User Manual
V0.91_20140227
BDE702-001
BDE761-001
BDE771-001
Business Security Gateway
Page 1: ...User Manual V0 91_20140227 BDE702 001 BDE761 001 BDE771 001 Business Security Gateway...
Page 2: ...1 Physical Interface 20 3 1 1 2 Network Setup 21 3 1 1 2 1 Ethernet WAN 22 3 1 1 2 2 Wireless WAN 3G 4G 31 3 1 1 3 Load Balance 33 3 1 2 LAN VLAN Setup 36 3 1 2 1 Network Setting 37 3 1 2 2 LAN VLAN 3...
Page 3: ...1 3 Web Content Filter 75 3 2 1 4 MAC Control 76 3 2 1 5 L7 Filter 77 3 2 1 6 Access Control 78 3 2 1 7 IPS 78 3 2 1 8 Others 79 3 2 2 QoS Quality of Service 80 3 2 2 1 QoS Configuration 80 3 2 2 2 R...
Page 4: ...3 GRE rule Configuration 103 3 2 4 Redundancy 104 3 2 4 1 VRRP 104 3 2 5 System Management 105 3 2 5 1 UPnP 105 3 2 5 2 SNMP 106 3 2 5 3 TR 069 108 3 3 SYSTEM 109 3 3 1 System Information 109 3 3 2 S...
Page 5: ...ransmitted in any form or by any means mechanical magnetic electronic optical photocopying manual or otherwise without the prior written permission Trademarks All products company brand names are trad...
Page 6: ...p connection with headquarter even IP is changing all the time Firewall protection is useful to avoid hackers attacking With embedded robust security and firewall function it s suitable for remote bra...
Page 7: ...Business Security Gateway 5 CD 1pce BDE702 BDE761 BDE771 User Manual 7...
Page 8: ...2 0 or higher Firefox 3 0 or higher Safari 3 0 or higher CD Installation Wizard Requirements Computer with the following Windows 7 8 Vista or XP with Service Pack 2 An installed Ethernet adapter CD RO...
Page 9: ...Internet 4 3 x FE LAN to connect local devices WiFi Ant for BDE761 Receptor for Power Adapter Reset Button Power ON OFF Switch WiFi Ant for BDE761 Auto MDI MDIX RJ 45 Ports 1x GE WAN to connect Inter...
Page 10: ...Business Security Gateway Front View BDE702 001 BDE761 001 BDE771 001 USB Reset Button USB BDE702 BDE761 BDE771 User Manual 10...
Page 11: ...flash data packet transferred through WAN OFF No Ethernet cable attached or Device not linked Wi Fi for BDE761 Green Wireless Radio is enabled and on client connected Green in flash data packet trans...
Page 12: ...e not linked USB OFF USB 3G 4G connection is not established Green USB 3G 4G connection is established Green in flash data packet transferred via USB 3G 4G LAN1 LAN4 Green Ethernet connection is estab...
Page 13: ...his gateway 2 2 Easy Setup by Configuring Web UI You can browse web UI to configure the device Firstly you need to launch the Setup Wizard browser first and then the Setup Wizard will guide you step b...
Page 14: ...mple way Or you can go to Basic Network Advanced Network Applications System to setup the configuration by your own selection Press Next to start the Setup Wizard Configure with the Setup Wizard Step...
Page 15: ...ally for the WAN 1 interface Step 4 The system will detect the WAN type if you choose to let the system detect automatically for the WAN 1 interface Step 5 Type in Host name and ISP registered MAC add...
Page 16: ...to add authentication and encryption in your wireless network to prevent any unknown Wi Fi clients connecting to your wireless network and keep transferred data secured Step 6 Check the information a...
Page 17: ...device The default IP Address is 192 168 123 254 In the configuration section you may want to check the connection status of the device to do Basic or Advanced Network setup or to check the system sta...
Page 18: ...and side of web page Note You can see the Network Status screen below after you logged in You can also check status of wired clients at LAN Client List page Wi Fi at Wireless Status page and other adv...
Page 19: ...Interfaces to support different WAN types of connections You can configure one by one to get proper internet connection setup USB 3G 4G WAN The product has one USB port for 3G 4G access please plug i...
Page 20: ...configure the settings as well By default the WAN 1 interface is forced to Always on mode and operates as the primary internet connection the interface WAN 2 WAN 3 are disabled 1 Physical Interface Se...
Page 21: ...h WAN interface s is to be failover and fallback 3 Line Speed You can specify the downstream upstream speed Kbps for the corresponding WAN connection Such information will be referred in QoS and load...
Page 22: ...and the Wireless WAN the remote wireless ISP such as 3G 4G LTE HSPA HSPA WCDMA EDGE GPRS 3 1 1 2 1 Ethernet WAN Click on the Edit button for the Ethernet WAN interface and you can get the detail WAN s...
Page 23: ...t WAN connection if idle time reaches value of Maximum Idle Time 5 MTU Most ISP offers MTU value to users The default value is o auto 6 NAT disable If you enable this option it will act with a non NAT...
Page 24: ...isable If you enable this option it will act with a non NAT function 6 Multicast Enable or disable multicast traffics from the internet You may enable as auto mode or select by IGMP v1 IGMP v2 IGMP v3...
Page 25: ...our ISP provides not only one IPv4 but also one IPv6 address 3 PPPoE Account and Password The account and password your ISP assigned to you Please note the account and password is case sensitive For s...
Page 26: ...auto 9 NAT disable If you enable this option there will be no NAT mechanism between LAN side and WAN side 10 Multicast Enable or disable multicast traffics from the internet You may enable as auto mo...
Page 27: ...ngly If you select Static IP Address option you have to specify additional My IP Address My Subnet Mask and Gateway IP settings provided by your ISP 3 Server IP Address Name The IP address of the PPTP...
Page 28: ...nt Encryption Enable this option to add encryption on transferred and received data packets Please check with your ISP to see if this feature is supported or not 10 Multicast Enable or disable multica...
Page 29: ...have to specify additional IP Address Subnet Mask and WAN Gateway IP settings provided by your ISP 3 Server IP Address Name The IP address of the PPTP server and designated Gateway provided by your I...
Page 30: ...to add encryption on transferred and received data packets Please check with your ISP to see if this feature is supported or not 9 Multicast Enable or disable multicast traffics from the internet You...
Page 31: ...your operator will provide some information for you to setup connection such as APN dialed number account or password If you know this information exactly you can choose Manual setting and type in tha...
Page 32: ...Dial on Demand or Manually If selecting Auto Reconnect always on this gateway will start to establish Internet connection automatically since it s powered on It s recommended to choose this scheme if...
Page 33: ...v2 IGMP v3 13 IGMP Snooping Enable or disable IGMP snooping function If you enable the IGMP snooping function this device will detect all IGMP messages exchanged on the link and will maintain a table...
Page 34: ...igure which strategy is to be applied for load balancing the outbound traffics There are three load balance strategy By Smart Weight By Priority and By User Policy By Smart Weight If you choose the By...
Page 35: ...cess the internet By User Policy If you choose the By User Policy strategy you have to further create the expected policies one by one Click the add button to add your load balance policy You can mana...
Page 36: ...t Enter the expected Destination Port number for the load balance policy It can be All Port Range Single Port or Well known Applications Just choose one type of the destination port and specify its va...
Page 37: ...IP address of web UI If you change it you need to type new IP address in the browser to see web UI 2 Subnet Mask Input your Subnet mask Subnet mask defines how many clients are allowed in one network...
Page 38: ...VLAN function allows you to divide local network into different virtual LANs In some cases ISP may need router to support VLAN tag for certain kinds of services e g IPTV to work properly This Device s...
Page 39: ...e packets are directly bridged to the WAN port or processed by NAT mechanism 2 LAN VID Specify a VLAN identifier for this port The ports with the same VID are in the same VLAN 3 Tx TAG If ISP requests...
Page 40: ...the device receives a frame with a VLAN tag referred to as a tagged frame the device forwards the frame only to those ports that share the same VID By default all the LAN ports and virtual APs belong...
Page 41: ...r function this gateway will assign IP address to LAN computers or devices through DHCP protocol This device provides up to 4 DHCP servers to serve the DHCP requests from different VLANs 2 LAN IP Addr...
Page 42: ...mask you set 5 Lease Time DHCP lease time to the DHCP client 6 Domain Name Optional this information will be passed to the clients Press More and you can find more settings 7 Primary DNS Secondary DNS...
Page 43: ...f DHCP clients will be shown consequently Press Fixed Mapping and you can specify a certain IP address for designated local device MAC address so that the DHCP Server will reserve the special IP for d...
Page 44: ...EEE802 11a b g n 2Tx2R concurrent dual band wireless radio you have to configure each operation band s wireless settings and then activate your WLAN Once you finished the wireless settings for the fol...
Page 45: ...utton 5 WPS status According to your setting the status will show IDLE STARTPROCESS or NOT USED The status is IDLE by default If you want to start a WPS connection you need to push Trigger button to c...
Page 46: ...IDs for you to manage your wireless network You can select VAP1 VAP8 and configure each wireless network if it is required 5 Wireless Schedule The wireless radio can be turn off according to the sched...
Page 47: ...11 Authentication Encryption You may select one of the following authentications to secure your wireless network Open Shared Auto WPA PSK WPA WPA2 PSK WPA2 WPA PSK WPA2 PSK or WPA WPA2 Open Open syst...
Page 48: ...enter the Pre share Key You can fill in 64 hexadecimal 0 1 2 8 9 A B F digits or 8 to 63 ASCII characters as the pre share key The available encryption modes are TKIP AES or TKIP AES In this mode you...
Page 49: ...characters as the shared key The key value is shared by the RADIUS server and this router This key value must be consistent with the key value in the RADIUS server Afterwards click on Save to store y...
Page 50: ...Scheduling menu 4 Network ID SSID Network ID is used for identifying the Wireless LAN WLAN Client stations can roam freely over this device and other Access Points that have the same Network ID The f...
Page 51: ...e AP MAC 1 4 one by one 9 Remote AP MAC 1 Remote AP MAC 4 If you do not enable the Lazy mode you have to enter the wireless MAC address for each WDS peer one by one Afterwards click on Save to store y...
Page 52: ...hannels depend on the Regulatory Domain The factory default setting is auto channel selection 4 Authentication Encryption You may select one of the following authentications to secure your wireless ne...
Page 53: ...browse to the Wireless Client List page for checking which wireless client devices connected to WLANs of this device Just select the operation band and which AP s connection list is to be displayed 3...
Page 54: ...can be divided into smaller units fragments to improve performance in the presence of RF interference and at the limits of RF coverage 5 WMM Capable WMM can help control latency and jitter when transm...
Page 55: ...work renumbering and router announcements when changing Internet connectivity providers This router supports various types of IPv6 connection Static IPv6 DHCPv6 PPPoE 6 to 4 IPv6 in IPv4 tunnel Please...
Page 56: ...iguration Disable or enable this auto configuration setting 7 Auto configuration type You may set stateless or stateful Dynamic IPv6 8 Router advertisement Lifetime You can set the time for the period...
Page 57: ...uto configuration Disable or enable this auto configuration setting 4 Auto configuration type You may set stateless or stateful Dynamic IPv6 5 Router advertisement Lifetime You can set the time for th...
Page 58: ...ntually discovered by reception of their periodic unsolicited advertisements 3 1 4 3 PPPoE When PPPoE is selected you need to do the following settings WAN IPv6 address settings 1 Username enter the U...
Page 59: ...he IP address es of that interface Hosts discover the addresses of their neighboring routers simply by listening for advertisements When a host attached to a multicast link starts up it may multicast...
Page 60: ...ck if need to send Router advertisement messages periodically 3 1 4 5 IPv6 in IPv4 Tunnel When IPv6 in IPv4 Tunnel is selected you need to do the following settings 1 IPv6 in IPv4 Tunnel Settings you...
Page 61: ...work with Scheduling Rules and give user more flexibility on Access control For the details please refer to Scheduling Rule For example if you have an FTP server Service port 21 at 192 168 123 1 a We...
Page 62: ...obal IP address 3 Enable Check this item to enable the Virtual Computer feature 3 1 5 3 Special AP Some applications require multiple connections like Internet games Video conferencing Internet teleph...
Page 63: ...specified port numbers are allowed to pass through the firewall 3 Enable Check this item to enable the Special AP feature 4 Schedule Each special AP setting can be turn off according to the schedule r...
Page 64: ...l when you run a server inside your network 3 1 5 5 DMZ DMZ DeMilitarized Zone Host is a host without the protection of firewall It allows a computer to be exposed to unrestricted 2 way communication...
Page 65: ...to allow packets to find proper routing path and allow different subnets to communicate with each other 3 1 6 1 Static Routing For static routing you can specify up to 32 routing rules The routing ru...
Page 66: ...er of router gateway between this device and assigned gateway 5 Enable Check this checkbox to enable this routing rule With above example every packet goes to IP addresses 10 10 10 1 10 10 10 254 will...
Page 67: ...om available routers and constructs a topology map of the network The topology determines the routing table presented to the Internet Layer which makes routing decisions based solely on the destinatio...
Page 68: ...protocol You can enable the BGP routing function by click on the Setting button and fill in the corresponding setting for your BGP routing configuration When you finished setting click on Save to stor...
Page 69: ...your own DNS server Another simpler way is to apply a domain name to 3 party DDNS service provider It can be free or charged To host your server on a changing IP address you have to use dynamic domain...
Page 70: ...ider 3 Host Name Register a domain name to the DDNS provider The fully domain name is concatenated with hostname you specify and a suffix DDNS provider specifies 4 Username E mail Input username or E...
Page 71: ...ontrol and IPS 3 2 1 1 Packet Filters Packet Filters include both outbound filter and inbound filter And they have the same way to setting It enables you to control what packets are allowed to pass th...
Page 72: ...u can select the application and specify a rule ID then press on the Copy to button to auto fill the port range and protocol setting for the specified rule 3 Black List White List Select one of the tw...
Page 73: ...ge of ports 1000 1999 An empty implies all port addresses 7 Protocol Specify which packet protocol is to be filtered It can be TCP UDP or Both 8 Schedule The rule can be turn off according to the sche...
Page 74: ...es the pre defined word the connection will be blocked You can enter up to 10 pre defined words in a rule and each URL keyword is separated by e g abc bt org In addition to URL keywords it can also bl...
Page 75: ...blocked 3 User defined File Extension List You can enter up to 10 file extensions in a rule to be blocked 4 Schedule The rule can be turn off according to the schedule rule you specified and give use...
Page 76: ...rd events that are blocked by these rules 4 Known MAC from LAN PC List You can see all of connected clients from this list and copy their MAC address to the control table below 5 MAC Address Input the...
Page 77: ...ividually Afterwards click on Save to store your settings or click Undo to give up the changes 3 2 1 5 L7 Filter L7 Filter can categorize Internet Protocol packets based on their application layer dat...
Page 78: ...ts LAN users can browse the device s built in web pages for device administration setting This feature enables you to perform administration task from a certain remote host If this feature is enabled...
Page 79: ...f necessary 3 2 1 8 Others 1 Stealth Mode Enable this feature this device will not respond to port scans from the WAN so that makes it less susceptible to discovery and attacks on the Internet 2 SPI W...
Page 80: ...dropping Another important aspect of QoS is ensuring that prioritizing one data flow doesn t interfere with other data flows QoS helps to prioritize data as it enters your router By attaching special...
Page 81: ...you to set QoS policies Basically you need to know three parts of information before you create your own policies First who needs to be managed Second what kind of service needs to be managed The las...
Page 82: ...ove up or down the priority of all rules by clicking on the or icon if you want to change the priority of rules You can also unmark any rule in the list if you don t want to enable it 4 Restart Press...
Page 83: ...ions for service recognition They are DSCP Service Port Pre defined Application Profile and Connection Sessions DSCP DiffServ Code Point as known as advanced TOS You can choose this option if your loc...
Page 84: ...below DSCP Marking This option is only available when DSCP is chosen in Service field The purpose of this option is changing original DSCP tag to a new value This option won t prioritize data packets...
Page 85: ...according to the schedule rule you specified and give user more flexibility on QoS function By default it is always turned on when the rule is enabled For more details please refer to the System Sched...
Page 86: ...t each single host whose IP address is in the range of 192 168 123 100 120 can access to a remote server on the Internet and keep a maximum 200 sessions at the same time 3 2 2 2 2 Creating a QoS Rule...
Page 87: ...ethod This option is only available when MAXR MINR or SESSION is chosen in Control field If you want to apply the value of Control setting on each selected host then you need to select Single Otherwis...
Page 88: ...mation by utilizing encapsulation protocols encryption algorithms and hashing algorithms The products support following tunneling technologies to establish secure tunnels for data communication includ...
Page 89: ...te with its Intranet It must be noted that the remote peer has to initiate the tunnel establishing process first There is one more advanced IPSec VPN application Site to Site Support Full Tunnel Appli...
Page 90: ...ike two Intranets behind two VPN gateways to receive the NetBIOS packets from Network Neighborhood you have to check Enable 3 NAT Traversal Some NAT routers will block IPSec packets if they don t supp...
Page 91: ...st and then clicking the Delete button 3 Tunnel Check the Enable box to activate the IPSec tunnel 4 Edit You can edit one tunnel configuration by clicking the Edit button at the end of each tunnel lis...
Page 92: ...t of LAN site of local VPN gateway It can be a host a partial subnet or the whole subnet of LAN site of local gateway 2 Local Netmask The local netmask and associated local subnet can define a subnet...
Page 93: ...ies when pre shared keys are used The IKE SA s are used to protect the security negotiations Aggressive mode will accelerate the establishing speed of VPN tunnel but the device will suffer from less s...
Page 94: ...ays 3 2 3 1 8 IKE Proposal Definition There are 4 IKE proposals can be defined by you and used in IPSec tunnel establishing 1 Encryption There are six algorithms can be selected DES 3DES AES auto AES...
Page 95: ...the IKE Proposal during tunnel establishing 3 2 3 1 11 Manual Proposal When Manually key management is used there are 4 further parameters need to be specified by you and used in IPSec tunnel establi...
Page 96: ...uses 64 length of hex format Certainly its length will be 0 if no authentication algorithm is chosen The key value should be also set in hex formatted 3 2 3 2 PPTP The VPN gateway can behave as a PPT...
Page 97: ...client This value indicates the end of IP pool 5 Authentication Protocol You can choose authentication protocol as PAP CHAP MSCHAP v1 or MSCHAP v2 6 MPPE Encryption Check this checkbox to enable MPPE...
Page 98: ...ts and define each user account settings by clicking on the corresponding Edit button and then check the Enable checkbox to enable it 3 PPTP Client Name The name of this rule 4 Operation Mode Support...
Page 99: ...2 MPPE Encryption If you enable MPPE then this L2TP tunnel will be encrypted 13 NAT before tunneling It can go to access the Server internal data 14 LCP Echo Type Choose the way to do connection keep...
Page 100: ...e L2TP client This value indicates the beginning of IP pool 5 IP Pool Ending Address This device will assign an IP address to remote L2TP client This value indicates the end of IP pool 6 Authenticatio...
Page 101: ...L2TP clients and define each user account settings by clicking on the corresponding Edit button and then check the Enable checkbox to enable it 1 L2TP Client Name The name of this rule 2 Operation Mod...
Page 102: ...or MSCHAP v2 The protocol you choose must be supported by remote L2TP server 10 MPPE Encryption If you enable MPPE then this L2TP tunnel will be encrypted 11 NAT before tunneling It can go to access t...
Page 103: ...l IP address of this tunnel 4 Peer IP Enter the IP address of remote host that you want to connect 5 Key Enter the password to establish GRE tunnel with remote host 6 TTL Time To Live for packets The...
Page 104: ...ions on an IP network The protocol achieves this by creation of virtual routers which are an abstract representation of multiple routers i e master and backup routers acting as a group The default gat...
Page 105: ...lect or Undo to give up 3 2 5 System Management 3 2 5 1 UPnP UPnP Internet Gateway Device IGD Standardized Device Control Protocol is a NAT port mapping protocol and is supported by some NAT routers I...
Page 106: ...signed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events 1 Enable SNMP You can check Local LAN Remote WAN or both...
Page 107: ...or SHA as the method of password encryption for the specified level of access or to disable authentication 8 User 1 2 Privacy Mode You can configure the SNMP privacy mode There are three modes for yo...
Page 108: ...customized feature for ISP It is not recommend that you change the configuration for this If you have any problem in using this feature for device management please contact with your ISP or the ACS pr...
Page 109: ...n you can see system information system logs use system tools for system update and do service scheduling and system administration setting 3 3 1 System Information You can view the System Information...
Page 110: ...clear the log messages 3 3 2 2 Syslog This device can also export system logs to specific destination by means of syslog UDP and SMTP TCP With enabled Syslog function this device will send log to a ce...
Page 111: ...er the Username offered by your ISP 4 SMTP Password Enter the password offered by your ISP 5 E mail Addresses The recipients are the ones who will receive these logs You can assign more than 1 recipie...
Page 112: ...browse button to indicate the file name of new firmware and then press Upgrade button to start to upgrade new firmware on this device If you want to upgrade a firmware which is from GPL policy please...
Page 113: ...can select a NTP time server to consult UTC time 3 Sync with Time Server Click on the button if you want to set Date and Time by NTP Protocol 4 Sync with my PC Click on the button if you want to set D...
Page 114: ...turned on or awakened by a network message You can enter the MAC address of the computer in your LAN network to be remotely turned on 5 Domain Name or IP address for Ping Test This allows you to confi...
Page 115: ...the scheduling function 2 Add New Rule To create a schedule rule click the Add New button or the Add New Rule button at the bottom When the next dialog popped out you can edit the Name of Rule Policy...
Page 116: ...Business Security Gateway 3 3 5 MMI 3 3 5 1 Web UI You can set UI administration time out duration in this page If the value is 0 means the time out is unlimited BDE702 BDE761 BDE771 User Manual 116...
Page 117: ...LED is lit Do a Ping test to make sure that the WiFi Broadband Router is responding Go to Start Run 1 Type cmd 2 Press OK 3 Type ipconfig to get the IP of default gateway 4 Type ping 192 168 123 254...
Page 118: ...OK 2 What can I do if my Ethernet connection does not work properly A Make sure the RJ45 cable connects with the router B Ensure that the setting on your Network Interface Card adapter is Enabled C If...
Page 119: ...al devices that generate RF noise such as microwaves monitors electric motors B What can I do if my wireless client can not access the Internet I Out of range Put the router closer to your client II W...
Page 120: ...tric motors etc 4 What to do if I forgot my encryption key 1 Go back to advanced setting to set up your Encryption key again 2 Reset the WiFi Broadband Router to default setting 5 How to reset to defa...
Page 121: ...1 udhcp server GPLv2 udhcp 0 9 9 udhcp client fdisk GPLv2 util linux 2 12q mke2fs e2fsck GPLv2 e2fsprogs v1 40 2 samba GNUv2 samba 3 0 20 wireless tools GPLv2 wireless tools vsfptd GPLv2 vsftpd 2 0 3...
Page 122: ...ake restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the soft...
Page 123: ...use any work that you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the t...
Page 124: ...if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License to do so and all its terms and condi...
Page 125: ...e Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the...
