Billion BiGuard 30 User Manual Download | Manualshive

Page: 162 / 211

background image

162

data authentication, integrity, and confidentiality as data is transferred across IP
networks. IPSec provides data security at the IP packet level, and protects against
possible security risks by protecting data. IPSec is widely used to establish VPNs.

There are three major functions of IPSec:

- Confidentiality: Conceals data through encryption.
- Integrity: Ensures that contents did not change in transit.
- Authentication: Verifies that packets received are actually from the claimed
sender.

E.2.1 IPSec Security Components

IPSec contains three major components:

- Authentication Header (AH): Provides authentication and integrity.
- Encapsulating Security Payload (ESP): Provides confidentiality, authentication,
and integrity.
- Internet Key Exchange (IKE): Provides key management and Security Association
(SA) management.

These components are discussed below.

E.2.1.1 Authentication Header (AH)

The Authentication Header (AH) is a protocol that provides authentication and
integrity, protecting data from tampering. It provides authentication of either all or
part of the contents of a datagram through the addition of a header that is
calculated based on the values in the datagram.

The AH can also protect packets from unauthorized re-transmission with anti-replay
functionality. The presence of the AH header allows us to verify the integrity of the
message, but doesn't encrypt it. Thus, AH provides authentication but not privacy.
ESP protects data confidentiality. Both AH and ESP can be used together for added
protection.

A typical AH packet looks like this:

«
...
160
161
162
163
164
...
»

Summary of Contents for BiGuard 30

Page 1: ...BiGuard 30 iBusiness Security Gateway SMB User s Manual Version Release 5 00 FW 1 03...

Page 2: ...All rights reserved Disclaimer Billion does not assume any liability arising out of the application of use of any products or software described herein Neither does it convey any license under its pat...

Page 3: ...be stepped on DO NOT use BiGuard 30 in environments with high humidity or high temperatures DO NOT use the same power source for BiGuard 30 as other equipment DO NOT use your BiGuard 30 and any acces...

Page 4: ...Overview 2 2 Bandwidth Management with QoS 2 2 1 QoS Technology 2 2 2 QoS Policies for Different Applications 2 2 3 Guaranteed Maximum Bandwidth 2 2 4 Policy Based Traffic Shaping 2 2 5 Priority Band...

Page 5: ...ring 3 4 3 2 Verifying Settings 3 4 4 Windows 98 ME 3 4 4 1 Installing Components 3 4 4 2 Configuring 3 4 4 3 Verifying Settings 3 5 Factory Default Settings 3 5 1 Username and Password 3 5 2 LAN and...

Page 6: ...4 4 2 1 1 DHCP 4 4 2 1 2 Static IP 4 4 2 1 3 PPPoE 4 4 2 1 4 PPTP 4 4 2 1 5 Big Pond 4 4 2 2 Bandwidth Settings 4 4 3 Dual WAN 4 4 3 1 General Settings 4 4 3 2 Outbound Load Balance 4 4 3 3 Inbound L...

Page 7: ...ement 4 5 Save Configuration To Flash 4 6 Logout Chapter 5 Troubleshooting 5 1 Basic Functionality 5 1 1 Router Won t Turn On 5 1 2 LEDs Never Turn Off 5 1 3 LAN or Internet Port Not On 5 1 4 Forgot M...

Page 8: ...1 3 Dynamic Host Configuration Protocol DHCP D 2 Router Basics D 2 1 Why use a Router D 2 2 What is a Router D 2 3 Routing Information Protocol RIP D 3 Firewall Basics D 3 1 What is a Firewall D 3 2...

Page 9: ...G 4 Who Needs QoS G 4 1 Home Users G 4 2 Office Users Appendix H Router Setup Examples H 1 Outbound Fail Over H 2 Outbound Load Balancing H 3 Inbound Fail Over H 4 DNS Inbound Fail Over H 5 DNS Inboun...

Page 10: ...WAN ports BiGuard 30 combines two broadband lines such as DSL or Cable into one Internet connection providing optimal bandwidth sharing for multiple PCs on your network or allowing maximum reliability...

Page 11: ...t network security and peace of mind 1 2 4 Intelligent Bandwidth Management BiGuard 30 utilizes Quality of Service QoS to give you full control over the priority of both incoming and outgoing data ens...

Page 12: ...vice is connected Blinking when data is transmitting receiving WAN1 Lit when connected to an Ethernet device 10 100M Lit green when connected at 100Mbps Not lit when connected at 10Mbps Link ACT Lit w...

Page 13: ...em here 3 WAN1 WAN1 10 100M Ethernet port with auto crossover support connect xDSL Cable modem here 4 LAN 1 8 Connect a UTP Ethernet cable Cat 5 or Cat 5e to one of the eight LAN ports when connecting...

Page 14: ...d in four twisted pairs and terminated with an RJ45 type connector One of the most common causes of networking problems is bad cabling Make sure that all connected devices are turned on On the front p...

Page 15: ...ming data like gaming packets or even mission critical files efficiently move through the router even under a heavy load You can throttle the speed at which different types of outgoing data pass throu...

Page 16: ...ferent QoS policies according to the applications you are running you can use BiGuard 30 to optimize the bandwidth that is being used on your network As illustrated in the diagram above applications s...

Page 17: ...that a particular service receives a minimum percentage of bandwidth For example you can configure BiGuard 30 to reserve 10 of the available bandwidth for a particular computer on the network to trans...

Page 18: ...ilization Assigning priority to a certain service allows BiGuard 30 to give either a higher or lower priority to traffic from this particular service Assigning a higher priority to an application ensu...

Page 19: ...er on the network 2 2 7 DiffServ DSCP Marking DiffServ a k a DSCP Marking allows you to classify traffic based on IP DSCP values These markings can be used to identify traffic within the network Other...

Page 20: ...ve example PC 1 IP_192 168 2 2 and PC 2 IP_192 168 2 3 are connected to the Internet via WAN1 IP_230 100 100 1 on BiGuard 30 Should WAN1 fail Outbound Fail Over tells BiGuard 30 to reroute outgoing tr...

Page 21: ...m the same source IP address and destination IP address will go through the same WAN port This is useful for some server applications that need to identify the source IP address of the client By balan...

Page 22: ...30 to reroute incoming traffic to WAN2 by using the Dynamic DNS mechanism Configuring your BiGuard 30 for Inbound Fail Over provides a more reliable connection for your incoming traffic Please refer t...

Page 23: ...w billion2 dyndns org while the R D group can access www billion3 dyndns org By balancing the load between WAN1 and WAN2 your BiGuard 30 can ensure that inbound traffic is efficiently handled with bot...

Page 24: ...he built in DNS server The remote PC then accesses the network via the specified WAN port How BiGuard 30 directs this traffic through the built in DNS server depends on whether it is configured for Fa...

Page 25: ...rk via WAN2 By configuring BiGuard 30 for DNS Inbound Fail Over incoming requests will enjoy increased reliability when accessing your network Please refer to appendix H for example settings 2 5 2 DNS...

Page 26: ...g the load between WAN1 and WAN2 your BiGuard 30 can ensure that inbound traffic is efficiently handled making sure that both ports are equally sharing the load and preventing situations where service...

Page 27: ...TP request will be send to BiGuard 30 s URL Host Map 7 The Host Map will then redirect the HTTP request to the HTTP server 8 The HTTP server will reply 9 The URL Host Map will route the packet through...

Page 28: ...with all VPNs data is kept secure with secure tunnels The final type of VPN setup is the Client to Gateway A good example of where this can be applied is when a remote sales person accesses the corpo...

Page 29: ...the domain name In this Gateway to Gateway example BiGuard 30 is communicating to a remote gateway using WAN1 through a secure VPN tunnel Should WAN1 fail outbound traffic from BiGuard 30 will automat...

Page 30: ...xample settings 100 100 100 1 200 200 200 1 192 168 2 x 192 168 3 x 201 201 201 1 192 168 4 x Local subnet 0 0 0 0 Local mask 0 0 0 0 Remote subnet 192 168 3 0 Remote mask 255 255 255 0 Local subnet 1...

Page 31: ...whether you are going to use one or both WAN ports For one WAN port you may need a fully qualified domain name either for convenience or if you have a dynamic IP address If you are going to use both W...

Page 32: ...networked PCs to the LAN ports on the router Connect BiGuard 30 to your broadband Internet connection via router s WAN port 2 Plug BiGuard 30 to an AC outlet with the included AC Power Adapter 3 Ensu...

Page 33: ...mask of 255 255 255 0 Using the default configuration networked PCs must reside in the same subnet and have an IP address in the range of 192 168 1 1 to 192 168 1 253 However you ll find that the quic...

Page 34: ...TCP IP application package Any TCP IP capable workstation can be used to communicate with or through BiGuard 30 To configure other types of workstations please consult the manufacturer s documentatio...

Page 35: ...35 2 In the Network Connections window right click Local Area Connection and select Properties 3 Select Internet Protocol TCP IP and click Properties...

Page 36: ...To manually assign your PC a fixed IP address select the Use the following IP address radio button and enter your desired IP address subnet mask and default gateway in the blanks provided Remember tha...

Page 37: ...finish the configuration 3 4 2 2 Verifying Settings To verify your settings using a command prompt 1 Click Start Programs Accessories Command Prompt 2 In the Command Prompt window type ipconfig and t...

Page 38: ...Guard 30 s default settings your PC should have An IP address between 192 168 1 1 and 192 168 1 253 A subnet mask of 255 255 255 0 To verify your settings using the Windows XP GUI 1 Click Start Settin...

Page 39: ...39 2 Right click one of the network connections listed and select Status from the pop up menu 3 Click the Support tab...

Page 40: ...ng BiGuard 30 s default settings your PC should Have an IP address between 192 168 1 1 and 192 168 1 253 Have a subnet mask of 255 255 255 0 3 4 3 Windows 2000 3 4 3 1 Configuring 1 Select Start Setti...

Page 41: ...41 2 In the Control Panel window double click Network and Dial up Connections 3 In Network and Dial up Connections double click Local Area Connection...

Page 42: ...42 4 In the Local Area Connection window click Properties 5 Select Internet Protocol TCP IP and click Properties...

Page 43: ...To manually assign your PC a fixed IP address select the Use the following IP address radio button and enter your desired IP address subnet mask and default gateway in the blanks provided Remember tha...

Page 44: ...44 7 Click OK to finish the configuration 3 4 3 2 Verifying Settings 1 Click Start Programs Accessories Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER...

Page 45: ...5 0 3 4 4 Windows 98 Me 3 4 4 1 Installing Components To prepare Windows 98 Me PCs for TCP IP networking you may need to manually install TCP IP on each PC To do this follow the steps below Be sure to...

Page 46: ...46 2 Double click the Network icon The Network window displays a list of installed components...

Page 47: ...u must have the following installed An Ethernet adapter TCP IP protocol Client for Microsoft Networks If you need to install a new Ethernet adapter follow these steps a Click Add b Select Adapter then...

Page 48: ...48 c Select the manufacturer and model of your Ethernet adapter then click OK If you need TCP IP a Click Add...

Page 49: ...49 b Select Protocol then click Add c Select Microsoft TCP IP then OK If you need Client for Microsoft Networks a Click Add...

Page 50: ...50 b Select Client then click Add c Select Microsoft Client for Microsoft Networks and then click OK 3 Restart your PC to apply your changes 3 4 4 2 Configuring 1 Select Start Settings Control Panel...

Page 51: ...51 2 In the Control Panel double click Network and choose the Configuration tab...

Page 52: ...52 3 Select TCP IP ASUSTek or the name of any Network Interface Card NIC in your PC and click Properties 4 Select the IP Address tab and click the Obtain an IP address automatically radio button...

Page 53: ...53 5 Select the DNS Configuration tab and select the Disable DNS radio button 6 Click OK to apply the configuration...

Page 54: ...54 3 4 4 3 Verifying Settings To check the TCP IP configuration use the winipcfg exe utility 1 Select Start Run 2 Type winipcfg and then click OK 3 From the drop down box select your Ethernet adapter...

Page 55: ...192 168 1 254 3 5 Factory Default Settings Before configuring your BiGuard 30 you need to know the following default settings Web Interface Username admin Password admin LAN Device IP Settings IP Addr...

Page 56: ...s for LAN and WAN ports are shown below LAN Port WAN Port IP address 192 168 1 254 Subnet Mask 255 255 255 0 DHCP server function Enabled IP addresses for distribution to PCs 100 IP addresses continui...

Page 57: ...will login automatically and you will no longer need to run the login program from your PC 3 6 2 Configuration Information If your ISP does not dynamically assign configuration information but instead...

Page 58: ...trations from Windows XP However other versions of Windows will follow a similar procedure Have your Windows CD handy as it may be required during the configuration process 1 Select Start Settings Con...

Page 59: ...59 3 In the Network Connections window right click Local Area Connection and select Properties 4 Select Internet Protocol TCP IP and click Properties...

Page 60: ...down the information If no address is present your account s IP address is dynamically assigned Click the Obtain an IP address automatically radio button 6 If any DNS server addresses are shown write...

Page 61: ...rtually any browser on your network To access this interface open your web browser enter the IP address of your router which by default is 192 168 1 254 and click Go A user name and password window pr...

Page 62: ...Configuration Interface appears congratulations You are now ready to configure your BiGuard 30 If you are having trouble accessing the interface please refer to Chapter 5 Troubleshooting for possible...

Page 63: ...e device 3 Click RESTART to restart the device There are two options to restart the device Select Current Settings if would like to restart using the current configuration Select Factory Default Setti...

Page 64: ...us options that have been selected and a number of statistics about your BiGuard 30 In this menu you will find the following sections ARP Table Routing Table Session Table DHCP Table IPSec Status PPTP...

Page 65: ...on See the Firewall section of this chapter for more information on this feature No Number of the list IP Address A list of IP addresses of devices on your LAN MAC Address The Media Access Control MAC...

Page 66: ...and dynamic routes are displayed No Number of the list Destination The IP address of the destination network Netmask The destination netmask address Gateway Interface The IP address of the gateway or...

Page 67: ...P of the session To port Destination port of the session Sessions Filter when the presented field is filled please click Filter button From IP please input the source IP you would like to filter From...

Page 68: ...s that have been assigned to PCs on your network via Dynamic Host Configuration Protocol DHCP No Number of the list IP Address A list of IP addresses of devices on your LAN Device Name The host name c...

Page 69: ...rticular IPSec entry Enable Whether the IPSec connection is currently Enable or Disable Status Whether the IPSec is Active Inactive or Disable Local Subnet The local IP address or subnet used Remote S...

Page 70: ...ed to the particular PPTP entry Enable Whether the PPTP connection is currently Enable or Disable Status Whether the PPTP is Active Inactive or Disable Type Whether the Connection type is Remote Acces...

Page 71: ...tes sec over a one hour duration The line in red represents WAN1 while the line in blue represents WAN2 WAN1 Transmitted Tx and Received Rx bytes and packets for WAN1 WAN2 Transmitted Tx and Received...

Page 72: ...ries Major events are logged on this window Refresh Refresh the System Log Clear Log Clear the System Log Send Log Send the System Log to your email account You can set the email address in Configurat...

Page 73: ...stem Email Alert See the Email Alert section for more details Please refer to Appendix F IPSec Log Events for more information on log events 4 3 Quick Start The Quick Start menu allows you to quickly...

Page 74: ...ur ISP that you will need to enter in order to properly configure your Internet connection If you select to Obtain an IP Address Automatically these will be automatically set for you provided that you...

Page 75: ...ays Connect or Trigger on Demand If you want the router to establish a PPPoE session when starting up and to automatically re establish the PPPoE session when disconnected by the ISP select Always Con...

Page 76: ...or Trigger on Demand If you want the router to establish a PPTP session when starting up and to automatically re establish the PPTP session when disconnected by the ISP select Always Connect If you w...

Page 77: ...our ISP Click Apply to save your changes To reset to defaults click Reset For detailed instructions on configuring WAN settings please refer to the WAN section of this chapter 4 4 Configuration The Co...

Page 78: ...78 Virtual Server Advanced These items are described below in the following sections 4 4 1 LAN There are two items within this section Ethernet and DHCP Server...

Page 79: ...55 0 by default RIP RIP v2 Broadcast and RIP v2 Multicast Check to enable RIP 4 4 1 2 DHCP Server In this menu you can disable or enable the Dynamic Host Configuration Protocol DHCP server The DHCP pr...

Page 80: ...by default To configure the router s DHCP Server select the Enable radio button and then configure parameters of the DHCP Server including the IP Pool starting IP address and ending IP address to be...

Page 81: ...81 IP Address Enter the IP address that you want to reserve for the above MAC address MAC Address Enter the MAC address of the PC or server you wish to be assigned a reserved IP...

Page 82: ...to the Host Table Press the Delete button to delete a configuration from the Host Table 4 4 2 WAN WAN refers to your Wide Area Network connection In most cases this means your router s connection to t...

Page 83: ...hat are configured on BiGuard 30 To edit any of these connections click Edit You will be taken to the following menu Connection Method Select how your router will connect to the Internet Selections in...

Page 84: ...this field MAC Address If your ISP requires you to input a WAN Ethernet MAC check the checkbox and enter your MAC address in the blanks below DNS If your ISP requires you to manually setup DNS settin...

Page 85: ...net MAC check the checkbox and enter your MAC address in the blanks below Primary DNS Enter the primary DNS provided by your ISP Secondary DNS Enter the secondary DNS provided by your ISP RIP To activ...

Page 86: ...no activity on the line for a predetermined period of time Select the idle time from the drop down menu Active if Trigger on Demand is selected IP Assigned by your ISP If your IP is dynamically assign...

Page 87: ...connection should Always Connect or Trigger on Demand If you want the router to establish a PPTP session when starting up and to automatically re establish the PPTP session when disconnected by the IS...

Page 88: ...ve or Both from the drop down menu To disable RIP select Disable from the drop down menu MTU Enter the Maximum Transmission Unit MTU for your network Click Apply to save your changes To reset to defau...

Page 89: ...alternative is to select Quick Start from the main menu Please see the Quick Start section of this chapter for more information 4 4 2 2 Bandwidth Settings Under Bandwidth Settings you can easily confi...

Page 90: ...bles or disables the service detection feature For fail over the service detection function is enabled For load balance user is able to enable or disable it Connectivity Decision Establishes the numbe...

Page 91: ...chanism The source IP address and destination IP address might go through WAN1 or WAN2 according to policy settings in this mechanism You can choose this mechanism if the applications the users use wi...

Page 92: ...Based on IP hash mechanism The source IP address and destination IP address will go through specific WAN port WAN1 or WAN2 according to policy settings in this mechanism This will assure that some ap...

Page 93: ...an ending character a dot for this text field ex abc com When you enter the following domain name you can only input different chars without an ending dot its name is then added with domain name and i...

Page 94: ...Server MX Record Mail Exchanger The name of the mail server IP Address The mail server IP address Click Apply to save your changes To edit the Host Mapping URL list click Edit This will open the Host...

Page 95: ...Candidates You can also select the Candidates which are referred from the ARP table for automatic input Name1 The Alias Host URL Name2 The Alias Host URL Click Apply to save your changes 4 4 3 4 Proto...

Page 96: ...inding section please note that it would take precedence over the settings that are already configured in the Load Balance Setting section The Protocol Binding Table lists any protocol binding that ha...

Page 97: ...k If Specified Source IP was chosen here s where the subnet mask can be entered Destination IP Range All Destination IP Click it to specify all source IPs Specified Destination IP Click to specify a s...

Page 98: ...adjust a variety of basic router settings upgrade firmware set up remote access and more In this menu are the following sections Time Zone Remote Access Firmware Upgrade Backup Restore Restart Passwor...

Page 99: ...Your ISP may provide an NTP server for you to use To have BiGuard 30 automatically adjust for Daylight Savings Time check the Automatic checkbox 4 4 4 2 Remote Access To allow remote users to configu...

Page 100: ...our firmware simply visit Billion s website http www billion com and download the latest firmware image file for BiGuard 30 Next click Browse and select the newly downloaded firmware file Click Upgrad...

Page 101: ...d select where to save the settings backup file You may also change the name of the file when saving if you wish to keep multiple backups Click OK to save the file To restore a previously saved backup...

Page 102: ...If you wish to restart the router using the factory default settings select Factory Default Settings and click Restart to reboot BiGuard 30 with factory default settings You may also reset your router...

Page 103: ...our router s configuration interface it requires the administrator to login with a password You can change your password by entering your new password in both fields Click Apply to save your changes C...

Page 104: ...n industry standard protocol used to capture information about network activity To enable this function select the Enable radio button and enter your Syslog server IP address in the Log Server IP Addr...

Page 105: ...ng mail server It may be an IP address or a domain name Sender s Email Address Enter the email address where you wish the alert logs to be sent by which address Mail Server Login some SMTP servers may...

Page 106: ...teful Packet Inspection SPI firewall for controlling Internet access from your LAN and preventing attacks from hackers Your router also acts as a natural Internet firewall when using Network Address T...

Page 107: ...LAN The Filter Table displays all current filter rules If there is an entry in the Filter Table you can click Edit to modify the setting of this entry click Delete to remove this entry or click Move t...

Page 108: ...rce IP Select Any Subnet IP Range or Single Address Starting IP Address Enter the source IP or starting source IP address this filter rule is to be applied End IP Address Enter the End source IP Addre...

Page 109: ...sed to limit access to certain URLs on the Internet You can block web sites based on keywords or even block out an entire domain Certain web features can also be blocked to grant added security to you...

Page 110: ...n IP address as the domain name Exception List You can input a list of IP addresses as the exception list for URL filtering Enter a keyword to be filtered and click Apply Your new keyword will be adde...

Page 111: ...ng depending on which you selected previously Restrict URL Features Use this to disable certain web features Select the options you want Block Java Applet Block ActiveX Block Web proxy Block Cookie Bl...

Page 112: ...List and excluded from the URL filtering rules in effect 4 4 5 3 LAN MAC Filter LAN Mac Filter can decide that BiGuard will serve those devices at LAN side or not by MAC Address Default Rule Forward...

Page 113: ...hed Select to Drop or Forward the packet specified in this filter entry MAC Address The MAC Address you would like to apply Candidates You can also select the Candidates which are referred from the AR...

Page 114: ...an prevent most common DoS attacks from the Internet or from LAN users Intrusion Detection Enable or disable this function Intrusion Log All the detected and dropped attacks will be shown in the syste...

Page 115: ...ished Note Auto only applies to Fail Over mode For Load Balance mode please do not select Auto In Load Balance mode Auto will be forced to WAN1 interface if Auto is selected Pre shared Key This is for...

Page 116: ...th remote router using Fixed Internet IP or domain name by using main mode Secure Gateway Address or Domain Name The IP address or hostname of the remote VPN gateway Remote Network The subnet of the r...

Page 117: ...sing aggressive mode Remote Identifier The Identifier of the remote gateway According to the input value the ID type will be auto defined as IP Address FQDN DNS or FQUN E mail Remote Network The subne...

Page 118: ...remote client software using Fixed Internet IP or domain name by using main mode Secure Gateway Address or Domain Name The IP address or hostname of the remote VPN device that is connected and establ...

Page 119: ...emote client software using Dynamic Internet IP by using aggressive mode Remote Identifier The Identifier of the remote gateway According to the input value the ID type will be auto defined as IP Addr...

Page 120: ...Sec VPN tunnel with BiGuard VPN Client software C01 by using aggressive mode VPN Client IP Address The VPN Client Address for BiGuard VPN Client this value will be applied on both remote ID and Remote...

Page 121: ...your configuration is done you will see a Configuration Summary Back Back to the Previous page Done Click Done to apply the rule 4 4 6 1 2 IPSec Policy Click Create to create a new IPSec VPN connectio...

Page 122: ...being established Note Auto only applies to Fail Over mode For Load Balance mode please do not select Auto In Load Balance mode Auto will be forced to WAN1 interface if Auto is selected Local This sec...

Page 123: ...mote gateway Address as ID with ID type IP Address IP Address Use an IP address format FQDN DNS Fully Qualified Domain Name Consists of a hostname and domain name For example WWW VPN COM is a FQDN WWW...

Page 124: ...tion Protocol Authentication establishes data integrity and ensures it is not tampered with while in transit There are two options Message Digest 5 MD5 and Secure Hash Algorithm SHA1 While slower SHA1...

Page 125: ...the user defined name of the connection Enable This function activates or deactivates the IPSec connection Local Subnet Displays IP address and subnet of the local network Remote Subnet Displays IP ad...

Page 126: ...ateless or Allow Stateless and Stateful IP Addresses Assigned to Peer Start from 192 168 1 x please input the IP assigned range from 1 254 except BiGuard 30 s LAN IP address with 192 168 1 254 as BiGu...

Page 127: ...nection Type Select Remote Access for single user Select LAN to LAN for remote gateway Peer Network IP Please input the IP for remote network Peer Netmask Please input the Netmask for remote network N...

Page 128: ...th afforded by the ISP for WAN1 s outbound traffic WAN1 Inbound QoS Function QoS status for WAN1 inbound Select Enable to activate QoS for WAN1 s incoming traffic Select Disable to deactivate Max ISP...

Page 129: ...Rule To get started using QoS you will need to establish QoS rules These rules tell BiGuard 30 how to handle both incoming and outgoing traffic The following example shows you how to configure WAN1 Ou...

Page 130: ...highest DSCP Marking Used to classify traffic Select from Best Effort Premium Gold Service High Medium Low Silver H M L and Bronze H M L Address Type The type of address this rule applies to Select I...

Page 131: ...etworks a port is a 16 bit number used to identify which application program usually a server incoming connections should be delivered to Some ports have numbers that are pre assigned to them by the I...

Page 132: ...s a virtual server so that remote users accessing services such as Web or FTP services via the public WAN IP address can be automatically redirected to local servers in the LAN network Depending on th...

Page 133: ...2 Port Forwarding Table Because NAT can act as a natural Internet firewall your router protects your network from being accessed by outside users as all incoming connection attempts will point to you...

Page 134: ...add a new port forwarding rule This function allows any incoming data addressed to a range of service port numbers from the Internet WAN Port to be re directed to a particular LAN private internal IP...

Page 135: ...nal IP Address Enter the LAN server host IP address that the service request from the Internet will be sent to Candidates You can also select the Candidates which are referred from the ARP table for a...

Page 136: ...heir router unless advised to do so by support staff There are three items within the Advanced section Static Route Dynamic DNS and Device Management 4 4 9 1 Static Route The static route settings ena...

Page 137: ...ly to save your changes 4 4 9 2 Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname allowing users whose ISP does not assign them a static IP address to...

Page 138: ...c DNS Disable Check to disable the Dynamic DNS function Enable Check to enable the Dynamic DNS function The following fields will be activated and required Dynamic DNS Server Select the DDNS service y...

Page 139: ...r on a PC within their LAN Management IP Address You may specify an IP address allowed to logon and access the router s web server Setting the IP address to 0 0 0 0 will disable IP address restriction...

Page 140: ...IP Address Input the device IP address with SNMP software installed SNMP V3 Username Input the Username for your SNMP software Password Input the Password for your SNMP software Access Right Select Re...

Page 141: ...on interface at a time Once a PC has logged into the web interface other PCs cannot gain access until the current PC has logged out If the previous PC forgets to logout the second PC can access the pa...

Page 142: ...may have a hardware problem and should contact technical support 5 1 2 LEDs Never Turn Off When your BiGuard 30 is turned on the LEDs turn on for about 10 seconds and then turn off If all the LEDs st...

Page 143: ...f this fails you can restore your BiGuard 30 to its factory default settings by holding the Reset button on the back of your router until the Status LED begins to blink Then enter the default User Nam...

Page 144: ...en the PC and the router Make sure your PC s IP address is on the same subnet as the router If your BiGuard 30 s IP address has changed and you don t know the current IP address reset the router to fa...

Page 145: ...e sure that the Delete All Offline Content checkbox is checked and click OK 4 Click OK under Internet Options to close the dialogue In Windows type arp d at the command prompt to clear you computer s...

Page 146: ...ab clear the Block pop ups checkbox and click Apply to save your changes Enabling Pop up Blockers with Exceptions If you only want to allow pop up windows with your BiGuard 30 1 In Internet Explorer s...

Page 147: ...OK to close the dialogue 5 2 3 3 Java Permissions The following Java Permissions should also be given for the Web Configuration Interface to display properly 1 In Internet Explorer click Tools Interne...

Page 148: ...uires MAC address authentication clone the MAC address from your PC on the LAN as BiGuard 30 s WAN MAC address If your ISP requires host name authentication configure your PC s name as BiGuard 30 s sy...

Page 149: ...modem 4 When the modem has finished synchronizing with the ISP generally shown by LEDs on the modem turn on the power to your router If an IP address still cannot be obtained Your ISP may require a l...

Page 150: ...C may not have the router correctly configured as its TCP IP gateway 5 5 Problems with Date and Time If the date and time is not being displayed correctly be sure to set it for your BiGuard 30 via the...

Page 151: ...30 Mbps PPTP VPN support up to 4 PPTP tunnels PPTP VPN performance is up to 10 Mbps Manual key Internet Key Exchange IKE authentication and Key Management Authentication MD5 SHA 1 DES 3DES encryption...

Page 152: ...iagnostics System Logs PPPoE PPTP Big Pond and DHCP client connections to the ISP NAT static routing and RIP 2 Dynamic Domain Name System DDNS Virtual Server and DMZ DHCP Server NTP Physical Interface...

Page 153: ...be solved by referring to the Troubleshooting section in the User s Manual If you cannot resolve the problem with the Troubleshooting chapter please contact the dealer where you purchased this produc...

Page 154: ...nterference in a commercial environment If this equipment does cause harmful interference to radio television reception which can be determined by turning the equipment off and on the user is encourag...

Page 155: ...ifferent methods to determine the network and host sections of the address which makes multiple hosts on a network possible TCP IP software identifies each address class by reading a unique bit patter...

Page 156: ...an be made from a Class B address For example the IP address of 172 20 0 0 allows eight extra bits to use as a subnet address since node addresses are limited to a maximum of 255 The IP address of 172...

Page 157: ...IP address is handled by the router which means added security for your network from intruders If a particular PC on your LAN requires access from outside PCs you can use port forwarding to accomplis...

Page 158: ...orks D 2 2 Why use a Router While large bandwidth can easily and inexpensively be provided in a LAN having high bandwidth between a LAN and the Internet can be prohibitively expensive Because of this...

Page 159: ...network from intrusions and attacks Unlike less sophisticated Internet sharing routers SPI ensures secure firewall filtering by intercepting incoming packets at the network layer and analyzing them f...

Page 160: ...A simple NAT router provides a basic level of protection by shielding your network from the outside Internet Still there are ways for more dedicated hackers to either obtain information about your ne...

Page 161: ...ons between two or more organizations IPSec based VPNs are ideal for extranet connections as they can be quickly and inexpensively installed Extranets are often used to securely share a company s info...

Page 162: ...nfidentiality authentication and integrity Internet Key Exchange IKE Provides key management and Security Association SA management These components are discussed below E 2 1 1 Authentication Header A...

Page 163: ...eader Placed before encrypted data the ESP Header contains the SPI and Sequence Number Its placement depends on whether ESP is used in transport mode or tunnel mode ESP Trailer Placed after the encryp...

Page 164: ...rameters Security Parameters Index SPI a locally unique value Destination IP Address Security Protocol AH or ESP but not both There are several other parameters associated with an SA that are stored i...

Page 165: ...the two tunnel end points Since tunnel mode hides the original IP header it provides security of the networks with private IP address space E 2 3 Tunnel Mode AH AH is typically applied to a data pack...

Page 166: ...ty There are two phases to this process Phase I deals with the negotiation and management of IKE and IPSec parameters This phase can be carried out in either one of two modes Main Mode or Aggressive M...

Page 167: ...ys from the IKE shared secret exchange DH values to generate a new key and identify which traffic this SA bundle will protect using selectors IDi and IDr payloads The following is an illustration on h...

Page 168: ...thm and authentication method Send Aggressive mode initial message of ISAKMP Sending the first message of aggressive mode phase I Received Main mode initial message of ISAKMP Received the first messag...

Page 169: ...gressive mode Send Aggressive mode first response message of ISAKMP Sending the first response message of aggressive mode Done to exchange proposal and key values Received Aggressive mode first respon...

Page 170: ...SEN PFS is required in Quick Initial SA NO PROPOSAL CHOSEN PFS is not required in Quick Initial SA NO PROPOSAL CHOSEN Initial Aggressive Mode message from s but no connection has been configured NO PR...

Page 171: ...171 Main Aggressive mode peer ID is identifier string ISAKMP SA Established IPsec SA Established...

Page 172: ...er which applications they are running If you ve ever experienced slow Internet speeds due to other network users using bandwidth consuming applications like P2P you ll understand why QoS is such a br...

Page 173: ...the ability to control the bandwidth Using IP Throttling bandwidth limits can be enforced on a particular application or any system within the LAN Prioritization specifies which packets have priority...

Page 174: ...and voice frequently lag Sales people are talking to international agencies via VoIP phone while sending orders via email to vendors for production However some staff are downloading MP3 music files...

Page 175: ...dix H Router Setup Examples H 1 Outbound Fail Over Step 1 Go to Configuration WAN ISP Settings Select WAN1 and WAN2 and click Edit Step 2 Configure WAN1 and WAN2 according to the information given by...

Page 176: ...il Over radio button Under Connectivity Decision input the number of times BiGuard 30 should probe the WAN before deciding that the ISP is in service or not 3 by default Next input the duration of the...

Page 177: ...ep 4 Click Save Config to save all changes to flash memory H 2 Outbound Load Balancing With Outbound Load Balancing you can improve upload performance by optimizing your connection via Dual WAN To do...

Page 178: ...178 Step 2 Configure your WAN2 ISP settings and click Apply Step 3 Go to Configuration Dual WAN General Settings Select the Load Balance radio button...

Page 179: ...n Dual WAN Outbound Load Balance Choose the Load Balance mechanism you want and click Apply Step 5 Complete To check traffic statistics go to Status Traffic Statistics Step 6 Click Save Config to save...

Page 180: ...onnection for incoming requests To do so follow these steps NOTE Before you begin ensure that both WAN1 and WAN2 have been properly configured See Chapter 4 Router Configuration for more details Step...

Page 181: ...181 Step 2 Configure Fail Over options if necessary Step 3 Go to Configuration Advanced Dynamic DNS Set the WAN1 DDNS settings...

Page 182: ...182 Step 4 From the same menu set the WAN2 DDNS settings Step 5 Click Save Config to save all changes to flash memory...

Page 183: ...Dual WAN General Settings Select the Fail Over radio button and configure your fail over policy Step 2 Go to Configuration Dual WAN Inbound Load Balance Select the Built in DNS 192 168 2 2 192 168 2 3...

Page 184: ...by clicking Edit Step 3 Input DNS Server 1 settings and click Apply Step 4 Configure your Host URL Mapping for DNS Server 1 by clicking Edit to enter the Host URL Mappings List Click Create and input...

Page 185: ...e Load Built in DNS 192 168 2 2 192 168 2 3 FTP HTTP 200 200 200 1 www mydomain com 200 200 200 1 Authoritative Domain Name Server 100 100 100 1 100 100 100 1 DNS Request DNS Reply Built in DNS 192 16...

Page 186: ...186 Balance radio button Step 2 Go to Configuration Dual WAN Inbound Load Balance Server Settings and configure DNS Server 1 Step 3 Go to Configuration Dual WAN Inbound Load Balance Host URL...

Page 187: ...187 Mapping and configure your FTP mapping Step 4 Next configure your HTTP mapping Step 5 Click Save Config to save all changes to flash memory...

Page 188: ...Go to Configuration WAN Bandwidth Settings Configure your WAN inbound and outbound bandwidth www billion2 dyndns org Remote Access from Internet www billion3 dyndns org www billion3 dyndns org www bil...

Page 189: ...oose your load balance policy and click Apply to apply your changes If you selected Based on session mechanism as your policy the source IP address and destination IP address may go through WAN1 or WA...

Page 190: ...190 Step 4 Go to Configuration Advanced Dynamic DNS and input the dynamic DNS settings for WAN1 and WAN2 WAN1...

Page 191: ...191 WAN 2 Step 5 Go to Configuration Virtual Server and set up a virtual server for both FTP and HTTP...

Page 192: ...192 Step 6 Click Save Config to save all changes to flash memory H 7 VPN Configuration This section outlines some concrete examples on how you can configure BiGuard 30 for your VPN H 7 1 LAN to LAN...

Page 193: ...1 0 Netmask 255 255 255 0 255 255 255 0 Remote Secure Gateway Address or Hostname 69 121 1 3 69 121 1 30 ID IP Address IP Address Data 69 121 1 3 69 121 1 30 Network Subnet Subnet IP Address 192 168 1...

Page 194: ...ss IP Address Data 69 121 1 30 69 121 1 3 Network Any Local Address Any Local Address IP Address 0 0 0 0 192 168 1 0 Netmask 0 0 0 0 255 255 255 0 Remote Secure Gateway Address or Hostname 69 121 1 3...

Page 195: ...shared Key 12345678 12345678 Security Algorithm Main Mode ESP MD5 3DES PFS Main ESP MD5 3DES PFS H 8 IP Sec Fail Over Gateway to Gateway Before Fail Over After Fail Over 192 168 2 x 192 168 2 x 200 2...

Page 196: ...n Dual WAN General Settings Enable Fail Over by selecting the Fail Over radio button Then configure your Fail Over policy Step 2 Go to Configuration Advanced Dynamic DNS and configure your dynamic DNS...

Page 197: ...3 Go to Configuration VPN IPSec IPSec Policy Click Create to configure VPN settings Step 4 Click Save Config to save all changes to flash memory To configure BiGuard 10 gateway refer to the screensho...

Page 198: ...et 192 168 3 0 Remote mask 255 255 255 0 Local ID Type Subnet Local subnet 192 168 3 0 Local mask 255 255 255 0 Remote ID Type Subnet Remote subnet 0 0 0 0 Remote mask 0 0 0 0 Local ID Type Subnet Loc...

Page 199: ...Configuration VPN IPSec IPSec Policy and configure the link from BiGuard 30 to BiGuard 10 Branch B Step 3 Go to Configuration VPN IPSec IPSec Policy and configure the connection from BiGuard 10 Branch...

Page 200: ...olicy and configure the connection from BiGuard 10 Branch B to BiGuard 30 Step 5 Click Save Config to save all changes to flash memory H 10 Protocol Binding Step 1 Go to Configuration Dual WAN General...

Page 201: ...Configuration Dual WAN Protocol Binding and configure settings for WAN1 Step 3 Go to Configuration Dual WAN Protocol Binding and configure settings for WAN2 Step 4 Click Save Config to save all change...

Page 202: ...net Detected Dropped BiGuard Safe Server Safe Hacker DoS Attack DoS Attack Hacker Hacker DoS Attack DoS Attack Step 1 Go to Configuration Firewall Intrusion Detection and Enable the settings Step 2 Cl...

Page 203: ...lient Internet Internet 100 100 100 1 Headquarter BiGuard PPTP Server Business Trip PPTP Tunnel Public IP Local subnet 192 168 30 0 Local mask 255 255 255 0 Step1 Go to Configuration VPN PPTP and Enab...

Page 204: ...204 Step3 Click Apply you can see the account is successfully created Step4 Click Save Config to save all changes to flash memory Step5 In Windows XP go Start Settings Network Connections...

Page 205: ...205 Step6 In Network Tasks Click Create a new connection and press Next Step7 Select Connect to the network at my workplace and press Next...

Page 206: ...206 Step8 Select Virtual Private Network connection and press Next Step9 Input the user defined name for this connection and press Next...

Page 207: ...207 Step10 Input PPTP Server Address and press Next Step11 Please press Finish...

Page 208: ...208 Step12 Double click the connection and input Username and Password that defined in BiGuard PPTP Account Settings PS You can also refer the Properties Security page as below by default...

Page 209: ...ternet 100 100 100 1 Headquarter BiGuard PPTP Server PPTP Tunnel Branch Office 200 200 200 1 BiGuard PPTP Client Local subnet 192 168 30 0 Local mask 255 255 255 0 Step1 Go to Configuration VPN PPTP a...

Page 210: ...210 Step2 Click Create to create a PPTP Account Step3 Click Apply you can see the account is successfully created Step4 Click Save Config to save all changes to flash memory...

Page 211: ...211 Step5 In another BiGuard as Client Go to Configuration WAN ISP Settings Step6 Click Apply and Save CONFIG...

Reviews:

No comments

Related manuals for BiGuard 30

Brand: rainforest Pages: 20

BridgeX BX5020 GT Series

Brand: Mellanox Technologies Pages: 64

GSM Eco Comfort 300-9050V11

Brand: SiKom Pages: 2

Brand: Johnson Controls Pages: 15

Zone Controller Pro ZCM-V2

Brand: Atlas Pages: 4

NDP-ENG ETHERNET NEXSYS GATEWAY

Brand: Crest Audio Pages: 2

Brand: Technica Engineering Pages: 7

ACCESS MANAGER 3.1 SP1 - ADMINISTRATION

Brand: Novell Pages: 42

Brand: Novatel Pages: 88

Brand: Planet Pages: 30

VSG1432-B101 Series

Brand: ZyXEL Communications Pages: 16

Brand: Weiser Pages: 2

ThinPrint TPG-125

Brand: SEH Pages: 28

ThinPrint TPG120

Brand: SEH Pages: 120

Brand: RTA Pages: 81

Brand: H3C Pages: 32

Brand: E-MetroTel Pages: 10

Brand: FältCom Pages: 20

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands