settings - Change the management IP address, the login password, and the system name.
• Device Maintenance - Upgrade firmware, download and restore the device configuration.
• Access to the Zyxel Device - Configure ways to access the Zyxel Device.
WiFi Network Setup
In this section, we show you how to:
Choose the Operation Mode
The Zyxel Device has different Operation Modes (OP modes) to act as different roles in a network. You can choose different OP modes for each radios. Not all OP modes are supported by all models. To choose the OP mode, go to Configuration > Wireless > AP Management.
The Zyxel Device supports the following OP modes:
• Choose AP Mode if you want WiFi clients to connect to the Zyxel Device.
• Choose Root AP Mode if you want the Zyxel Device to wirelessly extend your WiFi network and also allow WiFi clients to connect to the Zyxel Device.
• Choose Repeater Mode if you want the Zyxel Device to wirelessly extend your WiFi network (WDS).
Set Up a WiFi Network in AP Mode
This example uses the following parameters to set up a WiFi network.
PROFILE | |
|---|---|
SSID | Zyxel_Example |
Channel Selection | 36 |
Security Mode | wpa2 |
Pre-Shared Key | zyxel1234 |
802.11 Mode | 11ax |
1 Go to Configuration > Object > AP Profile > Radio > Add. Enter the profile name, select the 802.11 mode and select a channel (36 in this example) that is not used by another AP. Click OK.
2 Go to Configuration > Object > AP Profile > SSID > SSID List, select a SSID profile and click Edit to configure the SSID settings. Click OK.
3 Go to Configuration > Object > AP Profile > SSID > Security List to set the Security Mode by clicking Edit and enter the Pre-Shared Key. Click OK.
4 To see your current WiFi settings and check if the WLAN connection is up, go to Monitor > Wireless > AP Information.
5 You can now allow your WiFi clients to search for the Zyxel Device's SSID and connect to the Zyxel Device's WiFi.
Set Up a WiFi Network in Root AP/Repeater Mode
To wirelessly extend a WiFi network (WDS), you need two Zyxel Devices, one in Repeater mode and one in Root AP mode. You should already have the root AP set up.
The Zyxel Device in Root AP/Repeater mode cannot connect with other company’s APs.1 Go to Configuration > Object > WDS Profile in your root AP Web Configurator and click Add.
2 Enter a profile name, a WDS SSID, and a pre-shared key.
3 Go to Configuration > Wireless > AP Management, select the Radio WDS Profile of the radio on which you are setting the WDS connection to use the WDS profile you set, and click Apply.
4 Do steps 1 and 3 for the Zyxel Device in Repeater mode using the same WDS SSID and pre-shared key.
5 Once the security settings of the Zyxel Device in Root AP and Repeater modes match one another, the connection between the two Zyxel Devices is made.
If your Zyxel Device supports wireless bridging, you can extend a wired network from the port on the WiFi repeater, do the following steps:
6 Go to Configuration > Wireless > AP Management, select Setup WDS Wireless Bridging to enable WiFi bridge on the Zyxel Device in Repeater mode.
7 Connect the client device to the Zyxel Device’s LAN port with an Ethernet cable.
Make sure the VLAN settings on both the root AP and the WiFi repeater are exactly the same so they can communicate.When wireless bridge is enabled, WiFi interfaces for client devices will be disabled. You can only transmit data through the ports of the Zyxel Device in Repeater mode.To set up a WDS in APC-managed Zyxel Devices, see the ZyWALL ATP, USG FLEX, or NCC User’s Guide.
Set Up General and Guest WiFi Networks on Both Radios
The following example shows you how to create two WiFi networks (Zyxel_General and Zyxel_Guest) using the following settings for both Radio 1 (2.4 GHz) and Radio 2 (5 GHz). You should have already created two security profiles, Security_Profile1 and Security_Profile2, on the Configuration > Object > AP Profile > SSID > Security List screen. See Creating a Security Profile for a tutorial on creating security profiles.
For the Guest WiFi, enable Enable Intra-BSS Traffic blocking to prohibit Guest WiFi clients from directly connecting to each other. To separate the Guest WiFi network from the General internal WiFi network, create two VLANs, VLAN 10 and VLAN 20, on your firewall (F), such as ZyWALL. Set the General WiFi network to be in VLAN 10, where your internal network is. Set the Guest WiFi network to be in VLAN 20. This way, Guest WiFi clients will not be able to access the wired LAN network of the firewall (F) in VLAN 10 while still able to access the Internet.
General and Guest WiFi Networks
General | Guest | |
|---|---|---|
Profile Name | General | Guest |
SSID | Zyxel_General | Zyxel_Guest |
Band | 2.4 GHz/5 GHz | 2.4 GHz/5 GHz |
Security Profile | Security_Profile1 Security Mode: WPA3 Authentication: Personal Pre-Shared Key: zyxel1234 | Security_Profile2 Security Mode: WPA3 Authentication: Personal Pre-Shared Key: guest1234 |
VLAN ID | 10 | 20 |
Rate Limiting | 0 (unlimited) | Downlink: Up to 15 Mbps Uplink: Up to 10 Mbps |
Enable Intra-BSS Traffic Blocking | Disabled | Enabled |
Schedule SSID | No schedule | Monday-Friday: 09:00-17:00 |
1 Go to Configuration > Object > AP Profile > SSID > SSID List, click Add to create an SSID profile.
2 Configure the first SSID – Zyxel_General using the parameters given above, and then click OK.
3 Configure the second SSID – Zyxel_Guest using the parameters given above, and then click OK.
4 Go to Configuration > Wireless > AP Management. Click the first SSID Profile of Radio 1 (2.4 GHz). A drop-down list appears. Select the General SSID profile you just configured.
5 Click the second SSID Profile and select the Guest SSID profile.
6 Click the first SSID Profile of Radio 2 (5 GHz). A drop-down list appears. Select the General SSID profile you just configured. Click the second SSID Profile and select the Guest SSID profile.
7 Click Apply on the bottom of the screen. The General and Guest SSID profiles are now applied on Radio 1 and Radio 2. You should now be able to see the Zyxel_General and Zyxel_Guest SSIDs on your WiFi devices for both 2.4 GHz and 5 GHz radio bands. General WiFi users can access the Internet and your local network. Guest users can only access the Internet.
Limit Network Bandwidth for Each WiFi Client
Restricting network bandwidth for each WiFi client ensures that all clients have equitable access to the network, preventing a few WiFi clients from monopolizing the bandwidth.
1 Go to Configuration > Object > AP Profile > SSID > SSID List, select a profile and click Edit.
2 Enter the maximum transmission data rate (either in Mbps or Kbps) for each WiFi client in the Downlink field.
3 Click OK to save your changes.
Network Security
In this section, we show you how to:
Change Security for a WiFi Network
Changing the security settings on a WiFi network enhances protection by blocking unauthorized client devices. This option is ideal for small WiFi networks with a few WiFi clients. For WiFi networks with a lot of clients, see RADIUS Server Setup for more information.
1 Go to the Configuration > Wireless > AP Management > WLAN Setting screen. Click Edit under the SSID profile to change the WiFi security.
2 The following screen appears, click the Edit icon next to Security Profile.
3 The following screen appears, select Personal and enter a pre-shared key from 8 to 63 case-sensitive keyboard characters in Pre-Shared Key. Click OK to save your changes.
RADIUS Server Setup
Setting up a RADIUS server on your Zyxel Device allows centralized user authentication and authorization, which enhances network security. This option is ideal for enterprise users who need to manage many WiFi clients.
1 Go to the Configuration > Object > AP Profile > SSID > Security List screen. Select a profile you want to configure for the RADIUS server and click Edit.
2 Set Authentication Settings to Enterprise to configure the RADIUS server. Enter the RADIUS server’s IP address, port number and secret. The Radius Server Secret must match the secret on the RADIUS server client. Click OK to save your changes.
Set Up Rogue AP Detection
This example shows you how to configure the rogue AP detection feature on the Zyxel Device. A rogue AP is a WiFi access point operating in a network’s coverage area that is not a sanctioned part of that network. See Rogue AP for background information on the rogue AP function and security considerations.
In this example, you want to ensure that your company’s data is not accessible to an attacker gaining entry to your WiFi network through a rogue AP.
Your WiFi network operates in an office building. It consists of four Zyxel access points (all NWAs) and a variable number of WiFi clients. You also know that the coffee shop on the ground floor has a WiFi network consisting of a single access point (AP 1), which can be detected and accessed from your floor of the building. There are no other static WiFi networks in your coverage area.
The following diagram shows the WiFi networks in your area. Your access points are marked A, B, C and D. You also have a computer, marked E, connected to the wired network. The coffee shop’s access point is marked 1.
WiFi Network Example
In the figure, the solid circle represents the range of your WiFi network, and the dashed circle represents the extent of the coffee shop’s WiFi network. Note that the two networks overlap. This means that one or more of your APs can detect the AP 1 in the other WiFi network.
When configuring the rogue AP feature on your Zyxel Device in this example, you will need to use the information in the following table. You need the IP addresses of your APs to access their Web configurators, and you need the MAC address of each AP to configure the friendly AP list.
DEVICE | IP ADDRESS | MAC ADDRESS |
|---|---|---|
Access Point A | 192.168.1.1 | 00:AA:00:AA:00:AA |
Access Point B | 192.168.1.2 | AA:00:AA:00:AA:00 |
Access Point C | 192.168.1.3 | A0:0A:A0:0A:A0:0A |
Access Point D | 192.168.1.4 | 0A:A0:0A:A0:0A:A0 |
Access Point 1 | Unknown | AF:AF:AF:FA:FA:FA |
You can detect the MAC addresses of other APs in the Monitor > Wireless > Detected Device screen. However, it is more secure to obtain the correct MAC addresses from another source and add them to the friendly AP list manually. For example, an attacker’s AP mimicking the correct SSID could be placed on the friendly AP list by accident, if selected from the list of auto-detected APs. In this example you have spoken to the coffee shop’s owner, who has told you the correct MAC address of his AP 1.
Set Up a Friendly AP List
To find rogue APs, create a list of known friendly APs, then scan for all APs in your coverage area. Check if other APs are known and if not add them to the Rogue AP list.
Take the following steps to set up and save a list of access points you want to allow in your network’s coverage area.
1 On a computer connected to the wired network (F in the previous figure), open your Internet browser and enter the URL of access point A (192.168.1.1). Login to the Web Configurator, go to Configuration > Rogue AP > Rogue/Friendly AP List and then click Add in the Rogue/Friendly AP list field.
Getting Started: Add Rogue/Friendly AP
2 Fill in the MAC and Description fields as in the following table. Click Add after you enter the details of each AP to include it in the list.
MAC ADDRESS | DESCRIPTION |
|---|---|
00:AA:00:AA:00:AA | My Access Point _A_ |
AA:00:AA:00:AA:00 | My Access Point _B_ |
A0:0A:A0:0A:A0:0A | My Access Point _C_ |
0A:A0:0A:A0:0A:A0 | My Access Point _D_ |
AF:AF:AF:FA:FA:FA | Coffee Shop Access Point _1_ |
You can add APs that are not part of your network to the friendly AP list, as long as you know that they do not pose a threat to your network’s security. 3 The Friendly AP screen now appears as follows. Next, click Apply to save the list of friendly APs in order to provide a backup and upload it to your other access points.
4 Click Exporting in the Friendly AP List Importing/Exporting field. If a window similar to the following appears, click Save.
5 Save the friendly AP list somewhere it can be accessed by all the other access points on the network. In this example, save it on the network file server. The default filename is “friendly”.
Import the Friendly AP List to Other APs
Access point A is now configured to do the following.
• Scan for access points in its coverage area
• Recognize friendly access points from a list
Now you need to configure the other WiFi access points in your network to do the same things.
For each access point, take the following steps.
1 From a computer on the wired network, enter the access point’s IP address and log into its Web Configurator.
2 Import the friendly AP list. Click Configuration > Wireless > Rogue AP > Rogue/Friendly AP List, and click Browse in the Friendly AP List Importing/Exporting field. Find the “friendly” file where you previously saved it on the network and click Open. Then, click Importing.
3 Check the Configuration > Wireless > Rogue AP > Rogue/Friendly AP List screen to ensure that the friendly AP list has been correctly uploaded.
Set Up a MAC Filter List
A MAC filter list blocks or allows a list of clients based on their MAC addresses, ensuring only authorized clients can access the network. This example shows how to block certain clients based on their MAC addresses.
1 Go to Configuration > Object > AP Profile > SSID > MAC Filter List and then click Add.
2 Fill in the Profile Name and select deny for Filter Action. Click Add to add a new MAC address to block. Enter the MAC addresses of the clients you want to block under the MAC field and then click OK.
Restrict Users’ Access to Specific Parts of Your Network
This example shows you how to allow certain users to access only specific parts of your network. You can do this by using multiple MAC filters and layer-2 isolation profiles.
Scenario
In this example, you run a company network in which certain employees must wirelessly access secure file servers containing valuable proprietary data.
You have two secure servers (1 and 2 in the following figure). WiFi user “Alice” (A) needs to access server 1 (but should not access server 2) and WiFi user “Bob” (B) needs to access server 2 (but should not access server 1). Your Zyxel Device is marked ZD. C is a workstation on your wired network, D is your main network switch, and E is the security gateway you use to connect to the Internet.
Getting Started: Example Network
Your Requirements
1 You want to set up a WiFi network to allow only Alice to access server 1 and the Internet.
2 You want to set up a second WiFi network to allow only Bob to access server 1 and the Internet.
Setup
In this example, you have already set up the Zyxel Device in AP Mode (see WiFi Network Setup). It uses two SSID profiles simultaneously. You have configured each SSID profile as shown in the following table.
SSID Profile Name | SERVER_1 | SERVER_2 |
SSID | SSID_S1 | SSID_S2 |
Security | Security Profile security03: WPA2-PSK Hide SSID | Security Profile security04: WPA2-PSK Hide SSID |
Intra-BSS traffic blocking | Enabled | Enabled |
Each SSID profile already uses a different pre-shared key.
In this example, you will configure access limitations for each SSID profile. To do this, you will take the following steps.
1 Configure the SERVER_1 network’s SSID profile to use specific MAC filter and layer-2 isolation profiles.
2 Configure the SERVER_1 network’s MAC filter profile.
3 Configure the SERVER_1 network’s layer-2 isolation profile.
4 Repeat steps 1 to step 3 for the SERVER_2 network.
5 Check your settings and test the configuration.
To configure layer-2 isolation, you need to know the MAC addresses of the devices on your network, which are as follows.
DEVICE | LABEL | MAC ADDRESS |
|---|---|---|
Zyxel Device | ZD | BB:AA:99:88:77:66 |
Secure Server 1 | 1 | AA:99:88:77:66:55 |
Secure Server 2 | 2 | 99:88:77:66:55:44 |
Workstation | C | 88:77:66:55:44:33 |
Switch | D | 77:66:55:44:33:22 |
Security gateway | E | 66:55:44:33:22:11 |
To configure MAC filtering, you need to know the MAC addresses of the devices Alice and Bob use to connect to the network, which are as follows.
User | MAC Address |
|---|---|
Alice | 11:22:33:44:55:66 |
Bob | 22:33:44:55:66:77 |
Configure the SERVER_1 Network
First, you will set up the SERVER_1 network which allows Alice to access secure server 1 through the network switch.
You will configure the MAC filter to restrict access to Alice alone, and then configure layer-2 isolation to allow her to access only the network router, the file server and the Internet security gateway.
Take the following steps to configure the SERVER_1 network.
1 Go to Configuration > Object > AP Profile > SSID > SSID List. The following screen displays, showing the SSID profiles you already configured. Select SERVER_1’s entry and click Edit.
2 The following screen appears. Select l2Isolation03 for Layer-2 Isolation Profile, and select macfilter03 for MAC Filtering Profile. Click OK.
3 Click the Layer-2 Isolation List tab. Select the l2Isolation03’s entry and click Edit. The following screen displays.
4 Enter the network router’s MAC Address and add a Description (“NET_ROUTER” in this case) in Set 1’s entry.
5 Enter server 1’s MAC Address and add a Description (“SERVER_1” in this case) in Set 2’s entry.
6 Change the Profile Name to “L2-ISO_SERVER_1” and click OK. You have restricted users on the SERVER_1 network to access only the devices with the MAC addresses you entered.
7 Go to the MAC Filter List tab. Then, select macfilter03’s entry and click Edit.
8 Enter the MAC address of the device Alice uses to connect to the network in Set 1’s MAC Address field and enter her name in the Description field, as shown in the following figure. Change the Profile Name to “MacFilter_SERVER_1”. Select Allow from the Filter Action field and click OK.
You have restricted access to the SERVER_1 network to only the networking device whose MAC address you entered. The SERVER_1 network is now configured.
Configure the SERVER_2 Network
Next, you will configure the SERVER_2 network that allows Bob to access secure server 2 and the Internet.
To do this, repeat the procedure in Configure the SERVER_1 Network, substituting the following information.
SSID Screen | |
Index | 4 |
Profile Name | SERVER_2 |
SSID Edit (SERVER_2) Screen | |
L2 Isolation | l2Isolation04 |
MAC Filtering | macfilter04 |
Layer-2 Isolation (l2Isolation04) Screen | |
Profile Name | L2-ISO_SERVER-2 |
Set 1 | MAC Address: 77:66:55:44:33:22 Description: NET_ROUTER |
Set 2 | MAC Address: 99:88:77:66:55:44 Description: SERVER_2 |
Set 3 | MAC Address: 66:55:44:33:22:11 Description: GATEWAY |
MAC Filter (macfilter04) Edit Screen | |
Profile Name | MacFilter_SERVER_2 |
Set 1 | MAC Address: 22:33:44:55:66:77 Description: Bob |
Test Your WiFi Access Restrictions
Use the following sections to ensure that your WiFi networks are set up correctly.
Check Settings
Take the following steps to check that the Zyxel Device is using the correct SSIDs, MAC filters and layer-2 isolation profiles.
1 Click Configuration > Wireless > AP Management. Check that the correct SSID profiles are enabled, as shown in the following figure.
2 Next, go to Configuration > Object > AP Profile. Check that each configured SSID profile uses the correct Security, Layer-2 Isolation and MAC Filter profiles, as shown in the following figure.
Testing the Access Restrictions
Before you allow employees to use the network, you need to thoroughly test whether the setup behaves as it should. Take the following steps to do this.
1 Test the SERVER_1 network.
• Using Alice’s computer and WiFi client, and the correct security settings, do the following.
Attempt to access Server 1. You should be able to do so.
Attempt to access the Internet. You should be able to do so.
Attempt to access Server 2. You should be unable to do so. If you can do so, layer-2 isolation is misconfigured.
• Using Alice’s computer and WiFi client, and incorrect security settings, attempt to associate with the SERVER_1 network. You should be unable to do so. If you can do so, security is misconfigured.
• Using another computer and WiFi client, but with the correct security settings, attempt to associate with the SERVER_1 network. You should be unable to do so. If you can do so, MAC filtering is misconfigured.
2 Test the SERVER_2 network.
• Using Bob’s computer and WiFi client, and the correct security settings, do the following.
Attempt to access Server 2. You should be able to do so.
Attempt to access the Internet. You should be able to do so.
Attempt to access Server 1. You should be unable to do so. If you can do so, layer-2 isolation is misconfigured.
• Using Bob’s computer and WiFi client, and incorrect security settings, attempt to associate with the SERVER_2 network. You should be unable to do so. If you can do so, security is misconfigured.
• Using another computer and WiFi client, but with the correct security settings, attempt to associate with the SERVER_2 network. You should be unable to do so. If you can do so, MAC filtering is misconfigured.
If you cannot do something that you should be able to do, check the settings as described in Check Settings, and in the individual Security, layer-2 isolation and MAC filter profiles for the relevant network. If this does not help, see the Troubleshooting chapter in this User’s Guide.
Device Settings
In this section, we show you how to:
Change the Management IP Address
Change the management IP address of the Zyxel Device to ensure it does not duplicate the IP address of any other device on the network. If IP addresses are duplicated, you may be unable to access the Zyxel Device.
1 Set the computer’s IP address to be in the same subnet as the Zyxel Device. For example, the default static management IP address of the Zyxel Device is 192.168.1.2. Make sure your computer’s IP address is from 192.168.1.3~192.168.1.254.
2 Go to the Configuration > Network > IP Setting screen in the Web Configurator. Select the IP type to Static IP and specify a preferred IPv4 address in the IP Address field, for example, “192.168.1.10”. After clicking Apply, you will be disconnected from the Web Configurator due to the IP address change.
3 To check if the IP address of the Zyxel Device has been changed to “192.168.1.10”, enter the new IP address “192.168.1.10” in the address bar and see if you can log in to the Web Configurator successfully. Ensure that your computer’s IP address is in the same subnet as the Zyxel Device. For example, if the management IP address of the Zyxel Device is “192.168.1.10”, your computer’s IP address should be from 192.168.1.3~192.168.1.254.
Change the System Name
Changing the system name ensures that the Zyxel Device's name is not duplicated with other devices on the network, which may otherwise cause confusion for network administrators.
1 Go to the Configuration > System > Host Name screen and enter a new name with 1 to 64 alphanumeric characters in the System Name field. Spaces are not allowed. Click Apply to save your changes.
2 See the System Name field in the Dashboard screen to check if the new system name has been applied.
Change the Login Password
Change the Web Configuration login password to help secure your account.
1 Go to the Configuration > Object > User screen. Select an account and click the Edit icon.
2 The Edit User admin screen appears. Enter the new password with 4 to 63 characters. Spaces are not allowed. Reenter the new password and click OK.
Device Maintenance
In this section, we show you how to:
Upgrade the Firmware
Upload the firmware to the Zyxel Device for feature enhancements.
1 Download the correct firmware from the download library at the Zyxel website. The model code for the Zyxel Device in this example is ACIL. Unzip the file.
2 Go to Maintenance > File Manager > Firmware Package screen.
3 Click Browse... and select the file with a “.bin” extension to upload. Click Upload.
4 This process may take up to 2 minutes to finish. After 2 minutes, log on again and check your firmware version in the Dashboard screen.
Restore the Zyxel Device Configuration
The section shows you how to restore the configuration. You need to download and upload the configuration file to restore the configuration on the Zyxel Device.
Filename | description |
|---|---|
autobackup-x.xx.conf | This is the configuration file that the Zyxel Device automatically backs up when upgrading the firmware. |
startup-config.conf | This is the configuration file that the Zyxel Device is currently using. |
system-default.conf | This is the Zyxel Device’s default settings. |
lastgood.conf | This is the most recently used (valid) configuration file that was saved when the Zyxel Device last restarted. |
Download the Zyxel Device Configuration
You should regularly download your configuration especially before you make major configuration changes.
1 Go to the Maintenance > File Manager > Configuration File screen.
2 Under the Configuration Files, select startup-config.conf and click Download. The current configuration file that the Zyxel Device is using is saved to your computer. You can rename the configuration file to include the date you downloaded it. For example, startup-config.conf_20240716.
Upload the Zyxel Device Configuration
This section shows how to upload a previously saved configuration file from your computer to the Zyxel Device. You might need to do this to recover settings after a reset or to fix problems after configuration changes.
1 Go to the Maintenance > File Manager > Configuration File screen. Under Upload Configuration File, click Browse... and then select the configuration file that you saved. Click Upload.
2 You are logged out of the Web Configurator after the configuration file is successfully uploaded. Wait for one minute before logging into the Zyxel Device again.
Log and Report
In this section, we show you how to:
Daily Email Report Setup
In this example, you will configure the first of your Zyxel Device to send a log message to your email inbox.
Some models do not support the email daily report feature.1 Go to Configuration > Log & Report > Log Setting. Select the item and click Edit.The following screen appears. In this example, your mail server’s IP address is 192.168.1.25. Enter this IP address in the Mail Server field.
2 Enter a subject line for the alert emails in the Mail Subject field. Choose a subject that is eye-catching and identifies the access point - in this example, “ALERT_Access_Point_A”.
3 Enter the email address to which you want alerts to be sent (myname1@myfirm.com, in this example). Click Apply.
Back Up Logs to a Remote Server
Backing up logs to a remote server allows you to store large amounts of log data and prevent log data lost on your Zyxel Device. The Zyxel Device can keep at most 512 logs. If the logs exceed this number, the oldest logs will be lost.
1 Go to Configuration > Log & Report > Log Setting. Select a remote server to configure, and then click Edit.
2 The following screen appears. Select Active and enter the IPv4 address or name of the remote server in the Server Address field to send the logs. Then, select a log facility. The log facility allows you to log the messages to different files in the syslog server. Please see the documentation for your syslog program for more information.
3 Select the type of logs you want to back up on the remote server. The following are the log settings represented by the icons.
• Red X - Do not send the remote server logs for any log category.
• Green checkmark - Send the remote server log messages and alerts for all log categories.
• Yellow checkmark - Send the remote server log messages, alerts, and debugging information for all log categories.
4 Click OK to save your changes.
Access to the Zyxel Device
This section shows you how to configure WAN access for a specific trusted computer through HTTPS, HTTP or SSH to the Zyxel Device. Remote management determines which interface and web services are allowed to access the Zyxel Device.
Perform the following to find the options to configure remote access to your Zyxel Device.
HTTPS / HTTP
1 Go to the Configuration > System > WWW screen. Select whether you want to access the Zyxel Device remotely through HTTPS or HTTP. Click Apply to save your changes.
The HTTPS server listens on port 443 by default. If you change the HTTPS server port to a different number on the Zyxel Device, for example 8443, then you must notify people who need to access the Zyxel Device Web Configurator to use “https://Zyxel Device IP Address:8443” as the URL.SSH
Go to the Configuration > System > SSH screen. Select whether you want to access the Zyxel Device remotely through SSH. Click Apply to save your changes. You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.