background image

                                                                                                                       

ALL-VPN10 

VPN/Firewall WLAN-N WAN Router

 

 

© ALLNET GmbH München 2013    -    All rights reserved 

35 

6.2.1

 

Load Balance Mode 

 

Auto Load Balance Mode 

When  Auto  Load  Balance  mode  is  selected,  the  device  will  use  sessions  or  IP  and  the  WAN  bandwidth 

automatically allocate connections to achieve load balancing for external connections. The network bandwidth is set 

by what users input for it. For example, if the upload bandwidth of both WANs is 512Kbit/sec, the automatic load ratio 

will be 1:1; if one of the upload bandwidths is 1024Kbit/sec while the other is 512Kbit/sec, the automatic load ratio 

will  be  2:1.  Therefore,  to  ensure  that  the  device  can  balance  the  actual  network  load,  please  input  real  upload  and 

download bandwidths. 

 

Session  Balance:

  If  “By  Session”  is  selected,  the  WAN  bandwidth  will  automatically  allocate 

connections based on session number to achieve network load balance.

 

 

IP  Session  Balance:

  If  “By  IP”  is  selected,  the  WAN  bandwidth  will  automatically  allocate 

connections based on IP amount to achieve network load balance.

 

Note!

 

For either session balancing or IP connection balancing, collocation with Protocol Binding will provide 

a more flexible application for bandwidth. Users can assign a specific Intranet IP to go through a specific 

service provider for connection, or assign an IP for a specific destination to go through the WAN users 

assign to connect with the Internet. 

For example, if users want to assign IP 192.168.1.100 to go through WAN 1 when connecting with the 

Internet, or assign all Intranet IP to go through WAN 2 when connecting with servers with port 80, or 

assign all Intranet IP to go through WAN 1 when connecting with IP 211.1.1.1, users can do that by 

configuring “Protocol Binding”. 

Attention!  When  the  Auto  Load  Balance  mode  is  collocated  with  Protocol  Binding,  only  IP  addresses  or 

servers that are configured in the connection rule will follow the rule for external connections; those which are 

not configured in the rule will still follow the device Auto Load Balance system. 

Summary of Contents for ALL-VPN10

Page 1: ...ALL VPN10 VPN Firewall WLAN N WAN Router User s Manual ...

Page 2: ...em Information 17 5 1 4 Firewall Status 17 5 2 Change and Set Login Password and Time 19 5 2 1 Password Setting 19 5 2 2 Time 20 VI Network 22 6 1 Network Connection 22 6 1 1 Host Name and Domain Name 22 6 1 2 LAN Setting 23 6 1 3 WAN Settings 24 6 2 Multi WAN Setting 34 6 2 1 Load Balance Mode 35 6 2 2 Network Service Detection 39 6 2 3 Protocol Binding 41 VII Intranet Configuration 51 7 1 Port M...

Page 3: ...II VPN Virtual Private Network 113 10 1 VPN 113 10 1 1 Add a New VPN Tunnel 114 10 1 2 PPTP Server 134 10 1 3 VPN Pass Through 136 10 2 QVM VPN Function Setup 137 XIII Advanced Function 139 11 1 DMZ Host Port Range Forwarding 139 11 1 1 DMZ Host 139 11 1 2 Port Range Forwarding 139 11 2 UPnP 142 11 3 Routing 143 11 4 One to One NAT 145 10 5 DDNS Dynamic Domain Name Service 147 11 6 MAC Clone 149 1...

Page 4: ...ter ALLNET GmbH München 2013 All rights reserved IV 13 3 Traffic Statistic 168 13 4 IP Port Statistic 168 XVI Log out 170 Appendix I Technical Support Information 171 Appendix II Federal Communication Commission Interference Statement 172 ...

Page 5: ...unction of a standard PPTP server which is equipped with connection setting status Each WAN port can be set up with multiple DDNS at the same time It is also capable of establishing VPN connections with dynamic IP addresses VPN Router also has unique QVM VPN SmartLink IPSec VPN Just input VPN server IP user name and password and IPSec VPN will be automatically set up Through VPN Router exclusive Q...

Page 6: ... helps to free enterprises from increasing hacker intrusion With an exclusive independent operation platform users are able to set up and use a firewall without professional network knowledge VPN Router setting up and management can be carried out through web browsers such as IE Netscape etc ...

Page 7: ...d operate VPN Router easily This simplifies the management and maintenance making the user network settings be done at one time The main process is as below 1 Hardware installation 2 Login 3 Verify device specification and set up password and time 4 Set WAN connection 5 Set LAN connection physical port and IP address settings 6 Set QoS bandwidth management avoid bandwidth occupation 7 Set Firewall...

Page 8: ...idth occupation Restrict bandwidth and session of WAN ports LAN IP and application To assure transmission of important information manage and allocate the bandwidth further to achieve best efficiency 6 Set Firewall prevent attack and improper access to network resources Block attack Set Access rule and restrict Web access Administrators can block BT to avoid bandwidth occupation and enable access ...

Page 9: ... 9 9 VPN Virtual Private Network Configure VPN tunnels Configure different types of VPN to meet different application environment 10 Logout Close configuration window Logout VPN Router web based UI We will follow the process flow to complete the network setting in the following chapters ...

Page 10: ...et port 100M Speed Amber Amber LED on Ethernet is running at 100Mbps Amber LED off Ethernet is running at 10Mbps WLAN Green Green LED on Wireless function is enabled Green LED blinking Packets are transmitting WPS Green Green LED on WPS function is working Reset Installing Router on a Wall The Router has two wall mount slots on its bottom panel When mounting the device on a wall please ensure that...

Page 11: ... Frequency 2 4GHz Frequency Band 2400 2483 5MHz Operating Channels 11 for 802 11b 802 11g 802 11n H20 7 for 802 11n HT40 Output Power 802 11b 19 8dBm 802 11g 22 3dBm 802 11n HT20 24 51dbm 802 11n HT40 22 07 dbm Operating Temp 0ºC to 40ºC 32ºF to 104ºF Storage Temp 20ºC to 70ºC 4ºF to 158ºF Operating Humidity 10 to 85 non condensing Storage Humidity 5 to 90 non condensing Power Supply External Powe...

Page 12: ...ternal router to connect to the Internet LAN Connection The LAN port can be connected to a Switching Hub or directly to a PC Users can use servers for monitoring or filtering through the port after Physical Port Mangement configuration is done DMZ The DMZ port can be connected to servers that have legal IP addresses such as Web servers mail servers etc Please use only the power supply unit that is...

Page 13: ... device Go to Start Run enter cmd to commend DOS and enter ipconfig for getting Default Gateway address as the graphic below 192 168 1 1 Make sure Default Gateway is also the default IP address of the router Attention When not getting IP address and default gateway by using ipconfig or the received IP address is 0 0 0 0 and 169 X X X we recommend that users should check if there is any problem wit...

Page 14: ... login window will appear as below The device s default username and password are both admin Users can change the login password in the setting later Attention For security we strongly suggest that users must change password after login Please keep the password safe or you can not login to the device Press Reset button for more than 10 sec all the setting will return to default ...

Page 15: ...ndicates current WAN gateway IP address from ISP DNS Server Indicates the current DNS IP configuration Session Indicates the current session number for each WAN in the device Downstream Bandwidth Indicates the current downstream bandwidth for each WAN Upstream Bandwidth Indicates the current upstream bandwidth for each WAN DDNS Indicates if Dynamic Domain Name is activated The default configuratio...

Page 16: ...ta including setting status summary and statisitcs of the selected port The current port setting status information will be shown in the Port Information Table Examples type 10Base T 100Base TX iniferface WAN LAN DMZ link status Up Down physical port status Port Enabled Port Disabled priority high or normal speed status 10Mbps or 100Mbps duplex status Half Full auto negotiation Enabled or Disabled...

Page 17: ...out the Router present software version Current Time Indicates the device present time Please note To have the correct time users must synchronize the device with the remote NTP server first 5 1 4 Firewall Status SPI Stateful Packet Inspection Indicates whether SPI Stateful Packet Inspection is on or off The default configuration is On DoS Denial of Service Indicates if DoS attack prevention is ac...

Page 18: ... 2013 All rights reserved 18 Remote Management Indicates if remote management is activated on or off Click the hyperlink to enter and manage the configuration The default configuration is Off Access Rule Indicates the number of access rule applied in the device ...

Page 19: ... after first login Please keep the password safe or you might not login to the device You can press Reset button for more than 10 sec the device will return back to default User Name The default is admin Old Password Input the original password The default is admin New User Name Input the new user name i e VPN10 New Password Input the new password Confirm New Password Input the new password again ...

Page 20: ...r which will update the time spontaneously Time Zone Select your location from the pull down time zone list to show correct local time Daylight Saving If there is Daylight Saving Time in your area input the date range The device will adjust the time for the Daylight Saving period automatically NTP Server If you have your own preferred time server input the server IP address Apply After the changes...

Page 21: ...ter ALLNET GmbH München 2013 All rights reserved 21 After the changes are completed click Apply to save the configuration Click Cancel to leave without making any change This action will be effective before Apply to save the configuration ...

Page 22: ...ompleting this general setting is enough for connecting with the Internet However some users need advanced information from their ISP Please refer to the following descriptions for specific configurations 6 1 Network Connection 6 1 1 Host Name and Domain Name Device name and domain name can be input in the two boxes Though this configuration is not necessary in ...

Page 23: ... address The default configuration is 192 168 1 1 and the default Subnet Mask is 255 255 255 0 It can be changed according to the actual network structure Multiple Subnet Setting Click Unified IP Management to enter the configuration page as shown in the following figure Input the respective IP addresses and subnet masks This function enables users to input IP segments that differ from the router ...

Page 24: ...tatic IP connection PPPoE Point to Point Protocol over Ethernet PPTP Point to Point Tunneling Protocol or Transparent Bridge Config A modification in an advanced configuration Click Edit to enter the advanced configuration page Obtain an Automatic IP automatically This mode is often used in the connection mode to obtain an automatic DHCP IP This is the device system default connection mode It is a...

Page 25: ...ugh this WAN will be disconnected too Only after the disconnected lines are reconnected can they go through the standby system to connect with the Internet Therefore to avoid a huge number of disconnection users can activate this function to arrange new connections to be made through another WAN to the Internet In this way the effect of any disconnection can be minimized Line Dropped Period Input ...

Page 26: ... available static IP address issued by ISP Subnet Mask Input the subnet mask of the static IP address issued by ISP such as Issued eight static IP addresses 255 255 255 248 Issued 16 static IP addresses 255 255 255 240 Default Gateway Input the default gateway issued by ISP For ADSL users it is usually an ATU R IP address As for optical fiber users please input the optical fiber switching IP DNS S...

Page 27: ...to the Internet In this way the effect of any disconnection can be minimized Line Dropped Period Input the time rule for disconnection of this WAN service Line Dropped Scheduling Input how long the WAN service may be disconnected before the newly added connections should go through another WAN to connect with the Internet Backup Interface Select another WAN port as link backup when port binding is...

Page 28: ...t attempts to connect with the Internet the device will automatically make a dial connection If the line has been idle for a period of time the system will break the connection automatically The default time for automatic break off resulting from no packet transmissions is five minutes Keep Alive This function enables the PPPoE dial connection to keep connected and to automatically redial if the l...

Page 29: ...onnection users can activate this function to arrange new connections to be made through another WAN to the Internet In this way the effect of any disconnection can be minimized Line Dropped Period Input the time rule for disconnection of this WAN service Line Dropped Scheduling Input how long the WAN service may be disconnected before the newly added connections should go through another WAN to c...

Page 30: ...hen the PC is installed Contact ISP for relevant information Subnet Mask Input the subnet mask of the static IP address issued by ISP such as Issued eight static IP addresses 255 255 255 248 Issued 16 static IP addresses 255 255 255 240 Default Gateway Address Input the default gateway of the static IP address issued by ISP For ADSL users it is usually an ATU R IP address User Name Input the user ...

Page 31: ...r the disconnected lines are reconnected can they go through the standby system to connect with the Internet Therefore to avoid a huge number of disconnection users can activate this function to arrange new connections to be made through another WAN to the Internet In this way the effect of any disconnection can be minimized Line Dropped Period Input the time rule for disconnection of this WAN ser...

Page 32: ...ISP such as Issued eight static IP addresses 255 255 255 248 Issued 16 static IP addresses 255 255 255 240 Default Gateway Address Input the default gateway of the static IP address issued by ISP For ADSL users it is usually an ATU R IP address DNS Server Input the DNS IP address set by ISP At least one IP group should be input The maximum acceptable is two IP groups Internal LAN IP Range Input th...

Page 33: ... the standby system to connect with the Internet Therefore to avoid a huge number of disconnection users can activate this function to arrange new connections to be made through another WAN to the Internet In this way the effect of any disconnection can be minimized Line Dropped Period Input the time rule for disconnection of this WAN service Line Dropped Scheduling Input how long the WAN service ...

Page 34: ...T GmbH München 2013 All rights reserved 34 6 2 Multi WAN Setting When you have multiple WAN gateways you can use Traffic Management and Protocol Binding function to fulfill WAN road balancing so that we can have highest network bandwidth efficiency ...

Page 35: ...IP is selected the WAN bandwidth will automatically allocate connections based on IP amount to achieve network load balance Note For either session balancing or IP connection balancing collocation with Protocol Binding will provide a more flexible application for bandwidth Users can assign a specific Intranet IP to go through a specific service provider for connection or assign an IP for a specifi...

Page 36: ... Only when a device assignment is collocated with Protocol Binding can the balancing function be brought into full play For example an assignment requiring all Intranet IP addresses to go through WAN 1 when connecting with service port 80 or go through WAN 1 when connecting with IP 211 1 1 1 must be set up in the Protocol Binding Configuration Attention When assigning mode is selected as in the ab...

Page 37: ...face Check the boxes for the WANs to be added into this combination Add To List To add a WAN group to the grouping list Delete selected To remove selected WANs from the WAN grouping Apply Click Apply to save the modification Cancel Click Cancel to cancel the modification This only works before Apply is clicked After the configuration is completed in the China Netcom Policy window users can select ...

Page 38: ...ination IP addresses users want to assign For example if the destination IP address range users want to designate is 140 115 1 1 140 115 1 255 key in 140 115 1 1 140 115 1 255 in Notepad The next destination IP address range should be keyed in the next line Attention Even if only one destination IP address is to be assigned it should follow the same format For example if the destination IP address...

Page 39: ... times If there is no feedback from the Internet in the configured Retry Times it will be judged as External Connection Disconnected Retry Timeout Delay time for external connection detection latency The default is 30 seconds After the retry timeout external service detection will restart When Fail 1 Generate the Error Condition in the System Log If an ISP connection failure is detected an error m...

Page 40: ...Detecting Feedback Servers Default Gateway The local default communication gateway location such as the IP address of an ADSL router will be input automatically by the device Therefore users just need to check the option if this function is needed Attention Some gateways of an ADSL network will not affect packet detection If users have an optical fiber box or the IP issued by ISP is a public IP an...

Page 41: ...guration When Auto Load Balance mode is selected the device will select sessions or IP and the WAN bandwidth will automatically allocate connections to achieve load balancing for external connections The network bandwidth is set by what users input for it For example if the upload bandwidth of both WANs is 512Kbit sec the automatic load ratio will be 1 1 if one of the upload bandwidths is 1024Kbit...

Page 42: ...Click the button to enter the Service Port configuration page to add or remove default Service Ports on the option list Source IP Users can assign packets of specific Intranet virtual IP to go through a specific WAN port for external connection In the boxes here input the Intranet virtual IP address range for example if 192 168 1 100 150 is input the binding range will be 100 150 If only specific ...

Page 43: ...t up the binding rule Enable To activate the rule Add To List To add this rule to the list Delete selected item To remove the rules selected from the Service List Moving Up Down The priority for rule execution depends on the rule order in the list A rule located at the top will be executed prior to those located below it Users can arrange the order according to their priorities Note The rules conf...

Page 44: ...e is not in the list users can add or remove service ports from Service Management to arrange the list as described in the following Service Name In this box input the name of the Service Port which users want to activate such as BT etc Protocol This option list is for selecting a packet format such as TCP or UDP for the Service Ports users want to activate Port range In the boxes input the range ...

Page 45: ...ses to specific destination application service ports or assign specific destination IP addresses to a WAN users choose for external connections Example 1 How do I set up Auto Load Balance Mode to assign the Intranet IP 192 168 1 100 to WAN2 for the Internet As in the figure below select All Traffic from the pull down option list Service and then in the boxes of Source IP input the source IP addre...

Page 46: ... 80 and keep all other services from going through WAN1 As in the figure below there are two rules to be configured The first rule select HTTP TCP 80 80 from the pull down option list Service and then in the boxes of Source IP input 192 168 1 0 to 0 which means to include all Intranet IP addresses Retain the original numbers 0 0 0 0 in the boxes of Destination IP Which means to include all Interne...

Page 47: ...rights reserved 47 all Internet IP addresses Select WAN1 from the pull down option list Interface and then click Enable Finally click Add New and the rule will be added to the mode The device will transmit packets that are not going to Port 80 to the Internet through WAN1 ...

Page 48: ...d Routing can it bring the function into full play Example 1 How do I set up the Assigned Routing Mode to keep all Intranet IP addresses from going through WAN2 when the destination is Port 80 and keep all other services from going through WAN1 As in the figure below select HTTP TCP 80 80 from the pull down option list Service and then in the boxes of Source IP input 192 168 1 0 0 which means to i...

Page 49: ...68 1 0 0 which means to include all Intranet IP addresses In the boxes for Destination IP input 211 1 1 1 211 254 254 254 Select WAN2 from the pull down option list Interface and then click Enable Finally click Add New and the rule will be added to the mode The second rule Select All Port TCP UDP 1 65535 from the pull down option list Service and then in the boxes of Source IP input 192 168 1 0 0 ...

Page 50: ...ALL VPN10 VPN Firewall WLAN N WAN Router ALLNET GmbH München 2013 All rights reserved 50 ...

Page 51: ... are Network Connection Type Interface Link Status Up Down Port Activity Port Enabled Priority Setting High or Normal Speed Status 10Mbps or 100Mbps Duplex Status half duplex or full duplex Auto Neg Enabled Disabled Statistics The packet data of this specific port will be displayed Data include receive transmit packet count receive transmit packet Byte count and error packet count Users may press ...

Page 52: ...ic IP assignation for LAN computers This function is similar to the DHCP service in NT servers It benefits users by freeing them from the inconvenience of recording and configuring IP addresses for each PC respectively When a computer is turned on it will acquire an IP address from the device automatically This function is to make management easier ...

Page 53: ...eir needs The time unit is minute Range End This is an initial IP automatically leased by DHCP It means DHCP will start the lease from this IP The default initial IP is 192 168 1 100 DNS Domain Name Service This is for checking the DNS from which an IP address has been leased to a PC port Input the IP address of this server directly DNS Required 1 Input the IP address of the DNS server DNS Optiona...

Page 54: ...ns are for the administrator s reference when a network modification is needed DHCP Server This is the current DHCP IP Dynamic IP Used The amount of dynamic IP leased by DHCP Static IP Used The amount of static IP assigned by DHCP DHCP Available The amount of IP still available in the DHCP server Total The total IP which the DHCP server is configured to lease Host Name The name of the current comp...

Page 55: ...chen 2013 All rights reserved 55 IP Address The IP address acquired by the current computer MAC Address The actual MAC network location of the current computer Client Lease Time The lease time of the IP released by DHCP Delete Remove a record of an IP lease ...

Page 56: ...N N WAN Router ALLNET GmbH München 2013 All rights reserved 56 7 4 IP MAC Binding Administrators can apply IP MAC Binding function to make sure that users can not add extra PCs for Internet access or change private IP addresses ...

Page 57: ... 57 There are two methods for setting up this function 1 Block MAC address not on the list This method only allows MAC addresses on the list to receive IP addresses from DHCP and have Internet access When this method is applied please fill out Static IP with 0 0 0 0 as the figure below ...

Page 58: ...me users should input the IP address users want to assign to this computer in the boxes The server or PC which is to be bound will then acquire a static virtual IP whenever it restarts MAC Address Input the static real MAC the address on the network card for the server or PC which is to be bound Name For distinguishing clients input the name or address of the client that is to be bound The maximum...

Page 59: ...g Furthermore it is easy to make mistakes to fill out MAC addresses on the list manually By checking this list administrator can see all MAC addresses which have traffic and are not bound yet Also if administrators find that one specific bound MAC address is shown on the list it means that the user changes the private IP address Name Input the name or address of the client that is to be bound The ...

Page 60: ... GmbH München 2013 All rights reserved 60 VIII Wireless Network Wireless function is enabled by default The WLAN LED will be on after system booting Client device can find SSID as _AP_1 Please refer to following illustrations to change configuration ...

Page 61: ...is still available to avoid interference Users can also check Auto so that the system will choose a suitable channel automatically WMM Capable WMM is an abbreviation of Wi Fi Multimedia It defines the priority levels for four access categories derived from 802 1d prioritization tabs The categories are designed with specific types of traffic voice video best effort and low priority data WMM Capable...

Page 62: ...ower The default value is 100 To narrow down covering range users can input a smaller value Channel Bandwidth 20 the router will use 20Mhz for data transmission and receiving between the AP and the stations 20 40 the router will use 20Mhz or 40Mhz for data transmission and receiving according to the station capability SSID Summary The status of every SSID will be shown here Click Edit to enter con...

Page 63: ...ALL VPN10 VPN Firewall WLAN N WAN Router ALLNET GmbH München 2013 All rights reserved 63 8 2 Security Setting ...

Page 64: ...e wireless network If Disabled is checked wireless client device will not find this SSID Users have to input SSID manually to connect to this device AP Isolation Enable to feature to make clients connect to this device can not communicate to each other Guess Access Enable to feature so that clients user can only reach internet instead of wired LAN 8 2 2 Security Mode provides several security mode...

Page 65: ...ber as key 2 WPA mode Personal mode with pre shared key PSK It s recommended to adopt Personal mode with pre shared key such as WPA Personal WPA2 Personal and WPA WPA2 Personal Mixed mode Router and client users only have to share a set of key to ensure security without RADIUS server WPA Personal WPA2 Personal WPA WPA2 PersonalMixed mode WPA Algorithms There are TKIP AES and Auto can be chosen Att...

Page 66: ... the AP s coverage area which can cause delays to time sensitive applications the AP and the client can store or cache and use information about their previous authentication Pre Authentication Pre authentication allows a wireless client to perform authentication with a different AP from the one to which it is currently connected before moving into the new AP s coverage area This speeds up roaming...

Page 67: ...tes this connection wil be stopped 1 Use personal PIN code to configure WPS 1 Enable WPS 2 Input wireless client device PIN code AP PIN code should be also written in client device 3 Click Connect to establish connection 4 Check if WPS connection is established successfully on client device 2 Use PBC to configure WPS 1 Enable WPS 2 Check PBC and click connect to establish connection Uses can also ...

Page 68: ...et as figure above Configurations of two devices should be the same Basic Setting Under WDS mode channel bandwidth should be 20 Security Mode WDS should be enabled on both devices MACs of each other should be inputed on both sides There could be variation on the quanity of AP supported on different devices 1 Input AP MAC into blank ...

Page 69: ... N WAN Router ALLNET GmbH München 2013 All rights reserved 69 If WEP mode is enabled system will arrange 4 sets of key for those MACs Make sure the order is correct 2 Or check Scanning to select existing AP and then click Submit ...

Page 70: ...ht by controlling the wireless LAN MAC address of client Only the valid MAC address that has been configured can access the wireless LAN interface Policy Deny Connection from the disabled MAC list will be denied Allow Only MAC listed in Enabled list can establish connection Add Station MAC MAC Address Input MAC into the policy Users can find MAC address such as 00 11 22 33 44 55 from client device...

Page 71: ...erved 71 8 3 Station List Station List provides the knowledge of connecting wireless clients MAC Address The MAC address of client device DHCP IP The IP address allocated from system Host Name The host name of client device SSID SSID of client device Rate The quality of Wifi signal ...

Page 72: ...o save bandwidth or provide priority to specific applications or services and also to enable other users to share bandwidth as well as to ensure stable and reliable network transmission To maximize the bandwidth efficiency network administrators should take account of the practical requirements of a company a community a building or a café etc and modify bandwidth management according to the netwo...

Page 73: ...ALL VPN10 VPN Firewall WLAN N WAN Router ALLNET GmbH München 2013 All rights reserved 73 9 1 Bandwidth Management ...

Page 74: ...ddresses in the Intranet the minimum guaranteed upstream bandwidth for each IP would be 1024Kbit 50 20Kbit Sec Thus 20Kbit Sec can be input for Mini Rate Downstream bandwidth can be calculated in the same way Attention The unit of calculation in this example is Kbit Some software indicates the downstream upstream speed with the unit KB 1KB 8Kbit 9 1 2 QoS To satisfy the bandwidth requirements of c...

Page 75: ...controlled select FTP Port 21 21 Refer to the Default Service Port Number List IP Address This is to select which user is to be controlled If only a single IP is to be restricted input this IP address such as 192 168 1 100 to 100 The rule will control only the IP 192 168 1 100 If an IP range is to be controlled input the range such as 192 168 1 100 149 The rule will control IP addresses from 192 1...

Page 76: ...t maximum available bandwidth The maximum bandwidth will not exceed the limit set up under this rule Attention The unit of calculation used in this rule is Kbit Some software indicates download upload speed by the unit KB 1KB 8Kbit Bandwidth sharing Sharing total bandwidth with all IP addresses If this option is selected all IP addresses or Service Ports will share the bandwidth range from minimum...

Page 77: ...w Table button Click it a dialog as below will pop up Users can select Rule or Interface button to display the configured rules Click Refresh to renew the table and Close to close it For reconfiguring the rule click Edit Example 1 How to set up the maximum download speed to 50 Kbit for the FTP protocol on all WAN interfaces Please refer to the following as a setup example Click before both WAN1 an...

Page 78: ...ALL VPN10 VPN Firewall WLAN N WAN Router ALLNET GmbH München 2013 All rights reserved 78 ...

Page 79: ... 1 1 254 in Direction part open the dropdown box and choose Downstream Import 2Kbit Sec in Mini Rate which guarantees the minimum bandwidth And import 512Kbit Sec in Max Rate for a maximum limitation Choose Assign bandwidth for each IP address in Bandwidth sharing method which ensures each IP a minimum 2Kbits Sec download speed Click Enable and Add to list then this rule is successfully added Atte...

Page 80: ...effect on bandwidth usage In addition if any Intranet PC is attacked by a virus like Worm Blaster and sends a huge number of session requests session control will restrict that as well Session Control and Scheduling Disabled Disable Session Control function Single IP cannot exceed __ session This option enables the restriction of maximum external sessions to each Intranet PC When the number of ext...

Page 81: ...new sessions cannot be made until the setting time ends If this function is selected when the user s port connections reach the limit all the lines that this user is connected with will be removed and the user will not be able to connect with the Internet for five minutes New connections cannot be made until the delay time ends Apply Click Apply to save the configuration Cancel Click Cancel to lea...

Page 82: ...ed 82 Source IP Input the IP address range or IP group Enabled Activate the rule Add to list Add this rule to the list Delete seleted item Remove the rules selected from the Service List Apply Click Apply to save the configuration Cancel Click Cancel to leave without making any change ...

Page 83: ...IPs Each IP s downstream bandwidth threshold for all WAN Input the max downstream rate for intranet IPs If any IP s bandwidth is over maximum threshold its maximum bandwidth will remain When any IP uses more bandwidth than the above upstream or downstream settings the IP will be restricted for the following upstream or downstream bandwidth settings Enabled Penalty Mechanism After choosing Enabled ...

Page 84: ...cheduling If Always is selected the rule will be executed around the clock If From is selected the rule will be executed according to the configured time range For example if the time control is from Monday to Friday 8 00am to 6 00pm users can refer to the following figure to set up the rule ...

Page 85: ...Stateful Packet Inspection This enables the packet automatic authentication detection technology The Firewall operates mainly at the network layer By executing the dynamic authentication for each connection it will also perform an alarming function for application procedure Meanwhile the packet authentication firewall may decline the connections which use non standard communication protocol DoS De...

Page 86: ...to receive this type of packet message format This feature is off by default Prevent ARP Virus Attack This feature is designed to prevent the intranet from being attacked by ARP spoofing causing the connection failure of the PC This ARP virus cheat mostly occurs in Internet cafes When attacked all the online computers disconnect immediately or some computers fail to go online Activating this featu...

Page 87: ...ss The following describes the internet access rules All traffic from the LAN to the WAN is allowed by default All traffic from the WAN to the LAN is denied by default Users may define access rules and do more than the default rules However the following four extra service items are always on and are not affected by other user defined settings HTTP Service from LAN to Device is on by default for m...

Page 88: ... do not give permission Service Management If the service that users wish to manage does not exist in the drop down menu press Service Management to add the new service From the pop up window enter a service name and communications protocol and port and then click the Add to list button to add the new service Log No Log There will be no log record Create Log when matched Event will be recorded in ...

Page 89: ...day means this period of time will be under control everyday If users only certain days of a week should be under control users may select the desired days directly Apply Click Apply to save the configuration Cancel Click Cancel to leave without making any change Example 1 How to block TCP135 139 virus port Firstly Add TCP 135 139 port in Add new service port Please refer to the chapter of how to ...

Page 90: ... 192 168 1 200 to 230 to access service port 80 Action Forbid Service Port TCP 80 Source Interface LAN Meaning to service port 80 which blocks the traffic from intranet to internet Source IP 192 168 1 200 192 168 1 230 Dest IP ANY Meaning to any service port 80 which blocks the traffic from intranet to internet among 192 168 1 200 230 ...

Page 91: ...Content Filter The device supports two webpage restriction modes one is to block certain forbidden domains and the other is to give access to certain web pages Only one of these two modes can be selected Block Forbidden Domain Fill in the complete website such as www sex com to have it blocked ...

Page 92: ...k this option to delete Website Blocking by Keywords Enabled Click to activate this feature The default setting is disabled For example If users enter the string sex any websites containing sex will be blocked Keywords Only for English keyword Enter keywords Add to List Add this new service item content to the list Delete selected item Delete the service item content from the list Apply Click Appl...

Page 93: ...ools employees and students are only allowed to access some specific websites This is the purpose of the function Enabled Activate the function The default setting is Disabled Add Input the allowed domain name etc www google com Add to list Add the rule to list Delete selected item Users can select one or more rules and click to delete ...

Page 94: ...ule on a round the clock basis Select from and the operation will run according to the defined time For example if the control time runs from 8 a m to 6 p m Monday to Friday users may control the operation according to the following illustrated example Always Select Always to apply the rule on a round the clock basis Select from and the operation will run according to the defined time to Select Al...

Page 95: ...ALL VPN10 VPN Firewall WLAN N WAN Router ALLNET GmbH München 2013 All rights reserved 95 XI L7 Management 11 1 L7 Filter 1 Rule list ...

Page 96: ...ALL VPN10 VPN Firewall WLAN N WAN Router ALLNET GmbH München 2013 All rights reserved 96 2 Add new rule click ...

Page 97: ...ual application support list 1 After choosing Category the Item column will show the crosponding list Hint Directly click on the applications to put them effective Cancel the application by double clicks Click Choose All to put all applications into effective and click unnecessary items for cancel Items could be choosing in multiple categories 2 Click to drop the applications into the right column...

Page 98: ... the exceptional user setting Please note that the exceptional user setting will be applied to all the rules in the application For example if there is a Google Talk rule with no exceptional IP when adding a new Google Talk rule with the exceptional IP 192 168 1 100 192 168 1 100 could use Google Talk anyway no matter applied to the original rule or the new rule Step 5 Click to save the rule setti...

Page 99: ...ALL VPN10 VPN Firewall WLAN N WAN Router ALLNET GmbH München 2013 All rights reserved 99 11 2 L7 VIP Priority Channel 1 Rule List 2 Add New Rule Click ...

Page 100: ... of the rule will be shown on the list so administrator could name the rule by users or usages Select one WAN as VIP For example only the traffic of president room on WAN1 and WAN2 is VIP traffic on other WAN ports is not VIP Hint If users want traffic only run on VIP WAN users can also configure L7 Application Binding ...

Page 101: ...l give VIP priority Set source IP Group as VIP For instance if General Manager Room IP group is chosen they will have VIP priority no matter what application is used Set VIP application and source IP Group at the same time If Webpage and General Manager Room are configured at the same time it means when general manager room use webpage service the system will give them VIP bandwidth But VIP bandwi...

Page 102: ...upport list After choosing Category the Item column will show the crosponding list Hint Directly click on the applications to put them effective Cancel the application by double clicks Click Choose All to put all applications into effective and click unnecessary items for cancel Items could be chosen in multiple categories Click to drop the applications into the right column Step 3 Make sure the t...

Page 103: ...ALL VPN10 VPN Firewall WLAN N WAN Router ALLNET GmbH München 2013 All rights reserved 103 Step 4 Click to save the rules ...

Page 104: ...ALL VPN10 VPN Firewall WLAN N WAN Router ALLNET GmbH München 2013 All rights reserved 104 11 3 L7 QoS 1 Rule List ...

Page 105: ...nit is kbit some of the software applications display by KB 1KB 8kbit Calculating bandwidth utility of QoS rule minimize of bandwidth IP set up number For example IP range is 192 168 1 101 110 minimize bandwidth by each IP is 500kbit sec the total bandwidth utility of QoS rule is 500kbit sec 10 by IP 5000kbit sec Remnant guarantee Bandwidth Bandwidth QoS Policy The Remnant guarantee displays as a ...

Page 106: ...AN Router ALLNET GmbH München 2013 All rights reserved 106 2 Add New Rule Click Step 1 Name the rule The name of the rule will be shown on the list so administrator could name the rule by users or usages Step 2 Choose the application ...

Page 107: ...n support list After choosing Category the Item column will show the crosponding list Hints Directly click on the applications to put them effective Cancel the application by double clicks Click Choose All to put all applications into effective and click unnecessary items for cancel Items could be chosen in multiple categories Click to drop the applications into the right column ...

Page 108: ...d bandwidth for Intranet IP Bandwidth sharing Sharing total bandwidth with all IP addresses If this option is selected all IP addresses or Service Ports will share the bandwidth range from minimum to maximum bandwidth Assign bandwidth for each IP address If this option is selected every IP or Service Port in this range can have this bandwidth minimum to maximum For example If the rule is set for t...

Page 109: ...en 2013 All rights reserved 109 Step 4 Make sure the time setting is correct to make the rule in effective only during the set time All time is set as the default The time frame could be modified in the following settings Step 5 Click to save the rule setting ...

Page 110: ...cations by the URL destination IP address or the port number You can see the Application Define feature on the Application Status Table or on the APP List of all L7 Management features Application Status Figures are used for reference Please visit the official website for the actual application support list Each function of L7 Management APP List Figures are used for reference Please visit the off...

Page 111: ... an IP range is to be controlled input the range such as 100 100 100 105 200 Dest IP Group Apply the Dest IP Group from the Group Management function Domain Name Use Domain Name to define the application for example input the speed hinet net such as http speed hinet net Service Port Set up the TCP UDP port number or apply the port group from the Group Management function Step 3 Click to add your o...

Page 112: ...he ID of the policies Figures are used for reference Please visit the official website for the actual application support list 1 Sorting and ordering the applications Sorting the applications or ordering the applications by the name 2 Jump to the specific page 3 Identify the lines in one page 4 L7 VIP Priority Channel Display policy which made by the application presses the ID to edit the policy ...

Page 113: ...ALL VPN10 VPN Firewall WLAN N WAN Router ALLNET GmbH München 2013 All rights reserved 113 XII VPN Virtual Private Network 10 1 VPN ...

Page 114: ...nnel or Client to Gateway tunnel The VPN tunnel connections are done by 2 VPN devices via the Internet When a new tunnel is added the setting page for Gateway to Gateway or Client to Gateway will be displayed Gateway to Gateway Click Add to enter the setting page of Gateway to Gateway Client to Gateway Click Add to enter the setting page of Client to Gateway ...

Page 115: ... other VPN device some device requires that the tunnel name is identical to the name of the host end to facilitate verification This tunnel can thus be successfully enabled Interface From the pull down menu users can select the Interface for this VPN tunnel Enabled Click to activate the VPN tunnel This option is set to activate by default Afterwards users may select to activate this tunnel feature...

Page 116: ...lled into this space Users don t need to do further settings FQDN refers to the combination of host name and domain name and can be retrieved from the Internet i e vpn server com This IP address and domain name must be identical to those of the VPN secure gateway setting type to establish successful connection 3 IP E mail Addr USER FQDN Authentication If users select IP address and E mail enter th...

Page 117: ...to link to VPN enter E Mail address to the empty field for E Mail authentication Local Security Group Type This option allows users to set the local VPN connection access type The following offers a few items for local settings Please select and set appropriate parameters 1 IP address This option allows the only IP address which is entered to build the VPN tunnel Reference When this VPN tunnel is ...

Page 118: ...cation IP Domain name IP E mail Addr USER FQDN Authentication IP Email address Dynamic IP Domain Name FQDN Authentication Dynamic IP address Domain name Dynamic IP E mail Addr USER FQDN Authentication Dynamic IP address Email address name 1 IP only If users select the IP Only type entering this IP allows users to gain access to this tunnel If the IP address of the remote client is unknown choose I...

Page 119: ...et When users finish the setting the corresponding IP address will be displayed under the remote gateway of Summary 3 IP E mail Addr USER FQDN Authentication If users select IP address and E mail type entering the IP address and the E mail allows users to gain access to this tunnel If the remote IP address is unknown choose IP by DNS Resolved allowing DNS to translated the IP address This domain n...

Page 120: ...ote Security Group Type This option allows users to set the remote VPN connection access type The following offers a few items for remote settings Please select and set appropriate parameters 1 IP address This option allows the only IP address which is entered to build the VPN tunnel Reference When this VPN tunnel is connected computers with the IP address of 192 168 2 1 can establish connection 2...

Page 121: ...el to use any encryption and authentication mode users must set the parameter of this exchange password with that of the remote Use IKE Protocol Click the shared key generated by IKE to encrypt and authenticate the remote user If PFS Perfect Forward Secrecy is enabled the Phase 2 shared key generated during the IKE coordination will conduct further encryption and authentication When PFS is enabled...

Page 122: ...8hours by default This allows the automatic generation of other exchange password within the valid time of the VPN connection so as to guarantee security Phase2 SA Life Time The life time for this exchange code is set to 3600 seconds or 1hours by default This allows the automatic generation of other exchange password within the valid time of the VPN connection so as to guarantee security Preshared...

Page 123: ... device will disconnect the tunnel automatically and then create new connection Users can define the transmission time for each DPD message packet and the default value is 10 seconds Heart Beat VPN Tunnel Heart Beat Detection function If this option is selected the system will sent ICMP ACK packet to the remote host with VPN tunnel regularly the remote host will also send an ICMP ACK reply packet ...

Page 124: ...n and DPD features are both used to provide a stabile VPN solution for customers The difference between them is that we can use the Heart Beat detection in a non IPSec protocol With the Heart Beat detection we can monitor the VPN tunnel and make sure whether the tunnel exists and smooth or not However with the DPD feature it is only available under the IPSec protocol ...

Page 125: ...e embedded VPN feature please select the Tunnel number Tunnel Name Displays the current VPN tunnel connection name such as XXX Office Users are well advised to give them different names to avoid confusion Note If this tunnel is to be connected to the other VPN device some device requires that the tunnel name is identical to the name of the host end to facilitate verification This tunnel can thus b...

Page 126: ...e IP only entering the IP address is the only way to gain access to this tunnel The WAN IP address will be automatically filled into this space Users don t need to do further settings 2 IP Domain Name FQDN Authentication If users select IP domain name type please enter the domain name and IP address The WAN IP address will be automatically filled into this space Users don t need to do further sett...

Page 127: ...tication If users use dynamic IP address to connect to the device users may select this option to connect to VPN without entering IP address When VPN Gateway requires for VPN connection the device will start authentication and respond to VPN tunnel connection if users select this option to link to VPN enter E Mail address to the empty field for E Mail authentication Local Security Group Type This ...

Page 128: ...ress of 192 168 1 0 can establish connection 2 Subnet This option allows local computers in this subnet to be connected to the VPN tunnel Reference When this VPN tunnel is connected only computers with the session of 192 168 1 0 and with subnet mask as 255 255 255 0 can connect with remote VPN ...

Page 129: ...namic IP E mail Addr USER FQDN Authentication 1 IP only If users decide to use IP only entering the IP address is the only way to gain access to this tunnel The WAN IP address will be automatically filled into this space Users don t need to do further settings 2 IP Domain Name FQDN Authentication If users select IP domain name type please enter the domain name and IP address The WAN IP address wil...

Page 130: ... this option to link to VPN If the remote VPN gateway requires connection to the device for VPN connection this device will start authentication and respond to this VPN tunnel connection if users select this option to link to VPN please enter the domain name 5 Dynamic IP E mail Addr USER FQDN Authentication If users use dynamic IP address to connect to the device users may select this option to co...

Page 131: ...yption Management Protocol When users set this VPN tunnel to use any encryption and authentication mode users must set the parameter of this exchange password with that of the remote IKE Protocol Click the shared key generated by IKE to encrypt and authenticate the remote user If PFS Perfect Forward Secrecy is enabled the Phase 2 shared key generated during the IKE coordination will conduct furthe...

Page 132: ...ical to that of the remote authentication mode MD5 or SHA1 Phase 1 SA Life Time The life time for this exchange code is set to 28800 seconds or 8hours by default This allows the automatic generation of other exchange password within the valid time of the VPN connection so as to guarantee security Phase2 SA Life Time The life time for this exchange code is set to 3600 seconds or 1hours by default T...

Page 133: ...ansmit HELLO ACK message packet to detect whether there is connection between the two ends of the VPN tunnel If one end is disconnected the device will disconnect the tunnel automatically and then create new connection Users can define the transmission time for each DPD message packet and the default value is 10 seconds Heart Beat VPN Tunnel Heart Beat Detection function If this option is selected...

Page 134: ...h used to provide a stabile VPN solution for customers The difference between them is that we can use the Heart Beat detection in a non IPSec protocol With the Heart Beat detection we can monitor the VPN tunnel and make sure whether the tunnel exists and smooth or not However with the DPD feature it is only available under the IPSec protocol 10 1 2 PPTP Server It supports the PPTP of Window XP 200...

Page 135: ...int to point tunnel protocol PPTP server can be enabled PPTP IP Address Range Please enter PPTP IP address range so as to provide the remote users with an entrance IP into the local network Enter Range Start Enter the value into the last field Enter Range End Enter the value into the last field User name Please enter the name of the remote user ...

Page 136: ...ress and PPTP address 10 1 3 VPN Pass Through IPSec Pass Through If this option is enabled the PC is allowed to use VPN IPSec packet to pass in order to connect to external VPN device PPTP Pass Through If this option is enabled the PC is allowed to use VPN PPTP packet to pass in order to connect with external VPN device L2TP Pass Through If this option is enabled the PC end is allowed to use VPN L...

Page 137: ... the conventional complicated VPN setup process by entering Server IP User Name and Password 2 Central Control Feature Displays a clear VPN connection status of all remote ends and branches Its central control screen allows setup from remote into external client ends 3 VPN Disconnection Backup Solves data transmission problem arising from failed ISP connection with remote ends or the branches Sele...

Page 138: ...nction is to set re connect duration if QVM contention drops The range is 1 60 mins QVM Backup Tunnel You can input at most 3 backup IP addresses or domain names for backup Once the connection is dropped the function will be automatically enabled to backup the VPN connection and ensure data transition security Advanced Function Change QVM Client s Service Port In some environment port 443 has been...

Page 139: ...e DMZ Host function is selected to cancel this function users must input 0 in the following DMZ Private IP This function will then be closed After the changes are completed click Apply to save the network configuration modification or click Cancel to leave without making any changes 11 1 2 Port Range Forwarding Setting up a Port Forwarding Virtual Host If the server function which means the server...

Page 140: ... access the web page In the same way to set up other services please input the server TCP or UDP port number and the virtual host IP addresses Service To select from this option the default list of service ports of the virtual host that users want to activate Such as All TCP UDP 0 65535 80 80 80 for WWW and 21 21 for FTP Please refer to the list of default service ports IP Address Input the virtua...

Page 141: ...ol To select whether a service port is TCP or UDP Port Range To activate this function input the range of the service port locations users want to activate such as 500 500 or 2300 2310 etc Add to list Add the service to the service list It supports up to 100 rules Delete selected item To remove the selected services Apply Click the Apply button to save the modification Cancel Click the Cancel butt...

Page 142: ...s 80 80 FTP is 21 21 Please refer to the default service number list Host Name or IP Address Input the Intranet virtual IP address or name that maps with UPnP such as 192 168 1 100 Enabled Activate this function Service Port Management Add or remove service ports from the management list Add to List Add to active service content Delete Selected Item Remove selected services Show Table This is a li...

Page 143: ...Routing Information Protocol When there are more than one router and IP subnets the routing mode for the device should be configured as static routing Static routing enables different network nodes to seek necessary paths automatically It also enables different network nodes to access each other Click the button Show Routing Table as in the figure to display the current routing list ...

Page 144: ...op Count This is the router layer count for the IP If there are two routers under the device users should input 2 for the router layer the default is 1 Max is 15 Interface This is to select WAN port or LAN port for network connection location Add to List Add the routing rule into the list Delete Selected Item Remove the selected routing rule from the list Show Table Show current routing table Appl...

Page 145: ... will have their own public IP addresses For example if there are more than 2 web servers requiring public IP addresses administrators can map several public IP addresses directly to internal private IP addresses Example Users have five available IP addresses 210 11 1 1 5 one of which 210 11 1 1 has been configured as a real IP for WAN and is used in NAT Users can respectively configure the other ...

Page 146: ...rnet IP addresses Please do not include IP addresses in use by WANs Add to List Add this configuration to the One to One NAT list Delete Seleted Item Remove a selected One to One NAT list Apply Click Apply to save the network configuration modification Cancel Click Cancel to leave without making any changes Attention One to One NAT mode will change the firewall working mode If this function has be...

Page 147: ... actual IP of a cable modem will be changed from time to time To overcome this problem for users who want to build services such as a website it offers the function of dynamic web address transfer This service can be applied from dyndns or NOIP ddns Also in order to solve the issue that DDNS server is not stable the device can update the dynamic IP address with different services at the same time ...

Page 148: ...The name which is set up for DDNS Input a complete website address such as abc ddns org cn as a user name for DDNS Password The password which is set up for DDNS Dynamic Domain Name Input the website address which has been applied from DDNS Examples are abc dyndns org WAN IP Address Input the actual dynamic IP address issued by the ISP Status An indication of the status of the current IP function ...

Page 149: ... mode users Users can input the network card physical address MAC address 00 xx xx xx xx xx here The device will adopt this MAC address when requesting IP address from ISP Select the WAN port to which the configuration is to be edited click the hyperlink to enter and edit its configuration Users can input the MAC address manually Press Apply to save the setting and press Cancel to remove the setti...

Page 150: ...he status of the USB Storage settings can be seen after logging in to the router Status Link Down The USB port does not detect the device or there are no devices plugged into the port Disconnect An USB Storage device is plugged into the port clicking on Disconnect will disconnect the device 11 7 1 FTP Service The FTP Service functionality is enabled by default ony the seup of an user account is re...

Page 151: ...es in the USB Storge device read write User can add read or delete the files stored in the device Enabled Check this box to enable the rule 2 Guest Account Setup Guest Access is for providing guests username Guest access to the files within the USB Storage without requiring a password The default setting for this function is disabled There are only two permissions for this function read only Users...

Page 152: ...mbH München 2013 All rights reserved 152 3 Advanced Settings Simultaneous FTP Connection Total number of client connections the FTP Server can accept at the same time FTP Service Charset FTP Server Character set the selections are UFT8 GB2312 and BIG5 ...

Page 153: ...Password of the account for both FTP and SAMBA Services Must contain at least 5 characters Access Policy read only Users can only read from the storage device read write Users can add read or delete the files stored in the device Enabled Check this box to enable the rule 2 Guest Account Setup Guest Access is for providing guests username Guest access to the files within the USB Storage without req...

Page 154: ...ll rights reserved 154 read only Users can only read from the storage device read write Users can add read or delete the files stored in the device 3 Advanced Settings Host Name The name for the router Work Group The name of the workgroup to join or show in the network ...

Page 155: ...d Password and Time setting is in Chapter 5 2 12 1 Diagnostic The device provides a simple online network diagnostic tool to help users troubleshoot network related problems This tool includes DNS Name Lookup Domain Name Inquiry Test and Ping Packet Delivery Reception Test DNS Lookup On this test screen please enter the host name of the network users want to test For example users may enter www ab...

Page 156: ...ing This item informs users of the status quo of the outbound session and allows the user to know the existence of computers online On this test screen please enter the host IP that users want to test such as 192 168 5 20 Press Go to start the test The result will be displayed on this screen ...

Page 157: ...irmware on the Firmware Upgrade page Please confirm all information about the software version in advance Select and browse the software file click Firmware Upgrade Right Now to complete the upgrade of the designated file Note Please read the warning before firmware upgrade Users must not exit this screen during upgrade Otherwise the upgrade may fail ...

Page 158: ...e all backup content of parameter settings into the device Before upgrade confirm all information about the software version Select and browse the backup parameter file config exp Select the file and click Import to import the file Export Configuration File This feature allows users to backup all parameter settings Click Export and select the location to save the config exp file ...

Page 159: ...agement item Through this SNMP communications protocol programs with network management i e SNMP Tools HP Open View can help communications of real time management The device supports standard SNMP v1 v2c and is consistent with SNMP network management software so as to get hold on to the operation of the online devices and the real time network information The UI might vary from model to model dep...

Page 160: ...nity Name Set the name of the group or community that can view the device SNMP data The default setting is Public Set Community Name Set the name of the group or community that can receive the device SNMP data The default setting is Private Trap Community Name Set user parameters password required by the Trap receiving host computer to receive Trap message Send SNMP Trap to Set one IP address or D...

Page 161: ...en 2013 All rights reserved 161 12 5 System Recover Users can restart the device with System Recover button System Recover As the figure below if clicking Restart Router button the dialog block will pop out confirming if users would like to restart the device ...

Page 162: ...l WLAN N WAN Router ALLNET GmbH München 2013 All rights reserved 162 Return to Factory Default Setting If clicking Return to Factory Default Setting the dialog block will pop out if the device will return to factory default ...

Page 163: ...3 All rights reserved 163 XV Log From the log management and look up we can see the relevant operation status which is convenient for us to facilitate the setup and operation 13 1 System Log Its system log offers three options system log E mail alert and log setting ...

Page 164: ... Log Setting Alert Log The device provides the following warning message Click to activate these features Syn Flooding IP Spoofing Win Nuke Ping of Death Unauthorized Login Attempt Syn Flooding Bulky syn packet transmission in a short time causes the overload of the system storage of record in connection information IP Spoofing Through the packet sniffing hackers intercept data transmitted on the ...

Page 165: ...cess rules for instance message will be recorded in the system log Allow Policies If remote users enter the system because of compliance with access rules for instance message will be recorded in the system log Configuration Change When the system settings are changed this message will be sent back to the system log Authorized Login Successful entry into the system includes login from the remote e...

Page 166: ...ration information such as port location device name current WAN link status IP address MAC address subnet mask default gateway DNS number of received sent total packets number of received sent total Bytes Received and Sent Bytes Sec total number of error packets received total number of the packets dropped number of session number of the new Session Sec and upstream as well as downstream broadban...

Page 167: ...ALL VPN10 VPN Firewall WLAN N WAN Router ALLNET GmbH München 2013 All rights reserved 167 ...

Page 168: ...esses that this IP had visited or the users source IP who used this service port This facilitates the identification of websites that needs authentication but allows a single WAN port rather than Multi WANs Administrators may find out the destination IP for protocol binding to solve this login problem For example when certain port software is denied inquiring about the IP address of this specific ...

Page 169: ...ic IP Status Enter the IP address that users want to inquire and then the entire destination IP connected to remote devices as well as the number of ports will be displayed Specific Port Status Enter the service port number in the field and IP that are currently used by this port will be displayed ...

Page 170: ...nchen 2013 All rights reserved 170 XVI Log out On the top right corner of the web based UI there is a Logout button Click on it to log out of the web based UI To enter next time open the Web browser and enter the IP address user name and password to log in ...

Page 171: ...ALL VPN10 VPN Firewall WLAN N WAN Router ALLNET GmbH München 2013 All rights reserved 171 Appendix I Technical Support Information Official Website http www allnet de Support E mail support allnet de ...

Page 172: ... interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is conne...

Page 173: ...rticle 3 2 of the R TTE Directive EN 301 489 1 V1 8 1 2008 Electromagnetic compatibility and Radio Spectrum Matters ERM ElectroMagnetic Compatibility EMC standard for radio equipment and services Part 1 Common technical requirements EN 301 489 17 V2 1 1 2009 Electromagnetic compatibility and Radio spectrum Matters ERM ElectroMagnetic Compatibility EMC standard for radio equipment and services Part...

Page 174: ...ou at http www allnet de gpl html The GPL code and LGPL code used in this product is distributed WITHOUT ANY WARRANTY and is subject to the copyrights of one or more authors For details see the GPL code and the LGPL code for this product and the terms of the GPL and LGPL Written offer for GPL and LGPL source code Where such specific license terms entitle you to the source code of such software ALL...

Page 175: ... the device The Allnet ALL VPN10 conforms to the Council Directives of 2004 108 EC This equipment meets the following conformance standards EN301489 1 V1 9 2 2011 09 EN301489 17 V2 2 1 2012 09 EN55022 2010 AC 2011 Class B EN61000 3 2 2006 A1 2009 A2 2009 Class A EN610003 3 2008 EN61000 4 2 2009 EN61000 4 3 2006 A1 2008 A2 2010 EN61000 4 4 2012 EN61000 4 5 2006 EN61000 4 6 2009 EN61000 4 11 2004 Th...

Reviews: